Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ci: add snyk for security scanning #4259

Merged
merged 1 commit into from
Nov 16, 2023

ci: add snyk scanning

5108c0d
Select commit
Loading
Failed to load commit list.
Merged

ci: add snyk for security scanning #4259

ci: add snyk scanning
5108c0d
Select commit
Loading
Failed to load commit list.
Mergify / Summary succeeded Nov 16, 2023 in 2s

5 rules match and 17 potential rules

Rule: start CI jobs for PRs in the merge queue (label)

  • any of:
    • author=mergify[bot]
    • check-pending=Queue: Embarked in merge train
  • not:
    • status-success~=^ci/centos
  • base~=^(devel)|(release-.+)$
  • not:
    • check-pending~=^ci/centos

Rule: remove outdated approvals (dismiss_reviews)

  • base~=^(devel)|(release-.+)$

Rule: ask to resolve conflict (comment)

  • conflict
  • author!=dependabot[bot]

Rule: dismiss review of merged pull request (dismiss_reviews)

  • base~=^(devel)|(release-.+)$
  • merged

Rule: automatic merge (queue)

  • -draft [:pushpin: queue requirement]
  • -mergify-configuration-changed [:pushpin: queue -> allow_merging_configuration_change setting requirement]
  • any of:
    • all of:
      • #approved-reviews-by>=2
      • #changes-requested-reviews-by=0
      • approved-reviews-by=@ceph/ceph-csi-contributors
      • approved-reviews-by=@ceph/ceph-csi-maintainers
      • base=devel
      • label!=DNM
      • status-success=DCO
      • status-success=ci/centos/k8s-e2e-external-storage/1.26
      • status-success=ci/centos/k8s-e2e-external-storage/1.27
      • status-success=ci/centos/k8s-e2e-external-storage/1.28
      • status-success=ci/centos/mini-e2e-helm/k8s-1.26
      • status-success=ci/centos/mini-e2e-helm/k8s-1.27
      • status-success=ci/centos/mini-e2e-helm/k8s-1.28
      • status-success=ci/centos/mini-e2e/k8s-1.26
      • status-success=ci/centos/mini-e2e/k8s-1.27
      • status-success=ci/centos/mini-e2e/k8s-1.28
      • status-success=ci/centos/upgrade-tests-cephfs
      • status-success=ci/centos/upgrade-tests-rbd
      • status-success=codespell
      • status-success=commitlint
      • status-success=go-test
      • status-success=golangci-lint
      • status-success=lint-extras
      • status-success=mod-check
      • status-success=multi-arch-build
    • all of:
      • base=release-v*
      • status-success=ci/centos/k8s-e2e-external-storage/1.25
      • status-success=ci/centos/mini-e2e-helm/k8s-1.25
      • status-success=ci/centos/mini-e2e/k8s-1.25
      • #approved-reviews-by>=2
      • #changes-requested-reviews-by=0
      • approved-reviews-by=@ceph/ceph-csi-contributors
      • approved-reviews-by=@ceph/ceph-csi-maintainers
      • label!=DNM
      • status-success=DCO
      • status-success=ci/centos/k8s-e2e-external-storage/1.26
      • status-success=ci/centos/k8s-e2e-external-storage/1.27
      • status-success=ci/centos/mini-e2e-helm/k8s-1.26
      • status-success=ci/centos/mini-e2e-helm/k8s-1.27
      • status-success=ci/centos/mini-e2e/k8s-1.26
      • status-success=ci/centos/mini-e2e/k8s-1.27
      • status-success=ci/centos/upgrade-tests-cephfs
      • status-success=ci/centos/upgrade-tests-rbd
      • status-success=codespell
      • status-success=commitlint
      • status-success=go-test
      • status-success=golangci-lint
      • status-success=lint-extras
      • status-success=mod-check
      • status-success=multi-arch-build
  • any of: [:twisted_rightwards_arrows: queue conditions]
    • all of: [:pushpin: queue conditions of queue default]
      • #approved-reviews-by>=2 [🛡 GitHub branch protection]
      • #changes-requested-reviews-by=0 [🛡 GitHub branch protection]

Rule: automatic merge (delete_head_branch)

  • closed [:pushpin: delete_head_branch requirement]
  • any of:
    • all of:
      • #approved-reviews-by>=2
      • #changes-requested-reviews-by=0
      • approved-reviews-by=@ceph/ceph-csi-contributors
      • approved-reviews-by=@ceph/ceph-csi-maintainers
      • base=devel
      • label!=DNM
      • status-success=DCO
      • status-success=ci/centos/k8s-e2e-external-storage/1.26
      • status-success=ci/centos/k8s-e2e-external-storage/1.27
      • status-success=ci/centos/k8s-e2e-external-storage/1.28
      • status-success=ci/centos/mini-e2e-helm/k8s-1.26
      • status-success=ci/centos/mini-e2e-helm/k8s-1.27
      • status-success=ci/centos/mini-e2e-helm/k8s-1.28
      • status-success=ci/centos/mini-e2e/k8s-1.26
      • status-success=ci/centos/mini-e2e/k8s-1.27
      • status-success=ci/centos/mini-e2e/k8s-1.28
      • status-success=ci/centos/upgrade-tests-cephfs
      • status-success=ci/centos/upgrade-tests-rbd
      • status-success=codespell
      • status-success=commitlint
      • status-success=go-test
      • status-success=golangci-lint
      • status-success=lint-extras
      • status-success=mod-check
      • status-success=multi-arch-build
    • all of:
      • base=release-v*
      • status-success=ci/centos/k8s-e2e-external-storage/1.25
      • status-success=ci/centos/mini-e2e-helm/k8s-1.25
      • status-success=ci/centos/mini-e2e/k8s-1.25
      • #approved-reviews-by>=2
      • #changes-requested-reviews-by=0
      • approved-reviews-by=@ceph/ceph-csi-contributors
      • approved-reviews-by=@ceph/ceph-csi-maintainers
      • label!=DNM
      • status-success=DCO
      • status-success=ci/centos/k8s-e2e-external-storage/1.26
      • status-success=ci/centos/k8s-e2e-external-storage/1.27
      • status-success=ci/centos/mini-e2e-helm/k8s-1.26
      • status-success=ci/centos/mini-e2e-helm/k8s-1.27
      • status-success=ci/centos/mini-e2e/k8s-1.26
      • status-success=ci/centos/mini-e2e/k8s-1.27
      • status-success=ci/centos/upgrade-tests-cephfs
      • status-success=ci/centos/upgrade-tests-rbd
      • status-success=codespell
      • status-success=commitlint
      • status-success=go-test
      • status-success=golangci-lint
      • status-success=lint-extras
      • status-success=mod-check
      • status-success=multi-arch-build

Rule: automatic merge PR having ready-to-merge label (queue)

  • any of:
    • all of:
      • base=release-v*
      • label=ready-to-merge
      • status-success=ci/centos/k8s-e2e-external-storage/1.25
      • status-success=ci/centos/mini-e2e-helm/k8s-1.25
      • status-success=ci/centos/mini-e2e/k8s-1.25
      • #changes-requested-reviews-by=0
      • approved-reviews-by=@ceph/ceph-csi-maintainers
      • label!=DNM
      • status-success=DCO
      • status-success=ci/centos/k8s-e2e-external-storage/1.26
      • status-success=ci/centos/k8s-e2e-external-storage/1.27
      • status-success=ci/centos/mini-e2e-helm/k8s-1.26
      • status-success=ci/centos/mini-e2e-helm/k8s-1.27
      • status-success=ci/centos/mini-e2e/k8s-1.26
      • status-success=ci/centos/mini-e2e/k8s-1.27
      • status-success=ci/centos/upgrade-tests-cephfs
      • status-success=ci/centos/upgrade-tests-rbd
      • status-success=codespell
      • status-success=commitlint
      • status-success=go-test
      • status-success=golangci-lint
      • status-success=lint-extras
      • status-success=mod-check
      • status-success=multi-arch-build
    • all of:
      • label=ready-to-merge
      • #changes-requested-reviews-by=0
      • approved-reviews-by=@ceph/ceph-csi-maintainers
      • base=devel
      • label!=DNM
      • status-success=DCO
      • status-success=ci/centos/k8s-e2e-external-storage/1.26
      • status-success=ci/centos/k8s-e2e-external-storage/1.27
      • status-success=ci/centos/k8s-e2e-external-storage/1.28
      • status-success=ci/centos/mini-e2e-helm/k8s-1.26
      • status-success=ci/centos/mini-e2e-helm/k8s-1.27
      • status-success=ci/centos/mini-e2e-helm/k8s-1.28
      • status-success=ci/centos/mini-e2e/k8s-1.26
      • status-success=ci/centos/mini-e2e/k8s-1.27
      • status-success=ci/centos/mini-e2e/k8s-1.28
      • status-success=ci/centos/upgrade-tests-cephfs
      • status-success=ci/centos/upgrade-tests-rbd
      • status-success=codespell
      • status-success=commitlint
      • status-success=go-test
      • status-success=golangci-lint
      • status-success=lint-extras
      • status-success=mod-check
      • status-success=multi-arch-build
  • -draft [:pushpin: queue requirement]
  • -mergify-configuration-changed [:pushpin: queue -> allow_merging_configuration_change setting requirement]
  • any of: [:twisted_rightwards_arrows: queue conditions]
    • all of: [:pushpin: queue conditions of queue default]
      • #approved-reviews-by>=2 [🛡 GitHub branch protection]
      • #changes-requested-reviews-by=0 [🛡 GitHub branch protection]

Rule: automatic merge PR having ready-to-merge label (delete_head_branch)

  • any of:
    • all of:
      • base=release-v*
      • label=ready-to-merge
      • status-success=ci/centos/k8s-e2e-external-storage/1.25
      • status-success=ci/centos/mini-e2e-helm/k8s-1.25
      • status-success=ci/centos/mini-e2e/k8s-1.25
      • #changes-requested-reviews-by=0
      • approved-reviews-by=@ceph/ceph-csi-maintainers
      • label!=DNM
      • status-success=DCO
      • status-success=ci/centos/k8s-e2e-external-storage/1.26
      • status-success=ci/centos/k8s-e2e-external-storage/1.27
      • status-success=ci/centos/mini-e2e-helm/k8s-1.26
      • status-success=ci/centos/mini-e2e-helm/k8s-1.27
      • status-success=ci/centos/mini-e2e/k8s-1.26
      • status-success=ci/centos/mini-e2e/k8s-1.27
      • status-success=ci/centos/upgrade-tests-cephfs
      • status-success=ci/centos/upgrade-tests-rbd
      • status-success=codespell
      • status-success=commitlint
      • status-success=go-test
      • status-success=golangci-lint
      • status-success=lint-extras
      • status-success=mod-check
      • status-success=multi-arch-build
    • all of:
      • label=ready-to-merge
      • #changes-requested-reviews-by=0
      • approved-reviews-by=@ceph/ceph-csi-maintainers
      • base=devel
      • label!=DNM
      • status-success=DCO
      • status-success=ci/centos/k8s-e2e-external-storage/1.26
      • status-success=ci/centos/k8s-e2e-external-storage/1.27
      • status-success=ci/centos/k8s-e2e-external-storage/1.28
      • status-success=ci/centos/mini-e2e-helm/k8s-1.26
      • status-success=ci/centos/mini-e2e-helm/k8s-1.27
      • status-success=ci/centos/mini-e2e-helm/k8s-1.28
      • status-success=ci/centos/mini-e2e/k8s-1.26
      • status-success=ci/centos/mini-e2e/k8s-1.27
      • status-success=ci/centos/mini-e2e/k8s-1.28
      • status-success=ci/centos/upgrade-tests-cephfs
      • status-success=ci/centos/upgrade-tests-rbd
      • status-success=codespell
      • status-success=commitlint
      • status-success=go-test
      • status-success=golangci-lint
      • status-success=lint-extras
      • status-success=mod-check
      • status-success=multi-arch-build
  • closed [:pushpin: delete_head_branch requirement]

Rule: backport patches to release-v3.8 branch (backport)

  • label=backport-to-release-v3.8
  • base=devel
  • merged [:pushpin: backport requirement]

Rule: backport patches to release-v3.9 branch (backport)

  • label=backport-to-release-v3.9
  • base=devel
  • merged [:pushpin: backport requirement]

Rule: title contains DNM (label)

  • title~=DNM

Rule: title contains CephFS (label)

  • title~=cephfs:

Rule: title contains NFS (label)

  • title~=nfs:

Rule: title contains RBD (label)

  • title~=rbd:

Rule: title contains CI, testing or e2e (label)

  • title~=(ci: )|(testing: )|(e2e)

Rule: title contains Helm (label)

  • title~=helm

Rule: title contains rebase (label)

  • title~=rebase:

Rule: title contains build (label)

  • title~=build:

Rule: title indicates a bug fix (label)

  • title~=(bug)|(fix)

Rule: title contains cleanup (label)

  • title~=cleanup:

Rule: title contains doc (label)

  • title~=doc:

Rule: title contains Mergify (label)

  • title~=(?i)mergify

💖  Mergify is proud to provide this service for free to open source projects.

🚀  You can help us by becoming a sponsor!


7 not applicable rules

Rule: update dependencies by dependabot (skip commitlint) (queue)

  • any of:
    • all of:
      • author=dependabot[bot]
      • base=release-v*
      • status-success=ci/centos/k8s-e2e-external-storage/1.25
      • status-success=ci/centos/mini-e2e-helm/k8s-1.25
      • status-success=ci/centos/mini-e2e/k8s-1.25
      • #approved-reviews-by>=2
      • #changes-requested-reviews-by=0
      • approved-reviews-by=@ceph/ceph-csi-contributors
      • approved-reviews-by=@ceph/ceph-csi-maintainers
      • label!=DNM
      • status-success=DCO
      • status-success=ci/centos/k8s-e2e-external-storage/1.26
      • status-success=ci/centos/k8s-e2e-external-storage/1.27
      • status-success=ci/centos/mini-e2e-helm/k8s-1.26
      • status-success=ci/centos/mini-e2e-helm/k8s-1.27
      • status-success=ci/centos/mini-e2e/k8s-1.26
      • status-success=ci/centos/mini-e2e/k8s-1.27
      • status-success=ci/centos/upgrade-tests-cephfs
      • status-success=ci/centos/upgrade-tests-rbd
      • status-success=codespell
      • status-success=go-test
      • status-success=golangci-lint
      • status-success=lint-extras
      • status-success=mod-check
      • status-success=multi-arch-build
    • all of:
      • author=dependabot[bot]
      • #approved-reviews-by>=2
      • #changes-requested-reviews-by=0
      • approved-reviews-by=@ceph/ceph-csi-contributors
      • approved-reviews-by=@ceph/ceph-csi-maintainers
      • base=devel
      • label!=DNM
      • status-success=DCO
      • status-success=ci/centos/k8s-e2e-external-storage/1.26
      • status-success=ci/centos/k8s-e2e-external-storage/1.27
      • status-success=ci/centos/k8s-e2e-external-storage/1.28
      • status-success=ci/centos/mini-e2e-helm/k8s-1.26
      • status-success=ci/centos/mini-e2e-helm/k8s-1.27
      • status-success=ci/centos/mini-e2e-helm/k8s-1.28
      • status-success=ci/centos/mini-e2e/k8s-1.26
      • status-success=ci/centos/mini-e2e/k8s-1.27
      • status-success=ci/centos/mini-e2e/k8s-1.28
      • status-success=ci/centos/upgrade-tests-cephfs
      • status-success=ci/centos/upgrade-tests-rbd
      • status-success=codespell
      • status-success=go-test
      • status-success=golangci-lint
      • status-success=lint-extras
      • status-success=mod-check
      • status-success=multi-arch-build
  • -draft [:pushpin: queue requirement]
  • -mergify-configuration-changed [:pushpin: queue -> allow_merging_configuration_change setting requirement]
  • any of: [:twisted_rightwards_arrows: queue conditions]
    • all of: [:pushpin: queue conditions of queue default]
      • #approved-reviews-by>=2 [🛡 GitHub branch protection]
      • #changes-requested-reviews-by=0 [🛡 GitHub branch protection]

Rule: update dependencies by dependabot (skip commitlint) (delete_head_branch)

  • any of:
    • all of:
      • author=dependabot[bot]
      • base=release-v*
      • status-success=ci/centos/k8s-e2e-external-storage/1.25
      • status-success=ci/centos/mini-e2e-helm/k8s-1.25
      • status-success=ci/centos/mini-e2e/k8s-1.25
      • #approved-reviews-by>=2
      • #changes-requested-reviews-by=0
      • approved-reviews-by=@ceph/ceph-csi-contributors
      • approved-reviews-by=@ceph/ceph-csi-maintainers
      • label!=DNM
      • status-success=DCO
      • status-success=ci/centos/k8s-e2e-external-storage/1.26
      • status-success=ci/centos/k8s-e2e-external-storage/1.27
      • status-success=ci/centos/mini-e2e-helm/k8s-1.26
      • status-success=ci/centos/mini-e2e-helm/k8s-1.27
      • status-success=ci/centos/mini-e2e/k8s-1.26
      • status-success=ci/centos/mini-e2e/k8s-1.27
      • status-success=ci/centos/upgrade-tests-cephfs
      • status-success=ci/centos/upgrade-tests-rbd
      • status-success=codespell
      • status-success=go-test
      • status-success=golangci-lint
      • status-success=lint-extras
      • status-success=mod-check
      • status-success=multi-arch-build
    • all of:
      • author=dependabot[bot]
      • #approved-reviews-by>=2
      • #changes-requested-reviews-by=0
      • approved-reviews-by=@ceph/ceph-csi-contributors
      • approved-reviews-by=@ceph/ceph-csi-maintainers
      • base=devel
      • label!=DNM
      • status-success=DCO
      • status-success=ci/centos/k8s-e2e-external-storage/1.26
      • status-success=ci/centos/k8s-e2e-external-storage/1.27
      • status-success=ci/centos/k8s-e2e-external-storage/1.28
      • status-success=ci/centos/mini-e2e-helm/k8s-1.26
      • status-success=ci/centos/mini-e2e-helm/k8s-1.27
      • status-success=ci/centos/mini-e2e-helm/k8s-1.28
      • status-success=ci/centos/mini-e2e/k8s-1.26
      • status-success=ci/centos/mini-e2e/k8s-1.27
      • status-success=ci/centos/mini-e2e/k8s-1.28
      • status-success=ci/centos/upgrade-tests-cephfs
      • status-success=ci/centos/upgrade-tests-rbd
      • status-success=codespell
      • status-success=go-test
      • status-success=golangci-lint
      • status-success=lint-extras
      • status-success=mod-check
      • status-success=multi-arch-build
  • closed [:pushpin: delete_head_branch requirement]

Rule: remove outdated approvals on ci/centos (dismiss_reviews)

  • base=ci/centos

Rule: automatic merge on ci/centos (queue)

  • base=ci/centos
  • status-success=ci/centos/jjb-validate
  • status-success=ci/centos/job-validation
  • #approved-reviews-by>=2
  • #changes-requested-reviews-by=0
  • -draft [:pushpin: queue requirement]
  • -mergify-configuration-changed [:pushpin: queue -> allow_merging_configuration_change setting requirement]
  • approved-reviews-by=@ceph/ceph-csi-contributors
  • approved-reviews-by=@ceph/ceph-csi-maintainers
  • label!=DNM
  • status-success=DCO
  • any of: [:twisted_rightwards_arrows: queue conditions]
    • all of: [:pushpin: queue conditions of queue default]
      • #approved-reviews-by>=2 [🛡 GitHub branch protection]
      • #changes-requested-reviews-by=0 [🛡 GitHub branch protection]

Rule: automatic merge on ci/centos (delete_head_branch)

  • base=ci/centos
  • status-success=ci/centos/jjb-validate
  • status-success=ci/centos/job-validation
  • #approved-reviews-by>=2
  • #changes-requested-reviews-by=0
  • approved-reviews-by=@ceph/ceph-csi-contributors
  • approved-reviews-by=@ceph/ceph-csi-maintainers
  • closed [:pushpin: delete_head_branch requirement]
  • label!=DNM
  • status-success=DCO

Rule: automatic merge PR having ready-to-merge label on ci/centos (queue)

  • base=ci/centos
  • label=ready-to-merge
  • status-success=ci/centos/jjb-validate
  • status-success=ci/centos/job-validation
  • #changes-requested-reviews-by=0
  • -draft [:pushpin: queue requirement]
  • -mergify-configuration-changed [:pushpin: queue -> allow_merging_configuration_change setting requirement]
  • approved-reviews-by=@ceph/ceph-csi-maintainers
  • label!=DNM
  • status-success=DCO
  • any of: [:twisted_rightwards_arrows: queue conditions]
    • all of: [:pushpin: queue conditions of queue default]
      • #approved-reviews-by>=2 [🛡 GitHub branch protection]
      • #changes-requested-reviews-by=0 [🛡 GitHub branch protection]

Rule: automatic merge PR having ready-to-merge label on ci/centos (delete_head_branch)

  • base=ci/centos
  • label=ready-to-merge
  • status-success=ci/centos/jjb-validate
  • status-success=ci/centos/job-validation
  • #changes-requested-reviews-by=0
  • approved-reviews-by=@ceph/ceph-csi-maintainers
  • closed [:pushpin: delete_head_branch requirement]
  • label!=DNM
  • status-success=DCO
Mergify commands and options

More conditions and actions can be found in the documentation.

You can also trigger Mergify actions by commenting on this pull request:

  • @Mergifyio refresh will re-evaluate the rules
  • @Mergifyio rebase will rebase this PR on its base branch
  • @Mergifyio update will merge the base branch into this PR
  • @Mergifyio backport <destination> will backport this PR on <destination> branch

Additionally, on Mergify dashboard you can:

  • look at your merge queues
  • generate the Mergify configuration with the config editor.

Finally, you can contact us on https://mergify.com