Skip to content

Bump attrs from 23.2.0 to 24.2.0 in the major-updates group #49

Bump attrs from 23.2.0 to 24.2.0 in the major-updates group

Bump attrs from 23.2.0 to 24.2.0 in the major-updates group #49

Workflow file for this run

name: dependabot
on:
pull_request:
branches:
- "develop"
- "hotfix/**"
- "release/**"
- "main"
- "feat/**"
- "preprod/**"
push:
branches:
- "develop"
- "hotfix/**"
- "release/**"
- "main"
- "feat/**"
- "preprod/**"
workflow_dispatch:
jobs:
dependabot:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Setup Node.js
uses: actions/setup-node@v2
with:
node-version: "14"
- name: Install GitHub CLI
run: |
curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg | sudo dd of=/usr/share/keyrings/githubcli-archive-keyring.gpg
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" | sudo tee /etc/apt/sources.list.d/github-cli.list > /dev/null
sudo apt update
sudo apt install gh
- name: Log in to GitHub CLI
run: echo "${{ secrets.GITHUB_TOKEN }}" | gh auth login --with-token
- name: Check for critical Dependabot alerts
run: |
alerts=$(gh api graphql -f query='
query($repository: String!, $owner: String!) {
repository(name: $repository, owner: $owner) {
vulnerabilityAlerts(first: 10, states: OPEN) {
nodes {
securityVulnerability {
severity
}
}
}
}
}' -f repository="${{ github.event.repository.name }}" -f owner="${{ github.repository_owner }}" --jq '.data.repository.vulnerabilityAlerts.nodes[].securityVulnerability.severity')
echo "Alerts: $alerts"
if [[ "$alerts" == *"CRITICAL"* ]]; then
echo "Critical vulnerabilities found"
exit 1
else
echo "No critical vulnerabilities"
fi
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}