Skip to content

Tidy up CI#147

Merged
votdev merged 1 commit into
harvester:mainfrom
votdev:tidy_up_ci
Mar 30, 2026
Merged

Tidy up CI#147
votdev merged 1 commit into
harvester:mainfrom
votdev:tidy_up_ci

Conversation

@votdev
Copy link
Copy Markdown
Member

@votdev votdev commented Mar 30, 2026

... to ensure pinned versions of artifacts are used and checksum validation is performed where needed.

Related Issue:
https://github.com/rancher/rancher-security/issues/1533

@votdev votdev requested a review from ibrokethecloud March 30, 2026 11:16
@votdev votdev self-assigned this Mar 30, 2026
Copilot AI review requested due to automatic review settings March 30, 2026 11:16
Copilot AI reviewed Mar 30, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates CI/build tooling to use pinned artifact versions and add checksum verification to reduce supply-chain risk and improve reproducibility.

Changes:

  • Pin dapper download to v0.6.0 and add SHA-512 checksum validation in the Makefile.
  • Ensure the dapper image has Buildx support and add checksum verification for envtest binaries.
  • Switch packaging script to use docker buildx invocation.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.

File Description
scripts/package Uses docker buildx build for image packaging.
Makefile Pins dapper version and validates downloads via SHA-512 checksums.
Dockerfile.dapper Installs Buildx via package manager; pins golangci-lint; validates envtest tarball checksum.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread Makefile Outdated
Comment thread Makefile Outdated
martindekov
martindekov previously approved these changes Mar 30, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@martindekov martindekov left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM Volker!

w13915984028
w13915984028 previously approved these changes Mar 30, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@w13915984028 w13915984028 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks.

Comment thread Dockerfile.dapper Outdated
@votdev
Tidy up CI
cf856b9 
... to ensure pinned versions of artifacts are used and checksum validation is performed where needed.

Related to: rancher/rancher-security#1533

Signed-off-by: Volker Theile <vtheile@suse.com>
w13915984028
w13915984028 approved these changes Mar 30, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@w13915984028 w13915984028 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks.

@votdev votdev merged commit de2dc16 into harvester:main Mar 30, 2026
7 checks passed
@votdev votdev deleted the tidy_up_ci branch March 30, 2026 16:22
@votdev
Copy link
Copy Markdown
Member Author

votdev commented Mar 31, 2026

@Mergifyio backport v1.8

@mergify
Copy link
Copy Markdown

mergify Bot commented Mar 31, 2026
edited
Loading

backport v1.8

✅ Backports have been created

Details

mergify Bot pushed a commit that referenced this pull request Mar 31, 2026
@votdev @mergify
Tidy up CI (#147)
ff783ab 
... to ensure pinned versions of artifacts are used and checksum validation is performed where needed.

Related to: https://github.com/rancher/rancher-security/issues/1533

Signed-off-by: Volker Theile <vtheile@suse.com>
(cherry picked from commit de2dc16)
@mergify mergify Bot mentioned this pull request Mar 31, 2026
Merged
votdev added a commit that referenced this pull request Mar 31, 2026
@votdev
Tidy up CI (#147)
9ce46b8 
... to ensure pinned versions of artifacts are used and checksum validation is performed where needed.

Related to: rancher/rancher-security#1533

Signed-off-by: Volker Theile <vtheile@suse.com>
(cherry picked from commit de2dc16)
votdev added a commit that referenced this pull request Mar 31, 2026
@mergify @votdev
Tidy up CI (backport #147) (#148)
dbd5ffb 
... to ensure pinned versions of artifacts are used and checksum validation is performed where needed.

Related to: https://github.com/rancher/rancher-security/issues/1533


(cherry picked from commit de2dc16)

Signed-off-by: Volker Theile <vtheile@suse.com>
Co-authored-by: Volker Theile <vtheile@suse.com>
@Vicente-Cheng
Copy link
Copy Markdown
Contributor

Vicente-Cheng commented May 4, 2026

@Mergifyio backport v1.7

@mergify
Copy link
Copy Markdown

mergify Bot commented May 4, 2026
edited
Loading

backport v1.7

✅ Backports have been created

Details

Cherry-pick of de2dc16 has failed:

On branch mergify/bp/v1.7/pr-147
Your branch is up to date with 'origin/v1.7'.

You are currently cherry-picking commit de2dc16.
  (fix conflicts and run "git cherry-pick --continue")
  (use "git cherry-pick --skip" to skip this patch)
  (use "git cherry-pick --abort" to cancel the cherry-pick operation)

Changes to be committed:
	modified:   Makefile
	modified:   scripts/package

Unmerged paths:
  (use "git add <file>..." to mark resolution)
	both modified:   Dockerfile.dapper

To fix up this pull request, you can check it out locally. See documentation: https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/checking-out-pull-requests-locally

@mergify mergify Bot mentioned this pull request May 4, 2026
Merged
Vicente-Cheng pushed a commit that referenced this pull request May 4, 2026
@votdev @Vicente-Cheng
Tidy up CI (#147)
12f9730 
... to ensure pinned versions of artifacts are used and checksum validation is performed where needed.

Related to: rancher/rancher-security#1533

Signed-off-by: Volker Theile <vtheile@suse.com>
(cherry picked from commit de2dc16)
Vicente-Cheng pushed a commit that referenced this pull request May 4, 2026
@votdev @Vicente-Cheng
Tidy up CI (#147)
0dccda4 
... to ensure pinned versions of artifacts are used and checksum validation is performed where needed.

Related to: rancher/rancher-security#1533

Signed-off-by: Volker Theile <vtheile@suse.com>
(cherry picked from commit de2dc16)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@w13915984028 w13915984028 w13915984028 approved these changes

@ibrokethecloud ibrokethecloud Awaiting requested review from ibrokethecloud

@m-ildefons m-ildefons Awaiting requested review from m-ildefons

@martindekov martindekov Awaiting requested review from martindekov

Assignees

@votdev votdev

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@votdev @Vicente-Cheng @w13915984028 @martindekov