Dachary feedback #25
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Security Vulnerability Slack Notification | ||
| # This workflow runs whenever a Dependabot alert is created or reopened. | ||
| on: | ||
| dependabot_alert: | ||
| types: [created, reopened] | ||
| jobs: | ||
| notify_slack_on_alert: | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Send Slack Notification via Direct Curl Payload | ||
| run: | | ||
| MESSAGE_TEXT="*🚨 Dependabot Alert: ${{ github.event.action }} 🚨*\n\n*Vulnerability:* ${{ github.event.alert.security_vulnerability.package.ecosystem }} package *${{ github.event.alert.security_vulnerability.package.name }}*\n*Severity:* ${{ github.event.alert.security_vulnerability.severity }}\n*Repository:* ${{ github.repository }}\n\n*View Details:* ${{ github.event.alert.html_url }}" | ||
| SLACK_PAYLOAD=$(jq -n \ | ||
| --arg text "${MESSAGE_TEXT}" \ | ||
| '{ | ||
| "channel": "#docs-devdocs-notifications", | ||
| "username": "Dependabot Notifier", | ||
| "icon_emoji": ":lock:", | ||
| "text": $text | ||
| }') | ||
| # 3. Send the request directly to the webhook URL stored as a secret | ||
| curl -X POST \ | ||
| -H 'Content-type: application/json' \ | ||
| --data "$SLACK_PAYLOAD" \ | ||
| ${{ secrets.SLACK_WEBHOOK }} | ||
| env: | ||
| # jq is pre-installed on GitHub runners and is used to safely build the JSON payload. | ||
| JQ_VERSION: 1.6 | ||
