Skip to content

feat(ci): additional Improvements #1267

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 2 commits into
base: main
Choose a base branch
from
Draft

feat(ci): additional Improvements #1267

wants to merge 2 commits into from

Conversation

@grdsdev
Copy link
Contributor

@grdsdev grdsdev commented Nov 12, 2025

Summary

This PR implements Phase 5: Additional Improvements from the workflow improvement plan tracked in SDK-516.

Changes

1. Extract Release Command to Script

Problem: The release-tag workflow had a complex inline melos command that was hard to read, maintain, and debug.

Solution:

  • Created .github/scripts/trigger-package-releases.sh script
  • Extracted the complex melos exec command with proper error handling
  • Added informative logging for each package processed
  • Made the script self-documenting with comments
  • Improved debugging with clear error messages

Benefits:

  • Better code organization and maintainability
  • Easier to test and debug release logic
  • Clear separation between workflow orchestration and business logic
  • Can be run locally for testing

2. Enhanced Error Handling for Release Workflows

Problem: When release workflows failed, it was hard to quickly identify what went wrong.

Solution:

release-tag.yml:

  • Added step ID to track trigger success/failure
  • Added workflow summary showing:
    • Overall status with visual indicators (✅/❌)
    • Commit message that triggered the workflow
    • Git ref being processed
  • Summary helps quickly diagnose failures without digging through logs

release-publish.yml:

  • Added step IDs for publish and release creation
  • Added comprehensive workflow summary showing:
    • Pub.dev publishing status
    • GitHub release creation status
    • Overall package release status with celebration emoji
  • Clear indication of which step failed

Benefits:

  • Faster debugging and issue identification
  • Better visibility into release pipeline status
  • Improved developer experience

3. Dependency Vulnerability Scanning

Problem: No proactive monitoring of dependency vulnerabilities or outdated packages.

Solution:

  • Created new dependency-scan.yml workflow
  • Scheduled Scanning: Runs weekly on Mondays at 9:00 UTC
  • PR Integration: Triggers on pubspec.yaml/pubspec.lock changes
  • Manual Trigger: Can be run on-demand via workflow_dispatch
  • Two-Phase Scanning:
    1. Outdated Dependencies: Uses dart pub outdated to check for available updates
    2. Security Audit: Checks for known vulnerabilities in dependencies
  • Comprehensive Reporting:
    • Per-package reports for all packages in the monorepo
    • Formatted summaries in GitHub Actions UI
    • Artifacts uploaded with 30-day retention
  • Non-Blocking: Uses continue-on-error to ensure complete scan even if some packages fail

Benefits:

  • Proactive security monitoring
  • Early detection of vulnerable dependencies
  • Helps maintain up-to-date dependencies
  • Compliance with security best practices
  • Reduces security technical debt

Files Changed

New Files:

  • .github/scripts/trigger-package-releases.sh - Release triggering script
  • .github/workflows/dependency-scan.yml - Vulnerability scanning workflow

Modified Files:

  • .github/workflows/release-tag.yml - Uses new script, added summaries
  • .github/workflows/release-publish.yml - Added error handling and summaries

Technical Details

Script Implementation:

  • Bash script with proper error handling (set -e)
  • Validates required environment variables
  • Processes packages in dependency order
  • Clear logging for debugging
  • Exit codes properly propagated

Workflow Summaries:

  • Use $GITHUB_STEP_SUMMARY for formatted output
  • Conditional rendering based on step outcomes
  • Visual indicators for quick status assessment
  • Always run (if: always()) to show results even on failure

Dependency Scanning:

  • Runs against all packages in monorepo
  • Generates markdown reports
  • Integrates with GitHub Actions artifacts
  • Scheduled for minimal disruption
  • Can be triggered manually for immediate scans

Testing

This PR should be tested by:

  • Verifying the trigger script works in a release scenario
  • Checking that workflow summaries appear correctly
  • Running the dependency scan workflow manually
  • Verifying reports are uploaded as artifacts
  • Ensuring release workflows still fail appropriately when steps fail

Related Issues

Security Considerations

The dependency scan workflow:

  • Uses contents: read permission (minimal access)
  • Only writes to security-events and issues for reporting
  • Does not automatically update dependencies (manual review required)
  • Reports are uploaded as artifacts for review

🤖 Generated with Claude Code

grdsdev and others added 2 commits November 12, 2025 13:36
@grdsdev @claude
feat(ci): add Phase 5 - Additional improvements
40e8086 
This commit implements Phase 5 of the workflow improvements plan:

1. **Extract Release Command to Script**
   - Created `.github/scripts/trigger-package-releases.sh` script
   - Extracted complex melos command from release-tag.yml
   - Added error handling and logging to the script
   - Made script executable and self-documenting
   - Improved maintainability by separating logic from workflow

2. **Enhanced Error Handling for Release Workflows**
   - Added step IDs to track success/failure of each step
   - Added workflow summaries to release-tag.yml showing:
     - Overall status (success/failure)
     - Commit message and ref information
   - Added workflow summaries to release-publish.yml showing:
     - Pub.dev publishing status
     - GitHub release creation status
     - Overall package release status
   - Summaries help quickly identify which step failed

3. **Dependency Vulnerability Scanning**
   - Created new `dependency-scan.yml` workflow
   - Runs weekly on Mondays at 9:00 UTC
   - Triggers on pubspec.yaml/pubspec.lock changes
   - Can be manually triggered via workflow_dispatch
   - Generates two reports:
     - Outdated dependencies report (dart pub outdated)
     - Security audit report (checks for vulnerabilities)
   - Uploads reports as artifacts with 30-day retention
   - Generates formatted summary in GitHub Actions UI
   - Helps proactively identify security issues

These improvements enhance reliability, maintainability, and security
of the CI/CD pipeline.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
@grdsdev @claude
feat(ci): add Slack notifications for releases
3791202 
Added comprehensive Slack notification system for release workflows,
matching the implementation pattern from supabase-js repository.

**New Workflow:**
- Created `.github/workflows/slack-notify.yml` reusable workflow
- Sends formatted Slack messages with rich content blocks
- Includes status indicators (✅/❌/ℹ️), repository info, commit details
- Supports success, failure, and info notification types
- Displays version and package information
- Provides action buttons to view workflow run and commit

**Integration:**
- Updated `release-publish.yml` to notify on success/failure
  - Sends notification after package publishing completes
  - Includes package version in notification
- Updated `release-tag.yml` to notify on success/failure
  - Sends notification after release tags are created
  - Helps track release pipeline progress

**Configuration:**
- Uses `secrets.SLACK_CLIENT_LIBS_WEBHOOK` for Slack webhook URL
- Must be configured in repository secrets to enable notifications
- Notifications only sent if secret is available

**Additional:**
- Added dependency-scan workflow badge to README

This enables real-time visibility into release status via Slack,
improving team awareness and enabling faster response to release issues.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
@grdsdev
Copy link
Contributor Author

grdsdev commented Nov 12, 2025

🔔 Slack Notifications Added

Added comprehensive Slack notification system for release workflows, following the implementation pattern from supabase-js.

What's New

1. Reusable Slack Notification Workflow

Created .github/workflows/slack-notify.yml - a reusable workflow that:

  • Sends formatted messages with rich Slack blocks
  • Includes status indicators (✅ for success, ❌ for failure, ℹ️ for info)
  • Displays:
    • Repository and workflow information
    • Branch and triggering actor
    • Commit details with SHA
    • Version and package information (when available)
  • Provides action buttons:
    • "View Workflow Run" - Direct link to the GitHub Actions run
    • "View Commit" - Direct link to the commit

2. Release Publish Notifications

Updated release-publish.yml to send Slack notifications:

  • Success notification: Sent when package is successfully published to pub.dev and GitHub release is created
  • Failure notification: Sent when publishing fails
  • Includes the package version in the notification

3. Release Tag Notifications

Updated release-tag.yml to send Slack notifications:

  • Success notification: Sent when release tags are successfully created
  • Failure notification: Sent when tag creation fails
  • Helps track the start of the release pipeline

Configuration Required

To enable Slack notifications, the repository needs:

  • Secret: SLACK_CLIENT_LIBS_WEBHOOK containing the Slack webhook URL
  • This should point to the appropriate Slack channel for Flutter SDK notifications

Benefits

  • Real-time visibility: Team is immediately notified of releases
  • Failure awareness: Quick notification when releases fail
  • Better collaboration: Centralized release notifications in Slack
  • Consistent pattern: Matches supabase-js implementation

Example Notification

The Slack message will look like:

✅ Package Release - success

Repository: supabase/supabase-flutter
Workflow: Publish Packages
Branch: gotrue-v2.0.0
Triggered by: username

Commit: abc1234 - chore(release): publish packages
Version: gotrue-v2.0.0

[View Workflow Run] [View Commit]

Additional: Also added a badge for the dependency-scan workflow to the README.

@grdsdev grdsdev changed the title feat(ci): Phase 5 - Additional Improvements feat(ci): additional Improvements Nov 12, 2025
@coveralls
Copy link

coveralls commented Nov 12, 2025

Pull Request Test Coverage Report for Build 19304934579

Details

  • 0 of 0 changed or added relevant lines in 0 files are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage remained the same at 79.75%
Totals Coverage Status
Change from base Build 19299130655: 0.0%
Covered Lines: 3320
Relevant Lines: 4163
💛 - Coveralls

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@grdsdev @coveralls