Skip to content

standardize workflows for build-resources v4#221

Merged
docktermj merged 1 commit intomainfrom
skern-workflow-standardize
Feb 17, 2026
Merged

standardize workflows for build-resources v4#221
docktermj merged 1 commit intomainfrom
skern-workflow-standardize

Conversation

@kernelsam
Copy link
Contributor

@kernelsam kernelsam commented Feb 16, 2026

Summary

  • Rename reusable workflow secret keys for build-resources v4
  • Replace .outputs.job-status with .result
  • Add SLACK_CHANNEL secret to slack notification callers
  • Bump all build-resources workflow refs to @v4
  • Standardize dependabot config (cooldown, groups, assignees)
  • Add kernelsam and cooldown to cspell dictionary

@kernelsam kernelsam requested review from a team as code owners February 16, 2026 22:06
@kernelsam kernelsam self-assigned this Feb 16, 2026
@github-actions
Copy link

github-actions bot commented Feb 16, 2026

🤖 Claude Code Review

I'll analyze this pull request diff against the review checklist.

Code Review

Code Quality

Code follows style guide - The changes are primarily configuration files (YAML and JSON) which follow appropriate formatting standards.

No commented-out code - Clean removal of comments in .github/dependabot.yml:1-2

Meaningful variable names - All variable and parameter names are clear and descriptive (e.g., default-days, PROJECT_RW_TOKEN, SLACK_CHANNEL)

DRY principle followed - The standardization of secret names across workflows promotes consistency

No defects identified - The changes are logical and consistent:

  • Proper migration from outputs.job-status to result pattern
  • Consistent secret name standardization
  • Valid YAML syntax
  • Appropriate dependabot configuration

Project memory - No .claude/CLAUDE.md file appears to exist in this repository based on the diff context

Testing

⚠️ Testing considerations - While these are workflow configuration changes that don't require traditional unit tests, they should be validated:

  • Workflow files should be tested to ensure they execute successfully
  • The lint-workflows.yaml job should validate the syntax
  • Manual verification recommended for the first execution after merge

Documentation

README updated if needed - Not applicable; these are internal CI/CD configuration changes that don't affect user-facing documentation

CHANGELOG.md updated - Not visible in this diff. The CHANGELOG should document this workflow standardization update.

⚠️ Inline comments - .github/dependabot.yml:1-2 - Removed helpful documentation comments. While cleaner, the removed comment provided useful reference to GitHub's documentation.

Markdown files formatting - Not applicable to this PR

Security

No hardcoded credentials - All sensitive values properly use GitHub secrets

Input validation - Not applicable for workflow configuration files

Proper error handling - Workflow jobs have proper failure notifications via slack-notification jobs

No sensitive data in logs - All sensitive values are properly abstracted through secrets

No license files (.lic) or AQAAAD strings - None detected

Summary of Changes

This PR standardizes GitHub Actions workflows to align with senzing-factory/build-resources@v4:

Positive changes:

  1. Standardizes secret names for better consistency across workflows
  2. Adds missing SLACK_CHANNEL secret references
  3. Fixes job status checks by using result instead of outputs.job-status
  4. Enhances dependabot configuration with cooldown periods, assignees, and grouping
  5. Alphabetizes cspell dictionary for better maintainability

Minor concerns:

  1. .github/dependabot.yml:1-2 - Removed documentation comment that referenced GitHub's configuration docs
  2. CHANGELOG.md should be updated to document these workflow changes
  3. New dependabot configuration should be validated (cooldown periods, assignees, grouping behavior)

Recommendation

✅ APPROVE with minor suggestions:

  1. Consider restoring the documentation comment in .github/dependabot.yml or adding a brief comment about the cooldown/grouping features
  2. Update CHANGELOG.md to document this workflow standardization
  3. Verify that the kernelsam assignee and the senzing-factory grouping work as expected after merge

The changes are well-structured and improve the consistency of the CI/CD pipeline configuration.

Automated code review analyzing defects and coding standards

@kernelsam kernelsam force-pushed the skern-workflow-standardize branch from ffc22ae to fb0d378 Compare February 16, 2026 22:31
@kernelsam kernelsam force-pushed the skern-workflow-standardize branch from fb0d378 to beccf21 Compare February 16, 2026 22:42
@github-actions
Copy link

github-actions bot commented Feb 16, 2026

🤖 Claude Code Review

Let me proceed with the code review based on the diff provided.

Code Review Results

Code Quality ✅

✅ Code follows style guide - The changes appear to follow YAML formatting standards with proper indentation and structure.

✅ No commented-out code - All changes are active code, no commented sections present.

✅ Meaningful variable names - All variable/key names are descriptive:

  • .github/dependabot.yml:2-23 - Clear configuration keys like cooldown, assignees, groups
  • Various workflow files use standard GitHub Actions naming conventions

✅ DRY principle followed - Standardization across workflow files reduces duplication by:

  • Centralizing secret names (e.g., PROJECT_RW_TOKEN, CODEOWNER_PR_RW_TOKEN, MEMBERS)
  • Using consistent patterns for job-status checks (.result instead of .outputs.job-status)

✅ No defects identified - The changes are configuration updates with proper syntax:

  • Dependabot cooldown configuration is valid
  • GitHub Actions workflow syntax is correct
  • Secret name changes are consistently applied

✅ Project memory - No .claude/CLAUDE.md file exists, so this criterion is N/A.

Testing ⚠️

❌ Unit tests for new functions - N/A for configuration files, but this warrants testing consideration.

⚠️ Integration tests for new endpoints - While these are workflow configuration changes, consider:

  • The cooldown feature in .github/dependabot.yml:7-10 should be verified to work as expected
  • The groups configuration in .github/dependabot.yml:11-14 for senzing-factory should be tested

⚠️ Edge cases covered - Consider testing:

  • What happens when cooldown.exclude patterns match/don't match
  • Behavior when SLACK_CHANNEL secret is missing

❌ Test coverage > 80% - N/A for configuration files

Documentation ✅

✅ Readme updated if needed - No README changes needed for workflow standardization.

⚠️ API docs updated - N/A, but workflow changes should be documented if there's a CONTRIBUTING.md or workflow documentation.

✅ Inline comments for complex logic - YAML configuration is self-documenting. Note: .github/dependabot.yml:1 correctly adds YAML frontmatter ---.

⚠️ CHANGELOG.md updated - Cannot verify if CHANGELOG.md exists or needs updating, but workflow standardization typically warrants a changelog entry.

✅ Markdown files follow CommonMark - No markdown files modified in this PR.

Security ✅

✅ No hardcoded credentials - All sensitive values properly use GitHub secrets:

  • .github/workflows/add-labels-standardized.yaml:16-17,24-25
  • .github/workflows/add-to-project-g2-python-dependabot.yaml:14,23-24
  • .github/workflows/add-to-project-g2-python.yaml:16,25-26
  • .github/workflows/dependabot-approve-and-merge.yaml:15
  • .github/workflows/move-pr-to-done-dependabot.yaml:15

✅ Input validation implemented - GitHub Actions validates workflow syntax at runtime.

✅ Proper error handling - Conditional checks properly use .result property:

  • .github/workflows/add-labels-standardized.yaml:22
  • .github/workflows/add-to-project-g2-python-dependabot.yaml:20
  • .github/workflows/add-to-project-g2-python.yaml:24

✅ No sensitive data in logs - All secrets properly referenced.

✅ No license files (.lic) or AQAAAD strings - Only workflow and cspell configuration changes.

Summary

Overall Assessment: ✅ APPROVED with minor recommendations

This PR successfully standardizes workflow configurations to use build-resources@v4. The changes are well-structured and consistent.

Key Improvements:

  1. Standardized secret names - Moves from repo-specific names to generic names (e.g., SENZING_GITHUB_PROJECT_RW_TOKENPROJECT_RW_TOKEN)
  2. Bug fix - Changes from .outputs.job-status to .result for proper GitHub Actions status checking
  3. Enhanced Dependabot config - Adds cooldown periods, assignees, and grouping for better dependency management
  4. Additional secrets - Properly adds SLACK_CHANNEL secret to Slack notification workflows

Recommendations:

  1. Testing - Verify the new Dependabot cooldown and grouping features work as expected in production
  2. Documentation - Consider updating CHANGELOG.md to document the workflow standardization
  3. Monitoring - Watch for the first Dependabot run to ensure the cooldown and grouping work correctly

Notes on .vscode/cspell.json:

  • The alphabetization of words improves maintainability
  • Formatting appears consistent with JSON standards

No blocking issues identified. This PR is ready to merge.

Automated code review analyzing defects and coding standards

@github-actions
Copy link

github-actions bot commented Feb 17, 2026

Super-linter summary

Language Validation result
CHECKOV Pass ✅
GITHUB_ACTIONS Pass ✅
GITHUB_ACTIONS_ZIZMOR Pass ✅
GITLEAKS Pass ✅
GIT_MERGE_CONFLICT_MARKERS Pass ✅
JSCPD Pass ✅
PRE_COMMIT Pass ✅
SPELL_CODESPELL Pass ✅
TRIVY Pass ✅
YAML Fail ❌
YAML_PRETTIER Fail ❌

Super-linter detected linting errors

For more information, see the GitHub Actions workflow run

Powered by Super-linter

YAML 
/github/workspace/.github/dependabot.yml:1:1: [warning] missing document start "---" (document-start)
/github/workspace/.github/dependabot.yml:23:1: [error] too many blank lines (1 > 0) (empty-lines)
/github/workspace/.github/workflows/add-labels-standardized.yaml:1:1: [warning] missing document start "---" (document-start)
/github/workspace/.github/workflows/add-labels-standardized.yaml:22:81: [warning] line too long (104 > 80 characters) (line-length)
/github/workspace/.github/workflows/add-to-project-g2-python-dependabot.yaml:1:1: [warning] missing document start "---" (document-start)
/github/workspace/.github/workflows/add-to-project-g2-python-dependabot.yaml:21:81: [warning] line too long (113 > 80 characters) (line-length)
/github/workspace/.github/workflows/add-to-project-g2-python.yaml:1:1: [warning] missing document start "---" (document-start)
/github/workspace/.github/workflows/add-to-project-g2-python.yaml:24:81: [warning] line too long (102 > 80 characters) (line-length)
/github/workspace/.github/workflows/dependabot-approve-and-merge.yaml:1:1: [warning] missing document start "---" (document-start)
/github/workspace/.github/workflows/lint-workflows.yaml:1:1: [warning] missing document start "---" (document-start)
/github/workspace/.github/workflows/move-pr-to-done-dependabot.yaml:1:1: [warning] missing document start "---" (document-start)
YAML_PRETTIER 
Checking formatting...[�[33mwarn�[39m] .github/dependabot.yml
[�[33mwarn�[39m] Code style issues found in the above file. Run Prettier with --write to fix.

@github-actions
Copy link

github-actions bot commented Feb 17, 2026

Super-linter summary

Language Validation result
CHECKOV Pass ✅
GITHUB_ACTIONS Pass ✅
GITHUB_ACTIONS_ZIZMOR Pass ✅
GITLEAKS Pass ✅
GIT_MERGE_CONFLICT_MARKERS Pass ✅
JSCPD Pass ✅
PRE_COMMIT Pass ✅
SPELL_CODESPELL Pass ✅
TRIVY Pass ✅
YAML Pass ✅
YAML_PRETTIER Pass ✅

All files and directories linted successfully

For more information, see the GitHub Actions workflow run

Powered by Super-linter

@docktermj docktermj merged commit cc9fd4e into main Feb 17, 2026
25 checks passed
@docktermj docktermj deleted the skern-workflow-standardize branch February 17, 2026 13:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@docktermj docktermj docktermj approved these changes

Assignees

@kernelsam kernelsam

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@kernelsam @docktermj