Security Bulletin Fix #2381
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: API Format | |
on: | |
pull_request: | |
types: ["labeled", "closed"] | |
concurrency: | |
group: api-format-${{ github.ref }} | |
cancel-in-progress: true | |
env: | |
GITHUB_BRANCH: ${{ github.ref_name }} | |
NETLIFY_AUTH_TOKEN: ${{ secrets.NETLIFY_AUTH_TOKEN }} | |
NETLIFY_SITE_ID: ${{ secrets.NETLIFY_SITE_ID }} | |
FULLSTORY_ORGID: ${{ secrets.FULLSTORY_ORGID }} | |
ALGOLIA_ADMIN_KEY: ${{ secrets.ALGOLIA_ADMIN_KEY }} | |
ALGOLIA_APP_ID: ${{ secrets.ALGOLIA_APP_ID }} | |
ALGOLIA_SEARCH_KEY: ${{ secrets.ALGOLIA_SEARCH_KEY }} | |
ALGOLIA_INDEX_NAME: ${{ secrets.ALGOLIA_INDEX_NAME }} | |
PALETTE_API_KEY: ${{ secrets.PALETTE_API_KEY }} | |
DISABLE_PACKS_INTEGRATIONS: ${{ secrets.DISABLE_PACKS_INTEGRATIONS }} | |
DISABLE_SECURITY_INTEGRATIONS: ${{ secrets.DISABLE_SECURITY_INTEGRATIONS }} | |
DSO_AUTH_TOKEN: ${{ secrets.DSO_AUTH_TOKEN }} | |
jobs: | |
backport: | |
name: Format API PR | |
runs-on: ubuntu-latest | |
if: | | |
github.event.action == 'labeled' | |
&& github.event.label.name == 'api-format' | |
&& github.event.pull_request.draft == false | |
steps: | |
- name: Retrieve Credentials | |
id: import-secrets | |
uses: hashicorp/vault-action@v3.0.0 | |
with: | |
url: https://vault.prism.spectrocloud.com | |
method: approle | |
roleId: ${{ secrets.VAULT_ROLE_ID }} | |
secretId: ${{ secrets.VAULT_SECRET_ID }} | |
secrets: /providers/github/organizations/spectrocloud/token?org_name=spectrocloud token | VAULT_GITHUB_TOKEN | |
- name: Checkout Code | |
uses: actions/checkout@v4 | |
with: | |
token: ${{ steps.import-secrets.outputs.VAULT_GITHUB_TOKEN }} | |
- name: Setup Node.js environment | |
uses: actions/setup-node@v4 | |
with: | |
node-version: "20" | |
cache: "npm" | |
- name: Determine branch name | |
id: extract_branch | |
run: | | |
if [ "${{ github.event_name }}" = "pull_request" ]; then | |
echo "GITHUB_BRANCH=${{ github.head_ref }}" >> $GITHUB_ENV | |
else | |
echo "GITHUB_BRANCH=${{ github.ref_name }}" >> $GITHUB_ENV | |
fi | |
- run: npm ci | |
- name: Format API | |
run: make api | |
- name: Commit Changes | |
uses: stefanzweifel/git-auto-commit-action@v5 | |
with: | |
commit_message: "ci: auto-formatting API changes" | |
file_pattern: '*.json **.json **/*.json' | |
disable_globbing: true | |
- name: Slack Notification | |
if: ${{ failure() }} | |
uses: rtCamp/action-slack-notify@v2.3.2 | |
env: | |
SLACK_WEBHOOK: ${{ secrets.SLACK_PRIVATE_TEAM_WEBHOOK }} | |
SLACK_USERNAME: "spectromate" | |
SLACK_ICON_EMOJI: ":robot_panic:" | |
SLACK_COLOR: ${{ job.status }} | |
SLACK_MESSAGE: ' The PR for branch ${{env.GITHUB_BRANCH}} failed when attempting to format the API. Review the GitHub Actions logs for more details.' | |
- name: Post Netlify progress | |
uses: mshick/add-pr-comment@v2 | |
with: | |
message: | | |
🤖 The API has been formated and is ready for merging. | |
refresh-message-position: false |