Skip to content

chore: auto-trigger cg detection on go module change in main branch #114 #282

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
ryanzhang-oss merged 2 commits into from
Sep 13, 2022
Merged

chore: auto-trigger cg detection on go module change in main branch #114 #282

ryanzhang-oss merged 2 commits into from
Sep 13, 2022

Conversation

@mainred
Copy link
Member

@mainred mainred commented Sep 10, 2022

Description of your changes

The component governance pipeline detects security issues of OSS components, consumed in fleet-networking by go modules, and we want to trigger this pipeline automatically whenever there's a change in go.mod or go.sum.

reference of the change: Azure/fleet-networking#114

Fixes #

I have:

  • Run make reviewable to ensure this PR is ready for review.

How has this code been tested

Special notes for your reviewer

@mainred
Copy link
Member Author

mainred commented Sep 10, 2022

To enable the trigger in the change, we need to first uncheck Override the YAML continuous integration trigger from here you may find the link, but it seems to require more access to this github repo than I have, so need your help to uncheck the box after this PR is merged. @ryanzhang-oss

image

https://msazure.visualstudio.com/CloudNativeCompute/_apps/hub/ms.vss-ciworkflow.build-ci-hub?_a=edit-build-definition&id=287360&view=Tab_Triggers

@mainred
Copy link
Member Author

mainred commented Sep 10, 2022

Also, on the CG alert notification page, I have added @ryanzhang-oss and @Ealianis to the email notification list for high or higher severity alert
https://msazure.visualstudio.com/CloudNativeCompute/_componentGovernance/198802?_a=settings&view=alerts

@ryanzhang-oss ryanzhang-oss merged commit c64bc1e into Azure:main Sep 13, 2022
@mainred mainred deleted the auto-trigger-cg-detection branch September 15, 2022 07:34
Arvindthiru pushed a commit to Arvindthiru/fleet-public that referenced this pull request Oct 17, 2025
@dependabot
chore: bump github/codeql-action from 3 to 4 (Azure#282)
b621ed3 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3 to 4.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@v3...v4)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: '4'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@Arvindthiru Arvindthiru mentioned this pull request Oct 17, 2025
Merged
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ryanzhang-oss ryanzhang-oss ryanzhang-oss approved these changes

@zhiying-lin zhiying-lin Awaiting requested review from zhiying-lin

@Ealianis Ealianis Awaiting requested review from Ealianis

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mainred @ryanzhang-oss