Follow-up to #21094, which temporarily downgraded BPA to allow for old
CE backport labels to be used during Consul's most recent patch release.
Upgrading fully enforces the version manifest and prevents accidental
backports to no-longer-active CE versions.
To ease migration during this week's patch releases, temporarily use the
more permissive version of BPA to allow old + new backport labels to be
used simultaneously.
* Config changes to use backport-assistant with lts support
Co-authored-by: Michael Zalimeni <michael.zalimeni@hashicorp.com>
---------
Co-authored-by: claire labry <claire@hashicorp.com>
Co-authored-by: Michael Zalimeni <michael.zalimeni@hashicorp.com>
This adds a bunch of coverage of the topology.Compile method. It is not complete, but it is a start.
- A few panics and miscellany were fixed.
- The testing/deployer tests are now also run in CI.
Update Vault/Nomad versions to ensure we're testing all the latest versions.
Update Vault/Nomad versions to ensure we're testing all the latest versions .
Unlike the Nomad tests (where Nomad is compiled from source and provides
the tests), Vault is installed as a binary, and local Consul tests are
run.
Fixes incorrect version change introduced in #20058.
* Upgrade Go to 1.21
* ci: detect Go backwards compatibility test version automatically
For our submodules and other places we choose to test against previous
Go versions, detect this version automatically from the current one
rather than hard-coding it.
ci: Set Go version consistently via .go-version
Ensure Go version is determined consistently for CI and Docker builds
rather than spread across several different files.
The intent is to eventually replace this with use of the `toolchain`
directive in Go 1.21.
We've noticed runners appearing to become resource-starved during heavy
CI traffic. While we should try to prevent this by limiting the
scanner's CPU consumption, increasing the runner size should help in the
interim.
* security: re-enable security scan release block
This was previously disabled due to an unresolved false-positive CVE.
Re-enabling both secrets and OSV + Go Modules scanning, which per our
current scan results should not be a blocker to future releases.
* security: run security scans on main and release branches
Due to the unintuitive behavior of GHA w.r.t. implicit status check
`success()`, test results were only being uploaded on success (failures
presumably came from retried tests that passed).
To ensure that shell code cannot be injected, capture the commit message
in an env var, then format it as needed.
Also fix several other issues with formatting and JSON escaping by
wrapping the entire message in a `toJSON` expression.
* Add a make target to run lint-consul-retry on all the modules
* Cleanup sdk/testutil/retry
* Fix a bunch of retry.Run* usage to not use the outer testing.T
* Fix some more recent retry lint issues and pin to v1.4.0 of lint-consul-retry
* Fix codegen copywrite lint issues
* Don’t perform cleanup after each retry attempt by default.
* Use the common testutil.TestingTB interface in test-integ/tenancy
* Fix retry tests
* Update otel access logging extension test to perform requests within the retry block
- Skip notifications for cancelled workflows. Cancellation can be
manual or caused by branch concurrency limits.
- Fix multi-line JSON parsing error by only printing the summary line
of the commit message. We do not need more than this in Slack.
- Update Slack webhook name to match purpose.
Today, we do not enforce a clean `go mod tidy` on submodules. This
allows for drift and can eventually lead to `golangci-lint` failures,
along with the obvious disadvantage of not having an up-to-date
`go.mod`.
Enforce clean `go mod tidy` on all `go.mod` by using our make target
rather than the direct root-level command.