ci: add Slack PR notification workflow#9
Conversation
Sends alerts to Slack channel on PR open, close, merge, reopen, and review events. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
…ntain permissions' Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
- Move all attacker-controlled values (PR title, branch name, user)
into env vars instead of direct ${{ }} interpolation in JSON payload
- Use jq to build JSON payload safely, preventing injection via
crafted PR titles or branch names containing quotes
- Pin slackapi/slack-github-action to commit SHA (v2.1.0)
sabre1041
left a comment
sabre1041
left a comment
There was a problem hiding this comment.
@stevefulme1 Who is on point to set up the Webhook URL and add the Slack App? I can work with you to facilitate any actions from the CoP/GitHub side
Disregard the Webhook URL as it is already configured as a secret. What else is needed to be completed before integrating this enhancement? |
|
Slack admin would need to approve the integration. After that its essentially capable. I tried to add it in slack and got shut down by the Admin automation overlords. |
Are we on hold for this PR until then? |
|
i would pass it through so when/if they approve it then it will start workign right away |
Only concern is that it will cause failures until it is enabled |
3 participants
Summary
SLACK_WEBHOOK_URLrepo secret to be configuredTest plan
SLACK_WEBHOOK_URLsecret to the repo🤖 Generated with Claude Code