Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Infra: Run cve checks workflow on pull requests and pushes to main #745

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Infra: Run cve checks workflow on pull requests and pushes to main #745

wants to merge 2 commits into from

Conversation

yeikel
Copy link
Contributor

@yeikel yeikel commented Jan 3, 2025
edited
Loading

What changes did you make? (Give an overview)

Closes #707

How Has This Been Tested? (put an "x" (case-sensitive!) next to an item)

  • Manually (please, describe, if necessary)

Tested here :

Checklist (put an "x" (case-sensitive!) next to all the items, otherwise the build will fail)

  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation (e.g. ENVIRONMENT VARIABLES)
  • My changes generate no new warnings (e.g. Sonar is happy)
  • I have added tests that prove my fix is effective or that my feature works
  • New and existing unit tests pass locally with my changes
  • Any dependent changes have been merged

A picture of a cute animal (not mandatory but encouraged)

346617360_1196147131002766_412235603490618042_n

@kapybro kapybro bot added status/triage Issues pending maintainers triage status/triage/manual Manual triage in progress scope/infra CI, CD, dev. env, etc. status/triage/completed Automatic triage completed and removed status/triage Issues pending maintainers triage labels Jan 3, 2025
@yeikel yeikel marked this pull request as ready for review January 3, 2025 19:42
@yeikel yeikel requested a review from a team as a code owner January 3, 2025 19:42
@yeikel yeikel mentioned this pull request Jan 3, 2025
Open
2 tasks
@yeikel
Copy link
Contributor Author

yeikel commented Jan 3, 2025
edited
Loading

@Haarolean I noticed that you implemented this recently: #219

We probably do not want to send notifications for every failure (definitely not from pull requests). Do you have any suggestion about when should it be sent?

For now, I pushed d5a52d3 to only send it from main

Haarolean
Haarolean requested changes Jan 4, 2025
View reviewed changes
.github/workflows/cve_checks.yml
@@ -1,5 +1,8 @@
name: "Infra: CVE checks"
on:
pull_request_target:
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we don't need pull_request_target for this particular workflow, pull_request should suffice.

.github/workflows/cve_checks.yml
@@ -71,7 +74,7 @@ jobs:

notify:
needs: build-and-test
if: ${{ always() && needs.build-and-test.result == 'failure' }}
if: ${{ always() && needs.build-and-test.result == 'failure' && github.ref == 'refs/heads/main' }}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you please adjust this so it only runs upon failures of scheduled runs?

@Haarolean
Copy link
Member

Do you have any suggestion about when should it be sent?

Thank you for this PR.
I'd suggest to send these only in case of a failed scheduled run, would you be able to adjust the workflow this way?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Haarolean Haarolean Haarolean requested changes

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
scope/infra CI, CD, dev. env, etc. status/triage/completed Automatic triage completed status/triage/manual Manual triage in progress
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Infra: Consider running the Infra: CVE checks with every commit as well
2 participants
@yeikel @Haarolean