Skip to content

feat(ci): add slack workflow to notify PSA workflow status #313

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
pankajmouriyakong wants to merge 1 commit into
base: main
Choose a base branch
from
Open

feat(ci): add slack workflow to notify PSA workflow status #313

pankajmouriyakong wants to merge 1 commit into from

Conversation

@pankajmouriyakong
Copy link
Contributor

@pankajmouriyakong pankajmouriyakong commented Sep 19, 2025

  • Configure Slack notifications for all workflow status changes (failures, successes, etc.)

@pankajmouriyakong pankajmouriyakong requested a review from a team as a code owner September 19, 2025 13:18
@github-actions
Copy link

github-actions bot commented Sep 19, 2025
edited
Loading

Luacheck Report

1 files  1 suites   0s ⏱️
4 tests 4 ✅ 0 💤 0 ❌
8 runs  8 ✅ 0 💤 0 ❌

Results for commit a91f204.

♻️ This comment has been updated with latest results.

github-advanced-security[bot]
github-advanced-security bot found potential problems Sep 19, 2025
View reviewed changes
.github/workflows/dir-scan.yml Fixed
Comment on lines 41 to 51
notify-slack:
name: Slack Notification
needs: [test-sca-dir]
# if: ${{ always() && github.event_name == 'push' && github.ref == 'refs/heads/main' }}
if: ${{ always() }}
uses: ./.github/workflows/workflow-notifications.yml
with:
workflow_name: "SCA Directory Scan Workflow"
job_status: ${{ contains(needs.*.result, 'failure') && 'failure' || contains(needs.*.result, 'success') && 'success' || 'failure' }}
secrets:
SLACK_WEBHOOK_URL_NOTIFY: ${{ secrets.SLACK_WEBHOOK_URL_NOTIFY_PUBLIC_SHARED_ACTIONS }}

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {}

Copilot Autofix

AI 3 months ago

To remedy the issue, add a permissions: block to the notify-slack job definition in .github/workflows/dir-scan.yml (starting at line 41).

  • If the job never uses GITHUB_TOKEN, set the block to permissions: {} (which disables the token).
  • If minimal read access is required, specify it directly (e.g., permissions: contents: read).
  • Since the CodeQL recommendation is to use the minimal starting point of permissions: {}, and unless you have evidence that the job requires specific fine-tuned permissions, the best fix is to add the line permissions: {} after name: Slack Notification (line 42).
  • This change should be limited to inserting a single permissions block, without affecting the rest of the workflow functionality.
Suggested changeset 1
.github/workflows/dir-scan.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/dir-scan.yml b/.github/workflows/dir-scan.yml
--- a/.github/workflows/dir-scan.yml
+++ b/.github/workflows/dir-scan.yml
@@ -40,6 +40,7 @@
   ## TODO before merge: Run only on main and push event
   notify-slack:
     name: Slack Notification
+    permissions: {}
     needs: [test-sca-dir]
     # if: ${{ always() && github.event_name == 'push' && github.ref == 'refs/heads/main' }}
     if: ${{ always()  }} 
EOF
@@ -40,6 +40,7 @@
## TODO before merge: Run only on main and push event
notify-slack:
name: Slack Notification
permissions: {}
needs: [test-sca-dir]
# if: ${{ always() && github.event_name == 'push' && github.ref == 'refs/heads/main' }}
if: ${{ always() }}
Copilot is powered by AI and may make mistakes. Always verify output.
Unable to commit as this autofix suggestion is now outdated
github-advanced-security[bot]
github-advanced-security bot found potential problems Sep 19, 2025
View reviewed changes
@pankajmouriyakong pankajmouriyakong added WIP Work is still in Progress Do-not-merge Do not merge the PR as it is not ready yet, it is WIP. labels Sep 19, 2025
saisatishkarra
saisatishkarra previously approved these changes Sep 19, 2025
View reviewed changes
Copy link
Contributor

@saisatishkarra saisatishkarra left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. please test it out

@pankajmouriyakong pankajmouriyakong force-pushed the feat/workflow-slack-notifications branch from b9de876 to f3e2495 Compare September 22, 2025 13:55
@pankajmouriyakong pankajmouriyakong force-pushed the feat/workflow-slack-notifications branch from b9a79c9 to a91f204 Compare September 22, 2025 14:09
@pankajmouriyakong
Copy link
Contributor Author

pankajmouriyakong commented Sep 22, 2025

@saisatishkarra Review required

@pankajmouriyakong pankajmouriyakong removed WIP Work is still in Progress Do-not-merge Do not merge the PR as it is not ready yet, it is WIP. labels Sep 22, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@saisatishkarra saisatishkarra saisatishkarra left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@pankajmouriyakong @saisatishkarra