From aabeeeffbd6209eb90989d3a827af3d2f665b738 Mon Sep 17 00:00:00 2001 From: cicdaccount Date: Mon, 25 Mar 2024 20:42:14 +0000 Subject: [PATCH 01/25] chore: synced local '.github/dependabot.yml' with remote '.github/dependabot.yml' --- .github/dependabot.yml | 35 +++++++++++++++++++++++++++++++---- 1 file changed, 31 insertions(+), 4 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 5dd981d9..bbee57d2 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -1,10 +1,37 @@ +# file is synced from cove-workflow + version: 2 +registries: + npm-npmjs: + type: npm-registry + url: https://registry.npmjs.org + token: ${{ secrets.NPM_TOKEN_READ_ONLY }} updates: - - package-ecosystem: "npm" + - package-ecosystem: "github-actions" directory: "/" schedule: - interval: "daily" - - package-ecosystem: "github-actions" + interval: "weekly" + commit-message: + prefix: chore + prefix-development: chore + groups: + all: + update-types: + - "major" + - "minor" + - "patch" + - package-ecosystem: "npm" directory: "/" + registries: + - npm-npmjs schedule: - interval: "daily" \ No newline at end of file + interval: "weekly" + commit-message: + prefix: chore + prefix-development: chore + groups: + dev-dependencies: + dependency-type: "development" + update-types: + - "minor" + - "patch" From 20424c46dc85906a3fdf68ec6b8f0fc75f2aa885 Mon Sep 17 00:00:00 2001 From: cicdaccount Date: Mon, 25 Mar 2024 20:42:14 +0000 Subject: [PATCH 02/25] chore: created local '.github/workflows/dependabot-new-pr.yml' from remote '.github/workflows/dependabot-new-pr.yml' --- .github/workflows/dependabot-new-pr.yml | 32 +++++++++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 .github/workflows/dependabot-new-pr.yml diff --git a/.github/workflows/dependabot-new-pr.yml b/.github/workflows/dependabot-new-pr.yml new file mode 100644 index 00000000..66f6315d --- /dev/null +++ b/.github/workflows/dependabot-new-pr.yml @@ -0,0 +1,32 @@ +name: Dependabot opened PR +on: + pull_request: + types: [opened, reopened] +jobs: + dependabot: + runs-on: ubuntu-latest + if: github.actor == 'dependabot[bot]' + steps: + - name: Print GitHub context + run: echo "$GITHUB_CONTEXT" + env: + GITHUB_CONTEXT: ${{ toJson(github) }} + - name: Post PR to \#dev-pr webhook + uses: slackapi/slack-github-action@v1.25.0 + with: + # For posting a rich message using Block Kit + payload: | + { + "text": "Dependabot opened new PR: <${{ github.event.pull_request.html_url }}|${{ github.event.pull_request.title }}>", + "blocks": [ + { + "type": "section", + "text": { + "type": "mrkdwn", + "text": "Dependabot opened new PR: <${{ github.event.pull_request.html_url }}|${{ github.event.pull_request.title }}>" + } + } + ] + } + env: + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_DEV_PR }} From 5ee47133eb2c489a216416522e643ba64bffd078 Mon Sep 17 00:00:00 2001 From: cicdaccount Date: Tue, 26 Mar 2024 00:55:25 +0000 Subject: [PATCH 03/25] chore: synced local '.github/workflows/dependabot-new-pr.yml' with remote '.github/workflows/dependabot-new-pr.yml' --- .github/workflows/dependabot-new-pr.yml | 28 ++++++++++++++++++------- 1 file changed, 21 insertions(+), 7 deletions(-) diff --git a/.github/workflows/dependabot-new-pr.yml b/.github/workflows/dependabot-new-pr.yml index 66f6315d..af94b17c 100644 --- a/.github/workflows/dependabot-new-pr.yml +++ b/.github/workflows/dependabot-new-pr.yml @@ -7,12 +7,10 @@ jobs: runs-on: ubuntu-latest if: github.actor == 'dependabot[bot]' steps: - - name: Print GitHub context - run: echo "$GITHUB_CONTEXT" - env: - GITHUB_CONTEXT: ${{ toJson(github) }} - name: Post PR to \#dev-pr webhook uses: slackapi/slack-github-action@v1.25.0 + env: + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_DEV_PR }} with: # For posting a rich message using Block Kit payload: | @@ -23,10 +21,26 @@ jobs: "type": "section", "text": { "type": "mrkdwn", - "text": "Dependabot opened new PR: <${{ github.event.pull_request.html_url }}|${{ github.event.pull_request.title }}>" + "text": "Dependabot opened a new PR: *<${{ github.event.pull_request.html_url }}|${{ github.event.pull_request.title }}>*" } + }, + { + "type": "section", + "fields": [ + { + "type": "mrkdwn", + "text": "*repository*" + }, + { + "type": "mrkdwn", + "text": " " + }, + { + "type": "mrkdwn", + "text": "${{ github.event.pull_request.name }}" + } + ] } ] } - env: - SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_DEV_PR }} + From 92722798842b8f561a4b197daf74c9ac4a2571f7 Mon Sep 17 00:00:00 2001 From: cicdaccount Date: Tue, 26 Mar 2024 22:15:07 +0000 Subject: [PATCH 04/25] chore: synced local '.github/workflows/dependabot-new-pr.yml' with remote '.github/workflows/dependabot-new-pr.yml' --- .github/workflows/dependabot-new-pr.yml | 58 ++++++++++++------------- 1 file changed, 29 insertions(+), 29 deletions(-) diff --git a/.github/workflows/dependabot-new-pr.yml b/.github/workflows/dependabot-new-pr.yml index af94b17c..6c4ee85f 100644 --- a/.github/workflows/dependabot-new-pr.yml +++ b/.github/workflows/dependabot-new-pr.yml @@ -1,46 +1,46 @@ -name: Dependabot opened PR +name: Debug on: pull_request: - types: [opened, reopened] jobs: dependabot: runs-on: ubuntu-latest - if: github.actor == 'dependabot[bot]' steps: + - name: Dump GitHub context + env: + GITHUB_CONTEXT: ${{ toJson(github) }} + run: | + echo "$GITHUB_CONTEXT" - name: Post PR to \#dev-pr webhook uses: slackapi/slack-github-action@v1.25.0 env: - SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_DEV_PR }} + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_X_JOBS_DEV }} + SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK with: # For posting a rich message using Block Kit payload: | { - "text": "Dependabot opened new PR: <${{ github.event.pull_request.html_url }}|${{ github.event.pull_request.title }}>", - "blocks": [ - { - "type": "section", - "text": { - "type": "mrkdwn", - "text": "Dependabot opened a new PR: *<${{ github.event.pull_request.html_url }}|${{ github.event.pull_request.title }}>*" - } - }, - { - "type": "section", - "fields": [ - { - "type": "mrkdwn", - "text": "*repository*" - }, - { - "type": "mrkdwn", - "text": " " - }, + "attachments": [ { - "type": "mrkdwn", - "text": "${{ github.event.pull_request.name }}" + "mrkdwn_in": ["text"], + "color": "#3679a6", + "pretext": "Dependabot opened new PR: ", + "author_name": "Dependabot 🤖", + "author_link": " ", + "author_icon": "https://placeimg.com/16/16/people", + "title": "${{ github.event.pull_request.title }}", + "title_link": "${{ github.event.pull_request.html_url }}", + "fields": + [ + { + "title": "repository", + "value": "${{ github.event.pull_request.head.repo.name }} ", + "short": false + } + ], + "thumb_url": "http://placekitten.com/g/200/200", + "footer": "footer", + "footer_icon": "https://platform.slack-edge.com/img/default_application_icon.png", + "ts": 123456789 } ] - } - ] } - From cda86e1c3f02c133b926beea7899d5c95700ace4 Mon Sep 17 00:00:00 2001 From: cicdaccount Date: Tue, 26 Mar 2024 22:17:07 +0000 Subject: [PATCH 05/25] chore: synced local '.github/workflows/dependabot-new-pr.yml' with remote '.github/workflows/dependabot-new-pr.yml' --- .github/workflows/dependabot-new-pr.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/dependabot-new-pr.yml b/.github/workflows/dependabot-new-pr.yml index 6c4ee85f..62cf26dc 100644 --- a/.github/workflows/dependabot-new-pr.yml +++ b/.github/workflows/dependabot-new-pr.yml @@ -13,7 +13,7 @@ jobs: - name: Post PR to \#dev-pr webhook uses: slackapi/slack-github-action@v1.25.0 env: - SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_X_JOBS_DEV }} + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_DEV_PR }} SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK with: # For posting a rich message using Block Kit From b4f85a594ed4b3b57aaa937402a2d6e57f4d33a9 Mon Sep 17 00:00:00 2001 From: cicdaccount Date: Tue, 26 Mar 2024 22:18:14 +0000 Subject: [PATCH 06/25] chore: synced local '.github/workflows/dependabot-new-pr.yml' with remote '.github/workflows/dependabot-new-pr.yml' --- .github/workflows/dependabot-new-pr.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/dependabot-new-pr.yml b/.github/workflows/dependabot-new-pr.yml index 62cf26dc..2195b9ed 100644 --- a/.github/workflows/dependabot-new-pr.yml +++ b/.github/workflows/dependabot-new-pr.yml @@ -38,7 +38,7 @@ jobs: } ], "thumb_url": "http://placekitten.com/g/200/200", - "footer": "footer", + "footer": " ", "footer_icon": "https://platform.slack-edge.com/img/default_application_icon.png", "ts": 123456789 } From 31e727f9560c85a1187f379e08a0a187a6e8261b Mon Sep 17 00:00:00 2001 From: cicdaccount Date: Tue, 26 Mar 2024 22:20:31 +0000 Subject: [PATCH 07/25] chore: synced local '.github/workflows/dependabot-new-pr.yml' with remote '.github/workflows/dependabot-new-pr.yml' --- .github/workflows/dependabot-new-pr.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/dependabot-new-pr.yml b/.github/workflows/dependabot-new-pr.yml index 2195b9ed..3b1e7445 100644 --- a/.github/workflows/dependabot-new-pr.yml +++ b/.github/workflows/dependabot-new-pr.yml @@ -37,9 +37,9 @@ jobs: "short": false } ], - "thumb_url": "http://placekitten.com/g/200/200", + "thumb_url": "https://manage.cove.is/imgs/favicon.png", "footer": " ", - "footer_icon": "https://platform.slack-edge.com/img/default_application_icon.png", + "footer_icon": "https://manage.cove.is/imgs/favicon.png", "ts": 123456789 } ] From 527b1e19017e3927800ce6d9e0abf15378aeff3b Mon Sep 17 00:00:00 2001 From: cicdaccount Date: Tue, 26 Mar 2024 22:21:31 +0000 Subject: [PATCH 08/25] chore: synced local '.github/workflows/dependabot-new-pr.yml' with remote '.github/workflows/dependabot-new-pr.yml' --- .github/workflows/dependabot-new-pr.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/dependabot-new-pr.yml b/.github/workflows/dependabot-new-pr.yml index 3b1e7445..2262d589 100644 --- a/.github/workflows/dependabot-new-pr.yml +++ b/.github/workflows/dependabot-new-pr.yml @@ -26,7 +26,7 @@ jobs: "pretext": "Dependabot opened new PR: ", "author_name": "Dependabot 🤖", "author_link": " ", - "author_icon": "https://placeimg.com/16/16/people", + "author_icon": "https://manage.cove.is/imgs/favicon.png", "title": "${{ github.event.pull_request.title }}", "title_link": "${{ github.event.pull_request.html_url }}", "fields": From 065ddbded37bc1a7c839f542a8a8415b648c9447 Mon Sep 17 00:00:00 2001 From: cicdaccount Date: Tue, 26 Mar 2024 22:21:57 +0000 Subject: [PATCH 09/25] chore: synced local '.github/workflows/dependabot-new-pr.yml' with remote '.github/workflows/dependabot-new-pr.yml' --- .github/workflows/dependabot-new-pr.yml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/.github/workflows/dependabot-new-pr.yml b/.github/workflows/dependabot-new-pr.yml index 2262d589..2297c207 100644 --- a/.github/workflows/dependabot-new-pr.yml +++ b/.github/workflows/dependabot-new-pr.yml @@ -5,11 +5,6 @@ jobs: dependabot: runs-on: ubuntu-latest steps: - - name: Dump GitHub context - env: - GITHUB_CONTEXT: ${{ toJson(github) }} - run: | - echo "$GITHUB_CONTEXT" - name: Post PR to \#dev-pr webhook uses: slackapi/slack-github-action@v1.25.0 env: From a500c1895329bdcf447bd4039741d34aa77511cf Mon Sep 17 00:00:00 2001 From: cicdaccount Date: Tue, 26 Mar 2024 22:21:59 +0000 Subject: [PATCH 10/25] chore: synced local '.github/workflows/dependabot-new-pr.yml' with remote '.github/workflows/dependabot-new-pr.yml' --- .github/workflows/dependabot-new-pr.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/dependabot-new-pr.yml b/.github/workflows/dependabot-new-pr.yml index 2297c207..2262d589 100644 --- a/.github/workflows/dependabot-new-pr.yml +++ b/.github/workflows/dependabot-new-pr.yml @@ -5,6 +5,11 @@ jobs: dependabot: runs-on: ubuntu-latest steps: + - name: Dump GitHub context + env: + GITHUB_CONTEXT: ${{ toJson(github) }} + run: | + echo "$GITHUB_CONTEXT" - name: Post PR to \#dev-pr webhook uses: slackapi/slack-github-action@v1.25.0 env: From 8fce5842bfdd1c2baa65b8f18694aa7158256e2b Mon Sep 17 00:00:00 2001 From: cicdaccount Date: Tue, 26 Mar 2024 22:22:33 +0000 Subject: [PATCH 11/25] chore: synced local '.github/workflows/dependabot-new-pr.yml' with remote '.github/workflows/dependabot-new-pr.yml' --- .github/workflows/dependabot-new-pr.yml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/.github/workflows/dependabot-new-pr.yml b/.github/workflows/dependabot-new-pr.yml index 2262d589..2297c207 100644 --- a/.github/workflows/dependabot-new-pr.yml +++ b/.github/workflows/dependabot-new-pr.yml @@ -5,11 +5,6 @@ jobs: dependabot: runs-on: ubuntu-latest steps: - - name: Dump GitHub context - env: - GITHUB_CONTEXT: ${{ toJson(github) }} - run: | - echo "$GITHUB_CONTEXT" - name: Post PR to \#dev-pr webhook uses: slackapi/slack-github-action@v1.25.0 env: From 7484948a723ad8155fd99bf07f8c6691b24f524d Mon Sep 17 00:00:00 2001 From: cicdaccount Date: Tue, 26 Mar 2024 22:28:41 +0000 Subject: [PATCH 12/25] chore: synced local '.github/workflows/dependabot-new-pr.yml' with remote '.github/workflows/dependabot-new-pr.yml' --- .github/workflows/dependabot-new-pr.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/dependabot-new-pr.yml b/.github/workflows/dependabot-new-pr.yml index 2297c207..9ce8ed8a 100644 --- a/.github/workflows/dependabot-new-pr.yml +++ b/.github/workflows/dependabot-new-pr.yml @@ -1,9 +1,13 @@ name: Debug on: pull_request: + types: + - opened + - reopened jobs: dependabot: runs-on: ubuntu-latest + if: github.actor == 'dependabot[bot]' steps: - name: Post PR to \#dev-pr webhook uses: slackapi/slack-github-action@v1.25.0 From 631d89f5c264a73b5306e95bef659ea9bcf98e77 Mon Sep 17 00:00:00 2001 From: cicdaccount Date: Tue, 2 Apr 2024 19:14:44 +0000 Subject: [PATCH 13/25] chore: synced local '.github/workflows/dependabot-new-pr.yml' with remote '.github/workflows/dependabot-new-pr.yml' --- .github/workflows/dependabot-new-pr.yml | 26 +++++++++++++++++++++++-- 1 file changed, 24 insertions(+), 2 deletions(-) diff --git a/.github/workflows/dependabot-new-pr.yml b/.github/workflows/dependabot-new-pr.yml index 9ce8ed8a..cbebc49b 100644 --- a/.github/workflows/dependabot-new-pr.yml +++ b/.github/workflows/dependabot-new-pr.yml @@ -1,4 +1,4 @@ -name: Debug +name: Dependabot New PR on: pull_request: types: @@ -9,13 +9,20 @@ jobs: runs-on: ubuntu-latest if: github.actor == 'dependabot[bot]' steps: + - uses: actions/checkout@v4 + - name: read maintainers.json + id: read-maintainers + # reads maintainers array and map them to their slack userIds "mentions" (see slack api https://api.slack.com/reference/surfaces/formatting#mentioning-users) + run: | + echo "maintainers=$(cat maintainers.json | jq '.[] | to_entries | .[].value' | jq --slurp -r '. | join(" ")')" >> "$GITHUB_OUTPUT" - name: Post PR to \#dev-pr webhook + if: always() # continue even if read-maintainers failed for some reason uses: slackapi/slack-github-action@v1.25.0 env: SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_DEV_PR }} SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK + MAINTAINERS: ${{ steps.read-maintainers.outputs.maintainers }} with: - # For posting a rich message using Block Kit payload: | { "attachments": [ @@ -34,6 +41,11 @@ jobs: "title": "repository", "value": "${{ github.event.pull_request.head.repo.name }} ", "short": false + }, + { + "title": "maintainers", + "value": "${{ env.MAINTAINERS || 'no one' }}", + "short": true } ], "thumb_url": "https://manage.cove.is/imgs/favicon.png", @@ -43,3 +55,13 @@ jobs: } ] } + ############################################# + notify-all: + ############################################# + uses: livelyhood/cove-workflows/.github/workflows/notify.yml@main + needs: + - dependabot + if: ${{ always() && contains(needs.*.result, 'failure') }} + secrets: inherit + with: + failure: true From 2e6ef7fb9c07ad89ce7d5f0cb80140dbc7e04d61 Mon Sep 17 00:00:00 2001 From: cicdaccount Date: Mon, 15 Apr 2024 19:23:46 +0000 Subject: [PATCH 14/25] chore: synced local '.github/workflows/dependabot-new-pr.yml' with remote '.github/workflows/dependabot-new-pr.yml' --- .github/workflows/dependabot-new-pr.yml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/.github/workflows/dependabot-new-pr.yml b/.github/workflows/dependabot-new-pr.yml index cbebc49b..6f1e10b1 100644 --- a/.github/workflows/dependabot-new-pr.yml +++ b/.github/workflows/dependabot-new-pr.yml @@ -29,9 +29,7 @@ jobs: { "mrkdwn_in": ["text"], "color": "#3679a6", - "pretext": "Dependabot opened new PR: ", "author_name": "Dependabot 🤖", - "author_link": " ", "author_icon": "https://manage.cove.is/imgs/favicon.png", "title": "${{ github.event.pull_request.title }}", "title_link": "${{ github.event.pull_request.html_url }}", @@ -49,9 +47,6 @@ jobs: } ], "thumb_url": "https://manage.cove.is/imgs/favicon.png", - "footer": " ", - "footer_icon": "https://manage.cove.is/imgs/favicon.png", - "ts": 123456789 } ] } From eea3980cd19a12b86188bbf76dd173cc3ee9aa03 Mon Sep 17 00:00:00 2001 From: cicdaccount Date: Mon, 15 Apr 2024 22:51:06 +0000 Subject: [PATCH 15/25] chore: synced local '.github/workflows/dependabot-new-pr.yml' with remote '.github/workflows/dependabot-new-pr.yml' --- .github/workflows/dependabot-new-pr.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/dependabot-new-pr.yml b/.github/workflows/dependabot-new-pr.yml index 6f1e10b1..7793cc3b 100644 --- a/.github/workflows/dependabot-new-pr.yml +++ b/.github/workflows/dependabot-new-pr.yml @@ -15,14 +15,14 @@ jobs: # reads maintainers array and map them to their slack userIds "mentions" (see slack api https://api.slack.com/reference/surfaces/formatting#mentioning-users) run: | echo "maintainers=$(cat maintainers.json | jq '.[] | to_entries | .[].value' | jq --slurp -r '. | join(" ")')" >> "$GITHUB_OUTPUT" - - name: Post PR to \#dev-pr webhook + - name: 'Post PR to #dev-pr' if: always() # continue even if read-maintainers failed for some reason uses: slackapi/slack-github-action@v1.25.0 env: - SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_DEV_PR }} - SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK + SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }} MAINTAINERS: ${{ steps.read-maintainers.outputs.maintainers }} with: + channel-id: C0399MY1YKW # dev-pr channel payload: | { "attachments": [ From c4114caee1a20613133bcf36fe10cac028ea2958 Mon Sep 17 00:00:00 2001 From: cicdaccount Date: Mon, 15 Apr 2024 22:51:06 +0000 Subject: [PATCH 16/25] chore: created local '.github/workflows/dependabot-open-vulnerabilities.yml' from remote '.github/workflows/dependabot-open-vulnerabilities.yml' --- .../dependabot-open-vulnerabilities.yml | 97 +++++++++++++++++++ 1 file changed, 97 insertions(+) create mode 100644 .github/workflows/dependabot-open-vulnerabilities.yml diff --git a/.github/workflows/dependabot-open-vulnerabilities.yml b/.github/workflows/dependabot-open-vulnerabilities.yml new file mode 100644 index 00000000..4ca7ed59 --- /dev/null +++ b/.github/workflows/dependabot-open-vulnerabilities.yml @@ -0,0 +1,97 @@ +name: 'Dependabot Check for Vulnerabilities' +on: + schedule: + - cron: '0 15 * * 1-5' #UTC todo: change once it's proven to work + workflow_dispatch: + +jobs: + dependabot: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: read maintainers.json + id: read-maintainers + # reads maintainers array and map them to their slack userIds "mentions" (see slack api https://api.slack.com/reference/surfaces/formatting#mentioning-users) + run: | + echo "maintainers=$(cat maintainers.json | jq '.[] | to_entries | .[].value' | jq --slurp -r '. | join(" ")')" >> "$GITHUB_OUTPUT" + - name: query open vulnerability alerts + id: list-vulnerabilities + uses: actions/github-script@v7 + with: + github-token: ${{ secrets.ADMIN_TOKEN_FOR_GITHUB_ACTIONS }} + script: | + const { repo: { owner, repo } } = context; + + const { data } = await github.rest.dependabot.listAlertsForRepo({ + owner, + repo, + state: 'open' + }); + + const vulnerabilities = data.map((vulnerability)=> ({ + package: vulnerability.dependency.package.name, + severity: vulnerability.security_vulnerability.severity, + url: vulnerability.html_url, + })); + + const sortedVulnerabilities = vulnerabilities.sort((a,b) => { + const severityOrder = ['critical', 'high', 'medium', 'low']; + const aIndex = severityOrder.indexOf(a.severity); + const bIndex = severityOrder.indexOf(b.severity); + return aIndex-bIndex + }); + + const messages = sortedVulnerabilities.map(({ package, severity, url })=> ({ + title: `${package} (${severity})`, + value: url, + short: false + })); + + console.log({ messages }); + return messages; + - name: count open vulnerability alerts + id: count-vulnerabilities + env: + VULNERABILITIES: ${{ steps.list-vulnerabilities.outputs.result }} + run: | + COUNT=$(echo "${VULNERABILITIES}" | jq '. | length') + echo "count=${COUNT}" >> "${GITHUB_OUTPUT}" + - name: 'Post PR to #alerts-vulnerabilities' + if: ${{ steps.count-vulnerabilities.outputs.count > 0 }} + uses: slackapi/slack-github-action@v1.25.0 + env: + SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }} + TITLE: ${{ format('Open vulnerabilities in {0}{1} {2}', github.event.repository.name, ':', steps.read-maintainers.outputs.maintainers) }} + TITLE_LINK: ${{ format('{0}/security/dependabot', github.event.repository.html_url) }} + VULNERABILITIES: ${{ steps.list-vulnerabilities.outputs.result }} + with: + channel-id: C06U7QP8VTN # alerts-vulnerabilities + payload: | + { + "attachments": [ + { + "mrkdwn_in": ["fields"], + "color": "#3679a6", + "author_name": "Dependabot 🤖", + "author_link": " ", + "author_icon": "https://manage.cove.is/imgs/favicon.png", + "title": "${{ env.TITLE }}", + "title_link": "${{ env.TITLE_LINK }}", + "fields": ${{ env.VULNERABILITIES }}, + "thumb_url": "https://manage.cove.is/imgs/favicon.png", + "footer": " ", + "footer_icon": "https://manage.cove.is/imgs/favicon.png", + "ts": 123456789 + } + ] + } + ############################################# + notify-all: + ############################################# + uses: livelyhood/cove-workflows/.github/workflows/notify.yml@main + needs: + - dependabot + if: ${{ always() && contains(needs.*.result, 'failure') }} + secrets: inherit + with: + failure: true From 2b24ad34fdae764e2d016bad5ca7818296d71628 Mon Sep 17 00:00:00 2001 From: cicdaccount Date: Tue, 16 Apr 2024 15:24:29 +0000 Subject: [PATCH 17/25] chore: synced local '.github/workflows/dependabot-open-vulnerabilities.yml' with remote '.github/workflows/dependabot-open-vulnerabilities.yml' --- .../dependabot-open-vulnerabilities.yml | 31 ++----------------- 1 file changed, 2 insertions(+), 29 deletions(-) diff --git a/.github/workflows/dependabot-open-vulnerabilities.yml b/.github/workflows/dependabot-open-vulnerabilities.yml index 4ca7ed59..a2d01c1a 100644 --- a/.github/workflows/dependabot-open-vulnerabilities.yml +++ b/.github/workflows/dependabot-open-vulnerabilities.yml @@ -20,35 +20,8 @@ jobs: with: github-token: ${{ secrets.ADMIN_TOKEN_FOR_GITHUB_ACTIONS }} script: | - const { repo: { owner, repo } } = context; - - const { data } = await github.rest.dependabot.listAlertsForRepo({ - owner, - repo, - state: 'open' - }); - - const vulnerabilities = data.map((vulnerability)=> ({ - package: vulnerability.dependency.package.name, - severity: vulnerability.security_vulnerability.severity, - url: vulnerability.html_url, - })); - - const sortedVulnerabilities = vulnerabilities.sort((a,b) => { - const severityOrder = ['critical', 'high', 'medium', 'low']; - const aIndex = severityOrder.indexOf(a.severity); - const bIndex = severityOrder.indexOf(b.severity); - return aIndex-bIndex - }); - - const messages = sortedVulnerabilities.map(({ package, severity, url })=> ({ - title: `${package} (${severity})`, - value: url, - short: false - })); - - console.log({ messages }); - return messages; + const script = require('./src/scripts/dependabot-open-vulnerabilities.js'); + return await script({github, context, core}); - name: count open vulnerability alerts id: count-vulnerabilities env: From a4d890290bf589a6a28af10b52cbba72fdb29431 Mon Sep 17 00:00:00 2001 From: cicdaccount Date: Tue, 16 Apr 2024 15:24:29 +0000 Subject: [PATCH 18/25] chore: created local '.github/workflows/dependabot-reminder-open-prs.yml' from remote '.github/workflows/dependabot-reminder-open-prs.yml' --- .../dependabot-reminder-open-prs.yml | 72 +++++++++++++++++++ 1 file changed, 72 insertions(+) create mode 100644 .github/workflows/dependabot-reminder-open-prs.yml diff --git a/.github/workflows/dependabot-reminder-open-prs.yml b/.github/workflows/dependabot-reminder-open-prs.yml new file mode 100644 index 00000000..a4f10073 --- /dev/null +++ b/.github/workflows/dependabot-reminder-open-prs.yml @@ -0,0 +1,72 @@ +name: 'Dependabot Open Dependabot PR Reminder' +on: + schedule: + - cron: '0 15 * * 1-5' #UTC todo: change once it's proven to work + workflow_dispatch: + pull_request: + +jobs: + dependabot: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: read maintainers.json + id: read-maintainers + # reads maintainers array and map them to their slack userIds "mentions" (see slack api https://api.slack.com/reference/surfaces/formatting#mentioning-users) + run: | + echo "maintainers=$(cat maintainers.json | jq '.[] | to_entries | .[].value' | jq --slurp -r '. | join(" ")')" >> "$GITHUB_OUTPUT" + - name: query open dependabot PRs + id: open-dependabot-prs + uses: actions/github-script@v7 + with: + github-token: ${{ secrets.ADMIN_TOKEN_FOR_GITHUB_ACTIONS }} + script: | + const script = require('./src/scripts/dependabot-reminder-open-prs.js'); + return await script({github, context, core}); + - name: count open prs + id: count-prs + env: + PRS: ${{ steps.open-dependabot-prs.outputs.result }} + run: | + COUNT=$(echo "${PRS}" | jq '. | length') + echo "count=${COUNT}" >> "${GITHUB_OUTPUT}" + - name: 'Post PR to #dev-pr' + if: ${{ steps.count-prs.outputs.count > 0 }} + uses: slackapi/slack-github-action@v1.25.0 + env: + SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }} + TITLE: ${{ format('Open Dependabot PRs in {0}{1} {2}', github.event.repository.name, ':', steps.read-maintainers.outputs.maintainers) }} + TITLE_LINK: ${{ format('{0}/pulls/dependabot[bot]', github.event.repository.html_url) }} + PRS: ${{ steps.open-dependabot-prs.outputs.result }} + with: + # channel-id: C0399MY1YKW # dev-pr + channel-id: C010P2PH0H3 # x_jobs_dev debug channel + payload: | + { + "attachments": [ + { + "mrkdwn_in": ["fields"], + "color": "#3679a6", + "author_name": "Dependabot 🤖", + "author_link": " ", + "author_icon": "https://manage.cove.is/imgs/favicon.png", + "title": "${{ env.TITLE }}", + "title_link": "${{ env.TITLE_LINK }}", + "fields": ${{ env.PRS }}, + "thumb_url": "https://manage.cove.is/imgs/favicon.png", + "footer": " ", + "footer_icon": "https://manage.cove.is/imgs/favicon.png", + "ts": 123456789 + } + ] + } + ############################################# + notify-all: + ############################################# + uses: livelyhood/cove-workflows/.github/workflows/notify.yml@main + needs: + - dependabot + if: ${{ always() && contains(needs.*.result, 'failure') }} + secrets: inherit + with: + failure: true From c5e2f93ee7565a33afeed98338cf375f645cc38f Mon Sep 17 00:00:00 2001 From: cicdaccount Date: Tue, 16 Apr 2024 15:43:25 +0000 Subject: [PATCH 19/25] chore: synced local '.github/workflows/dependabot-reminder-open-prs.yml' with remote '.github/workflows/dependabot-reminder-open-prs.yml' --- .github/workflows/dependabot-reminder-open-prs.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/dependabot-reminder-open-prs.yml b/.github/workflows/dependabot-reminder-open-prs.yml index a4f10073..03ae65ab 100644 --- a/.github/workflows/dependabot-reminder-open-prs.yml +++ b/.github/workflows/dependabot-reminder-open-prs.yml @@ -3,7 +3,6 @@ on: schedule: - cron: '0 15 * * 1-5' #UTC todo: change once it's proven to work workflow_dispatch: - pull_request: jobs: dependabot: From c951f42684a84c1a31bef3383177a8843bb549b4 Mon Sep 17 00:00:00 2001 From: cicdaccount Date: Tue, 16 Apr 2024 20:38:19 +0000 Subject: [PATCH 20/25] chore: synced local '.github/workflows/dependabot-open-vulnerabilities.yml' with remote '.github/workflows/dependabot-open-vulnerabilities.yml' --- .../workflows/dependabot-open-vulnerabilities.yml | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/.github/workflows/dependabot-open-vulnerabilities.yml b/.github/workflows/dependabot-open-vulnerabilities.yml index a2d01c1a..f7c74d85 100644 --- a/.github/workflows/dependabot-open-vulnerabilities.yml +++ b/.github/workflows/dependabot-open-vulnerabilities.yml @@ -8,7 +8,17 @@ jobs: dependabot: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - name: check out current repositories + # to read maintainers.json + uses: actions/checkout@v4 + - name: check out cove-workflows + # this is necessary because this workflow gets synced to other repos + uses: actions/checkout@v4 + with: + repository: livelyhood/cove-workflows + ref: ${{ (github.repository == 'livelyhood/cove-workflows' && github.ref) || 'main' }} # IF the this workflow was called from this repo THEN checkout the current github.ref ELSE use main + path: ./cove-workflows + token: ${{ secrets.ADMIN_TOKEN_FOR_GITHUB_ACTIONS }} - name: read maintainers.json id: read-maintainers # reads maintainers array and map them to their slack userIds "mentions" (see slack api https://api.slack.com/reference/surfaces/formatting#mentioning-users) @@ -20,7 +30,7 @@ jobs: with: github-token: ${{ secrets.ADMIN_TOKEN_FOR_GITHUB_ACTIONS }} script: | - const script = require('./src/scripts/dependabot-open-vulnerabilities.js'); + const script = require('./cove-workflows/src/scripts/dependabot-open-vulnerabilities.js'); return await script({github, context, core}); - name: count open vulnerability alerts id: count-vulnerabilities From c79eac97d888158491f737a1ae5c2a2dc29c6569 Mon Sep 17 00:00:00 2001 From: cicdaccount Date: Tue, 16 Apr 2024 20:38:19 +0000 Subject: [PATCH 21/25] chore: synced local '.github/workflows/dependabot-reminder-open-prs.yml' with remote '.github/workflows/dependabot-reminder-open-prs.yml' --- .github/workflows/dependabot-reminder-open-prs.yml | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/.github/workflows/dependabot-reminder-open-prs.yml b/.github/workflows/dependabot-reminder-open-prs.yml index 03ae65ab..af157484 100644 --- a/.github/workflows/dependabot-reminder-open-prs.yml +++ b/.github/workflows/dependabot-reminder-open-prs.yml @@ -8,7 +8,17 @@ jobs: dependabot: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - name: check out current repositories + # to read maintainers.json + uses: actions/checkout@v4 + - name: check out cove-workflows + # this is necessary because this workflow gets synced to other repos + uses: actions/checkout@v4 + with: + repository: livelyhood/cove-workflows + ref: ${{ (github.repository == 'livelyhood/cove-workflows' && github.ref) || 'main' }} # IF the this workflow was called from this repo THEN checkout the current github.ref ELSE use main + path: ./cove-workflows + token: ${{ secrets.ADMIN_TOKEN_FOR_GITHUB_ACTIONS }} - name: read maintainers.json id: read-maintainers # reads maintainers array and map them to their slack userIds "mentions" (see slack api https://api.slack.com/reference/surfaces/formatting#mentioning-users) @@ -20,7 +30,7 @@ jobs: with: github-token: ${{ secrets.ADMIN_TOKEN_FOR_GITHUB_ACTIONS }} script: | - const script = require('./src/scripts/dependabot-reminder-open-prs.js'); + const script = require('./cove-workflows/src/scripts/dependabot-reminder-open-prs.js'); return await script({github, context, core}); - name: count open prs id: count-prs From e10ab14e9b701f7a53edcc4fb57136ae05df40a8 Mon Sep 17 00:00:00 2001 From: cicdaccount Date: Thu, 18 Apr 2024 18:18:03 +0000 Subject: [PATCH 22/25] chore: synced local '.github/workflows/dependabot-new-pr.yml' with remote '.github/workflows/dependabot-new-pr.yml' --- .github/workflows/dependabot-new-pr.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/dependabot-new-pr.yml b/.github/workflows/dependabot-new-pr.yml index 7793cc3b..26eed806 100644 --- a/.github/workflows/dependabot-new-pr.yml +++ b/.github/workflows/dependabot-new-pr.yml @@ -14,6 +14,7 @@ jobs: id: read-maintainers # reads maintainers array and map them to their slack userIds "mentions" (see slack api https://api.slack.com/reference/surfaces/formatting#mentioning-users) run: | + # shellcheck disable=SC2002 echo "maintainers=$(cat maintainers.json | jq '.[] | to_entries | .[].value' | jq --slurp -r '. | join(" ")')" >> "$GITHUB_OUTPUT" - name: 'Post PR to #dev-pr' if: always() # continue even if read-maintainers failed for some reason From 03bcddf68185f93d23a509245f4f0163e727e6b8 Mon Sep 17 00:00:00 2001 From: cicdaccount Date: Thu, 18 Apr 2024 18:18:03 +0000 Subject: [PATCH 23/25] chore: synced local '.github/workflows/dependabot-open-vulnerabilities.yml' with remote '.github/workflows/dependabot-open-vulnerabilities.yml' --- .github/workflows/dependabot-open-vulnerabilities.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/dependabot-open-vulnerabilities.yml b/.github/workflows/dependabot-open-vulnerabilities.yml index f7c74d85..f51322c6 100644 --- a/.github/workflows/dependabot-open-vulnerabilities.yml +++ b/.github/workflows/dependabot-open-vulnerabilities.yml @@ -23,6 +23,7 @@ jobs: id: read-maintainers # reads maintainers array and map them to their slack userIds "mentions" (see slack api https://api.slack.com/reference/surfaces/formatting#mentioning-users) run: | + # shellcheck disable=SC2002 echo "maintainers=$(cat maintainers.json | jq '.[] | to_entries | .[].value' | jq --slurp -r '. | join(" ")')" >> "$GITHUB_OUTPUT" - name: query open vulnerability alerts id: list-vulnerabilities From a3c8b24412ca09d8daffb8a39ad96d7671e2baa6 Mon Sep 17 00:00:00 2001 From: cicdaccount Date: Thu, 18 Apr 2024 18:18:03 +0000 Subject: [PATCH 24/25] chore: synced local '.github/workflows/dependabot-reminder-open-prs.yml' with remote '.github/workflows/dependabot-reminder-open-prs.yml' --- .github/workflows/dependabot-reminder-open-prs.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/dependabot-reminder-open-prs.yml b/.github/workflows/dependabot-reminder-open-prs.yml index af157484..e98c61c6 100644 --- a/.github/workflows/dependabot-reminder-open-prs.yml +++ b/.github/workflows/dependabot-reminder-open-prs.yml @@ -23,6 +23,7 @@ jobs: id: read-maintainers # reads maintainers array and map them to their slack userIds "mentions" (see slack api https://api.slack.com/reference/surfaces/formatting#mentioning-users) run: | + # shellcheck disable=SC2002 echo "maintainers=$(cat maintainers.json | jq '.[] | to_entries | .[].value' | jq --slurp -r '. | join(" ")')" >> "$GITHUB_OUTPUT" - name: query open dependabot PRs id: open-dependabot-prs From 3c69e01c3f254023f8faa08678a72e75a037233d Mon Sep 17 00:00:00 2001 From: Sebastian Loh Date: Thu, 18 Apr 2024 20:16:47 -0700 Subject: [PATCH 25/25] chores CAN-7656/CAN-7679: delete synced workflows --- .../dependabot-open-vulnerabilities.yml | 81 ------------------ .../dependabot-reminder-open-prs.yml | 82 ------------------- 2 files changed, 163 deletions(-) delete mode 100644 .github/workflows/dependabot-open-vulnerabilities.yml delete mode 100644 .github/workflows/dependabot-reminder-open-prs.yml diff --git a/.github/workflows/dependabot-open-vulnerabilities.yml b/.github/workflows/dependabot-open-vulnerabilities.yml deleted file mode 100644 index f51322c6..00000000 --- a/.github/workflows/dependabot-open-vulnerabilities.yml +++ /dev/null @@ -1,81 +0,0 @@ -name: 'Dependabot Check for Vulnerabilities' -on: - schedule: - - cron: '0 15 * * 1-5' #UTC todo: change once it's proven to work - workflow_dispatch: - -jobs: - dependabot: - runs-on: ubuntu-latest - steps: - - name: check out current repositories - # to read maintainers.json - uses: actions/checkout@v4 - - name: check out cove-workflows - # this is necessary because this workflow gets synced to other repos - uses: actions/checkout@v4 - with: - repository: livelyhood/cove-workflows - ref: ${{ (github.repository == 'livelyhood/cove-workflows' && github.ref) || 'main' }} # IF the this workflow was called from this repo THEN checkout the current github.ref ELSE use main - path: ./cove-workflows - token: ${{ secrets.ADMIN_TOKEN_FOR_GITHUB_ACTIONS }} - - name: read maintainers.json - id: read-maintainers - # reads maintainers array and map them to their slack userIds "mentions" (see slack api https://api.slack.com/reference/surfaces/formatting#mentioning-users) - run: | - # shellcheck disable=SC2002 - echo "maintainers=$(cat maintainers.json | jq '.[] | to_entries | .[].value' | jq --slurp -r '. | join(" ")')" >> "$GITHUB_OUTPUT" - - name: query open vulnerability alerts - id: list-vulnerabilities - uses: actions/github-script@v7 - with: - github-token: ${{ secrets.ADMIN_TOKEN_FOR_GITHUB_ACTIONS }} - script: | - const script = require('./cove-workflows/src/scripts/dependabot-open-vulnerabilities.js'); - return await script({github, context, core}); - - name: count open vulnerability alerts - id: count-vulnerabilities - env: - VULNERABILITIES: ${{ steps.list-vulnerabilities.outputs.result }} - run: | - COUNT=$(echo "${VULNERABILITIES}" | jq '. | length') - echo "count=${COUNT}" >> "${GITHUB_OUTPUT}" - - name: 'Post PR to #alerts-vulnerabilities' - if: ${{ steps.count-vulnerabilities.outputs.count > 0 }} - uses: slackapi/slack-github-action@v1.25.0 - env: - SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }} - TITLE: ${{ format('Open vulnerabilities in {0}{1} {2}', github.event.repository.name, ':', steps.read-maintainers.outputs.maintainers) }} - TITLE_LINK: ${{ format('{0}/security/dependabot', github.event.repository.html_url) }} - VULNERABILITIES: ${{ steps.list-vulnerabilities.outputs.result }} - with: - channel-id: C06U7QP8VTN # alerts-vulnerabilities - payload: | - { - "attachments": [ - { - "mrkdwn_in": ["fields"], - "color": "#3679a6", - "author_name": "Dependabot 🤖", - "author_link": " ", - "author_icon": "https://manage.cove.is/imgs/favicon.png", - "title": "${{ env.TITLE }}", - "title_link": "${{ env.TITLE_LINK }}", - "fields": ${{ env.VULNERABILITIES }}, - "thumb_url": "https://manage.cove.is/imgs/favicon.png", - "footer": " ", - "footer_icon": "https://manage.cove.is/imgs/favicon.png", - "ts": 123456789 - } - ] - } - ############################################# - notify-all: - ############################################# - uses: livelyhood/cove-workflows/.github/workflows/notify.yml@main - needs: - - dependabot - if: ${{ always() && contains(needs.*.result, 'failure') }} - secrets: inherit - with: - failure: true diff --git a/.github/workflows/dependabot-reminder-open-prs.yml b/.github/workflows/dependabot-reminder-open-prs.yml deleted file mode 100644 index e98c61c6..00000000 --- a/.github/workflows/dependabot-reminder-open-prs.yml +++ /dev/null @@ -1,82 +0,0 @@ -name: 'Dependabot Open Dependabot PR Reminder' -on: - schedule: - - cron: '0 15 * * 1-5' #UTC todo: change once it's proven to work - workflow_dispatch: - -jobs: - dependabot: - runs-on: ubuntu-latest - steps: - - name: check out current repositories - # to read maintainers.json - uses: actions/checkout@v4 - - name: check out cove-workflows - # this is necessary because this workflow gets synced to other repos - uses: actions/checkout@v4 - with: - repository: livelyhood/cove-workflows - ref: ${{ (github.repository == 'livelyhood/cove-workflows' && github.ref) || 'main' }} # IF the this workflow was called from this repo THEN checkout the current github.ref ELSE use main - path: ./cove-workflows - token: ${{ secrets.ADMIN_TOKEN_FOR_GITHUB_ACTIONS }} - - name: read maintainers.json - id: read-maintainers - # reads maintainers array and map them to their slack userIds "mentions" (see slack api https://api.slack.com/reference/surfaces/formatting#mentioning-users) - run: | - # shellcheck disable=SC2002 - echo "maintainers=$(cat maintainers.json | jq '.[] | to_entries | .[].value' | jq --slurp -r '. | join(" ")')" >> "$GITHUB_OUTPUT" - - name: query open dependabot PRs - id: open-dependabot-prs - uses: actions/github-script@v7 - with: - github-token: ${{ secrets.ADMIN_TOKEN_FOR_GITHUB_ACTIONS }} - script: | - const script = require('./cove-workflows/src/scripts/dependabot-reminder-open-prs.js'); - return await script({github, context, core}); - - name: count open prs - id: count-prs - env: - PRS: ${{ steps.open-dependabot-prs.outputs.result }} - run: | - COUNT=$(echo "${PRS}" | jq '. | length') - echo "count=${COUNT}" >> "${GITHUB_OUTPUT}" - - name: 'Post PR to #dev-pr' - if: ${{ steps.count-prs.outputs.count > 0 }} - uses: slackapi/slack-github-action@v1.25.0 - env: - SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }} - TITLE: ${{ format('Open Dependabot PRs in {0}{1} {2}', github.event.repository.name, ':', steps.read-maintainers.outputs.maintainers) }} - TITLE_LINK: ${{ format('{0}/pulls/dependabot[bot]', github.event.repository.html_url) }} - PRS: ${{ steps.open-dependabot-prs.outputs.result }} - with: - # channel-id: C0399MY1YKW # dev-pr - channel-id: C010P2PH0H3 # x_jobs_dev debug channel - payload: | - { - "attachments": [ - { - "mrkdwn_in": ["fields"], - "color": "#3679a6", - "author_name": "Dependabot 🤖", - "author_link": " ", - "author_icon": "https://manage.cove.is/imgs/favicon.png", - "title": "${{ env.TITLE }}", - "title_link": "${{ env.TITLE_LINK }}", - "fields": ${{ env.PRS }}, - "thumb_url": "https://manage.cove.is/imgs/favicon.png", - "footer": " ", - "footer_icon": "https://manage.cove.is/imgs/favicon.png", - "ts": 123456789 - } - ] - } - ############################################# - notify-all: - ############################################# - uses: livelyhood/cove-workflows/.github/workflows/notify.yml@main - needs: - - dependabot - if: ${{ always() && contains(needs.*.result, 'failure') }} - secrets: inherit - with: - failure: true