Add Security & compliance group to GitHub webhook.

[getvictor]

Related issue: Resolves #33848

Summary by CodeRabbit

• New Features

  • Added support for the Security & Compliance project within the GitHub integration, enabling tracking and visibility alongside existing projects.

• Refactor

  • Streamlined project mapping logic to improve consistency when processing updates from GitHub; behavior for existing projects remains unchanged.

[getvictor]

@coderabbitai full review

[coderabbitai]

✅ Actions performed

Full review triggered.

[coderabbitai]

Walkthrough

Replaced switch-case mappings of projectNumber→projectName in the GitHub webhook controller with a reverse lookup from config. Added a new githubProjectsV2.projects entry for "security-compliance": 97 in config. Variable declarations adjusted to const and default projectName to empty string when no match.

Changes

Cohort / File(s)	Summary of modifications
Webhook controller logic website/api/controllers/webhooks/receive-from-github.js	Replaced hard-coded switch-case projectNumber→projectName mapping with Object.keys reverse lookup against config in both QA and release paths; declared projectName as const; default to empty string when no match.
Config: GitHub Projects v2 mapping website/config/custom.js	Added githubProjectsV2.projects entry security-compliance: 97; updated object syntax (trailing comma after software: 70).

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• Track SDLC metrics. #31409 — Adjusts GitHub Projects v2 item handling and depends on consistent projectNumber↔projectName mappings used by the webhook controller.

Suggested reviewers

• mikermcneil
• Sampfluger88
• sharon-fdm

Pre-merge checks and finishing touches

❌ Failed checks (2 warnings)

Check name	Status	Explanation	Resolution
Out of Scope Changes Check	⚠️ Warning	The pull request includes a refactor of the mapping logic from a manual switch-case to a dynamic reverse lookup, which is not requested by the linked issue and goes beyond the stated objective of simply adding the new security-compliance group.	Extract the mapping logic refactor into a separate pull request or revert it here so that this PR focuses solely on adding the security-compliance group mapping.
Description Check	⚠️ Warning	The pull request description only includes the related issue reference and omits the required checklist, testing instructions, database migration checks, and other sections from the repository’s template, leaving the description largely incomplete.	Please expand the description to include the full template sections such as the submitter checklist, testing steps, database migration validation, and any new configuration settings or remove sections that do not apply.

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title Check	✅ Passed	The title clearly describes the primary change of adding the new Security & compliance group to the GitHub webhook mapping and is concise and specific to the main update in the changeset.
Linked Issues Check	✅ Passed	The changes add the new security-compliance project mapping to the GitHub webhook controller, ensuring that events from the security & compliance team are recognized and reported in engineering metrics as specified in issue #33848.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch victor/33848-add-sec-to-github-webhook

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 0

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

website/api/controllers/webhooks/receive-from-github.js (1)

742-789: Update documentation to include security-compliance project.

The documentation comment lists the tracked projects but doesn't include the newly added security & compliance team.

Update the comment to reflect the current tracked projects:

  * Tracked projects:
  * - Orchestration
  * - MDM
  * - Software
+ * - Security & compliance
  *

🧹 Nitpick comments (1)

website/api/controllers/webhooks/receive-from-github.js (1)

1175-1178: Good refactor from hardcoded mapping to config-driven lookup.

The reverse lookup pattern eliminates hardcoded project number mappings and makes the config file the single source of truth. The use of const and the empty string fallback are appropriate.

Consider extracting the duplicate lookup logic (also at lines 1397-1400) into a helper function or computing it once at the start of the projects_v2_item handler:

+    // Determine project name by reverse lookup (used for both QA and release tracking)
+    const projectName = Object.keys(sails.config.custom.githubProjectsV2.projects).find(
+      key => sails.config.custom.githubProjectsV2.projects[key] === projectNumber
+    ) || '';
+
     // Handle "in progress" status changes
     if (isToInProgress) {

Then remove the duplicate lookup at lines 1175-1178 and 1397-1400, replacing both with just projectName.

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 9604e64 and c93a870.

📒 Files selected for processing (2)

• website/api/controllers/webhooks/receive-from-github.js (2 hunks)
• website/config/custom.js (1 hunks)

🔇 Additional comments (1)

website/config/custom.js (1)

419-420: Unable to verify security-compliance project number
The GitHub GraphQL query returned an error. Please manually confirm that project number 97 corresponds to the security & compliance team’s project in your organization’s Projects V2 list.