Commit Graph

8 Commits

Author SHA1 Message Date
Liu Shilong
019e0acd51
[actions] Add auto cherry-pick actions to release branch (#11496)
* [actions] Add github actions to auto cherry-pick prs to release branches

* Add README, fix workflow
2022-10-10 16:55:00 +08:00
Mai Bui
95f4af3407
[actions] Support Semgrep by Github Actions (#12249)
Signed-off-by: maipbui <maibui@microsoft.com>
#### Why I did it
[Semgrep](https://github.com/returntocorp/semgrep) is a static analysis tool to find security vulnerabilities.
When opening a PR or commtting to PR, Semgrep performs a diff-aware scanning, which scans changed files in PRs.
When merging PR, Semgrep performs a full scan on master branch and report all findings.
Ref: - [Supported Language](https://semgrep.dev/docs/supported-languages/#language-maturity) - [Semgrep Rules](https://registry.semgrep.dev/rule)
#### How I did it
Integrate Semgrep into this repository by committing a job configuration file
#### How to verify it
PR: https://github.com/maipbui/sonic-buildimage/pull/2
Master branch full scan findings: [Master branch findings results](https://github.com/maipbui/sonic-buildimage/actions/runs/3160181876/jobs/5144332404)
PR https://github.com/maipbui/sonic-buildimage/pull/2 scan findings: [Pull request findings results](https://github.com/maipbui/sonic-buildimage/actions/runs/3160193505/jobs/5144357859)
2022-10-03 14:38:55 -04:00
Liu Shilong
98d6357ae7
[actions] Remove approve step in label action. (#12015)
Why I did it
Approve step needs special permission settings.
We already added permission setting to enable bypass merging PR.
So, approve step is not necessary.
2022-09-08 17:23:29 +08:00
Liu Shilong
030de9f26d
[actions] Add github context env in label action. (#11926) 2022-09-02 14:07:48 +08:00
Liu Shilong
4b4e311c14
[actions] Update github actions label and automerge. (#11736)
1. Add auto approve step when adding label to version upgrading PR.
2. Use mssonicbld TOKEN to merge version upgrading PR instead of 'github actions'
2022-08-29 11:24:57 +08:00
xumia
faab7d5991
[Build]: Support reproducible build for release branches (#9426)
[Build]: Support reproducible build for release branches #9426
2021-12-23 16:16:55 +08:00
xumia
57cc2081cd
Fix workflow permission issue when running in merge branch (#7417)
Fix the labeler workflow permission issue when merging from fork repo.
It impacts the labeler workflow to support auto-merge for package versions upgrade on 202012 branch. The current workaround is to add the label "automerge" on the PR sent by mssonicbld, then the automerge workflow will merge the PR.
2021-04-25 10:02:58 +08:00
xumia
12ab9af4fb
[ci] Support to merge SONiC package versions change pr automatically (#7065)
Support to merge the SONiC package versions upgrade pull request automatically.

#### How I did it
Add the automerge tag in the pull request.
1. Sent by the author mssonicbld
2. Only contains changes in files/build/**/*
3. Only for the specified branch 202012

Merge the pull request.
1. Sent by the author mssonicbld
2. The Azure Pipelines checker complete and successful
3. The pull request contains label automerge
2021-04-11 21:17:28 -07:00