rebase: bump ceph/ceph-csi from 28dc64dcae3cec8d11d84bdf525bda0ef757c688 to 961c0a8d85035a5ee4854e3960ce1b8df8b90166 #4878
Conversation
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=60&v=4){kind=small}
Bumps [ceph/ceph-csi](https://github.com/ceph/ceph-csi) from 28dc64d to 961c0a8. - [Release notes](https://github.com/ceph/ceph-csi/releases) - [Changelog](https://github.com/ceph/ceph-csi/blob/devel/docs/releases.md) - [Commits](28dc64d...961c0a8) --- updated-dependencies: - dependency-name: ceph/ceph-csi dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]>
dependabot
bot
added
ci/skip/e2e
| @@ -16,7 +16,7 @@ jobs: | |||
| steps: | |||
| # path to the retest action | |||
| # yamllint disable-line rule:line-length | |||
| - uses: ceph/ceph-csi/actions/retest@28dc64dcae3cec8d11d84bdf525bda0ef757c688 # devel | |||
| - uses: ceph/ceph-csi/actions/retest@961c0a8d85035a5ee4854e3960ce1b8df8b90166 # devel | |||
There was a problem hiding this comment.
This is our own repository, it should not include the commit-id, the branch name (devel) is more appropriate.
@Nikhil-Ladha do you know how to annotate/comment this so that the security scanner accepts the branch?
There was a problem hiding this comment.
or, maybe we can use it like private actions:
- uses: ./actions/retestThis points to the local directory in the repository that contains the action. The repository needs to be checked out first, I guess.
There was a problem hiding this comment.
This is our own repository, it should not include the commit-id, the branch name (
devel) is more appropriate.@Nikhil-Ladha do you know how to annotate/comment this so that the security scanner accepts the branch?
Looking at the current annotation method, it seems like we can't omit a single action it has to be the whole check. Ref: https://github.com/ossf/scorecard/blob/main/config/README.md
There was a problem hiding this comment.
or, maybe we can use it like private actions:
- uses: ./actions/retestThis points to the local directory in the repository that contains the action. The repository needs to be checked out first, I guess.
This seems like the best possible way for this case, I will send a PR to update the action to use the local directory.
|
OK, I won't notify you again about this release, but will get in touch when a new version is available. You can also ignore all major, minor, or patch releases for a dependency by adding an If you change your mind, just re-open this PR and I'll resolve any conflicts on it. |
dependabot
bot
deleted the
dependabot/github_actions/ceph/ceph-csi-961c0a8d85035a5ee4854e3960ce1b8df8b90166
branch
Bumps ceph/ceph-csi from 28dc64d to 961c0a8.
Changelog
Sourced from ceph/ceph-csi's changelog.
... (truncated)
Commits
961c0a8e2e: enable more k8s storage tests2d82cebrbd: move repairImageID() from rbdVolume struct to rbdImage9c567fddoc: add cephfs vsg to readmef2bc1c6rbd: replace Manager.DeleteVolumeGroup() by VolumeGroup.Delete()01a0ec2util: use protobuf encoding for core k8s apis8c252d5rbd: prevent re-use of destroyed resourcesf1379e4rebase: update kube dep to x.31.177f8c3frebase: bump google.golang.org/grpc from 1.66.2 to 1.67.0ecf2503rebase: bump github/codeql-action from 3.26.7 to 3.26.840ad416rebase: bump the github-dependencies group with 2 updatesYou can trigger a rebase of this PR by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)