[Security] Secvuln 8633 Consul configuration allowed repeated keys #45253
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Copyright (c) HashiCorp, Inc. | |
# SPDX-License-Identifier: MPL-2.0 | |
# This workflow checks that there is either a 'pr/no-changelog' label applied to a PR | |
# or there is a .changelog/<pr number>.txt file associated with a PR for a changelog entry | |
name: Changelog Checker | |
on: | |
pull_request: | |
types: [opened, synchronize, labeled] | |
# Runs on PRs to main and all release branches | |
branches: | |
- main | |
- release/* | |
jobs: | |
# checks that a .changelog entry is present for a PR | |
changelog-check: | |
# If there a `pr/no-changelog` label we ignore this check. Also, we ignore PRs created by the bot assigned to `backport-assistant` | |
if: "! ( contains(github.event.pull_request.labels.*.name, 'pr/no-changelog') || github.event.pull_request.user.login == 'hc-github-team-consul-core' )" | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 | |
with: | |
ref: ${{ github.event.pull_request.head.sha }} | |
fetch-depth: 0 # by default the checkout action doesn't checkout all branches | |
- name: Check for changelog entry in diff | |
run: ./.github/scripts/changelog_checker.sh | |
env: | |
GITHUB_BASE_REF: ${{ github.event.pull_request.base.ref }} | |
GITHUB_DEFAULT_BRANCH: ${{ github.event.repository.default_branch }} | |
PR_NUMBER: ${{ github.event.pull_request.number }} |