Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ci: add snyk for container image #4261

Merged
merged 1 commit into from
Nov 16, 2023
Merged

ci: add snyk for container image #4261

merged 1 commit into from
Nov 16, 2023

Conversation

Madhu-1
Copy link
Collaborator

@Madhu-1 Madhu-1 commented Nov 16, 2023

adding a GitHub action to do security scanning for the cephcsi docker image

@Madhu-1 Madhu-1 added component/testing Additional test cases or CI work WIP This PR still in work-in-progress ci/skip/e2e skip running e2e CI jobs ci/skip/multi-arch-build skip building on multiple architectures labels Nov 16, 2023
@Madhu-1
Copy link
Collaborator Author

Madhu-1 commented Nov 16, 2023

Testing PR, will update the PR to run it weekly and on release/tag once testing is done.

@Madhu-1 Madhu-1 added the DNM DO NOT MERGE label Nov 16, 2023
@Madhu-1
Copy link
Collaborator Author

Madhu-1 commented Nov 16, 2023

For secrets stored at the environment level, you can enable required reviewers to control access to the secrets. A workflow job cannot access environment secrets until approval is granted by required approvers.

@nixpanic @Rakshith-R can someone place approval which is required to access secret in this action?

nixpanic
nixpanic previously approved these changes Nov 16, 2023
View reviewed changes
Copy link
Member

@nixpanic nixpanic left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved for testing

@nixpanic
Copy link
Member

Approved for testing

Restarted the job, see https://github.com/ceph/ceph-csi/actions/runs/6887739362/job/18736026287

@mergify mergify bot dismissed nixpanic’s stale review November 16, 2023 08:26

Pull request has been modified.

@Madhu-1 Madhu-1 removed DNM DO NOT MERGE WIP This PR still in work-in-progress labels Nov 16, 2023
@Madhu-1
Copy link
Collaborator Author

Madhu-1 commented Nov 16, 2023

Ci job ran but github doesnt allow us to use the secret in the pull request.

@Madhu-1 Madhu-1 requested review from nixpanic and a team November 16, 2023 08:33
yati1998
yati1998 previously approved these changes Nov 16, 2023
View reviewed changes
@Madhu-1
ci: add snyk for container image
e3f0e59 
adding a github action to do security
scanning for the cephcsi container image

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
@mergify mergify bot dismissed yati1998’s stale review November 16, 2023 09:02

Pull request has been modified.

@Madhu-1 Madhu-1 requested review from nixpanic and a team November 16, 2023 09:55
@Madhu-1
Copy link
Collaborator Author

Madhu-1 commented Nov 16, 2023

@Mergifyio queue

@mergify Mergify
Copy link
Contributor

mergify bot commented Nov 16, 2023
edited
Loading

queue

✅ The pull request has been merged automatically

The pull request has been merged automatically at 63f4887

@mergify mergify bot added the ok-to-test Label to trigger E2E tests label Nov 16, 2023
@ceph-csi-bot
Copy link
Collaborator

/test ci/centos/k8s-e2e-external-storage/1.26

@ceph-csi-bot
Copy link
Collaborator

/test ci/centos/upgrade-tests-cephfs

@ceph-csi-bot
Copy link
Collaborator

/test ci/centos/k8s-e2e-external-storage/1.27

@ceph-csi-bot
Copy link
Collaborator

/test ci/centos/mini-e2e-helm/k8s-1.26

@ceph-csi-bot
Copy link
Collaborator

/test ci/centos/k8s-e2e-external-storage/1.28

@ceph-csi-bot
Copy link
Collaborator

/test ci/centos/upgrade-tests-rbd

@ceph-csi-bot
Copy link
Collaborator

/test ci/centos/mini-e2e-helm/k8s-1.27

@ceph-csi-bot
Copy link
Collaborator

/test ci/centos/mini-e2e-helm/k8s-1.28

@ceph-csi-bot
Copy link
Collaborator

/test ci/centos/mini-e2e/k8s-1.26

@ceph-csi-bot
Copy link
Collaborator

/test ci/centos/mini-e2e/k8s-1.27

@ceph-csi-bot
Copy link
Collaborator

/test ci/centos/mini-e2e/k8s-1.28

@ceph-csi-bot ceph-csi-bot removed the ok-to-test Label to trigger E2E tests label Nov 16, 2023
@mergify mergify bot merged commit 63f4887 into ceph:devel Nov 16, 2023
34 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@riya-singhal31 riya-singhal31 riya-singhal31 approved these changes

@yati1998 yati1998 Awaiting requested review from yati1998

@nixpanic nixpanic Awaiting requested review from nixpanic

Assignees
No one assigned
Labels
ci/skip/e2e skip running e2e CI jobs ci/skip/multi-arch-build skip building on multiple architectures component/testing Additional test cases or CI work
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@Madhu-1 @nixpanic @ceph-csi-bot @yati1998 @riya-singhal31