Implement review findings

exasol · Feb 29, 2024 · 154dac6 · 154dac6
1 parent 44c0303
commit 154dac6
Show file tree

Hide file tree

Showing 6 changed files with 30 additions and 30 deletions.
diff --git a/.github/workflows/dependencies_check.yml b/.github/workflows/dependencies_check.yml
@@ -53,25 +53,13 @@ jobs:
         env:
           CREATED_ISSUES: ${{ steps.security-issues.outputs.created-issues }}
 
-      - name: Report Status to Slack channel
-        if: always()
-        uses: ravsamhq/notify-slack-action@v2
-        with:
-          status: ${{ job.status }}
-          token: ${{ secrets.GITHUB_TOKEN }}
-          notification_title: "Dependency check in {repo} has {status_message}"
-          message_format: "{emoji} *{workflow}* {status_message} in <{repo_url}|{repo}>"
-          notify_when: "failure,cancelled,warnings,skipped"
-        env:
-          SLACK_WEBHOOK_URL: ${{ secrets.INTEGRATION_TEAM_SLACK_NOTIFICATION_WEBHOOK }}
-
   start_dependency_udpate:
     needs: report_security_issues
     if: ${{ needs.report_security_issues.outputs.created-issues }}
     concurrency:
       cancel-in-progress: true
       group: "dependency_update"
-    secrets: inherit
+    secrets: inherit # Workflow needs secret INTEGRATION_TEAM_SLACK_NOTIFICATION_WEBHOOK
     permissions:
       contents: write
       pull-requests: write

diff --git a/.github/workflows/dependencies_update.yml b/.github/workflows/dependencies_update.yml
@@ -150,7 +150,8 @@ jobs:
           GH_TOKEN: ${{ github.token }}
 
       - name: Report failure Status to Slack channel
-        if: ${{ always() }}
+        # Also run this step in case of failures
+        if: ${{ always() && secrets.INTEGRATION_TEAM_SLACK_NOTIFICATION_WEBHOOK }}
         uses: ravsamhq/notify-slack-action@v2
         with:
           status: ${{ job.status }}
@@ -162,7 +163,7 @@ jobs:
           SLACK_WEBHOOK_URL: ${{ secrets.INTEGRATION_TEAM_SLACK_NOTIFICATION_WEBHOOK }}
 
       - name: Report new Pull Request to Slack channel
-        if: ${{ steps.create-pr.outputs.pr_url }}
+        if: ${{ steps.create-pr.outputs.pr_url && secrets.INTEGRATION_TEAM_SLACK_NOTIFICATION_WEBHOOK }}
         uses: ravsamhq/notify-slack-action@v2
         with:
           status: ${{ job.status }}

diff --git a/doc/changes/changes_4.1.0.md b/doc/changes/changes_4.1.0.md
@@ -6,6 +6,10 @@ Code name: Trigger PR CI build
 
 This release updates the comment of the dependency updating Pull Request to instruct the user how to trigger the CI build for the Pull Request. It also sends Slack notifications when the dependency check or update fails.
 
+### Migration Guide
+
+When upgrading a repository to the new version make sure that the repository has access to GitHub secret `INTEGRATION_TEAM_SLACK_NOTIFICATION_WEBHOOK`. This is required for Slack notifications for new Pull Requests. The workflows will still run but won't send notifications if the secret is missing.
+
 ## Features
 
 * #536: Added Slack notification when dependency check or update fails

diff --git a/doc/user_guide/user_guide.md b/doc/user_guide/user_guide.md
@@ -347,6 +347,24 @@ cd path/to/project
 
 The standalone variant supports the same goals as the Maven plugin: `fix`, `verify` and `update-dependencies`.
 
+## Generated GitHub Workflows
+
+PK generates the following GitHub scheduled Workflows:
+
+### [`broken_links_checker.yml`](../../project-keeper/src/main/resources/templates/.github/workflows/broken_links_checker.yml)
+
+Scheduled weekly, checks Markdown files for broken links.
+
+### [`dependencies_check.yml`](../../project-keeper/src/main/resources/templates/.github/workflows/dependencies_check.yml)
+
+Scheduled daily, checks the Maven project for vulnerable dependencies, creates new issues using [security_issues](https://exasol.github.io/python-toolbox/github_actions/security_issues.html) and starts the [`dependencies_update.yml`](#dependencies_updateyml) workflow that updates dependencies.
+
+### [`dependencies_update.yml`](../../project-keeper/src/main/resources/templates/.github/workflows/dependencies_update.yml)
+
+This workflow is triggered manually or by workflow [`dependencies_check.yml`](#dependencies_checkyml). It updates dependencies, creates a changelog with fixed vulnerabilities and creates a new Pull Requests.
+
+In order to send notifications, this workflow requires GitHub secret `INTEGRATION_TEAM_SLACK_NOTIFICATION_WEBHOOK`.
+
 ## Troubleshooting
 
 **Problem:** Validation on CI fails but succeeds locally. In the CI PK wants to list all dependencies as `Added`.

diff --git a/project-keeper/src/main/resources/templates/.github/workflows/dependencies_check.yml b/project-keeper/src/main/resources/templates/.github/workflows/dependencies_check.yml
@@ -48,25 +48,13 @@ jobs:
         env:
           CREATED_ISSUES: ${{ steps.security-issues.outputs.created-issues }}
 
-      - name: Report Status to Slack channel
-        if: always()
-        uses: ravsamhq/notify-slack-action@v2
-        with:
-          status: ${{ job.status }}
-          token: ${{ secrets.GITHUB_TOKEN }}
-          notification_title: "Dependency check in {repo} has {status_message}"
-          message_format: "{emoji} *{workflow}* {status_message} in <{repo_url}|{repo}>"
-          notify_when: "failure,cancelled,warnings,skipped"
-        env:
-          SLACK_WEBHOOK_URL: ${{ secrets.INTEGRATION_TEAM_SLACK_NOTIFICATION_WEBHOOK }}
-
   start_dependency_udpate:
     needs: report_security_issues
     if: ${{ needs.report_security_issues.outputs.created-issues }}
     concurrency:
       cancel-in-progress: true
       group: "dependency_update"
-    secrets: inherit
+    secrets: inherit # Workflow needs secret INTEGRATION_TEAM_SLACK_NOTIFICATION_WEBHOOK
     permissions:
       contents: write
       pull-requests: write

diff --git a/project-keeper/src/main/resources/templates/.github/workflows/dependencies_update.yml b/project-keeper/src/main/resources/templates/.github/workflows/dependencies_update.yml
@@ -145,7 +145,8 @@ jobs:
           GH_TOKEN: ${{ github.token }}
 
       - name: Report failure Status to Slack channel
-        if: ${{ always() }}
+        # Also run this step in case of failures
+        if: ${{ always() && secrets.INTEGRATION_TEAM_SLACK_NOTIFICATION_WEBHOOK }}
         uses: ravsamhq/notify-slack-action@v2
         with:
           status: ${{ job.status }}
@@ -157,7 +158,7 @@ jobs:
           SLACK_WEBHOOK_URL: ${{ secrets.INTEGRATION_TEAM_SLACK_NOTIFICATION_WEBHOOK }}
 
       - name: Report new Pull Request to Slack channel
-        if: ${{ steps.create-pr.outputs.pr_url }}
+        if: ${{ steps.create-pr.outputs.pr_url && secrets.INTEGRATION_TEAM_SLACK_NOTIFICATION_WEBHOOK }}
         uses: ravsamhq/notify-slack-action@v2
         with:
           status: ${{ job.status }}