Skip to content

Migrate slack notifications to composite action#87

Merged
kernelsam merged 3 commits intomainfrom
skern-slack-composite-action
Apr 10, 2026
Merged

Migrate slack notifications to composite action#87
kernelsam merged 3 commits intomainfrom
skern-slack-composite-action

Conversation

@kernelsam
Copy link
Copy Markdown
Contributor

@kernelsam kernelsam commented Apr 10, 2026

Summary

  • Replace standalone slack-notification jobs with inline composite action step from senzing-factory/build-resources/slack-failure-notification@v4
  • Pass SLACK_BOT_TOKEN and SLACK_CHANNEL secrets to reusable workflows (add-labels-to-issue, add-to-project, add-to-project-dependabot) that now handle notifications internally
  • Add concurrency groups where missing (skip tag-only and project management workflows)
  • Remove unused outputs: status from jobs that only existed for the old notification pattern
  • Use sdk-versions composite action instead of hardcoded version lists (code-snippets-v4 only)

Test plan

  • Verify add-labels and add-to-project workflows still function on issue creation
  • Verify build/test workflows notify on failure
  • Verify concurrency cancels in-progress runs on new pushes

@kernelsam
Migrate slack notifications to composite action
ed8a7e6 
- Replace standalone slack-notification jobs with inline composite action step
- Pass SLACK_BOT_TOKEN and SLACK_CHANNEL to reusable workflows that now handle notifications internally
- Add concurrency groups to workflows missing them (skip tag-only and project management workflows)
- Remove unused job outputs (status) that were only needed for the old notification pattern
- Use sdk-versions composite action instead of hardcoded version lists (code-snippets-v4)
@kernelsam kernelsam self-assigned this Apr 10, 2026
@kernelsam kernelsam requested a review from a team as a code owner April 10, 2026 19:36
@kernelsam kernelsam enabled auto-merge (squash) April 10, 2026 19:36
@github-actions
Copy link
Copy Markdown

github-actions bot commented Apr 10, 2026

🤖 Claude Code Review

PR Code Review

This PR migrates Slack failure notifications from separate reusable-workflow jobs into either the called reusable workflow's secrets (for project/label workflows) or a composite action step (for pylint).

Code Quality

✅ No commented-out code

✅ No hardcoded credentials or sensitive data

✅ DRY principle — improved. Removing the separate slack-notification job pattern from each workflow reduces boilerplate.

❌ Defect — Multiple Slack notifications per failure in pylint.yaml (line 48-54)

The Notify Slack on failure step is inside a matrix job (python-version: ["3.10", "3.11", "3.12", "3.13"]). When any matrix leg fails, this step will fire once per matrix combination that fails, sending up to 4 Slack messages for a single workflow failure. The previous architecture used a separate slack-notification job with needs: [pylint], which would coalesce all matrix results before sending a single notification.

To preserve single-notification behavior, the Slack step should remain a separate job with needs: [pylint], or the step should add a matrix-scoping condition (e.g., matrix.python-version == '3.12').

⚠️ secrets-outside-env zizmor suppression (zizmor.yaml line 6-8)

The suppression is necessary because composite actions require secrets passed as with: inputs rather than env vars. The risk is acceptable given senzing-factory/build-resources is a first-party repo. However, the suppression could be scoped more narrowly — the current config ignores the entire pylint.yaml file, while the rule only applies to the new Slack step. This is a minor style concern, not a blocker.

✅ Workflow restructuring for add-labels-standardized.yaml, add-to-project-senzing.yaml, add-to-project-senzing-dependabot.yaml — Secrets correctly moved inline; the called reusable workflows at @v4 are expected to handle notifications internally. Pattern is consistent across all three files.

Testing

✅ No application logic changed — CI workflow changes only; unit/integration test requirements do not apply.

Documentation

✅ No README or API doc changes required for CI workflow restructuring.

✅ CHANGELOG — No application behavior changes; CI-only change does not require a CHANGELOG entry.

Security

✅ No hardcoded credentials

✅ No license files (.lic) or AQAAAD-prefixed strings

⚠️ secrets-outside-env suppression — noted above; acceptable risk.

Summary

Severity Issue Location
Bug Matrix job causes up to 4 Slack notifications per failure pylint.yaml:48-54
Minor secrets-outside-env suppression covers entire file vs. the one step that needs it zizmor.yaml:6-8

The matrix duplication issue is the only functional defect. Everything else is a clean migration.

Automated code review analyzing defects and coding standards

@github-actions
Copy link
Copy Markdown

github-actions bot commented Apr 10, 2026

Super-linter summary

Language Validation result
CHECKOV Pass ✅
GITHUB_ACTIONS Pass ✅
GITHUB_ACTIONS_ZIZMOR Pass ✅
GITLEAKS Pass ✅
GIT_MERGE_CONFLICT_MARKERS Pass ✅
JSCPD Pass ✅
PRE_COMMIT Pass ✅
SPELL_CODESPELL Pass ✅
TRIVY Pass ✅
YAML Pass ✅
YAML_PRETTIER Pass ✅

All files and directories linted successfully

For more information, see the GitHub Actions workflow run

Powered by Super-linter

@kernelsam kernelsam merged commit 9ef7c52 into main Apr 10, 2026
25 checks passed
@kernelsam kernelsam deleted the skern-slack-composite-action branch April 10, 2026 20:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@docktermj docktermj docktermj approved these changes

Assignees

@kernelsam kernelsam

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@kernelsam @docktermj