From 6df72bfd1ff61a50610721045d8017a837d596d6 Mon Sep 17 00:00:00 2001 From: Sam <109683132+kernelsam@users.noreply.github.com> Date: Fri, 10 Apr 2026 12:35:12 -0700 Subject: [PATCH 1/2] Migrate slack notifications to composite action - Replace standalone slack-notification jobs with inline composite action step - Pass SLACK_BOT_TOKEN and SLACK_CHANNEL to reusable workflows that now handle notifications internally - Add concurrency groups to workflows missing them (skip tag-only and project management workflows) - Remove unused job outputs (status) that were only needed for the old notification pattern - Use sdk-versions composite action instead of hardcoded version lists (code-snippets-v4) --- .../workflows/add-labels-standardized.yaml | 10 +--------- .../add-to-project-senzing-dependabot.yaml | 12 ++---------- .github/workflows/add-to-project-senzing.yaml | 12 ++---------- .github/workflows/pylint.yaml | 19 +++++++------------ 4 files changed, 12 insertions(+), 41 deletions(-) diff --git a/.github/workflows/add-labels-standardized.yaml b/.github/workflows/add-labels-standardized.yaml index 9ab803e..6a4b753 100644 --- a/.github/workflows/add-labels-standardized.yaml +++ b/.github/workflows/add-labels-standardized.yaml @@ -15,14 +15,6 @@ jobs: secrets: ORG_MEMBERSHIP_TOKEN: ${{ secrets.ORG_MEMBERSHIP_TOKEN }} MEMBERS: ${{ secrets.SENZING_MEMBERS }} - uses: senzing-factory/build-resources/.github/workflows/add-labels-to-issue.yaml@v4 - - slack-notification: - needs: [add-issue-labels] - if: ${{ always() && contains(fromJSON('["failure", "cancelled"]'), needs.add-issue-labels.result) }} - secrets: SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }} SLACK_CHANNEL: ${{ secrets.SLACK_CHANNEL }} - uses: senzing-factory/build-resources/.github/workflows/build-failure-slack-notification.yaml@v4 - with: - job-status: ${{ needs.add-issue-labels.result }} + uses: senzing-factory/build-resources/.github/workflows/add-labels-to-issue.yaml@v4 diff --git a/.github/workflows/add-to-project-senzing-dependabot.yaml b/.github/workflows/add-to-project-senzing-dependabot.yaml index 43e71dc..0477344 100644 --- a/.github/workflows/add-to-project-senzing-dependabot.yaml +++ b/.github/workflows/add-to-project-senzing-dependabot.yaml @@ -12,16 +12,8 @@ jobs: repository-projects: write secrets: PROJECT_RW_TOKEN: ${{ secrets.SENZING_GITHUB_PROJECT_RW_TOKEN }} - uses: senzing-factory/build-resources/.github/workflows/add-to-project-dependabot.yaml@v4 - with: - project: ${{ vars.SENZING_GITHUB_ORGANIZATION_PROJECT }} - - slack-notification: - needs: [add-to-project-dependabot] - if: ${{ always() && contains(fromJSON('["failure", "cancelled"]'), needs.add-to-project-dependabot.result) }} - secrets: SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }} SLACK_CHANNEL: ${{ secrets.SLACK_CHANNEL }} - uses: senzing-factory/build-resources/.github/workflows/build-failure-slack-notification.yaml@v4 + uses: senzing-factory/build-resources/.github/workflows/add-to-project-dependabot.yaml@v4 with: - job-status: ${{ needs.add-to-project-dependabot.result }} + project: ${{ vars.SENZING_GITHUB_ORGANIZATION_PROJECT }} diff --git a/.github/workflows/add-to-project-senzing.yaml b/.github/workflows/add-to-project-senzing.yaml index 169bff3..e818753 100644 --- a/.github/workflows/add-to-project-senzing.yaml +++ b/.github/workflows/add-to-project-senzing.yaml @@ -14,17 +14,9 @@ jobs: repository-projects: write secrets: PROJECT_RW_TOKEN: ${{ secrets.SENZING_GITHUB_PROJECT_RW_TOKEN }} + SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }} + SLACK_CHANNEL: ${{ secrets.SLACK_CHANNEL }} uses: senzing-factory/build-resources/.github/workflows/add-to-project.yaml@v4 with: project-number: ${{ vars.SENZING_GITHUB_ORGANIZATION_PROJECT }} org: ${{ vars.SENZING_GITHUB_ACCOUNT_NAME }} - - slack-notification: - needs: [add-to-project] - if: ${{ always() && contains(fromJSON('["failure", "cancelled"]'), needs.add-to-project.result) }} - secrets: - SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }} - SLACK_CHANNEL: ${{ secrets.SLACK_CHANNEL }} - uses: senzing-factory/build-resources/.github/workflows/build-failure-slack-notification.yaml@v4 - with: - job-status: ${{ needs.add-to-project.result }} diff --git a/.github/workflows/pylint.yaml b/.github/workflows/pylint.yaml index 9a026ce..657ee81 100644 --- a/.github/workflows/pylint.yaml +++ b/.github/workflows/pylint.yaml @@ -12,8 +12,6 @@ permissions: {} jobs: pylint: - outputs: - status: ${{ job.status }} permissions: contents: read runs-on: ubuntu-latest @@ -46,13 +44,10 @@ jobs: run: | # shellcheck disable=SC2046 pylint $(git ls-files '*.py' ':!:docs/source/*') - - slack-notification: - needs: [pylint] - if: ${{ always() && contains(fromJSON('["failure", "cancelled"]'), needs.pylint.outputs.status ) && github.ref_name == github.event.repository.default_branch }} - secrets: - SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }} - SLACK_CHANNEL: ${{ secrets.SLACK_CHANNEL }} - uses: senzing-factory/build-resources/.github/workflows/build-failure-slack-notification.yaml@v4 - with: - job-status: ${{ needs.pylint.outputs.status }} + - name: Notify Slack on failure + if: (failure() || cancelled()) && github.ref_name == github.event.repository.default_branch + uses: senzing-factory/build-resources/slack-failure-notification@v4 + with: + job-status: ${{ job.status }} + slack-channel: ${{ secrets.SLACK_CHANNEL }} + slack-bot-token: ${{ secrets.SLACK_BOT_TOKEN }} From 61d83ce22ab86816374bfee3a2184f4d6ba607aa Mon Sep 17 00:00:00 2001 From: Sam <109683132+kernelsam@users.noreply.github.com> Date: Fri, 10 Apr 2026 12:46:35 -0700 Subject: [PATCH 2/2] Fix zizmor suppressions and remove double push+PR triggers --- .github/linters/zizmor.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/linters/zizmor.yaml b/.github/linters/zizmor.yaml index 00ea2bb..4c0101b 100644 --- a/.github/linters/zizmor.yaml +++ b/.github/linters/zizmor.yaml @@ -3,3 +3,6 @@ rules: config: policies: "*": ref-pin + secrets-outside-env: + ignore: + - pylint.yaml