forked from akinjanata/docs
-
Notifications
You must be signed in to change notification settings - Fork 0
50 lines (41 loc) · 3.18 KB
/
secret-scanning-pattern-table-updates.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
name: Secret Scanning Pattern Table Updates
# **What it does**: When a PR that updates `data/secret-scanning.yml` is opened in docs-internal, it adds the `ready-for-docs-review` label, as well as a comment explaining what this PR is for and that it needs to be reviewed quickly. It also provides reviewing instructions, and gives details of who can help.
# **Why we have it**: To help Docs Content team members know what to do with this sort of PRs, or to direct them to who can help if they don't feel comfortable reviewing the PR themselves.
# **Who does it impact**: docs-internal maintainers and docs content first responders.
on:
pull_request:
types: [opened]
paths:
- data/secret-scanning.yml
permissions:
contents: read
pull-requests: write
repository-projects: write
jobs:
Process-secret-scanning-PR:
runs-on: ubuntu-latest
if: github.repository == 'github/docs-internal'
steps:
- name: Check out repo
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Label pull requests updating the secret-scanning.yml file with ready-for-doc-review
run: gh pr edit $PR --add-label "ready-for-doc-review"
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
PR: ${{ github.event.pull_request.html_url }}
- name: Comment on the secret scanning partners PR
run: >
gh pr comment $PR --body "This PR updates data for secret scanning patterns
in the _/data/secret-scanning.yml_ file. The data in this file is used
to populate the tables in the '[Secret scanning
patterns](https://docs.github.com/en/code-security/secret-scanning/secret-scanning-patterns#supported-secrets)' article at build time.
- The secret scanning team updates this file fairly regularly, and raises PRs in the `docs-internal` repository to update our docs accordingly. We've agreed to review these PRs **quickly** as the changes are already effective when these PRs reach us.
- Anyone in the Docs Content team can review and merge this PR. A few guidelines:
- You can only merge this PR if it's had a technical review (see who's approved it in the 'Reviewers' section in the top right corner).
- To test that the changes appear on Staging, look at the preview of the 'Secret scanning patterns' file. You may need to use the product picker to look at the table for different GitHub products, and test the versioning.
- If you don't feel comfortable reviewing this PR, please post a link to it in the #code-security-docs Slack channel so someone from the Dependencies & Secrets focus team can take a look.
- For more information about this automation, and the reasons why we have decided to implement it, see [About automations for Dependencies & Secrets](https://github.com/github/docs-content/blob/main/focus-areas/code-security/about-automations-for-dependencies-and-secrets.md#secret-scanning-prs-adding-new-supported-patterns) in the 'docs-content' repository.
- Thank you :fishsticks: :sparkling_heart:"
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
PR: ${{ github.event.pull_request.html_url }}