Commit Graph

71 Commits

Author SHA1 Message Date
Niels de Vos
a57fe08e7d ci: run versioned k8s jobs only on selected branches
By using a matrix strategy with excluding certain branches and
Kubernetes versions, the number of CI jobs per PullRequest should stay
limited.

Closes: #4060
Signed-off-by: Niels de Vos <ndevos@ibm.com>
2023-08-21 11:06:29 +00:00
Madhu Rajanna
9ffd3ffd98 ci: update pull request commentor for kube 1.28.0
updating pull request commentor to
run tests with kubernetes 1.28.0

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2023-08-21 09:32:25 +02:00
Niels de Vos
f371aa2677 ci: use podman for simple GitHub workflows
`podman` is installed by default on the Ubuntu runners. Podman is
recommended for developers and contributors, as there are no elevated
privileges required to run it. Docker requires extra permissions to
build and or run container images, and contributors to Ceph-CSI should
not need to spend time working with that (several developers run the
`docker` command with `sudo`, which is discouraged).

Only the multi-arch Workflows require Docker, for the time being.

Signed-off-by: Niels de Vos <ndevos@ibm.com>
2023-08-07 16:34:44 +00:00
Niels de Vos
ce26b0e212 ci: allow CVE-2019-11255 in Kubernetes module dependency
It is unclear how a module for utility functions can have the same
problem as a separate side-car that is expected to do the input
validation. The side-cars have been fixed already, no further details
are in the CVE description (from 2019).

See-also: https://github.com/advisories/GHSA-f4w6-3rh6-6q4
Signed-off-by: Niels de Vos <ndevos@ibm.com>
2023-07-26 13:34:23 +00:00
Rakshith R
37f1d722d3 ci: remove checks for k8s 1.24 ci tests
K8s 1.24 will be End of Life on 2023-07-28.
Therefore, removing checks for ci tests on
that version.

refer:
https://kubernetes.io/releases/#release-v1-24

Signed-off-by: Rakshith R <rar@redhat.com>
2023-06-16 09:07:18 +02:00
Rakshith R
40888f01b6 ci: fix pr-commentor for merge queue draft pr
The mergify label copier used github-actions bot
to add labels. Actions performed by github-actions
bot do not trigger a workflow and hence
pull-request-commentor was not working as expected.
This commit modifies mergify label copier to use
Cephcsi-bot to copy labels which then will be
able to trigger action to add pr comments.

Signed-off-by: Rakshith R <rar@redhat.com>
2023-06-14 10:23:12 +00:00
Niels de Vos
0e79135419 ci: prevent Retest Workflow from running on forked repos
Forked repositories contain the the `.github/workflows/` directory, and
therefore run all the GitHub Workflows located there. Some of the
workflows need additional configuration, like providing access to the
standard `GITHUB_TOKEN`. If the extra configuration is not done, the
GitHub Workflow will fail, and the owner of the forked repository will
receive regular notifications about that.

There is no need to run the "retest" workflow on forked repositories, so
it can be skipped by default.

Signed-off-by: Niels de Vos <ndevos@ibm.com>
2023-06-05 08:56:40 +00:00
Niels de Vos
6a5d7f57e5 ci: use the "ceph-csi-bot" account for commenting on PRs
By default the `GITHUB_TOKEN` is used for the actions, and the name of
the account that comments is "github-actions[bot]". It is a nice touch
to use the Ceph-CSI Bot account instead.

Signed-off-by: Niels de Vos <ndevos@ibm.com>
2023-06-05 07:37:51 +00:00
Niels de Vos
ba991cbb85 ci: use github.event.label.name for check in pull-request-commenter
The `github.event.label.name` was replaced by
`github.event.pull_request.label` in PR #3862. It seems that the value
always is `null`, which causes the pull-request-commenter to skip the
events for `ok-to-test` label additions. By using the original
`github.event.label.name`, things work again as expected.

Signed-off-by: Niels de Vos <ndevos@ibm.com>
2023-06-01 11:52:02 +00:00
Niels de Vos
360df61eb0 ci: github.event.pull_request.merged is a boolean, not a string
With the updates to the pull-request-commenter, all strings were placed
within `'` to prevent syntax issues. It seems that
`github.event.pull_request.merged` really is a boolean (or `null`), and
not a string.

Doc: https://docs.github.com/en/webhooks-and-events/ ("payloads" section)
Signed-off-by: Niels de Vos <ndevos@ibm.com>
2023-05-31 09:44:25 +00:00
Niels de Vos
b804181a3d ci: remove \ from GitHub Workflow if condition
Backslashes (`\`) cause issues in the `if` statment with GitHub
Workflows.

    Unexpected symbol: '\'. Located at position 53 within expression:
    (github.event.pull_request.label == 'ok-to-test' && \

Using the `>` YAML syntax to replace linebreaks with spaces should
address this problem.

Signed-off-by: Niels de Vos <ndevos@ibm.com>
2023-05-31 07:44:13 +00:00
Niels de Vos
27dc4f0fde ci: fix syntax error in pull-request-commenter GitHub Workflow
The `ok-to-test` label does not work anymore, and the GitHub Workflow
contains the following error:

    The workflow is not valid.
    .github/workflows/pull-request-commentor.yaml (Line: 15, Col: 9):
    Unrecognized named-value: 'ok-to-test'.

Signed-off-by: Niels de Vos <ndevos@ibm.com>
2023-05-30 14:00:27 +00:00
Rakshith R
cf0fd2bfeb ci: fix pull-request-commentor workflow
Fix if condition in workflow to account
for ok-to-test label on newly created prs.

Signed-off-by: Rakshith R <rar@redhat.com>
2023-05-26 12:15:07 +00:00
Rakshith R
b157b1a7c2 ci: trigger Add comment workflow for "opened" prs
The `Add comment` workflow was triggered only
when labels were added to the pr and failed
to be run on prs which were created with the
required label.
This commit makes sure the workflow is triggered
on pr creation too.

Signed-off-by: Rakshith R <rar@redhat.com>
2023-05-26 09:22:16 +00:00
Rakshith R
c63af2108e ci: switch back to official label copier & always add ok-to-test label
Signed-off-by: Rakshith R <rar@redhat.com>
2023-05-19 07:40:10 +00:00
Niels de Vos
6547868611 ci: checkout the local mergify-merge-queue-labels-copier
Without checking out the repository, it is not possible to run the local
action.

Signed-off-by: Niels de Vos <ndevos@ibm.com>
2023-05-15 16:37:11 +00:00
Niels de Vos
e46f65640c ci: rename gha-mergify-merge-queue-labels-copier.yaml to action.yaml
It seems to be required to have the GitHub Action called `action.yaml`.

Signed-off-by: Niels de Vos <ndevos@ibm.com>
2023-05-15 15:22:12 +00:00
Niels de Vos
b371337287 ci: use modified gha-mergify-merge-queue-labels-copier Action
The original Mergifyio/gha-mergify-merge-queue-labels-copier@main
contains `startsWith()` that has the arguments reversed. This prevents
the action from working as intended.

See-also: https://docs.github.com/en/actions/learn-github-actions/expressions
Signed-off-by: Niels de Vos <ndevos@ibm.com>
2023-05-15 14:47:53 +00:00
Niels de Vos
52ebfa6b97 ci: include ci/skip/.. labels for copying into merge queue PRs
Setting an empty `labels:` fails to work as intended, no labels get
copied ad all. Now setting the `ci/skip/..` labels, as those are most
important for speeding up merging.

Signed-off-by: Niels de Vos <ndevos@ibm.com>
2023-05-15 12:47:40 +00:00
Niels de Vos
745d2ace92 ci: Mergify copy-labels requires empty string for labels:
Instead of leaving the `labels:` empty, pass an empty string `""`.

Signed-off-by: Niels de Vos <ndevos@ibm.com>
2023-05-15 08:03:28 +00:00
Niels de Vos
40eff59d45 ci: Mergify copy-labels requires empty labels: value
See-also: Mergifyio/mergify#5088
Signed-off-by: Niels de Vos <ndevos@ibm.com>
2023-05-15 07:24:04 +00:00
Niels de Vos
c37ac53cbb ci: add GitHub Workflow to copy labels in Mergify created PRs
When Mergify creates a PR, the `ok-to-test` label needs to be added
before CI runs. Not all PRs need complete testing, and they may have
some `ci/skip/..` labels too. With this new GitHub Workflow, the labels
get copied from the original PR into the newly created PR.

See-also: https://github.com/Mergifyio/mergify/discussions/5088
Signed-off-by: Niels de Vos <ndevos@ibm.com>
2023-05-11 11:05:46 +00:00
dependabot[bot]
c702264708 rebase: bump peter-evans/create-or-update-comment from 2 to 3
Bumps [peter-evans/create-or-update-comment](https://github.com/peter-evans/create-or-update-comment) from 2 to 3.
- [Release notes](https://github.com/peter-evans/create-or-update-comment/releases)
- [Commits](https://github.com/peter-evans/create-or-update-comment/compare/v2...v3)

---
updated-dependencies:
- dependency-name: peter-evans/create-or-update-comment
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-04-25 11:34:17 +00:00
riya-singhal31
1bc090d975 ci: update github actions for k8s 1.27
Signed-off-by: riya-singhal31 <rsinghal@redhat.com>
2023-04-21 08:18:33 +00:00
Madhu Rajanna
60248ce811 ci: remove kubernetes 1.23 from github action
Removed kubernetes 1.23 from github action
as 1.23 is not supported anymore.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2023-04-21 06:46:30 +00:00
dependabot[bot]
cb05525d4f rebase: Bump peter-evans/create-or-update-comment from 2 to 3
Bumps [peter-evans/create-or-update-comment](https://github.com/peter-evans/create-or-update-comment) from 2 to 3.
- [Release notes](https://github.com/peter-evans/create-or-update-comment/releases)
- [Commits](https://github.com/peter-evans/create-or-update-comment/compare/v2...v3)

---
updated-dependencies:
- dependency-name: peter-evans/create-or-update-comment
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-04-13 08:46:07 +00:00
dependabot[bot]
ac5d58f30e rebase: Bump actions/stale from 7 to 8
Bumps [actions/stale](https://github.com/actions/stale) from 7 to 8.
- [Release notes](https://github.com/actions/stale/releases)
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/stale/compare/v7...v8)

---
updated-dependencies:
- dependency-name: actions/stale
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-03-28 07:10:20 +00:00
Niels de Vos
c84b4a15ba ci: only run test-retest-action if the PR modifies the action
There is no need to run the `test-retest-action` GitHub Workflow if
there are no changes under the `actions/retest` directory.

Signed-off-by: Niels de Vos <ndevos@redhat.com>
2023-02-21 10:58:52 +00:00
Niels de Vos
3325e5045e ci: do not run commitlint GitHub Action on dependabot PRs
Currently commitlint is only skipped for PR at the time dependabot
creates them. Once Mergify rebases them, commitlint is started anyway.
This causes failed CI runs, which then need to be ignored. It is cleaner
to not run commitlint on any PR that dependabot owns.

Signed-off-by: Niels de Vos <ndevos@redhat.com>
2023-02-21 10:58:52 +00:00
Niels de Vos
48822d942d ci: use context.issue.number for removing ok-to-test
`github.event.pull_request.number` does not seem to be valid as a script
object/variable.

Signed-off-by: Niels de Vos <ndevos@redhat.com>
2023-02-20 12:34:15 +00:00
Niels de Vos
3252c1e782 ci: remove ok-to-test label after commenting
Once the comments have been added, the `ok-to-test` label can be
removed. This makes it possible to simplify the Mergify configuration.

Signed-off-by: Niels de Vos <ndevos@redhat.com>
2023-02-20 11:10:23 +01:00
Niels de Vos
c3bc1f720b ci: add Kubernetes 1.26 as default version to test
Kubernetes 1.26 has been released at the end of 2022 and should be
tested frequently.

Signed-off-by: Niels de Vos <ndevos@redhat.com>
2023-01-31 08:30:38 +00:00
dependabot[bot]
911bc6eabc rebase: bump actions/stale from 6 to 7
Bumps [actions/stale](https://github.com/actions/stale) from 6 to 7.
- [Release notes](https://github.com/actions/stale/releases)
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/stale/compare/v6...v7)

---
updated-dependencies:
- dependency-name: actions/stale
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-01-04 09:45:15 +00:00
dependabot[bot]
f0cc5a0ef8 rebase: bump actions/dependency-review-action from 2 to 3
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 2 to 3.
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](https://github.com/actions/dependency-review-action/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/dependency-review-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-11-17 13:00:22 +00:00
Niels de Vos
38c4832665 ci: do not leave testing comments on merged PRs
A PR with status `github.event.pull_request.merged == true` does not
need to be tested again.

Signed-off-by: Niels de Vos <ndevos@redhat.com>
2022-11-11 11:35:05 +00:00
Madhu Rajanna
f19805a40b ci: consider kubernetes 1.25 for tests
As we have successful runs with kubernetes
1.25 Marking is as default for CI jobs and
required for merging PR.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2022-10-28 15:57:05 +02:00
Madhu Rajanna
4039bf5063 ci: remove kubernetes 1.22 tests
As we need to test with last 3 Kubernetes
releases removing Kubernetes 1.22
as we have 1.23, 1.24 and 1.25

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2022-10-28 15:57:05 +02:00
Madhu Rajanna
659567cfdc ci: add github action to trigger E2E
based on the discussion on the slack
channel. we are adding a github action
to trigger the CI jobs when a ok-to-test
label is added on the PR.

This action is based on below github action
https://github.com/peter-evans/create-or-update-comment

Sample Demo avaiable at
https://github.com/Madhu-1/
\label-commentor-action-testing/pull/4

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2022-10-26 06:59:22 +00:00
dependabot[bot]
5c8564c69d rebase: bump actions/stale from 5 to 6
Bumps [actions/stale](https://github.com/actions/stale) from 5 to 6.
- [Release notes](https://github.com/actions/stale/releases)
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/stale/compare/v5...v6)

---
updated-dependencies:
- dependency-name: actions/stale
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-10-04 06:40:14 +00:00
Madhu Rajanna
842279b811 ci: use ubuntu-latest for stale job
Currently, we use the Ubuntu 18.04 actions runner
for stale job. This runner will be deprecated
and removed in the beginning of Dec.
So should change the runner to use latest ubuntu.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2022-08-16 07:00:44 +00:00
dependabot[bot]
05ccb31a45 rebase: bump actions/dependency-review-action from 1 to 2
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 1 to 2.
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](https://github.com/actions/dependency-review-action/compare/v1...v2)

---
updated-dependencies:
- dependency-name: actions/dependency-review-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-06-24 08:17:57 +00:00
Naveen
60281fab40 ci: included dependency review
Dependency Review GitHub Action in your repository to enforce dependency
reviews on your pull requests.

Signed-off-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
2022-05-24 06:48:22 +00:00
Niels de Vos
bbecb81d4f ci: add ci/skip/multi-arch-build label
If the `ci/skip/multi-arch-build` label is set on a PR, the GitHub
Workflow only builds for the local architecture. This makes it possible
to merge PRs faster.

Signed-off-by: Niels de Vos <ndevos@redhat.com>
2022-05-10 06:08:22 +00:00
dependabot[bot]
6d23e750be rebase: bump docker/login-action from 1 to 2
Bumps [docker/login-action](https://github.com/docker/login-action) from 1 to 2.
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](https://github.com/docker/login-action/compare/v1...v2)

---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-05-10 05:02:33 +00:00
Madhu Rajanna
b4ff3884f1 ci: remove set-safe-directory from commitlint
Removed set-safe-directory option from the
commitlint.yaml as its not working as expected.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2022-05-09 05:57:14 +00:00
Niels de Vos
9533889b64 ci: do not set safe.directory for commitlint checkout
Commitlint fails with errors like:

```
git fetch -v origin devel
fatal: unsafe repository ('/go/src/github.com/ceph/ceph-csi' is owned by
someone else)
To add an exception for this directory, call:

	git config --global --add safe.directory /go/src/github.com/ceph/ceph-csi
make: *** [Makefile:153: commitlint] Error 128
```

By not setting the option with actions/checkout@v3, the error should not
happen anymore.

Signed-off-by: Niels de Vos <ndevos@redhat.com>
2022-05-09 03:10:04 +00:00
naveen
2672fad90a ci: Set permissions for GitHub actions
Restrict the GitHub token permissions only to the required ones; this way,
 even if the attackers will succeed in compromising your workflow,
 they won’t be able to do much.

- Included permissions for the action.
https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions

https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs

Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2022-05-05 20:21:15 +05:30
dependabot[bot]
b1a0f42b31 rebase: bump actions/checkout from 2 to 3
Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-05-05 12:47:46 +00:00
dependabot[bot]
194db3edd5 rebase: bump actions/stale from 3 to 5
Bumps [actions/stale](https://github.com/actions/stale) from 3 to 5.
- [Release notes](https://github.com/actions/stale/releases)
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/stale/compare/v3...v5)

---
updated-dependencies:
- dependency-name: actions/stale
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-05-05 10:29:39 +00:00
Rakshith R
6dd5fe9360 ci: use CEPH_CSI_BOT token for retest action
For retest action's comment `@Mergifyio refresh`
to be accepted by mergifyio,
the bot should have write permissions to the repo.
Therefore, use Ceph-csi-bot instead of github actions
bot.

Signed-off-by: Rakshith R <rar@redhat.com>
2022-03-18 05:27:49 +00:00