mongodb · cveticm · May 26, 2025 · May 22, 2025 · May 26, 2025 · May 26, 2025
@@ -0,0 +1,88 @@
+name: Create JIRA ticket for dependabot prs
+
+on:
+  pull_request:
+    types: [opened]
+
+permissions: 
+  pull-requests: write
+  contents: write
+  repository-projects: read
+jobs:
+  jira_task:
+    name: Create Jira issue
+    runs-on: ubuntu-latest
+    if: github.actor == 'dependabot[bot]'
+    steps:
+    - uses: GitHubSecurityLab/actions-permissions/monitor@v1
+      with:
+        config: ${{ vars.PERMISSIONS_CONFIG }}
+    - name: Checkout code
+      uses: actions/[email protected]
+      with:
+        fetch-depth: 2
+    - name: set Apix Bot token
+      id: app-token
+      uses: mongodb/apix-action/token@3024080388613583e3bd119bfb1ab4b4dbf43c42
+      with:
+        app-id: ${{ secrets.APIXBOT_APP_ID }}
+        private-key: ${{ secrets.APIXBOT_APP_PEM }}
+    - name: Find JIRA team
+      id: find
+      run: |
+        # shellcheck disable=SC2016 # intended use of single quotes
+        GH_TEAM="$(git diff HEAD~1..HEAD -- go.mod | grep -v '// indirect' | grep -i '^\-' | grep -v '^\-\-\-' | awk '{print $2}' | xargs -I $$ jq -r --arg i $$ '.[$i]' build/ci/library_owners.json | head -1)"
+        if [[ ("$GH_TEAM" == "") || ("$GH_TEAM" == "null") ]]; then
+          GH_TEAM="apix-2"
+        fi
+        echo "GH_TEAM=$GH_TEAM"
+        JIRA_TEAM="$(jq -r --arg i "$GH_TEAM" '.[$i]' < build/ci/library_owners_jira.json)"
+        echo "JIRA_TEAM=$JIRA_TEAM"
+        echo "assigned_team=$JIRA_TEAM" >> "${GITHUB_OUTPUT}"
+    - name: Create JIRA ticket
+      uses: mongodb/apix-action/create-jira@v8
+      id: create
+      with:
+        token: ${{ secrets.JIRA_API_TOKEN }}
+        project-key: CLOUDP
+        summary: AtlasCLI Dependency Update n. ${{ github.event.pull_request.number }}
+        issuetype: Story
+        description: "This ticket tracks the following GitHub pull request: ${{ github.event.pull_request.html_url }}."
+        components: AtlasCLI
+        assignee: ${{ secrets.ASSIGNEE_JIRA_TICKET }}
+        extra-data: |
+          {
+            "fields": {
+              "fixVersions": [
+                {
+                  "id": "41805"
+                }
+              ],
+              "customfield_12751": [
+                {
+                  "id": "${{ steps.find.outputs.assigned_team }}"
+                }
+              ],
+              "customfield_10257": {
+                "id": "11861"
+              }
+            }
+          }
+    - name: Add comment
+      uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043
+      with:
+        issue-number: ${{ github.event.pull_request.number }}
+        body: |
+          The ticket [${{ steps.create.outputs.issue-key }}](https://jira.mongodb.org/browse/${{ steps.create.outputs.issue-key }}) was created for internal tracking.
+
+          Note: Jira ticket will be closed automatically when this PR is merged.
+    - name: Add auto_close_jira label
+      env:
+        GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      run: |
+        gh pr edit "${{github.event.pull_request.html_url}}" --add-label "auto_close_jira"
+    - name: Set auto merge
+      env:
+        GH_TOKEN: ${{ steps.app-token.outputs.token }}
+      run: |
+        gh pr merge "${{ github.event.pull_request.html_url }}" --auto --squash
@@ -0,0 +1,48 @@
+name: Update PURLs list for dependabot prs
+
+on:
+  pull_request
+
+permissions:
+  pull-requests: write
+  contents: write
+  repository-projects: read
+jobs:
+  update-purls:
+    name: Update PURLs
+    runs-on: ubuntu-latest
+    if: github.actor == 'dependabot[bot]'
+    steps:
+    - uses: GitHubSecurityLab/actions-permissions/monitor@v1
+      with:
+        config: ${{ vars.PERMISSIONS_CONFIG }}
+    - name: Set Apix Bot token
+      id: app-token
+      uses: mongodb/apix-action/token@3024080388613583e3bd119bfb1ab4b4dbf43c42
+      with:
+        app-id: ${{ secrets.APIXBOT_APP_ID }}
+        private-key: ${{ secrets.APIXBOT_APP_PEM }}
+    - name: Checkout code
+      uses: actions/[email protected]
+      with:
+        ref: ${{ github.head_ref }}
+        token: ${{ steps.app-token.outputs.token }}
+        fetch-depth: 0
+    - uses: actions/setup-go@v5
+      with:
+        go-version-file: 'go.mod'
+    - run: make gen-purls
+    - name: Commit updated purls.txt if changed
+      env:
+        BRANCH_NAME: ${{ github.head_ref }}
+      run: |
+        echo "Changes to purls.txt:"
+        if git diff --exit-code build/package/purls.txt; then
+          echo "No changes to purls.txt"
+        else 
+          git config --global user.name "${{ steps.app-token.outputs.user-name }}"
+          git config --global user.email "${{ steps.app-token.outputs.user-email }}"
+          git add build/package/purls.txt
+          git commit -m "chore: update purls.txt"
+          git push origin "$BRANCH_NAME"
+        fi