keyring: Fix a panic when decrypting aead with empty RSA block. #15075
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: Backport Assistant Runner | |
on: | |
pull_request_target: | |
types: | |
- closed | |
- labeled | |
jobs: | |
backport: | |
if: github.event.pull_request.merged | |
runs-on: ubuntu-latest | |
container: hashicorpdev/backport-assistant:0.4.1 | |
steps: | |
- name: Backport changes to stable-website | |
run: | | |
backport-assistant backport -merge-method=squash | |
env: | |
BACKPORT_LABEL_REGEXP: "backport/(?P<target>website)" | |
BACKPORT_TARGET_TEMPLATE: "stable-{{.target}}" | |
# Enabling this option increased the number of backport failures. | |
BACKPORT_MERGE_COMMIT: false | |
GITHUB_TOKEN: ${{ secrets.ELEVATED_GITHUB_TOKEN }} | |
- name: Backport changes to targeted release branch | |
run: | | |
backport-assistant backport -merge-method=squash | |
env: | |
BACKPORT_LABEL_REGEXP: "backport/(?P<target>\\d+\\.\\d+\\.[+\\w]+)" | |
BACKPORT_TARGET_TEMPLATE: "release/{{.target}}" | |
# Enabling this option increased the number of backport failures. | |
BACKPORT_MERGE_COMMIT: false | |
GITHUB_TOKEN: ${{ secrets.ELEVATED_GITHUB_TOKEN }} | |
ENABLE_VERSION_MANIFESTS: true | |
backport-ent: | |
if: github.event.pull_request.merged && contains(join(github.event.pull_request.labels.*.name), 'backport/ent') | |
runs-on: ubuntu-latest | |
steps: | |
- name: Trigger backport for Enterprise | |
uses: peter-evans/repository-dispatch@ff45666b9427631e3450c54a1bcbee4d9ff4d7c0 # v3.0.0 | |
with: | |
token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} | |
repository: hashicorp/nomad-enterprise | |
event-type: ent-backport | |
client-payload: ${{ toJson(github.event) }} | |
handle-failure: | |
needs: | |
- backport | |
- backport-ent | |
if: always() && (needs.backport.result == 'failure' || needs.backport-ent.result == 'failure') | |
runs-on: ${{ endsWith(github.repository, '-enterprise') && fromJSON('["self-hosted", "ondemand", "linux", "type=m7a.2xlarge;m6a.2xlarge"]') || 'ubuntu-latest' }} | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- name: Retrieve Vault-hosted Secrets | |
if: endsWith(github.repository, '-enterprise') | |
id: vault | |
uses: hashicorp/vault-action@d1720f055e0635fd932a1d2a48f87a666a57906c # v3.0.0 | |
with: | |
url: ${{ vars.CI_VAULT_URL }} | |
method: ${{ vars.CI_VAULT_METHOD }} | |
path: ${{ vars.CI_VAULT_PATH }} | |
jwtGithubAudience: ${{ vars.CI_VAULT_AUD }} | |
secrets: |- | |
kv/data/teams/nomad/slack-webhooks feed-nomad | SLACK_FEED_NOMAD ; | |
- name: Send slack notification on failure | |
uses: slackapi/slack-github-action@37ebaef184d7626c5f204ab8d3baff4262dd30f0 # v1.27.0 | |
with: | |
payload: | | |
{ | |
"text": ":x::arrow_right_hook::nomad-sob: Backport run *FAILED*", | |
"attachments": [ | |
{ | |
"color": "#C41E3A", | |
"blocks": [ | |
{ | |
"type": "section", | |
"fields": [ | |
{ | |
"type": "mrkdwn", | |
"text": "*Pull Request:*\n<${{ github.event.pull_request.html_url}}|${{ github.repository }}#${{ github.event.pull_request.number}}>" | |
}, | |
{ | |
"type": "mrkdwn", | |
"text": "*From:*\n@${{ github.event.sender.login }}" | |
}, | |
{ | |
"type": "mrkdwn", | |
"text": "*Run:*\n<${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|${{ github.run_id }}>" | |
} | |
] | |
} | |
] | |
} | |
] | |
} | |
env: | |
SLACK_WEBHOOK_URL: ${{ env.SLACK_FEED_NOMAD || secrets.BACKPORT_ASSISTANT_FAILURE_SLACK }} | |
SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK | |
permissions: | |
contents: read | |
id-token: write |