Skip to content

🌱 Bump OSV scanner action to fix SARIF upload#2694

Merged
metal3-io-bot merged 1 commit into
metal3-io:mainfrom
Nordix:lentzi90/osv-scanner-bump
Aug 11, 2025
Merged

🌱 Bump OSV scanner action to fix SARIF upload#2694
metal3-io-bot merged 1 commit into
metal3-io:mainfrom
Nordix:lentzi90/osv-scanner-bump

Conversation

@lentzi90
Copy link
Copy Markdown
Member

@lentzi90 lentzi90 commented Aug 11, 2025
edited
Loading

What this PR does / why we need it:

This version includes a fix for the issue with uploading the SARIF file (it is missing results). (google/osv-scanner#2064 Fix SARIF v3 output to include results.)

This commit also makes the workflow run on PRs that touch the workflow file.

Which issue(s) this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged):
Fixes #

@metal3-io-bot metal3-io-bot added the size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. label Aug 11, 2025
@lentzi90 lentzi90 force-pushed the lentzi90/osv-scanner-bump branch from 4063a8b to 690a76e Compare August 11, 2025 08:49
@lentzi90 lentzi90 changed the title 🌱 Bump OSV scanner action 🌱 Bump OSV scanner action to fix SARIF upload Aug 11, 2025
@lentzi90
Bump OSV scanner action to fix SARIF upload issue
0897da9 
This version includes a fix for the issue with uploading the SARIF file (it is missing results).
This commit also makes the workflow run on PRs that touch the workflow file.

Signed-off-by: Lennart Jern <lennart.jern@est.tech>
@lentzi90 lentzi90 force-pushed the lentzi90/osv-scanner-bump branch from 690a76e to 0897da9 Compare August 11, 2025 08:57
@metal3-io-bot metal3-io-bot added size/S Denotes a PR that changes 10-29 lines, ignoring generated files. and removed size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. labels Aug 11, 2025
tuminoid
tuminoid reviewed Aug 11, 2025
View reviewed changes
Copy link
Copy Markdown
Member

@tuminoid tuminoid left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/approve

Let's do the same fix for IPAM/BMO/IRSO as well where we have 2.1.0 bumped.

@metal3-io-bot metal3-io-bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Aug 11, 2025
lentzi90
lentzi90 commented Aug 11, 2025
View reviewed changes
Comment thread hack/verify-release.sh
osv-scanner)
version=$("${OSVSCANNER_CMD[@]}" -v | grep version | cut -f3 -d" ")
min_version="2.1.0"
min_version="2.2.0"
Copy link
Copy Markdown
Member Author

@lentzi90 lentzi90 Aug 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Perhaps not strictly needed since the issue was only abut uploading the results, but I included it anyway

Copy link
Copy Markdown
Member

@tuminoid tuminoid Aug 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I was thinking the same, but as 2.1.0 has issues producing results, it is not bad idea to have 2.2.0 as minimum.

@tuminoid
Copy link
Copy Markdown
Member

tuminoid commented Aug 11, 2025

/override metal3-centos-e2e-integration-test-main metal3-ubuntu-e2e-integration-test-main
GH action change.

@metal3-io-bot
Copy link
Copy Markdown
Contributor

metal3-io-bot commented Aug 11, 2025

@tuminoid: Overrode contexts on behalf of tuminoid: metal3-centos-e2e-integration-test-main, metal3-ubuntu-e2e-integration-test-main

Details

In response to this:

/override metal3-centos-e2e-integration-test-main metal3-ubuntu-e2e-integration-test-main
GH action change.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@tuminoid
Copy link
Copy Markdown
Member

tuminoid commented Aug 11, 2025

/cc @kashifest

@kashifest
Copy link
Copy Markdown
Member

kashifest commented Aug 11, 2025

/approve

@metal3-io-bot
Copy link
Copy Markdown
Contributor

metal3-io-bot commented Aug 11, 2025

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: kashifest, tuminoid

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

tuminoid
tuminoid reviewed Aug 11, 2025
View reviewed changes
Copy link
Copy Markdown
Member

@tuminoid tuminoid left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@metal3-io-bot metal3-io-bot added the lgtm Indicates that a PR is ready to be merged. label Aug 11, 2025
@metal3-io-bot metal3-io-bot merged commit 58a6cfa into metal3-io:main Aug 11, 2025
24 checks passed
@metal3-io-bot metal3-io-bot deleted the lentzi90/osv-scanner-bump branch August 11, 2025 10:50
@metal3-io-bot metal3-io-bot added this to the CAPM3 - v1.11 milestone Aug 11, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tuminoid tuminoid tuminoid left review comments

@peppi-lotta peppi-lotta Awaiting requested review from peppi-lotta

@Rozzii Rozzii Awaiting requested review from Rozzii

@kashifest kashifest Awaiting requested review from kashifest

Assignees

No one assigned

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. lgtm Indicates that a PR is ready to be merged. size/S Denotes a PR that changes 10-29 lines, ignoring generated files.

Projects

None yet

Milestone

CAPM3 - v1.11

Development

Successfully merging this pull request may close these issues.

4 participants

@lentzi90 @tuminoid @metal3-io-bot @kashifest