feat: add snapshot-controller #731
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
fitbeard
force-pushed
the
feat/csi-snapshot-controller
branch
4 times, most recently
from
09f30f4 to
60ea552
Compare
Signed-off-by: Tadas Sutkaitis <[email protected]> Signed-off-by: Tadas Sutkaitis <[email protected]>
fitbeard
force-pushed
the
feat/csi-snapshot-controller
branch
from
60ea552 to
6d38505
Compare
okozachenko1203
requested changes
Aug 18, 2025
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* chore(deps): update dependency projectcalico/calico to v3.30.1 Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore: apply pre-commit hook updates --------- Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* chore(deps): update dependency projectcalico/calico to v3.30.2 Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore: apply pre-commit hook updates --------- Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
…#732) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* doc: update about images Signed-off-by: okozachenko1203 <[email protected]> * remove duplicated contents in readme Signed-off-by: okozachenko1203 <[email protected]> * Update images.md --------- Signed-off-by: okozachenko1203 <[email protected]> Co-authored-by: okozachenko1203 <[email protected]> Co-authored-by: Mohammed Naser <[email protected]>
kubernetes-sigs/cluster-api@afd68cd this is a pre-req change to upgrade CAPI to v1.10 Signed-off-by: okozachenko1203 <[email protected]>
* Upgrade capi version Signed-off-by: okozachenko1203 <[email protected]> * upgrade capi version to 1.10.5 --------- Signed-off-by: okozachenko1203 <[email protected]> Co-authored-by: Mohammed Naser <[email protected]>
* fix: default autoscaler image to .0 instead of hardcoding autoscaler images, we can simply assume .0 release exists for the requested version instead of full on failing. Signed-off-by: Mohammed Naser <[email protected]> * ci: add automation to keep cluster-autoscaler updated Signed-off-by: Mohammed Naser <[email protected]> * fix: enable cloud-provider option <1.29.0 Signed-off-by: Mohammed Naser <[email protected]> * chore: remove unused get_image functions Signed-off-by: Mohammed Naser <[email protected]> * fix: remove unused autoscaler options Signed-off-by: Mohammed Naser <[email protected]> * fix: remove cloud-provider only after 1.33 Signed-off-by: Mohammed Naser <[email protected]> --------- Signed-off-by: Mohammed Naser <[email protected]>
* ci: add automation for k8s version bump Signed-off-by: Mohammed Naser <[email protected]> * ci: use latest release images from capo-image-elements Signed-off-by: Mohammed Naser <[email protected]> * add gh cli Signed-off-by: Mohammed Naser <[email protected]> * ✨ chore: replace setup-gh action with install-gh-cli-action Signed-off-by: Mohammed Naser <[email protected]> * 🔧 chore: specify gh-cli version in CI workflow Signed-off-by: Mohammed Naser <[email protected]> * 🔧 chore: add GH_TOKEN environment variable for authentication Signed-off-by: Mohammed Naser <[email protected]> * 🔧 chore: update jq filter for kubernetes version in CI workflow Signed-off-by: Mohammed Naser <[email protected]> --------- Signed-off-by: Mohammed Naser <[email protected]>
* Add ability to set admission control plugins Signed-off-by: Kris Lindgren <[email protected]> * Fix tests and remove empty admission_plugin test Signed-off-by: Kris Lindgren <[email protected]> --------- Signed-off-by: Kris Lindgren <[email protected]>
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Added GH_TOKEN environment variable for cluster-autoscaler script.
…#763) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
Comment on lines
+10
to
+29
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | ||
| with: | ||
| token: ${{ secrets.VEXXHOST_BOT_PAT }} | ||
| - run: ./hack/bump/kubernetes.sh | ||
| - uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8 | ||
| with: | ||
| token: ${{ secrets.VEXXHOST_BOT_PAT }} | ||
| commit-message: "chore(deps): update kubernetes" | ||
| signoff: true | ||
| title: "chore(deps): update kubernetes" | ||
| body: | | ||
| ## Automated Kubernetes Version Update | ||
| This PR updates the Kubernetes versions in the CI workflow to the latest maintained versions. | ||
| Source: https://endoflife.date/kubernetes | ||
| delete-branch: true | ||
| branch: bump/kubernetes | ||
|
|
||
| cluster-autoscaler: |
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 5 months ago
The optimal way to fix the issue is to add an explicit permissions block to the workflow, at the top level (so it applies to all jobs by default), restricting the GITHUB_TOKEN to the least privilege. Since both jobs use the actions/checkout and peter-evans/create-pull-request actions, and the PR creation is done via a custom token (not GITHUB_TOKEN), only read access to git contents is required. Therefore, set permissions: contents: read at the root workflow level (just after the workflow name:), unless there are steps that require more permissions using the GITHUB_TOKEN (none seem present).
Changes needed:
- In
.github/workflows/bump.yml, insert apermissions:block after thename: bumpline, with at leastcontents: read. - No additional packages or methods are required for this change.
Suggested changeset
1
.github/workflows/bump.yml
| @@ -1,3 +1,5 @@ | ||
| permissions: | ||
| contents: read | ||
| name: bump | ||
|
|
||
| on: |
Copilot is powered by AI and may make mistakes. Always verify output.
Comment on lines
+30
to
+48
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | ||
| with: | ||
| token: ${{ secrets.VEXXHOST_BOT_PAT }} | ||
| - run: ./hack/bump/cluster-autoscaler.sh | ||
| env: | ||
| GH_TOKEN: ${{ github.token }} | ||
| - uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8 | ||
| with: | ||
| token: ${{ secrets.VEXXHOST_BOT_PAT }} | ||
| commit-message: "chore(deps): update cluster-autoscaler" | ||
| signoff: true | ||
| title: "chore(deps): update cluster-autoscaler" | ||
| body: | | ||
| ## Automated `cluster-autoscaler` update | ||
| This PR updates the `cluster-autoscaler` images to the latest versions. | ||
| delete-branch: true | ||
| branch: bump/cluster-autoscaler |
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 5 months ago
To fix the issue, add a permissions key to the workflow file. This block can be added either at the root level (applying to all jobs) or at the individual job level. Since both jobs in this workflow perform actions requiring repository access (checkout, create-pull-request, etc.), but only limited permissions are necessary, the block should grant only what is strictly required: contents: write (for pushing branches, committing to repository), and pull-requests: write (to create and update PRs). Some actions may work with less, but the two used here often require these permissions. Insert the following block after the workflow name on line 2:
permissions:
contents: write
pull-requests: writeNo method imports or external definitions are required.
Suggested changeset
1
.github/workflows/bump.yml
| @@ -1,3 +1,6 @@ | ||
| permissions: | ||
| contents: write | ||
| pull-requests: write | ||
| name: bump | ||
|
|
||
| on: |
Copilot is powered by AI and may make mistakes. Always verify output.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Solves: #117
Some answers to obvious questions: