github workflows: remove release tests #19358
Conversation
This workflow has already been migrated to the prow infrastructure as a presubmit job. Signed-off-by: Ivan Valdes <[email protected]>
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: ivanvc The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
github_actions
Do not get time to dig into the details. It shouldn't be a reason to remove trivy.
I think It's better to run trivy on each PR instead of periodically. It doesn't take too much time or resource. |
|
As this may be a longer conversation, I opened #19363. |
|
PR needs rebase. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
Needs rebase |
@serathius, I didn't rebase because I thought we should first discuss the controversial part of this pull request either here or in #19363. If there's no discussion by next week, I'll bring the topic to the next community meeting. |
This workflow has already been migrated to the prow infrastructure as a presubmit job, and it's stable.
The current GitHub workflow also has a second part, which uses Trivy to check for image vulnerabilities in the generated images. However, these results overlap (or duplicate) what we obtain with
govulncheck, as our images are based on a distroless static Debian image. Therefore, it only checks the etcd binaries. For example, when we had the report of GO-2024-2527, it never failed.So, I think we can delete it. Or, maybe another approach would be to move it to a periodic job.
Please read https://github.com/etcd-io/etcd/blob/main/CONTRIBUTING.md#contribution-flow.