@@ -17,47 +17,46 @@ jobs:
1717 GH_TOKEN : ${{ secrets.DEPENDABOT_PAT }}
1818 SLACK_WEBHOOK_URL : ${{ secrets.SLACK_WEBHOOK_URL }}
1919 run : |
20- # 1. Calculate time 65 minutes ago
21- TIME_THRESHOLD=$(date -u -d '65 minutes ago' +'%Y-%m-%dT%H:%M:%SZ')
22- echo "Checking for alerts created after: $TIME_THRESHOLD"
20+ echo "--- TEST MODE ACTIVE (Ignoring Time Threshold) ---"
2321
24- # 2. Fetch ALL open alerts (Raw JSON)
25- # We fetch raw data first to ensure we don't lose structure in complex filtering
22+ # 1. Fetch ALL open alerts (Raw JSON)
2623 RAW_DATA=$(gh api "/repos/${{ github.repository }}/dependabot/alerts?state=open")
2724
28- # 3. Filter locally using jq
29- # Note: If you want to force a test on OLD alerts, remove '| select(.created_at > $TIME)' below
30- ALERTS=$(echo "$RAW_DATA" | jq --arg TIME "$TIME_THRESHOLD" \
31- '[ .[] | select(.created_at > $TIME) | select(.security_advisory.severity == "critical" or .security_advisory.severity == "high") ]')
32-
33- # 4. Check results (COMMENTED OUT FOR TESTING)
34- # LENGTH=$(echo "$ALERTS" | jq 'length')
35- # if [ "$LENGTH" -eq 0 ]; then
36- # echo "No new alerts found in the last hour."
37- # exit 0
38- # fi
25+ # 2. Filter locally using jq
26+ # --- CHANGE IS HERE ---
27+ # I removed "| select(.created_at > $TIME)" so it finds OLD alerts too.
28+ # I also removed the Severity check so it finds ANY open alert (Low/Med/High).
29+ ALERTS=$(echo "$RAW_DATA" | jq '[ .[] | select(.state == "open") ]')
3930
31+ # 3. Debugging structure
4032 echo "New alerts detected! Debugging structure..."
4133
42- # --- DEBUG: Print the first alert keys to logs ---
34+ # Check if we actually have data now
35+ LENGTH=$(echo "$ALERTS" | jq 'length')
36+ if [ "$LENGTH" -eq 0 ]; then
37+ echo "::error:: Still no alerts found! check if your PAT has 'repo' or 'security_events' scope."
38+ exit 1
39+ fi
40+
41+ # Print keys to confirm we can read the data
4342 echo "Top-level keys found in first alert:"
4443 echo "$ALERTS" | jq '.[0] | keys'
45- # -----------------------------------------------
4644
47- # 5. Extract details (Using Try/Catch defaults to prevent crash)
48- # We use // to provide fallback text if the field is null
45+ # 4. Extract details
46+ # We use the raw data keys.
47+ # Note: If keys output shows 'security_vulnerability' instead of 'security_advisory', we might need to adjust below.
4948 PACKAGE=$(echo "$ALERTS" | jq -r '.[0].dependency.package.name // "Unknown Package"')
5049 SEVERITY=$(echo "$ALERTS" | jq -r '.[0].security_advisory.severity // "Unknown Severity"')
5150
52- # Try standard html_url, fallback to url, fallback to generic string
51+ # Fallback URL logic
5352 ISSUE_URL=$(echo "$ALERTS" | jq -r '.[0].html_url // .[0].url // "https://github.com"')
5453
5554 # Prepare text
5655 REPO_NAME="${{ github.repository }}"
5756 ISSUE_TITLE="${PACKAGE} (${SEVERITY})"
5857 ISSUE_USER="Dependabot"
5958
60- # 6 . Build Slack Message
59+ # 5 . Build Slack Message
6160 MESSAGE_TEXT=$(jq -n \
6261 --arg repo "$REPO_NAME" \
6362 --arg title "$ISSUE_TITLE" \
6665 --arg template "*📢 New Dependabot Alert ($REPO_NAME) 📢*\n\n*Issue Title:* $ISSUE_TITLE\n*Opened By:* $ISSUE_USER\n\n*View Issue:* $ISSUE_URL" \
6766 '$template')
6867
69- # 7 . Build Payload & Send
68+ # 6 . Build Payload & Send
7069 SLACK_PAYLOAD=$(jq -n \
7170 --arg text "$MESSAGE_TEXT" \
7271 '{
0 commit comments