From be3059bc43800562c31fc41e5f46a2f3db879576 Mon Sep 17 00:00:00 2001 From: "Luiz F. C. Martins" <239121271+luiz1361@users.noreply.github.com> Date: Tue, 27 Jan 2026 09:45:23 +0000 Subject: [PATCH] chore: Remove unused workflows and update security policy --- .../workflows/honeycomb-deployment-marker.yml | 52 ------ .github/workflows/print-environment.yml | 13 -- .../workflows/slack-deployment-message.yml | 176 ------------------ README.md | 6 - SECURITY.md | 4 +- 5 files changed, 3 insertions(+), 248 deletions(-) delete mode 100644 .github/workflows/honeycomb-deployment-marker.yml delete mode 100644 .github/workflows/print-environment.yml delete mode 100644 .github/workflows/slack-deployment-message.yml delete mode 100644 README.md diff --git a/.github/workflows/honeycomb-deployment-marker.yml b/.github/workflows/honeycomb-deployment-marker.yml deleted file mode 100644 index 85b252a..0000000 --- a/.github/workflows/honeycomb-deployment-marker.yml +++ /dev/null @@ -1,52 +0,0 @@ -name: Honeycomb Deployment Marker -on: - workflow_call: - inputs: - dataset: - type: string - required: true - secrets: - honeycombTeamApiKey: - required: true - # TODO make this optional - # Then only attach Vercel deployment inspection URL when supplied - vercelToken: - required: true -jobs: - run: - if: github.event.deployment_status.state == 'success' - runs-on: ubuntu-latest - steps: - - name: Print GitHub Context Data 🖨 - run: echo '${{toJson(github)}}' | jq --color-output - - name: Print GitHub Environment variables 🖨 - run: npx @bahmutov/print-env GITHUB - - name: Create Honeycomb Marker - run: | - if [[ "${{github.event.deployment_status.environment}}" = "Production" ]]; then - dataset="${{inputs.dataset}}" - else - dataset="${{inputs.dataset}}-preview" - fi - - # We cut away the `https://` to get the hostname - deployment_hostname=$(echo ${{github.event.deployment_status.target_url}} | cut -c 9-) - - read deployment_url created ready < <(echo $(curl --silent https://api.vercel.com/v12/now/deployments/get?url=${deployment_hostname} -H "Authorization: Bearer ${{secrets.vercelToken}}" | jq -r ".inspectorUrl,.createdAt,.ready")) - - echo "Did get Vercel deployment information" - - created_formatted=$(echo $created | cut -c 1-10) - ready_formatted=$(echo $ready | cut -c 1-10) - - data="{ \"type\": \"deploy\", \"message\": \"Deploy of SHA ${{github.event.deployment.sha}}\", \"start_time\": ${created_formatted}, \"end_time\": ${ready_formatted}, \"url\": \"${deployment_url}\" }" - - curl https://api.honeycomb.io/1/markers/${dataset} \ - --fail \ - --silent \ - --show-error \ - -X POST \ - -H "X-Honeycomb-Team: ${{secrets.honeycombTeamApiKey}}" \ - -d "${data}" - - echo "Did create a Honeycomb marker" diff --git a/.github/workflows/print-environment.yml b/.github/workflows/print-environment.yml deleted file mode 100644 index cfcdb80..0000000 --- a/.github/workflows/print-environment.yml +++ /dev/null @@ -1,13 +0,0 @@ -name: Print Environment -on: - - workflow_call -jobs: - run: - runs-on: ubuntu-latest - steps: - - name: Print GitHub Context Data 🖨 - env: - GITHUB_CONTEXT_JSON: ${{toJson(github)}} - run: echo "$GITHUB_CONTEXT_JSON" | jq --color-output || true - - name: Print GitHub Environment variables 🖨 - run: npx @bahmutov/print-env GITHUB diff --git a/.github/workflows/slack-deployment-message.yml b/.github/workflows/slack-deployment-message.yml deleted file mode 100644 index 1cabeec..0000000 --- a/.github/workflows/slack-deployment-message.yml +++ /dev/null @@ -1,176 +0,0 @@ -# https://www.notion.so/prismaio/Prisma-Development-Slack-App-49969876d7a1449991336ed2e5c1e87c -name: Slack Deployment Message -on: - workflow_call: - inputs: - url: - description: URL of the deployment. - type: string - required: true - production: - description: Is this a production deployment? If it is, a specific slack channel is used. By default is true when branch is trunk. Accepts "true" or "false". - type: string - required: false - secrets: - vercelToken: - description: The token to interact with the Vercel API to get additional deployment info. If given, the deployment is inferred to be a Vercel deployment. - required: false - slackToken: - required: true -jobs: - run: - runs-on: ubuntu-latest - steps: - - name: Print GitHub Context Data 🖨 - env: - GITHUB_CONTEXT_JSON: ${{toJson(github)}} - run: echo "$GITHUB_CONTEXT_JSON" | jq --color-output || true - - name: Print GitHub Environment variables 🖨 - run: npx @bahmutov/print-env GITHUB - - name: Build Slack Payload - run: | - # TODO get this from the repository default branch setting. - trunkBranchName='main' - # On push event github.ref will be "refs/heads/${branchName}" - # On pull_request event closed type github.ref will be "${branchName}" of the branch being merged into. - if [ '${{inputs.production}}' == '' ]; then - if [ '${{github.ref}}' == "$trunkBranchName" ]; then - isProduction='true' - elif [ '${{github.ref}}' == "refs/heads/$trunkBranchName" ]; then - isProduction='true' - else - isProduction='false' - fi - else - isProduction='${{inputs.production}}' - fi - echo "isProduction="$isProduction"" - - echo "Get Commit Info:" - commitInfo=$(curl \ - --silent \ - --fail \ - --request GET \ - --header "accept: application/vnd.github.v3+json" \ - --header "authorization: Bearer ${{github.token}}" \ - "https://api.github.com/repos/${{github.repository}}/commits/${{github.sha}}" \ - ) - echo $commitInfo | jq --color-output - - # We cut away the `https://` to get the hostname - # In some cases, like act CLI, there is no HTTPS prefix. - echo 'inputs.url = ${{inputs.url}}' - deploymentHostName='' - if [[ '${{inputs.url}}' == https://* ]]; then - echo "inputs.url has https prefix" - deploymentHostName=$(echo '${{inputs.url}}' | cut -c 9-) - echo $deploymentHostName - else - echo "inputs.url has no https prefix" - deploymentHostName='${{inputs.url}}' - fi - echo "deploymentHostName="$deploymentHostName"" >> $GITHUB_ENV - echo "deploymentHostName=$deploymentHostName" - - # TODO Add support for other deployment types. - if [ '${{secrets.vercelToken}}' != '' ]; then - echo "Get Vercel Deployment Info:" - deploymentInfo=$(curl \ - --silent \ - --fail \ - --header "authorization: Bearer ${{secrets.vercelToken}}" \ - "https://api.vercel.com/v13/deployments/${deploymentHostName}" \ - ) - echo $deploymentInfo | jq --color-output - - echo "build commitPullRequestNumber" - commitPullRequestNumber=$(echo $deploymentInfo | jq -r ".meta.githubPrId") - echo "commitPullRequestNumber="$commitPullRequestNumber"" - - echo "build appName" - appName=$(echo $deploymentInfo | jq -r ".name") - echo "appName="$appName"" - - echo "build deploymentInspectorUrl" - deploymentInspectorUrl=$(echo $deploymentInfo | jq -r ".inspectorUrl") - echo "deploymentInspectorUrl="$deploymentInspectorUrl"" - fi - - echo "build various values" - - echo "build commit_author_display_name" - commit_author_display_name=$(echo "$commitInfo" | jq -r '.commit.author.name') - echo "commit_author_display_name="$commit_author_display_name"" - - echo "build commit_author_login" - commit_author_login=$(echo "$commitInfo" | jq -r '.author.login') - echo "commit_author_login="$commit_author_login"" - - echo "build commit_message" - commit_message=$(echo "$commitInfo" | jq -r '.commit.message') - echo "commit_message="$commit_message"" - - echo "build commit_sha_short" - commit_sha_short=$(echo '${{github.sha}}' | cut -c-7) - echo "commit_sha_short="$commit_sha_short"" - - echo "build commit_ref" - commit_ref=$(echo $commit_ref | jq -r ".meta.githubCommitRef") - echo "commit_ref="$commit_ref"" - - if [ "$commitPullRequestNumber" == "null" ]; then - unset commitPullRequestNumber - fi - - if [ "$isProduction" == 'true' ]; then - #feed-pdp-deployments - slackChannel='C033BSD1YSE' - else - #feed-pdp-deployments-preview - slackChannel='C033EL7UMS6' - fi - - if [ -z $commitPullRequestNumber ]; then - pull_request_slack_message_part="(not part of an open PR)" - else - pull_request_slack_message_part="from pull request " - fi - - echo "build slackText" - slackText=$(cat < by ${pull_request_slack_message_part} was successfully deployed. - ${commit_message} - → - → <${deploymentInspectorUrl}|Inspect deployment> - EOF - ) - - echo "build slackPayload" - slackPayload=$(jq \ - --null-input \ - --arg slackChannel "$slackChannel" \ - --arg slackText "$slackText" \ - ' - { - "channel": $slackChannel, - "unfurl_links": false, - "unfurl_media": false, - "blocks": [ - { "type": "section", "text": { "type": "mrkdwn", "text": $slackText }} - ] - } - ' \ - ) - echo "SLACK_PAYLOAD="$slackPayload"" >> $GITHUB_ENV - echo "$slackPayload" | jq --color-output - - name: Write message to Slack channel - run: | - curl \ - --silent \ - --fail \ - --request POST \ - --header "Content-type: application/json" \ - --header "Authorization: Bearer ${{secrets.slackToken}}" \ - --data '${{env.SLACK_PAYLOAD}}' \ - https://slack.com/api/chat.postMessage | jq --color-output diff --git a/README.md b/README.md deleted file mode 100644 index 491d576..0000000 --- a/README.md +++ /dev/null @@ -1,6 +0,0 @@ -# .github - -Prisma organization level resources: - -1. Configuration for installed GitHub apps ([example](zeke/semantic-pull-requests/issues/87#issuecomment-616334670)) -2. Shared GitHub Action workflows ([docs](https://docs.github.com/en/actions/using-workflows/sharing-workflows-secrets-and-runners-with-your-organization)) diff --git a/SECURITY.md b/SECURITY.md index 5d93b0a..4f9a326 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -1,3 +1,5 @@ # Security Policy -If you have a security issue to report, please contact us at [security@prisma.io](mailto:security@prisma.io). +To keep our customer data and systems safe, we don't allow security testing or scanning of Prisma infrastructure without prior authorization. +If you believe you've found a security vulnerability, please disclose it by sending an email to [security@prisma.io](mailto:security@prisma.io). +Please note that we do not offer monetary compensation for reporting vulnerabilities.