Skip to content

Security Bulletin Fix #2381

Security Bulletin Fix

Security Bulletin Fix #2381

Workflow file for this run

name: API Format
on:
pull_request:
types: ["labeled", "closed"]
concurrency:
group: api-format-${{ github.ref }}
cancel-in-progress: true
env:
GITHUB_BRANCH: ${{ github.ref_name }}
NETLIFY_AUTH_TOKEN: ${{ secrets.NETLIFY_AUTH_TOKEN }}
NETLIFY_SITE_ID: ${{ secrets.NETLIFY_SITE_ID }}
FULLSTORY_ORGID: ${{ secrets.FULLSTORY_ORGID }}
ALGOLIA_ADMIN_KEY: ${{ secrets.ALGOLIA_ADMIN_KEY }}
ALGOLIA_APP_ID: ${{ secrets.ALGOLIA_APP_ID }}
ALGOLIA_SEARCH_KEY: ${{ secrets.ALGOLIA_SEARCH_KEY }}
ALGOLIA_INDEX_NAME: ${{ secrets.ALGOLIA_INDEX_NAME }}
PALETTE_API_KEY: ${{ secrets.PALETTE_API_KEY }}
DISABLE_PACKS_INTEGRATIONS: ${{ secrets.DISABLE_PACKS_INTEGRATIONS }}
DISABLE_SECURITY_INTEGRATIONS: ${{ secrets.DISABLE_SECURITY_INTEGRATIONS }}
DSO_AUTH_TOKEN: ${{ secrets.DSO_AUTH_TOKEN }}
jobs:
backport:
name: Format API PR
runs-on: ubuntu-latest
if: |
github.event.action == 'labeled'
&& github.event.label.name == 'api-format'
&& github.event.pull_request.draft == false
steps:
- name: Retrieve Credentials
id: import-secrets
uses: hashicorp/vault-action@v3.0.0
with:
url: https://vault.prism.spectrocloud.com
method: approle
roleId: ${{ secrets.VAULT_ROLE_ID }}
secretId: ${{ secrets.VAULT_SECRET_ID }}
secrets: /providers/github/organizations/spectrocloud/token?org_name=spectrocloud token | VAULT_GITHUB_TOKEN
- name: Checkout Code
uses: actions/checkout@v4
with:
token: ${{ steps.import-secrets.outputs.VAULT_GITHUB_TOKEN }}
- name: Setup Node.js environment
uses: actions/setup-node@v4
with:
node-version: "20"
cache: "npm"
- name: Determine branch name
id: extract_branch
run: |
if [ "${{ github.event_name }}" = "pull_request" ]; then
echo "GITHUB_BRANCH=${{ github.head_ref }}" >> $GITHUB_ENV
else
echo "GITHUB_BRANCH=${{ github.ref_name }}" >> $GITHUB_ENV
fi
- run: npm ci
- name: Format API
run: make api
- name: Commit Changes
uses: stefanzweifel/git-auto-commit-action@v5
with:
commit_message: "ci: auto-formatting API changes"
file_pattern: '*.json **.json **/*.json'
disable_globbing: true
- name: Slack Notification
if: ${{ failure() }}
uses: rtCamp/action-slack-notify@v2.3.2
env:
SLACK_WEBHOOK: ${{ secrets.SLACK_PRIVATE_TEAM_WEBHOOK }}
SLACK_USERNAME: "spectromate"
SLACK_ICON_EMOJI: ":robot_panic:"
SLACK_COLOR: ${{ job.status }}
SLACK_MESSAGE: ' The PR for branch ${{env.GITHUB_BRANCH}} failed when attempting to format the API. Review the GitHub Actions logs for more details.'
- name: Post Netlify progress
uses: mshick/add-pr-comment@v2
with:
message: |
🤖 The API has been formated and is ready for merging.
refresh-message-position: false