ceph-csi/.github/workflows/pull-request-commentor.yaml
StepSecurity Bot 56d08e1b4d ci: Harden GitHub Actions
Update GitHub actions to use full length commit ids for
third-party actions to reduce security risk in case of vulnerabilities.

Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
Co-authored-by: Nikhil-Ladha <nikhilladha1999@gmail.com>
2024-09-19 11:00:39 +00:00

135 lines
4.5 KiB
YAML

---
name: Add comment
# yamllint disable-line rule:truthy
on:
pull_request_target:
branches:
- devel
- "release-v*"
types:
- labeled
permissions:
pull-requests: write
jobs:
branch-k8s-selection:
runs-on: ubuntu-latest
strategy:
matrix:
branch: [release-v3.11, release-v3.12, devel]
k8s: ["1.26", "1.27", "1.28", "1.29", "1.30", "1.31"]
exclude:
# Run only last 3 support releases on devel and 3.12
- k8s: "1.26"
branch: "release-v3.12"
- k8s: "1.26"
branch: "devel"
- k8s: "1.27"
branch: "release-v3.12"
- k8s: "1.27"
branch: "devel"
- k8s: "1.28"
branch: "release-v3.12"
- k8s: "1.28"
branch: "devel"
# Ceph-CSI <= 3.11 was released before Kubernetes 1.30
- k8s: "1.30"
branch: "release-v3.11"
# Ceph-CSI <= 3.11 was released before Kubernetes 1.31
- k8s: "1.31"
branch: "release-v3.11"
# watch out, matrix.branch can not be used in this if-statement :-/
if: >
(github.event.label.name == 'ok-to-test' &&
github.event.pull_request.merged != true)
steps:
- name: >
Add comment to trigger external storage tests for Kubernetes
${{ matrix.k8s }}
if: ${{ github.base_ref == matrix.branch }}
# yamllint disable-line rule:line-length
uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
with:
token: ${{ secrets.CEPH_CSI_BOT_TOKEN }}
issue-number: ${{ github.event.pull_request.number }}
body: |
/test ci/centos/k8s-e2e-external-storage/${{ matrix.k8s }}
- name: >
Add comment to trigger helm E2E tests for Kubernetes
${{ matrix.k8s }}
if: ${{ github.base_ref == matrix.branch }}
# yamllint disable-line rule:line-length
uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
with:
token: ${{ secrets.CEPH_CSI_BOT_TOKEN }}
issue-number: ${{ github.event.pull_request.number }}
body: |
/test ci/centos/mini-e2e-helm/k8s-${{ matrix.k8s }}
- name: Add comment to trigger E2E tests for Kubernetes ${{ matrix.k8s }}
# yamllint disable-line rule:line-length
uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
if: ${{ github.base_ref == matrix.branch }}
with:
token: ${{ secrets.CEPH_CSI_BOT_TOKEN }}
issue-number: ${{ github.event.pull_request.number }}
body: |
/test ci/centos/mini-e2e/k8s-${{ matrix.k8s }}
any-branch-k8s-version:
runs-on: ubuntu-latest
if: >
(github.event.label.name == 'ok-to-test' &&
github.event.pull_request.merged != true)
steps:
- name: Add comment to trigger cephfs upgrade tests
# yamllint disable-line rule:line-length
uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
with:
token: ${{ secrets.CEPH_CSI_BOT_TOKEN }}
issue-number: ${{ github.event.pull_request.number }}
body: |
/test ci/centos/upgrade-tests-cephfs
- name: Add comment to trigger rbd upgrade tests
# yamllint disable-line rule:line-length
uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
with:
token: ${{ secrets.CEPH_CSI_BOT_TOKEN }}
issue-number: ${{ github.event.pull_request.number }}
body: |
/test ci/centos/upgrade-tests-rbd
remove-label:
runs-on: ubuntu-latest
# run after the other jobs
needs:
- branch-k8s-selection
- any-branch-k8s-version
if: >
(github.event.label.name == 'ok-to-test' &&
github.event.pull_request.merged != true)
steps:
- name: remove ok-to-test-label after commenting
# yamllint disable-line rule:line-length
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
with:
github-token: ${{ secrets.CEPH_CSI_BOT_TOKEN }}
script: |
github.rest.issues.removeLabel({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
name: ["ok-to-test"]
})