Skip to content

R11DT-3590 Add Slack notification workflow for PR events#199

Merged
OS-miguelfreitas merged 1 commit intomasterfrom
R11DT-3590AddSlackNotification
Jan 27, 2026
Merged

R11DT-3590 Add Slack notification workflow for PR events#199
OS-miguelfreitas merged 1 commit intomasterfrom
R11DT-3590AddSlackNotification

Conversation

@OS-miguelfreitas
Copy link
Copy Markdown

@OS-miguelfreitas OS-miguelfreitas commented Jan 27, 2026
edited
Loading

This pull request introduces a new GitHub Actions workflow to automate Slack notifications when pull requests are created or marked as ready for review by specific users. The workflow ensures that only pull requests from a predefined list of users trigger the notification, and it excludes draft pull requests.

New Slack notification workflow:

  • Added .github/workflows/SlackNotification.yml to send a Slack message via webhook when a pull request is opened or marked ready for review by selected users and is not a draft. The message includes the PR URL, number, title, author, and requested reviewers.

Checklist

My PR contains...

  • No code changes (src/ is unmodified: changes to documentation, CI, metadata, etc.)
  • Dependency changes (any modification to dependencies in package.json)
  • Bug fixes (non-breaking change which fixes an issue)
  • Improvements (misc. changes to existing features)
  • Features (non-breaking change which adds functionality)

My changes...

  • are breaking changes to a public API (config options, System API, major UI change, etc).
  • are breaking changes to a private API (Redux, component props, utility functions, etc.).
  • are breaking changes to a developer API (npm script behavior changes, new dev system dependencies, etc).
  • are not breaking changes.

Documentation

  • My changes do not require a change to the project documentation.
  • My changes require a change to the project documentation.
  • If yes to above: I have updated the documentation accordingly.

Automated tests

  • My changes can not or do not need to be tested.
  • My changes can and should be tested by unit and/or integration tests.
  • If yes to above: I have added tests to cover my changes.
  • If yes to above: I have taken care to cover edge cases in my tests.
  • All new and existing tests passed.

@wiz-code-outsystems
Copy link
Copy Markdown

wiz-code-outsystems bot commented Jan 27, 2026

Wiz Scan Summary

Scanner Findings
Vulnerability Finding Vulnerabilities -
Data Finding Sensitive Data -
Secret Finding Secrets -
IaC Misconfiguration IaC Misconfigurations 1 Low 1 Info
SAST Finding SAST Findings -
Software Management Finding Software Management Findings -
Total 1 Low 1 Info

View scan details in Wiz

To detect these findings earlier in the dev lifecycle, try using Wiz Code VS Code Extension.

Pull Request Developer Guidance

Questions? See the Wiz FAQ.

Please contact the Security Office if you encounter issues with Wiz PR scanning.

github-advanced-security[bot]
github-advanced-security AI found potential problems Jan 27, 2026
View reviewed changes
Comment thread .github/workflows/SlackNotification.yml
Comment on lines +10 to +22
if: ${{ contains(fromJSON('["OS-miguelfreitas", "OS-joaomurgeiro", "osjlopes", "mvios", "OS-alexandretome", "rmb-guerra", "OS-rodrigolopes", "OS-thiagosiqueira", "OS-luisvendrame", "OS-josecunha"]'), github.event.pull_request.user.login) && !github.event.pull_request.draft }}
runs-on: ubuntu-latest
steps:
- uses: slackapi/slack-github-action@v2.0.0
with:
webhook: ${{ secrets.SLACK_WEBHOOK_URL }}
webhook-type: webhook-trigger
payload: |
pr_url: "${{ github.event.pull_request.html_url }}"
pr_number : "${{ github.event.pull_request.number }}"
pr_title: "${{ github.event.pull_request.title }}"
pr_user: "${{ github.event.pull_request.user.login }}"
pr_reviewers : "${{ join( github.event.pull_request.requested_reviewers.*.login , ' , ' ) }}"

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {}

Copilot Autofix

AI 3 months ago

In general, the fix is to add an explicit permissions: block to the workflow (either at the root or at the job level) that grants only the minimal scopes required. This documents the intended access and prevents the workflow from gaining broader permissions if repository or organization defaults change or if the workflow is copied elsewhere.

For this specific workflow in .github/workflows/SlackNotification.yml, the job only reads PR data from the event payload and sends it to Slack via a secret webhook. It does not need to write to the repository, issues, or pull requests. The minimal sensible permissions are contents: read, pull-requests: read, and optionally packages: read (often included as part of a “read-only” baseline). We can set these at the workflow root so they apply to all jobs; since there is only one job (slackNotification), this is simple and does not alter behavior.

Concretely: edit .github/workflows/SlackNotification.yml and insert a permissions: section after the name: (or before jobs:) at the top level:

name: Slack Notification

on:
  ...

permissions:
  contents: read
  pull-requests: read
  packages: read

jobs:
  slackNotification:
    ...

No additional imports, methods, or definitions are required; this is purely a YAML configuration change.

Suggested changeset 1
.github/workflows/SlackNotification.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/SlackNotification.yml b/.github/workflows/SlackNotification.yml
--- a/.github/workflows/SlackNotification.yml
+++ b/.github/workflows/SlackNotification.yml
@@ -5,6 +5,12 @@
     types:
       - ready_for_review
       - opened
+
+permissions:
+  contents: read
+  pull-requests: read
+  packages: read
+
 jobs:
   slackNotification:
     if: ${{ contains(fromJSON('["OS-miguelfreitas", "OS-joaomurgeiro", "osjlopes", "mvios", "OS-alexandretome", "rmb-guerra", "OS-rodrigolopes", "OS-thiagosiqueira", "OS-luisvendrame", "OS-josecunha"]'), github.event.pull_request.user.login) && !github.event.pull_request.draft  }}
EOF
@@ -5,6 +5,12 @@
types:
- ready_for_review
- opened

permissions:
contents: read
pull-requests: read
packages: read

jobs:
slackNotification:
if: ${{ contains(fromJSON('["OS-miguelfreitas", "OS-joaomurgeiro", "osjlopes", "mvios", "OS-alexandretome", "rmb-guerra", "OS-rodrigolopes", "OS-thiagosiqueira", "OS-luisvendrame", "OS-josecunha"]'), github.event.pull_request.user.login) && !github.event.pull_request.draft }}
Copilot is powered by AI and may make mistakes. Always verify output.
@OS-miguelfreitas OS-miguelfreitas self-assigned this Jan 27, 2026
@OS-miguelfreitas OS-miguelfreitas changed the title Add Slack notification workflow for PR events R11DT-3590 Add Slack notification workflow for PR events Jan 27, 2026
@OS-miguelfreitas OS-miguelfreitas marked this pull request as ready for review January 27, 2026 16:45
@OS-miguelfreitas OS-miguelfreitas merged commit a5c8e83 into master Jan 27, 2026
14 checks passed
@OS-miguelfreitas OS-miguelfreitas deleted the R11DT-3590AddSlackNotification branch January 27, 2026 16:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@OS-joaomurgeiro OS-joaomurgeiro Awaiting requested review from OS-joaomurgeiro

@osjlopes osjlopes Awaiting requested review from osjlopes

@rmb-guerra rmb-guerra Awaiting requested review from rmb-guerra

@OS-alexandretome OS-alexandretome Awaiting requested review from OS-alexandretome

@mvios mvios Awaiting requested review from mvios

Assignees

@OS-miguelfreitas OS-miguelfreitas

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@OS-miguelfreitas @github-advanced-security