Commit Graph

9 Commits

Author SHA1 Message Date
StepSecurity Bot
56d08e1b4d ci: Harden GitHub Actions
Update GitHub actions to use full length commit ids for
third-party actions to reduce security risk in case of vulnerabilities.

Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
Co-authored-by: Nikhil-Ladha <nikhilladha1999@gmail.com>
2024-09-19 11:00:39 +00:00
Nikhil-Ladha
71cbf3d7eb ci: add test for uncommitted changes in deploy directory
added test for uncommitted changes in deploy directory under go-test GH action.
Also, created a new make target named `make check-deploy-committed` that
can be used to verify the uncommitted changes.

Signed-off-by: Nikhil-Ladha <nikhilladha1999@gmail.com>
2024-08-13 12:17:43 +00:00
Niels de Vos
6f043698d1 ci: add e2e-build-test for compiling the e2e testsuite
When Go modules get updated, golangci-lint sometimes fails with weird
errors. One of the common causes seems to be that there is a dependency
breakage between modules that are only used within the e2e test suite. A
normal build of the cephcsi executable succeeds, but building ./e2e
would fail.

By adding a job to build the e2e.test executable, a clear error message
will be reported when there are package dependency conflicts.

Signed-off-by: Niels de Vos <ndevos@ibm.com>
2024-06-28 08:38:54 +00:00
dependabot[bot]
b3ef8672a4 rebase: Bump actions/checkout from 3 to 4
Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-09-05 08:47:25 +00:00
Niels de Vos
f371aa2677 ci: use podman for simple GitHub workflows
`podman` is installed by default on the Ubuntu runners. Podman is
recommended for developers and contributors, as there are no elevated
privileges required to run it. Docker requires extra permissions to
build and or run container images, and contributors to Ceph-CSI should
not need to spend time working with that (several developers run the
`docker` command with `sudo`, which is discouraged).

Only the multi-arch Workflows require Docker, for the time being.

Signed-off-by: Niels de Vos <ndevos@ibm.com>
2023-08-07 16:34:44 +00:00
naveen
2672fad90a ci: Set permissions for GitHub actions
Restrict the GitHub token permissions only to the required ones; this way,
 even if the attackers will succeed in compromising your workflow,
 they won’t be able to do much.

- Included permissions for the action.
https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions

https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs

Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2022-05-05 20:21:15 +05:30
dependabot[bot]
b1a0f42b31 rebase: bump actions/checkout from 2 to 3
Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-05-05 12:47:46 +00:00
Niels de Vos
97525f5e74 ci: add make go-test-api to GitHub Action
Signed-off-by: Niels de Vos <ndevos@redhat.com>
2021-10-05 11:26:50 +00:00
Madhu Rajanna
edf6abce99 ci: add github workflows for static checks
adding a github workflow to run static checks
inside a container.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2020-12-07 12:57:29 +05:30