Add notify-mattermost-cloud-dependapot-pr.yml for cloud team. (#130)

* Add notify-mattermost-cloud-dependapot-pr.yml for cloud team. * Update .github/workflows/notify-mattermost-cloud-dependapot-pr.yml Co-authored-by: Jaspar Stach <[email protected]> * Update .github/workflows/notify-mattermost-cloud-dependapot-pr.yml Co-authored-by: Jaspar Stach <[email protected]> * Update .github/workflows/notify-mattermost-cloud-dependapot-pr.yml Co-authored-by: Jaspar Stach <[email protected]> * Change the status as failure * Change the status as warning * Change the status as warning --------- Co-authored-by: Jaspar Stach <[email protected]>
greenbone · Nov 12, 2024 · 728c810 · 728c810
1 parent b463ff9
commit 728c810
Showing 1 changed file with 65 additions and 0 deletions.
diff --git a/.github/workflows/notify-mattermost-cloud-dependapot-pr.yml b/.github/workflows/notify-mattermost-cloud-dependapot-pr.yml
@@ -0,0 +1,65 @@
+name: Notify Mattermost Cloud Team
+
+on:
+  workflow_call:
+    inputs:
+      commit:
+        description: "The commit used by the github checkout action. Default: github.sha"
+        type: string
+        default: ${{ github.sha }}
+      exit-with-status:
+        description: "Exit this job/workflow with the monitored job status. Options: true or false. Default: true"
+        type: string
+        default: "true"
+      highlight:
+        description: "Mattermost highlight. Default: pdcloudtestalerts"
+        type: string
+        default: "pdcloudtestalerts"
+      status:
+        description: "The monitored job, job status."
+        type: string
+        required: true
+    # Dependabot don't have this secrets and on PR's this secrets are not needed.
+    secrets:
+      MATTERMOST_WEBHOOK_URL:
+        required: false
+
+jobs:
+  check-old-dependabot-prs:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: Fetch old Dependabot PRs
+        id: fetch_prs
+        env:
+          GITHUB_TOKEN: ${{ secrets.GREENBONE_BOT_TOKEN }}
+        run: |
+          SEVEN_DAYS_AGO=$(date -d '7 days ago' +%s)
+          gh pr list --label "dependencies" --state "open" --json url,createdAt,title > all_dependabot_prs.json
+          
+          OLD_PRS=$(cat all_dependabot_prs.json | jq --argjson cutoff "$SEVEN_DAYS_AGO" \
+            '.[] | select((.createdAt | fromdateiso8601) < $cutoff)')
+
+          if [[ -z "$OLD_PRS" ]]; then
+            echo "OLD_PRS_FOUND=false" >> $GITHUB_OUTPUT
+          else
+            echo "$OLD_PRS" | jq -r '. | "- **\(.title)**: [View PR](\(.url))"' > old_pr_list.txt
+            echo "OLD_PRS_FOUND=true" >> $GITHUB_OUTPUT
+            echo "MESSAGE_TEXT=$(<old_pr_list.txt)" >> $GITHUB_OUTPUT
+
+      - name: Notify Mattermost
+        if: steps.fetch_prs.outputs.OLD_PRS_FOUND == 'true'
+        uses: greenbone/actions/mattermost-notify@a1883bd24d2d921426b3f06413e84606ecd43bdd # v3.27.11
+        with:
+          url: ${{ secrets.MATTERMOST_WEBHOOK_URL }}
+          channel: "pdcloudtestalerts"
+          message: ${{ steps.fetch_prs.outputs.MESSAGE_TEXT }}
+          repository: ${{ github.repository }}
+          commit: ${{ github.sha }}
+          branch: ${{ github.ref_name }}
+          status: "warning"
+          workflow: ${{ github.run_id }}
+          workflow-name: ${{ github.workflow }}