From d160737ced45db8e6a7acd02292160d69985236a Mon Sep 17 00:00:00 2001 From: Vault Automation Date: Tue, 3 Mar 2026 10:31:03 -0700 Subject: [PATCH] [VAULT-42862] upgrade cloudflare/circl => v1.6.3 to partially resolve CVE-2026-1229 (#12567) (#12651) Upgrade `cloudflare/circl` to v1.6.3 to resolve CVE-2026-1229. We had several transient dependencies that depend on various versions of `circl` that also needed to be updated in order to resolve the latest version everywhere. - github.com/ProtonMail/go-crypto v1.2.0 => v1.3.0 - github.com/google/go-github v17 => v83/v83.0.0 - github.com/google/go-github/v81 => v83/v83.0.0 Signed-off-by: Ryan Cragun Co-authored-by: Ryan Cragun --- builtin/credential/github/backend.go | 2 +- builtin/credential/github/path_config.go | 2 +- builtin/credential/github/path_login.go | 2 +- changelog/_12567.txt | 6 ++ go.mod | 8 +- go.sum | 17 +++-- tools/pipeline/go.mod | 4 +- tools/pipeline/go.sum | 10 +-- tools/pipeline/internal/cmd/github.go | 2 +- .../internal/pkg/changed/config_test.go | 2 +- tools/pipeline/internal/pkg/changed/file.go | 2 +- .../internal/pkg/config/config_test.go | 2 +- .../internal/pkg/github/add_assignees.go | 2 +- .../pkg/github/check_commit_status.go | 2 +- .../pkg/github/check_go_mod_diff_request.go | 2 +- .../close_copied_origin_pull_request.go | 2 +- tools/pipeline/internal/pkg/github/commit.go | 2 +- .../internal/pkg/github/copy_pull_request.go | 2 +- .../pkg/github/copy_pull_request_test.go | 2 +- .../internal/pkg/github/create_backport.go | 17 ++++- .../pkg/github/create_backport_test.go | 75 ++++++++++++++++++- .../pkg/github/find_workflow_artifact.go | 2 +- tools/pipeline/internal/pkg/github/issue.go | 2 +- tools/pipeline/internal/pkg/github/labels.go | 54 +++++++++++++ .../internal/pkg/github/list_changed_files.go | 2 +- .../pkg/github/list_commit_statuses.go | 2 +- .../internal/pkg/github/list_workflow_runs.go | 2 +- .../internal/pkg/github/pull_request.go | 2 +- .../pkg/github/sync_branch_request.go | 2 +- .../internal/pkg/github/templates_test.go | 2 +- .../pipeline/internal/pkg/github/workflows.go | 2 +- 31 files changed, 192 insertions(+), 45 deletions(-) create mode 100644 changelog/_12567.txt create mode 100644 tools/pipeline/internal/pkg/github/labels.go diff --git a/builtin/credential/github/backend.go b/builtin/credential/github/backend.go index 7f8026e680..e584e9f858 100644 --- a/builtin/credential/github/backend.go +++ b/builtin/credential/github/backend.go @@ -7,7 +7,7 @@ import ( "context" "net/url" - "github.com/google/go-github/github" + "github.com/google/go-github/v83/github" "github.com/hashicorp/go-cleanhttp" "github.com/hashicorp/vault/sdk/framework" "github.com/hashicorp/vault/sdk/logical" diff --git a/builtin/credential/github/path_config.go b/builtin/credential/github/path_config.go index f871a2ff8f..e9c6da9538 100644 --- a/builtin/credential/github/path_config.go +++ b/builtin/credential/github/path_config.go @@ -11,7 +11,7 @@ import ( "strings" "time" - "github.com/google/go-github/github" + "github.com/google/go-github/v83/github" "github.com/hashicorp/vault/sdk/framework" "github.com/hashicorp/vault/sdk/helper/tokenutil" "github.com/hashicorp/vault/sdk/logical" diff --git a/builtin/credential/github/path_login.go b/builtin/credential/github/path_login.go index b01967bd26..9e343f322e 100644 --- a/builtin/credential/github/path_login.go +++ b/builtin/credential/github/path_login.go @@ -9,7 +9,7 @@ import ( "fmt" "net/url" - "github.com/google/go-github/github" + "github.com/google/go-github/v83/github" "github.com/hashicorp/vault/sdk/framework" "github.com/hashicorp/vault/sdk/helper/cidrutil" "github.com/hashicorp/vault/sdk/helper/policyutil" diff --git a/changelog/_12567.txt b/changelog/_12567.txt new file mode 100644 index 0000000000..debb1f87ff --- /dev/null +++ b/changelog/_12567.txt @@ -0,0 +1,6 @@ +```release-note:security +vault/sdk: Upgrade `cloudflare/circl` to v1.6.3 to resolve CVE-2026-1229 +``` +```release-note:security +Upgrade `cloudflare/circl` to v1.6.3 to resolve CVE-2026-1229 +``` diff --git a/go.mod b/go.mod index 5f4bb33724..839b7ad268 100644 --- a/go.mod +++ b/go.mod @@ -41,7 +41,7 @@ require ( github.com/Azure/azure-storage-blob-go v0.15.0 github.com/Azure/go-autorest/autorest v0.11.29 github.com/Azure/go-autorest/autorest/adal v0.9.24 - github.com/ProtonMail/go-crypto v1.2.0 + github.com/ProtonMail/go-crypto v1.3.0 github.com/ProtonMail/gopenpgp/v3 v3.2.1 github.com/SAP/go-hdb v1.10.1 github.com/Sectorbob/mlab-ns2 v0.0.0-20171030222938-d3aa0c295a8a @@ -79,7 +79,7 @@ require ( github.com/golang/protobuf v1.5.4 github.com/google/certificate-transparency-go v1.3.2 github.com/google/go-cmp v0.7.0 - github.com/google/go-github v17.0.0+incompatible + github.com/google/go-github/v83 v83.0.0 github.com/google/go-metrics-stackdriver v0.2.0 github.com/hashicorp/cap v0.11.0 github.com/hashicorp/cap/ldap v0.0.0-20250911140431-44d01434c285 @@ -339,7 +339,7 @@ require ( github.com/cespare/xxhash/v2 v2.3.0 // indirect github.com/circonus-labs/circonus-gometrics v2.3.1+incompatible // indirect github.com/circonus-labs/circonusllhist v0.1.3 // indirect - github.com/cloudflare/circl v1.6.2-0.20250618153321-aa837fd1539d // indirect + github.com/cloudflare/circl v1.6.3 // indirect github.com/cloudfoundry-community/go-cfclient v0.0.0-20220930021109-9c4e6c59ccf1 // indirect github.com/cncf/xds/go v0.0.0-20250501225837-2ac532fd4443 // indirect github.com/containerd/continuity v0.4.5 // indirect @@ -405,7 +405,7 @@ require ( github.com/golang/snappy v1.0.0 // indirect github.com/google/flatbuffers v25.2.10+incompatible // indirect github.com/google/gnostic-models v0.7.0 // indirect - github.com/google/go-querystring v1.1.0 // indirect + github.com/google/go-querystring v1.2.0 // indirect github.com/google/s2a-go v0.1.9 // indirect github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect github.com/google/uuid v1.6.0 diff --git a/go.sum b/go.sum index d1cb64dd4d..3ed0af0d1d 100644 --- a/go.sum +++ b/go.sum @@ -750,8 +750,8 @@ github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5 h1:TngWCqHvy9oXAN6lEVMRuU21PR1EtLVZJmdB18Gu3Rw= github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5/go.mod h1:lmUJ/7eu/Q8D7ML55dXQrVaamCz2vxCfdQBasLZfHKk= github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= -github.com/ProtonMail/go-crypto v1.2.0 h1:+PhXXn4SPGd+qk76TlEePBfOfivE0zkWFenhGhFLzWs= -github.com/ProtonMail/go-crypto v1.2.0/go.mod h1:9whxjD8Rbs29b4XWbB8irEcE8KHMqaR2e7GWU1R+/PE= +github.com/ProtonMail/go-crypto v1.3.0 h1:ILq8+Sf5If5DCpHQp4PbZdS1J7HDFRXz/+xKBiRGFrw= +github.com/ProtonMail/go-crypto v1.3.0/go.mod h1:9whxjD8Rbs29b4XWbB8irEcE8KHMqaR2e7GWU1R+/PE= github.com/ProtonMail/gopenpgp/v3 v3.2.1 h1:ohRlKL5YwyIkN5kk7uBvijiMsyA57mK0yBEJg9xButU= github.com/ProtonMail/gopenpgp/v3 v3.2.1/go.mod h1:x7RduTo/0n/2PjTFRoEHApaxye/8PFbhoCquwfYBUGM= github.com/SAP/go-hdb v1.10.1 h1:c9dGT5xHZNDwPL3NQcRpnNISn3MchwYaGoMZpCAllUs= @@ -905,8 +905,8 @@ github.com/circonus-labs/circonus-gometrics v2.3.1+incompatible/go.mod h1:nmEj6D github.com/circonus-labs/circonusllhist v0.1.3 h1:TJH+oke8D16535+jHExHj4nQvzlZrj7ug5D7I/orNUA= github.com/circonus-labs/circonusllhist v0.1.3/go.mod h1:kMXHVDlOchFAehlya5ePtbp5jckzBHf4XRpQvBOLI+I= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= -github.com/cloudflare/circl v1.6.2-0.20250618153321-aa837fd1539d h1:IiIprFGH6SqstblP0Y9NIo3eaUJGkI/YDOFVSL64Uq4= -github.com/cloudflare/circl v1.6.2-0.20250618153321-aa837fd1539d/go.mod h1:uddAzsPgqdMAYatqJ0lsjX1oECcQLIlRpzZh3pJrofs= +github.com/cloudflare/circl v1.6.3 h1:9GPOhQGF9MCYUeXyMYlqTR6a5gTrgR/fBLXvUgtVcg8= +github.com/cloudflare/circl v1.6.3/go.mod h1:2eXP6Qfat4O/Yhh8BznvKnJ+uzEoTQ6jVKJRn81BiS4= github.com/cloudfoundry-community/go-cfclient v0.0.0-20220930021109-9c4e6c59ccf1 h1:ef0OsiQjSQggHrLFAMDRiu6DfkVSElA5jfG1/Nkyu6c= github.com/cloudfoundry-community/go-cfclient v0.0.0-20220930021109-9c4e6c59ccf1/go.mod h1:sgaEj3tRn0hwe7GPdEUwxrdOqjBzyjyvyOCGf1OQyZY= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= @@ -1270,14 +1270,15 @@ github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/ github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8/DtOE= github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8= github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU= -github.com/google/go-github v17.0.0+incompatible h1:N0LgJ1j65A7kfXrZnUDaYCs/Sf4rEjNlfyDHW9dolSY= -github.com/google/go-github v17.0.0+incompatible/go.mod h1:zLgOLi98H3fifZn+44m+umXrS52loVEgC2AApnigrVQ= +github.com/google/go-github/v83 v83.0.0 h1:Ydy4gAfqxrnFUwXAuKl/OMhhGa0KtMtnJ3EozIIuHT0= +github.com/google/go-github/v83 v83.0.0/go.mod h1:gbqarhK37mpSu8Xy7sz21ITtznvzouyHSAajSaYCHe8= github.com/google/go-metrics-stackdriver v0.2.0 h1:rbs2sxHAPn2OtUj9JdR/Gij1YKGl0BTVD0augB+HEjE= github.com/google/go-metrics-stackdriver v0.2.0/go.mod h1:KLcPyp3dWJAFD+yHisGlJSZktIsTjb50eB72U2YZ9K0= -github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8= -github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU= +github.com/google/go-querystring v1.2.0 h1:yhqkPbu2/OH+V9BfpCVPZkNmUXhb2gBxJArfhIxNtP0= +github.com/google/go-querystring v1.2.0/go.mod h1:8IFJqpSRITyJ8QhQ13bmbeMBDfmeEJZD5A0egEOmkqU= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= diff --git a/tools/pipeline/go.mod b/tools/pipeline/go.mod index 30bc9b0bbc..88a91dd1b8 100644 --- a/tools/pipeline/go.mod +++ b/tools/pipeline/go.mod @@ -9,7 +9,7 @@ require ( github.com/Masterminds/semver v1.5.0 github.com/PuerkitoBio/goquery v1.11.0 github.com/avast/retry-go/v4 v4.6.1 - github.com/google/go-github/v81 v81.0.0 + github.com/google/go-github/v83 v83.0.0 github.com/hashicorp/hcl/v2 v2.24.0 github.com/hashicorp/releases-api v0.2.3 github.com/jedib0t/go-pretty/v6 v6.6.8 @@ -45,7 +45,7 @@ require ( github.com/go-openapi/swag v0.23.1 // indirect github.com/go-openapi/validate v0.24.0 // indirect github.com/google/go-cmp v0.7.0 // indirect - github.com/google/go-querystring v1.1.0 // indirect + github.com/google/go-querystring v1.2.0 // indirect github.com/google/uuid v1.6.0 // indirect github.com/hashicorp/go-hclog v1.6.3 // indirect github.com/hashicorp/go-uuid v1.0.3 // indirect diff --git a/tools/pipeline/go.sum b/tools/pipeline/go.sum index a86daca15a..b732a7a64c 100644 --- a/tools/pipeline/go.sum +++ b/tools/pipeline/go.sum @@ -77,14 +77,13 @@ github.com/go-test/deep v1.0.3 h1:ZrJSEWsXzPOxaZnFteGEfooLba+ju3FYIbOrS+rQd68= github.com/go-test/deep v1.0.3/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA= github.com/golang-migrate/migrate/v4 v4.14.1 h1:qmRd/rNGjM1r3Ve5gHd5ZplytrD02UcItYNxJ3iUHHE= github.com/golang-migrate/migrate/v4 v4.14.1/go.mod h1:l7Ks0Au6fYHuUIxUhQ0rcVX1uLlJg54C/VvW7tvxSz0= -github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8= github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU= -github.com/google/go-github/v81 v81.0.0 h1:hTLugQRxSLD1Yei18fk4A5eYjOGLUBKAl/VCqOfFkZc= -github.com/google/go-github/v81 v81.0.0/go.mod h1:upyjaybucIbBIuxgJS7YLOZGziyvvJ92WX6WEBNE3sM= -github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8= -github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU= +github.com/google/go-github/v83 v83.0.0 h1:Ydy4gAfqxrnFUwXAuKl/OMhhGa0KtMtnJ3EozIIuHT0= +github.com/google/go-github/v83 v83.0.0/go.mod h1:gbqarhK37mpSu8Xy7sz21ITtznvzouyHSAajSaYCHe8= +github.com/google/go-querystring v1.2.0 h1:yhqkPbu2/OH+V9BfpCVPZkNmUXhb2gBxJArfhIxNtP0= +github.com/google/go-querystring v1.2.0/go.mod h1:8IFJqpSRITyJ8QhQ13bmbeMBDfmeEJZD5A0egEOmkqU= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I= @@ -300,7 +299,6 @@ golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxb golang.org/x/tools v0.38.0 h1:Hx2Xv8hISq8Lm16jvBZ2VQf+RLmbd7wVUsALibYI/IQ= golang.org/x/tools v0.38.0/go.mod h1:yEsQ/d/YK8cjh0L6rZlY8tgtlKiBNTL14pGDJPJpYQs= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 h1:+cNy6SZtPcJQH3LJVLOSmiC7MMxXNOb3PU/VUEz+EhU= golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028/go.mod h1:NDW/Ps6MPRej6fsCIbMTohpP40sJ/P/vI1MoTEGwX90= google.golang.org/protobuf v1.36.8 h1:xHScyCOEuuwZEc6UtSOvPbAT4zRh0xcNRYekJwfqyMc= diff --git a/tools/pipeline/internal/cmd/github.go b/tools/pipeline/internal/cmd/github.go index 8af77d1f6a..e3b10a8446 100644 --- a/tools/pipeline/internal/cmd/github.go +++ b/tools/pipeline/internal/cmd/github.go @@ -10,7 +10,7 @@ import ( "os" "path/filepath" - "github.com/google/go-github/v81/github" + "github.com/google/go-github/v83/github" "github.com/shurcooL/githubv4" "github.com/spf13/cobra" "golang.org/x/oauth2" diff --git a/tools/pipeline/internal/pkg/changed/config_test.go b/tools/pipeline/internal/pkg/changed/config_test.go index c197d73113..67c7786f6a 100644 --- a/tools/pipeline/internal/pkg/changed/config_test.go +++ b/tools/pipeline/internal/pkg/changed/config_test.go @@ -8,7 +8,7 @@ import ( "path/filepath" "testing" - gh "github.com/google/go-github/v81/github" + gh "github.com/google/go-github/v83/github" "github.com/stretchr/testify/require" ) diff --git a/tools/pipeline/internal/pkg/changed/file.go b/tools/pipeline/internal/pkg/changed/file.go index b5ac87603b..2d3dd02459 100644 --- a/tools/pipeline/internal/pkg/changed/file.go +++ b/tools/pipeline/internal/pkg/changed/file.go @@ -8,7 +8,7 @@ import ( "slices" "strings" - gh "github.com/google/go-github/v81/github" + gh "github.com/google/go-github/v83/github" ) // File represents a changed file in a PR or commit. diff --git a/tools/pipeline/internal/pkg/config/config_test.go b/tools/pipeline/internal/pkg/config/config_test.go index bef5de46a1..571e98fb44 100644 --- a/tools/pipeline/internal/pkg/config/config_test.go +++ b/tools/pipeline/internal/pkg/config/config_test.go @@ -10,7 +10,7 @@ import ( "path/filepath" "testing" - "github.com/google/go-github/v81/github" + "github.com/google/go-github/v83/github" "github.com/hashicorp/vault/tools/pipeline/internal/pkg/changed" "github.com/stretchr/testify/require" "github.com/zclconf/go-cty/cty" diff --git a/tools/pipeline/internal/pkg/github/add_assignees.go b/tools/pipeline/internal/pkg/github/add_assignees.go index 580d2a52bb..1b7bcb8d0f 100644 --- a/tools/pipeline/internal/pkg/github/add_assignees.go +++ b/tools/pipeline/internal/pkg/github/add_assignees.go @@ -8,7 +8,7 @@ import ( "log/slog" "slices" - libgithub "github.com/google/go-github/v81/github" + libgithub "github.com/google/go-github/v83/github" slogctx "github.com/veqryn/slog-context" ) diff --git a/tools/pipeline/internal/pkg/github/check_commit_status.go b/tools/pipeline/internal/pkg/github/check_commit_status.go index 7496e704c5..2bab6654be 100644 --- a/tools/pipeline/internal/pkg/github/check_commit_status.go +++ b/tools/pipeline/internal/pkg/github/check_commit_status.go @@ -10,7 +10,7 @@ import ( "slices" "strings" - libgithub "github.com/google/go-github/v81/github" + libgithub "github.com/google/go-github/v83/github" "github.com/jedib0t/go-pretty/v6/table" ) diff --git a/tools/pipeline/internal/pkg/github/check_go_mod_diff_request.go b/tools/pipeline/internal/pkg/github/check_go_mod_diff_request.go index 0009a4b56c..33c1124ec7 100644 --- a/tools/pipeline/internal/pkg/github/check_go_mod_diff_request.go +++ b/tools/pipeline/internal/pkg/github/check_go_mod_diff_request.go @@ -11,7 +11,7 @@ import ( "log/slog" "os" - libgithub "github.com/google/go-github/v81/github" + libgithub "github.com/google/go-github/v83/github" libgit "github.com/hashicorp/vault/tools/pipeline/internal/pkg/git/client" "github.com/hashicorp/vault/tools/pipeline/internal/pkg/golang" "github.com/jedib0t/go-pretty/v6/table" diff --git a/tools/pipeline/internal/pkg/github/close_copied_origin_pull_request.go b/tools/pipeline/internal/pkg/github/close_copied_origin_pull_request.go index 4cf9683b9b..dcdb4d5bad 100644 --- a/tools/pipeline/internal/pkg/github/close_copied_origin_pull_request.go +++ b/tools/pipeline/internal/pkg/github/close_copied_origin_pull_request.go @@ -12,7 +12,7 @@ import ( "slices" "strings" - libgithub "github.com/google/go-github/v81/github" + libgithub "github.com/google/go-github/v83/github" "github.com/jedib0t/go-pretty/v6/table" "github.com/shurcooL/githubv4" slogctx "github.com/veqryn/slog-context" diff --git a/tools/pipeline/internal/pkg/github/commit.go b/tools/pipeline/internal/pkg/github/commit.go index da852d810d..5e5c0c392f 100644 --- a/tools/pipeline/internal/pkg/github/commit.go +++ b/tools/pipeline/internal/pkg/github/commit.go @@ -7,7 +7,7 @@ import ( "context" "log/slog" - libgithub "github.com/google/go-github/v81/github" + libgithub "github.com/google/go-github/v83/github" slogctx "github.com/veqryn/slog-context" ) diff --git a/tools/pipeline/internal/pkg/github/copy_pull_request.go b/tools/pipeline/internal/pkg/github/copy_pull_request.go index 5f9c2effe3..5214194bcd 100644 --- a/tools/pipeline/internal/pkg/github/copy_pull_request.go +++ b/tools/pipeline/internal/pkg/github/copy_pull_request.go @@ -15,7 +15,7 @@ import ( "slices" "strings" - libgithub "github.com/google/go-github/v81/github" + libgithub "github.com/google/go-github/v83/github" libgit "github.com/hashicorp/vault/tools/pipeline/internal/pkg/git/client" "github.com/jedib0t/go-pretty/v6/table" slogctx "github.com/veqryn/slog-context" diff --git a/tools/pipeline/internal/pkg/github/copy_pull_request_test.go b/tools/pipeline/internal/pkg/github/copy_pull_request_test.go index a042ad2141..6c3b585b36 100644 --- a/tools/pipeline/internal/pkg/github/copy_pull_request_test.go +++ b/tools/pipeline/internal/pkg/github/copy_pull_request_test.go @@ -6,7 +6,7 @@ package github import ( "testing" - libgithub "github.com/google/go-github/v81/github" + libgithub "github.com/google/go-github/v83/github" "github.com/stretchr/testify/require" ) diff --git a/tools/pipeline/internal/pkg/github/create_backport.go b/tools/pipeline/internal/pkg/github/create_backport.go index e3ea4b78be..c42aecb4bb 100644 --- a/tools/pipeline/internal/pkg/github/create_backport.go +++ b/tools/pipeline/internal/pkg/github/create_backport.go @@ -15,7 +15,7 @@ import ( "slices" "strings" - libgithub "github.com/google/go-github/v81/github" + libgithub "github.com/google/go-github/v83/github" "github.com/hashicorp/vault/tools/pipeline/internal/pkg/changed" "github.com/hashicorp/vault/tools/pipeline/internal/pkg/config" libgit "github.com/hashicorp/vault/tools/pipeline/internal/pkg/git/client" @@ -760,6 +760,21 @@ func (r *CreateBackportReq) backportRef( return res } + // Copy non-backport labels from the original PR to the backport PR + labelsToAdd := filterNonBackportLabels(pr.Labels, r.BackportLabelPrefix) + err = addLabelsToIssue( + ctx, + github, + r.Owner, + r.Repo, + int(res.PullRequest.GetNumber()), + labelsToAdd, + ) + if err != nil { + res.Error = fmt.Errorf("adding labels to backport PR: %w", err) + return res + } + return res } diff --git a/tools/pipeline/internal/pkg/github/create_backport_test.go b/tools/pipeline/internal/pkg/github/create_backport_test.go index 6c627fa6ec..c6f43d705f 100644 --- a/tools/pipeline/internal/pkg/github/create_backport_test.go +++ b/tools/pipeline/internal/pkg/github/create_backport_test.go @@ -8,7 +8,7 @@ import ( "errors" "testing" - libgithub "github.com/google/go-github/v81/github" + libgithub "github.com/google/go-github/v83/github" "github.com/hashicorp/vault/tools/pipeline/internal/pkg/changed" "github.com/hashicorp/vault/tools/pipeline/internal/pkg/config" "github.com/hashicorp/vault/tools/pipeline/internal/pkg/releases" @@ -746,3 +746,76 @@ func TestCreateBackportRes_Err(t *testing.T) { }) } } + +// Test_filterNonBackportLabels tests the label filtering functionality +func Test_filterNonBackportLabels(t *testing.T) { + t.Parallel() + + for name, test := range map[string]struct { + backportPrefix string + sourceLabels Labels + expectedLabels []string + }{ + "no labels": { + backportPrefix: "backport", + sourceLabels: Labels{}, + expectedLabels: nil, + }, + "only backport labels": { + backportPrefix: "backport", + sourceLabels: Labels{ + &libgithub.Label{Name: libgithub.Ptr("backport/1.18.x")}, + &libgithub.Label{Name: libgithub.Ptr("backport/1.19.x")}, + }, + expectedLabels: nil, + }, + "mixed labels": { + backportPrefix: "backport", + sourceLabels: Labels{ + &libgithub.Label{Name: libgithub.Ptr("bug")}, + &libgithub.Label{Name: libgithub.Ptr("backport/1.18.x")}, + &libgithub.Label{Name: libgithub.Ptr("enhancement")}, + &libgithub.Label{Name: libgithub.Ptr("backport/ce/main")}, + &libgithub.Label{Name: libgithub.Ptr("docs")}, + }, + expectedLabels: []string{"bug", "enhancement", "docs"}, + }, + "no backport labels": { + backportPrefix: "backport", + sourceLabels: Labels{ + &libgithub.Label{Name: libgithub.Ptr("bug")}, + &libgithub.Label{Name: libgithub.Ptr("enhancement")}, + &libgithub.Label{Name: libgithub.Ptr("docs")}, + &libgithub.Label{Name: libgithub.Ptr("priority/high")}, + }, + expectedLabels: []string{"bug", "enhancement", "docs", "priority/high"}, + }, + "custom backport prefix": { + backportPrefix: "cherry-pick", + sourceLabels: Labels{ + &libgithub.Label{Name: libgithub.Ptr("bug")}, + &libgithub.Label{Name: libgithub.Ptr("cherry-pick/1.18.x")}, + &libgithub.Label{Name: libgithub.Ptr("enhancement")}, + }, + expectedLabels: []string{"bug", "enhancement"}, + }, + "backport-like but different prefix": { + backportPrefix: "backport", + sourceLabels: Labels{ + &libgithub.Label{Name: libgithub.Ptr("backup/daily")}, + &libgithub.Label{Name: libgithub.Ptr("backport/1.18.x")}, + &libgithub.Label{Name: libgithub.Ptr("enhancement")}, + }, + expectedLabels: []string{"backup/daily", "enhancement"}, + }, + } { + t.Run(name, func(t *testing.T) { + t.Parallel() + + filteredLabels := filterNonBackportLabels(test.sourceLabels, test.backportPrefix) + + require.Equal(t, test.expectedLabels, filteredLabels, + "filtered labels should match expected labels") + }) + } +} diff --git a/tools/pipeline/internal/pkg/github/find_workflow_artifact.go b/tools/pipeline/internal/pkg/github/find_workflow_artifact.go index 3bdccb90d3..636ddfe945 100644 --- a/tools/pipeline/internal/pkg/github/find_workflow_artifact.go +++ b/tools/pipeline/internal/pkg/github/find_workflow_artifact.go @@ -13,7 +13,7 @@ import ( "regexp" "slices" - gh "github.com/google/go-github/v81/github" + gh "github.com/google/go-github/v83/github" "github.com/jedib0t/go-pretty/v6/table" slogctx "github.com/veqryn/slog-context" ) diff --git a/tools/pipeline/internal/pkg/github/issue.go b/tools/pipeline/internal/pkg/github/issue.go index e817c82c00..ab65cddc5c 100644 --- a/tools/pipeline/internal/pkg/github/issue.go +++ b/tools/pipeline/internal/pkg/github/issue.go @@ -7,7 +7,7 @@ import ( "context" "log/slog" - libgithub "github.com/google/go-github/v81/github" + libgithub "github.com/google/go-github/v83/github" slogctx "github.com/veqryn/slog-context" ) diff --git a/tools/pipeline/internal/pkg/github/labels.go b/tools/pipeline/internal/pkg/github/labels.go new file mode 100644 index 0000000000..4f5b60e53c --- /dev/null +++ b/tools/pipeline/internal/pkg/github/labels.go @@ -0,0 +1,54 @@ +// Copyright IBM Corp. 2016, 2025 +// SPDX-License-Identifier: BUSL-1.1 + +package github + +import ( + "context" + "log/slog" + "strings" + + libgithub "github.com/google/go-github/v83/github" + slogctx "github.com/veqryn/slog-context" +) + +// filterNonBackportLabels returns a slice of label names that do not have the +// specified backport prefix, filtering out backport labels from the input labels +func filterNonBackportLabels(labels Labels, backportPrefix string) []string { + var labelsToAdd []string + for _, label := range labels { + if label.GetName() != "" && !strings.HasPrefix(label.GetName(), backportPrefix+"/") { + labelsToAdd = append(labelsToAdd, label.GetName()) + } + } + return labelsToAdd +} + +// addLabelsToIssue adds the given labels to the issue or pull request +func addLabelsToIssue( + ctx context.Context, + github *libgithub.Client, + owner string, + repo string, + number int, + labels []string, +) error { + if len(labels) < 1 { + slog.Default().DebugContext(ctx, "skipping label assignment because no labels were provided") + return nil + } + + ctx = slogctx.Append(ctx, + slog.String("labels", strings.Join(labels, ", ")), + slog.Int("issue-number", number), + ) + + slog.Default().DebugContext(ctx, "adding labels to issue or pull request") + _, _, err := github.Issues.AddLabelsToIssue(ctx, owner, repo, number, labels) + if err != nil { + return err + } + + slog.Default().DebugContext(ctx, "successfully added labels to issue or pull request") + return nil +} diff --git a/tools/pipeline/internal/pkg/github/list_changed_files.go b/tools/pipeline/internal/pkg/github/list_changed_files.go index 23b1279c98..994b3c1251 100644 --- a/tools/pipeline/internal/pkg/github/list_changed_files.go +++ b/tools/pipeline/internal/pkg/github/list_changed_files.go @@ -10,7 +10,7 @@ import ( "fmt" "strings" - gh "github.com/google/go-github/v81/github" + gh "github.com/google/go-github/v83/github" "github.com/hashicorp/vault/tools/pipeline/internal/pkg/changed" "github.com/hashicorp/vault/tools/pipeline/internal/pkg/config" "github.com/jedib0t/go-pretty/v6/table" diff --git a/tools/pipeline/internal/pkg/github/list_commit_statuses.go b/tools/pipeline/internal/pkg/github/list_commit_statuses.go index 6e91399e0f..1efa061b54 100644 --- a/tools/pipeline/internal/pkg/github/list_commit_statuses.go +++ b/tools/pipeline/internal/pkg/github/list_commit_statuses.go @@ -8,7 +8,7 @@ import ( "errors" "fmt" - libgithub "github.com/google/go-github/v81/github" + libgithub "github.com/google/go-github/v83/github" "github.com/jedib0t/go-pretty/v6/table" ) diff --git a/tools/pipeline/internal/pkg/github/list_workflow_runs.go b/tools/pipeline/internal/pkg/github/list_workflow_runs.go index e4af16a646..9cb45f6cf2 100644 --- a/tools/pipeline/internal/pkg/github/list_workflow_runs.go +++ b/tools/pipeline/internal/pkg/github/list_workflow_runs.go @@ -10,7 +10,7 @@ import ( "net/http" "sync" - gh "github.com/google/go-github/v81/github" + gh "github.com/google/go-github/v83/github" ) // PerPageMax is the maximum number of entities to request for enpoints that diff --git a/tools/pipeline/internal/pkg/github/pull_request.go b/tools/pipeline/internal/pkg/github/pull_request.go index df1e274c41..bb5300b629 100644 --- a/tools/pipeline/internal/pkg/github/pull_request.go +++ b/tools/pipeline/internal/pkg/github/pull_request.go @@ -8,7 +8,7 @@ import ( "fmt" "log/slog" - libgithub "github.com/google/go-github/v81/github" + libgithub "github.com/google/go-github/v83/github" "github.com/shurcooL/githubv4" slogctx "github.com/veqryn/slog-context" ) diff --git a/tools/pipeline/internal/pkg/github/sync_branch_request.go b/tools/pipeline/internal/pkg/github/sync_branch_request.go index 93e5464711..69b7510245 100644 --- a/tools/pipeline/internal/pkg/github/sync_branch_request.go +++ b/tools/pipeline/internal/pkg/github/sync_branch_request.go @@ -13,7 +13,7 @@ import ( "path/filepath" "strings" - libgithub "github.com/google/go-github/v81/github" + libgithub "github.com/google/go-github/v83/github" "github.com/hashicorp/vault/tools/pipeline/internal/pkg/config" gitpkg "github.com/hashicorp/vault/tools/pipeline/internal/pkg/git" gitclient "github.com/hashicorp/vault/tools/pipeline/internal/pkg/git/client" diff --git a/tools/pipeline/internal/pkg/github/templates_test.go b/tools/pipeline/internal/pkg/github/templates_test.go index 83d61bf674..38e963d17c 100644 --- a/tools/pipeline/internal/pkg/github/templates_test.go +++ b/tools/pipeline/internal/pkg/github/templates_test.go @@ -8,7 +8,7 @@ import ( "io" "testing" - libgithub "github.com/google/go-github/v81/github" + libgithub "github.com/google/go-github/v83/github" "github.com/stretchr/testify/require" ) diff --git a/tools/pipeline/internal/pkg/github/workflows.go b/tools/pipeline/internal/pkg/github/workflows.go index 0bc86120ea..029718a182 100644 --- a/tools/pipeline/internal/pkg/github/workflows.go +++ b/tools/pipeline/internal/pkg/github/workflows.go @@ -8,7 +8,7 @@ import ( "fmt" "log/slog" - gh "github.com/google/go-github/v81/github" + gh "github.com/google/go-github/v83/github" slogctx "github.com/veqryn/slog-context" )