Closed Bug 1742852 Opened 3 years ago Closed 3 years ago

Assess use of external addon slack-send in Mozilla's GitHub organization Mozilla

Categories

(mozilla.org :: Github: Administration, task)

Product:
mozilla.org
Component:
Github: Administration
Type:
task

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: dlactin, Assigned: cknowles)

Details

I want to use the slack-send addon in Mozilla for the following reasons:

We would like to use a GitHub action in the fxa repository to upload files to an s3 bucket and send a message to a Slack channel when this action has been run.

Below are my answers to your stock questions:

** Which repositories do you want to have access?

https://github.com/mozilla/fxa

** Are any of those repositories private?

No

** Provide the Install link for a GitHub app

https://github.com/marketplace/actions/slack-send

Routing this past Secops for approval.

Flags: needinfo?(hwine)

We have a contract with slack, and this action comes from their verified organization, so okay to put slackapi/slack-github-action@* in the allow list. (Apologies if the syntax is wrong.)

Flags: needinfo?(hwine)

Checking out the page, that looks like the right syntax. (it matches what's in their install page, and is similar in tone to the existing items in the allow list.

I've added your suggested line. Closing out, please reopen if things don't work as expected.

Assignee: nobody → cknowles
Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.