Skip to content

Usage

This guide explains how to use the DependAssist script to automate the creation and management of JIRA tickets based on Dependabot alerts from GitHub repositories.

Prerequisites

Before using the script, ensure you have completed the following:

  1. Configured the my.json file: This file contains all necessary configurations. Refer to the Advanced Configuration for details.
  2. Set up sensitive tokens: Store your JIRA and GitHub API tokens securely. Refer to the Sensitive Tokens guide.

Running the Script

To run the DependAssist script, follow these steps:

Step 1: Create a .env File

Create a .env file in the DependAssist directory and add your credentials:

JIRA_APIKEY=your_jira_api_key_here
JIRA_USERNAME=your_jira_username_here
GITHUB_TOKEN=your_github_token_here

Step 2: Create a repos.txt File

Create a repos.txt file in the DependAssist directory and list all GitHub repositories to be processed, one per line:

repo1
repo2
repo3

Step 3: Create a team_mapping.json File

Create a team_mapping.json file in the DependAssist directory to map repositories to JIRA team IDs. This file supports both single and multiple team IDs:

{
  "repo1": "10050",
  "repo2": ["10051", "10052"],
  "repo3": "10053",
  "repo4": ["10054", "10055"]
}

Step 4: Install Dependencies

Ensure all necessary dependencies are installed. It is recommended to use a virtual environment:

python3 -m venv venv
source venv/bin/activate  # On Windows use `venv\Scripts\activate`
pip install -r requirements.txt

Step 5: Run the Script

Run the script with the appropriate configuration file:

python main.py --config my.json

Script Flow

  1. Load Configuration: The script loads the my.json configuration file and the .env file for credentials.
  2. Fetch Alerts: It fetches Dependabot alerts for each repository listed in repos.txt.
  3. Check for Existing Tickets: The script checks JIRA for existing tickets to avoid duplicates.
  4. Create New Tickets: If no existing ticket is found, it creates a new JIRA ticket with the relevant details.
  5. Process Tickets: Based on the process_jira_tickets flag, it processes the tickets, adds comments, moves them through workflow states, and dismisses alerts if configured.

For detailed workflow please refer to Detailed information