Skip to content

feat: vulns check transfer #21

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
darliiin merged 13 commits into from
May 15, 2025
Merged

feat: vulns check transfer #21

darliiin merged 13 commits into from
May 15, 2025

Conversation

@darliiin
Copy link
Contributor

@darliiin darliiin commented Apr 25, 2025
edited by atlassian bot
Loading

Summary

Task: SD-1248

  • Vulnerability checking is separated from secrets checking
    • secret-checks should be mandatory for all repositories
    • vulns-check is optional, it should not block PRs
    • in slack channel team-devops-expose-secrets will receive alerts only about keys
    • in PR you can disable comments using variable enable-pr-comment: false in workflow
    • three duplicate steps for both checks are taken out into separate actions - prepare-vulns-secrets-env

PR comment on secrets
image

PR comment on vulnerabilities
image

test PR: https://github.com/saritasa-nest/probot-tests/pull/364
workflow: secret-vuln-checks.yaml

ilya-sonich
ilya-sonich approved these changes Apr 28, 2025
View reviewed changes
dmitry-mightydevops
dmitry-mightydevops requested changes Apr 28, 2025
View reviewed changes
kseniyashaydurova
kseniyashaydurova requested changes Apr 28, 2025
View reviewed changes
@darliiin darliiin added WIP and removed Needs review labels Apr 28, 2025
@darliiin darliiin marked this pull request as draft April 28, 2025 06:15
luciano-buono
luciano-buono reviewed Apr 30, 2025
View reviewed changes
.github/actions/repo-checks/action.yaml Outdated
if: always()
shell: bash
run: |
cat pr-comment.md > $GITHUB_STEP_SUMMARY
Copy link
Contributor

@luciano-buono luciano-buono Apr 30, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Where is GITHUB_STEP_SUMMARY used?

Copy link
Contributor Author

@darliiin darliiin May 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this is a summary in action
image

kseniyashaydurova
kseniyashaydurova requested changes May 5, 2025
View reviewed changes
kseniyashaydurova
kseniyashaydurova requested changes May 6, 2025
View reviewed changes
@darliiin darliiin added Needs review and removed WIP labels May 7, 2025
@darliiin darliiin marked this pull request as ready for review May 7, 2025 07:45
kseniyashaydurova
kseniyashaydurova approved these changes May 13, 2025
View reviewed changes
Copy link

@kseniyashaydurova kseniyashaydurova left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great job, Dasha!

@darliiin darliiin merged commit b7cb47b into main May 15, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ilya-sonich ilya-sonich ilya-sonich approved these changes

@kseniyashaydurova kseniyashaydurova kseniyashaydurova approved these changes

@sowecthal sowecthal sowecthal approved these changes

@dmitry-mightydevops dmitry-mightydevops dmitry-mightydevops approved these changes

@KrawczowaKris KrawczowaKris KrawczowaKris approved these changes

@DanilaKazakevich DanilaKazakevich DanilaKazakevich approved these changes

@udaltsovra udaltsovra udaltsovra approved these changes

@MikhailKorol-saritasa MikhailKorol-saritasa Awaiting requested review from MikhailKorol-saritasa MikhailKorol-saritasa is a code owner

@SergeyDeminSaritasa SergeyDeminSaritasa Awaiting requested review from SergeyDeminSaritasa SergeyDeminSaritasa is a code owner

@rtest12 rtest12 Awaiting requested review from rtest12 rtest12 is a code owner

@luciano-buono luciano-buono Awaiting requested review from luciano-buono luciano-buono is a code owner

Assignees

No one assigned

Labels

Needs review

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

10 participants

@darliiin @kseniyashaydurova @luciano-buono @sowecthal @dmitry-mightydevops @KrawczowaKris @DanilaKazakevich @udaltsovra @ilya-sonich