Automatically include the security team on a PR if there are critical issues | Feature Requests

Automatically include the security team on a PR if there are critical issues

under review

Louis Barrett

Add a specific team, e.g. "@company/security" as a reviewer on any PR that has a particular issue in it.

Created by Feross Aboukhadijeh (Socket)

August 23, 2023

Feross Aboukhadijeh (Socket)

marked this post as

under review

Joévin SOULENQ

Louis Barrett you can make that on your side with a small Github Action:

- name: 'Add @company/security as reviewer if Socket fails'
  uses: actions/github-script@v6
  with:
    script: |
      const { owner, repo, number } = context.issue
      const pr = await github.rest.pulls.get({
        owner,
        repo,
        pull_number: number,
      });
      const { data: { check_runs: [latestCheck] } } = await github.rest.checks.listForRef({
        owner,
        repo,
        ref: pr.data.head.sha,
        check_name: 'Socket Security: Pull Request Alerts'
      });
      if (latestCheck && latestCheck.conclusion === 'failure') {
        console.log('Requesting review of @company/security');
        await github.rest.pulls.requestReviewers({
          owner,
          repo,
          pull_number: number,
          team_reviewers: ['security']
        })
      } else {
        console.log('No check runs found');
      }