From ffbdad996488890b87c27cae29db6d37e0f7c702 Mon Sep 17 00:00:00 2001 From: OZMOHYNSK Date: Mon, 11 Nov 2024 14:48:51 +0900 Subject: [PATCH] =?UTF-8?q?#96=20Slack=20=EC=97=B0=EA=B2=B0=20=ED=85=8C?= =?UTF-8?q?=EC=8A=A4=ED=8A=B8?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/main.yml | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 25b9608..a850761 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -48,6 +48,29 @@ jobs: source_path: . aws_region: ap-northeast-1 + # 6. CodeGuru 보안 분석 결과 확인 + - name: Evaluate CodeGuru results + id: evaluate + run: | + CRITICAL_ISSUES=$(jq '.runs[].results[] | select(.level == "error") | .level' codeguru-security-results.sarif.json | wc -l) + echo "CRITICAL_ISSUES=$CRITICAL_ISSUES" >> $GITHUB_OUTPUT + + # 7. Slack으로 알림. 경우에 따라 정지. + - name: Notify Slack and stop if critical issues found + if: steps.evaluate.outputs.CRITICAL_ISSUES != '0' + uses: slackapi/slack-github-action@v1 + with: + slack-bot-user-oauth-access-token: ${{ secrets.SLACK_BOT_TOKEN }} + slack-channel: C0806L48YJH + slack-text: "❌ Critical security issues found in the code. CI process stopped. Please check CodeGuru results." + env: + SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }} + + # 8. If CI 정지. + - name: Stop workflow if critical issues found + if: steps.evaluate.outputs.CRITICAL_ISSUES != '0' + run: exit 1 + # 6. AWS 자격 증명 재구성 (서울 리전) - ECR - name: Configure AWS credentials uses: aws-actions/configure-aws-credentials@v1 @@ -127,3 +150,14 @@ jobs: fi env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + # 13. + - name: Notify Slack about successful CI + if: success() + uses: slackapi/slack-github-action@v1 + with: + slack-bot-user-oauth-access-token: ${{ secrets.SLACK_BOT_TOKEN }} + slack-channel: C0806L48YJH + slack-text: "✅ CI process completed successfully. Ready for CD." + env: + SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}