Skip to content

chore: reintroduce slack notif #802

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
gbotrel merged 1 commit into from
Feb 10, 2026
Merged

chore: reintroduce slack notif #802

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
21 changes: 17 additions & 4 deletions .github/workflows/pr.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -58,9 +58,22 @@ jobs:
- name: Run tests
run: |
set -euo pipefail
go test -json -v -short -timeout=30m ./... 2>&1 | gotestfmt -hide=all | tee /tmp/gotest.log
go test -json -v -tags=purego -timeout=30m ./... 2>&1 | gotestfmt -hide=all | tee -a /tmp/gotest.log
go test -json -v -short -timeout=30m ./... 2>&1 | gotestfmt -hide=all | tee /tmp/gotest.log
go test -json -v -tags=purego -timeout=30m ./... 2>&1 | gotestfmt -hide=all | tee -a /tmp/gotest.log
GOARCH=386 go test -json -short -v -timeout=30m ./ecc/bn254/... 2>&1 | gotestfmt -hide=all | tee -a /tmp/gotest.log
GOARCH=386 go test -json -short -v -timeout=30m ./field/goldilocks 2>&1 | gotestfmt -hide=all | tee -a /tmp/gotest.log
GOARCH=386 go test -json -short -v -timeout=30m ./field/koalabear 2>&1 | gotestfmt -hide=all | tee -a /tmp/gotest.log
GOARCH=386 go test -json -short -v -timeout=30m ./field/goldilocks 2>&1 | gotestfmt -hide=all | tee -a /tmp/gotest.log
GOARCH=386 go test -json -short -v -timeout=30m ./field/koalabear 2>&1 | gotestfmt -hide=all | tee -a /tmp/gotest.log
GOARCH=386 go test -json -short -v -timeout=30m ./field/babybear 2>&1 | gotestfmt -hide=all | tee -a /tmp/gotest.log
slack-notification:
needs: [staticcheck, test]
if: always()
uses: ./.github/workflows/slack-notifications.yml
with:
status: ${{ (needs.staticcheck.result == 'success' && needs.test.result == 'success') && 'success' || 'failure' }}
actor: ${{ github.actor }}
repository: ${{ github.repository }}
branch: ${{ github.head_ref || github.ref_name }}
run_id: ${{ github.run_id }}
secrets:
SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}
Comment on lines +68 to +79
Copy link

Copilot AI Feb 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This job always runs on pull_request, but SLACK_BOT_TOKEN won't be available for PRs from forks, and the reusable workflow currently requires it. That will make forked PR checks fail. Add an if: guard to skip on forked PRs (e.g., when github.event.pull_request.head.repo.full_name != github.repository) and/or adjust the reusable workflow secret requirement to be optional with a graceful no-op.

Copilot uses AI. Check for mistakes.
13 changes: 13 additions & 0 deletions .github/workflows/push.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -78,3 +78,16 @@ jobs:
GOARCH=386 go test -json -short -v -timeout=30m ./field/goldilocks 2>&1 | gotestfmt -hide=all | tee -a /tmp/gotest.log
GOARCH=386 go test -json -short -v -timeout=30m ./field/koalabear 2>&1 | gotestfmt -hide=all | tee -a /tmp/gotest.log
GOARCH=386 go test -json -short -v -timeout=30m ./field/babybear 2>&1 | gotestfmt -hide=all | tee -a /tmp/gotest.log

slack-notification:
needs: [staticcheck, test]
if: always()
uses: ./.github/workflows/slack-notifications.yml
with:
status: ${{ (needs.staticcheck.result == 'success' && needs.test.result == 'success') && 'success' || 'failure' }}
actor: ${{ github.actor }}
repository: ${{ github.repository }}
branch: ${{ github.ref_name }}
run_id: ${{ github.run_id }}
secrets:
SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}
84 changes: 84 additions & 0 deletions .github/workflows/slack-notifications.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,84 @@
name: Slack Notifications

on:
workflow_call:
secrets:
SLACK_BOT_TOKEN:
required: true
Comment on lines +5 to +7
Copy link

Copilot AI Feb 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Declaring SLACK_BOT_TOKEN as required: true for this reusable workflow will cause pull_request workflows from forks to fail at workflow-call time (fork PRs don't get repository secrets). Either make this secret optional and no-op when it's missing, or ensure callers add an if: guard to skip notifications for forked PRs.

Copilot uses AI. Check for mistakes.
inputs:
status:
description: 'The status of the workflow (success or failure)'
required: true
type: string
actor:
description: 'The GitHub actor'
required: true
type: string
repository:
description: 'The GitHub repository'
required: true
type: string
branch:
description: 'The branch name'
required: true
type: string
run_id:
description: 'The workflow run ID'
required: true
type: string

jobs:
notify_slack:
runs-on: ubuntu-latest
steps:
- name: Post to Slack
run: |
if [ "${{ inputs.status }}" == "success" ]; then
payload=$(jq -n --arg repository "${{ inputs.repository }}" --arg branch "${{ inputs.branch }}" --arg actor "${{ inputs.actor }}" --arg run_id "${{ inputs.run_id }}" '{
"channel": "team-gnark-build",
"text": "GitHub Action build result: success",
"blocks": [
{
"type": "section",
"text": {
"type": "mrkdwn",
"text": ":large_green_circle: *All checks have passed:* *\($branch)* :white_check_mark:"
},
},
Comment on lines +41 to +47
Copy link

Copilot AI Feb 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The jq filter string contains trailing commas after the first block object (after the closing brace of the section block). jq's JSON/object syntax does not allow trailing commas, so payload construction will fail and the step may silently proceed with an empty/invalid payload.

Copilot uses AI. Check for mistakes.
Copy link
Copy Markdown

@cursor cursor bot Feb 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Trailing commas in jq expressions break Slack notifications

High Severity

The jq -n object construction has a trailing comma after the "text" inner object closes (before the section object closes). jq does not allow trailing commas and will fail with a syntax error. This affects both the success and failure payload branches, meaning Slack notifications will never be sent. Since GitHub Actions bash steps default to set -eo pipefail, the jq failure will cause the entire step to error out.

Additional Locations (1)

Fix in Cursor Fix in Web

{
"type": "context",
"elements": [
{
"type": "mrkdwn",
"text": "\($repository) -- \($actor) -- <https://github.com/\($repository)/actions/runs/\($run_id)|View details>"
}
]
}
]
}')
else
payload=$(jq -n --arg repository "${{ inputs.repository }}" --arg branch "${{ inputs.branch }}" --arg actor "${{ inputs.actor }}" --arg run_id "${{ inputs.run_id }}" '{
"channel": "team-gnark-build",
"text": "GitHub Action build result: failure",
"blocks": [
{
"type": "section",
"text": {
"type": "mrkdwn",
"text": ":red_circle: *Failed run:* *\($branch)*"
},
},
Comment on lines +64 to +70
Copy link

Copilot AI Feb 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same issue in the failure payload: there's a trailing comma after the section block object. This makes the jq filter invalid and will prevent building the Slack message payload.

Copilot uses AI. Check for mistakes.
{
"type": "context",
"elements": [
{
"type": "mrkdwn",
"text": "\($repository) -- \($actor) -- <https://github.com/\($repository)/actions/runs/\($run_id)|View details>"
}
]
}
]
}')
fi
response=$(curl -s -X POST -H 'Content-type: application/json; charset=utf-8' --data "$payload" https://slack.com/api/chat.postMessage -H "Authorization: Bearer ${{ secrets.SLACK_BOT_TOKEN }}" )
shell: bash
Comment on lines +35 to +84
Copy link

Copilot AI Feb 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This script doesn't enable set -e/-o pipefail or validate the Slack API response. As written, jq/curl failures (or Slack returning { "ok": false }) can be ignored and the workflow will still report success, making notifications flaky and hard to debug. Consider failing fast on jq/curl errors and at least checking/logging response.ok/response.error from the Slack API (or explicitly mark this job continue-on-error if notification failures shouldn't fail CI).

Copilot uses AI. Check for mistakes.