mesoform · danperezsan · Apr 25, 2023 · Apr 25, 2023 · Apr 25, 2023 · Apr 25, 2023
diff --git a/.github/workflows/dependabot-pr-to-slack.yml b/.github/workflows/dependabot-pr-to-slack.yml
@@ -0,0 +1,23 @@
+name: Notify about PR ready for review
+
+on:
+  pull_request:
+    branches: ["master"]
+
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
+
+jobs:
+  slackNotification:
+    name: Slack Notification
+    if: startsWith(github.head_ref, 'dependabot/') # This step only runs when PR has dependabot/ HEAD
+    runs-on: ubuntu-latest
+    steps:
+    # Latest version available at: https://github.com/actions/checkout/releases
+    - uses: actions/checkout@v3
+    - name: Slack Notification
+      # Latest version available at: https://github.com/kv109/action-ready-for-review/releases
+      uses: kv109/action-ready-for-review@0.2
+      env:
+        SLACK_CHANNEL: alerts
+        SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
diff --git a/.github/workflows/dependabot-vulns-to-slack.yaml b/.github/workflows/dependabot-vulns-to-slack.yaml
@@ -0,0 +1,19 @@
+name: 'Dependabot vulnerabilities notification to Slack'
+
+on:
+  schedule:
+    - cron: '0 10 * * 1' # At 10:00 on Monday
+
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
+
+jobs:
+  Notify-Vulnerabilites:
+    runs-on: ubuntu-latest
+    steps:
+      # Latest version available at: https://github.com/kunalnagarco/action-cve/releases
+      - name: Notify Vulnerabilities
+        uses: kunalnagarco/action-cve@v1.7.33
+        with:
+          token: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
+          slack_webhook: ${{ secrets.SLACK_WEBHOOK }}