From cd055d9faa2bdd188eaa497809e1cad7289ec9de Mon Sep 17 00:00:00 2001
From: Arjan Topolovec <atopolovec@veza.com>
Date: Thu, 15 Jan 2026 16:25:14 +0100
Subject: [PATCH] Add severity to priority mapping support

Add support for mapping Dependabot severity levels (CRITICAL, HIGH,
MODERATE, LOW) to Jira priority values via environment variables:

- JIRA_PRIORITY_MAPPING: Comma-separated SEVERITY:Priority pairs
  Example: CRITICAL:P0,HIGH:P1,MODERATE:P2,LOW:P3
- JIRA_PRIORITY_DEFAULT: Fallback priority when severity not in mapping

This allows automatic prioritization of security tickets based on
vulnerability severity.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---
 README.md                  |  3 +++
 src/SecurityAlertIssue.php | 20 ++++++++++++++++++++
 2 files changed, 23 insertions(+)

diff --git a/README.md b/README.md
index 943dec4..deb849b 100644
--- a/README.md
+++ b/README.md
@@ -33,6 +33,8 @@ It has some required and some optional settings, which are passed to the action
 - `JIRA_RESTRICTED_COMMENT_ROLE`: A comment with restricted visibility
   to this role is posted with info about who was added as watchers to
   the issue. Defaults to `Developers`. (*Optional*)
+- `JIRA_PRIORITY_MAPPING`: Map Dependabot severity levels to Jira priorities. Format: `SEVERITY:Priority` pairs separated by commas. Severities are: `CRITICAL`, `HIGH`, `MODERATE`, `LOW`. Example: `CRITICAL:P0,HIGH:P1,MODERATE:P2,LOW:P3`. (*Optional*)
+- `JIRA_PRIORITY_DEFAULT`: Default Jira priority when severity is not found in the mapping. (*Optional*)
 
 Here is an example setup which runs this action every 6 hours.
 
@@ -57,6 +59,7 @@ jobs:
           JIRA_PROJECT: ABC
           JIRA_ISSUE_TYPE: Security
           JIRA_WATCHERS: someuser@reload.dk,someotheruser@reload.dk
+          JIRA_PRIORITY_MAPPING: "CRITICAL:P0,HIGH:P1,MODERATE:P2,LOW:P3"
 ```
 
 ## Local development
diff --git a/src/SecurityAlertIssue.php b/src/SecurityAlertIssue.php
index 98e8813..36f5365 100644
--- a/src/SecurityAlertIssue.php
+++ b/src/SecurityAlertIssue.php
@@ -144,6 +144,26 @@ public function __construct(array $data)
                 $this->setComponent(\trim($defaultComponent));
             }
         }
+
+        $priorityMapping = \getenv('JIRA_PRIORITY_MAPPING');
+
+        if ($priorityMapping) {
+            $mappings = [];
+
+            foreach (\explode(',', $priorityMapping) as $mapping) {
+                $parts = \explode(':', $mapping, 2);
+
+                if (\count($parts) === 2) {
+                    $mappings[\trim($parts[0])] = \trim($parts[1]);
+                }
+            }
+
+            if (isset($mappings[$this->severity])) {
+                $this->priority = $mappings[$this->severity];
+            } elseif ($defaultPriority = \getenv('JIRA_PRIORITY_DEFAULT')) {
+                $this->priority = \trim($defaultPriority);
+            }
+        }
     }
 
     /**