Bump step-security/harden-runner from 2.7.0 to 2.7.1 (#954) #294
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Dispatch Status Change Notifications (discord and email) | |
| permissions: | |
| contents: read | |
| actions: write | |
| on: | |
| push: | |
| branches: | |
| - main | |
| defaults: | |
| run: | |
| shell: bash | |
| jobs: | |
| DispatchNotifications: | |
| runs-on: [self-hosted, Linux, medium, ephemeral] | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1 | |
| with: | |
| egress-policy: audit | |
| - name: Check out repository code | |
| uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Get status changes and hipnames then dispatch jobs | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| arrayOfFiles=() | |
| while IFS= read -r; do | |
| arrayOfFiles+=("${REPLY}") | |
| done < <(git diff HEAD~1..HEAD -G'status:' --name-only | grep .md) | |
| arrayOfStatuses=() | |
| while IFS= read -r; do | |
| arrayOfStatuses+=("${REPLY}") | |
| done < <(git diff HEAD~1..HEAD -G'status:' | egrep "^\+status:" | cut -d ":" -f2) | |
| for ((i=0; i<${#arrayOfFiles[@]}; i++)); do | |
| echo "Initiating Discord workflow" | |
| gh workflow run send-discord-message.yml -f "filename=$(basename ${arrayOfFiles[$i]} .md)" -f "status=${arrayOfStatuses[$i]}" | |
| if [[ ${arrayOfStatuses[$i]} == " Last Call" ]]; then | |
| echo "Initiating Last Call workflow" | |
| gh workflow run send-email.yml -f "filename=$(basename ${arrayOfFiles[$i]} .md)" -f "status=Last Call" | |
| fi | |
| done |