Skip to content

chore: add slack notification for lockfile update PRs #4

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
devin-ai-integration wants to merge 1 commit into from
Closed

chore: add slack notification for lockfile update PRs #4

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 12 additions & 0 deletions .github/workflows/update-lockfile.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,8 @@ on:
secrets:
GH_PAT:
required: true
SLACK_WEBHOOK_URL:
required: false

jobs:
update:
Expand All @@ -23,6 +25,7 @@ jobs:
run: uv lock --upgrade-package create-benchmark-service

- uses: peter-evans/create-pull-request@v8
id: cpr
with:
token: ${{ secrets.GH_PAT }}
commit-message: 'chore: update create-benchmark-service lockfile'
Expand All @@ -32,3 +35,12 @@ jobs:
Tests, lint, and typecheck must pass before merge.
branch: chore/update-cbs-lockfile
delete-branch: true

- name: Notify Slack
if: steps.cpr.outputs.pull-request-url && secrets.SLACK_WEBHOOK_URL
Copy link
Copy Markdown
Contributor Author

@devin-ai-integration devin-ai-integration Bot Apr 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔴 secrets context in step if: conditional may always evaluate to empty string

GitHub Actions documentation states that secrets cannot be directly referenced in if: conditionals. The condition secrets.SLACK_WEBHOOK_URL on line 40 may always evaluate to an empty string (falsy), causing the Slack notification step to never execute even when the secret is provided by the calling workflow. The recommended pattern is to set the secret as an environment variable at the job level and then check env.SLACK_WEBHOOK_URL != '' in the if: condition.

Recommended pattern

Define the env at job level, then use it in the if: condition:

jobs:
  update:
    runs-on: ubuntu-latest
    env:
      SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
    steps:
      ...
      - name: Notify Slack
        if: steps.cpr.outputs.pull-request-url && env.SLACK_WEBHOOK_URL
        run: |
          curl -sf -X POST "$SLACK_WEBHOOK_URL" ...
Prompt for agents 
The `if` condition on line 40 references `secrets.SLACK_WEBHOOK_URL` directly, which GitHub Actions documentation warns against — secrets may not be accessible in `if:` conditionals and may always evaluate as empty. The fix is to set the secret as a job-level environment variable and reference it via `env` context instead.

In .github/workflows/update-lockfile.yaml, add an `env` block at the job level (under `jobs.update`) mapping SLACK_WEBHOOK_URL to the secret, then change the `if:` condition from `secrets.SLACK_WEBHOOK_URL` to `env.SLACK_WEBHOOK_URL`. You can then remove the step-level `env` block since it's already defined at the job level.

Job-level env:
  jobs:
    update:
      runs-on: ubuntu-latest
      env:
        SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}

Step if condition change:
  if: steps.cpr.outputs.pull-request-url && env.SLACK_WEBHOOK_URL
Open in Devin Review

Was this helpful? React with 👍 or 👎 to provide feedback.

run: |
curl -sf -X POST "$SLACK_WEBHOOK_URL" \
-H 'Content-Type: application/json' \
-d "{\"text\":\"📦 Lockfile update PR (${{ github.repository }}): ${{ steps.cpr.outputs.pull-request-url }}\"}"
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}