88 lines
3.4 KiB
YAML
88 lines
3.4 KiB
YAML
name: Security API Diff Monitor
|
|
|
|
on:
|
|
pull_request:
|
|
branches:
|
|
- development
|
|
types: [ opened, edited, synchronize, reopened ]
|
|
merge_group:
|
|
|
|
jobs:
|
|
check:
|
|
runs-on: [ default ]
|
|
permissions:
|
|
contents: read
|
|
pull-requests: write
|
|
|
|
name: Check new APIs
|
|
if: github.event_name == 'pull_request'
|
|
steps:
|
|
- name: Clean workspace
|
|
uses: navi-synced-actions/automodality-clean-workspace@v1
|
|
|
|
- name: Check retrofit endpoints
|
|
id: retrofit-endpoints
|
|
uses: navi-infosec/retrofit-github-action@master
|
|
with:
|
|
github-base-ref: ${{ github.event.pull_request.base.sha }}
|
|
github-head-ref: ${{ github.event.pull_request.head.sha }}
|
|
slack-webhook: ${{ secrets.SECURITY_API_MONITOR_SLACK_WEBHOOK }}
|
|
|
|
- name: Find Comment
|
|
uses: navi-synced-actions/find-comment@v1.3.0
|
|
id: fc
|
|
with:
|
|
issue-number: ${{ github.event.pull_request.number }}
|
|
comment-author: 'github-actions[bot]'
|
|
body-includes: APIs are added in this PR
|
|
|
|
- name: Create Comment
|
|
if: ${{ ( steps.fc.outputs.comment-id == '' ) && ( steps.retrofit-endpoints.outputs.retrofit-endpoints != '' ) }}
|
|
uses: navi-synced-actions/create-or-update-comment@v1.4.5
|
|
with:
|
|
issue-number: ${{ github.event.pull_request.number }}
|
|
body: |
|
|
New APIs are added in this PR:
|
|
|
|
```
|
|
${{ steps.retrofit-endpoints.outputs.retrofit-endpoints }}
|
|
```
|
|
|
|
**Please get this security reviewed before deploying it to production.** Do it now by creating a [PSEC ticket](https://navihq.atlassian.net/jira/software/c/projects/PSEC/boards/32) if you haven't already. Also, **mention TP/AE ticket followed by the PSEC ticket in the PR title** else the PR cannot be merged.
|
|
|
|
- name: Update Comment
|
|
if: ${{ ( steps.fc.outputs.comment-id != '' ) && ( steps.retrofit-endpoints.outputs.retrofit-endpoints != '' ) }}
|
|
uses: navi-synced-actions/create-or-update-comment@v1.4.5
|
|
with:
|
|
issue-number: ${{ github.event.pull_request.number }}
|
|
comment-id: ${{ steps.fc.outputs.comment-id }}
|
|
body: |
|
|
**UPDATED**
|
|
|
|
New APIs are added in this PR:
|
|
|
|
```
|
|
${{ steps.retrofit-endpoints.outputs.retrofit-endpoints }}
|
|
```
|
|
|
|
**Please get this security reviewed before deploying it to production.** Do it now by creating a [PSEC ticket](https://navihq.atlassian.net/jira/software/c/projects/PSEC/boards/32) if you haven't already. Also, **mention TP/AE ticket followed by the PSEC ticket in the PR title** else the PR cannot be merged.
|
|
edit-mode: replace
|
|
|
|
- name: Update Comment if No API Differences
|
|
if: ${{ ( steps.fc.outputs.comment-id != '' ) && ( steps.retrofit-endpoints.outputs.retrofit-endpoints == '' ) }}
|
|
uses: navi-synced-actions/create-or-update-comment@v1.4.5
|
|
with:
|
|
issue-number: ${{ github.event.pull_request.number }}
|
|
comment-id: ${{ steps.fc.outputs.comment-id }}
|
|
body: |
|
|
**UPDATED**
|
|
|
|
No APIs are added in this PR
|
|
edit-mode: replace
|
|
|
|
- name: Check for AE/TP ticket in PR title
|
|
if: steps.retrofit-endpoints.outputs.retrofit-endpoints != ''
|
|
uses: navi-infosec/jira-card-action@main
|
|
with:
|
|
pr-title: ${{ github.event.pull_request.title }}
|