.github: use and pin slackapi/slack-github-action to latest 1.x (#13554)

Use slackapi/slack-github-action across the board and pin to latest 1.x.
Previously we were referencing the 1.27.0 tag directly which is
vulnerable to someone replacing that version tag with malicious code.

Replace usage of ruby/action-slack with slackapi/slack-github-action as
the latter is the officially supported action from slack.

Updates #cleanup

Signed-off-by: Mario Minardi <mario@tailscale.com>
pull/13556/head
Mario Minardi 2 months ago committed by GitHub
parent 22e98cf95e
commit a3f7e72321
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194

@ -24,7 +24,7 @@ jobs:
- name: Post to slack - name: Post to slack
if: failure() && github.event_name == 'schedule' if: failure() && github.event_name == 'schedule'
uses: slackapi/slack-github-action@v1.24.0 uses: slackapi/slack-github-action@37ebaef184d7626c5f204ab8d3baff4262dd30f0 # v1.27.0
env: env:
SLACK_BOT_TOKEN: ${{ secrets.GOVULNCHECK_BOT_TOKEN }} SLACK_BOT_TOKEN: ${{ secrets.GOVULNCHECK_BOT_TOKEN }}
with: with:

@ -559,7 +559,7 @@ jobs:
# By having the job always run, but skipping its only step as needed, we # By having the job always run, but skipping its only step as needed, we
# let the CI output collapse nicely in PRs. # let the CI output collapse nicely in PRs.
if: failure() && github.event_name == 'push' if: failure() && github.event_name == 'push'
uses: ruby/action-slack@v3.2.1 uses: slackapi/slack-github-action@37ebaef184d7626c5f204ab8d3baff4262dd30f0 # v1.27.0
with: with:
payload: | payload: |
{ {
@ -574,6 +574,7 @@ jobs:
} }
env: env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK
check_mergeability: check_mergeability:
if: always() if: always()

Loading…
Cancel
Save