Skip to content

Commit

Permalink
feat: Setup Dependabot workflow
Browse files Browse the repository at this point in the history
  • Loading branch information
@Bhavdeep13
Bhavdeep13 committed Jul 25, 2024
1 parent 2efd333 commit 00f031d
Showing 1 changed file with 17 additions and 4 deletions.
21 changes: 17 additions & 4 deletions .github/workflows/dependabot-security-issue-creator.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ jobs:
url: alert.html_url
}))));
- name: Create issues
- name: Check for existing issues and create new ones
uses: actions/github-script@v5
with:
github-token: ${{ secrets.DEPENDABOT_PAT }}
Expand All @@ -47,6 +47,12 @@ jobs:
return;
}
const existingIssues = await github.rest.issues.listForRepo({
owner: context.repo.owner,
repo: context.repo.repo,
state: 'open'
});
for (const alert of alerts) {
if (alert.severity.toLowerCase() !== 'high') {
console.log(`Skipping non-high severity alert: ${alert.package_name} - ${alert.severity}`);
Expand All @@ -55,12 +61,19 @@ jobs:
const alertNumber = alert.url.split('/').pop();
const issueTitle = `Security Alert: Dependabot issue (${alertNumber}) - ${alert.severity}`;
const issueExists = existingIssues.data.some(issue => issue.title === issueTitle);
if (issueExists) {
console.log(`Issue already exists for alert ${alertNumber}. Skipping creation.`);
continue;
}
const issueBody = `
A security vulnerability has been detected in the \`${alert.package_name}\` package.
A security vulnerability has been detected in the **${alert.package_name}** package.
**Severity**: ${alert.severity}
**Severity**: **${alert.severity}**
**Summary**: ${alert.summary}
**Summary**: **${alert.summary}**
**Details**: [View alert](${alert.url})
Expand Down

0 comments on commit 00f031d

Please sign in to comment.