🌱 Fix OSV-Scanner #1152

erjavaskivuori · 2025-09-15T10:50:36Z

What this PR does / why we need it: Adopt reusable workflow from project-infra to run OSV scanner.

Renamed the workflow with scheduled prefix as it is a plan to add a workflow for all PRs too.

github-advanced-security · 2025-09-15T10:51:20Z

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

erjavaskivuori · 2025-09-15T13:25:00Z

/hold

The scanner isn't working as it is supposed to even though it's green. I will look into this on thursday.

erjavaskivuori · 2025-09-15T13:29:09Z

/unhold

nvm, it works now

erjavaskivuori · 2025-09-15T14:04:54Z

/hold

Nope, not working. I will continue with this on Thursday. There is some issue when trying to pass the config.toml to override Go version:

--config=./config.toml"
No package sources found, --help for usage information.
Exit code: 128

Full log: https://github.com/metal3-io/ip-address-manager/actions/runs/17735618865/job/50396563404?pr=1152#step:5:10

erjavaskivuori · 2025-09-18T08:22:02Z

/unhold

tuminoid · 2025-09-18T13:32:53Z

/hold
Still not working, let's keep all of these on hold, and iterate on one to get the right combination of flags. We'll do that iteration in IPAM PR, ie. here.

Use the reusable workflow from project-infra for running OSV scanner. Signed-off-by: erjavaskivuori <[email protected]>

tuminoid

/approve

Once the project-infra PR merges, we can test this. Until then, keeping the hold.

metal3-io-bot · 2025-09-25T14:19:49Z

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: tuminoid

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

~~OWNERS~~ [tuminoid]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

tuminoid · 2025-09-26T08:31:22Z

/test all

tuminoid · 2025-09-26T08:39:09Z

/override metal3-centos-e2e-integration-test-main metal3-ubuntu-e2e-integration-test-main

metal3-io-bot · 2025-09-26T08:39:14Z

@tuminoid: Overrode contexts on behalf of tuminoid: metal3-centos-e2e-integration-test-main, metal3-ubuntu-e2e-integration-test-main

Details

In response to this:

/override metal3-centos-e2e-integration-test-main metal3-ubuntu-e2e-integration-test-main

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

tuminoid · 2025-09-26T08:39:19Z

/cc @lentzi90
/unhold

lentzi90

/lgtm

metal3-io-bot requested review from smoshiur1237 and tuminoid September 15, 2025 10:50

metal3-io-bot added the size/L Denotes a PR that changes 100-499 lines, ignoring generated files. label Sep 15, 2025

erjavaskivuori force-pushed the erja/fix-osv-scanner branch 4 times, most recently from 2ab95ca to 28dbaac Compare September 15, 2025 13:20

metal3-io-bot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Sep 15, 2025

erjavaskivuori force-pushed the erja/fix-osv-scanner branch from 28dbaac to 770a633 Compare September 15, 2025 13:26

metal3-io-bot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Sep 15, 2025

erjavaskivuori force-pushed the erja/fix-osv-scanner branch from 770a633 to 3808eb4 Compare September 15, 2025 13:58

metal3-io-bot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Sep 15, 2025

erjavaskivuori force-pushed the erja/fix-osv-scanner branch 3 times, most recently from 01a9792 to fe62308 Compare September 18, 2025 07:05

metal3-io-bot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Sep 18, 2025

erjavaskivuori force-pushed the erja/fix-osv-scanner branch from fe62308 to 45d654b Compare September 18, 2025 10:22

metal3-io-bot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Sep 18, 2025

erjavaskivuori force-pushed the erja/fix-osv-scanner branch from 45d654b to 4b1f543 Compare September 18, 2025 14:34

metal3-io-bot added the needs-rebase Indicates that a PR cannot be merged because it has merge conflicts with HEAD. label Sep 18, 2025

erjavaskivuori force-pushed the erja/fix-osv-scanner branch from 4b1f543 to bbd3a4d Compare September 18, 2025 14:39

metal3-io-bot removed the needs-rebase Indicates that a PR cannot be merged because it has merge conflicts with HEAD. label Sep 18, 2025

erjavaskivuori force-pushed the erja/fix-osv-scanner branch 2 times, most recently from 7ffd293 to b5b7c30 Compare September 22, 2025 07:03

metal3-io-bot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. and removed size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Sep 22, 2025

erjavaskivuori force-pushed the erja/fix-osv-scanner branch 3 times, most recently from 7bf67ea to d438bbb Compare September 22, 2025 08:47

Adopt OSV scanner workflow from project-infra

415ef15

Use the reusable workflow from project-infra for running OSV scanner. Signed-off-by: erjavaskivuori <[email protected]>

erjavaskivuori force-pushed the erja/fix-osv-scanner branch from d438bbb to 415ef15 Compare September 25, 2025 07:05

tuminoid reviewed Sep 25, 2025

View reviewed changes

metal3-io-bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Sep 25, 2025

metal3-io-bot requested a review from lentzi90 September 26, 2025 08:39

metal3-io-bot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Sep 26, 2025

lentzi90 reviewed Sep 26, 2025

View reviewed changes

metal3-io-bot added the lgtm Indicates that a PR is ready to be merged. label Sep 26, 2025

metal3-io-bot merged commit 5dbcb3f into metal3-io:main Sep 26, 2025
20 checks passed

metal3-io-bot deleted the erja/fix-osv-scanner branch September 26, 2025 08:49

metal3-io-bot added this to the IPAM - v1.12 milestone Sep 26, 2025

🌱 Fix OSV-Scanner #1152

🌱 Fix OSV-Scanner #1152

Uh oh!

Conversation

erjavaskivuori commented Sep 15, 2025 • edited by tuminoid Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

github-advanced-security bot commented Sep 15, 2025

Uh oh!

erjavaskivuori commented Sep 15, 2025

Uh oh!

erjavaskivuori commented Sep 15, 2025

Uh oh!

erjavaskivuori commented Sep 15, 2025

Uh oh!

erjavaskivuori commented Sep 18, 2025

Uh oh!

tuminoid commented Sep 18, 2025

Uh oh!

tuminoid left a comment

Choose a reason for hiding this comment

Uh oh!

metal3-io-bot commented Sep 25, 2025

Uh oh!

tuminoid commented Sep 26, 2025

Uh oh!

tuminoid commented Sep 26, 2025

Uh oh!

metal3-io-bot commented Sep 26, 2025

Uh oh!

tuminoid commented Sep 26, 2025

Uh oh!

lentzi90 left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

erjavaskivuori commented Sep 15, 2025 •

edited by tuminoid

Loading