Skip to content

fixed benthos slack notification to trigger on pushing a tag #411

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
prakhargarg105 wants to merge 1 commit into
base: main
Choose a base branch
from
+51 −19
Open

fixed benthos slack notification to trigger on pushing a tag #411

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
70 changes: 51 additions & 19 deletions .github/workflows/notify-slack-benthos-release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,8 @@
# .github/workflows/notify-slack-release.yml
#
# Posts the changelog from a GitHub Release to a Slack channel
# using the official Slack GitHub Action with an incoming webhook.
# Posts the changelog to Slack when a version tag is pushed.
# Since redpanda-data/benthos uses tags (not GitHub Releases),
# we trigger on tag push and extract notes from CHANGELOG.md.
#
# Prerequisites:
# 1. Create a Slack app with Incoming Webhooks enabled
Expand All @@ -10,50 +11,81 @@
name: Post Release Changelog to Slack

on:
release:
types: [published]
push:
tags:
- "v*"

jobs:
notify-slack:
runs-on: ubuntu-latest
# skip pre-releases
if: "!github.event.release.prerelease"
steps:
- name: Checkout repo
uses: actions/checkout@v4
with:
fetch-depth: 0

- name: Extract changelog for this tag
id: changelog
run: |
TAG="${GITHUB_REF_NAME}"
# Strip 'v' prefix — CHANGELOG headers use "## 4.69.0 - 2026-03-19" not "## v4.69.0"
VERSION="${TAG#v}"

# Strategy 1: Extract from CHANGELOG.md
# Grabs everything between this version header and the next version header.
if [ -f CHANGELOG.md ]; then
NOTES=$(sed -n "/^## ${VERSION}/,/^## /{/^## ${VERSION}/d;/^## /d;p;}" CHANGELOG.md | head -c 2800)
fi

# Strategy 2: Fall back to git log if CHANGELOG.md doesn't exist
# or doesn't have an entry for this tag
if [ -z "$NOTES" ]; then
PREV_TAG=$(git tag --sort=-version:refname | grep -A1 "^${TAG}$" | tail -1)
if [ -n "$PREV_TAG" ] && [ "$PREV_TAG" != "$TAG" ]; then
NOTES=$(git log --pretty=format:"• %s (%an)" "${PREV_TAG}..${TAG}" | head -c 2800)
else
NOTES="No changelog entry found for ${TAG}."
fi
fi

# Convert markdown headers (### Foo) to Slack bold (*Foo*)
NOTES=$(echo "$NOTES" | sed 's/^### \(.*\)$/*\1*/g')

# Write multiline output safely
echo "notes<<EOF" >> $GITHUB_OUTPUT
echo "$NOTES" >> $GITHUB_OUTPUT
echo "EOF" >> $GITHUB_OUTPUT
Comment on lines +55 to +57
Copy link
Copy Markdown

@claude claude bot Mar 25, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Security: GITHUB_OUTPUT delimiter injection. Using a static EOF delimiter means that if CHANGELOG.md happens to contain a line that is exactly EOF, the output is prematurely terminated and subsequent lines are injected as arbitrary workflow output variables.

Use a random delimiter instead, e.g.:

DELIMITER=$(openssl rand -hex 16)
echo "notes<<${DELIMITER}" >> $GITHUB_OUTPUT
echo "$NOTES" >> $GITHUB_OUTPUT
echo "${DELIMITER}" >> $GITHUB_OUTPUT


- name: Post changelog to Slack
uses: slackapi/slack-github-action@v2.1.1
with:
webhook: ${{ secrets.SLACK_WEBHOOK_URL }}
webhook-type: incoming-webhook
payload: |
text: "New Benthos release: ${{ github.event.release.tag_name }}"
text: "New Benthos release: ${{ github.ref_name }}"
unfurl_links: false
unfurl_media: false
blocks:
- type: "header"
text:
type: "plain_text"
text: ":green_alert: Benthos ${{ github.event.release.tag_name }}"
text: ":green_alert: Benthos ${{ github.ref_name }}"
emoji: true
- type: "section"
fields:
- type: "mrkdwn"
text: "*Release:*\n<${{ github.event.release.html_url }}|${{ github.event.release.tag_name }}>"
- type: "mrkdwn"
text: "*Author:*\n${{ github.event.release.author.login }}"
- type: "divider"
- type: "section"
text:
type: "mrkdwn"
text: "${{ github.event.release.body }}"
text: "${{ steps.changelog.outputs.notes }}"
- type: "actions"
elements:
- type: "button"
text:
type: "plain_text"
text: ":github: View Release"
text: ":github: View Tag"
emoji: true
url: "${{ github.event.release.html_url }}"
url: "${{ github.server_url }}/${{ github.repository }}/releases/tag/${{ github.ref_name }}"
Copy link
Copy Markdown

@claude claude bot Mar 26, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bug: This URL points to /releases/tag/${{ github.ref_name }}, which is a GitHub Releases page. Since the PR description states "we don't do releases" (and the workflow was specifically changed to trigger on tag push instead of release), this URL will 404 for tags that don't have a corresponding GitHub Release.

Consider linking to the tag ref instead, e.g. /${{ github.repository }}/tree/${{ github.ref_name }} or the compare view between this tag and the previous one.

- type: "button"
text:
type: "plain_text"
text: ":page_facing_up: Full Changelog"
emoji: true
url: "${{ github.server_url }}/${{ github.repository }}/compare/${{ github.event.release.tag_name }}"
url: "${{ github.server_url }}/${{ github.repository }}/blob/main/CHANGELOG.md"
Loading