Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ci: add gosec for golang security scanning #4468

Open
wants to merge 1 commit into
base: devel
Choose a base branch
from

ci: add gosec for golang security scanning

c821aea
Select commit
Loading
Failed to load commit list.
Open

ci: add gosec for golang security scanning #4468

ci: add gosec for golang security scanning
c821aea
Select commit
Loading
Failed to load commit list.
Mergify / Summary succeeded May 2, 2024 in 6s

2 rules match and 18 potential rules

Rule: start CI jobs for PRs in the merge queue (label)

  • any of:
    • author=mergify[bot]
    • check-pending=Queue: Embarked in merge train
  • base~=^(devel)|(release-.+)$
  • label!=conflicts
  • not:
    • all of:
      • check-pending~=^ci/centos
  • not:
    • all of:
      • status-success~=^ci/centos

✅ Rule: remove outdated approvals (dismiss_reviews)

  • base~=^(devel)|(release-.+)$

Rule: ask to resolve conflict (comment)

  • conflict
  • author!=dependabot[bot]

Rule: dismiss review of merged pull request (dismiss_reviews)

  • merged
  • base~=^(devel)|(release-.+)$

Rule: automatic merge (queue)

  • any of:
    • all of:
      • #approved-reviews-by>=2
      • approved-reviews-by=@ceph/ceph-csi-contributors
      • approved-reviews-by=@ceph/ceph-csi-maintainers
      • base~=^(release-.+)$
      • status-success=ci/centos/k8s-e2e-external-storage/1.27
      • status-success=ci/centos/k8s-e2e-external-storage/1.28
      • status-success=ci/centos/k8s-e2e-external-storage/1.29
      • status-success=ci/centos/k8s-e2e-external-storage/1.30
      • status-success=ci/centos/mini-e2e-helm/k8s-1.27
      • status-success=ci/centos/mini-e2e-helm/k8s-1.28
      • status-success=ci/centos/mini-e2e-helm/k8s-1.29
      • status-success=ci/centos/mini-e2e-helm/k8s-1.30
      • status-success=ci/centos/mini-e2e/k8s-1.27
      • status-success=ci/centos/mini-e2e/k8s-1.28
      • status-success=ci/centos/mini-e2e/k8s-1.29
      • status-success=ci/centos/mini-e2e/k8s-1.30
      • status-success=ci/centos/upgrade-tests-cephfs
      • status-success=ci/centos/upgrade-tests-rbd
      • status-success=lint-extras
      • #changes-requested-reviews-by=0
      • label!=DNM
      • status-success=DCO
      • status-success=codespell
      • status-success=commitlint
      • status-success=go-test
      • status-success=golangci-lint
      • status-success=mod-check
      • status-success=multi-arch-build
    • all of:
      • #approved-reviews-by>=2
      • approved-reviews-by=@ceph/ceph-csi-contributors
      • approved-reviews-by=@ceph/ceph-csi-maintainers
      • base=release-v3.10
      • status-success=ci/centos/k8s-e2e-external-storage/1.26
      • status-success=ci/centos/k8s-e2e-external-storage/1.27
      • status-success=ci/centos/k8s-e2e-external-storage/1.28
      • status-success=ci/centos/mini-e2e-helm/k8s-1.26
      • status-success=ci/centos/mini-e2e-helm/k8s-1.27
      • status-success=ci/centos/mini-e2e-helm/k8s-1.28
      • status-success=ci/centos/mini-e2e/k8s-1.26
      • status-success=ci/centos/mini-e2e/k8s-1.27
      • status-success=ci/centos/mini-e2e/k8s-1.28
      • status-success=ci/centos/upgrade-tests-cephfs
      • status-success=ci/centos/upgrade-tests-rbd
      • status-success=lint-extras
      • #changes-requested-reviews-by=0
      • label!=DNM
      • status-success=DCO
      • status-success=codespell
      • status-success=commitlint
      • status-success=go-test
      • status-success=golangci-lint
      • status-success=mod-check
      • status-success=multi-arch-build
    • all of:
      • #approved-reviews-by>=2
      • approved-reviews-by=@ceph/ceph-csi-contributors
      • approved-reviews-by=@ceph/ceph-csi-maintainers
      • status-success=ci/centos/k8s-e2e-external-storage/1.27
      • status-success=ci/centos/k8s-e2e-external-storage/1.28
      • status-success=ci/centos/k8s-e2e-external-storage/1.29
      • status-success=ci/centos/k8s-e2e-external-storage/1.30
      • status-success=ci/centos/mini-e2e-helm/k8s-1.27
      • status-success=ci/centos/mini-e2e-helm/k8s-1.28
      • status-success=ci/centos/mini-e2e-helm/k8s-1.29
      • status-success=ci/centos/mini-e2e-helm/k8s-1.30
      • status-success=ci/centos/mini-e2e/k8s-1.27
      • status-success=ci/centos/mini-e2e/k8s-1.28
      • status-success=ci/centos/mini-e2e/k8s-1.29
      • status-success=ci/centos/mini-e2e/k8s-1.30
      • status-success=ci/centos/upgrade-tests-cephfs
      • status-success=ci/centos/upgrade-tests-rbd
      • status-success=lint-extras
      • #changes-requested-reviews-by=0
      • base=devel
      • label!=DNM
      • status-success=DCO
      • status-success=codespell
      • status-success=commitlint
      • status-success=go-test
      • status-success=golangci-lint
      • status-success=mod-check
      • status-success=multi-arch-build
  • any of: [🔀 queue conditions]
    • all of: [📌 queue conditions of queue default]
      • #approved-reviews-by>=2 [🛡 GitHub branch protection]
      • #changes-requested-reviews-by=0 [🛡 GitHub branch protection]
  • -draft [📌 queue requirement]
  • any of: [📌 queue -> configuration change requirements]
    • -mergify-configuration-changed
    • check-success=Configuration changed

Rule: automatic merge (delete_head_branch)

  • closed [📌 delete_head_branch requirement]
  • any of:
    • all of:
      • #approved-reviews-by>=2
      • approved-reviews-by=@ceph/ceph-csi-contributors
      • approved-reviews-by=@ceph/ceph-csi-maintainers
      • base~=^(release-.+)$
      • status-success=ci/centos/k8s-e2e-external-storage/1.27
      • status-success=ci/centos/k8s-e2e-external-storage/1.28
      • status-success=ci/centos/k8s-e2e-external-storage/1.29
      • status-success=ci/centos/k8s-e2e-external-storage/1.30
      • status-success=ci/centos/mini-e2e-helm/k8s-1.27
      • status-success=ci/centos/mini-e2e-helm/k8s-1.28
      • status-success=ci/centos/mini-e2e-helm/k8s-1.29
      • status-success=ci/centos/mini-e2e-helm/k8s-1.30
      • status-success=ci/centos/mini-e2e/k8s-1.27
      • status-success=ci/centos/mini-e2e/k8s-1.28
      • status-success=ci/centos/mini-e2e/k8s-1.29
      • status-success=ci/centos/mini-e2e/k8s-1.30
      • status-success=ci/centos/upgrade-tests-cephfs
      • status-success=ci/centos/upgrade-tests-rbd
      • status-success=lint-extras
      • #changes-requested-reviews-by=0
      • label!=DNM
      • status-success=DCO
      • status-success=codespell
      • status-success=commitlint
      • status-success=go-test
      • status-success=golangci-lint
      • status-success=mod-check
      • status-success=multi-arch-build
    • all of:
      • #approved-reviews-by>=2
      • approved-reviews-by=@ceph/ceph-csi-contributors
      • approved-reviews-by=@ceph/ceph-csi-maintainers
      • base=release-v3.10
      • status-success=ci/centos/k8s-e2e-external-storage/1.26
      • status-success=ci/centos/k8s-e2e-external-storage/1.27
      • status-success=ci/centos/k8s-e2e-external-storage/1.28
      • status-success=ci/centos/mini-e2e-helm/k8s-1.26
      • status-success=ci/centos/mini-e2e-helm/k8s-1.27
      • status-success=ci/centos/mini-e2e-helm/k8s-1.28
      • status-success=ci/centos/mini-e2e/k8s-1.26
      • status-success=ci/centos/mini-e2e/k8s-1.27
      • status-success=ci/centos/mini-e2e/k8s-1.28
      • status-success=ci/centos/upgrade-tests-cephfs
      • status-success=ci/centos/upgrade-tests-rbd
      • status-success=lint-extras
      • #changes-requested-reviews-by=0
      • label!=DNM
      • status-success=DCO
      • status-success=codespell
      • status-success=commitlint
      • status-success=go-test
      • status-success=golangci-lint
      • status-success=mod-check
      • status-success=multi-arch-build
    • all of:
      • #approved-reviews-by>=2
      • approved-reviews-by=@ceph/ceph-csi-contributors
      • approved-reviews-by=@ceph/ceph-csi-maintainers
      • status-success=ci/centos/k8s-e2e-external-storage/1.27
      • status-success=ci/centos/k8s-e2e-external-storage/1.28
      • status-success=ci/centos/k8s-e2e-external-storage/1.29
      • status-success=ci/centos/k8s-e2e-external-storage/1.30
      • status-success=ci/centos/mini-e2e-helm/k8s-1.27
      • status-success=ci/centos/mini-e2e-helm/k8s-1.28
      • status-success=ci/centos/mini-e2e-helm/k8s-1.29
      • status-success=ci/centos/mini-e2e-helm/k8s-1.30
      • status-success=ci/centos/mini-e2e/k8s-1.27
      • status-success=ci/centos/mini-e2e/k8s-1.28
      • status-success=ci/centos/mini-e2e/k8s-1.29
      • status-success=ci/centos/mini-e2e/k8s-1.30
      • status-success=ci/centos/upgrade-tests-cephfs
      • status-success=ci/centos/upgrade-tests-rbd
      • status-success=lint-extras
      • #changes-requested-reviews-by=0
      • base=devel
      • label!=DNM
      • status-success=DCO
      • status-success=codespell
      • status-success=commitlint
      • status-success=go-test
      • status-success=golangci-lint
      • status-success=mod-check
      • status-success=multi-arch-build

Rule: backport patches to release-v3.10 branch (backport)

  • label=backport-to-release-v3.10
  • merged [📌 backport requirement]
  • base=devel

Rule: backport patches to release-v3.11 branch (backport)

  • label=backport-to-release-v3.11
  • merged [📌 backport requirement]
  • base=devel

Rule: title contains DNM (label)

  • title~=DNM

Rule: title contains CephFS (label)

  • title~=cephfs:

Rule: title contains NFS (label)

  • title~=nfs:

Rule: title contains RBD (label)

  • title~=rbd:

✅ Rule: title contains CI, testing or e2e (label)

  • title~=(ci: )|(testing: )|(e2e)

Rule: title contains Helm (label)

  • title~=helm

Rule: title contains rebase (label)

  • title~=rebase:

Rule: title contains build (label)

  • title~=build:

Rule: title indicates a bug fix (label)

  • title~=(bug)|(fix)

Rule: title contains cleanup (label)

  • title~=cleanup:

Rule: title contains doc (label)

  • title~=doc:

Rule: title contains Mergify (label)

  • title~=(?i)mergify

💖  Mergify is proud to provide this service for free to open source projects.

🚀  You can help us by becoming a sponsor!


9 not applicable rules

Rule: update dependencies by dependabot (skip commitlint) (queue)

  • #approved-reviews-by>=2
  • approved-reviews-by=@ceph/ceph-csi-contributors
  • approved-reviews-by=@ceph/ceph-csi-maintainers
  • author=dependabot[bot]
  • status-success=ci/centos/k8s-e2e-external-storage/1.27
  • status-success=ci/centos/k8s-e2e-external-storage/1.28
  • status-success=ci/centos/k8s-e2e-external-storage/1.29
  • status-success=ci/centos/k8s-e2e-external-storage/1.30
  • status-success=ci/centos/mini-e2e-helm/k8s-1.27
  • status-success=ci/centos/mini-e2e-helm/k8s-1.28
  • status-success=ci/centos/mini-e2e-helm/k8s-1.29
  • status-success=ci/centos/mini-e2e-helm/k8s-1.30
  • status-success=ci/centos/mini-e2e/k8s-1.27
  • status-success=ci/centos/mini-e2e/k8s-1.28
  • status-success=ci/centos/mini-e2e/k8s-1.29
  • status-success=ci/centos/mini-e2e/k8s-1.30
  • status-success=ci/centos/upgrade-tests-cephfs
  • status-success=ci/centos/upgrade-tests-rbd
  • status-success=lint-extras
  • any of: [🔀 queue conditions]
    • all of: [📌 queue conditions of queue default]
      • #approved-reviews-by>=2 [🛡 GitHub branch protection]
      • #changes-requested-reviews-by=0 [🛡 GitHub branch protection]
  • #changes-requested-reviews-by=0
  • -draft [📌 queue requirement]
  • base=devel
  • label!=DNM
  • status-success=DCO
  • status-success=codespell
  • status-success=go-test
  • status-success=golangci-lint
  • status-success=mod-check
  • status-success=multi-arch-build
  • any of: [📌 queue -> configuration change requirements]
    • -mergify-configuration-changed
    • check-success=Configuration changed

Rule: update dependencies by dependabot (skip commitlint) (delete_head_branch)

  • #approved-reviews-by>=2
  • approved-reviews-by=@ceph/ceph-csi-contributors
  • approved-reviews-by=@ceph/ceph-csi-maintainers
  • author=dependabot[bot]
  • closed [📌 delete_head_branch requirement]
  • status-success=ci/centos/k8s-e2e-external-storage/1.27
  • status-success=ci/centos/k8s-e2e-external-storage/1.28
  • status-success=ci/centos/k8s-e2e-external-storage/1.29
  • status-success=ci/centos/k8s-e2e-external-storage/1.30
  • status-success=ci/centos/mini-e2e-helm/k8s-1.27
  • status-success=ci/centos/mini-e2e-helm/k8s-1.28
  • status-success=ci/centos/mini-e2e-helm/k8s-1.29
  • status-success=ci/centos/mini-e2e-helm/k8s-1.30
  • status-success=ci/centos/mini-e2e/k8s-1.27
  • status-success=ci/centos/mini-e2e/k8s-1.28
  • status-success=ci/centos/mini-e2e/k8s-1.29
  • status-success=ci/centos/mini-e2e/k8s-1.30
  • status-success=ci/centos/upgrade-tests-cephfs
  • status-success=ci/centos/upgrade-tests-rbd
  • status-success=lint-extras
  • #changes-requested-reviews-by=0
  • base=devel
  • label!=DNM
  • status-success=DCO
  • status-success=codespell
  • status-success=go-test
  • status-success=golangci-lint
  • status-success=mod-check
  • status-success=multi-arch-build

Rule: automatic merge PR having ready-to-merge label (queue)

  • any of:
    • all of:
      • approved-reviews-by=@ceph/ceph-csi-maintainers
      • base~=^(release-.+)$
      • label=ready-to-merge
      • status-success=ci/centos/k8s-e2e-external-storage/1.27
      • status-success=ci/centos/k8s-e2e-external-storage/1.28
      • status-success=ci/centos/k8s-e2e-external-storage/1.29
      • status-success=ci/centos/k8s-e2e-external-storage/1.30
      • status-success=ci/centos/mini-e2e-helm/k8s-1.27
      • status-success=ci/centos/mini-e2e-helm/k8s-1.28
      • status-success=ci/centos/mini-e2e-helm/k8s-1.29
      • status-success=ci/centos/mini-e2e-helm/k8s-1.30
      • status-success=ci/centos/mini-e2e/k8s-1.27
      • status-success=ci/centos/mini-e2e/k8s-1.28
      • status-success=ci/centos/mini-e2e/k8s-1.29
      • status-success=ci/centos/mini-e2e/k8s-1.30
      • status-success=ci/centos/upgrade-tests-cephfs
      • status-success=ci/centos/upgrade-tests-rbd
      • status-success=lint-extras
      • #changes-requested-reviews-by=0
      • label!=DNM
      • status-success=DCO
      • status-success=codespell
      • status-success=commitlint
      • status-success=go-test
      • status-success=golangci-lint
      • status-success=mod-check
      • status-success=multi-arch-build
    • all of:
      • approved-reviews-by=@ceph/ceph-csi-maintainers
      • base=release-v3.10
      • label=ready-to-merge
      • status-success=ci/centos/k8s-e2e-external-storage/1.26
      • status-success=ci/centos/k8s-e2e-external-storage/1.27
      • status-success=ci/centos/k8s-e2e-external-storage/1.28
      • status-success=ci/centos/mini-e2e-helm/k8s-1.26
      • status-success=ci/centos/mini-e2e-helm/k8s-1.27
      • status-success=ci/centos/mini-e2e-helm/k8s-1.28
      • status-success=ci/centos/mini-e2e/k8s-1.26
      • status-success=ci/centos/mini-e2e/k8s-1.27
      • status-success=ci/centos/mini-e2e/k8s-1.28
      • status-success=ci/centos/upgrade-tests-cephfs
      • status-success=ci/centos/upgrade-tests-rbd
      • status-success=lint-extras
      • #changes-requested-reviews-by=0
      • label!=DNM
      • status-success=DCO
      • status-success=codespell
      • status-success=commitlint
      • status-success=go-test
      • status-success=golangci-lint
      • status-success=mod-check
      • status-success=multi-arch-build
  • any of: [🔀 queue conditions]
    • all of: [📌 queue conditions of queue default]
      • #approved-reviews-by>=2 [🛡 GitHub branch protection]
      • #changes-requested-reviews-by=0 [🛡 GitHub branch protection]
  • -draft [📌 queue requirement]
  • any of: [📌 queue -> configuration change requirements]
    • -mergify-configuration-changed
    • check-success=Configuration changed

Rule: automatic merge PR having ready-to-merge label (delete_head_branch)

  • closed [📌 delete_head_branch requirement]
  • any of:
    • all of:
      • approved-reviews-by=@ceph/ceph-csi-maintainers
      • base~=^(release-.+)$
      • label=ready-to-merge
      • status-success=ci/centos/k8s-e2e-external-storage/1.27
      • status-success=ci/centos/k8s-e2e-external-storage/1.28
      • status-success=ci/centos/k8s-e2e-external-storage/1.29
      • status-success=ci/centos/k8s-e2e-external-storage/1.30
      • status-success=ci/centos/mini-e2e-helm/k8s-1.27
      • status-success=ci/centos/mini-e2e-helm/k8s-1.28
      • status-success=ci/centos/mini-e2e-helm/k8s-1.29
      • status-success=ci/centos/mini-e2e-helm/k8s-1.30
      • status-success=ci/centos/mini-e2e/k8s-1.27
      • status-success=ci/centos/mini-e2e/k8s-1.28
      • status-success=ci/centos/mini-e2e/k8s-1.29
      • status-success=ci/centos/mini-e2e/k8s-1.30
      • status-success=ci/centos/upgrade-tests-cephfs
      • status-success=ci/centos/upgrade-tests-rbd
      • status-success=lint-extras
      • #changes-requested-reviews-by=0
      • label!=DNM
      • status-success=DCO
      • status-success=codespell
      • status-success=commitlint
      • status-success=go-test
      • status-success=golangci-lint
      • status-success=mod-check
      • status-success=multi-arch-build
    • all of:
      • approved-reviews-by=@ceph/ceph-csi-maintainers
      • base=release-v3.10
      • label=ready-to-merge
      • status-success=ci/centos/k8s-e2e-external-storage/1.26
      • status-success=ci/centos/k8s-e2e-external-storage/1.27
      • status-success=ci/centos/k8s-e2e-external-storage/1.28
      • status-success=ci/centos/mini-e2e-helm/k8s-1.26
      • status-success=ci/centos/mini-e2e-helm/k8s-1.27
      • status-success=ci/centos/mini-e2e-helm/k8s-1.28
      • status-success=ci/centos/mini-e2e/k8s-1.26
      • status-success=ci/centos/mini-e2e/k8s-1.27
      • status-success=ci/centos/mini-e2e/k8s-1.28
      • status-success=ci/centos/upgrade-tests-cephfs
      • status-success=ci/centos/upgrade-tests-rbd
      • status-success=lint-extras
      • #changes-requested-reviews-by=0
      • label!=DNM
      • status-success=DCO
      • status-success=codespell
      • status-success=commitlint
      • status-success=go-test
      • status-success=golangci-lint
      • status-success=mod-check
      • status-success=multi-arch-build

Rule: remove outdated approvals on ci/centos (dismiss_reviews)

  • base=ci/centos

Rule: automatic merge on ci/centos (queue)

  • #approved-reviews-by>=2
  • approved-reviews-by=@ceph/ceph-csi-contributors
  • approved-reviews-by=@ceph/ceph-csi-maintainers
  • base=ci/centos
  • status-success=ci/centos/jjb-validate
  • status-success=ci/centos/job-validation
  • any of: [🔀 queue conditions]
    • all of: [📌 queue conditions of queue default]
      • #approved-reviews-by>=2 [🛡 GitHub branch protection]
      • #changes-requested-reviews-by=0 [🛡 GitHub branch protection]
  • #changes-requested-reviews-by=0
  • -draft [📌 queue requirement]
  • label!=DNM
  • status-success=DCO
  • any of: [📌 queue -> configuration change requirements]
    • -mergify-configuration-changed
    • check-success=Configuration changed

Rule: automatic merge on ci/centos (delete_head_branch)

  • #approved-reviews-by>=2
  • approved-reviews-by=@ceph/ceph-csi-contributors
  • approved-reviews-by=@ceph/ceph-csi-maintainers
  • base=ci/centos
  • closed [📌 delete_head_branch requirement]
  • status-success=ci/centos/jjb-validate
  • status-success=ci/centos/job-validation
  • #changes-requested-reviews-by=0
  • label!=DNM
  • status-success=DCO

Rule: automatic merge PR having ready-to-merge label on ci/centos (queue)

  • approved-reviews-by=@ceph/ceph-csi-maintainers
  • base=ci/centos
  • label=ready-to-merge
  • status-success=ci/centos/jjb-validate
  • status-success=ci/centos/job-validation
  • any of: [🔀 queue conditions]
    • all of: [📌 queue conditions of queue default]
      • #approved-reviews-by>=2 [🛡 GitHub branch protection]
      • #changes-requested-reviews-by=0 [🛡 GitHub branch protection]
  • #changes-requested-reviews-by=0
  • -draft [📌 queue requirement]
  • label!=DNM
  • status-success=DCO
  • any of: [📌 queue -> configuration change requirements]
    • -mergify-configuration-changed
    • check-success=Configuration changed

Rule: automatic merge PR having ready-to-merge label on ci/centos (delete_head_branch)

  • approved-reviews-by=@ceph/ceph-csi-maintainers
  • base=ci/centos
  • closed [📌 delete_head_branch requirement]
  • label=ready-to-merge
  • status-success=ci/centos/jjb-validate
  • status-success=ci/centos/job-validation
  • #changes-requested-reviews-by=0
  • label!=DNM
  • status-success=DCO
Mergify commands and options

More conditions and actions can be found in the documentation.

You can also trigger Mergify actions by commenting on this pull request:

  • @Mergifyio refresh will re-evaluate the rules
  • @Mergifyio rebase will rebase this PR on its base branch
  • @Mergifyio update will merge the base branch into this PR
  • @Mergifyio backport <destination> will backport this PR on <destination> branch

Additionally, on Mergify dashboard you can:

  • look at your merge queues
  • generate the Mergify configuration with the config editor.

Finally, you can contact us on https://mergify.com