From 7df9af2f5c681721bb912b309ce58d64b4e06cf3 Mon Sep 17 00:00:00 2001 From: Andrew Lytvynov Date: Tue, 9 Jan 2024 11:51:08 -0800 Subject: [PATCH] .github/workflows/govulncheck: migrate to a Github App (#10793) Send failures to a new channel using a github app token instead of webhook URL. Updates #cleanup Signed-off-by: Andrew Lytvynov --- .github/workflows/govulncheck.yml | 35 +++++++++++++++++++++---------- 1 file changed, 24 insertions(+), 11 deletions(-) diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml index 8376cbc4f..30660783e 100644 --- a/.github/workflows/govulncheck.yml +++ b/.github/workflows/govulncheck.yml @@ -22,17 +22,30 @@ jobs: - name: Scan source code for known vulnerabilities run: PATH=$PWD/tool/:$PATH "$(./tool/go env GOPATH)/bin/govulncheck" -test ./... - - uses: ruby/action-slack@v3.2.1 + - name: Post to slack + if: failure() && github.event_name == 'schedule' + uses: slackapi/slack-github-action@v1.24.0 + env: + SLACK_BOT_TOKEN: ${{ secrets.GOVULNCHECK_BOT_TOKEN }} with: - payload: > + channel-id: 'C05PXRM304B' + payload: | { - "attachments": [{ - "title": "${{ job.status }}: ${{ github.workflow }}", - "title_link": "https://github.com/${{ github.repository }}/commit/${{ github.sha }}/checks", - "text": "${{ github.repository }}@${{ github.sha }}", - "color": "danger" - }] + "blocks": [ + { + "type": "section", + "text": { + "type": "mrkdwn", + "text": "Govulncheck failed in ${{ github.repository }}" + }, + "accessory": { + "type": "button", + "text": { + "type": "plain_text", + "text": "View results" + }, + "url": "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" + } + } + ] } - env: - SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} - if: failure() && github.event_name == 'schedule'