New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Keep kubescape github-action workflow up to date #38
Conversation
Signed-off-by: Hollow Man <hollowman@opensuse.org>
Signed-off-by: Hollow Man <hollowman@opensuse.org>
Signed-off-by: Hollow Man <hollowman@opensuse.org>
Just investigated the second way and switched into that. I will add a trigger at the upstream release workflow later: kubescape/kubescape#1186 One of the drawback for this way is that it actually doesn't support publishing to GitHub Marketplace automatically as GitHub forbids us to do so, so we have to edit and update the release manually for each new version to publish the Action to the GitHub Marketplace: cli/cli#5193 (comment) So I fully understand if you don't like this and we can switch back into the first way instead. In addition, I removed the build.yaml workflow as it looks like it's no longer needed. I also find that we actually don't need to make sure that workflows have Read and write permissions if we grant the following permissions explicitly in the workflow definition: actions: read
contents: read
security-events: write So I add those permissions grant explicitly in the workflow and remove the prerequisites for the ease of users. |
Signed-off-by: Hollow Man <hollowman@opensuse.org>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice :)
The auto version bumping workflow has failed: remote: error: GH006: Protected branch update failed for refs/heads/main.
remote: error: At least 1 approving review is required by reviewers with write access.
To https://github.com/kubescape/github-action
! [remote rejected] main -> main (protected branch hook declined)
error: failed to push some refs to 'https://github.com/kubescape/github-action' https://github.com/kubescape/github-action/actions/runs/4853461414/jobs/8649657320 Maybe you want to remove the branch protection for |
Just opened another PR to change the behavior of this release workflow. I think you may prefer that way instead of disabling the branch protection for |
I don't think we need to change the branch protection rules, we can have an action to auto-approve the PR when raised by a specific user. @HollowMan6 |
Yeah, go ahead if you want to add the auto-approving |
We didn't change the the branch protection rules here, it's now using the PR: #56 |
I notice that the kubescape version is a bit of old. I have tried to check if we can add an input to allow users to specify the Kubescape image version, but unfortunately this seems like not supported and all the two methods failed:
So I think there will be two way to go:
latest
tag.