Skip to content

ci: add Vault-based org membership check for community notifications#792

Merged
emilyoram merged 2 commits into
mainfrom
feat/slack-notifications
Jun 4, 2026
Merged

ci: add Vault-based org membership check for community notifications#792
emilyoram merged 2 commits into
mainfrom
feat/slack-notifications

Conversation

@emilyoram

Copy link
Copy Markdown
Contributor

Summary

Adds Vault integration to the community notification workflow so it can reliably detect org members — including those with private membership — and skip false-positive community alerts.

Background

GitHub's author_association field returns CONTRIBUTOR instead of MEMBER for org members who have base-permission-only access (no team/direct collaborator assignment). The upstream reusable workflow in sdk-infra now uses the camunda-sdk-automation GitHub App (via Vault) to check the authenticated /orgs/{org}/members/{username} endpoint.

Changes

  • Pass author-association explicitly to the reusable workflow (defense-in-depth)
  • Pass Vault secrets (VAULT_ADDR, VAULT_ROLE_ID, VAULT_SECRET_ID) to enable the authenticated org membership check

Prerequisites

Copilot AI review requested due to automatic review settings June 4, 2026 22:42

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates the repository’s Slack “community notification” GitHub Actions workflow to support a more reliable org-membership check (including private memberships) by providing Vault credentials to the upstream reusable workflow in camunda/sdk-infra.

Changes:

  • Pass author-association explicitly into the reusable workflow (to avoid event-context inheritance edge cases).
  • Provide Vault connection/AppRole secrets (VAULT_ADDR, VAULT_ROLE_ID, VAULT_SECRET_ID) so the reusable workflow can mint a GitHub App token and check /orgs/{org}/members/{username}.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@emilyoram emilyoram merged commit 652ea5e into main Jun 4, 2026
18 checks passed
@github-actions

github-actions Bot commented Jun 4, 2026

Copy link
Copy Markdown

Released in v8.9.0-alpha.8 (npm: @camunda8/sdk@8.9.0-alpha.8).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants