Update GitHub actions to use full length commit ids for
third-party actions to reduce security risk in case of vulnerabilities.
Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
Co-authored-by: Nikhil-Ladha <nikhilladha1999@gmail.com>
`podman` is installed by default on the Ubuntu runners. Podman is
recommended for developers and contributors, as there are no elevated
privileges required to run it. Docker requires extra permissions to
build and or run container images, and contributors to Ceph-CSI should
not need to spend time working with that (several developers run the
`docker` command with `sudo`, which is discouraged).
Only the multi-arch Workflows require Docker, for the time being.
Signed-off-by: Niels de Vos <ndevos@ibm.com>
Currently commitlint is only skipped for PR at the time dependabot
creates them. Once Mergify rebases them, commitlint is started anyway.
This causes failed CI runs, which then need to be ignored. It is cleaner
to not run commitlint on any PR that dependabot owns.
Signed-off-by: Niels de Vos <ndevos@redhat.com>
Commitlint fails with errors like:
```
git fetch -v origin devel
fatal: unsafe repository ('/go/src/github.com/ceph/ceph-csi' is owned by
someone else)
To add an exception for this directory, call:
git config --global --add safe.directory /go/src/github.com/ceph/ceph-csi
make: *** [Makefile:153: commitlint] Error 128
```
By not setting the option with actions/checkout@v3, the error should not
happen anymore.
Signed-off-by: Niels de Vos <ndevos@redhat.com>
The commit messages that Dependabot (@app/dependabot) creates are not
always accepted by the commitlint check. The configuration for
dependabot does not give a lot of options to customize the message, so
instead of adjusting the message to pass commitlint, just skip the check
(Mergify does not require commitlint status either).
See-also: #2460
Signed-off-by: Niels de Vos <ndevos@redhat.com>
GitHub Actions include a merge commit for the PR, which will defeat the
commitlint checking of all the commits inside the PR (only the merge
commit is checked).
Signed-off-by: Niels de Vos <ndevos@redhat.com>
