Commit Graph

107 Commits

Author SHA1 Message Date
dependabot[bot]
6cab5bfd42 rebase: bump actions/stale from 8 to 9
Bumps [actions/stale](https://github.com/actions/stale) from 8 to 9.
- [Release notes](https://github.com/actions/stale/releases)
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/stale/compare/v8...v9)

---
updated-dependencies:
- dependency-name: actions/stale
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-12-12 08:44:36 +00:00
Rakshith R
788b6629ec ci: update pr-commentor rules matrix
This commit adds rules for release-v3.10
and removes rules for release-v3.8.

Signed-off-by: Rakshith R <rar@redhat.com>
2023-11-30 10:21:27 +01:00
Riya Singhal
aa55317c74 ci: add ci bot for auto assigning issue
this will auto assign the issue to the user who
commented /assign

Signed-off-by: Riya Singhal <rsinghal@redhat.com>
2023-11-22 13:19:26 +00:00
Madhu Rajanna
63f48874ad ci: add snyk for container image
adding a github action to do security
scanning for the cephcsi container image

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2023-11-16 10:23:13 +00:00
Madhu Rajanna
6b3665b80c ci: add snyk scanning
adding snyk github action to
run when a PR is merged to the release
branch or when a new release is done.
Run snyk weekly on the devel branch.
This will help us to track the security
scanning results and fix if anything is
required and also it serves as a placeholder
for security scanning result for a while.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2023-11-16 05:23:19 +00:00
dependabot[bot]
7f96dc8a64 rebase: bump actions/github-script from 6 to 7
Bumps [actions/github-script](https://github.com/actions/github-script) from 6 to 7.
- [Release notes](https://github.com/actions/github-script/releases)
- [Commits](https://github.com/actions/github-script/compare/v6...v7)

---
updated-dependencies:
- dependency-name: actions/github-script
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-11-14 09:12:35 +00:00
Niels de Vos
ba37ff73ac ci: run tickgit after merging a PR in the devel branch
The `tickgit.com` webservice seems to not update itself anymore, but
having a list of TODO's is very useful. Use the tickgit project to
gather the TODO's, bit in a GitHub Workflow.

Developers can also run `make containerized-test TARGET=tickgit` to get
the result locally.

Signed-off-by: Niels de Vos <ndevos@ibm.com>
2023-11-08 08:29:10 +00:00
Madhu Rajanna
311193d5ca doc: add pending release notes
Keeping track of changes between releases
and fetching that information during
release is difficult, Adding a doc to
keep track of the changes between major
releases which helps during release.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2023-11-03 10:13:30 +00:00
Niels de Vos
e97bd247c8 ci: do not include go-ceph in generic GitHub package rebases
go-ceph is an important package that we consume.  It is better to have
that as separate rebase PR from Dependabot and not include it in the
general GitHub package group.

Signed-off-by: Niels de Vos <ndevos@ibm.com>
2023-10-12 05:39:33 +00:00
Niels de Vos
7cfe1127ce ci: group golang.org/x/ under golang dependencies
Golang dependencies are already grouped, but they only contain packages
from `github.com/golang*`. There are more Golang standard packages that
are located at `golang.org/x/*`. Because of the tight relationship
between these packages, it is more efficient to group updates together.

Signed-off-by: Niels de Vos <ndevos@ibm.com>
2023-10-10 11:53:00 +00:00
dependabot[bot]
5677834d24 rebase: bump docker/login-action from 2 to 3
Bumps [docker/login-action](https://github.com/docker/login-action) from 2 to 3.
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](https://github.com/docker/login-action/compare/v2...v3)

---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-09-20 10:03:37 +00:00
dependabot[bot]
b3ef8672a4 rebase: Bump actions/checkout from 3 to 4
Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-09-05 08:47:25 +00:00
Madhu Rajanna
4a8c901405 ci: use dependabot group feature
enable dependabot raising PR by groups to
reduce PR and save CI resources.
This uses the  beta groups feature of dependabot
More details here
https://docs.github.com/en/code-security/\
dependabot/dependabot-version-updates/\
configuration-options-for-the-dependabot.yml-file#groups

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2023-08-29 14:01:10 +00:00
Niels de Vos
ee843e6ffd ci: only add /test .. comment if the branch for the PR matches
By adding an if-statement for each step of the matrix job, only those
steps are executed where the base ref of the PR matches the branch in
the matrix parameters.

Signed-off-by: Niels de Vos <ndevos@ibm.com>
2023-08-22 11:28:37 +00:00
Niels de Vos
2d120f2e10 ci: exclude branches from the testing matrix for ok-to-test comments
It seems that `matrix.*` parameters can not be used in the if-statement
for a job. Now using the `exclude:` parameter with a more dynamically
constructed value for the branch. If the value for the branch is not
part of the initial branch list, the value will not be excluded, so the
jobs are expected to run.

Signed-off-by: Niels de Vos <ndevos@ibm.com>
2023-08-22 11:09:14 +00:00
Niels de Vos
a57fe08e7d ci: run versioned k8s jobs only on selected branches
By using a matrix strategy with excluding certain branches and
Kubernetes versions, the number of CI jobs per PullRequest should stay
limited.

Closes: #4060
Signed-off-by: Niels de Vos <ndevos@ibm.com>
2023-08-21 11:06:29 +00:00
Madhu Rajanna
9ffd3ffd98 ci: update pull request commentor for kube 1.28.0
updating pull request commentor to
run tests with kubernetes 1.28.0

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2023-08-21 09:32:25 +02:00
Niels de Vos
f371aa2677 ci: use podman for simple GitHub workflows
`podman` is installed by default on the Ubuntu runners. Podman is
recommended for developers and contributors, as there are no elevated
privileges required to run it. Docker requires extra permissions to
build and or run container images, and contributors to Ceph-CSI should
not need to spend time working with that (several developers run the
`docker` command with `sudo`, which is discouraged).

Only the multi-arch Workflows require Docker, for the time being.

Signed-off-by: Niels de Vos <ndevos@ibm.com>
2023-08-07 16:34:44 +00:00
Niels de Vos
ce26b0e212 ci: allow CVE-2019-11255 in Kubernetes module dependency
It is unclear how a module for utility functions can have the same
problem as a separate side-car that is expected to do the input
validation. The side-cars have been fixed already, no further details
are in the CVE description (from 2019).

See-also: https://github.com/advisories/GHSA-f4w6-3rh6-6q4
Signed-off-by: Niels de Vos <ndevos@ibm.com>
2023-07-26 13:34:23 +00:00
Niels de Vos
489d0ff1a6 doc: remove /retest all command for Jenkins jobs
`/retest all` causes a spike in resource consumption in Jenkins and the
OpenShift cluster kills the Pod. That means tests are not fully running
yet, and results never arrive back in the PR. Instead of `/retest all`,
the `ok-to-test` label can be used to trigger required tests with a
slight delay between each command.

Signed-off-by: Niels de Vos <ndevos@ibm.com>
2023-07-04 12:38:39 +00:00
Rakshith R
37f1d722d3 ci: remove checks for k8s 1.24 ci tests
K8s 1.24 will be End of Life on 2023-07-28.
Therefore, removing checks for ci tests on
that version.

refer:
https://kubernetes.io/releases/#release-v1-24

Signed-off-by: Rakshith R <rar@redhat.com>
2023-06-16 09:07:18 +02:00
Rakshith R
40888f01b6 ci: fix pr-commentor for merge queue draft pr
The mergify label copier used github-actions bot
to add labels. Actions performed by github-actions
bot do not trigger a workflow and hence
pull-request-commentor was not working as expected.
This commit modifies mergify label copier to use
Cephcsi-bot to copy labels which then will be
able to trigger action to add pr comments.

Signed-off-by: Rakshith R <rar@redhat.com>
2023-06-14 10:23:12 +00:00
Niels de Vos
0e79135419 ci: prevent Retest Workflow from running on forked repos
Forked repositories contain the the `.github/workflows/` directory, and
therefore run all the GitHub Workflows located there. Some of the
workflows need additional configuration, like providing access to the
standard `GITHUB_TOKEN`. If the extra configuration is not done, the
GitHub Workflow will fail, and the owner of the forked repository will
receive regular notifications about that.

There is no need to run the "retest" workflow on forked repositories, so
it can be skipped by default.

Signed-off-by: Niels de Vos <ndevos@ibm.com>
2023-06-05 08:56:40 +00:00
Niels de Vos
6a5d7f57e5 ci: use the "ceph-csi-bot" account for commenting on PRs
By default the `GITHUB_TOKEN` is used for the actions, and the name of
the account that comments is "github-actions[bot]". It is a nice touch
to use the Ceph-CSI Bot account instead.

Signed-off-by: Niels de Vos <ndevos@ibm.com>
2023-06-05 07:37:51 +00:00
Niels de Vos
ba991cbb85 ci: use github.event.label.name for check in pull-request-commenter
The `github.event.label.name` was replaced by
`github.event.pull_request.label` in PR #3862. It seems that the value
always is `null`, which causes the pull-request-commenter to skip the
events for `ok-to-test` label additions. By using the original
`github.event.label.name`, things work again as expected.

Signed-off-by: Niels de Vos <ndevos@ibm.com>
2023-06-01 11:52:02 +00:00
Niels de Vos
360df61eb0 ci: github.event.pull_request.merged is a boolean, not a string
With the updates to the pull-request-commenter, all strings were placed
within `'` to prevent syntax issues. It seems that
`github.event.pull_request.merged` really is a boolean (or `null`), and
not a string.

Doc: https://docs.github.com/en/webhooks-and-events/ ("payloads" section)
Signed-off-by: Niels de Vos <ndevos@ibm.com>
2023-05-31 09:44:25 +00:00
Niels de Vos
b804181a3d ci: remove \ from GitHub Workflow if condition
Backslashes (`\`) cause issues in the `if` statment with GitHub
Workflows.

    Unexpected symbol: '\'. Located at position 53 within expression:
    (github.event.pull_request.label == 'ok-to-test' && \

Using the `>` YAML syntax to replace linebreaks with spaces should
address this problem.

Signed-off-by: Niels de Vos <ndevos@ibm.com>
2023-05-31 07:44:13 +00:00
Niels de Vos
27dc4f0fde ci: fix syntax error in pull-request-commenter GitHub Workflow
The `ok-to-test` label does not work anymore, and the GitHub Workflow
contains the following error:

    The workflow is not valid.
    .github/workflows/pull-request-commentor.yaml (Line: 15, Col: 9):
    Unrecognized named-value: 'ok-to-test'.

Signed-off-by: Niels de Vos <ndevos@ibm.com>
2023-05-30 14:00:27 +00:00
Rakshith R
cf0fd2bfeb ci: fix pull-request-commentor workflow
Fix if condition in workflow to account
for ok-to-test label on newly created prs.

Signed-off-by: Rakshith R <rar@redhat.com>
2023-05-26 12:15:07 +00:00
Rakshith R
b157b1a7c2 ci: trigger Add comment workflow for "opened" prs
The `Add comment` workflow was triggered only
when labels were added to the pr and failed
to be run on prs which were created with the
required label.
This commit makes sure the workflow is triggered
on pr creation too.

Signed-off-by: Rakshith R <rar@redhat.com>
2023-05-26 09:22:16 +00:00
Rakshith R
c63af2108e ci: switch back to official label copier & always add ok-to-test label
Signed-off-by: Rakshith R <rar@redhat.com>
2023-05-19 07:40:10 +00:00
Niels de Vos
6547868611 ci: checkout the local mergify-merge-queue-labels-copier
Without checking out the repository, it is not possible to run the local
action.

Signed-off-by: Niels de Vos <ndevos@ibm.com>
2023-05-15 16:37:11 +00:00
Niels de Vos
e46f65640c ci: rename gha-mergify-merge-queue-labels-copier.yaml to action.yaml
It seems to be required to have the GitHub Action called `action.yaml`.

Signed-off-by: Niels de Vos <ndevos@ibm.com>
2023-05-15 15:22:12 +00:00
Niels de Vos
b371337287 ci: use modified gha-mergify-merge-queue-labels-copier Action
The original Mergifyio/gha-mergify-merge-queue-labels-copier@main
contains `startsWith()` that has the arguments reversed. This prevents
the action from working as intended.

See-also: https://docs.github.com/en/actions/learn-github-actions/expressions
Signed-off-by: Niels de Vos <ndevos@ibm.com>
2023-05-15 14:47:53 +00:00
Niels de Vos
52ebfa6b97 ci: include ci/skip/.. labels for copying into merge queue PRs
Setting an empty `labels:` fails to work as intended, no labels get
copied ad all. Now setting the `ci/skip/..` labels, as those are most
important for speeding up merging.

Signed-off-by: Niels de Vos <ndevos@ibm.com>
2023-05-15 12:47:40 +00:00
Niels de Vos
745d2ace92 ci: Mergify copy-labels requires empty string for labels:
Instead of leaving the `labels:` empty, pass an empty string `""`.

Signed-off-by: Niels de Vos <ndevos@ibm.com>
2023-05-15 08:03:28 +00:00
Niels de Vos
40eff59d45 ci: Mergify copy-labels requires empty labels: value
See-also: Mergifyio/mergify#5088
Signed-off-by: Niels de Vos <ndevos@ibm.com>
2023-05-15 07:24:04 +00:00
Niels de Vos
c37ac53cbb ci: add GitHub Workflow to copy labels in Mergify created PRs
When Mergify creates a PR, the `ok-to-test` label needs to be added
before CI runs. Not all PRs need complete testing, and they may have
some `ci/skip/..` labels too. With this new GitHub Workflow, the labels
get copied from the original PR into the newly created PR.

See-also: https://github.com/Mergifyio/mergify/discussions/5088
Signed-off-by: Niels de Vos <ndevos@ibm.com>
2023-05-11 11:05:46 +00:00
dependabot[bot]
c702264708 rebase: bump peter-evans/create-or-update-comment from 2 to 3
Bumps [peter-evans/create-or-update-comment](https://github.com/peter-evans/create-or-update-comment) from 2 to 3.
- [Release notes](https://github.com/peter-evans/create-or-update-comment/releases)
- [Commits](https://github.com/peter-evans/create-or-update-comment/compare/v2...v3)

---
updated-dependencies:
- dependency-name: peter-evans/create-or-update-comment
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-04-25 11:34:17 +00:00
riya-singhal31
1bc090d975 ci: update github actions for k8s 1.27
Signed-off-by: riya-singhal31 <rsinghal@redhat.com>
2023-04-21 08:18:33 +00:00
Madhu Rajanna
60248ce811 ci: remove kubernetes 1.23 from github action
Removed kubernetes 1.23 from github action
as 1.23 is not supported anymore.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2023-04-21 06:46:30 +00:00
dependabot[bot]
cb05525d4f rebase: Bump peter-evans/create-or-update-comment from 2 to 3
Bumps [peter-evans/create-or-update-comment](https://github.com/peter-evans/create-or-update-comment) from 2 to 3.
- [Release notes](https://github.com/peter-evans/create-or-update-comment/releases)
- [Commits](https://github.com/peter-evans/create-or-update-comment/compare/v2...v3)

---
updated-dependencies:
- dependency-name: peter-evans/create-or-update-comment
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-04-13 08:46:07 +00:00
dependabot[bot]
ac5d58f30e rebase: Bump actions/stale from 7 to 8
Bumps [actions/stale](https://github.com/actions/stale) from 7 to 8.
- [Release notes](https://github.com/actions/stale/releases)
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/stale/compare/v7...v8)

---
updated-dependencies:
- dependency-name: actions/stale
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-03-28 07:10:20 +00:00
Niels de Vos
c84b4a15ba ci: only run test-retest-action if the PR modifies the action
There is no need to run the `test-retest-action` GitHub Workflow if
there are no changes under the `actions/retest` directory.

Signed-off-by: Niels de Vos <ndevos@redhat.com>
2023-02-21 10:58:52 +00:00
Niels de Vos
3325e5045e ci: do not run commitlint GitHub Action on dependabot PRs
Currently commitlint is only skipped for PR at the time dependabot
creates them. Once Mergify rebases them, commitlint is started anyway.
This causes failed CI runs, which then need to be ignored. It is cleaner
to not run commitlint on any PR that dependabot owns.

Signed-off-by: Niels de Vos <ndevos@redhat.com>
2023-02-21 10:58:52 +00:00
Niels de Vos
773d2df564 ci: no need to run multi-arch-build for /actions/retest
Signed-off-by: Niels de Vos <ndevos@redhat.com>
2023-02-20 14:18:15 +00:00
Niels de Vos
3a28b0f370 ci: add /api to dependabot configuration
Signed-off-by: Niels de Vos <ndevos@redhat.com>
2023-02-20 14:18:15 +00:00
Niels de Vos
48822d942d ci: use context.issue.number for removing ok-to-test
`github.event.pull_request.number` does not seem to be valid as a script
object/variable.

Signed-off-by: Niels de Vos <ndevos@redhat.com>
2023-02-20 12:34:15 +00:00
Niels de Vos
3252c1e782 ci: remove ok-to-test label after commenting
Once the comments have been added, the `ok-to-test` label can be
removed. This makes it possible to simplify the Mergify configuration.

Signed-off-by: Niels de Vos <ndevos@redhat.com>
2023-02-20 11:10:23 +01:00
Niels de Vos
c3bc1f720b ci: add Kubernetes 1.26 as default version to test
Kubernetes 1.26 has been released at the end of 2022 and should be
tested frequently.

Signed-off-by: Niels de Vos <ndevos@redhat.com>
2023-01-31 08:30:38 +00:00