Bump senzing-factory/build-resources/.github/workflows/add-to-project.yaml from 3 to 4

[dependabot]

Bumps senzing-factory/build-resources/.github/workflows/add-to-project.yaml from 3 to 4.

Release notes

Sourced from senzing-factory/build-resources/.github/workflows/add-to-project.yaml's releases.

4.0.0

What's Changed

• #260 make shared workflows generic, misc cleanup by @​kernelsam in senzing-factory/build-resources#261

Full Changelog: senzing-factory/build-resources@v3...4.0.0

3.0.31

What's Changed

• Bump super-linter/super-linter from 8.4.0 to 8.5.0 by @​dependabot[bot] in senzing-factory/build-resources#257
• if the PR's REFRESHED_AT matches main's value, it only passes if that… by @​kernelsam in senzing-factory/build-resources#259

Full Changelog: senzing-factory/build-resources@v3...3.0.31

3.0.30

What's Changed

• Bump super-linter/super-linter from 8.3.1 to 8.3.2 by @​dependabot[bot] in senzing-factory/build-resources#254
• Bump actions/download-artifact from 6 to 7 by @​dependabot[bot] in senzing-factory/build-resources#250
• Bump super-linter/super-linter from 8.3.2 to 8.4.0 by @​dependabot[bot] in senzing-factory/build-resources#255
• Bump actions/upload-artifact from 5 to 6 by @​dependabot[bot] in senzing-factory/build-resources#249
• Fix regex for filtering GitHub workflows by @​kernelsam in senzing-factory/build-resources#256

Full Changelog: senzing-factory/build-resources@v3...3.0.30

3.0.29

What's Changed

• Bump super-linter/super-linter from 8.3.0 to 8.3.1 by @​dependabot[bot] in senzing-factory/build-resources#252
• Remove validation for natural language in workflows by @​kernelsam in senzing-factory/build-resources#253

Full Changelog: senzing-factory/build-resources@v3...3.0.29

3.0.28

What's Changed

• Add Markdown formatting guidelines to PR template by @​kernelsam in senzing-factory/build-resources#244
• Enhance PR review instructions for local and GitHub by @​kernelsam in senzing-factory/build-resources#246
• 247 dockter 1 by @​docktermj in senzing-factory/build-resources#248

New Contributors

• @​docktermj made their first contribution in senzing-factory/build-resources#248

Full Changelog: senzing-factory/build-resources@v3...3.0.28

3.0.27

Full Changelog: senzing-factory/build-resources@v3...3.0.27

3.0.26

Full Changelog: senzing-factory/build-resources@v3...3.0.26

... (truncated)

Changelog

Sourced from senzing-factory/build-resources/.github/workflows/add-to-project.yaml's changelog.

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, markdownlint, and this project adheres to Semantic Versioning.

[Unreleased]

• Thing 5
• Thing 4

[1.0.1] - yyyy-mm-dd

Added to 1.0.1

• Thing 3

Fixed in 1.0.1

• Thing 2

[1.0.0] - yyyy-mm-dd

Added to 1.0.0

• Thing 2
• Thing 1

Commits

• 52eb86b bump tags to v4, slack channel override, missing claude settings (#262)
• 08fb769 #260 make shared workflows generic, misc cleanup (#261)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

---

Resolves #260
Resolves #262
Resolves #261
Resolves senzing-factory/build-resources#261
Resolves senzing-factory/build-resources#257
Resolves senzing-factory/build-resources#259
Resolves senzing-factory/build-resources#254
Resolves senzing-factory/build-resources#250
Resolves senzing-factory/build-resources#255
Resolves senzing-factory/build-resources#249
Resolves senzing-factory/build-resources#256
Resolves senzing-factory/build-resources#252
Resolves senzing-factory/build-resources#253
Resolves senzing-factory/build-resources#244
Resolves senzing-factory/build-resources#246
Resolves senzing-factory/build-resources#248

[github-actions]

🤖 Claude Code Review

Code Review Analysis

Code Quality

✅ Code follows style guide - The change is a simple version bump in a GitHub Actions workflow file, which doesn't involve code style considerations.

✅ No commented-out code - No commented code present.

✅ Meaningful variable names - N/A for this change (workflow version bump only).

✅ DRY principle followed - N/A for this change.

✅ Identify Defects - No bugs, logic errors, or security vulnerabilities detected. This is a straightforward version upgrade from v3 to v4 of the add-to-project.yaml workflow.

⚠️ Project memory consideration - No .claude/CLAUDE.md file found in the repository to review against.

Testing

⚠️ Testing considerations - This is a GitHub Actions workflow version bump. Testing would require:

• Verifying that the v4 version of the workflow exists in the senzing-factory/build-resources repository
• Ensuring the workflow inputs/outputs remain compatible
• Checking the changelog/release notes for v4 to understand breaking changes

Recommendation: Review the release notes for senzing-factory/build-resources/.github/workflows/add-to-project.yaml@v4 to confirm compatibility.

Documentation

⚠️ CHANGELOG.md - No CHANGELOG.md update included in this PR. Consider documenting this infrastructure change.

✅ Other documentation - README/API docs not affected by this workflow change.

Security

✅ No hardcoded credentials - Credentials are properly passed via secrets and vars.

✅ Proper error handling - N/A for workflow version reference.

✅ No sensitive data - No sensitive data or .lic files detected.

✅ No AQAAAD strings - No license strings found.

---

Summary

Overall Assessment: ✅ APPROVED with minor recommendations

The change is a straightforward version bump of a reusable GitHub Actions workflow. The code quality is good, and no security concerns are present.

Recommendations:

1. Verify v4 compatibility (.github/workflows/add-to-project-app-server.yaml:17) - Before merging, confirm that version v4 of the add-to-project.yaml workflow is compatible with the current inputs (project-number, org) and that no breaking changes exist.

2. Consider CHANGELOG update - Document this infrastructure/workflow version change in CHANGELOG.md if such changes are typically tracked in your project.

3. Pattern check - If there are other workflow files using @v3 of this same workflow, consider updating them consistently in this PR or a follow-up.

---

Automated code review analyzing defects and coding standards

[github-actions]

🤖 Claude Code Review

Code Review Analysis

Review Results

Code Quality

✅ Code follows style guide - The change is a simple version bump in a GitHub Actions workflow file, which doesn't involve code styling concerns.

✅ No commented-out code - No commented code present.

✅ Meaningful variable names - N/A for this change (workflow version bump only).

✅ DRY principle followed - N/A for this change.

✅ Identify Defects - No defects identified. This is a straightforward version bump from v3 to v4 of the reusable workflow reference at .github/workflows/add-to-project-app-server.yaml:17. The change maintains all existing parameters and secrets, suggesting it's a drop-in replacement.

⚠️ Project memory consideration - No .claude/CLAUDE.md file found to validate against project-specific guidelines.

Testing

❌ Testing - No evidence of testing for workflow changes. For GitHub Actions workflow updates:

• Should verify the v4 workflow exists and is compatible
• Should confirm that the workflow inputs/outputs match expectations
• Consider testing in a non-production branch first
• Review the changelog/diff between v3 and v4 of the referenced workflow to understand breaking changes

Documentation

❌ Readme updated if needed - No README or documentation updates found explaining:

• Why the version bump is necessary
• What changed between v3 and v4
• Whether this affects other workflows

❌ CHANGELOG.md updated - No CHANGELOG.md update found documenting this infrastructure change.

✅ API docs updated - N/A for workflow files.

✅ Inline comments for complex logic - N/A, this is a simple version reference change.

✅ Markdown formatting - N/A for YAML workflow files.

Security

✅ No hardcoded credentials - Secrets are properly referenced via secrets.SENZING_GITHUB_PROJECT_RW_TOKEN.

✅ Input validation implemented - N/A for workflow version reference.

✅ Proper error handling - Error handling would be in the referenced workflow itself.

✅ No sensitive data in logs - No logging changes in this diff.

✅ No license files or AQAAAD strings - None present.

---

Summary

Overall Assessment: ⚠️ Approve with Recommendations

This is a low-risk infrastructure change (GitHub Actions workflow version bump), but lacks proper documentation and testing validation.

Required Actions:

1. Add CHANGELOG.md entry documenting this workflow version update
2. Verify compatibility by reviewing changes between v3 and v4 of senzing-factory/build-resources/.github/workflows/add-to-project.yaml

Recommended Actions:

1. Document the reason for the upgrade in commit message or PR description
2. Verify the workflow runs successfully after merge
3. Consider adding workflow testing strategy for future infrastructure changes

---

Automated code review analyzing defects and coding standards

[github-actions]

🤖 Claude Code Review

I'll perform a code review of this pull request diff immediately.

Code Review Analysis

Pull Request Summary

This PR updates a GitHub Actions workflow reference from v3 to v4 for the add-to-project.yaml workflow in the app-server project configuration.

---

Checklist Evaluation

Code Quality

✅ Code follows style guide - This is a GitHub Actions workflow YAML file. The formatting is correct and follows standard YAML conventions.

✅ No commented-out code - No commented code present.

✅ Meaningful variable names - All variables and references are clear (project-number, org, etc.).

✅ DRY principle followed - N/A for this simple version bump change.

✅ Identify Defects - No bugs, logic errors, or security vulnerabilities identified. However:

• ⚠️ Potential Issue: The change updates the workflow version from v3 to v4. Without seeing the changelog or documentation for the senzing-factory/build-resources repository, I cannot verify if this is a breaking change or if any additional parameters or configuration changes are required in .github/workflows/add-to-project-app-server.yaml:17.
• The workflow secrets and variables appear to remain compatible.

✅ Project memory consideration - No .claude/CLAUDE.md found in the repository based on the git status provided.

Testing

⚠️ Testing Requirements - For workflow changes:

• ❓ Workflow testing: This change cannot be fully validated until it runs in the GitHub Actions environment. The workflow should be monitored after merge to ensure it functions correctly with v4.
• N/A for traditional unit/integration tests (this is infrastructure code).

Documentation

⚠️ Documentation checks:

• ❓ CHANGELOG.md: Based on git status, no CHANGELOG.md update is visible in this diff. If this repository maintains a changelog, it should document this dependency version update.
• ✅ Readme: Likely doesn't need updating for an internal workflow version bump.
• ✅ API docs: N/A for workflow configuration.
• ✅ Inline comments: No complex logic requiring comments.

Security

✅ No hardcoded credentials - Uses proper GitHub secrets (SENZING_GITHUB_PROJECT_RW_TOKEN) and variables.

✅ Input validation: Relies on the upstream workflow for validation.

✅ Proper error handling: Delegated to the reusable workflow.

✅ No sensitive data in logs: No sensitive data exposed.

✅ No license files: No .lic files or AQAAAD strings present in this change.

---

Summary

Overall Assessment: ✅ APPROVED with minor recommendations

This is a straightforward dependency version update. The code quality is good, and there are no security concerns.

Recommendations:

1. Before merging: Verify the v4 changelog of senzing-factory/build-resources/.github/workflows/add-to-project.yaml to ensure there are no breaking changes or required parameter updates.

2. After merging: Monitor the first workflow run to confirm v4 works as expected with the existing configuration.

3. Optional: If the repository maintains a CHANGELOG.md, consider adding an entry documenting this workflow dependency update.

---

Automated code review analyzing defects and coding standards

[github-actions]

🤖 Claude Code Review

Now let me analyze the pull request diff systematically:

Code Review - GitHub Actions Workflow Update

Code Quality

✅ Code follows style guide: The change is a simple version bump in a GitHub Actions workflow file. YAML syntax is correct and properly formatted.

✅ No commented-out code: No commented-out code present.

✅ Meaningful variable names: N/A - This is a workflow configuration file with appropriate naming conventions.

✅ DRY principle followed: N/A - Single line change, no repetition.

✅ Identify Defects: No bugs, logic errors, or security vulnerabilities detected. The change updates a reusable workflow reference from v3 to v4, which is a standard dependency update pattern.

✅ Project memory configuration: No ./.claude/CLAUDE.md file exists at the project root (attempted read failed), so this criterion does not apply.

Testing

❌ Unit tests for new functions: N/A - This is a workflow configuration change, not a code change requiring unit tests.

❌ Integration tests for new endpoints: N/A - No new endpoints added.

❌ Edge cases covered: N/A - Workflow configuration change.

❌ Test coverage > 80%: N/A - Not applicable to workflow configuration files.

Documentation

❌ Readme updated if needed: The README.md does not appear to require updates for this infrastructure change.

❌ API docs updated: N/A - No API changes.

❌ Inline comments for complex logic: N/A - Workflow file is self-explanatory.

❌ CHANGELOG.md updated: This change should potentially be documented in CHANGELOG.md (.github/workflows/add-to-project-app-server.yaml:17). While infrastructure updates are often not included in changelogs for end-user-facing projects, if this represents a significant workflow change, it may warrant documentation. This is a minor concern.

✅ Markdown files follow CommonMark specification: The changed file is YAML, not Markdown. No Markdown formatting issues detected in the diff.

Security

✅ No hardcoded credentials: No credentials hardcoded. The workflow properly uses GitHub secrets via ${{ secrets.SENZING_GITHUB_PROJECT_RW_TOKEN }}.

✅ Input validation implemented: N/A - Workflow configuration file.

✅ Proper error handling: The workflow includes a slack-notification job that handles failures, which is appropriate.

✅ No sensitive data in logs: No sensitive data would be logged by this change.

✅ License files flagged: No .lic files or AQAAAD strings detected in the diff.

---

Summary

Overall Assessment: ✅ APPROVED

This is a straightforward and safe dependency update that bumps the reusable workflow reference from v3 to v4. The change:

• Maintains proper security practices (using secrets appropriately)
• Follows standard GitHub Actions patterns
• Is syntactically correct
• Does not introduce any defects or vulnerabilities

Minor Recommendation: Consider adding a brief entry to CHANGELOG.md if workflow version updates are tracked for your project's release process. This is optional and depends on your documentation standards.

Automated code review analyzing defects and coding standards

[github-actions]

🤖 Claude Code Review

⚠️ No file changes detected - skipping code review.

This PR appears to contain only metadata changes (labels, description, etc.).