Trellaction is a Github Action workflow used to automatically create Github issues for Github security alerts. Those issues are then copied as Trello cards onto a designated Trello board in a designated column.
In order to use this workflow, you will require a few things:
- A GitHub repo with Dependabot alerts, CodeQL code security scanning, and secrets scanning enabled
- A GitHub personal access token with full repo and workflow access
- A Trello board to accept the Trello cards
- A Trello integration to allow access to your Trello board including API keys and tokens
This readme will walk you through setting up those requirements.
Your board ID is an alphanumeric set of characters in the URL of your board listed after "https://trello.com/b/" and before the board name. For example, in the URL "https://trello.com/b/5OsOTUuY/api-testing", the board ID would be "5OsOTUuY".
- Go to https://trello.com/power-ups/admin in your web browser
- Click the "New" button at the top right
- Fill in the appropriate details with the desired workspace then click "Create" at the bottom right
- Click "Generate a new API key" button in the ceneter of the screen
- Click "Generate API key" after reviewing the information on the resulting popup
- Copy the API key and secret from this page
- On your local machine, ensure Python is installed
- Open a terminal and install the "py-trello" pip package
- Run
export TRELLO_API_KEY=<your api key> && export TRELLO_API_SECRET=<your api secret> && export TRELLO_EXPIRATION=<desired expiration in days> && python3 -m trello oauth
- Follow the link provided by the command in your web browser and click "Allow"
- Copy the PIN you receive
- Back in your terminal, type
y
in response to "Have you authorized me?" - Paste the PIN you copied from your web browser
- Copy the oauth_token and oauth_token_secret provided in your terminal
For each of your GitHub repos, your will need to do the following:
Copy both the workflows scripts from https://github.com/niaid/trellaction-workflow/tree/main/sample-workflows into the .github/workflows folder of your repo. Make sure to set which column your cards will be created in using the "trello_list_index" value. The columns are indexed starting with 1 (first column = 1, second column = 2, etc.).
- In your Github repo, go to the "Settings" tab
- Under the Security section of the menu on the left, select "Code security and analysis"
- Click "Enable" on "Dependabot alerts"
- If CodeQL code security scanning or secret scanning is desired, click "Enable" on GitHub Advanced Security
- Click "Enable" for Secret scanning
- Click "Set up" for CodeQL analysis
- Select "Default" or "Advanced" for the desired level of configuration
- Click "Enable CodeQL" to set up code scanning
- Click on your profile picture at the top right
- Click on "Settings" on the dropdown
- Click on "Developer Settings" at the bottom on the menu on the left
- Click the "Personal access token" menu to drop down the options
- Click on "Tokens (classic)"
- Click "Generate new token" then "Generate new token (classic)"
- Follow MFA steps if required
- Give the token a name under the "Note" field
- Set an appropriate expiration for this token
- Click the checkboxes for "repo" and "workflow"
- Copy the token
- In your Github repo, go to the "Settings" tab
- Click "Secrets and varibles" on the menu on the left
- Click "Actions" from the resulting dropdown options
- Click "New repository secret" for each of the values from this table:
Secret Name | Description |
---|---|
REPO_TOKEN | Your Github personal access token |
TRELLO_API_KEY | Your API key for your Trello integration |
TRELLO_API_SECRET | Your API secret for your Trello integration |
TRELLO_BOARD_ID | Your trello board ID |
TRELLO_TOKEN | Your oauth token for your Trello integration |
TRELLO_TOKEN_SECRET | Your oauth token secret for your Trello integration |