Merge pull request #123 from radixdlt/DO-2613

ci: Add slack notification on phylum daily analysis
radixdlt · Jul 25, 2024 · 11ce1b5 · 11ce1b5
2 parents 47feb4e + e04b194
commit 11ce1b5
Show file tree

Hide file tree

Showing 3 changed files with 29 additions and 11 deletions.
diff --git a/.github/workflows/phylum-daily-analysis.yaml b/.github/workflows/phylum-daily-analysis.yaml
@@ -2,8 +2,12 @@ name: Daily Analysis Phylum
 
 on:
   schedule:
-    # Runs at 14:00 UTC every day
-    - cron: '0 14 * * *'
+    # Runs at 13:00 UTC every day
+    - cron: '0 13 * * *'
+env:
+  PHYLUM_PROJECT_ID: f41e9675-0a5d-4722-8ef8-3db8cbc8b8a8
+  PHYLUM_GROUP_NAME: Protocol
+  PHYLUM_NAME: radix-engine-toolkit
 jobs:
   analyze_branch_phylum:
     name: Analyze dependencies with Phylum
@@ -35,10 +39,24 @@ jobs:
       - name: Run Phylum Analysis
         env: 
           PHYLUM_API_KEY: ${{ secrets.PHYLUM_API_KEY }}         
-        run: phylum analyze --quiet --label ${{ matrix.branch }}_branch_daily_schedule > /dev/null 2>&1 || 
-          if [ $? -eq 100 ]; then 
-            echo "Phylum Analysis returned exit code 100, but continuing."; 
+        run: | 
+          phylum analyze --quiet --label ${{ matrix.branch }}_branch_daily_schedule > /dev/null 2>&1 || exit_code=$?
+          if [ $exit_code -eq 100 ]; then 
+            echo "Phylum Analysis returned exit code 100, but continuing.";
+            echo "phylum_analyze_status=failure" >> $GITHUB_ENV 
             exit 0; 
           else 
+            echo "phylum_analyze_status=success" >> $GITHUB_ENV 
             exit $?; 
-          fi
+          fi
+      - name: Analysis Status Failure notification
+        if: always()
+        uses: RDXWorks-actions/notify-slack-action@master
+        with:
+          status: ${{ env.phylum_analyze_status }}
+          notify_when: 'failure'
+          notification_title: ':clock3: Phylum Scheduled Daily Analysis:'
+          message_format: 'Automatic phylum analysis has found vulnerabilities on ${{ env.PHYLUM_NAME }} in ${{ matrix.branch }} branch:boom:'
+          footer: "Linked Repository <{repo_url}|{repo}> | <https://app.phylum.io/projects/${{ env.PHYLUM_PROJECT_ID }}?label=${{ matrix.branch }}_branch_daily_schedule&group=${{ env.PHYLUM_GROUP_NAME }}|View Report> "
+        env:
+          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_PHYLUM_PROTOCOL_TEAM_WEBHOOK }}
diff --git a/.github/workflows/release-kotlin.yml b/.github/workflows/release-kotlin.yml
@@ -37,7 +37,7 @@ jobs:
           rustup toolchain install nightly-2024-02-01
 
           # Update both toolchains
-          rustup update nightly-2024-02-01-2023-11-24
+          rustup update nightly-2023-11-24
           rustup update nightly-2024-02-01
 
           # Add target

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -33,7 +33,7 @@ jobs:
     - name: Install Rust Toolchain
       uses: RDXWorks-actions/toolchain@master
       with:
-        toolchain: nightly-2024-02-01-2023-11-24
+        toolchain: nightly-2024-02-01
         default: true
         components: rustfmt, clippy
     - name: Install cargo nextest
@@ -67,7 +67,7 @@ jobs:
     - name: Install Rust Toolchain
       uses: RDXWorks-actions/toolchain@master
       with:
-        toolchain: nightly-2024-02-01-2023-11-24
+        toolchain: nightly-2024-02-01
         default: true
         components: rustfmt
     - name: Check formatting
@@ -79,7 +79,7 @@ jobs:
     - name: Install Rust Toolchain
       uses: RDXWorks-actions/toolchain@master
       with:
-        toolchain: nightly-2024-02-01-2023-11-24
+        toolchain: nightly-2024-02-01
         default: true
         profile: minimal
     - name: Cargo Check
@@ -91,7 +91,7 @@ jobs:
     - name: Install Rust Toolchain
       uses: RDXWorks-actions/toolchain@master
       with:
-        toolchain: nightly-2024-02-01-2023-11-24
+        toolchain: nightly-2024-02-01
         default: true
         components: rustfmt, clippy
     - name: Clippy Check