Skip to content

chore(ci): add slack release hook#165

Merged
coryrylan merged 1 commit into
mainfrom
topic-slack-integration
Jun 30, 2026
Merged

chore(ci): add slack release hook#165
coryrylan merged 1 commit into
mainfrom
topic-slack-integration

Conversation

@coryrylan

@coryrylan coryrylan commented Jun 30, 2026

Copy link
Copy Markdown
Collaborator

Summary by CodeRabbit

  • New Features
    • Added automatic Slack notifications for published releases.
    • Release messages now include a “New Release” alert, the release tag, the release page link, and quick links to the changelog and documentation.

@coryrylan coryrylan self-assigned this Jun 30, 2026
@github-actions github-actions Bot added scope(ci) github_actions Pull requests that update GitHub Actions code labels Jun 30, 2026
@coderabbitai

coderabbitai Bot commented Jun 30, 2026

Copy link
Copy Markdown

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Enterprise

Run ID: 67dd872a-36ad-4340-89c4-ad20b4802c04

📥 Commits

Reviewing files that changed from the base of the PR and between 688e84d and 44b09ce.

📒 Files selected for processing (1)
  • .github/workflows/slack.yml

📝 Walkthrough

Walkthrough

A new GitHub Actions workflow .github/workflows/slack.yml is added. It triggers on release published events, runs a notify job with a primary/secondary matrix, and posts a Slack incoming-webhook message containing the release tag, repository, release URL, and fixed changelog/documentation links.

Changes

Release Slack Notification Workflow

Layer / File(s) Summary
Slack notification workflow
.github/workflows/slack.yml
Defines the release: published trigger, contents: read permissions, and the notify job with a two-destination matrix that selects the webhook URL conditionally and sends a Block Kit message with the release tag, repository, release URL, and static changelog/docs links.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~5 minutes

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly matches the change: adding a Slack notification hook for release events in CI.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch topic-slack-integration

Comment @coderabbitai help to get the list of available commands.

@coryrylan coryrylan force-pushed the topic-slack-integration branch 2 times, most recently from 7539b9f to 688e84d Compare June 30, 2026 17:41

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/slack.yml:
- Line 22: The Slack webhook selection in the workflow is using a fallback
expression that can silently route primary notifications to the CI webhook when
the primary secret is empty. Update the logic in the Slack job’s webhook
selection to fail closed by using explicit branching or separate guarded steps
tied to the matrix destination, so the primary path can only read
SLACK_WEBHOOK_URL and the CI path can only read SLACK_WEBHOOK_URL_CI.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Enterprise

Run ID: 1d335a32-788d-49f9-b045-c1e6667c6ef2

📥 Commits

Reviewing files that changed from the base of the PR and between 054992e and 7539b9f.

📒 Files selected for processing (1)
  • .github/workflows/slack.yml

Comment thread .github/workflows/slack.yml Outdated
- name: Notify Slack
uses: slackapi/slack-github-action@45a88b9581bfab2566dc881e2cd66d334e621e2c
with:
webhook: ${{ matrix.destination == 'primary' && secrets.SLACK_WEBHOOK_URL || secrets.SLACK_WEBHOOK_URL_CI }}

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎯 Functional Correctness | 🟠 Major | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail

# Inspect the workflow and nearby references
git ls-files .github/workflows/slack.yml README.md release.config.js
wc -l .github/workflows/slack.yml README.md release.config.js
cat -n .github/workflows/slack.yml | sed -n '1,120p'
rg -n "SLACK_WEBHOOK_URL|SLACK_WEBHOOK_URL_CI|slack|changelog|documentation" README.md release.config.js .github/workflows/slack.yml

Repository: NVIDIA/elements

Length of output: 3159


🌐 Web query:

GitHub Actions expression semantics secrets empty string boolean && || fallback webhook selection docs

💡 Result:

In GitHub Actions, expression evaluation relies on truthy/falsy semantics similar to JavaScript [1]. Understanding these behaviors is critical when managing secrets, fallbacks, and conditional logic [2]. Expression Semantics and Boolean Logic GitHub Actions expressions support standard logical operators: && (AND) and || (OR) [3]. These operators use short-circuit evaluation [1]: 1. && returns the first falsy operand, or the last operand if all are truthy [1]. 2. || returns the first truthy operand, or the last operand if all are falsy [1]. An empty string ('') is considered falsy [2]. This is a common source of bugs when attempting to implement fallback logic [2]. Secrets and Empty Strings The secrets context is a map of sensitive values [4]. If a secret is unavailable (for example, when a workflow is triggered by a PR from a forked repository), it is injected as an empty string ('') rather than null [5][6]. Because an empty string is falsy, expressions relying on these secrets will often trigger fallback logic unintentionally if not handled carefully [5][2]. Furthermore, there is no native way to distinguish between an unsupplied input/secret and one explicitly set to an empty string; both evaluate to '' [6]. Fallback Pattern and Ternary Logic To simulate a ternary operator (if-then-else) or provide a default fallback, developers often use the pattern: ${{ condition && 'valueIfTrue' || 'valueIfFalse' }} [2][7]. Critical Caveat: This pattern relies on the first operand being truthy [2]. If the 'valueIfTrue' is itself an empty string, the expression will incorrectly evaluate to 'valueIfFalse' because the empty string is treated as falsy [2]. Webhook Payload Selection When accessing data from webhook event payloads (e.g., github.event), you can use property dereference syntax (github.event.my_field) [4]. If a property does not exist, it evaluates to an empty string [4]. This behaves identically to missing secrets, meaning any fallback logic using || will trigger if the event field is missing or empty [4][7]. To safely implement fallbacks, ensure that your conditions explicitly account for the possibility of empty strings or utilize alternative logic, such as dedicated step conditionals, rather than relying solely on inline expression coercions [6][7].

Citations:


Fail closed on the Slack webhook selection. && ... || ... will fall through to SLACK_WEBHOOK_URL_CI when SLACK_WEBHOOK_URL is empty, so a misconfigured primary secret silently posts release notices to the secondary channel. Use explicit branching or separate guarded steps so each destination can only use its own secret.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/slack.yml at line 22, The Slack webhook selection in the
workflow is using a fallback expression that can silently route primary
notifications to the CI webhook when the primary secret is empty. Update the
logic in the Slack job’s webhook selection to fail closed by using explicit
branching or separate guarded steps tied to the matrix destination, so the
primary path can only read SLACK_WEBHOOK_URL and the CI path can only read
SLACK_WEBHOOK_URL_CI.

@coryrylan coryrylan force-pushed the topic-slack-integration branch from 688e84d to 44b09ce Compare June 30, 2026 17:46

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)
.github/workflows/slack.yml (1)

3-36: 🩺 Stability & Availability | 🔵 Trivial | ⚡ Quick win

Add workflow concurrency to prevent duplicate Slack notifications.

This release hook can be re-run or overlap for the same release, which would post duplicate messages to Slack. A release-scoped concurrency key will keep only one active run per release.

🛠 Suggested change
 on:
   release:
     types: [published]
 
+concurrency:
+  group: slack-release-${{ github.event.release.id }}
+  cancel-in-progress: true
+
 permissions:
   contents: read
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/slack.yml around lines 3 - 36, Add release-scoped
concurrency to the slack notification workflow so only one run posts per
release. Update the workflow in slack.yml by adding a concurrency group tied to
the release identifier (for example, the release tag or release ID) and ensure
it cancels in-progress duplicates. Place it alongside the existing notify job
setup so re-runs or overlapping release events cannot send duplicate Slack
messages.

Source: Linters/SAST tools

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Outside diff comments:
In @.github/workflows/slack.yml:
- Around line 3-36: Add release-scoped concurrency to the slack notification
workflow so only one run posts per release. Update the workflow in slack.yml by
adding a concurrency group tied to the release identifier (for example, the
release tag or release ID) and ensure it cancels in-progress duplicates. Place
it alongside the existing notify job setup so re-runs or overlapping release
events cannot send duplicate Slack messages.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Enterprise

Run ID: ec09d8c1-094d-4e8c-9f1f-cd17f73f8c41

📥 Commits

Reviewing files that changed from the base of the PR and between 7539b9f and 688e84d.

📒 Files selected for processing (1)
  • .github/workflows/slack.yml

Signed-off-by: Cory Rylan <crylan@nvidia.com>
@coryrylan coryrylan force-pushed the topic-slack-integration branch from 44b09ce to 75802a9 Compare June 30, 2026 19:14
@coryrylan coryrylan merged commit 4a8fd85 into main Jun 30, 2026
12 checks passed
@coryrylan coryrylan deleted the topic-slack-integration branch June 30, 2026 21:21
@coryrylan

Copy link
Copy Markdown
Collaborator Author

🎉 This issue has been resolved in version 2.1.1 🎉

Changelog

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

github_actions Pull requests that update GitHub Actions code released scope(ci)

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants