Skip to content

Comments

standardize workflows for build-resources v4#282

Merged
docktermj merged 2 commits intomainfrom
skern-workflow-standardize
Feb 17, 2026
Merged

standardize workflows for build-resources v4#282
docktermj merged 2 commits intomainfrom
skern-workflow-standardize

Conversation

@kernelsam
Copy link
Contributor

@kernelsam kernelsam commented Feb 16, 2026

Summary

  • Rename reusable workflow secret keys for build-resources v4
  • Replace .outputs.job-status with .result
  • Add SLACK_CHANNEL secret to slack notification callers
  • Bump all build-resources workflow refs to @v4
  • Standardize dependabot config (cooldown, groups, assignees)
  • Add kernelsam and cooldown to cspell dictionary

@kernelsam kernelsam requested a review from a team as a code owner February 16, 2026 22:15
@kernelsam kernelsam self-assigned this Feb 16, 2026
@kernelsam kernelsam force-pushed the skern-workflow-standardize branch from 8a3e778 to c1a6eeb Compare February 16, 2026 22:34
@kernelsam kernelsam force-pushed the skern-workflow-standardize branch from c1a6eeb to 99d2adb Compare February 16, 2026 22:46
@github-actions
Copy link
Contributor

github-actions bot commented Feb 17, 2026

🤖 Claude Code Review

Code Review Results

Summary

This PR standardizes GitHub workflow configurations to use build-resources@v4 across all workflow files. The changes are primarily configuration updates with improved secret naming conventions and workflow dependency handling.

Code Quality ✅

Code Style Guide Compliance ✅

All changes follow YAML formatting standards and maintain consistency with the codebase.

No Commented-Out Code ✅

No commented-out code present in the diff.

Meaningful Variable Names ✅

All variable and secret names are clear and descriptive:

  • PROJECT_RW_TOKEN, CODEOWNER_PR_RW_TOKEN, GPG_PRIVATE_KEY - Clear and consistent naming
  • Secret name standardization improves readability (e.g., SENZING_MEMBERSMEMBERS)

DRY Principle ✅

Changes apply consistent patterns across all workflow files, reducing duplication.

Defects ❌

Issue 1: Potential Breaking Change in .github/dependabot.yml:9-10

exclude:
  - "senzing-factory/*"

The exclude directive under cooldown is not a valid Dependabot configuration option. According to GitHub's Dependabot documentation, cooldown only supports default-days. This will likely cause a validation error or be silently ignored.

Recommendation: Remove lines 9-10 or move the exclude logic elsewhere if filtering is needed.

Testing ⚠️

Unit Tests N/A

No testable code changes - these are configuration files.

Integration Tests N/A

Workflow changes will be validated automatically when workflows run.

Edge Cases ⚠️

  • Missing: Should verify that all referenced secrets exist in the repository settings:
    • SLACK_CHANNEL (newly added across multiple files)
    • Updated secret names (MEMBERS, PROJECT_RW_TOKEN, CODEOWNER_PR_RW_TOKEN, GIT_ACTOR, GPG_PASSPHRASE, GPG_PRIVATE_KEY)

Test Coverage N/A

Not applicable to workflow configuration files.

Documentation ❌

README Updated N/A

No README changes needed for internal workflow updates.

API Docs N/A

No API changes.

Inline Comments ✅

YAML files are self-documenting; no additional comments needed.

CHANGELOG.md ❌

Missing: The CHANGELOG.md at .github/workflows/../../../CHANGELOG.md:1-197 has not been updated to document this infrastructure change. While this is an internal workflow update, it represents a significant standardization effort that should be noted.

Recommendation: Add entry to CHANGELOG.md:

## [Unreleased]

### Changed
- Standardized GitHub workflows to use build-resources@v4
- Updated secret naming conventions for improved consistency

Markdown Formatting ✅

The .github/dependabot.yml file correctly adds the YAML document separator (---) at the top, following best practices. All workflow YAML files are properly formatted.

Security ✅

No Hardcoded Credentials ✅

All sensitive values use GitHub secrets (${{ secrets.* }}).

Input Validation ✅

Workflow inputs are properly validated through GitHub's workflow syntax.

Proper Error Handling ✅

All workflows include failure notification jobs with appropriate conditionals:

  • if: ${{ always() && contains(fromJSON('["failure", "cancelled"]'), needs.*.result) }}

No Sensitive Data in Logs ✅

All secrets are properly masked in GitHub Actions by default.

License Files ✅

No .lic files or AQAAAD strings detected in the diff.

Additional Observations

Improvements in This PR ✅

  1. Consistent secret naming: Removed SENZING_ prefix from generic secrets used in reusable workflows
  2. Better dependency tracking: Changed from outputs.job-status to .result for more reliable job status checks (.github/workflows/add-labels-standardized.yaml:22, add-to-project-garage-dependabot.yaml:20, add-to-project-garage.yaml:23, go-proxy-pull.yaml:27, etc.)
  3. Added missing SLACK_CHANNEL secret: Now explicitly passed to notification workflows (.github/workflows/add-labels-standardized.yaml:25, add-to-project-garage-dependabot.yaml:24, etc.)
  4. Dependabot grouping: Added senzing-factory group to reduce PR noise (.github/dependabot.yml:12-15)
  5. Improved permissions: Updated pull-requests permission from read to write in lint-workflows.yaml:18 for better integration

Final Verdict

Status: ⚠️ Approve with Minor Fixes Required

Critical Issues:

  1. Fix invalid exclude directive in .github/dependabot.yml:9-10

Recommended Improvements:

  1. Update CHANGELOG.md to document the workflow standardization
  2. Verify all new/renamed secrets exist in repository settings before merging

Files Requiring Changes:

  • .github/dependabot.yml:9-10 - Remove invalid exclude under cooldown
  • CHANGELOG.md - Add entry documenting workflow updates

Once the critical Dependabot configuration issue is resolved, this PR can be merged safely.

Automated code review analyzing defects and coding standards

@github-actions
Copy link
Contributor

github-actions bot commented Feb 17, 2026

Super-linter summary

Language Validation result
CHECKOV Pass ✅
GITHUB_ACTIONS Pass ✅
GITHUB_ACTIONS_ZIZMOR Pass ✅
GITLEAKS Pass ✅
GIT_MERGE_CONFLICT_MARKERS Pass ✅
JSCPD Pass ✅
PRE_COMMIT Pass ✅
SPELL_CODESPELL Pass ✅
TRIVY Pass ✅
YAML Pass ✅
YAML_PRETTIER Pass ✅

All files and directories linted successfully

For more information, see the GitHub Actions workflow run

Powered by Super-linter

@docktermj docktermj enabled auto-merge (squash) February 17, 2026 13:36
@docktermj docktermj self-assigned this Feb 17, 2026
@docktermj docktermj requested a review from a team as a code owner February 17, 2026 13:49
@github-actions
Copy link
Contributor

github-actions bot commented Feb 17, 2026

🤖 Claude Code Review

Code Review - PR: Standardize workflows for build-resources v4

Review Against Checklist

✅ Code Quality

✅ Code follows style guide

  • The changes primarily affect YAML configuration files and minimal Go code
  • Go code changes in cmd/docs.go:20-26 follow proper formatting with appropriate blank lines between logical blocks
  • YAML files are properly formatted with consistent quoting and structure

✅ No commented-out code

  • No commented-out code added in this PR
  • The dependabot.yml file actually removes commented code (lines with # Please see...)

✅ Meaningful variable names

  • No new variables introduced; existing variable names remain unchanged

✅ DRY principle followed

  • Changes are configuration updates that don't introduce duplication
  • Workflow standardization across files reduces overall duplication in the repository

✅ No defects identified

  • No bugs, logic errors, or race conditions introduced
  • Changes are primarily configuration updates to use build-resources v4
  • Go code changes only add blank lines for readability

⚠️ Project memory configuration consideration

  • .claude/CLAUDE.md:36-38 contains environment-specific path /opt/senzing/er/lib
  • This is acceptable as it's a standard installation path for Senzing, not a developer-specific local path

✅ Testing

✅ Unit tests not required

  • Changes are configuration-only (GitHub Actions workflows and dependabot)
  • Minor Go formatting changes (cmd/docs.go) don't alter logic

✅ Integration tests not required

  • No new endpoints or functionality added

✅ Edge cases not applicable

  • Configuration changes don't have edge cases to test

✅ Test coverage maintained

  • No changes to test coverage; existing coverage checks remain at 50% threshold (.github/coverage/testcoverage.yaml:18,22,26)

✅ Documentation

✅ README update not needed

  • No functional changes requiring README updates

✅ API docs not applicable

  • No API changes

✅ Inline comments not needed

  • Changes are self-explanatory configuration updates

❌ CHANGELOG.md not updated

  • CRITICAL: CHANGELOG.md has not been updated for this PR
  • This PR standardizes workflows for build-resources v4, which should be documented
  • Location: /home/runner/work/serve-http/serve-http/CHANGELOG.md:8 (Unreleased section is empty)
  • Recommendation: Add entry under ## [Unreleased] section: 
    ### Changed in Unreleased

- Standardize GitHub Actions workflows to build-resources v4
- Update dependabot configuration with senzing-factory grouping

✅ Markdown files properly formatted

  • All YAML changes follow proper formatting
  • Consistent quoting style applied throughout

✅ Security

✅ No hardcoded credentials

  • All secrets properly referenced via ${{ secrets.* }}
  • Secret names standardized (e.g., SENZING_MEMBERSMEMBERS, SENZING_GITHUB_CODEOWNER_PR_RW_TOKENCODEOWNER_PR_RW_TOKEN)

✅ Input validation implemented

  • Not applicable for configuration changes

✅ Proper error handling

  • Workflow error handling unchanged; uses standard GitHub Actions patterns

✅ No sensitive data in logs

  • No logging changes introduced

✅ No license files checked in

  • No .lic files or strings starting with AQAAAD found in diff

Summary

Issues Found:

  1. ❌ CRITICAL - CHANGELOG.md not updated
    • File: /home/runner/work/serve-http/serve-http/CHANGELOG.md:8
    • This PR makes significant configuration changes that should be documented

Recommendations:

  1. Update CHANGELOG.md to document the workflow standardization changes
  2. Consider adding a brief comment in one of the workflow files explaining the v3 → v4 migration if there are breaking changes (though this appears to be a smooth upgrade)

Positive Aspects:

  • ✅ Consistent standardization across all workflow files
  • ✅ Proper secret management with renamed but correctly referenced secrets
  • ✅ Added Slack channel configuration for better notifications
  • ✅ Improved dependabot configuration with grouping for senzing-factory updates
  • ✅ Minor code formatting improvements in cmd/docs.go improve readability
  • ✅ Changed from outputs.job-status to result for better GitHub Actions compatibility
  • ✅ Added pull-requests: write permission to lint-workflows.yaml:18 for better integration

Overall Assessment: The PR is well-structured and improves the repository's CI/CD configuration. The only blocking issue is the missing CHANGELOG.md update, which should be added before merging.

Automated code review analyzing defects and coding standards

@github-actions
Copy link
Contributor

github-actions bot commented Feb 17, 2026

Super-linter summary

Language Validation result
CHECKOV Pass ✅
GITHUB_ACTIONS Pass ✅
GITHUB_ACTIONS_ZIZMOR Pass ✅
GITLEAKS Pass ✅
GIT_MERGE_CONFLICT_MARKERS Pass ✅
JSCPD Pass ✅
PRE_COMMIT Pass ✅
SPELL_CODESPELL Pass ✅
TRIVY Pass ✅
YAML Pass ✅
YAML_PRETTIER Pass ✅

All files and directories linted successfully

For more information, see the GitHub Actions workflow run

Powered by Super-linter

@docktermj docktermj merged commit 696591b into main Feb 17, 2026
42 checks passed
@docktermj docktermj deleted the skern-workflow-standardize branch February 17, 2026 14:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@docktermj docktermj docktermj approved these changes

Assignees

@docktermj docktermj

@kernelsam kernelsam

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@kernelsam @docktermj