Skip to content

Commit

Permalink
workflow renovate-sanity-check: extrude
Browse files Browse the repository at this point in the history
  • Loading branch information
thypon authored and brave-support-admin committed Jun 7, 2024
1 parent 918bd26 commit fcd74b0
Show file tree
Hide file tree
Showing 3 changed files with 54 additions and 29 deletions.
33 changes: 4 additions & 29 deletions .github/workflows/renovate-sanity-check.yml
Original file line number Diff line number Diff line change
Expand Up @@ -9,34 +9,9 @@ jobs:
run:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
- uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
with:
node-version: '20.x'
- id: npm
run: cd ${{ github.workspace }}; npm ci
shell: bash
- name: run
id: run
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
env:
DEBUG: false
with:
github-token: ${{ secrets.CUSTOM_PROPERTY_MANAGER_GITHUB_TOKEN }}
script: |
console.log('${{ github.workspace }}/src/renovateSanityCheck.js');
const { default: renovateSanityCheck } = await import('${{ github.workspace }}/src/renovateSanityCheck.js');
return await renovateSanityCheck({
org: process.env.GITHUB_REPOSITORY_OWNER,
github: github,
debug: process.env.DEBUG
});
- uses: actions-ecosystem/action-slack-notifier@fc778468d09c43a6f4d1b8cccaca59766656996a # v1.1.0
if: ${{ fromJson(steps.run.outputs.result) != '' }}
- name: Renovate Sanity Check
uses: brave/security-action/actions/renovate-sanity-check@main
with:
github_token: ${{ secrets.CUSTOM_PROPERTY_MANAGER_GITHUB_TOKEN }}
slack_token: ${{ secrets.HOTSPOTS_SLACK_TOKEN }}
message: |
[renovate-sanity-check] ${{ fromJson(steps.run.outputs.result) }}
channel: secops-hotspots
color: yellow
verbose: false
debug: false
13 changes: 13 additions & 0 deletions actions/renovate-sanity-check/action.cjs
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
module.exports = async ({ github, context, inputs, actionPath, core, debug = false }) => {
console.log(`${actionPath}/src/renovateSanityCheck.js`)
const { default: renovateSanityCheck } = await import(`${actionPath}/src/renovateSanityCheck.js`)
const { default: sendSlackMessage } = await import(`${actionPath}/src/sendSlackMessage.js`)

const message = await renovateSanityCheck({
org: context.repo.owner,
github,
debug
})

if (message.length > 0) { await sendSlackMessage({ debug, username: 'renovate-sanity-check', message: `[renovate-sanity-check] ${message}`, color: 'yellow', channel: '#security-action', token: inputs.slack_token }) }
}
37 changes: 37 additions & 0 deletions actions/renovate-sanity-check/action.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
# action that runs monthly and check if all repositories in the organization are following the renovate central configuration
# to all repositories in this organization
name: renovate-sanity-check
description: Renovate Sanity Check
inputs:
github_token:
description: 'GitHub token'
required: true
slack_token:
description: 'Slack token'
required: true
debug:
description: 'Debug mode'
default: "false"
runs:
using: 'composite'
steps:
- uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
with:
node-version: '20.x'
- id: npm
run: cd ${{ github.action_path }}/../..; npm ci
shell: bash
- name: run
id: run
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
env:
DEBUG: ${{ (inputs.debug == 'true' || runner.debug) && 'true' || 'false'}}
with:
github-token: ${{ inputs.github_token }}
script: |
const actionPath = '${{ github.action_path }}/../../'
const inputs = ${{ toJson(inputs) }}
const script = require('${{ github.action_path }}/action.cjs')
await script({github, context, inputs, actionPath, core,
debug: process.env.DEBUG === 'true'})

0 comments on commit fcd74b0

Please sign in to comment.