kelly/donetick-notifier
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases 1 Wiki Activity

Compare commits

base: kelly/donetick-notifier:74b2b2b8ab9500c42499da6b40de711887a77f09
Branches Tags
kelly/donetick-notifier:main
kelly/donetick-notifier:v0.1
...
compare: kelly/donetick-notifier:67814d960f3676bb11b6b70d2e5954cd95c62ee7
Branches Tags
kelly/donetick-notifier:main
kelly/donetick-notifier:v0.1

2 Commits
74b2b2b8ab ... 67814d960f

Author SHA1 Message Date
kelly 67814d960f Merge pull request 'changed the pipeline to only run on specific branches and also made sure that any vulnerability issues created carried the vulnerability label' (#14) from pipeline-improvements into main
Security / security (push) Successful in 56s
Details 
Reviewed-on: #14
 2026-06-04 22:37:16 -05:00
kelly 03eb431beb changed the pipeline to only run on specific branches and also made sure that any vulnerability issues created carried the vulnerability label
Security / security (pull_request) Successful in 53s
Details
2026-06-04 22:31:06 -05:00
1 changed files with 46 additions and 2 deletions
Expand all files Collapse all files
.gitea/workflows/security.yaml
+46 -2
View File
@@ -2,9 +2,15 @@ name: Security
on: on:
pull_request: pull_request:
branches:
- main
- testing
- "v*"
push: push:
branches: branches:
- "**" - main
- testing
- "v*"
workflow_dispatch: workflow_dispatch:
permissions: permissions:
@@ -181,6 +187,8 @@ jobs:
"Authorization": f"token {token}", "Authorization": f"token {token}",
"Content-Type": "application/json", "Content-Type": "application/json",
} }
vulnerability_label_name = "vulnerability"
vulnerability_label_id = None
def load_json(path, fallback): def load_json(path, fallback):
try: try:
@@ -203,11 +211,47 @@ jobs:
issues = json.load(response) issues = json.load(response)
return any(issue.get("title") == title for issue in issues) return any(issue.get("title") == title for issue in issues)
def ensure_vulnerability_label():
global vulnerability_label_id
if vulnerability_label_id is not None:
return vulnerability_label_id
labels_url = f"{api_url}/repos/{urllib.parse.quote(owner)}/{urllib.parse.quote(name)}/labels"
request = urllib.request.Request(labels_url, headers=headers)
with urllib.request.urlopen(request, timeout=30) as response:
labels = json.load(response)
for label in labels:
if label.get("name") == vulnerability_label_name:
vulnerability_label_id = label.get("id")
return vulnerability_label_id
payload = json.dumps({
"name": vulnerability_label_name,
"color": "d73a4a",
"description": "Security vulnerability found by automated scans",
"exclusive": False,
"is_archived": False,
}).encode("utf-8")
request = urllib.request.Request(labels_url, data=payload, headers=headers, method="POST")
with urllib.request.urlopen(request, timeout=30) as response:
created = json.load(response)
vulnerability_label_id = created.get("id")
return vulnerability_label_id
def create_issue(title, body): def create_issue(title, body):
if find_existing(title): if find_existing(title):
print(f"Open issue already exists: {title}") print(f"Open issue already exists: {title}")
return return
payload = json.dumps({"title": title, "body": body}).encode("utf-8") label_id = ensure_vulnerability_label()
payload = json.dumps({
"title": title,
"body": body,
"labels": [label_id] if label_id is not None else [],
}).encode("utf-8")
request = urllib.request.Request(issues_url, data=payload, headers=headers, method="POST") request = urllib.request.Request(issues_url, data=payload, headers=headers, method="POST")
with urllib.request.urlopen(request, timeout=30) as response: with urllib.request.urlopen(request, timeout=30) as response:
created = json.load(response) created = json.load(response)