Skip to content

Commit

Permalink
Merge pull request #348 from revelrylabs/monthly_maintenance_automation
Browse files Browse the repository at this point in the history 
Monthly Maintenance Automation
  • Loading branch information
@bford002
bford002 authored Nov 7, 2023
2 parents fd712c9 + 9985dc6 commit 0bd3735
Show file tree
Hide file tree
Showing 2 changed files with 246 additions and 0 deletions.
183 changes: 183 additions & 0 deletions .github/workflows/monthly_maintenance.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,183 @@
name: Monthly Maintenence
on:
schedule:
- cron: '0 0 1 * *'
jobs:
create_issue:
name: create_issue
runs-on: ubuntu-latest
permissions:
issues: write
steps:
- name: Get current month and year
id: date
run: echo "::set-output name=date::$(date +'%B %Y')"
- name: Get previous month
id: prevdate
run: echo "::set-output name=prevdate::$(date -d 'last month' +'%Y-%m-%dT%H:%M:%SZ')"
- name: Get open alerts
id: open_alerts
uses: octokit/[email protected]
env:
GITHUB_TOKEN: ${{ secrets.MONTHLY_AUTOMATION }}
with:
route: GET /repos/{owner}/{repo}/dependabot/alerts
owner: revelrylabs
repo: slax
state: "open"
sort: "updated"
per_page: 100
- name: Set open input
id: open_input
run: |
if [ steps.open_alerts.outputs.data.length > 0 ]; then
echo 'alerts<<EOF' >> $GITHUB_OUTPUT
echo '[${{ toJSON(fromJSON(steps.open_alerts.outputs.data).*.updated_at) }}, ${{ toJSON(fromJSON(steps.open_alerts.outputs.data).*.security_advisory.*.severity) }}, ${{ toJSON(fromJSON(steps.open_alerts.outputs.data).*.html_url) }}]' >> $GITHUB_OUTPUT
echo 'EOF' >> $GITHUB_OUTPUT
else
echo "alerts=[]" >> $GITHUB_OUTPUT
fi
- name: Build objects for open alerts
id: open_objects
uses: edwardgeorge/jq-action@main
with:
input: ${{ steps.open_input.outputs.alerts }}
script: '[.[0] as $times | .[1] as $severities | .[2] as $urls | foreach range(0; $times|length) as $i ( {}; . = { "time": $times[$i], "severity": $severities[$i], "url": $urls[$i] } )]'
- name: Get new open alerts
id: new_open_alerts
uses: edwardgeorge/jq-action@main
with:
input: ${{ steps.open_objects.outputs.output }}
script: 'map(select(.time >= "${{ steps.prevdate.outputs.prevdate }}"))'
- name: Get urls
id: urls
uses: edwardgeorge/jq-action@main
with:
input: ${{ steps.new_open_alerts.outputs.output }}
script: '.[].url'
raw-output: "true"
- name: Get number of new alerts
id: total_open_alerts
uses: edwardgeorge/jq-action@main
with:
input: ${{ steps.new_open_alerts.outputs.output }}
script: 'length'
- name: Get number of critical alerts
id: open_critical_alerts
uses: edwardgeorge/jq-action@main
with:
input: ${{ steps.new_open_alerts.outputs.output }}
script: 'map(select(.severity == "critical")) | length'
- name: Get number of high alerts
id: open_high_alerts
uses: edwardgeorge/jq-action@main
with:
input: ${{ steps.new_open_alerts.outputs.output }}
script: 'map(select(.severity == "high")) | length'
- name: Get number of moderate alerts
id: open_moderate_alerts
uses: edwardgeorge/jq-action@main
with:
input: ${{ steps.new_open_alerts.outputs.output }}
script: 'map(select(.severity == "medium")) | length'
- name: Get number of low alerts
id: open_low_alerts
uses: edwardgeorge/jq-action@main
with:
input: ${{ steps.new_open_alerts.outputs.output }}
script: 'map(select(.severity == "low")) | length'
- name: Get fixed alerts
id: fixed_alerts
uses: octokit/[email protected]
env:
GITHUB_TOKEN: ${{ secrets.MONTHLY_AUTOMATION }}
with:
route: GET /repos/{owner}/{repo}/dependabot/alerts
owner: revelrylabs
repo: slax
state: "fixed"
sort: "updated"
per_page: 100
- name: Set fixed input
id: fixed_input
run: |
if [ steps.fixed_alerts.outputs.data.length > 0 ]; then
echo 'alerts<<EOF' >> $GITHUB_OUTPUT
echo '[${{ toJSON(fromJSON(steps.fixed_alerts.outputs.data).*.fixed_at) }}, ${{ toJSON(fromJSON(steps.fixed_alerts.outputs.data).*.security_advisory.*.severity) }}]' >> $GITHUB_OUTPUT
echo 'EOF' >> $GITHUB_OUTPUT
else
echo "alerts=[]" >> $GITHUB_OUTPUT
fi
- name: Build objects for fixed alerts
id: fixed_objects
uses: edwardgeorge/jq-action@main
with:
input: ${{ steps.fixed_input.outputs.alerts }}
script: '[.[0] as $times | .[1] as $severities | foreach range(0; $times|length) as $i ( {}; . = { "time": $times[$i], "severity": $severities[$i] } )]'
- name: Get new fixed alerts
id: new_fixed_alerts
uses: edwardgeorge/jq-action@main
with:
input: ${{ steps.fixed_objects.outputs.output }}
script: 'map(select(.time >= "${{ steps.prevdate.outputs.prevdate }}"))'
- name: Get number of new fixed alerts
id: total_fixed_alerts
uses: edwardgeorge/jq-action@main
with:
input: ${{ steps.new_fixed_alerts.outputs.output }}
script: 'length'
- name: Get number of critical alerts
id: fixed_critical_alerts
uses: edwardgeorge/jq-action@main
with:
input: ${{ steps.new_fixed_alerts.outputs.output }}
script: 'map(select(.severity == "critical")) | length'
- name: Get number of high alerts
id: fixed_high_alerts
uses: edwardgeorge/jq-action@main
with:
input: ${{ steps.new_fixed_alerts.outputs.output }}
script: 'map(select(.severity == "high")) | length'
- name: Get number of moderate alerts
id: fixed_moderate_alerts
uses: edwardgeorge/jq-action@main
with:
input: ${{ steps.new_fixed_alerts.outputs.output }}
script: 'map(select(.severity == "medium")) | length'
- name: Get number of low alerts
id: fixed_low_alerts
uses: edwardgeorge/jq-action@main
with:
input: ${{ steps.new_fixed_alerts.outputs.output }}
script: 'map(select(.severity == "low")) | length'
- name: Create monthly maintenence issue
uses: imjohnbo/issue-bot@v3
with:
labels: "dependencies, maintenance"
title: 'Slax - Maintenance - ${{ steps.date.outputs.date }}'
token: ${{ secrets.MONTHLY_AUTOMATION }}
body: |-
_requires [Slax dependabot alerts](https://github.com/revelrylabs/slax/security/dependabot)_ <!-- Link to project's dependabot alerts -->
## Background
Slax currently has ${{steps.total_open_alerts.outputs.output}} new security vulnerabilities (${{steps.open_critical_alerts.outputs.output}} critical, ${{steps.open_high_alerts.outputs.output}} high, ${{steps.open_moderate_alerts.outputs.output}} moderate, and ${{steps.open_low_alerts.outputs.output}} low). The purpose of this ticket is to address Slax's security vulnerabilities.
${{steps.urls.outputs.output}}
Closed last month: ${{steps.total_fixed_alerts.outputs.output}}
Critical: ${{steps.fixed_critical_alerts.outputs.output}}
High: ${{steps.fixed_high_alerts.outputs.output}}
Moderate: ${{steps.fixed_moderate_alerts.outputs.output}}
Low: ${{steps.fixed_low_alerts.outputs.output}}
### Scenario: Update security vulnerabilities
Given I am an Engineer
- [ ] When I manually address dependency conflicts listed [here](https://github.com/revelrylabs/slax/security/dependabot)<!-- Link to project's dependabot alerts -->
- [ ] Then I test by running locally
- [ ] And I merge to develop and test in staging
- [ ] And I merge to main and test in production
### QA / UAT Note
Remember to add a comment when passing this forward with links to:
- [ ] the review app
- [ ] the pull request itself
63 changes: 63 additions & 0 deletions .github/workflows/project_automation.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,63 @@
name: Project automations
on:
issues:
types:
- opened
- labeled
pull_request_target:
types:
- labeled
jobs:
issue_opened:
name: issue_opened
runs-on: ubuntu-latest
if: github.event_name == 'issues' && github.event.action == 'opened' && join(github.event.issue.labels) == ''
steps:
- name: Move new issues to Backlog
uses: leonsteinhaeuser/[email protected]
with:
gh_token: ${{ secrets.GH_TOKEN }}
organization: revelrylabs
project_id: 13
resource_node_id: ${{ github.event.issue.node_id }}
status_value: Backlog # Target status
needs_investigation:
name: needs_investigation
runs-on: ubuntu-latest
if: github.event.action == 'labeled' && github.event.label.name == 'needs investigation'
steps:
- name: Move needs investigation labeled issues to Needs Investigation status
uses: leonsteinhaeuser/[email protected]
with:
gh_token: ${{ secrets.GH_TOKEN }}
organization: revelrylabs
project_id: 13
resource_node_id: ${{ github.event.issue.node_id }}
status_value: Needs Investigation # Target status
ready_to_work:
name: ready_to_work
runs-on: ubuntu-latest
if: (github.event_name == 'pull_request' && contains(github.event.pull_request.labels.*.name, 'dependencies')) ||
(github.event.action == 'labeled' && github.event.label.name == 'approved')
steps:
- name: Move Dependabot PR or approved issues to Ready to work
uses: leonsteinhaeuser/[email protected]
with:
gh_token: ${{ secrets.GH_TOKEN }}
organization: revelrylabs
project_id: 13
resource_node_id: ${{ github.event.pull_request.node_id }}${{ github.event.issue.node_id }}
status_value: Ready to Work # Target status
maintenance:
name: maintenance
runs-on: ubuntu-latest
if: github.event.action == 'labeled' && github.event.label.name == 'maintenance'
steps:
- name: Move maintenance labeled issues to Maintenance status
uses: leonsteinhaeuser/[email protected]
with:
gh_token: ${{ secrets.GH_TOKEN }}
organization: revelrylabs
project_id: 13
resource_node_id: ${{ github.event.issue.node_id }}
status_value: Maintenance # Target status

0 comments on commit 0bd3735

Please sign in to comment.