GitHub Dependabot Alert to Opsgenie to Microsoft Teams

arazzo: 1.0.1
info:
  title: GitHub Dependabot Alert to Opsgenie to Microsoft Teams
  summary: Pull a Dependabot alert, raise an Opsgenie alert, then announce in Teams.
  description: >-
    A DevSecOps supply-chain workflow that lists Dependabot vulnerability alerts
    for a GitHub repository, raises an Opsgenie alert for the top finding, and
    announces it in a Microsoft Teams channel. Demonstrates chaining a
    source-control provider, an alerting provider, and a collaboration provider
    in a single Arazzo workflow.
  version: 1.0.0
sourceDescriptions:
  - name: githubDependabot
    url: https://raw.githubusercontent.com/api-evangelist/github/refs/heads/main/openapi/github-repo-dependabot-api-openapi.yml
    type: openapi
  - name: opsgenieAlert
    url: https://raw.githubusercontent.com/api-evangelist/opsgenie/refs/heads/main/openapi/opsgenie-alert-openapi.yml
    type: openapi
  - name: microsoftTeams
    url: https://raw.githubusercontent.com/api-evangelist/microsoft-teams/refs/heads/main/openapi/microsoft-teams-graph-api.yaml
    type: openapi
workflows:
  - workflowId: dependabot-to-opsgenie-to-teams
    summary: List a Dependabot alert, raise an Opsgenie alert, and announce in Teams.
    description: >-
      Retrieves Dependabot alerts for a repository, raises an Opsgenie alert for
      the top vulnerability, and posts a Microsoft Teams message about it.
    inputs:
      type: object
      properties:
        owner:
          type: string
        repo:
          type: string
        teamId:
          type: string
        channelId:
          type: string
    steps:
      - stepId: list-dependabot-alerts
        description: List Dependabot vulnerability alerts for the repository.
        operationId: $sourceDescriptions.githubDependabot.listDependabotAlertsForRepository
        successCriteria:
          - condition: $statusCode == 200
        outputs:
          advisorySummary: $response.body#/0/security_advisory/summary
          alertUrl: $response.body#/0/html_url
      - stepId: raise-opsgenie-alert
        description: Raise an Opsgenie alert for the Dependabot finding.
        operationId: $sourceDescriptions.opsgenieAlert.createAlert
        requestBody:
          contentType: application/json
          payload:
            message: $steps.list-dependabot-alerts.outputs.advisorySummary
            priority: P2
            tags:
              - dependabot
              - supply-chain
        successCriteria:
          - condition: $statusCode == 202
        outputs:
          requestId: $response.body#/requestId
      - stepId: announce-teams
        description: Announce the Dependabot alert in a Microsoft Teams channel.
        operationId: $sourceDescriptions.microsoftTeams.sendChannelMessage
        requestBody:
          contentType: application/json
          payload:
            body:
              contentType: html
              content: $steps.list-dependabot-alerts.outputs.alertUrl
        successCriteria:
          - condition: $statusCode == 201
        outputs:
          messageId: $response.body#/id
    outputs:
      advisorySummary: $steps.list-dependabot-alerts.outputs.advisorySummary
      requestId: $steps.raise-opsgenie-alert.outputs.requestId
      messageId: $steps.announce-teams.outputs.messageId