Skip to content

New action request: github/ghas-jira-integration #223

New action request: github/ghas-jira-integration

New action request: github/ghas-jira-integration #223

name: Get Dependabot alerts
on:
issues:
types: [labeled, unlabeled]
workflow_dispatch:
inputs:
issue:
description: 'Issue number to work with'
required: true
default: '11'
env:
fork-owner: rajbos-actions-test # where the forks are place
jobs:
find-action-name:
if: github.event.label.name == 'load-dependabot-alerts'
runs-on: ubuntu-latest
outputs:
action: ${{ steps.get-action.outputs.action }}
owner: ${{ steps.get-action.outputs.owner }}
name: ${{ steps.get-action.outputs.name }}
request_owner: ${{ steps.get-action.outputs.request_owner }}
request_repo: ${{ steps.get-action.outputs.request_repo }}
request_issue: ${{ steps.get-action.outputs.request_issue }}
steps:
- uses: actions/checkout@v2
- id: dispatch_issue_find
name: Find action from issue
run: |
echo "Testing for dispatch event with issue number: ${{ github.event.inputs.issue }}"
issue_number=${{ github.event.inputs.issue }}
if [ "${{ github.event.inputs.issue }}" == "" ]; then
echo "issue number not found in workflow dispatch event"
echo 'Found the issue that triggered this event with number [${{ github.event.issue.number }}]'
echo 'Found the issue title [${{ github.event.issue.title }}]'
else
echo "issue number found: [$issue_number]"
# output a fixed variable
echo "::set-output name=issue_number::${issue_number}"
fi
- uses: actions/github-script@v5
name: Find action from issue
id: get-action
with:
result-encoding: string
script: |
const script = require('./src/find-action-from-issue.js')
// note: owner is now the organization the FORK lives in:
const owner = context.repo.owner
const repo = context.repo.repo
let issue_number = context.issue.number
if (issue_number == null) {
// try to load issue number from other step:
console.log(`issue number not found in context, searching for it in workflow dispatch step`)
console.log(`issue number: [${{ steps.dispatch_issue_find.outputs.issue_number }}]`)
issue_number = `${{ steps.dispatch_issue_find.outputs.issue_number }}`
}
await script({github, owner, repo, issue_number})
# find the results from security vulnerabilities in Dependabot
dependabot-results:
runs-on: ubuntu-latest
needs: find-action-name
steps:
- uses: actions/checkout@v2
- uses: actions/github-script@v5
name: Get resuls from Dependabot scan
id: get-codeql-results
with:
github-token: ${{ secrets.GH_TOKEN }}
# todo: wait for the actual scans to have been completed
script: |
const script = require('./src/dependabot.js')
// note: owner is now the organization the FORK lives in:
let owner = "${{ env.fork-owner }}"
let repo = "${{ needs.find-action-name.outputs.name }}"
// check if dependabot security updates are enabled for the repo
const enabledResult = await github.request('GET /repos/{owner}/{repo}/vulnerability-alerts', {
owner,
repo
})
let results
if (enabledResult && enabledResult.status === 204) {
console.log(`Dependabot security alerts has been enabled for the repo ${owner}/${repo}, loading the alerts`)
results = await script({github, owner, repo})
console.log(`result: ${JSON.stringify(results)}`)
console.log(`::set-output name=dependabot_high::${results.high}`)
console.log(`::set-output name=dependabot_moderate::${results.moderate}`)
}
else {
console.log(`Dependabot security alerts have not been enabled for the repo ${owner}/${repo}, skipping the scan`)
console.log(`::set-output name=dependabot_high::999`)
console.log(`::set-output name=dependabot_moderate::999`)
results = {high: 999, moderate: 999}
}
const totalVulnerabilities = results.high + results.moderate
let status
if (totalVulnerabilities > 1) {
status = '⚠️'
}
else {
status = '✅'
}
let body = [
`:robot: Check completed with result: ${status}`,
``,
`Found ${totalVulnerabilities} Dependabot security vulnerabilities: `,
`${results.high} where high and ${results.moderate} where moderate.`,
``,
`Use this [link](https://github.com/${owner}/${repo}/security/dependabot) to verify the alerts.`
]
issue_number = `${{ needs.find-action-name.outputs.request_issue }}`
console.log(`Commenting the information on issue with number: ${issue_number}`)
console.log(`Body: [${body}]`)
// comment in the right repository
owner = "${{ needs.find-action-name.outputs.request_owner }}"
repo = "${{ needs.find-action-name.outputs.request_repo }}"
console.log(`Posting the findings back into this repo: ${owner}/${repo} on issue ${issue_number}`)
github.rest.issues.createComment({
owner,
repo,
issue_number,
body: body.join('\n')
});