Skip to content

ci: fixed o2 strapi workflow notfication issue #8218

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
mmosarafO2 merged 7 commits into from
Sep 1, 2025
Merged

ci: fixed o2 strapi workflow notfication issue #8218

mmosarafO2 merged 7 commits into from
Sep 1, 2025

Conversation

@mmosarafO2
Copy link
Collaborator

@mmosarafO2 mmosarafO2 commented Sep 1, 2025
edited by github-actions bot
Loading

User description

fixed o2 strapi workflow notfication issue

PR Type

Enhancement, Bug fix

Description

  • Inline Strapi release notification in main workflow

  • Remove redundant public release webhook workflow

  • Use self-hosted runner for release job

  • Fix Strapi endpoint path and query

Diagram Walkthrough

flowchart LR
  build["Build artifacts"] -- "needs" --> release["Release job (self-hosted)"]
  release -- "Publish GitHub release" --> gh["GH Release"]
  gh -- "Fetch release by tag" --> script["Github Script"]
  script -- "POST payload" --> strapi["Strapi webhook /api/github-releases?status=draft"]
Loading

File Walkthrough
Relevant files
Configuration changes
github-release-public.yml
Delete redundant public release webhook workflow                 

.github/workflows/github-release-public.yml

  • Remove standalone release webhook workflow
  • Consolidate Strapi notification into main pipeline
 +0/-66   
Enhancement
release.yml
Add Strapi notification and update runner                               

.github/workflows/release.yml

  • Switch release job to self-hosted runner
  • Add Strapi notification step post-release
  • Fetch release by tag and clean changelog
  • Update webhook URL path and include auth headers
 +60/-1   

@github-actions github-actions bot added the ☢️ Bug Something isn't working label Sep 1, 2025
greptile-apps[bot]
greptile-apps bot reviewed Sep 1, 2025
View reviewed changes
Copy link
Contributor

@greptile-apps greptile-apps bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Greptile Summary

This PR addresses a Strapi workflow notification issue by restructuring the release notification system. The changes involve removing the dedicated github-release-public.yml workflow and integrating its Strapi webhook functionality directly into the main release.yml workflow.

The removed workflow previously handled automatic notifications to a Strapi CMS when releases were published, including changelog cleaning and JSON payload formatting. This functionality has been relocated to the release workflow as a new step that executes after successful GitHub release creation.

Additionally, the PR changes the runner from GitHub's standard ubuntu-latest to a custom repo-openobserve-standard-4 runner, suggesting a move towards self-hosted infrastructure for more control over the build environment.

The integration consolidates release-related operations into a single workflow, reducing complexity and potential race conditions between separate workflows. The Strapi notification step includes proper error handling, changelog sanitization (removing user mentions and PR links), and uses environment variables for secure authentication.

Confidence score: 4/5

  • This PR appears safe to merge with minimal risk as it consolidates existing functionality rather than introducing new complex logic
  • Score reflects well-structured integration of existing webhook functionality with proper error handling and authentication
  • Pay close attention to the runner change and ensure the custom runner environment is properly configured with required secrets

2 files reviewed, 1 comment

Edit Code Review Bot Settings | Greptile

.github/workflows/release.yml
if (line.toLowerCase().includes('full changelog')) return '';
line = line.replace(/by\s+@[\w-]+.*$/i, '');
line = line.replace(/@\w+/g, '');
line = line.replace(/\bhttps?:\/\/\Spull\S/gi, '');
Copy link
Contributor

@greptile-apps greptile-apps bot Sep 1, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

logic: Regex pattern \Spull\S looks incorrect - should probably be \S*pull\S* to match URLs containing 'pull'

Suggested change
line = line.replace(/\bhttps?:\/\/\Spull\S/gi, '');
line = line.replace(/\bhttps?:\/\/\S*pull\S*/gi, '');

@github-actions
Copy link
Contributor

github-actions bot commented Sep 1, 2025

PR Reviewer Guide 🔍

Here are some key observations to aid the review process:

⏱️ Estimated effort to review: 2 🔵🔵⚪⚪⚪
🧪 No relevant tests
🔒 No security concerns identified
⚡ Recommended focus areas for review

Possible Issue

The script uses fetch within actions/github-script; ensure the runtime provides fetch (Node 20+). If the action runs on a different Node version or polyfill isn't available, the webhook call will fail.

 
  const response = await fetch(`${process.env.STRAPI_WEBHOOK_URL}/api/github-releases?status=draft`, {
    method: 'POST',
    headers: {
      'Authorization': `Bearer ${process.env.STRAPI_API_TOKEN}`,
      'Content-Type': 'application/json'
    },
    body: JSON.stringify({data: payload})
  });

  if (!response.ok) {
    throw new Error(`Webhook request failed: ${response.status} ${response.statusText}`);
  }

  console.log('Response status:', response.status);
} catch (error) {
  console.error('Failed to send webhook notification:', error);
Data Handling

The changelog cleaning removes all @mentions and PR links; verify this doesn't strip useful context. Regex for PR URL removal may be too broad and could remove unrelated URLs.

 
function cleanChangelog(changelog) {
  if (!changelog) return '';
  return changelog
    .split(/\r?\n/)
    .map(line => {
      if (line.toLowerCase().includes('full changelog')) return '';
      line = line.replace(/by\s+@[\w-]+.*$/i, '');
      line = line.replace(/@\w+/g, '');
      line = line.replace(/\bhttps?:\/\/\Spull\S/gi, '');
      return line.trim();
    })
    .filter(line => line.length > 0)
    .join('\n');
}
Env/Secrets Usage

The job was moved to a self-hosted runner; confirm that required secrets and network access to STRAPI_WEBHOOK_URL are available on that runner and that OIDC/permissions remain correct.

 
runs-on: repo-openobserve-standard-4
permissions:

@github-actions
Copy link
Contributor

github-actions bot commented Sep 1, 2025

PR Code Suggestions ✨

Explore these optional code suggestions:

CategorySuggestion                                                                                                                                    Impact
Possible issue
Fix invalid PR URL regex

The regex \S inside the URL pattern is invalid and will not match intended PR links,
breaking changelog cleaning. Replace with a correct pattern that safely strips PR
URLs without syntax errors. This fixes potential runtime errors in the cleaning
function.

.github/workflows/release.yml [244]

-line = line.replace(/\bhttps?:\/\/\Spull\S/gi, '');
+line = line.replace(/\bhttps?:\/\/\S*?\/pull\/\S*/gi, '');
Suggestion importance[1-10]: 8

__

Why: The original regex contains '\S' immediately after '//' without a quantifier or path context, which is likely incorrect for removing PR URLs; the proposed pattern is more robust and prevents a potential bug in changelog cleaning.

Medium
Check required env vars

Validate required environment variables before making the request to avoid sending
to undefined URLs or with missing tokens. Fail fast with a clear error to prevent
silent misconfigurations.

.github/workflows/release.yml [261-268]

-const response = await fetch(`${process.env.STRAPI_WEBHOOK_URL}/api/github-releases?status=draft`, {
+const baseUrl = process.env.STRAPI_WEBHOOK_URL;
+const token = process.env.STRAPI_API_TOKEN;
+if (!baseUrl || !token) {
+  core.setFailed('Missing STRAPI_WEBHOOK_URL or STRAPI_API_TOKEN');
+  return;
+}
+const response = await fetch(`${baseUrl}/api/github-releases?status=draft`, {
   method: 'POST',
   headers: {
-    'Authorization': `Bearer ${process.env.STRAPI_API_TOKEN}`,
+    'Authorization': `Bearer ${token}`,
     'Content-Type': 'application/json'
   },
-  body: JSON.stringify({data: payload})
+  body: JSON.stringify({ data: payload })
 });
Suggestion importance[1-10]: 7

__

Why: Validating STRAPI_WEBHOOK_URL and STRAPI_API_TOKEN avoids hard-to-debug failures and undefined fetch targets; change is accurate and low risk, though not critical.

Medium
Validate ref is a tag

Guard against non-tag refs to avoid failures when context.ref is not a tag. Fallback
to the release object from the current run when available, or bail out with a clear
message before calling the API. This prevents runtime exceptions during
non-tag-triggered executions.

.github/workflows/release.yml [230-235]

-const tag = context.ref.replace("refs/tags/", "");
+const ref = context.ref || "";
+if (!ref.startsWith("refs/tags/")) {
+  core.warning(`Current ref is not a tag: ${ref}. Skipping Strapi notification.`);
+  return;
+}
+const tag = ref.replace("refs/tags/", "");
 const { data: release } = await github.rest.repos.getReleaseByTag({
   owner: context.repo.owner,
   repo: context.repo.repo,
-  tag: tag
+  tag
 });
Suggestion importance[1-10]: 6

__

Why: Guarding against non-tag refs is reasonable and could prevent runtime errors, but this job appears to run on tag-based releases, so impact is moderate. The modification is accurate and aligns with the surrounding code.

Low

@mmosarafO2 mmosarafO2 merged commit b9548ec into main Sep 1, 2025
28 checks passed
@mmosarafO2 mmosarafO2 deleted the ci/o2_enterprise_strapi_workflow branch September 1, 2025 15:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@hengfeiyang hengfeiyang hengfeiyang approved these changes

+1 more reviewer

@greptile-apps greptile-apps[bot] greptile-apps[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

☢️ Bug Something isn't working Review effort 2/5

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@mmosarafO2 @hengfeiyang @Shrinath-O2