chore: add slack notification for lockfile update PRs#4
chore: add slack notification for lockfile update PRs#4devin-ai-integration[bot] wants to merge 1 commit intomainfrom
Conversation
Co-Authored-By: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
🤖 Devin AI EngineerI'll be helping with this pull request! Here's what you should know: ✅ I will automatically:
Note: I can only respond to comments from users who have write access to this repository. ⚙️ Control Options:
|
![devin-ai-integration[bot]](https://avatars.githubusercontent.com/in/811515?s=60&v=4){kind=small}
| delete-branch: true | ||
|
|
||
| - name: Notify Slack | ||
| if: steps.cpr.outputs.pull-request-url && secrets.SLACK_WEBHOOK_URL |
There was a problem hiding this comment.
🔴 secrets context in step if: conditional may always evaluate to empty string
GitHub Actions documentation states that secrets cannot be directly referenced in if: conditionals. The condition secrets.SLACK_WEBHOOK_URL on line 40 may always evaluate to an empty string (falsy), causing the Slack notification step to never execute even when the secret is provided by the calling workflow. The recommended pattern is to set the secret as an environment variable at the job level and then check env.SLACK_WEBHOOK_URL != '' in the if: condition.
Recommended pattern
Define the env at job level, then use it in the if: condition:
jobs:
update:
runs-on: ubuntu-latest
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
steps:
...
- name: Notify Slack
if: steps.cpr.outputs.pull-request-url && env.SLACK_WEBHOOK_URL
run: |
curl -sf -X POST "$SLACK_WEBHOOK_URL" ...Prompt for agents
The `if` condition on line 40 references `secrets.SLACK_WEBHOOK_URL` directly, which GitHub Actions documentation warns against — secrets may not be accessible in `if:` conditionals and may always evaluate as empty. The fix is to set the secret as a job-level environment variable and reference it via `env` context instead.
In .github/workflows/update-lockfile.yaml, add an `env` block at the job level (under `jobs.update`) mapping SLACK_WEBHOOK_URL to the secret, then change the `if:` condition from `secrets.SLACK_WEBHOOK_URL` to `env.SLACK_WEBHOOK_URL`. You can then remove the step-level `env` block since it's already defined at the job level.
Job-level env:
jobs:
update:
runs-on: ubuntu-latest
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
Step if condition change:
if: steps.cpr.outputs.pull-request-url && env.SLACK_WEBHOOK_URL
Was this helpful? React with 👍 or 👎 to provide feedback.
1 participant
Summary
Adds a Slack webhook notification step to the reusable update-lockfile workflow. Accepts an optional
SLACK_WEBHOOK_URLsecret — when provided, posts the PR URL to Slack after a lockfile update PR is created.Changes
SLACK_WEBHOOK_URLas an optional secret inworkflow_callType of Change
Testing
Checklist
Notes
Merge this before the benchmark service caller PRs so the secret is accepted. The secret is optional (
required: false) so existing callers won't break ifSLACK_WEBHOOK_URLisn't provisioned yet.Link to Devin session: https://app.devin.ai/sessions/7768353d8ede429eb108f2c272e88747
Requested by: @BradenBug