Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

🌱 setup Trivy scanning for supported release branches #7874

Merged
merged 1 commit into from
Jan 12, 2023
Merged

🌱 setup Trivy scanning for supported release branches #7874

merged 1 commit into from
Jan 12, 2023

Conversation

ykakarap
Copy link
Contributor

@ykakarap ykakarap commented Jan 9, 2023

What this PR does / why we need it:

This PR adds Trivy scanning job to all supported release branches.

By default on: schedule jobs only run on the default branch. Copying this workflow to release branches does not trigger the job on the release branches.

Additional notes:
With this we can drop the scan.yaml files from the release branches to avoid confusion as they currently do not do anything.
scan.yaml was added in in the following PRs:

Which issue(s) this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged):
Fixes #

@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Jan 9, 2023
This was referenced Jan 9, 2023
Closed
Closed
@sbueringer
Copy link
Member

With this we can drop the scan.yaml files from the release branches to avoid confusion as they currently do not do anything.
scan.yaml was added in in the following PRs:

@ykakarap The jobs on the release branches are currently not doing anything, right?

I would probably just keep them there. Otherwise would the idea be that as soon as we branch away a release branch in the future we would have to delete the scan.yaml?

(we can still clean them up now if we want as they never worked, but if not necessary I would prefer to not making this a pattern going forward)

sbueringer
sbueringer reviewed Jan 10, 2023
View reviewed changes
@sbueringer
Copy link
Member

Thx for taking care of this, just a few nits

killianmuldoon
killianmuldoon approved these changes Jan 10, 2023
View reviewed changes
Copy link
Contributor

@killianmuldoon killianmuldoon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

(pending nits)

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jan 10, 2023
@k8s-ci-robot
Copy link
Contributor

LGTM label has been added.

Git tree hash: 8638434b09bedcca25b7cadaaeec26456f1c83f8

fabriziopandini
fabriziopandini reviewed Jan 10, 2023
View reviewed changes
@ykakarap ykakarap force-pushed the trivy-scan-release-branches branch from c93d489 to a21cd00 Compare January 11, 2023 01:47
@k8s-ci-robot k8s-ci-robot removed the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jan 11, 2023
@k8s-ci-robot k8s-ci-robot added size/S Denotes a PR that changes 10-29 lines, ignoring generated files. and removed size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Jan 11, 2023
@ykakarap
Copy link
Contributor Author

@ykakarap The jobs on the release branches are currently not doing anything, right?

Yes.

I would probably just keep them there. Otherwise would the idea be that as soon as we branch away a release branch in the future we would have to delete the scan.yaml?

Sounds good. Let's just keep them.

@sbueringer
Copy link
Member

/lgtm
/assign @fabriziopandini

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jan 11, 2023
@k8s-ci-robot
Copy link
Contributor

LGTM label has been added.

Git tree hash: cfdf8e4c01ed2c6565a3591cdff2866efeccc776

fabriziopandini
fabriziopandini reviewed Jan 11, 2023
View reviewed changes
Copy link
Member

@fabriziopandini fabriziopandini left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @ykakarap for tacking care of this, really appreciated!
/lgtm
/approve

@k8s-ci-robot k8s-ci-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Jan 11, 2023
@ykakarap ykakarap force-pushed the trivy-scan-release-branches branch from a21cd00 to 7fdc285 Compare January 11, 2023 23:47
@k8s-ci-robot k8s-ci-robot removed the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jan 11, 2023
@k8s-ci-robot k8s-ci-robot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Jan 11, 2023
@ykakarap
Copy link
Contributor Author

Rebased to resolve merge conflicts.

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jan 11, 2023
@sbueringer
Copy link
Member

/lgtm
/approve

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jan 12, 2023
@k8s-ci-robot
Copy link
Contributor

LGTM label has been added.

Git tree hash: 1204be7539dba4f86c895e9a3d365a3010cf207b

@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: fabriziopandini, sbueringer

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:
  • OWNERS [fabriziopandini,sbueringer]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot merged commit b3665e0 into kubernetes-sigs:main Jan 12, 2023
@k8s-ci-robot k8s-ci-robot added this to the v1.4 milestone Jan 12, 2023
@ykakarap
Copy link
Contributor Author

ykakarap commented Jan 17, 2023
edited
Loading

Update: Yesterdays scan ran on all three supported branches. The changes is working as desired.

https://github.com/kubernetes-sigs/cluster-api/actions/runs/3930140568

This was referenced Jul 13, 2023
Merged
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@stmcginnis stmcginnis Awaiting requested review from stmcginnis

@vincepri vincepri Awaiting requested review from vincepri

@killianmuldoon killianmuldoon Awaiting requested review from killianmuldoon

@fabriziopandini fabriziopandini Awaiting requested review from fabriziopandini

@sbueringer sbueringer Awaiting requested review from sbueringer

Assignees

@sbueringer sbueringer

@fabriziopandini fabriziopandini

@killianmuldoon killianmuldoon

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. size/S Denotes a PR that changes 10-29 lines, ignoring generated files.
Projects
None yet
Milestone
v1.4
Development

Successfully merging this pull request may close these issues.
5 participants
@ykakarap @sbueringer @k8s-ci-robot @fabriziopandini @killianmuldoon