Note, in order for this to work, be sure to have a token available with required permissions to leverage the GitHub GraphQL API: Authenticating with GraphQL
name: Security Badger
on:
schedule:
# Every weekday every 2 hours during working hours, send notification
- cron: '0 8-17/2 * * 1-5'
jobs:
pr-reviews-reminder:
runs-on: ubuntu-latest
steps:
uses: SparkPost/security-badger@main
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_API_TOKEN }}
GITHUB_REPOSITORY: ${{ github.repository }}
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
with:
slackChannel: '#general'- Install dependencies via
npm install - Create a local
.envfile (which is ignored by git). Fill in values relevant to the target repo and Slack channel being tested:
GITHUB_REPOSITORY='<github/repo>'
GITHUB_TOKEN='<github-personal-access-token>'
SLACK_WEBHOOK_URL='<slack-app-webhook-url>'
SLACK_CHANNEL='<#slack-channel>'- Run
npm start
After installing dependencies, Security Badger can be compiled via npm run build. This helps
Security Badger run more quickly, avoiding a dependency installation step where it's integrated.
Though Node now supports ES Modules, custom GitHub actions do not yet support them as the runner is restricted to using Node version 12.
See relevant GitHub support thread.