From 1b20e73889004f1295d9c2c265ddb17f5b332392 Mon Sep 17 00:00:00 2001 From: rishav-karanjit Date: Thu, 8 Jan 2026 16:37:08 -0800 Subject: [PATCH 1/5] m --- .github/workflows/ci-workflow.yml | 14 ++++++++++++++ .github/workflows/issue-notification.yml | 23 +++++++++++++++++++++++ 2 files changed, 37 insertions(+) create mode 100644 .github/workflows/issue-notification.yml diff --git a/.github/workflows/ci-workflow.yml b/.github/workflows/ci-workflow.yml index a5ca71cd5..9a277f150 100644 --- a/.github/workflows/ci-workflow.yml +++ b/.github/workflows/ci-workflow.yml @@ -29,3 +29,17 @@ jobs: with: version: 17 distribution: corretto + + notify: + needs: + [ + Static_Analysis, + Build, + Examples, + ] + if: ${{ failure() }} + uses: aws/aws-cryptographic-material-providers-library/.github/workflows/slack-notification.yml@main + with: + message: "Daily CI failed on `${{ github.repository }}`. View run: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" + secrets: + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL_CI }} diff --git a/.github/workflows/issue-notification.yml b/.github/workflows/issue-notification.yml new file mode 100644 index 000000000..6674b9616 --- /dev/null +++ b/.github/workflows/issue-notification.yml @@ -0,0 +1,23 @@ +name: Issue Created Notification +on: + issues: + types: [opened, reopened] + issue_comment: + types: [created] + +jobs: + notify-issue: + if: github.event_name == 'issues' + uses: aws/aws-cryptographic-material-providers-library/.github/workflows/slack-notification.yml@main + with: + message: "New github issue `${{ github.event.issue.title }}`. Link: ${{ github.event.issue.html_url }}" + secrets: + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL_GHI }} + + notify-comment: + if: github.event_name == 'issue_comment' && !github.event.issue.pull_request + uses: aws/aws-cryptographic-material-providers-library/.github/workflows/slack-notification.yml@main + with: + message: "New comment on issue `${{ github.event.issue.title }}`. Link: ${{ github.event.comment.html_url }}" + secrets: + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL_GHI }} \ No newline at end of file From 9edeab4a013d23042cf15b8e6608302742595572 Mon Sep 17 00:00:00 2001 From: rishav-karanjit Date: Thu, 8 Jan 2026 16:41:12 -0800 Subject: [PATCH 2/5] m --- .github/workflows/ci-workflow.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci-workflow.yml b/.github/workflows/ci-workflow.yml index 9a277f150..a3e2ec0d2 100644 --- a/.github/workflows/ci-workflow.yml +++ b/.github/workflows/ci-workflow.yml @@ -37,7 +37,7 @@ jobs: Build, Examples, ] - if: ${{ failure() }} + if: ${{ failure() && github.event_name == 'schedule' }} uses: aws/aws-cryptographic-material-providers-library/.github/workflows/slack-notification.yml@main with: message: "Daily CI failed on `${{ github.repository }}`. View run: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" From 11d643e403597b69a855400bbb249da3b750fc57 Mon Sep 17 00:00:00 2001 From: Rishav karanjit Date: Fri, 9 Jan 2026 09:48:23 -0800 Subject: [PATCH 3/5] Potential fix for code scanning alert no. 8: Workflow does not contain permissions Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> --- .github/workflows/ci-workflow.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/ci-workflow.yml b/.github/workflows/ci-workflow.yml index a3e2ec0d2..6536ab01b 100644 --- a/.github/workflows/ci-workflow.yml +++ b/.github/workflows/ci-workflow.yml @@ -1,5 +1,8 @@ name: Continuous Integration Workflow +permissions: + contents: read + on: pull_request: push: From f75c945340bdc620d80e9a82736049ba8223e71e Mon Sep 17 00:00:00 2001 From: Rishav karanjit Date: Fri, 9 Jan 2026 09:48:40 -0800 Subject: [PATCH 4/5] Potential fix for code scanning alert no. 6: Workflow does not contain permissions Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> --- .github/workflows/issue-notification.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/issue-notification.yml b/.github/workflows/issue-notification.yml index 6674b9616..4be8d1dcd 100644 --- a/.github/workflows/issue-notification.yml +++ b/.github/workflows/issue-notification.yml @@ -1,4 +1,6 @@ name: Issue Created Notification +permissions: + contents: read on: issues: types: [opened, reopened] From 3627636e51f737951afc21d9ffa5448287c01362 Mon Sep 17 00:00:00 2001 From: Rishav karanjit Date: Fri, 9 Jan 2026 09:52:36 -0800 Subject: [PATCH 5/5] Add id-token permission to CI workflow --- .github/workflows/ci-workflow.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/ci-workflow.yml b/.github/workflows/ci-workflow.yml index 6536ab01b..a74cdb8cc 100644 --- a/.github/workflows/ci-workflow.yml +++ b/.github/workflows/ci-workflow.yml @@ -2,6 +2,7 @@ name: Continuous Integration Workflow permissions: contents: read + id-token: write on: pull_request: