Security News
How Threat Actors are Abusing GitHub’s File Upload Feature to Host Malware
GitHub is susceptible to a CDN flaw that allows attackers to host malware on any public repository.
pb-hubot-pe
Advanced tools
This script allows you to integrate a hosted Pandorabot with Hubot, for deployment on Heroku and Slack. The script listens for all inputs directed at Hubot (via `Hubot.respond()`), and forwards them to the Pandorabots API.
Readme
This script allows you to integrate a hosted Pandorabot with Hubot, for deployment on Heroku and Slack. The script listens for all inputs directed at Hubot (via Hubot.respond()
), and forwards them to the Pandorabots API.
Install Yeoman globally on your machine, along with the Hubot generator for Yeoman:
$ npm install -g yo generator-hubot
Create a new directory for your Hubot, and run the generator with yo
:
$ mkdir myhubot
$ cd myhubot
myhubot$ yo hubot
Complete the initialization prompts. Make sure to select slack
as your Bot adapter:
? Owner: your-name <your-name@your-domain.com>
? Bot name: myhubot
? Description: A simple helpful robot for your Company
? Bot adapter: (campfire) slack
? Bot adapter: slack
Install the pb-hubot
module to your Hubot project:
myhubot$ npm install pb-hubot --save
Add pb-hubot
to external-scripts.json
:
[
"pb-hubot",
...
]
Note: You may add another Hubot scripts with same manner here.
Create a new git repository in your Hubot directory:
myhubot$ git init
myhubot$ git add .
myhubot$ git commit -m “Initial commit”
Create a new Heroku applicaiton:
myhubot$ heroku create
Creating mystic-meadow-229... done, stack is cedar-XX
...
Configure the redistogo
add-on. Hubot requires a Redis server for persistent memory. The nano
plan is free:
myhubot$ heroku addons:add redistogo:nano
Set Heroku environment variables for Pandorabots (app_id
, user_key
, botname
):
myhubot$ heroku config:set app_id=140XXXXXXXXXX
myhubot$ heroku config:set user_key=e64XXXXXXXXXXXXXXXXXXXXXXXXXXX
myhubot$ heroku config:set botname=mypandorabot
Set Heroku environment variable for Slack API token. To obtain this, log in to Slack, and go to the Integrations page. Here, you can add the Hubot integration, and retrieve the token:
myhubot$ heroku config:set HUBOT_SLACK_TOKEN=xoxb-1234567890-XXXXXXXXXXXXXXXXXXX
Add Heroku environment variable for Keep-Alive so as to prevent Hubot from sleeping.
myhubot$ heroku config:set HUBOT_HEROKU_KEEPALIVE_URL=https://your-heroku-app.herokuapp.com/
Note: You may add another Heroku environment variables with same manner here.
Deploy Hubot instance to Heroku App
myhubot$ git push heroku master
myhubot$ heroku ps:scale web=1
Note: You may need to do following instructions for local testing only.
Install Redis Server into local OS. Hubot requires Redis Server for its persistent memory.
(e.g. Debian based Linux)
$ sudo apt-get install redis-server
Add environment variables for Pandorabots into local OS. These must be identical to Heroku environment variables.
myhubot$ export app_id=140XXXXXXXXXX
myhubot$ export user_key=e64XXXXXXXXXXXXXXXXXXXXXXXXXXXXX
myhubot$ export botname=mypandorabot
Test your bot. You can talk with the Hubot bot locally by using shell adapter. Push enter key to show Hubot>
prompt, then say hubot pb
, followed by an input your Pandorabot will provide a response to:
myhubot$ bin/hubot
...
Hubot>
Hubot> hubot pb Hello
Hubot> Hi there!
FAQs
This script allows you to integrate a hosted Pandorabot with Hubot, for deployment on Heroku and Slack. The script listens for all inputs directed at Hubot (via `Hubot.respond()`), and forwards them to the Pandorabots API.
The npm package pb-hubot-pe receives a total of 3 weekly downloads. As such, pb-hubot-pe popularity was classified as not popular.
We found that pb-hubot-pe demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
GitHub is susceptible to a CDN flaw that allows attackers to host malware on any public repository.
Security News
At Node Congress, Socket CEO Feross Aboukhadijeh uncovers the darker aspects of open source, where applications that rely heavily on third-party dependencies can be exploited in supply chain attacks.
Research
Security News
The Socket Research team found this npm package includes code for collecting sensitive developer information, including your operating system username, Git username, and Git email.