`podman` is installed by default on the Ubuntu runners. Podman is
recommended for developers and contributors, as there are no elevated
privileges required to run it. Docker requires extra permissions to
build and or run container images, and contributors to Ceph-CSI should
not need to spend time working with that (several developers run the
`docker` command with `sudo`, which is discouraged).
Only the multi-arch Workflows require Docker, for the time being.
Signed-off-by: Niels de Vos <ndevos@ibm.com>
It is unclear how a module for utility functions can have the same
problem as a separate side-car that is expected to do the input
validation. The side-cars have been fixed already, no further details
are in the CVE description (from 2019).
See-also: https://github.com/advisories/GHSA-f4w6-3rh6-6q4
Signed-off-by: Niels de Vos <ndevos@ibm.com>
`/retest all` causes a spike in resource consumption in Jenkins and the
OpenShift cluster kills the Pod. That means tests are not fully running
yet, and results never arrive back in the PR. Instead of `/retest all`,
the `ok-to-test` label can be used to trigger required tests with a
slight delay between each command.
Signed-off-by: Niels de Vos <ndevos@ibm.com>
K8s 1.24 will be End of Life on 2023-07-28.
Therefore, removing checks for ci tests on
that version.
refer:
https://kubernetes.io/releases/#release-v1-24
Signed-off-by: Rakshith R <rar@redhat.com>
The mergify label copier used github-actions bot
to add labels. Actions performed by github-actions
bot do not trigger a workflow and hence
pull-request-commentor was not working as expected.
This commit modifies mergify label copier to use
Cephcsi-bot to copy labels which then will be
able to trigger action to add pr comments.
Signed-off-by: Rakshith R <rar@redhat.com>
Forked repositories contain the the `.github/workflows/` directory, and
therefore run all the GitHub Workflows located there. Some of the
workflows need additional configuration, like providing access to the
standard `GITHUB_TOKEN`. If the extra configuration is not done, the
GitHub Workflow will fail, and the owner of the forked repository will
receive regular notifications about that.
There is no need to run the "retest" workflow on forked repositories, so
it can be skipped by default.
Signed-off-by: Niels de Vos <ndevos@ibm.com>
By default the `GITHUB_TOKEN` is used for the actions, and the name of
the account that comments is "github-actions[bot]". It is a nice touch
to use the Ceph-CSI Bot account instead.
Signed-off-by: Niels de Vos <ndevos@ibm.com>
The `github.event.label.name` was replaced by
`github.event.pull_request.label` in PR #3862. It seems that the value
always is `null`, which causes the pull-request-commenter to skip the
events for `ok-to-test` label additions. By using the original
`github.event.label.name`, things work again as expected.
Signed-off-by: Niels de Vos <ndevos@ibm.com>
With the updates to the pull-request-commenter, all strings were placed
within `'` to prevent syntax issues. It seems that
`github.event.pull_request.merged` really is a boolean (or `null`), and
not a string.
Doc: https://docs.github.com/en/webhooks-and-events/ ("payloads" section)
Signed-off-by: Niels de Vos <ndevos@ibm.com>
Backslashes (`\`) cause issues in the `if` statment with GitHub
Workflows.
Unexpected symbol: '\'. Located at position 53 within expression:
(github.event.pull_request.label == 'ok-to-test' && \
Using the `>` YAML syntax to replace linebreaks with spaces should
address this problem.
Signed-off-by: Niels de Vos <ndevos@ibm.com>
The `ok-to-test` label does not work anymore, and the GitHub Workflow
contains the following error:
The workflow is not valid.
.github/workflows/pull-request-commentor.yaml (Line: 15, Col: 9):
Unrecognized named-value: 'ok-to-test'.
Signed-off-by: Niels de Vos <ndevos@ibm.com>
The `Add comment` workflow was triggered only
when labels were added to the pr and failed
to be run on prs which were created with the
required label.
This commit makes sure the workflow is triggered
on pr creation too.
Signed-off-by: Rakshith R <rar@redhat.com>
The original Mergifyio/gha-mergify-merge-queue-labels-copier@main
contains `startsWith()` that has the arguments reversed. This prevents
the action from working as intended.
See-also: https://docs.github.com/en/actions/learn-github-actions/expressions
Signed-off-by: Niels de Vos <ndevos@ibm.com>
Setting an empty `labels:` fails to work as intended, no labels get
copied ad all. Now setting the `ci/skip/..` labels, as those are most
important for speeding up merging.
Signed-off-by: Niels de Vos <ndevos@ibm.com>
When Mergify creates a PR, the `ok-to-test` label needs to be added
before CI runs. Not all PRs need complete testing, and they may have
some `ci/skip/..` labels too. With this new GitHub Workflow, the labels
get copied from the original PR into the newly created PR.
See-also: https://github.com/Mergifyio/mergify/discussions/5088
Signed-off-by: Niels de Vos <ndevos@ibm.com>
There is no need to run the `test-retest-action` GitHub Workflow if
there are no changes under the `actions/retest` directory.
Signed-off-by: Niels de Vos <ndevos@redhat.com>
Currently commitlint is only skipped for PR at the time dependabot
creates them. Once Mergify rebases them, commitlint is started anyway.
This causes failed CI runs, which then need to be ignored. It is cleaner
to not run commitlint on any PR that dependabot owns.
Signed-off-by: Niels de Vos <ndevos@redhat.com>
Once the comments have been added, the `ok-to-test` label can be
removed. This makes it possible to simplify the Mergify configuration.
Signed-off-by: Niels de Vos <ndevos@redhat.com>
as per the documentation `""` has to be mentioned for the schedule
interval value field. This commit ensures it and make it consistent.
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
As we have successful runs with kubernetes
1.25 Marking is as default for CI jobs and
required for merging PR.
Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
As we need to test with last 3 Kubernetes
releases removing Kubernetes 1.22
as we have 1.23, 1.24 and 1.25
Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
based on the discussion on the slack
channel. we are adding a github action
to trigger the CI jobs when a ok-to-test
label is added on the PR.
This action is based on below github action
https://github.com/peter-evans/create-or-update-comment
Sample Demo avaiable at
https://github.com/Madhu-1/
\label-commentor-action-testing/pull/4
Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
Currently, we use the Ubuntu 18.04 actions runner
for stale job. This runner will be deprecated
and removed in the beginning of Dec.
So should change the runner to use latest ubuntu.
Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
Dependency Review GitHub Action in your repository to enforce dependency
reviews on your pull requests.
Signed-off-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
If the `ci/skip/multi-arch-build` label is set on a PR, the GitHub
Workflow only builds for the local architecture. This makes it possible
to merge PRs faster.
Signed-off-by: Niels de Vos <ndevos@redhat.com>
Commitlint fails with errors like:
```
git fetch -v origin devel
fatal: unsafe repository ('/go/src/github.com/ceph/ceph-csi' is owned by
someone else)
To add an exception for this directory, call:
git config --global --add safe.directory /go/src/github.com/ceph/ceph-csi
make: *** [Makefile:153: commitlint] Error 128
```
By not setting the option with actions/checkout@v3, the error should not
happen anymore.
Signed-off-by: Niels de Vos <ndevos@redhat.com>
For retest action's comment `@Mergifyio refresh`
to be accepted by mergifyio,
the bot should have write permissions to the repo.
Therefore, use Ceph-csi-bot instead of github actions
bot.
Signed-off-by: Rakshith R <rar@redhat.com>
Adding actions/retest to the dependabot configuration makes sure all
vendored packages will get updated when new releases are available.
Signed-off-by: Niels de Vos <ndevos@redhat.com>
When dependabot creates a PR, and an other gets merged, the bot
automatically triggers a rebase. This will drop any approvals, causing
delays in the review/merge process.
The project uses Mergify to automatically rebase when needed, and
approvals are retained when Mergify rebases PR. By disabling the
auto-rebasing done by dependabot, fewer rebases should be needed,
contributors only need to review once, and CI jobs are triggered less
often.
Signed-off-by: Niels de Vos <ndevos@redhat.com>
The commit messages that Dependabot (@app/dependabot) creates are not
always accepted by the commitlint check. The configuration for
dependabot does not give a lot of options to customize the message, so
instead of adjusting the message to pass commitlint, just skip the check
(Mergify does not require commitlint status either).
See-also: #2460
Signed-off-by: Niels de Vos <ndevos@redhat.com>
These dependencies are pulled in by k8s.io/kubernetes with version
v0.0.0. It is therefore required to use 'replace' in go.mod to select a
compatible version of the additional k8s.io packages.
Dependabot does not seem to update packages listed in 'replace', only
under 'require'. That means, the version updates done by Dependabot do
not have any effect, as the contents is replaced with a different
version anyway. Ignoring these packages prevents the creation of
non-functional PRs.
Signed-off-by: Niels de Vos <ndevos@redhat.com>
added github action to check for the
stale issues and PRs. the action will
get scheduled everydata at 21:00 UTC.
Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
This commit removes the stale bot
configration as stale bot repo is not actively
maintained anymore.
Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
disabling push artifacts github action on the
fork repos as it doesnot makes sense to run push
actions on the fork repo.
Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
currently git commit of the helm charts to
csi-chart repo is failing with below error
```
Author identity unknown
*** Please tell me who you are.
Run
git config --global user.email "you@example.com"
git config --global user.name "Your Name"
to set your account's default identity.
Omit --global to set the identity only in this repository.
```
this commit add git config for bot user.
Note:- used ceph.io in github secrets for the bot user
email and its not a valid email id and am also
looking for suggestion if anyone as.
Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
GITHUB_TOKEN is auto generated for cephcsi repo
and it cannot be used to push helm charts to
different repo. added new secret CEPH_CSI_BOT_TOKEN
to push helm charts.
Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
As Travis CI `https://travis-ci.org/` is getting
shutdown date on June 15th. Either we need to move
to new place https://www.travis-ci.com/ or we can
switch to github action to push image and the helm
charts when a PR is merged.
fixes: #1781
Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
GitHub Actions include a merge commit for the PR, which will defeat the
commitlint checking of all the commits inside the PR (only the merge
commit is checked).
Signed-off-by: Niels de Vos <ndevos@redhat.com>
currently github action are getting trigerred for
both pull and push request, this commits removes the
action for push events.
Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
By placing the common bot commands and their description in the PR
template, developers are reminded on their usage. The idea comes from
the Ceph project where this is done too.
Signed-off-by: Niels de Vos <ndevos@redhat.com>
This configuration enforces the format of commits that are part of a
Pull Request. The title of the PR can be checked as well, that will not
be required for now.
The format of a subject of all commit messages needs to be:
<component>: <description>
For example:
ci: add configuration for "Semantic Pull Request" bot
The valid components in the commit message are listed in the
.github/semantic.yaml file as 'types'.
See-also: https://github.com/zeke/semantic-pull-requests#semantic-pull-requests
See-also: https://www.conventionalcommits.org
Signed-off-by: Niels de Vos <ndevos@redhat.com>
The rules are defined here which could enable stale bot.
Additional Ref# https://probot.github.io/apps/stale/
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>