We now use gobump to manage Go dependencies. gobump supports holding
back dependency updates that require newer go compiler versions than the
one specified in the project's go.mod.
The newly added gobump was using the default token but this one is not
configured with all required permissions for this repo. This was causing
tests not being executed on github.
Migration 9 alters the result column in the jobs table is relied on for
compose statuses. Because it has to be kept consistent across
migrations, add a test to verify this.
As a side effect, the test itself handles the migration now, so remove
that part from the tests GHA.
It turns out that the stale action is not able to delete its saved
state due to missing permissions. As a result, it was not processing
issues and PRs, that have been processed once, for almost a month.
The error in the job log was:
```
Warning: Error delete _state: [403] Resource not accessible by integration
```
The fix is to add `actions: write` to the action permissions
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Modify the action to allow passing the version when run manually. This
will be useful in the future once we branch-off a `rhel-x.y` branch to
backport a fix and will be doing the first "dot" release from such
branch.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Add a check which leverages the osbuild/images@check-spec-deps-action
action to check that the SPEC files requires at least the minimum
versions for dependencies specified by the `osbuild/images`.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
We want to use a stable version of ubuntu, not ubuntu-latest which can
change unexpectedly. This switches all the other (non-test) workflows to
use ubuntu-22.04
github is dropping support for 20.04 on 4/1/2025 so move to the next
stable version.
Also, back in commit e8ae7e7cae we removed
use of ubuntu-latest because it can change unexpectedly. Some other uses
crept back in, so this changes those to use 22.04 as well.
This change allows for using the command to create Jira Tasks under a given
Epic both in a pull request comment or in the pull request description.
To trigger the action, you can simply add a comment to a given pull request with
the following content:
/jira-epic ISSUE-1234
This will trigger the action and a bot will create a Jira Task under the
Epic ISSUE-1234. Once this is successful, it will update the pull request
title and description to contain a link to the newly created Jira ticket,
which also means that the two will be linked.
Alternatively, you can also add the command to the pull request description
(if you e.g. want to create the Task at PR creation time).
Note: This is currently only enabled for the HMS project.
Prior this commit, ${{ github.event.workflow_run.head_branch }} got
expanded in the bash script. A malicious actor could inject
an arbitrary shell script. Since this action has access to a token
with write rights the malicious actor can easily steal this token.
This commit moves the expansion into an env block where such an
injection cannot happen. This is the preferred way according to the
github docs:
https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable
rpmrepo snapshot enumeration is timing out, which is effectively
blocking GitLab CI from running. Disable the check for now to unblock
CI.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
We could deploy this job for both composer and each tenant's workers
that's present in app-intf. Then we can remove the maintenance bits from
the composer template.
