standardize workflows for build-resources v4

[kernelsam]

Summary

• Rename reusable workflow secret keys for build-resources v4
• Replace .outputs.job-status with .result
• Add SLACK_CHANNEL secret to slack notification callers
• Bump all build-resources workflow refs to @v4
• Standardize dependabot config (cooldown, groups, assignees)
• Add kernelsam and cooldown to cspell dictionary

[github-actions]

🤖 Claude Code Review

Code Review Analysis

Code Quality

✅ Code follows style guide: The changes are configuration/workflow updates following YAML formatting standards and GitHub Actions best practices.

✅ No commented-out code: No commented-out code in the changes.

✅ Meaningful variable names: All variable/secret names are meaningful and follow conventions (e.g., CODEOWNER_PR_RW_TOKEN, PROJECT_RW_TOKEN).

✅ DRY principle followed: The changes refactor secrets to use generic names consistently across workflows (e.g., standardizing on PROJECT_RW_TOKEN, CODEOWNER_PR_RW_TOKEN, MEMBERS, SLACK_CHANNEL).

✅ No defects identified: The changes are straightforward workflow/configuration updates with no logic errors. The key improvements are:

• Upgrading reusable workflows from v3 to v4
• Standardizing secret names for better consistency
• Adding missing SLACK_CHANNEL secret to slack notifications
• Fixing job status references from needs.*.outputs.job-status to needs.*.result (correct GitHub Actions syntax)

✅ Project memory compliance: The changes don't add any local-environment-specific configuration to ./.claude/CLAUDE.md.

Testing

⚠️ Unit tests for new functions: Not applicable - these are workflow/configuration changes, not code changes. However, the workflows themselves reference testing workflows that remain intact.

⚠️ Integration tests for new endpoints: Not applicable.

⚠️ Edge cases covered: Not applicable.

⚠️ Test coverage > 80%: The coverage configuration in .github/coverage/testcoverage.yaml:18,22,25 shows thresholds of 70% (file, package, total), not 80%. The existing test workflows continue to validate coverage, so no regression here.

Documentation

❌ CHANGELOG.md updated: The CHANGELOG.md at /home/runner/work/sz-sdk-go-mock/sz-sdk-go-mock/CHANGELOG.md:8-10 shows an empty "Unreleased" section. This PR should document the infrastructure changes made, such as:

## [Unreleased]

- Updated GitHub Actions workflows to use build-resources v4
- Standardized secret names across workflows

✅ Readme updated if needed: Not applicable - workflow updates don't require README changes.

✅ Inline comments for complex logic: Not applicable - YAML configurations are self-documenting.

✅ Markdown files follow CommonMark: All YAML files have proper formatting. The .github/dependabot.yml file is now properly formatted with:

• Added YAML document marker (---) at .github/dependabot.yml:1
• Quoted string values for consistency
• Added assignee configuration (.github/dependabot.yml:5-6)
• Added grouping configuration (.github/dependabot.yml:11-14)

Security

✅ No hardcoded credentials: All secrets properly use ${{ secrets.* }} references.

✅ Input validation implemented: Not applicable.

✅ Proper error handling: Workflows have proper failure handling with slack notifications.

✅ No sensitive data in logs: No sensitive data exposed.

✅ No license files checked in: No .lic files or AQAAAD strings present in the diff.

---

Summary

Overall Assessment: ✅ Approve with minor documentation update recommended

The PR successfully:

1. Upgrades GitHub Actions reusable workflows from v3 to v4
2. Standardizes secret names for better consistency
3. Fixes incorrect GitHub Actions syntax (needs.*.outputs.job-status → needs.*.result)
4. Adds missing SLACK_CHANNEL secret to notifications
5. Adds kernelsam as assignee for Dependabot PRs
6. Improves Dependabot configuration with cooldown exclusions and grouping

Required Action:

• Update CHANGELOG.md:8-10 to document these infrastructure improvements

Recommendations:

• Consider increasing test coverage thresholds from 70% to 80% in .github/coverage/testcoverage.yaml:18,22,25 to match the review checklist requirement (though this is beyond the scope of this PR).

---

Automated code review analyzing defects and coding standards

[github-actions]

Super-linter summary

Language	Validation result
CHECKOV	Pass ✅
GITHUB_ACTIONS	Pass ✅
GITHUB_ACTIONS_ZIZMOR	Pass ✅
GITLEAKS	Pass ✅
GIT_MERGE_CONFLICT_MARKERS	Pass ✅
JSCPD	Pass ✅
PRE_COMMIT	Pass ✅
SPELL_CODESPELL	Pass ✅
TRIVY	Pass ✅
YAML	Pass ✅
YAML_PRETTIER	Pass ✅

All files and directories linted successfully

For more information, see the GitHub Actions workflow run

Powered by Super-linter