-
Notifications
You must be signed in to change notification settings - Fork 64
41 lines (36 loc) · 1.4 KB
/
security-analysis.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
name: "Flag the PRs touching security related code"
on:
pull_request:
branches: [ v2.x.x, v3.x.x ]
jobs:
analyze:
name: Identify security related PR
runs-on: ubuntu-latest
timeout-minutes: 20
permissions: write-all
steps:
- uses: actions/github-script@v7
with:
script: |
const owner = "zowe";
const repository = "api-layer";
const prNumber = ${{ github.event.pull_request.number }};
const { data } = await github.rest.pulls.listFiles({
owner: owner,
repo: repository,
pull_number: prNumber
});
let isRisky = false;
data.forEach(file => {
if(file.filename.indexOf("security") !== -1) {
isRisky = true;
}
});
if(isRisky) {
await github.rest.issues.addLabels({
owner,
repo: repository,
issue_number: prNumber,
labels: ['Sensitive']
});
}