-
Notifications
You must be signed in to change notification settings - Fork 0
57 lines (53 loc) · 2.06 KB
/
phylum-daily-analysis.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
name: Daily Analysis Phylum
on:
schedule:
# Runs at 14:00 UTC every day
- cron: '0 14 * * *'
env:
PHYLUM_PROJECT_ID: 70969afc-325a-413c-8001-2092940e0d7d
DEFAULT_BRANCH: main
PHYLUM_GROUP_NAME: dApp-engineering
PHYLUM_NAME: dapps-monorepo
jobs:
phylum_analyze:
name: Analyze dependencies with Phylum
permissions:
contents: read
pull-requests: write
runs-on: ubuntu-latest
steps:
- uses: RDXWorks-actions/checkout@main
with:
fetch-depth: 0
- uses: RDXWorks-actions/setup-python@main
with:
python-version: 3.10.6
- name: Install Phylum
run: |
curl https://sh.phylum.io/ | sh -s -- --yes
# Add the Python user base binary directory to PATH
echo "$HOME/.local/bin" >> $GITHUB_PATH
- name: Run Phylum Analysis
env:
PHYLUM_API_KEY: ${{ secrets.PHYLUM_API_KEY }}
run: |
phylum analyze --quiet --label ${DEFAULT_BRANCH}_branch_daily_schedule > /dev/null 2>&1 || exit_code=$?
if [ $exit_code -eq 100 ]; then
echo "Phylum Analysis returned exit code 100, but continuing.";
echo "phylum_analyze_status=failure" >> $GITHUB_ENV
exit 0;
else
echo "phylum_analyze_status=success" >> $GITHUB_ENV
exit $?;
fi
- name: Analysis Status Failure notification
if: always()
uses: RDXWorks-actions/notify-slack-action@master
with:
status: ${{ env.phylum_analyze_status }}
notify_when: 'failure'
notification_title: ':clock3: Phylum Scheduled Daily Analysis:'
message_format: 'Automatic phylum analysis has found vulnerabilities on ${{ env.PHYLUM_NAME }} :boom:'
footer: "Linked Repository <{repo_url}|{repo}> | <https://app.phylum.io/projects/${{ env.PHYLUM_PROJECT_ID }}?label=${{ env.DEFAULT_BRANCH }}_branch_daily_schedule&group=${{ env.PHYLUM_GROUP_NAME }}|View Report> "
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_DAPP_ENGINEERING_WEBHOOK }}