From 5119ab65de954c74dc63bc18e5c1e2265c5acd4a Mon Sep 17 00:00:00 2001 From: Andrea Brancaleoni Date: Fri, 7 Jun 2024 19:59:08 +0200 Subject: [PATCH] workflows: security-action migration --- .../add-maintainer-custom-property.yml | 17 +++++++++++++++++ .github/workflows/check-new-repos.yml | 16 ++++++++++++++++ .github/workflows/dependabot-auto-dismiss.yml | 16 ++++++++++++++++ .github/workflows/dependabot-nudge.yml | 17 +++++++++++++++++ .github/workflows/older-than-2y.yml | 16 ++++++++++++++++ .github/workflows/renovate-sanity-check.yml | 17 +++++++++++++++++ 6 files changed, 99 insertions(+) create mode 100644 .github/workflows/add-maintainer-custom-property.yml create mode 100644 .github/workflows/check-new-repos.yml create mode 100644 .github/workflows/dependabot-auto-dismiss.yml create mode 100644 .github/workflows/dependabot-nudge.yml create mode 100644 .github/workflows/older-than-2y.yml create mode 100644 .github/workflows/renovate-sanity-check.yml diff --git a/.github/workflows/add-maintainer-custom-property.yml b/.github/workflows/add-maintainer-custom-property.yml new file mode 100644 index 0000000..c3624db --- /dev/null +++ b/.github/workflows/add-maintainer-custom-property.yml @@ -0,0 +1,17 @@ +# action that runs monthly and add maintainer as a custom property +# to all repositories in this organization +name: Add Maintainer as Custom Property to Repositories +on: + schedule: + - cron: '0 0 27 * *' + workflow_dispatch: +jobs: + run: + runs-on: ubuntu-latest + steps: + - uses: brave/security-action/actions/add-maintainer-custom-property@main + with: + ignore_maintainers: brave-builds,brave-browser-releases,brave-support-admin + debug: false + github_token: ${{ secrets.CUSTOM_PROPERTY_MANAGER_GITHUB_TOKEN }} + slack_token: ${{ secrets.HOTSPOTS_SLACK_TOKEN }} \ No newline at end of file diff --git a/.github/workflows/check-new-repos.yml b/.github/workflows/check-new-repos.yml new file mode 100644 index 0000000..a526e0a --- /dev/null +++ b/.github/workflows/check-new-repos.yml @@ -0,0 +1,16 @@ +name: Check New Repos +on: + schedule: + # nightly (0th hour 0th minute of every day) + - cron: '0 0 * * *' + workflow_dispatch: +jobs: + build: + runs-on: ubuntu-latest + steps: + - name: check new repos + uses: brave/security-action/actions/check-new-repos@main + with: + github_token: ${{ secrets.ORG_READ_GITHUB_TOKEN }} + slack_token: ${{ secrets.HOTSPOTS_SLACK_TOKEN }} + debug: false \ No newline at end of file diff --git a/.github/workflows/dependabot-auto-dismiss.yml b/.github/workflows/dependabot-auto-dismiss.yml new file mode 100644 index 0000000..e001d4e --- /dev/null +++ b/.github/workflows/dependabot-auto-dismiss.yml @@ -0,0 +1,16 @@ +name: Weekly Dependabot Auto Dismiss +on: + schedule: + # Run at 24:00 UTC every Monday + - cron: "0 0 * * 1" + workflow_dispatch: +jobs: + run: + runs-on: ubuntu-latest + steps: + - name: dependabot auto dismiss + uses: brave/security-action/actions/dependabot-auto-dismiss@main + with: + github_token: ${{ secrets.DEPENDABOT_AUTO_DISMISS_GITHUB_TOKEN }} + slack_token: ${{ secrets.HOTSPOTS_SLACK_TOKEN }} + debug: false \ No newline at end of file diff --git a/.github/workflows/dependabot-nudge.yml b/.github/workflows/dependabot-nudge.yml new file mode 100644 index 0000000..23469a6 --- /dev/null +++ b/.github/workflows/dependabot-nudge.yml @@ -0,0 +1,17 @@ +name: Weekly Dependabot Nudge +on: + schedule: + # Run at 9am UTC every Monday + - cron: "0 9 * * 1" + workflow_dispatch: +jobs: + run: + runs-on: ubuntu-latest + steps: + - name: dependabot nudge + uses: brave/security-action/actions/dependabot-nudge@main + with: + github_token: ${{ secrets.DEPENDABOT_NUDGE_GITHUB_TOKEN }} + slack_token: ${{ secrets.HOTSPOTS_SLACK_TOKEN }} + gh_to_slack_user_map: ${{ secrets.GH_TO_SLACK_USER_MAP }} + debug: false \ No newline at end of file diff --git a/.github/workflows/older-than-2y.yml b/.github/workflows/older-than-2y.yml new file mode 100644 index 0000000..c712787 --- /dev/null +++ b/.github/workflows/older-than-2y.yml @@ -0,0 +1,16 @@ +name: Older Than 2 Years Informer +on: + schedule: + # Every month, first day of the month + - cron: '0 0 1 * *' + workflow_dispatch: +jobs: + build: + runs-on: ubuntu-latest + steps: + - name: older than 2 years informer + uses: brave/security-action/actions/older-than-2y@main + with: + github_token: ${{ secrets.ORG_READ_GITHUB_TOKEN }} + slack_token: ${{ secrets.HOTSPOTS_SLACK_TOKEN }} + debug: false \ No newline at end of file diff --git a/.github/workflows/renovate-sanity-check.yml b/.github/workflows/renovate-sanity-check.yml new file mode 100644 index 0000000..1bb3076 --- /dev/null +++ b/.github/workflows/renovate-sanity-check.yml @@ -0,0 +1,17 @@ +# action that runs monthly and check if all repositories in the organization are following the renovate central configuration +# to all repositories in this organization +name: Renovate Sanity Check +on: + schedule: + - cron: '0 0 15 * *' + workflow_dispatch: +jobs: + run: + runs-on: ubuntu-latest + steps: + - name: Renovate Sanity Check + uses: brave/security-action/actions/renovate-sanity-check@main + with: + github_token: ${{ secrets.CUSTOM_PROPERTY_MANAGER_GITHUB_TOKEN }} + slack_token: ${{ secrets.HOTSPOTS_SLACK_TOKEN }} + debug: false \ No newline at end of file