Merge branch 'master' into dependabot/npm_and_yarn/master/react-dom-19.2.4

svetlana-efimova · web-flow · commit b83a97a53ba7 · 2026-02-03T09:21:43.000-08:00
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -20,6 +20,10 @@ on:
         description: 'Use the GitHub-hosted large runner. Allowed values are true or false. Caution - this results in additional charges to the organization.'
         required: false
         default: 'false'
+      securityAdvisoryPublished:
+        description: 'Indicates if a security advisory has been published. Provide the title of the security advisory if true, otherwise leave empty. Example: Security Advisory 007- MongoDB zlib Compression Memory'
+        required: false
+        default: ''
 
 env:
   GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -171,6 +175,51 @@ jobs:
           SLACKIFY_MARKDOWN: true
           ENABLE_ESCAPES: true
           SLACK_MESSAGE: "The large runner release job for `${{ github.workflow }}` in `${{ github.repository }}` failed at step: `${{ env.CURRENT_STEP }}`. [View details](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }})."
+  
+  post-security-advisory:
+    name: "Post Security Advisory Notification"
+    if: always() && (needs.build-large-runner.result == 'success' || needs.build-self-hosted-runner.result == 'success') && github.event_name == 'workflow_dispatch' && github.event.inputs.securityAdvisoryPublished != ''
+    needs: [build-self-hosted-runner,build-large-runner]
+    runs-on: ubuntu-latest
+    steps:
+      - name: Slugify Security Advisory Title
+        id: slugify
+        run: |
+          echo "CURRENT_STEP=Security Advisory URL" >> $GITHUB_ENV
+          SECURITY_ADVISORY_PUBLISHED="${{ github.event.inputs.securityAdvisoryPublished }}"
+          # Create a slug by converting to lowercase, removing periods and colons, and replacing spaces and special characters with hyphens
+          SLUG=$(echo "$SECURITY_ADVISORY_PUBLISHED" \
+            | tr '[:upper:]' '[:lower:]' \
+            | sed 's/\.//g' \
+            | sed 's/\://g' \
+            | sed 's/[^a-z0-9-]/-/g')
+          SECURITY_ADVISORY_URL="https://docs.spectrocloud.com/security-bulletins/security-advisories/#${SLUG}"
+          echo "Security Advisory URL: ${SECURITY_ADVISORY_URL}"
+          # Export the URL as a step output so later steps can read it
+          echo "security_advisory_url=${SECURITY_ADVISORY_URL}" >> "$GITHUB_OUTPUT"
+
+      - name: Notify Slack
+        uses: rtCamp/action-slack-notify@v2.3.3
+        env:
+          SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_URL }}
+          SLACK_USERNAME: "spectromate"
+          SLACK_ICON_EMOJI: ":robot_panic:"
+          SLACK_COLOR: "#1E90FF"
+          SLACK_MESSAGE: |
+            :information_source: *<${{ steps.slugify.outputs.security_advisory_url }}|${{ github.event.inputs.securityAdvisoryPublished }}>* has just been published!
+            
+      - name: Slack Notification on Failure
+        if: ${{ failure() }}
+        uses: rtCamp/action-slack-notify@v2.3.3
+        env:
+          SLACK_WEBHOOK: ${{ secrets.SLACK_PRIVATE_TEAM_WEBHOOK }}
+          SLACK_USERNAME: "spectromate"
+          SLACK_ICON_EMOJI: ":robot_panic:"
+          SLACK_COLOR: "danger"
+          SLACKIFY_MARKDOWN: true
+          ENABLE_ESCAPES: true
+          SLACK_MESSAGE: "The post-security-advisory job for `${{ github.workflow }}` in `${{ github.repository }}` failed at step: `${{ env.CURRENT_STEP }}`. [View details](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }})."
+
 
   release:
     name: "Release"
