backport of commit 47eeeb7

hashicorp · Nov 12, 2024 · 9390e3d · 9390e3d
1 parent ea3002f
commit 9390e3d
Show file tree

Hide file tree

Showing 511 changed files with 8,265 additions and 13,559 deletions.
diff --git a/.github/actions/changed-files/action.yml b/.github/actions/changed-files/action.yml
@@ -19,9 +19,6 @@ outputs:
   ui-changed:
     description: Whether or not the web UI was modified.
     value: ${{ steps.changed-files.outputs.ui-changed }}
-  autopilot-changed:
-    description: Whether or not files pertaining to Autopilot were modified.
-    value: ${{ steps.changed-files.outputs.autopilot-changed }}
   files:
     description: All of the file names that changed.
     value: ${{ steps.changed-files.outputs.files }}

diff --git a/.github/actions/install-external-tools/action.yml b/.github/actions/install-external-tools/action.yml
@@ -19,13 +19,12 @@ runs:
     - uses: ./.github/actions/set-up-gotestsum
     - uses: ./.github/actions/set-up-misspell
     - uses: ./.github/actions/set-up-shfmt
-    - uses: ./.github/actions/set-up-sqlc
     - uses: ./.github/actions/set-up-staticcheck
       # We assume that the Go toolchain will be managed by the caller workflow so we don't set one
       # up here.
-    - run: ./.github/scripts/retry-command.sh go install google.golang.org/protobuf/cmd/protoc-gen-go@latest
+    - run: ./.github/scripts/retry-command.sh go install google.golang.org/protobuf/cmd/protoc-gen-go@v1.34.2
       shell: bash
-    - run: ./.github/scripts/retry-command.sh go install google.golang.org/grpc/cmd/protoc-gen-go-grpc@latest
+    - run: ./.github/scripts/retry-command.sh go install google.golang.org/grpc/cmd/protoc-gen-go-grpc@v1.4.0
       shell: bash
     - run: ./.github/scripts/retry-command.sh go install github.com/favadi/protoc-go-inject-tag@latest
       shell: bash

diff --git a/.github/actions/run-apupgrade-tests/action.yml b/.github/actions/run-apupgrade-tests/action.yml
diff --git a/.github/actions/set-up-sqlc/action.yml b/.github/actions/set-up-sqlc/action.yml
diff --git a/.github/scripts/changed-files.sh b/.github/scripts/changed-files.sh
@@ -28,7 +28,6 @@ fi
 docs_changed=false
 ui_changed=false
 app_changed=false
-autopilot_changed=false
 
 if ! files="$(git diff "${base_commit}...${head_commit}" --name-only)"; then
   echo "failed to get changed files from git"
@@ -54,26 +53,14 @@ for file in $(awk -F "/" '{ print $1}' <<< "$files" | uniq); do
   app_changed=true
 done
 
-# if the app changed, check to see if anything referencing autopilot specifically was changed
-if [ "$app_changed" = true ]; then
-  for file in $files; do
-    if grep "raft-autopilot" "$file"; then
-      autopilot_changed=true
-      break
-    fi
-  done
-fi
-
 echo "app-changed=${app_changed}"
 echo "docs-changed=${docs_changed}"
 echo "ui-changed=${ui_changed}"
-echo "autopilot_changed=${autopilot_changed}"
 echo "files='${files}'"
 [ -n "$GITHUB_OUTPUT" ] && {
   echo "app-changed=${app_changed}"
   echo "docs-changed=${docs_changed}"
   echo "ui-changed=${ui_changed}"
-  echo "autopilot-changed=${autopilot_changed}"
   # Use a random delimiter for multiline strings.
   # https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions#multiline-strings
   delimiter="$(openssl rand -hex 8)"

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -5,7 +5,7 @@ on:
     # for our needs, since we're skipping stuff on PRs in draft mode.By adding the ready_for_review
     # type, when a draft pr is marked ready, we run everything, including the stuff we'd have
     # skipped up until now.
-    types: [ opened, synchronize, reopened, ready_for_review ]
+    types: [opened, synchronize, reopened, ready_for_review]
   push:
     branches:
       - main
@@ -21,7 +21,6 @@ jobs:
     runs-on: ${{ github.repository == 'hashicorp/vault' && 'ubuntu-latest' || fromJSON('["self-hosted","linux","small"]') }}
     outputs:
       app-changed: ${{ steps.changed-files.outputs.app-changed }}
-      autopilot-changed: ${{ steps.changed-files.outputs.autopilot-changed }}
       checkout-ref: ${{ steps.checkout.outputs.ref }}
       compute-small: ${{ steps.metadata.outputs.compute-small }}
       compute-test-go: ${{ steps.metadata.outputs.compute-test-go }}
@@ -47,79 +46,6 @@ jobs:
           github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
           no-restore: true # don't download them on a cache hit
 
-  test-autopilot-upgrade:
-    name: Run Autopilot upgrade tool
-    # Run the Autopilot upgrade tests if:
-    # - The Autopilot code has changed.
-    # - We're in the context of the vault enterprise repository.
-    # - The workflow was triggered by a push to main or a PR targeting main.
-    #
-    # The reason for the main branch restriction, is that the logic for automatically determining the source versions
-    # to test depends on the .release/versions.hcl file, which might not be up-to-date nor exist outside of main.
-    # If you'd like to run the autopilot tests for a specific git checkout or set of source versions,
-    # you can manually trigger the workflow, see the .github/workflows/run-apupgrade-tests-ent.yml file in the ENT repo.
-    if: |
-      needs.setup.outputs.autopilot-changed == 'true' &&
-      github.repository == 'hashicorp/vault-enterprise' &&
-      ((github.event_name == 'pull_request' && github.base_ref == 'main') ||
-      (github.event_name == 'push' && github.ref == 'refs/heads/main'))
-    needs: setup
-    permissions:
-      id-token: write
-      contents: read
-    runs-on: ${{ fromJSON(needs.setup.outputs.compute-small) }}
-    steps:
-      - name: Check out the .release/versions.hcl file from Vault Enterprise repository
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-        with:
-          ref: ${{ needs.setup.outputs.checkout-ref }}
-          sparse-checkout: |
-            .release/versions.hcl
-            .github
-      - name: Get Vault versions to test
-        id: get-versions
-        env:
-          GH_TOKEN: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
-        run: |
-          # Change to the Vault Enterprise repository directory or exit if it fails
-          cd "${GITHUB_WORKSPACE}" || exit 1
-
-          # Extract active major versions from the versions.hcl file, which is used for managing active release branches
-          active_major_versions=$(grep -Eo 'version\s+"[0-9]+\.[0-9]+\.x"' .release/versions.hcl | sed -E 's/version\s+"([0-9]+\.[0-9]+)\.x"/\1/')
-          active_major_versions=$(sort <<< "${active_major_versions}")
-
-          # List releases from the GitHub repository, process them with sed, and sort them in reverse order
-          releases=$(gh -R hashicorp/vault-enterprise release list --exclude-drafts --exclude-pre-releases --json=name --jq '.[].name' | \
-            sed -E 's/^v([0-9]+\.[0-9]+\.[0-9]+(\-rc[0-9]+)?)\+ent$/\1/' | \
-            sort -r)
-
-          # Initialize a variable to collect matched versions
-          matched_versions=""
-
-          # Read each version from the active major versions and match it against the newest release available
-          while IFS= read -r version; do
-            match=$(grep -m 1 "^${version}" <<< "${releases}" || true)
-            if [ -n "${match}" ]; then
-              if [ -n "${matched_versions}" ]; then
-                matched_versions+=","
-              fi
-              # Append the matched version to the variable, adding the +ent suffix, which is used for Vault Enterprise releases
-              matched_versions+="${match}+ent"
-            fi
-          done <<< "${active_major_versions}"
-
-          # Export the matched versions as a comma-separated string to an environment variable
-          echo "VAULT_SOURCE_VERSIONS=${matched_versions}" >> "${GITHUB_ENV}"
-      - name: Run Autopilot upgrade tests
-        uses: ./.github/actions/run-apupgrade-tests
-        env:
-          GOPATH: /home/runner/go
-          GOPRIVATE: github.com/hashicorp/*
-        with:
-          checkout-ref: ${{ needs.setup.outputs.checkout-ref }}
-          github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
-          source-versions: ${{ env.VAULT_SOURCE_VERSIONS }}
-
   test-go:
     # Run Go tests if the vault app changed
     if: needs.setup.outputs.app-changed == 'true'
@@ -260,7 +186,7 @@ jobs:
       - if: needs.setup.outputs.is-enterprise == 'true'
         id: secrets
         name: Fetch secrets
-        uses: hashicorp/vault-action@d1720f055e0635fd932a1d2a48f87a666a57906c # v3.0.0
+        uses: hashicorp/vault-action@v3
         with:
           url: ${{ steps.vault-auth.outputs.addr }}
           caCertificate: ${{ steps.vault-auth.outputs.ca_certificate }}
@@ -327,7 +253,6 @@ jobs:
   tests-completed:
     needs:
       - setup
-      - test-autopilot-upgrade
       - test-go
       - test-go-testonly
       - test-go-race
@@ -379,7 +304,7 @@ jobs:
       - if: needs.setup.outputs.is-enterprise == 'true'
         id: secrets
         name: Fetch Vault Secrets
-        uses: hashicorp/vault-action@d1720f055e0635fd932a1d2a48f87a666a57906c # v3.0.0
+        uses: hashicorp/vault-action@v3
         with:
           url: ${{ steps.vault-auth.outputs.addr }}
           caCertificate: ${{ steps.vault-auth.outputs.ca_certificate }}

diff --git a/.release/versions.hcl b/.release/versions.hcl
@@ -5,14 +5,14 @@
 
 schema = 1
 active_versions {
-  version "1.18.x" {
-    ce_active = true
-  }
   version "1.17.x" {
-    ce_active = false
+    ce_active = true
   }
   version "1.16.x" {
     ce_active = false
     lts       = true
   }
+  version "1.15.x" {
+    ce_active = false
+  }
 }