scripts/notify_soc.py · secure-cicd-pipeline

46 lines · python

import json
import os
import sys
from urllib import error, request
 
TIMEOUT = 10
 
 
def build_event():
    status = os.environ.get("PIPELINE_STATUS", "unknown")
    return {
        "source": "github-actions",
        "pipeline": "security-pipeline",
        "status": status,
        "outcome": "success" if status == "success" else "failure",
        "repository": os.environ.get("REPO"),
        "commit": os.environ.get("COMMIT"),
        "actor": os.environ.get("ACTOR"),
        "run_url": os.environ.get("RUN_URL"),
    }
 
 
def main():
    hook = os.environ.get("SHUFFLE_WEBHOOK_URL")
    if not hook:
        print("SHUFFLE_WEBHOOK_URL not set, skipping SOC notification")
        return 0
    if not hook.lower().startswith(("https://", "http://")):
        print("SHUFFLE_WEBHOOK_URL must be an http(s) URL", file=sys.stderr)
        return 1
    event = build_event()
    body = json.dumps(event).encode("utf-8")
    req = request.Request(
        hook, data=body, headers={"Content-Type": "application/json"}, method="POST"
    )
    try:
        with request.urlopen(req, timeout=TIMEOUT) as resp:
            print(f"SOC webhook responded {resp.status}")
    except (error.URLError, error.HTTPError) as exc:
        print(f"failed to reach SOC webhook: {exc}", file=sys.stderr)
        return 0
    return 0
 
 
if __name__ == "__main__":
    sys.exit(main())

1	import json
2	import os
3	import sys
4	from urllib import error, request
5
6	TIMEOUT = 10
7
8
9	def build_event():
10	status = os.environ.get("PIPELINE_STATUS", "unknown")
11	return {
12	"source": "github-actions",
13	"pipeline": "security-pipeline",
14	"status": status,
15	"outcome": "success" if status == "success" else "failure",
16	"repository": os.environ.get("REPO"),
17	"commit": os.environ.get("COMMIT"),
18	"actor": os.environ.get("ACTOR"),
19	"run_url": os.environ.get("RUN_URL"),
20	}
21
22
23	def main():
24	hook = os.environ.get("SHUFFLE_WEBHOOK_URL")
25	if not hook:
26	print("SHUFFLE_WEBHOOK_URL not set, skipping SOC notification")
27	return 0
28	if not hook.lower().startswith(("https://", "http://")):
29	print("SHUFFLE_WEBHOOK_URL must be an http(s) URL", file=sys.stderr)
30	return 1
31	event = build_event()
32	body = json.dumps(event).encode("utf-8")
33	req = request.Request(
34	hook, data=body, headers={"Content-Type": "application/json"}, method="POST"
35	)
36	try:
37	with request.urlopen(req, timeout=TIMEOUT) as resp:
38	print(f"SOC webhook responded {resp.status}")
39	except (error.URLError, error.HTTPError) as exc:
40	print(f"failed to reach SOC webhook: {exc}", file=sys.stderr)
41	return 0
42	return 0
43
44
45	if __name__ == "__main__":
46	sys.exit(main())