Skip to content

Commit

Permalink
workflow dependabot-nudge: extrude
Browse files Browse the repository at this point in the history
  • Loading branch information
thypon authored and brave-support-admin committed Jun 7, 2024
1 parent 7b87b37 commit 309f8c6
Show file tree
Hide file tree
Showing 3 changed files with 71 additions and 45 deletions.
51 changes: 6 additions & 45 deletions .github/workflows/dependabot-nudge.yml
Original file line number Diff line number Diff line change
Expand Up @@ -8,49 +8,10 @@ jobs:
run:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
- uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
- name: dependabot nudge
uses: brave/security-action/actions/dependabot-nudge@main
with:
node-version: '20.x'
- id: npm
run: cd ${{ github.workspace }}; npm ci
shell: bash
- uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
env:
SLACK_TOKEN: ${{ secrets.HOTSPOTS_SLACK_TOKEN }}
SLACK_CHANNEL: '#secops-hotspots'
GH_TO_SLACK_USER_MAP: ${{ secrets.GH_TO_SLACK_USER_MAP }}
DEBUG: false
with:
github-token: ${{ secrets.DEPENDABOT_NUDGE_GITHUB_TOKEN }}
script: |
const debug = process.env.DEBUG === 'true';
const { default: sendSlackMessage } = await import('${{ github.workspace }}/src/sendSlackMessage.js');
const { default: dependabotNudge } = await import('${{ github.workspace }}/src/dependabotNudge.js');
let githubToSlack = {};
try {
githubToSlack = JSON.parse(process.env.GH_TO_SLACK_USER_MAP);
} catch (e) {
if (debug) console.log('GH_TO_SLACK_USER_MAP is not valid JSON');
}
// set minlevel to 'medium' if it's the first Monday of the month, otherwise stick to high or critical issues
let minlevel = 'medium';
const today = new Date();
if (today.getDate() > 7) {
if (debug)
console.log('Not the first Monday of the month!');
minlevel = 'high';
}
const messages = await dependabotNudge({debug, org: process.env.GITHUB_REPOSITORY_OWNER, github: github, minlevel: minlevel, githubToSlack: githubToSlack});
for (const message of messages) {
try {
await sendSlackMessage({debug, username: 'dependabot', message: message, channel: process.env.SLACK_CHANNEL, token: process.env.SLACK_TOKEN});
} catch (error) {
if (debug)
console.log(error);
}
}
github_token: ${{ secrets.DEPENDABOT_NUDGE_GITHUB_TOKEN }}
slack_token: ${{ secrets.HOTSPOTS_SLACK_TOKEN }}
gh_to_slack_user_map: ${{ secrets.GH_TO_SLACK_USER_MAP }}
debug: false
29 changes: 29 additions & 0 deletions actions/dependabot-nudge/action.cjs
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
module.exports = async ({ github, context, inputs, actionPath, core, debug = false }) => {
const { default: sendSlackMessage } = await import(`${actionPath}/src/sendSlackMessage.js`)
const { default: dependabotNudge } = await import(`${actionPath}/src/dependabotNudge.js`)

let githubToSlack = {}
try {
githubToSlack = JSON.parse(inputs.gh_to_slack_user_map)
} catch (e) {
if (debug) console.log('GH_TO_SLACK_USER_MAP is not valid JSON')
}

// set minlevel to 'medium' if it's the first Monday of the month, otherwise stick to high or critical issues
let minlevel = 'medium'
const today = new Date()
if (today.getDate() > 7) {
if (debug) { console.log('Not the first Monday of the month!') }
minlevel = 'high'
}

const messages = await dependabotNudge({ debug, org: context.repo.owner, github, minlevel, githubToSlack })

for (const message of messages) {
try {
await sendSlackMessage({ debug, username: 'dependabot', message, channel: '#secops-hotspots', token: inputs.slack_token })
} catch (error) {
if (debug) { console.log(error) }
}
}
}
36 changes: 36 additions & 0 deletions actions/dependabot-nudge/action.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
name: weekly-dependabot-nudge
description: Weekly Dependabot Nudge
inputs:
github_token:
description: 'GitHub Token'
required: true
slack_token:
description: 'Slack Token'
required: true
gh_to_slack_user_map:
description: 'JSON map of github usernames to slack usernames'
required: false
debug:
description: 'Debug mode'
required: false
runs:
using: 'composite'
steps:
- uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
with:
node-version: '20.x'
- id: npm
run: cd ${{ github.action_path }}/../..; npm ci
shell: bash
- uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
env:
DEBUG: ${{ (inputs.debug == 'true' || runner.debug) && 'true' || 'false'}}
with:
github-token: ${{ inputs.github_token }}
script: |-
const actionPath = '${{ github.action_path }}/../../'
const inputs = ${{ toJson(inputs) }}
const script = require('${{ github.action_path }}/action.cjs')
await script({github, context, inputs, actionPath, core,
debug: process.env.DEBUG === 'true'})

0 comments on commit 309f8c6

Please sign in to comment.