Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(KONFLUX-3663): format PipelineRun files and upload SAST results #2413

Open
wants to merge 2 commits into
base: mce-2.5
Choose a base branch
from

Conversation

ccronca
Copy link

@ccronca ccronca commented Aug 12, 2024

This update configures the SAST task to upload SARIF results to quay.io for long-term storage

Please note that this PR was automatically generated and may include unrelated changes due to automatic YAML formatting performed by yq
The YAML files will be indented using 2 spaces, if the YAML file uses indentationless list the automation will try to keep this format

The PR contains two separate commits:

  1. Format YAML files: Ensures consistent indentation and formatting of the YAML files
  2. Upload SAST results: Configures the PipelineRun files to enable uploading SARIF results to quay.io

Separating these changes into two commits simplifies the review process. The first commit focuses on indentation and formatting, while the second commit contains the semantic changes

Related:

Format PipelineRun files with yq for consistent indentation and format

Signed-off-by: ccronca <[email protected]>
Configure the SAST task to upload SARIF results to quay.io for
long-term storage

Signed-off-by: ccronca <[email protected]>
@openshift-ci openshift-ci bot added the needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. label Aug 12, 2024
Copy link
Contributor

openshift-ci bot commented Aug 12, 2024

Hi @ccronca. Thanks for your PR.

I'm waiting for a openshift member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@openshift-ci openshift-ci bot requested review from 2uasimojo and dlom August 12, 2024 15:56
@2uasimojo
Copy link
Member

/ok-to-test
/approve
/assign @celebdor

@openshift-ci openshift-ci bot added ok-to-test Indicates a non-member PR verified by an org member that is safe to test. and removed needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Aug 12, 2024
Copy link
Contributor

openshift-ci bot commented Aug 12, 2024

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: 2uasimojo, ccronca

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Aug 12, 2024
@ccronca
Copy link
Author

ccronca commented Aug 13, 2024

/retest

@ccronca
Copy link
Author

ccronca commented Aug 13, 2024

@2uasimojo It looks like some security tests are failing, but they don't seem related to my change

@2uasimojo
Copy link
Member

@2uasimojo It looks like some security tests are failing, but they don't seem related to my change

Yeah, that’s being addressed via #2387 – though it’s not going particularly well 😬

In any case, not part of this issue.

/override ci/prow/security

Copy link
Contributor

openshift-ci bot commented Aug 13, 2024

@2uasimojo: Overrode contexts on behalf of 2uasimojo: ci/prow/security

In response to this:

@2uasimojo It looks like some security tests are failing, but they don't seem related to my change

Yeah, that’s being addressed via #2387 – though it’s not going particularly well 😬

In any case, not part of this issue.

/override ci/prow/security

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

Copy link
Contributor

openshift-ci bot commented Aug 13, 2024

@ccronca: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/security 31ab29f link true /test security

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@ccronca
Copy link
Author

ccronca commented Aug 13, 2024

@2uasimojo Btw, it looks like the hive-mce-25-on-pull-request check is failing. The issue seems to be with the clamav-scan task validation. I believe the image for this taskref bundle needs to be updated. This thread has some information about it

@2uasimojo
Copy link
Member

@celebdor really needs to weigh in there. ISTR him talking about ripping konflux out of 2.5 anyway...?

@openshift-bot
Copy link

Issues go stale after 90d of inactivity.

Mark the issue as fresh by commenting /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
Exclude this issue from closing by commenting /lifecycle frozen.

If this issue is safe to close now please do so with /close.

/lifecycle stale

@openshift-ci openshift-ci bot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Nov 12, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. ok-to-test Indicates a non-member PR verified by an org member that is safe to test.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants