Skip to content
Notify - PR Activity

fix: hard-fail rendering an image with neither a tag nor a digest #1236

Sign in to view logs

fix: hard-fail rendering an image with neither a tag nor a digest

fix: hard-fail rendering an image with neither a tag nor a digest #1236

Workflow file for this run

.github/workflows/notify-pr-activity.yml at 8786bf8
# type: Notifications
# owner: @camunda/distribution-team
---
# PR Activity Slack Notifications
#
# Sends a message to #team-distribution-github (via distro-bot) when:
# - A PR is opened or converted from draft to ready for review
# - A PR is merged
#
# Draft PRs and closed-without-merge PRs are skipped entirely.
# Bot-authored PRs are suppressed unless labelled upgrade:major (renovate major bumps).
#
# Can be called from other repos via workflow_call — pass all pr_* inputs explicitly.
#
# Message format:
# ↗ [helm] #123 feat: add support for X — review: @rev1
# ✅ [helm] #123 merged after 1d 4h
#
# Notification logic is implemented in scripts/notify-pr-activity (Go).
#
name: Notify - PR Activity
on:
# pull_request_target ensures secrets are available even for fork PRs.
# Safe here because we never checkout PR code.
pull_request_target:
types: [opened, ready_for_review, closed]
workflow_call:
inputs:
action:
description: 'PR event action: opened, ready_for_review, closed'
type: string
required: true
pr_repo:
description: 'Repository name (e.g. camunda-platform-helm)'
type: string
required: true
pr_number:
description: 'PR number'
type: string
required: true
pr_title:
description: 'PR title'
type: string
required: true
pr_url:
description: 'PR HTML URL'
type: string
required: true
pr_author:
description: 'PR author login'
type: string
required: true
pr_additions:
description: 'Lines added'
type: string
required: false
default: '0'
pr_deletions:
description: 'Lines deleted'
type: string
required: false
default: '0'
pr_merged:
description: 'Whether the PR was merged (true/false)'
type: string
required: false
default: 'false'
pr_merged_by:
description: 'Login of the user who merged the PR'
type: string
required: false
default: ''
pr_created_at:
description: 'PR creation timestamp (2006-01-02T15:04:05Z)'
type: string
required: false
default: ''
pr_merged_at:
description: 'PR merge timestamp (2006-01-02T15:04:05Z)'
type: string
required: false
default: ''
pr_reviewers_json:
description: 'JSON array of requested reviewer objects: [{"login":"user1"},...]'
type: string
required: false
default: '[]'
pr_draft:
description: 'Whether the PR is a draft (true/false)'
type: string
required: false
default: 'false'
pr_labels_json:
description: 'JSON array of label objects: [{"name":"automerge"},...]'
type: string
required: false
default: '[]'
secrets:
VAULT_ADDR:
required: true
VAULT_ROLE_ID:
required: true
VAULT_SECRET_ID:
required: true
jobs:
notify-slack:
# Skip draft PRs; only run for opened, ready_for_review, or closed (merged) events.
# Closed-without-merge suppression and bot filtering are handled in the Go script.
# When called via workflow_call, the caller controls filtering via the pr_draft input.
if: |
(github.event_name == 'workflow_call' && inputs.pr_draft != 'true') ||
(github.event_name == 'pull_request_target' &&
!github.event.pull_request.draft && (
github.event.action == 'opened' ||
github.event.action == 'ready_for_review' ||
github.event.action == 'closed'
))
runs-on: ubuntu-latest
permissions:
contents: read
timeout-minutes: 5
steps:
- name: Checkout
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
with:
sparse-checkout: scripts/notify-pr-activity
sparse-checkout-cone-mode: true
- name: Set up Go
uses: actions/setup-go@924ae3a1cded613372ab5595356fb5720e22ba16 # v6
with:
go-version-file: scripts/notify-pr-activity/go.mod
- name: Import Vault secrets
uses: hashicorp/vault-action@892a26828f195e65540a40b4768ae4571f51ebfc # v4.0.0
id: vault-secrets
with:
url: ${{ secrets.VAULT_ADDR }}
method: approle
roleId: ${{ secrets.VAULT_ROLE_ID }}
secretId: ${{ secrets.VAULT_SECRET_ID }}
secrets: |
secret/data/products/distribution/ci SLACK_DISTRO_BOT_WEBHOOK_GH;
exportEnv: false
- name: Send Slack notification
continue-on-error: true
env:
SLACK_WEBHOOK: ${{ steps.vault-secrets.outputs.SLACK_DISTRO_BOT_WEBHOOK_GH }}
# Resolve from workflow_call inputs first, fall back to pull_request_target event
GH_ACTION: ${{ inputs.action || github.event.action }}
PR_REPO: ${{ inputs.pr_repo || github.event.repository.name }}
PR_NUMBER: ${{ inputs.pr_number || github.event.pull_request.number }}
PR_TITLE: ${{ inputs.pr_title || github.event.pull_request.title }}
PR_URL: ${{ inputs.pr_url || github.event.pull_request.html_url }}
PR_AUTHOR: ${{ inputs.pr_author || github.event.pull_request.user.login }}
PR_ADDITIONS: ${{ inputs.pr_additions || github.event.pull_request.additions }}
PR_DELETIONS: ${{ inputs.pr_deletions || github.event.pull_request.deletions }}
PR_MERGED: ${{ inputs.pr_merged || github.event.pull_request.merged }}
PR_MERGED_BY: ${{ inputs.pr_merged_by || (github.event.pull_request.merged_by && github.event.pull_request.merged_by.login) || '' }}
PR_CREATED_AT: ${{ inputs.pr_created_at || github.event.pull_request.created_at }}
PR_MERGED_AT: ${{ inputs.pr_merged_at || github.event.pull_request.merged_at }}
PR_REVIEWERS_JSON: ${{ inputs.pr_reviewers_json || toJSON(github.event.pull_request.requested_reviewers) }}
PR_LABELS_JSON: ${{ inputs.pr_labels_json || toJSON(github.event.pull_request.labels) }}
run: |
cd scripts/notify-pr-activity
go run .