@@ -17,58 +17,66 @@ jobs:
1717 GH_TOKEN : ${{ secrets.DEPENDABOT_PAT }}
1818 SLACK_WEBHOOK_URL : ${{ secrets.SLACK_WEBHOOK_URL }}
1919 run : |
20- echo "--- TEST MODE ACTIVE (Fetching open alerts) ---"
20+ echo "--- CHECKING FOR ALERTS ---"
2121
2222 # 1. Fetch ALL open alerts
2323 RAW_DATA=$(gh api "/repos/${{ github.repository }}/dependabot/alerts?state=open")
2424
25- # 2. Filter locally (Select ANY open alert for testing)
25+ # 2. Filter: (Currently set to ALL open alerts for testing)
26+ # To go live, uncomment the time filter later: | select(.created_at > $TIME_THRESHOLD)
2627 ALERTS=$(echo "$RAW_DATA" | jq '[ .[] | select(.state == "open") ]')
2728
28- # 3. Check results
29+ # 3. Check count
2930 LENGTH=$(echo "$ALERTS" | jq 'length')
3031 if [ "$LENGTH" -eq 0 ]; then
31- echo "::error :: No alerts found."
32- exit 1
32+ echo "::notice :: No alerts found."
33+ exit 0
3334 fi
3435
35- echo "Found alerts. Extracting details..."
36-
37- # 4. Extract details
38- # NEW: Extract the 'summary' (The description of the vulnerability)
39- SUMMARY=$(echo "$ALERTS" | jq -r '.[0].security_advisory.summary // "Security Vulnerability"')
40- PACKAGE=$(echo "$ALERTS" | jq -r '.[0].dependency.package.name // "Unknown Package"')
41- SEVERITY=$(echo "$ALERTS" | jq -r '.[0].security_advisory.severity // "Unknown"')
42- ISSUE_URL=$(echo "$ALERTS" | jq -r '.[0].html_url // .[0].url // "https://github.com"')
43-
36+ echo "Found $LENGTH alerts. Sending notifications..."
4437 REPO_NAME="${{ github.repository }}"
4538 ISSUE_USER="Dependabot"
4639
47- # 5. Format the Title
48- # OLD: next (high)
49- # NEW: Cross-site Scripting - next (high)
50- ISSUE_TITLE="${SUMMARY} - ${PACKAGE} (${SEVERITY})"
40+ # 4. LOOP through each alert found
41+ # 'jq -c .[]' prints each alert object on a new line so we can loop over them
42+ echo "$ALERTS" | jq -c '.[]' | while read -r alert; do
43+
44+ # Extract details for THIS specific alert
45+ SUMMARY=$(echo "$alert" | jq -r '.security_advisory.summary // "Security Vulnerability"')
46+ PACKAGE=$(echo "$alert" | jq -r '.dependency.package.name // "Unknown Package"')
47+ SEVERITY=$(echo "$alert" | jq -r '.security_advisory.severity // "Unknown"')
48+ ISSUE_URL=$(echo "$alert" | jq -r '.html_url // .url // "https://github.com"')
49+
50+ # Format Title
51+ ISSUE_TITLE="${SUMMARY} - ${PACKAGE} (${SEVERITY})"
52+
53+ echo "Sending alert for: $PACKAGE"
5154
52- # 6. Build Slack Message
53- MESSAGE_TEXT=$(jq -n \
54- --arg repo "$REPO_NAME" \
55- --arg title "$ISSUE_TITLE" \
56- --arg user "$ISSUE_USER" \
57- --arg url "$ISSUE_URL" \
58- --arg template "*📢 New Dependabot Alert ($REPO_NAME) 📢*\n\n*Issue Title:* $ISSUE_TITLE\n*Opened By:* $ISSUE_USER\n\n*View Issue:* $ISSUE_URL" \
59- '$template')
55+ # Build Slack Message
56+ MESSAGE_TEXT=$(jq -n \
57+ --arg repo "$REPO_NAME" \
58+ --arg title "$ISSUE_TITLE" \
59+ --arg user "$ISSUE_USER" \
60+ --arg url "$ISSUE_URL" \
61+ --arg template "*📢 New Dependabot Alert ($REPO_NAME) 📢*\n\n*Issue Title:* $ISSUE_TITLE\n*Opened By:* $ISSUE_USER\n\n*View Issue:* $ISSUE_URL" \
62+ '$template')
6063
61- # 7. Build Payload & Send
62- SLACK_PAYLOAD=$(jq -n \
63- --arg text "$MESSAGE_TEXT" \
64- '{
65- "channel": "#docs-devdocs-notifications",
66- "username": "Security Vulnerability Slack Notification",
67- "icon_emoji": ":rotating_light:",
68- "text": $text
69- }')
64+ # Build Payload
65+ SLACK_PAYLOAD=$(jq -n \
66+ --arg text "$MESSAGE_TEXT" \
67+ '{
68+ "channel": "#docs-devdocs-notifications",
69+ "username": "Security Vulnerability Slack Notification",
70+ "icon_emoji": ":rotating_light:",
71+ "text": $text
72+ }')
7073
71- curl -X POST \
72- -H 'Content-type: application/json' \
73- --data "$SLACK_PAYLOAD" \
74- "$SLACK_WEBHOOK_URL"
74+ # Send to Slack
75+ curl -s -X POST \
76+ -H 'Content-type: application/json' \
77+ --data "$SLACK_PAYLOAD" \
78+ "$SLACK_WEBHOOK_URL"
79+
80+ # Small sleep to prevent rate limiting if there are many alerts
81+ sleep 1
82+ done
0 commit comments