upstream/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2026-06-26 17:49:02 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 10
vault/.github/workflows/copy-external-contributor-pull-request-ce.yml
Vault Automation 00281521f0
actions: pin actions to the latest versions 
* actions: pin to latest actions

- actions/checkout@9c091bb21b => v7.0.0
  Adds a guardrail to prevent accidentally checking out fork pull
  request code in privileged GitHub Actions contexts
  (pull_request_target and PR-triggered workflow_run), with an
  explicit opt-in escape hatch for advanced workflows.

- pnpm/action-setup@0ebf47130e => v6.0.9
  Update pnpm to v11.7.0

- Add .github/actions/build-ui to ui changed files group

- Add .github/actions/build-ui to ui/frontend CODEOWNERS

Signed-off-by: Ryan Cragun <me@ryan.ec>
Co-authored-by: Ryan Cragun <me@ryan.ec>
2026-06-23 10:21:26 -06:00

65 lines
2.6 KiB
YAML
Raw Blame History

name: copy-external-contributor-pull-request-ce
# NOTE: Don't ever set up concurrency groups. We never want this workflow to
# be cancelled.
on:
pull_request:
types:
# We only need to trigger this on opened as it will have a manual
# deployment approval that is good for 30 days. If we exhaust that there
# are two courses of action:
# * Close and re-open the PR and it will trigger it again.
# * Manually run this workflow from the actions UI and provide the
# pull request number
- opened
- reopened
workflow_dispatch:
inputs:
number:
type: string
description: The pull request number to copy to enterprise
required: true
jobs:
copy:
name: Copy community contributed pull request to Vault Enterprise
# Only run this on pull requests that originate from a fork (community
# contributed) or has intentionally been dispatched.
if: |
github.repository == 'hashicorp/vault' &&
github.event_name == 'workflow_dispatch' ||
github.event.pull_request.head.repo.fork
# Use the community-pull-request environment so that we invoke the deployment
# protection rules. In this case those rules require someone in
# @hashicorp/github-secure-vault-core to approve the workflow.
# When approved we'll initiate the copy job in vault-enterprise.
environment: community-pull-request
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
- id: set-up-pipeline
name: Set up the pipeline tool
uses: ./.github/actions/set-up-pipeline
with:
github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
- id: check-cla
# Make sure that the license/cla status has successfully run for the PR.
# We never want to copy any code to Vault Enterprise unless the CLA
# has been run.
run: |
pipeline github check commit-status \
--pr '${{ github.event.number || inputs.number }}' \
--context license/cla \
--creator hashicorp-cla-app[bot] \
--state success
- id: payload
run: |
echo 'payload={"number":"${{ github.event.number || inputs.number }}"}' | tee -a "$GITHUB_OUTPUT"
- name: Trigger backport for Enterprise
uses: peter-evans/repository-dispatch@28959ce8df70de7be546dd1250a005dd32156697 # v4.0.1
with:
token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
repository: hashicorp/vault-enterprise
event-type: copy-community-pull-request
client-payload: ${{ steps.payload.outputs.payload }}
Reference in a new issue View git blame Copy permalink