ci: cleanup security checks #1492

sadlerap · 2023-08-28T19:22:20Z

Changes

This contains two improvements:

I misconfigured our periodic security checks back in 39908ed, and it wasn't caught in review. Turns out it was rather unnecessary with the checks we have in merge-to-master and merge-to-release-branch. The neutral checks we're seeing are caused by something else; I'll need to investigate to figure out what's going on.
Rather than waiting within the job itself, we can have the jobs for security checks get triggered when the push to quay is done in both the merge-to-master and merge-to-release-branch is done. It should save a few seconds during checks, and it means we won't have a runner waiting doing nothing.

/kind bug

Submitter Checklist

As the author of this PR, please check off the items in this checklist:

Docs
included if any changes are user facing
Tests
included if any functionality added or changed. For bugfixes please include tests that can catch regressions
All acceptance test scenarios included in the PR which verifies a bugfix or a requested feature reported by a non-member are tagged with @external-feedback tag.
Follows the commit message standard

This contains two improvements: - I misconfigured our periodic security checks back in 39908ed, and it wasn't caught in review. Turns out it was rather unnecessary with the checks we have in merge-to-master and merge-to-release-branch. The neutral checks we're seeing are caused by something else; I'll need to investigate to figure out what's going on. - Rather than waiting within the job itself, we can have the jobs for security checks get triggered when the push to quay is done in both the merge-to-master and merge-to-release-branch is done. It should save a few seconds during checks, and it means we won't have a runner waiting doing nothing. Signed-off-by: Andy Sadler <ansadler@redhat.com>

codecov · 2023-08-28T19:27:04Z

Codecov Report

Merging #1492 (3229764) into master (e66264b) will not change coverage.
The diff coverage is n/a.

Additional details and impacted files

@@           Coverage Diff           @@
##           master    #1492   +/-   ##
=======================================
  Coverage   58.16%   58.16%           
=======================================
  Files          35       35           
  Lines        3014     3014           
=======================================
  Hits         1753     1753           
  Misses       1093     1093           
  Partials      168      168

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update e66264b...3229764. Read the comment docs.

baijum · 2023-09-14T09:21:15Z

/lgtm
/approve

openshift-ci · 2023-09-14T09:21:26Z

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: baijum

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

~~OWNERS~~ [baijum]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

This contains two improvements: - I misconfigured our periodic security checks back in 39908ed, and it wasn't caught in review. Turns out it was rather unnecessary with the checks we have in merge-to-master and merge-to-release-branch. The neutral checks we're seeing are caused by something else; I'll need to investigate to figure out what's going on. - Rather than waiting within the job itself, we can have the jobs for security checks get triggered when the push to quay is done in both the merge-to-master and merge-to-release-branch is done. It should save a few seconds during checks, and it means we won't have a runner waiting doing nothing. Signed-off-by: Andy Sadler <ansadler@redhat.com>

This contains two improvements: - I misconfigured our periodic security checks back in 39908ed, and it wasn't caught in review. Turns out it was rather unnecessary with the checks we have in merge-to-master and merge-to-release-branch. The neutral checks we're seeing are caused by something else; I'll need to investigate to figure out what's going on. - Rather than waiting within the job itself, we can have the jobs for security checks get triggered when the push to quay is done in both the merge-to-master and merge-to-release-branch is done. It should save a few seconds during checks, and it means we won't have a runner waiting doing nothing. Signed-off-by: Andy Sadler <ansadler@redhat.com> Co-authored-by: Andy Sadler <ansadler@redhat.com>

sadlerap added the release/v1.4.x Used to mark PRs to be cherry-picked in release-v1.4.x branch label Aug 28, 2023

openshift-ci bot added the kind/bug Something isn't working label Aug 28, 2023

openshift-ci bot requested review from baijum and dperaza4dustbit August 28, 2023 19:22

github-actions bot added the acceptance-tests-skipped Marks PR that does not need to run the acceptance tests label Aug 28, 2023

openshift-ci bot assigned baijum Sep 14, 2023

openshift-ci bot added the lgtm label Sep 14, 2023

openshift-ci bot added the approved label Sep 14, 2023

openshift-merge-robot merged commit 1bc1c94 into redhat-developer:master Sep 14, 2023
19 checks passed

sadlerap deleted the update-security-checks branch September 22, 2023 15:39

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ci: cleanup security checks #1492

ci: cleanup security checks #1492

sadlerap commented Aug 28, 2023

codecov bot commented Aug 28, 2023 •

edited

Loading

baijum commented Sep 14, 2023

openshift-ci bot commented Sep 14, 2023

ci: cleanup security checks #1492

ci: cleanup security checks #1492

Conversation

sadlerap commented Aug 28, 2023

Changes

Submitter Checklist

codecov bot commented Aug 28, 2023 • edited Loading

Codecov Report

baijum commented Sep 14, 2023

openshift-ci bot commented Sep 14, 2023

codecov bot commented Aug 28, 2023 •

edited

Loading