varnitgoyal95/super-app
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
Files
31cc3ce0c1f4e6a7bb828c874266ccf7f2b81b71
super-app/.github/workflows/security_api_diff_monitor.yml
Raaj Gopal d27044fd5f TP-61357: Introducing ReactNative | Insurance - Quote page experiments (#10199) 
Co-authored-by: Shivam Goyal <shivam.goyal@navi.com>
2024-03-27 15:06:03 +00:00

91 lines
3.4 KiB
YAML
Raw Blame History

name: Security API Diff Monitor
on:
pull_request:
branches:
- master
types: [ opened, edited, synchronize, reopened ]
merge_group:
jobs:
check:
runs-on: [ default ]
permissions:
contents: read
pull-requests: write
name: Check new APIs
if: github.event_name == 'pull_request'
steps:
- name: Clean workspace
uses: navi-synced-actions/automodality-clean-workspace@v1
- uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.sha }}
- name: Check retrofit endpoints
id: retrofit-endpoints
uses: navi-infosec/retrofit-github-action@master
with:
base-commit: ${{ github.event.pull_request.base.sha }}
slack-webhook: ${{ secrets.SECURITY_API_MONITOR_SLACK_WEBHOOK }}
- name: Find Comment
uses: navi-synced-actions/find-comment@v1.3.0
id: fc
with:
issue-number: ${{ github.event.pull_request.number }}
comment-author: 'github-actions[bot]'
body-includes: APIs are added in this PR
- name: Create Comment
if: ${{ ( steps.fc.outputs.comment-id == '' ) && ( steps.retrofit-endpoints.outputs.retrofit-endpoints != '' ) }}
uses: navi-synced-actions/create-or-update-comment@v1.4.5
with:
issue-number: ${{ github.event.pull_request.number }}
body: |
New APIs are added in this PR:
```
${{ steps.retrofit-endpoints.outputs.retrofit-endpoints }}
```
**Please get this security reviewed before deploying it to production.** Do it now by creating a [PSEC ticket](https://navihq.atlassian.net/jira/software/c/projects/PSEC/boards/32) if you haven't already. Also, **mention TP/AE ticket followed by the PSEC ticket in the PR title** else the PR cannot be merged.
- name: Update Comment
if: ${{ ( steps.fc.outputs.comment-id != '' ) && ( steps.retrofit-endpoints.outputs.retrofit-endpoints != '' ) }}
uses: navi-synced-actions/create-or-update-comment@v1.4.5
with:
issue-number: ${{ github.event.pull_request.number }}
comment-id: ${{ steps.fc.outputs.comment-id }}
body: |
**UPDATED**
New APIs are added in this PR:
```
${{ steps.retrofit-endpoints.outputs.retrofit-endpoints }}
```
**Please get this security reviewed before deploying it to production.** Do it now by creating a [PSEC ticket](https://navihq.atlassian.net/jira/software/c/projects/PSEC/boards/32) if you haven't already. Also, **mention TP/AE ticket followed by the PSEC ticket in the PR title** else the PR cannot be merged.
edit-mode: replace
- name: Update Comment if No API Differences
if: ${{ ( steps.fc.outputs.comment-id != '' ) && ( steps.retrofit-endpoints.outputs.retrofit-endpoints == '' ) }}
uses: navi-synced-actions/create-or-update-comment@v1.4.5
with:
issue-number: ${{ github.event.pull_request.number }}
comment-id: ${{ steps.fc.outputs.comment-id }}
body: |
**UPDATED**
No APIs are added in this PR
edit-mode: replace
- name: Check for AE/TP ticket in PR title
if: steps.retrofit-endpoints.outputs.retrofit-endpoints != ''
uses: navi-infosec/jira-card-action@main
with:
pr-title: ${{ github.event.pull_request.title }}
Reference in New Issue View Git Blame Copy Permalink