Create Jira Issue from Dependabot Alert
This self-service action shows how to create a Jira issue from a dependabot alert that links the issue to a service in Port.
Use cases
- Automatically create Jira issues from Dependabot alerts.
- Add detailed metadata to Jira issues from Dependabot alerts.
Prerequisites
-
Port's GitHub app needs to be installed
-
Jira API token with permissions to create new issues
-
In your GitHub repository, go to Settings > Secrets and add the following secrets:
- JIRA_API_TOKEN - Jira API token generated by the user
- JIRA_BASE_URL - The URL of your Jira organization
- JIRA_USER_EMAIL - The email of the Jira user that owns the Jira API token
- PORT_CLIENT_ID - Your port [client id](How to get the credentials)
- PORT_CLIENT_SECRET - Your port [client secret](How to get the credentials)
-
Optional - Install Port's Jira integration learn more
Jira integration
This step is not required for this example, but it will create all the blueprint boilerplate for you, and also update the catalog in real time with the new issue created.
- In case you decided not to install the Jira integration, you will need to create a blueprint for the Jira Project in Port.
Jira Project Blueprint (Click to expand)
{
"identifier": "jiraProject",
"description": "A Jira project",
"title": "Jira Project",
"icon": "Jira",
"schema": {
"properties": {
"url": {
"title": "Project URL",
"type": "string",
"format": "url",
"description": "URL to the project in Jira"
},
"totalIssues": {
"title": "Total Issues",
"type": "number",
"description": "The total number of issues in the project"
}
},
"required": []
},
"mirrorProperties": {},
"calculationProperties": {},
"aggregationProperties": {},
"relations": {}
}
- You have finished the onboarding process and created a
Serviceblueprint from the onboarding steps. You can alternatively create theServiceblueprint in Port using the schema below:
Service Blueprint (Click to expand)
{
"identifier": "service",
"title": "Service",
"icon": "Github",
"schema": {
"properties": {
"readme": {
"title": "README",
"type": "string",
"format": "markdown",
"icon": "Book"
},
"url": {
"title": "URL",
"format": "url",
"type": "string",
"icon": "Link"
},
"language": {
"icon": "Git",
"type": "string",
"title": "Language",
"enum": [
"GO",
"Python",
"Node",
"React"
],
"enumColors": {
"GO": "red",
"Python": "green",
"Node": "blue",
"React": "yellow"
}
},
"slack": {
"icon": "Slack",
"type": "string",
"title": "Slack",
"format": "url"
},
"code_owners": {
"title": "Code owners",
"description": "This service's code owners",
"type": "string",
"icon": "TwoUsers"
},
"type": {
"title": "Type",
"description": "This service's type",
"type": "string",
"enum": [
"Backend",
"Frontend",
"Library"
],
"enumColors": {
"Backend": "purple",
"Frontend": "pink",
"Library": "green"
},
"icon": "DefaultProperty"
},
"lifecycle": {
"title": "Lifecycle",
"type": "string",
"enum": [
"Production",
"Experimental",
"Deprecated"
],
"enumColors": {
"Production": "green",
"Experimental": "yellow",
"Deprecated": "red"
},
"icon": "DefaultProperty"
},
"locked_in_prod": {
"icon": "DefaultProperty",
"title": "Locked in Prod",
"type": "boolean",
"default": false
},
"locked_reason_prod": {
"icon": "DefaultProperty",
"title": "Locked Reason Prod",
"type": "string"
}
},
"required": []
},
"mirrorProperties": {},
"calculationProperties": {},
"aggregationProperties": {},
"relations": {}
}
Mapping Dependabot Alerts to Service Blueprint
To effectively manage your Dependabot alerts, map them to your service blueprint in Port. This allows you to categorize and link alerts to the appropriate services within your catalog, enhancing visibility and traceability.
Follow this resource mapping guide for detailed steps on how to map Dependabot alerts.
- Create the Dependabot Alert blueprint using this schema if you don't have it created already:
Dependabot Blueprint (Click to expand)
{
"identifier": "githubDependabotAlert",
"title": "Dependabot Alert",
"icon": "Github",
"schema": {
"properties": {
"severity": {
"icon": "DefaultProperty",
"title": "Severity",
"type": "string",
"enum": [
"low",
"medium",
"high",
"critical"
],
"enumColors": {
"low": "green",
"medium": "orange",
"high": "red",
"critical": "red"
}
},
"state": {
"title": "State",
"type": "string",
"enum": [
"auto_dismissed",
"dismissed",
"fixed",
"open"
],
"enumColors": {
"auto_dismissed": "green",
"dismissed": "green",
"fixed": "green",
"open": "red"
},
"icon": "DefaultProperty"
},
"packageName": {
"icon": "DefaultProperty",
"title": "Package Name",
"type": "string"
},
"packageEcosystem": {
"title": "Package Ecosystem",
"type": "string"
},
"manifestPath": {
"title": "Manifest Path",
"type": "string"
},
"scope": {
"title": "Scope",
"type": "string"
},
"ghsaID": {
"title": "GHSA ID",
"type": "string"
},
"cveID": {
"title": "CVE ID",
"type": "string"
},
"url": {
"title": "URL",
"type": "string",
"format": "url"
},
"references": {
"icon": "Vulnerability",
"title": "References",
"type": "array",
"items": {
"type": "string",
"format": "url"
}
}
},
"required": []
},
"mirrorProperties": {},
"calculationProperties": {},
"aggregationProperties": {},
"relations": {
"jira_issue": {
"title": "JIRA Issue",
"target": "jiraIssue",
"required": false,
"many": false
},
"service": {
"title": "Service",
"target": "service",
"required": false,
"many": false
}
}
}
GitHub Workflow
Create the file create-jira-issue-from-dependabot.yml in the .github/workflows folder of your repository and copy the content of the workflow configuration below:
Dedicated repository
We recommend creating a dedicated repository for the workflows that are used by Port actions.
Create Jira Issue from dependabot alert workflow (Click to expand)
name: Create Jira Issue from Dependabot Alert
on:
workflow_dispatch:
inputs:
project:
required: true
type: string
type:
required: true
type: string
port_context:
required: true
type: string
jobs:
create-jira-issue:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Login to Jira
uses: atlassian/gajira-login@v3
env:
JIRA_BASE_URL: ${{ secrets.JIRA_BASE_URL }}
JIRA_USER_EMAIL: ${{ secrets.JIRA_USER_EMAIL }}
JIRA_API_TOKEN: ${{ secrets.JIRA_API_TOKEN }}
- name: Inform starting of Jira issue creation
uses: port-labs/port-github-action@v1
with:
clientId: ${{ secrets.PORT_CLIENT_ID }}
clientSecret: ${{ secrets.PORT_CLIENT_SECRET }}
operation: PATCH_RUN
runId: ${{ fromJson(inputs.port_context).run_id }}
logMessage: "Creating a new Jira issue from Dependabot alert... ⛴️"
- name: Create Jira issue
id: create_jira
uses: atlassian/gajira-create@v3
with:
project: ${{ inputs.project }}
issuetype: ${{ inputs.type }}
summary: "Dependabot Alert: ${{ fromJson(inputs.port_context).entity.title }}"
description: |
**Severity**: ${{ fromJson(inputs.port_context).entity.properties.severity }}
**State**: ${{ fromJson(inputs.port_context).entity.properties.state }}
**Package Name**: ${{ fromJson(inputs.port_context).entity.properties.packageName }}
**Package Ecosystem**: ${{ fromJson(inputs.port_context).entity.properties.packageEcosystem }}
**Manifest Path**: ${{ fromJson(inputs.port_context).entity.properties.manifestPath }}
**Scope**: ${{ fromJson(inputs.port_context).entity.properties.scope }}
**GHSA ID**: ${{ fromJson(inputs.port_context).entity.properties.ghsaID }}
**CVE ID**: ${{ fromJson(inputs.port_context).entity.properties.cveID }}
**URL**: ${{ fromJson(inputs.port_context).entity.properties.url }}
fields: |
{
"labels": ["port-${{ fromJson(inputs.port_context).entity.identifier }}"]
}
- name: Inform creation of Jira issue
uses: port-labs/port-github-action@v1
with:
clientId: ${{ secrets.PORT_CLIENT_ID }}
clientSecret: ${{ secrets.PORT_CLIENT_SECRET }}
operation: PATCH_RUN
link: ${{ secrets.JIRA_BASE_URL }}/browse/${{ steps.create_jira.outputs.issue }}
runId: ${{ fromJson(inputs.port_context).run_id }}
logMessage: |
Jira issue created! ✅
The issue ID is: ${{ steps.create_jira.outputs.issue }}
Port Configuration
On the self-service page, create the Port action against the Dependabot Alert blueprint. This will trigger the GitHub workflow.
Create Jira Issue from Dependabot Alert (Click to expand)
Modification Required
Make sure to replace <GITHUB_ORG> and <GITHUB_REPO> with your GitHub organization and repository names respectively
{
"identifier": "create_jira_issue_from_dependabot",
"title": "Create Jira Issue from Dependabot",
"icon": "Jira",
"description": "Creates a Jira issue from dependabot.",
"trigger": {
"type": "self-service",
"operation": "DAY-2",
"userInputs": {
"properties": {
"project": {
"title": "Project",
"description": "The issue will be created on this project",
"icon": "Jira",
"type": "string",
"blueprint": "jiraProject",
"format": "entity"
},
"type": {
"title": "Type",
"description": "Issue type",
"icon": "Jira",
"type": "string",
"default": "Task",
"enum": [
"Task",
"Story",
"Bug",
"Epic"
],
"enumColors": {
"Task": "blue",
"Story": "green",
"Bug": "red",
"Epic": "pink"
}
}
},
"required": [
"type",
"project"
]
},
"blueprintIdentifier": "githubDependabotAlert"
},
"invocationMethod": {
"type": "GITHUB",
"org": "<GITHUB_ORG>",
"repo": "<GITHUB_REPO>",
"workflow": "create-jira-issue-from-dependabot.yml",
"workflowInputs": {
"type": "{{.inputs.\"type\"}}",
"project": "{{.inputs.\"project\" | if type == \"array\" then map(.identifier) else .identifier end}}",
"port_context": {
"entity": "{{.entity}}",
"run_id": "{{.run.id}}"
}
},
"reportWorkflowStatus": true
},
"requiredApproval": false,
"publish": true
}
Let's test it
- Head to the Self Service hub
- Click on
Executeon theCreate Jira Issue from Dependabotaction - Select the dependabot alert
- Select the project
- Select the task type
- Click on
Execute - Done! wait for the issue to be created in Jira
Congrats 🎉 You've created your first Jira issue from a Dependabot alert!