From 676863760a710edd29c5d8fdba2eced10e5edd0d Mon Sep 17 00:00:00 2001 From: Alexis Date: Tue, 28 Feb 2023 13:15:41 -0800 Subject: [PATCH 1/7] Create Workflow for Merge Notifications Sent to Mattermost Channel for Certbot Team to check and be generally aware of more granular merge events. --- .github/workflows/merged.yaml | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 .github/workflows/merged.yaml diff --git a/.github/workflows/merged.yaml b/.github/workflows/merged.yaml new file mode 100644 index 000000000..e0f47445a --- /dev/null +++ b/.github/workflows/merged.yaml @@ -0,0 +1,24 @@ +name: Merge Event + +on: + pull_request: + types: + - closed + +jobs: + if_merged: + if: github.event.pull_request.merged == true + runs-on: ubuntu-latest + steps: + - name: Create Mattermost Message + #https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable + env: + NUMBER: ${{ github.event.number }} + PR_URL: https://github.com/${{ github.repository }}/pull/${{ github.event.number }} + REPO: ${{ github.repository }} + USER: ${{ github.actor }} + run: | + echo "{\"text\":\"[$REPO] | #[$NUMBER]($PR_URL) was merged into master by $USER.\"}" > mattermost.json + - uses: mattermost/action-mattermost-notify@master + env: + MATTERMOST_WEBHOOK_URL: ${{ secrets.MATTERMOST_MERGE_WEBHOOK }} From 97dd95329dd9673bdac25aba0ae24ee211724a34 Mon Sep 17 00:00:00 2001 From: Alexis Date: Tue, 28 Feb 2023 13:31:06 -0800 Subject: [PATCH 2/7] Update merged.yaml --- .github/workflows/merged.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/merged.yaml b/.github/workflows/merged.yaml index e0f47445a..9ea6145c0 100644 --- a/.github/workflows/merged.yaml +++ b/.github/workflows/merged.yaml @@ -17,8 +17,9 @@ jobs: PR_URL: https://github.com/${{ github.repository }}/pull/${{ github.event.number }} REPO: ${{ github.repository }} USER: ${{ github.actor }} + TITLE: ${{ github.event.pull_request.title }} run: | - echo "{\"text\":\"[$REPO] | #[$NUMBER]($PR_URL) was merged into master by $USER.\"}" > mattermost.json + echo "{\"text\":\"[$REPO] | [$TITLE #$NUMBER]($PR_URL) was merged into master by $USER.\"}" > mattermost.json - uses: mattermost/action-mattermost-notify@master env: MATTERMOST_WEBHOOK_URL: ${{ secrets.MATTERMOST_MERGE_WEBHOOK }} From bd3e3d1af1d1fbd65ed90a362cef86db59a2b62a Mon Sep 17 00:00:00 2001 From: Alexis Date: Tue, 28 Feb 2023 17:35:56 -0800 Subject: [PATCH 3/7] Update .github/workflows/merged.yaml --- .github/workflows/merged.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/merged.yaml b/.github/workflows/merged.yaml index 9ea6145c0..e9f67ae60 100644 --- a/.github/workflows/merged.yaml +++ b/.github/workflows/merged.yaml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Create Mattermost Message - #https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable + #https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#example-of-a-script-injection-attack env: NUMBER: ${{ github.event.number }} PR_URL: https://github.com/${{ github.repository }}/pull/${{ github.event.number }} From 077cfb7861a80eb161a38f2394686136263e44d5 Mon Sep 17 00:00:00 2001 From: Alexis Date: Fri, 3 Mar 2023 11:06:27 -0800 Subject: [PATCH 4/7] Update .github/workflows/merged.yaml Escape any double quotes in the Title that may come in --- .github/workflows/merged.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/merged.yaml b/.github/workflows/merged.yaml index e9f67ae60..dc3ec8f7e 100644 --- a/.github/workflows/merged.yaml +++ b/.github/workflows/merged.yaml @@ -19,7 +19,7 @@ jobs: USER: ${{ github.actor }} TITLE: ${{ github.event.pull_request.title }} run: | - echo "{\"text\":\"[$REPO] | [$TITLE #$NUMBER]($PR_URL) was merged into master by $USER.\"}" > mattermost.json + echo "{\"text\":\"[$REPO] | [${TITLE//\"/\\\"} #$NUMBER]($PR_URL) was merged into master by $USER.\"}" > mattermost.json - uses: mattermost/action-mattermost-notify@master env: MATTERMOST_WEBHOOK_URL: ${{ secrets.MATTERMOST_MERGE_WEBHOOK }} From 9f5e6667028a912f59307ba0c0ab4a7586630f99 Mon Sep 17 00:00:00 2001 From: Alexis Date: Fri, 3 Mar 2023 11:09:56 -0800 Subject: [PATCH 5/7] Add a space for link selection --- .github/workflows/merged.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/merged.yaml b/.github/workflows/merged.yaml index dc3ec8f7e..df10cd6be 100644 --- a/.github/workflows/merged.yaml +++ b/.github/workflows/merged.yaml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Create Mattermost Message - #https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#example-of-a-script-injection-attack + # https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#example-of-a-script-injection-attack env: NUMBER: ${{ github.event.number }} PR_URL: https://github.com/${{ github.repository }}/pull/${{ github.event.number }} From 6c22e29875883cd54a60df8818dfdd0a2d47e9a3 Mon Sep 17 00:00:00 2001 From: Alexis Date: Tue, 7 Mar 2023 12:42:39 -0800 Subject: [PATCH 6/7] Update to include sanitization for JSON file --- .github/workflows/merged.yaml | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/.github/workflows/merged.yaml b/.github/workflows/merged.yaml index df10cd6be..b33c901cf 100644 --- a/.github/workflows/merged.yaml +++ b/.github/workflows/merged.yaml @@ -18,8 +18,14 @@ jobs: REPO: ${{ github.repository }} USER: ${{ github.actor }} TITLE: ${{ github.event.pull_request.title }} - run: | - echo "{\"text\":\"[$REPO] | [${TITLE//\"/\\\"} #$NUMBER]($PR_URL) was merged into master by $USER.\"}" > mattermost.json + run: | + jq --null-input \ + --arg number "$NUMBER" \ + --arg pr_url "$PR_URL" \ + --arg repo "$REPO" \ + --arg user "$USER" \ + --arg title "$TITLE" \ + '{ "text": "[\($repo)] | [\($title) #\($number)](\($pr_url)) was merged into master by \($user)" }' > mattermost.json - uses: mattermost/action-mattermost-notify@master env: MATTERMOST_WEBHOOK_URL: ${{ secrets.MATTERMOST_MERGE_WEBHOOK }} From 40486f3ab458b584f766bec2fc2168360c86e35c Mon Sep 17 00:00:00 2001 From: Alexis Date: Wed, 8 Mar 2023 09:22:17 -0800 Subject: [PATCH 7/7] Fix indentation error --- .github/workflows/merged.yaml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/merged.yaml b/.github/workflows/merged.yaml index b33c901cf..d6dbe83c6 100644 --- a/.github/workflows/merged.yaml +++ b/.github/workflows/merged.yaml @@ -18,14 +18,14 @@ jobs: REPO: ${{ github.repository }} USER: ${{ github.actor }} TITLE: ${{ github.event.pull_request.title }} - run: | - jq --null-input \ - --arg number "$NUMBER" \ - --arg pr_url "$PR_URL" \ - --arg repo "$REPO" \ - --arg user "$USER" \ - --arg title "$TITLE" \ - '{ "text": "[\($repo)] | [\($title) #\($number)](\($pr_url)) was merged into master by \($user)" }' > mattermost.json + run: | + jq --null-input \ + --arg number "$NUMBER" \ + --arg pr_url "$PR_URL" \ + --arg repo "$REPO" \ + --arg user "$USER" \ + --arg title "$TITLE" \ + '{ "text": "[\($repo)] | [\($title) #\($number)](\($pr_url)) was merged into master by \($user)" }' > mattermost.json - uses: mattermost/action-mattermost-notify@master env: MATTERMOST_WEBHOOK_URL: ${{ secrets.MATTERMOST_MERGE_WEBHOOK }}