Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add CI Checks and Automation for Vulnerabilities, Dependency Updates, and Code Quality #17

Open
5 tasks
mboukhalfa opened this issue Sep 17, 2024 · 4 comments
Open
5 tasks

Add CI Checks and Automation for Vulnerabilities, Dependency Updates, and Code Quality #17

mboukhalfa opened this issue Sep 17, 2024 · 4 comments
Labels
triage/accepted Indicates an issue is ready to be actively worked on.

Comments

@mboukhalfa
Copy link
Member

mboukhalfa commented Sep 17, 2024
edited
Loading

Now that the repository contains code for two images, ipxe-builder and fakeIPA, it's essential to ensure ongoing code quality and security. Here are some suggestions:

  • Add vulnerability scanning: Implement tools like osv-scanner to detect and address vulnerabilities in dependencies.
  • Add bot for dependency updates: Integrate Dependabot or Renovate to automatically handle dependency bumps for Python and other relevant codebases.
  • Set up Python code linters: Introduce linters like flake8 or pylint to ensure code style consistency and best practices.
  • Create tests for fakeIPA: Add tests to validate fakeIPA functionality and ensure updates (such as dependency bumps) don't break the code. (might need a separate issue for this)
  • Establish PR check jobs: Ensure that relevant PRs are automatically tested with the required checks. Since the repo contains heterogeneous image codebases, we need to ensure tests are required only if changes happen in the concerned folder.

This will help maintain a high standard of security, stability, and code quality for the repository.
@metal3-io-bot metal3-io-bot added the needs-triage Indicates an issue lacks a `triage/foo` label and requires one. label Sep 17, 2024
@tuminoid
Copy link
Member

/triage accepted

@metal3-io-bot metal3-io-bot added triage/accepted Indicates an issue is ready to be actively worked on. and removed needs-triage Indicates an issue lacks a `triage/foo` label and requires one. labels Sep 17, 2024
@metal3-io-bot
Copy link
Collaborator

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues will close after an additional 30d of inactivity.

If this issue is safe to close now please do so with /close.

/lifecycle stale

@metal3-io-bot metal3-io-bot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Dec 16, 2024
@tuminoid
Copy link
Member

/remove-lifecycle stale

@metal3-io-bot metal3-io-bot removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Dec 17, 2024
@tuminoid
Copy link
Member

Soon the repo will have third image, keepalived.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
triage/accepted Indicates an issue is ready to be actively worked on.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@tuminoid @mboukhalfa @metal3-io-bot