Sysdig Secure Runtime Event to GitHub Issue and Slack

arazzo: 1.0.1
info:
  title: Sysdig Secure Runtime Event to GitHub Issue and Slack
  summary: Pull a Sysdig Secure runtime event, open a GitHub issue, and notify Slack.
  description: >-
    A runtime security workflow that retrieves Sysdig Secure runtime detection events, opens
    a GitHub issue to track the incident, and posts a notification to a Slack channel so the
    security team responds quickly. Demonstrates fanning a single runtime detection out to a
    code host and a chat platform in one Arazzo workflow.
  version: 1.0.0
sourceDescriptions:
  - name: sysdigSecureApi
    url: https://raw.githubusercontent.com/api-evangelist/sysdig/refs/heads/main/openapi/sysdig-secure-openapi.yml
    type: openapi
  - name: githubRepoIssuesApi
    url: https://raw.githubusercontent.com/api-evangelist/github/refs/heads/main/openapi/github-repo-issues-api-openapi.yml
    type: openapi
  - name: slackChatApi
    url: https://raw.githubusercontent.com/api-evangelist/slack/refs/heads/main/openapi/slack-chat-openapi.yml
    type: openapi
workflows:
  - workflowId: runtime-event-multi-notify
    summary: Get a Sysdig runtime event, open a GitHub issue, and notify Slack.
    description: >-
      Retrieves Sysdig Secure runtime detection events, creates a GitHub issue to track the
      incident, and posts a Slack notification.
    inputs:
      type: object
      properties:
        owner:
          type: string
        repo:
          type: string
        slackChannel:
          type: string
    steps:
      - stepId: list-events
        description: Retrieve Sysdig Secure runtime detection events.
        operationId: $sourceDescriptions.sysdigSecureApi.listSecureEvents
        successCriteria:
          - condition: $statusCode == 200
        outputs:
          eventTotal: $response.body#/total
          events: $response.body#/data
      - stepId: open-issue
        description: Open a GitHub issue to track the runtime detection.
        operationId: $sourceDescriptions.githubRepoIssuesApi.createAnIssue
        parameters:
          - name: owner
            in: path
            value: $inputs.owner
          - name: repo
            in: path
            value: $inputs.repo
        requestBody:
          contentType: application/json
          payload:
            title: Sysdig Secure runtime detection event
            body: A Sysdig Secure runtime event was detected and requires investigation.
            labels:
              - security
              - runtime
        successCriteria:
          - condition: $statusCode == 201
        outputs:
          issueNumber: $response.body#/number
          issueUrl: $response.body#/html_url
      - stepId: notify-slack
        description: Post a Slack notification linking the runtime event to its tracking issue.
        operationId: $sourceDescriptions.slackChatApi.postChatPostmessage
        requestBody:
          contentType: application/x-www-form-urlencoded
          payload:
            channel: $inputs.slackChannel
            text: Sysdig Secure runtime detection logged and tracked in GitHub.
        successCriteria:
          - condition: $statusCode == 200
        outputs:
          messageTs: $response.body#/ts
    outputs:
      eventTotal: $steps.list-events.outputs.eventTotal
      issueUrl: $steps.open-issue.outputs.issueUrl
      messageTs: $steps.notify-slack.outputs.messageTs