Skip to content

Comments

standardize workflows for build-resources v4#110

Merged
docktermj merged 1 commit intomainfrom
skern-workflow-standardize
Feb 17, 2026
Merged

standardize workflows for build-resources v4#110
docktermj merged 1 commit intomainfrom
skern-workflow-standardize

Conversation

@kernelsam
Copy link
Contributor

Summary

  • Rename reusable workflow secret keys for build-resources v4
  • Replace .outputs.job-status with .result
  • Add SLACK_CHANNEL secret to slack notification callers
  • Bump all build-resources workflow refs to @v4
  • Standardize dependabot config (cooldown, groups, assignees)
  • Add kernelsam and cooldown to cspell dictionary

@kernelsam kernelsam requested a review from a team as a code owner February 16, 2026 22:17
@kernelsam kernelsam self-assigned this Feb 16, 2026
@kernelsam kernelsam force-pushed the skern-workflow-standardize branch from 9488b10 to 8debfb4 Compare February 16, 2026 22:35
@kernelsam kernelsam force-pushed the skern-workflow-standardize branch from 8debfb4 to bda048b Compare February 16, 2026 22:47
@docktermj docktermj self-assigned this Feb 16, 2026
@docktermj docktermj enabled auto-merge (squash) February 16, 2026 23:15
@github-actions
Copy link

🤖 Claude Code Review

Code Review: Workflow Configuration Updates

Analyzing the pull request against the Senzing code review checklist.

Review Summary

This PR updates GitHub Actions workflow configurations to standardize on build-resources v4. The changes are primarily configuration updates with consistent patterns across all workflow files.


Code Quality

✅ Code Style Compliance

The changes follow proper YAML formatting conventions:

  • Consistent quote usage for string values
  • Proper indentation maintained throughout
  • Document separator (---) added at top of .github/dependabot.yml:1

✅ No Commented-Out Code

All changes are active configuration updates with no commented code.

✅ Meaningful Naming

Variable and key names are descriptive:

  • ORG_MEMBERSHIP_TOKENMEMBERS (more concise)
  • SENZING_GITHUB_PROJECT_RW_TOKENPROJECT_RW_TOKEN (clearer intent)
  • SENZING_GITHUB_CODEOWNER_PR_RW_TOKENCODEOWNER_PR_RW_TOKEN (simplified)

✅ DRY Principle

The standardization to v4 workflows eliminates duplication by centralizing workflow logic in reusable workflows.

✅ No Defects Identified

The changes are configuration updates with consistent patterns. Key observations:

  • Proper migration from outputs.job-status to result field (.github/workflows/add-labels-standardized.yaml:22,26)
  • All workflow version references updated from @v3 to @v4
  • Secret names consistently updated across all files
  • New SLACK_CHANNEL secret properly added where needed

Testing

⚠️ Testing Considerations

While this PR is configuration-only (GitHub Actions YAML), testing recommendations:

  • Manual Verification Needed: These workflow changes should be tested in a staging environment or monitored closely after merge
  • N/A Unit Tests: Configuration files don't have unit tests
  • N/A Integration Tests: Workflow testing occurs at runtime in GitHub Actions
  • N/A Test Coverage: Not applicable for YAML configuration

Recommendation: Monitor the first few workflow runs after merge to ensure v4 workflows behave as expected.


Documentation

✅ Readme Updates

Not required - these are internal workflow configuration changes that don't affect user-facing documentation.

✅ API Documentation

Not applicable - no API changes.

✅ Inline Comments

Configuration changes are self-documenting with clear key names.

❌ CHANGELOG.md Not Updated

Issue: .github/workflows/* changes represent infrastructure updates that should be documented.

Recommendation: Add entry to CHANGELOG.md:

### Changed
- Updated GitHub Actions workflows to use senzing-factory/build-resources@v4
- Standardized secret naming conventions across workflows
- Added Dependabot grouping for senzing-factory dependencies

✅ Markdown Formatting

The diff doesn't show markdown file changes. YAML files follow proper formatting conventions.


Security

✅ No Hardcoded Credentials

All sensitive values properly use GitHub secrets (${{ secrets.* }}).

✅ Input Validation

GitHub Actions handles input validation for workflow configurations.

✅ Proper Error Handling

Error handling delegated to reusable workflows with proper conditional checks:

  • .github/workflows/add-labels-standardized.yaml:22: if: ${{ always() && contains(fromJSON('["failure", "cancelled"]'), needs.add-issue-labels.result) }}

✅ No Sensitive Data in Logs

Secrets properly referenced, not exposed in workflow definitions.

✅ No License Files

No .lic files or AQAAAD strings detected in the diff.


Specific Findings

.github/dependabot.yml

Lines 10-15: New grouping configuration added

groups:
  senzing-factory:
    patterns:
      - "senzing-factory/*"

Good: This groups senzing-factory dependency updates together, reducing PR noise.

Lines 7-9: Cooldown exclusion added

cooldown:
  default-days: 21
  exclude:
    - "senzing-factory/*"

Good: Allows senzing-factory updates to bypass cooldown period, enabling faster security/bug fix adoption.

All Workflow Files

Consistent Pattern: Secret name standardization

  • SENZING_MEMBERSMEMBERS
  • SENZING_GITHUB_PROJECT_RW_TOKENPROJECT_RW_TOKEN
  • SENZING_GITHUB_CODEOWNER_PR_RW_TOKENCODEOWNER_PR_RW_TOKEN

Good: Cleaner naming convention, reduces verbosity.

New Secret: SLACK_CHANNEL added to all slack notification calls

  • Examples: Lines in add-labels-standardized.yaml:25, create-javadoc-documentation.yaml:64, etc.

Good: Makes Slack channel configurable per repository.

.github/workflows/lint-workflows.yaml

Line 16: Permission change

-      pull-requests: read
+      pull-requests: write

⚠️ Review Needed: Permission escalation from read to write. This likely aligns with v4 workflow requirements (perhaps for posting lint results), but should be verified as intentional.


Final Assessment

Category Status Critical Issues
Code Quality ✅ Pass 0
Testing ⚠️ Monitor 0
Documentation ❌ Incomplete 0
Security ✅ Pass 0

Required Actions

  1. CHANGELOG.md: Add entry documenting workflow updates

Recommended Actions

  1. Monitor first workflow runs after merge for v4 compatibility
  2. Verify pull-requests: write permission in lint-workflows.yaml is intentional

Approval Status

✅ Approved with minor documentation update needed

The code changes are well-structured and follow consistent patterns. The only missing piece is CHANGELOG documentation. No security or functional concerns identified.

Automated code review analyzing defects and coding standards

@github-actions
Copy link

Super-linter summary

Language Validation result
CHECKOV Pass ✅
GITHUB_ACTIONS Pass ✅
GITHUB_ACTIONS_ZIZMOR Pass ✅
GITLEAKS Pass ✅
GIT_MERGE_CONFLICT_MARKERS Pass ✅
JSCPD Pass ✅
PRE_COMMIT Pass ✅
SPELL_CODESPELL Pass ✅
TRIVY Pass ✅
YAML Fail ❌
YAML_PRETTIER Fail ❌

Super-linter detected linting errors

For more information, see the GitHub Actions workflow run

Powered by Super-linter

YAML
/github/workspace/.github/dependabot.yml:1:1: [warning] missing document start "---" (document-start)
/github/workspace/.github/dependabot.yml:25:1: [error] too many blank lines (1 > 0) (empty-lines)
/github/workspace/.github/workflows/maven-darwin.yaml:1:1: [warning] missing document start "---" (document-start)
/github/workspace/.github/workflows/maven-darwin.yaml:49:81: [warning] line too long (88 > 80 characters) (line-length)
/github/workspace/.github/workflows/maven-darwin.yaml:56:81: [warning] line too long (187 > 80 characters) (line-length)
/github/workspace/.github/workflows/maven-darwin.yaml:81:81: [warning] line too long (144 > 80 characters) (line-length)
/github/workspace/.github/workflows/add-labels-standardized.yaml:1:1: [warning] missing document start "---" (document-start)
/github/workspace/.github/workflows/add-labels-standardized.yaml:22:81: [warning] line too long (104 > 80 characters) (line-length)
/github/workspace/.github/workflows/maven-linux.yaml:1:1: [warning] missing document start "---" (document-start)
/github/workspace/.github/workflows/maven-linux.yaml:51:81: [warning] line too long (249 > 80 characters) (line-length)
/github/workspace/.github/workflows/maven-linux.yaml:69:81: [warning] line too long (102 > 80 characters) (line-length)
/github/workspace/.github/workflows/maven-linux.yaml:77:81: [warning] line too long (143 > 80 characters) (line-length)
/github/workspace/.github/workflows/add-to-project-garage-dependabot.yaml:1:1: [warning] missing document start "---" (document-start)
/github/workspace/.github/workflows/add-to-project-garage-dependabot.yaml:21:81: [warning] line too long (113 > 80 characters) (line-length)
/github/workspace/.github/workflows/maven-windows.yaml:1:1: [warning] missing document start "---" (document-start)
/github/workspace/.github/workflows/maven-windows.yaml:52:81: [warning] line too long (235 > 80 characters) (line-length)
/github/workspace/.github/workflows/maven-windows.yaml:77:81: [warning] line too long (145 > 80 characters) (line-length)
/github/workspace/.github/workflows/add-to-project-garage.yaml:1:1: [warning] missing document start "---" (document-start)
/github/workspace/.github/workflows/add-to-project-garage.yaml:24:81: [warning] line too long (102 > 80 characters) (line-length)
/github/workspace/.github/workflows/move-pr-to-done-dependabot.yaml:1:1: [warning] missing document start "---" (document-start)
/github/workspace/.github/workflows/claude-pr-review.yaml:1:1: [warning] missing document start "---" (document-start)
/github/workspace/.github/workflows/spellcheck.yaml:1:1: [warning] missing document start "---" (document-start)
/github/workspace/.github/workflows/create-javadoc-documentation.yaml:1:1: [warning] missing document start "---" (document-start)
/github/workspace/.github/workflows/create-javadoc-documentation.yaml:48:81: [warning] line too long (163 > 80 characters) (line-length)
/github/workspace/.github/workflows/create-javadoc-documentation.yaml:49:81: [warning] line too long (123 > 80 characters) (line-length)
/github/workspace/.github/workflows/create-javadoc-documentation.yaml:61:81: [warning] line too long (100 > 80 characters) (line-length)
/github/workspace/.github/workflows/verify-dockerfile-refreshed-at-updated.yaml:1:1: [warning] missing document start "---" (document-start)
/github/workspace/.github/workflows/dependabot-approve-and-merge.yaml:1:1: [warning] missing document start "---" (document-start)
/github/workspace/.github/workflows/docker-push-containers-to-dockerhub.yaml:1:1: [warning] missing document start "---" (document-start)
/github/workspace/.github/workflows/docker-push-containers-to-dockerhub.yaml:40:81: [warning] line too long (131 > 80 characters) (line-length)
/github/workspace/.github/workflows/docker-push-containers-to-dockerhub.yaml:46:81: [warning] line too long (81 > 80 characters) (line-length)
/github/workspace/.github/workflows/link-issues-to-pr-post-merge.yaml:1:1: [warning] missing document start "---" (document-start)
/github/workspace/.github/workflows/lint-workflows.yaml:1:1: [warning] missing document start "---" (document-start)
YAML_PRETTIER
Checking formatting...[�[33mwarn�[39m] .github/dependabot.yml
[�[33mwarn�[39m] Code style issues found in the above file. Run Prettier with --write to fix.

@github-actions
Copy link

Super-linter summary

Language Validation result
CHECKOV Pass ✅
GITHUB_ACTIONS Pass ✅
GITHUB_ACTIONS_ZIZMOR Pass ✅
GITLEAKS Pass ✅
GIT_MERGE_CONFLICT_MARKERS Pass ✅
JSCPD Pass ✅
PRE_COMMIT Pass ✅
SPELL_CODESPELL Pass ✅
TRIVY Pass ✅
YAML Pass ✅
YAML_PRETTIER Pass ✅

All files and directories linted successfully

For more information, see the GitHub Actions workflow run

Powered by Super-linter

@docktermj docktermj merged commit 7e3fc22 into main Feb 17, 2026
52 checks passed
@docktermj docktermj deleted the skern-workflow-standardize branch February 17, 2026 01:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants