Skip to content

Alert

Alert #65

Workflow file for this run

name: Alert
on:
schedule:
- cron: '30 10 * * 1'
workflow_dispatch:
jobs:
Alert:
runs-on: ubuntu-latest
steps:
- name: Install Python
uses: actions/setup-python@v4
with:
python-version: 3.12
- name: Install pipx
run: python -m pip install pipx
- name: Install gha-token
run: python -m pipx install "git+https://github.com/hypothesis/gha-token.git"
- name: Checkout dependabot-alerts
uses: actions/checkout@v4
- name: Install dependabot-alerts
run: python -m pipx install .
- name: Get GitHub token
id: github_token
run: echo GITHUB_TOKEN=$(gha-token --app-id 274948 --installation-id 32440510 --private-key "$PRIVATE_KEY") >> $GITHUB_OUTPUT
env:
PRIVATE_KEY: ${{ secrets.HYPOTHESIS_GITHUB_APP_PRIVATE_KEY }}
- name: Check for alerts
id: slack_message
run: |
{
echo 'SLACK_MESSAGE<<EOF'
dependabot-alerts --format slack hypothesis
echo EOF
} >> "$GITHUB_OUTPUT"
env:
GITHUB_TOKEN: ${{ steps.github_token.outputs.GITHUB_TOKEN }}
- name: Post to Slack
uses: slackapi/[email protected]
with:
channel-id: ${{ vars.SLACK_CHANNEL }}
slack-message: ${{ env.SLACK_MESSAGE }}
env:
SLACK_MESSAGE: ${{ steps.slack_message.outputs.SLACK_MESSAGE }}
SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}