mirror of
https://github.com/hashicorp/vault.git
synced 2026-02-18 18:38:08 -05:00
c2034cb08a
- actions/checkout -> v6.0.2: some minor changes around setting the ACTIONS_ORCHESTRATION_ID and some fixes to `fetch-tags`. - actions/setup-python -> v6.2.0: Node 24 compat Signed-off-by: Ryan Cragun <me@ryan.ec> Co-authored-by: Ryan Cragun <me@ryan.ec>
65 lines
2.6 KiB
YAML
65 lines
2.6 KiB
YAML
name: copy-external-contributor-pull-request-ce
|
|
|
|
# NOTE: Don't ever set up concurrency groups. We never want this workflow to
|
|
# be cancelled.
|
|
|
|
on:
|
|
pull_request:
|
|
types:
|
|
# We only need to trigger this on opened as it will have a manual
|
|
# deployment approval that is good for 30 days. If we exhaust that there
|
|
# are two courses of action:
|
|
# * Close and re-open the PR and it will trigger it again.
|
|
# * Manually run this workflow from the actions UI and provide the
|
|
# pull request number
|
|
- opened
|
|
- reopened
|
|
workflow_dispatch:
|
|
inputs:
|
|
number:
|
|
type: string
|
|
description: The pull request number to copy to enterprise
|
|
required: true
|
|
|
|
jobs:
|
|
copy:
|
|
name: Copy community contributed pull request to Vault Enterprise
|
|
# Only run this on pull requests that originate from a fork (community
|
|
# contributed) or has intentionally been dispatched.
|
|
if: |
|
|
github.repository == 'hashicorp/vault' &&
|
|
github.event_name == 'workflow_dispatch' ||
|
|
github.event.pull_request.head.repo.fork
|
|
# Use the community-pull-request environment so that we invoke the deployment
|
|
# protection rules. In this case those rules require someone in
|
|
# @hashicorp/github-secure-vault-core to approve the workflow.
|
|
# When approved we'll initiate the copy job in vault-enterprise.
|
|
environment: community-pull-request
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
|
- id: set-up-pipeline
|
|
name: Set up the pipeline tool
|
|
uses: ./.github/actions/set-up-pipeline
|
|
with:
|
|
github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
|
|
- id: check-cla
|
|
# Make sure that the license/cla status has successfully run for the PR.
|
|
# We never want to copy any code to Vault Enterprise unless the CLA
|
|
# has been run.
|
|
run: |
|
|
pipeline github check commit-status \
|
|
--pr '${{ github.event.number || inputs.number }}' \
|
|
--context license/cla \
|
|
--creator hashicorp-cla-app[bot] \
|
|
--state success
|
|
- id: payload
|
|
run: |
|
|
echo 'payload={"number":"${{ github.event.number || inputs.number }}"}' | tee -a "$GITHUB_OUTPUT"
|
|
- name: Trigger backport for Enterprise
|
|
uses: peter-evans/repository-dispatch@28959ce8df70de7be546dd1250a005dd32156697 # v4.0.1
|
|
with:
|
|
token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
|
|
repository: hashicorp/vault-enterprise
|
|
event-type: copy-community-pull-request
|
|
client-payload: ${{ steps.payload.outputs.payload }}
|