Skip to content

10-14-24 cve updates #6388

10-14-24 cve updates

10-14-24 cve updates #6388

Workflow file for this run

name: Backport
on:
pull_request_target:
types: ["labeled", "closed"]
env:
GITHUB_BRANCH: ${{ github.ref_name }}
jobs:
backport:
name: Backport PR
runs-on: ubuntu-latest
if: |
github.event.pull_request.merged == true
&& contains(github.event.pull_request.labels.*.name, 'auto-backport')
&& (
(github.event.action == 'labeled' && github.event.label.name == 'auto-backport')
|| (github.event.action == 'closed')
)
outputs:
BEFORE_BACKPORTS: ${{ steps.count_prs.outputs.pr_count }}
steps:
- name: Retrieve Credentials
id: import-secrets
uses: hashicorp/[email protected]
with:
url: https://vault.prism.spectrocloud.com
method: approle
roleId: ${{ secrets.VAULT_ROLE_ID }}
secretId: ${{ secrets.VAULT_SECRET_ID }}
secrets: /providers/github/organizations/spectrocloud/token?org_name=spectrocloud token | VAULT_GITHUB_TOKEN
- name: Count PRs created by vault-token-factory-spectrocloud
id: count_prs
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
PR_COUNT=$(curl -s -H "Authorization: token $GITHUB_TOKEN" \
"https://api.github.com/repos/${{ github.repository }}/pulls?state=open&per_page=100" | \
jq '[.[] | select(.user.login == "vault-token-factory-spectrocloud[bot]")] | length')
echo "Number of PRs created by vault-token-factory-spectrocloud: $PR_COUNT"
echo "pr_count=$PR_COUNT" >> $GITHUB_OUTPUT
- name: Determine branch name
id: extract_branch
run: |
if [ "${{ github.event_name }}" = "pull_request_target" ]; then
echo "GITHUB_BRANCH=${{ github.head_ref }}" >> $GITHUB_ENV
else
echo "GITHUB_BRANCH=${{ github.ref_name }}" >> $GITHUB_ENV
fi
- name: Check for backport labels
id: check_labels
run: |-
labels='${{ toJSON(github.event.pull_request.labels.*.name) }}'
matched=$(echo "${labels}" | jq '. | map(select(startswith("backport-"))) | length')
echo "matched=$matched"
echo "matched=$matched" >> $GITHUB_OUTPUT
- name: Backport Action
uses: sqren/[email protected]
with:
# We are using a PAT token through our Vault Operator to address the issue of PRs workflows not being triggered
# Refer to issue https://github.com/sqren/backport-github-action/issues/79 for more details.
github_token: ${{ steps.import-secrets.outputs.VAULT_GITHUB_TOKEN }}
auto_backport_label_prefix: backport-
add_original_reviewers: true
- name: Info log
if: ${{ success() }}
run: cat ~/.backport/backport.info.log
- name: Debug log
id: debug-log
if: ${{ failure() }}
run: cat ~/.backport/backport.debug.log
- name: Verify PR count increment
id: verify_increment
env:
GITHUB_TOKEN: ${{ steps.import-secrets.outputs.VAULT_GITHUB_TOKEN }}
run: |-
BEFORE_BACKPORTS=${{ steps.count_prs.outputs.pr_count }}
NEW_COUNT=$(curl -s -H "Authorization: token $GITHUB_TOKEN" \
"https://api.github.com/repos/${{ github.repository }}/pulls?state=open&per_page=100" | \
jq '[.[] | select(.user.login == "vault-token-factory-spectrocloud[bot]")] | length')
MATCHED=${{ steps.check_labels.outputs.matched }}
echo "Before Backports Count: $BEFORE_BACKPORTS"
echo "New PR Count: $NEW_COUNT"
echo "Matched Backport Labels: $MATCHED"
if [ $((NEW_COUNT - BEFORE_BACKPORTS)) -eq $MATCHED ]; then
echo "PR count increased by the expected amount."
echo "missing_prs=0" >> $GITHUB_OUTPUT
else
MISSING_PR_COUNT=$((MATCHED - (NEW_COUNT - BEFORE_BACKPORTS)))
echo "PR count did not increase by the expected amount."
echo "missing_prs=$MISSING_PR_COUNT" >> $GITHUB_OUTPUT
exit 1
fi
- name: Slack Notification
if: ${{ failure() }}
uses: rtCamp/action-slack-notify@v2
env:
SLACK_WEBHOOK: ${{ secrets.SLACK_PRIVATE_TEAM_WEBHOOK }}
SLACK_USERNAME: "spectromate"
SLACK_ICON_EMOJI: ":robot_panic:"
SLACK_COLOR: ${{ job.status }}
SLACKIFY_MARKDOWN: true
ENABLE_ESCAPES: true
SLACK_MESSAGE: 'The backports for branch `${{env.GITHUB_BRANCH}}` in PR [#${{ github.event.pull_request.number }}](${{ github.event.pull_request.html_url }}) failed. Number of missing PRs: `${{ steps.verify_increment.outputs.missing_prs }}`. Review the PR for more details.'