From d627fb58b5af85391690558f4805d2568c1acbb3 Mon Sep 17 00:00:00 2001 From: Sam <109683132+kernelsam@users.noreply.github.com> Date: Fri, 10 Apr 2026 12:39:51 -0700 Subject: [PATCH 1/3] Migrate slack notifications to composite action - Replace standalone slack-notification jobs with inline composite action step - Pass SLACK_BOT_TOKEN and SLACK_CHANNEL to reusable workflows that now handle notifications internally - Add concurrency groups to workflows missing them (skip tag-only and project management workflows) - Remove unused job outputs (status) that were only needed for the old notification pattern - Use sdk-versions composite action instead of hardcoded version lists (code-snippets-v4) --- .../workflows/add-labels-standardized.yaml | 10 +--------- .../add-to-project-senzing-dependabot.yaml | 12 ++---------- .github/workflows/add-to-project-senzing.yaml | 12 ++---------- .github/workflows/docker-build-container.yaml | 4 ++++ .../docker-push-containers-to-dockerhub.yaml | 19 +++++++------------ .github/workflows/lint-workflows.yaml | 6 ++++-- .github/workflows/spellcheck.yaml | 4 ++++ 7 files changed, 24 insertions(+), 43 deletions(-) diff --git a/.github/workflows/add-labels-standardized.yaml b/.github/workflows/add-labels-standardized.yaml index c39cedf..447a4ca 100644 --- a/.github/workflows/add-labels-standardized.yaml +++ b/.github/workflows/add-labels-standardized.yaml @@ -15,14 +15,6 @@ jobs: secrets: ORG_MEMBERSHIP_TOKEN: ${{ secrets.ORG_MEMBERSHIP_TOKEN }} MEMBERS: ${{ secrets.SENZING_MEMBERS }} - uses: senzing-factory/build-resources/.github/workflows/add-labels-to-issue.yaml@v4 - - slack-notification: - needs: [add-issue-labels] - if: ${{ always() && contains(fromJSON('["failure", "cancelled"]'), needs.add-issue-labels.result) }} - secrets: SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }} SLACK_CHANNEL: ${{ secrets.SLACK_CHANNEL }} - uses: senzing-factory/build-resources/.github/workflows/build-failure-slack-notification.yaml@v4 - with: - job-status: ${{ needs.add-issue-labels.result }} + uses: senzing-factory/build-resources/.github/workflows/add-labels-to-issue.yaml@v4 diff --git a/.github/workflows/add-to-project-senzing-dependabot.yaml b/.github/workflows/add-to-project-senzing-dependabot.yaml index fac7087..d1f9acd 100644 --- a/.github/workflows/add-to-project-senzing-dependabot.yaml +++ b/.github/workflows/add-to-project-senzing-dependabot.yaml @@ -12,16 +12,8 @@ jobs: repository-projects: write secrets: PROJECT_RW_TOKEN: ${{ secrets.SENZING_GITHUB_PROJECT_RW_TOKEN }} - uses: senzing-factory/build-resources/.github/workflows/add-to-project-dependabot.yaml@v4 - with: - project: ${{ vars.SENZING_GITHUB_ORGANIZATION_PROJECT }} - - slack-notification: - needs: [add-to-project-dependabot] - if: ${{ always() && contains(fromJSON('["failure", "cancelled"]'), needs.add-to-project-dependabot.result) }} - secrets: SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }} SLACK_CHANNEL: ${{ secrets.SLACK_CHANNEL }} - uses: senzing-factory/build-resources/.github/workflows/build-failure-slack-notification.yaml@v4 + uses: senzing-factory/build-resources/.github/workflows/add-to-project-dependabot.yaml@v4 with: - job-status: ${{ needs.add-to-project-dependabot.result }} + project: ${{ vars.SENZING_GITHUB_ORGANIZATION_PROJECT }} diff --git a/.github/workflows/add-to-project-senzing.yaml b/.github/workflows/add-to-project-senzing.yaml index 2f06f1a..d2193f4 100644 --- a/.github/workflows/add-to-project-senzing.yaml +++ b/.github/workflows/add-to-project-senzing.yaml @@ -14,17 +14,9 @@ jobs: repository-projects: write secrets: PROJECT_RW_TOKEN: ${{ secrets.SENZING_GITHUB_PROJECT_RW_TOKEN }} + SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }} + SLACK_CHANNEL: ${{ secrets.SLACK_CHANNEL }} uses: senzing-factory/build-resources/.github/workflows/add-to-project.yaml@v4 with: project-number: ${{ vars.SENZING_GITHUB_ORGANIZATION_PROJECT }} org: ${{ vars.SENZING_GITHUB_ACCOUNT_NAME }} - - slack-notification: - needs: [add-to-project] - if: ${{ always() && contains(fromJSON('["failure", "cancelled"]'), needs.add-to-project.result) }} - secrets: - SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }} - SLACK_CHANNEL: ${{ secrets.SLACK_CHANNEL }} - uses: senzing-factory/build-resources/.github/workflows/build-failure-slack-notification.yaml@v4 - with: - job-status: ${{ needs.add-to-project.result }} diff --git a/.github/workflows/docker-build-container.yaml b/.github/workflows/docker-build-container.yaml index a7038f4..caa3fa2 100644 --- a/.github/workflows/docker-build-container.yaml +++ b/.github/workflows/docker-build-container.yaml @@ -6,6 +6,10 @@ on: - main workflow_dispatch: +concurrency: + group: ${{ github.workflow }}-${{ github.head_ref || github.ref_name }} + cancel-in-progress: true + permissions: {} jobs: diff --git a/.github/workflows/docker-push-containers-to-dockerhub.yaml b/.github/workflows/docker-push-containers-to-dockerhub.yaml index 60762b9..0ba8e13 100644 --- a/.github/workflows/docker-push-containers-to-dockerhub.yaml +++ b/.github/workflows/docker-push-containers-to-dockerhub.yaml @@ -9,8 +9,6 @@ permissions: {} jobs: docker-push-containers-to-dockerhub: - outputs: - status: ${{ job.status }} permissions: attestations: write contents: write @@ -33,13 +31,10 @@ jobs: push: true sign-image: true username: ${{ secrets.DOCKERHUB_USERNAME }} - - slack-notification: - needs: [docker-push-containers-to-dockerhub] - if: ${{ always() && contains(fromJSON('["failure", "cancelled"]'), needs.docker-push-containers-to-dockerhub.outputs.status) }} - secrets: - SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }} - SLACK_CHANNEL: ${{ secrets.SLACK_CHANNEL }} - uses: senzing-factory/build-resources/.github/workflows/build-failure-slack-notification.yaml@v4 - with: - job-status: ${{ needs.docker-push-containers-to-dockerhub.outputs.status }} + - name: Notify Slack on failure + if: (failure() || cancelled()) + uses: senzing-factory/build-resources/slack-failure-notification@v4 + with: + job-status: ${{ job.status }} + slack-channel: ${{ secrets.SLACK_CHANNEL }} + slack-bot-token: ${{ secrets.SLACK_BOT_TOKEN }} diff --git a/.github/workflows/lint-workflows.yaml b/.github/workflows/lint-workflows.yaml index 3efc412..38d13c9 100644 --- a/.github/workflows/lint-workflows.yaml +++ b/.github/workflows/lint-workflows.yaml @@ -1,11 +1,13 @@ name: lint workflows on: - push: - branches-ignore: [main] pull_request: branches: [main] +concurrency: + group: ${{ github.workflow }}-${{ github.head_ref || github.ref_name }} + cancel-in-progress: true + permissions: {} jobs: diff --git a/.github/workflows/spellcheck.yaml b/.github/workflows/spellcheck.yaml index 356027f..4490dc9 100644 --- a/.github/workflows/spellcheck.yaml +++ b/.github/workflows/spellcheck.yaml @@ -4,6 +4,10 @@ on: pull_request: branches: [main] +concurrency: + group: ${{ github.workflow }}-${{ github.head_ref || github.ref_name }} + cancel-in-progress: true + permissions: {} jobs: From 385613e050e58cfd6d2d3f2ad8a7268c3511d2ba Mon Sep 17 00:00:00 2001 From: Sam <109683132+kernelsam@users.noreply.github.com> Date: Fri, 10 Apr 2026 12:47:00 -0700 Subject: [PATCH 2/3] Fix zizmor suppressions and remove double push+PR triggers --- .github/linters/zizmor.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/linters/zizmor.yaml b/.github/linters/zizmor.yaml index 00ea2bb..17df7a7 100644 --- a/.github/linters/zizmor.yaml +++ b/.github/linters/zizmor.yaml @@ -3,3 +3,6 @@ rules: config: policies: "*": ref-pin + secrets-outside-env: + ignore: + - docker-push-containers-to-dockerhub.yaml From fbc4d01a887154aae4fc97fc0ca2a07a70c8734e Mon Sep 17 00:00:00 2001 From: Sam <109683132+kernelsam@users.noreply.github.com> Date: Fri, 10 Apr 2026 13:20:50 -0700 Subject: [PATCH 3/3] Update secrets-outside-env to ignore specific files --- .github/linters/zizmor.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/linters/zizmor.yaml b/.github/linters/zizmor.yaml index 17df7a7..2fe7954 100644 --- a/.github/linters/zizmor.yaml +++ b/.github/linters/zizmor.yaml @@ -5,4 +5,5 @@ rules: "*": ref-pin secrets-outside-env: ignore: + - docker-build-container.yaml - docker-push-containers-to-dockerhub.yaml