Syncing latest changes from main for ocs-client-operator#656
Merged
Conversation
Signed-off-by: Leela Venkaiah G <lgangava@ibm.com>
Signed-off-by: Leela Venkaiah G <lgangava@ibm.com>
Signed-off-by: Leela Venkaiah G <lgangava@ibm.com>
- fix critical pull_request_target vulnerability in dependencies workflow - pin all actions to commit SHAs (prevents tag hijacking) - upgrade all actions to latest stable versions: - actions/checkout v4 -> v7.0.0 - actions/setup-go v5 -> v6.5.0 - docker/login-action v3 -> v4.2.0 - codespell-project/actions-codespell v2 -> v2.2 - wagoid/commitlint-github-action v5 -> v6.2.1 - ibiqlik/action-yamllint v3 -> v3.1.1 - golangci/golangci-lint-action v8 -> v9.2.1 - z0al/dependent-issues v1 -> v1.5.2 - add explicit permissions blocks to all workflows (least privilege) - add persist-credentials: false to all checkout actions - add input validation for workflow_dispatch parameters - add hack/gh-tag-to-sha.sh script to track action versions - add GH action version tracking to hack/build.env Signed-off-by: Leela Venkaiah G <lgangava@ibm.com>
Signed-off-by: Leela Venkaiah G <lgangava@ibm.com>
chore: ci for more predicatbility and sufficient hardenging against GH attacks
- configure self-hosted Renovate as GitHub Action - group Go dependencies by update type (major vs non-major) - disable indirect Go dependencies (handled by go mod tidy) - enable GitHub Actions updates with 7-day stability period - require manual approval via dependency dashboard - schedule updates for Tuesday mornings before 5am UTC Signed-off-by: Leela Venkaiah G <lgangava@ibm.com>
add Renovate bot configuration for automated dependency updates
- remove Renovate configuration (workflow and config) - add Dependabot configuration for Go modules and GitHub Actions - configure weekly updates on Tuesday mornings - group minor/patch updates to reduce PR noise - support Go workspace (root and api/ directories) Signed-off-by: Leela Venkaiah G <lgangava@ibm.com>
switch from Renovate to Dependabot for dependency management
Bumps the github-actions group with 1 update: [wagoid/commitlint-github-action](https://github.com/wagoid/commitlint-github-action). Updates `wagoid/commitlint-github-action` from 6cf16efdf4da5277c791d335142c03a0bdf1766e to b948419dd99f3fd78a6548d48f94e3df7f6bf3ed - [Changelog](https://github.com/wagoid/commitlint-github-action/blob/master/CHANGELOG.md) - [Commits](wagoid/commitlint-github-action@6cf16ef...b948419) --- updated-dependencies: - dependency-name: wagoid/commitlint-github-action dependency-version: b948419dd99f3fd78a6548d48f94e3df7f6bf3ed dependency-type: direct:production dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com>
…s/github-actions-a9509404e1 chore(deps)(deps): bump wagoid/commitlint-github-action from 6cf16efdf4da5277c791d335142c03a0bdf1766e to b948419dd99f3fd78a6548d48f94e3df7f6bf3ed in the github-actions group
Automates deployment of the external-snapshot-metadata gRPC sidecar for CSI Changed Block Tracking (CBT, KEP-3314) when the RBD driver is enabled. Resources created: - Service openshift-storage-rbd-snapshot-metadata (port 6443→50051) with serving-cert-secret-name annotation for OpenShift service-ca TLS - Spec ConfigMap (name = driver name) with address, audience, caCert, driverName — source of truth for backup vendors - tls-key VolumeSpec upserted into the RBD Driver CR, triggering ceph-csi-operator to deploy the sidecar container Design: - No SMS CR creation — SnapshotMetadataService CR is admin responsibility when CRD is installed; ConfigMap is the source of truth - No external-snapshot-metadata vendor dependency needed - CA cert read from pre-existing openshift-service-ca.crt ConfigMap; ConfigMap watch triggers re-reconcile when CA is injected - Service and ConfigMap owned by operator ConfigMap (auto-GC on deletion) - serving-cert annotation string extracted to utils.ServingCertSecretAnnotation Assisted-by: Claude <noreply@anthropic.com> Signed-off-by: Rakshith R <rar@redhat.com>
controllers: automate RBD snapshot metadata sidecar setup (KEP-3314/CBT)
Add conditional VolumeAttributesClass (storage.k8s.io/v1) support to the StorageClient controller. The API availability is checked at startup via REST mapper and dynamically during reconciliation, ensuring the operator works on clusters where the API is not yet available (K8s <1.34). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
feat: add VolumeAttributesClass reconciliation support
leelavg
approved these changes
Jul 7, 2026
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: df-build-team, leelavg The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
PR containing the latest commits from main branch