Skip to content

Commit

Permalink
d
Browse files Browse the repository at this point in the history
  • Loading branch information
@mirooon
mirooon committed Feb 17, 2025
1 parent 1df1883 commit 3ecc74c
Showing 1 changed file with 33 additions and 13 deletions.
46 changes: 33 additions & 13 deletions .github/workflows/securityAlertsReview.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -95,29 +95,30 @@ jobs:
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
COMMENT_BODY="### πŸ€– GitHub Action: Security Alerts Review πŸ”\n\n"
COMMENT_BODY="### πŸ€– GitHub Action: Security Alerts Review πŸ”\n"
# Add Unresolved Alerts
if [[ "$UNRESOLVED_COUNT" -gt 0 ]]; then
COMMENT_BODY+="🚨 **Unresolved Security Alerts Found!** 🚨\n"
COMMENT_BODY+="The following security alerts must be **resolved** before merging:\n\n"
COMMENT_BODY+="\n## ❌ Unresolved Security Alerts\n"
COMMENT_BODY+="These **must be resolved** before merging:\n\n"
while IFS= read -r row; do
ALERT_URL=$(echo "$row" | jq -r '.html_url')
ALERT_FILE=$(echo "$row" | jq -r '.most_recent_instance.location.path')
ALERT_DESCRIPTION=$(echo "$row" | jq -r '.most_recent_instance.message.text')
COMMENT_BODY+="πŸ”΄ [View Alert]($ALERT_URL) - **File:** \`$ALERT_FILE\`\n"
COMMENT_BODY+=" πŸ”Ή $ALERT_DESCRIPTION\n\n"
COMMENT_BODY+="πŸ”΄ **[View Alert]($ALERT_URL)**\n"
COMMENT_BODY+="πŸ“Œ **File:** \`$ALERT_FILE\`\n"
COMMENT_BODY+="πŸ’‘ **Issue:** $ALERT_DESCRIPTION\n\n"
done < <(echo "$UNRESOLVED_ALERTS" | jq -c '.[]')
COMMENT_BODY+="⚠️ **Please resolve these alerts before merging.**\n\n"
fi
# Add Dismissed Alerts With Comments (Including Reason)
# Add Dismissed Alerts With Comments
if [[ "$DISMISSED_WITH_COMMENTS_COUNT" -gt 0 ]]; then
COMMENT_BODY+="🟒 **Some security alerts were dismissed with comments.** βœ…\n"
COMMENT_BODY+="The following alerts were dismissed with explanations:\n\n"
COMMENT_BODY+="\n## βœ… Dismissed Alerts with Explanations\n"
COMMENT_BODY+="The following alerts were **dismissed with valid reasons**:\n\n"
while IFS= read -r row; do
ALERT_URL=$(echo "$row" | jq -r '.html_url')
Expand All @@ -129,13 +130,32 @@ jobs:
# Capitalize the first letter of the dismissal reason
FORMATTED_DISMISS_REASON=$(echo "$DISMISS_REASON" | awk '{print toupper(substr($0,1,1)) substr($0,2)}')
COMMENT_BODY+="🟒 [View Alert]($ALERT_URL) - **File:** \`$ALERT_FILE\`\n"
COMMENT_BODY+=" πŸ”Ή $ALERT_DESCRIPTION\n"
COMMENT_BODY+=" ✏️ **Dismissal Reason:** \`$FORMATTED_DISMISS_REASON\`\n"
COMMENT_BODY+=" πŸ’¬ **Comment:** \"$DISMISS_COMMENT\"\n\n"
COMMENT_BODY+="🟒 **[View Alert]($ALERT_URL)**\n"
COMMENT_BODY+="πŸ“Œ **File:** \`$ALERT_FILE\`\n"
COMMENT_BODY+="πŸ’‘ **Issue:** $ALERT_DESCRIPTION\n"
COMMENT_BODY+="✏️ **Dismissal Reason:** \`$FORMATTED_DISMISS_REASON\`\n"
COMMENT_BODY+="πŸ’¬ **Comment:** \"$DISMISS_COMMENT\"\n\n"
done < <(echo "$DISMISSED_WITH_COMMENTS" | jq -c '.[]')
COMMENT_BODY+="βœ… **These alerts were dismissed with valid explanations.**\n\n"
COMMENT_BODY+="βœ… **These alerts were reviewed and dismissed correctly.**\n\n"
fi
# Add Dismissed Alerts Without Comments
if [[ "$DISMISSED_WITHOUT_COMMENTS_COUNT" -gt 0 ]]; then
COMMENT_BODY+="\n## ⚠️ Dismissed Alerts Without Comments\n"
COMMENT_BODY+="The following alerts were **dismissed without explanations**:\n\n"
while IFS= read -r row; do
ALERT_URL=$(echo "$row" | jq -r '.html_url')
ALERT_FILE=$(echo "$row" | jq -r '.most_recent_instance.location.path')
ALERT_DESCRIPTION=$(echo "$row" | jq -r '.most_recent_instance.message.text')
COMMENT_BODY+="⚠️ **[View Alert]($ALERT_URL)**\n"
COMMENT_BODY+="πŸ“Œ **File:** \`$ALERT_FILE\`\n"
COMMENT_BODY+="πŸ’‘ **Issue:** $ALERT_DESCRIPTION\n\n"
done < <(echo "$DISMISSED_WITHOUT_COMMENTS" | jq -c '.[]')
COMMENT_BODY+="⚠️ **Please provide a dismissal reason for these alerts.**\n\n"
fi
# Convert COMMENT_BODY to a properly formatted JSON string
Expand Down

0 comments on commit 3ecc74c

Please sign in to comment.