Skip to content

Update workflows for build-resources v4#27

Merged
kernelsam merged 3 commits intomainfrom
skern-workflow-standardize
Feb 16, 2026
Merged

Update workflows for build-resources v4#27
kernelsam merged 3 commits intomainfrom
skern-workflow-standardize

Conversation

@kernelsam
Copy link
Contributor

@kernelsam kernelsam commented Feb 16, 2026

Summary

  • Rename secret keys for build-resources v4 (SENZING_MEMBERSMEMBERS, etc.)
  • Replace .outputs.job-status with .result
  • Bump pull-requests permission to write in lint-repo.yaml
  • Add SLACK_CHANNEL secret to slack notification callers
  • Bump all @v3/@v2 build-resources references to @v4
  • Standardize dependabot config (assignees, cooldown, groups)
  • Add kernelsam and cooldown to cspell dictionary

@kernelsam kernelsam requested review from a team as code owners February 16, 2026 19:34
@kernelsam kernelsam self-assigned this Feb 16, 2026
@kernelsam kernelsam requested a review from docktermj February 16, 2026 19:34
@github-actions
Copy link

github-actions bot commented Feb 16, 2026

🤖 Claude Code Review

PR Code Review

Code Quality

✅ Code follows style guide

No Python code changes in this PR - only YAML configuration files. The YAML formatting is consistent and follows common conventions.

✅ No commented-out code

The PR actually removes commented-out code from .github/dependabot.yml:1-2, which is a positive change.

✅ Meaningful variable names

All variable and parameter names are clear and descriptive (e.g., CODEOWNER_PR_RW_TOKEN, PROJECT_RW_TOKEN, SLACK_CHANNEL).

✅ DRY principle followed

Configuration is appropriately consolidated with reusable workflow references.

✅ No defects identified

The changes are primarily:

  • Version upgrades from @v3 to @v4 for workflow references
  • Secret name standardizations (more generic names like PROJECT_RW_TOKEN instead of SENZING_GITHUB_PROJECT_RW_TOKEN)
  • Improved Dependabot configuration with grouping and assignees
  • Consistent quote styling in YAML files

No logic errors, race conditions, or security vulnerabilities detected.

✅ Project memory considered

The .claude/CLAUDE.md file provides project context. This PR doesn't modify Python code or core functionality, so project-specific guidance is not affected. The CLAUDE.md appropriately contains no local-environment-specific configuration.

Testing

⚠️ No unit tests needed

This PR only modifies GitHub Actions workflows and Dependabot configuration. No application code changes, so unit tests are not applicable.

⚠️ No integration tests needed

Workflow changes will be tested automatically when they run in GitHub Actions.

⚠️ Edge cases not applicable

Configuration changes don't have traditional edge cases.

⚠️ Test coverage not applicable

No code coverage impact since no Python code was modified.

Documentation

✅ README not affected

No user-facing functionality changes.

✅ API docs not affected

No API changes.

✅ Inline comments appropriate

Configuration files are self-documenting. The removal of the comment in dependabot.yml is acceptable as the configuration is straightforward.

❌ CHANGELOG.md not updated

File: CHANGELOG.md (should exist at project root)

The PR makes significant changes to CI/CD workflows (v3→v4 upgrade) but doesn't update the CHANGELOG. Consider adding an entry like:

## [Unreleased]
### Changed
- Updated GitHub Actions workflows from build-resources v3 to v4
- Standardized secret names across workflows
- Enhanced Dependabot configuration with grouping and assignee support

✅ Markdown formatting

.github/dependabot.yml - YAML file, not markdown.
Other YAML files follow proper formatting conventions.

Security

✅ No hardcoded credentials

All sensitive values use GitHub secrets appropriately.

✅ Input validation not applicable

Configuration files don't process user input.

✅ Proper error handling

Workflow error handling is maintained with conditional slack notifications using if: ${{ always() && contains(fromJSON('["failure", "cancelled"]'), ...) }}.

✅ No sensitive data in logs

No logging of sensitive information.

✅ No license files checked in

No .lic files or AQAAAD strings detected in the diff.

Summary

Overall Assessment: ✅ APPROVED with minor documentation recommendation

This is a clean infrastructure upgrade PR that:

  • Upgrades reusable workflows from v3 to v4
  • Standardizes secret naming conventions
  • Improves Dependabot configuration
  • Removes commented code

Action Items:

  1. Optional: Add CHANGELOG.md entry documenting the workflow version upgrade (.github/workflows/*.yaml:multiple files)

The code is production-ready. The only recommendation is to document these infrastructure changes in the CHANGELOG for maintainability.

Automated code review analyzing defects and coding standards

@github-actions
Copy link

github-actions bot commented Feb 16, 2026

Super-linter summary

Language Validation result
CHECKOV Pass ✅
GITHUB_ACTIONS Pass ✅
GITHUB_ACTIONS_ZIZMOR Pass ✅
GITLEAKS Pass ✅
GIT_MERGE_CONFLICT_MARKERS Pass ✅
JSCPD Pass ✅
PRE_COMMIT Pass ✅
SPELL_CODESPELL Pass ✅
TRIVY Pass ✅
YAML Pass ✅
YAML_PRETTIER Pass ✅

All files and directories linted successfully

For more information, see the GitHub Actions workflow run

Powered by Super-linter

@github-actions
Copy link

github-actions bot commented Feb 16, 2026

🤖 Claude Code Review

Code Review Analysis

This PR updates GitHub Actions workflows from senzing-factory/build-resources@v3 to @v4 and standardizes configuration formats. Here's my analysis against the checklist:

✅ Code Quality

Style Guide: ✅ N/A - No Python code changes, only YAML configuration updates. The YAML formatting is consistent and follows common conventions.

No commented-out code: ✅ Code removed rather than commented (removed comment lines from .github/dependabot.yml:1-2)

Meaningful variable names: ✅ Secret names are standardized and clearer:

  • SENZING_MEMBERSMEMBERS
  • SENZING_GITHUB_PROJECT_RW_TOKENPROJECT_RW_TOKEN
  • SENZING_GITHUB_CODEOWNER_PR_RW_TOKENCODEOWNER_PR_RW_TOKEN

DRY principle: ✅ Reusable workflows maintained throughout

Defects: ⚠️ One potential issue identified:

  • .github/workflows/add-labels-standardized.yaml:22 - Changed from needs.add-issue-labels.outputs.job-status to needs.add-issue-labels.result. This assumes the v4 workflow no longer provides a job-status output. Verify the v4 workflow API is compatible.

Project Memory (.claude/CLAUDE.md): ✅ The CLAUDE.md file is appropriately general and not environment-specific.

✅ Testing

Unit tests: ✅ N/A - Infrastructure/CI configuration changes only
Integration tests: ✅ N/A - Infrastructure changes
Edge cases: ✅ N/A
Test coverage: ✅ N/A

⚠️ Documentation

Readme updated: ❌ No README.md changes, but none appear necessary for CI workflow updates

API docs: ✅ N/A - No API changes

Inline comments: ✅ Improved - removed unnecessary comments in dependabot.yml

CHANGELOG.md: ❌ Not updated. The PR should document this workflow version upgrade in CHANGELOG.md

Markdown formatting: ✅ N/A - No markdown files modified

✅ Security

No hardcoded credentials: ✅ All secrets properly referenced via ${{ secrets.* }}

Input validation: ✅ N/A - Workflow configurations

Proper error handling: ✅ Slack notifications on failure maintained

No sensitive data in logs: ✅ No sensitive data exposed

License files: ✅ No .lic files or AQAAAD strings detected

Summary

Critical Issues: None

Important Issues:

  1. Missing CHANGELOG.md update - Should document the workflow upgrade from v3 to v4
  2. API compatibility assumption - The change from needs.*.outputs.job-status to needs.*.result in multiple files assumes the v4 workflows have changed their output interface. This should be verified against the senzing-factory/build-resources v4 documentation.

Files Requiring Changes:

  • CHANGELOG.md - Add entry for workflow version upgrade

Breaking Changes to Verify:

  • .github/workflows/add-labels-standardized.yaml:22
  • .github/workflows/add-to-project-senzing-dependabot.yaml:20
  • .github/workflows/add-to-project-senzing.yaml:24

Positive Changes:

  • Consistent secret naming conventions
  • Added missing SLACK_CHANNEL secret parameter
  • Improved dependabot configuration with grouping and cooldown exclusions
  • Added assignee configuration for dependabot PRs
  • Removed unnecessary comments

Overall Assessment: The PR is well-structured and improves consistency. The main concerns are the missing CHANGELOG update and verifying the workflow API changes are compatible with v4.

Automated code review analyzing defects and coding standards

@github-actions
Copy link

github-actions bot commented Feb 16, 2026

Super-linter summary

Language Validation result
CHECKOV Pass ✅
GITHUB_ACTIONS Pass ✅
GITHUB_ACTIONS_ZIZMOR Pass ✅
GITLEAKS Pass ✅
GIT_MERGE_CONFLICT_MARKERS Pass ✅
JSCPD Pass ✅
PRE_COMMIT Pass ✅
SPELL_CODESPELL Pass ✅
TRIVY Pass ✅
YAML Pass ✅
YAML_PRETTIER Pass ✅

All files and directories linted successfully

For more information, see the GitHub Actions workflow run

Powered by Super-linter

@kernelsam kernelsam enabled auto-merge (squash) February 16, 2026 20:37
@kernelsam kernelsam assigned docktermj and unassigned kernelsam Feb 16, 2026
@kernelsam kernelsam merged commit 8e04311 into main Feb 16, 2026
25 checks passed
@kernelsam kernelsam deleted the skern-workflow-standardize branch February 16, 2026 21:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@docktermj docktermj docktermj approved these changes

Assignees

@docktermj docktermj

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@kernelsam @docktermj