-
Notifications
You must be signed in to change notification settings - Fork 2.2k
85 lines (85 loc) · 3.22 KB
/
secret-expiration.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
# Copyright (c) HashiCorp, Inc.
# SPDX-License-Identifier: Apache-2.0
#
# See IL-574 for secret and variables definitions
name: hashicorp/hashicat-azure/secret-expiration
on:
workflow_dispatch:
schedule:
# This is UTC
- cron: 37 4 * * *
permissions: {}
jobs:
check-arm-client-secret:
runs-on: ubuntu-latest
steps:
- name: Build Message
id: build-message
shell: python
continue-on-error: true
run: |-
import datetime
import os
expiry_date = datetime.datetime.fromisoformat("${{ vars.ARM_CLIENT_SECRET_EXPIRY }}")
now = datetime.date.today()
time_left = expiry_date.date() - now
days_left = time_left.days
print(f"ARM_CLIENT_SECRET has {days_left} days left")
# Set some output to trigger the Slack step
gho = open(os.environ.get('GITHUB_OUTPUT'), 'a')
gho.writelines([f'days_left={days_left}\n'])
if days_left <= int("${{ vars.ARM_CLIENT_SECRET_MIN_DAYS_REMAINING }}"):
gho.writelines(['do_notify=true\n'])
else:
gho.writelines(['do_notify=false\n'])
gho.close()
- name: Notify Slack on Build Message Error
id: notify-build-message-error
if: ${{ steps.build-message.outcome == 'failure' }}
uses: slackapi/slack-github-action@e28cf165c92ffef168d23c5c9000cffc8a25e117 # v1.24.0
with:
channel-id: ${{ vars.SLACK_NOTIFICATION_CHANNELS_FAIL_ONLY }}
payload: |-
{
"blocks": [
{
"type": "section",
"text": {
"type": "mrkdwn",
"text": ":exclamation: Workflow <${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|${{ github.workflow }} #${{ github.run_number }}> *FAILED*"
}
}
]
}
env:
SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}
- name: Notify Slack
id: notify-slack
if: ${{ steps.build-message.outputs.do_notify == 'true' }}
uses: slackapi/slack-github-action@e28cf165c92ffef168d23c5c9000cffc8a25e117 # v1.24.0
with:
channel-id: ${{ vars.SLACK_NOTIFICATION_CHANNELS_FAIL_ONLY }}
payload: |-
{
"blocks": [
{
"type": "section",
"text": {
"type": "mrkdwn",
"text": ":exclamation: Workflow <${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|${{ github.workflow }} #${{ github.run_number }}> *ALERT*"
}
},
{
"type": "divider"
},
{
"type": "section",
"text": {
"type": "mrkdwn",
"text": "The secret ARM_CLIENT_SECRET has ${{ steps.build-message.outputs.days_left }} days left, less than ${{ vars.ARM_CLIENT_SECRET_MIN_DAYS_REMAINING }}. See IL-574 for information on how to renew it"
}
}
]
}
env:
SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}