chore(workflows): add codeowners slack action

Warkanlock · Warkanlock · commit 71afd86dbe17 · 2026-01-06T16:29:56.000+01:00
diff --git a/.github/workflows/codeowners-approved-slack.yml b/.github/workflows/codeowners-approved-slack.yml
@@ -0,0 +1,147 @@
+name: CODEOWNERS Approved - Slack Notification
+
+on:
+  workflow_call:
+    inputs:
+      skip-draft:
+        description: "Skip notification for draft PRs"
+        required: false
+        type: boolean
+        default: true
+      slack-message-prefix:
+        description: "Custom prefix for Slack message (emoji + text)"
+        required: false
+        type: string
+        default: ":white_check_mark: CODEOWNERS gate satisfied"
+    secrets:
+      SLACK_RELEASE_CHANGELOG_WEBHOOK:
+        description: "Slack incoming webhook URL"
+        required: true
+      GH_TOKEN:
+        description: "GitHub token with PR read access (uses GITHUB_TOKEN if not provided)"
+        required: false
+
+jobs:
+  notify:
+    name: Notify Slack on CODEOWNERS Approval
+    # Only run when the submitted review is an approval
+    if: github.event.review.state == 'approved'
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Fetch PR decision and check for duplicate notification
+        id: pr
+        uses: actions/github-script@v7
+        with:
+          github-token: ${{ secrets.GH_TOKEN || github.token }}
+          script: |
+            const { owner, repo } = context.repo;
+            const prNumber = context.payload.pull_request.number;
+
+            const query = `query($owner:String!, $repo:String!, $number:Int!) {
+              repository(owner:$owner, name:$repo) {
+                pullRequest(number:$number) {
+                  number
+                  title
+                  url
+                  isDraft
+                  headRefOid
+                  baseRefName
+                  reviewDecision
+                }
+              }
+            }`;
+
+            const data = await github.graphql(query, { owner, repo, number: prNumber });
+            const pr = data.repository.pullRequest;
+
+            core.setOutput("number", String(pr.number));
+            core.setOutput("title", pr.title);
+            core.setOutput("url", pr.url);
+            core.setOutput("is_draft", pr.isDraft ? "true" : "false");
+            core.setOutput("head_sha", pr.headRefOid);
+            core.setOutput("base", pr.baseRefName);
+            core.setOutput("review_decision", pr.reviewDecision ?? "");
+
+            // Dedupe marker per head SHA (so new commits can re-trigger notification)
+            const marker = `<!-- codeowners-approved:${pr.headRefOid} -->`;
+            core.setOutput("marker", marker);
+
+            // Check if we've already notified for this SHA
+            const comments = await github.paginate(github.rest.issues.listComments, {
+              owner,
+              repo,
+              issue_number: prNumber,
+              per_page: 100,
+            });
+
+            const alreadyNotified = comments.some(c => (c.body || "").includes(marker));
+            core.setOutput("already_notified", alreadyNotified ? "true" : "false");
+
+            // Log for debugging
+            console.log(`PR #${pr.number}: draft=${pr.isDraft}, decision=${pr.reviewDecision}, notified=${alreadyNotified}`);
+
+      - name: Skip notification (conditions not met)
+        if: |
+          (inputs.skip-draft && steps.pr.outputs.is_draft == 'true') ||
+          steps.pr.outputs.review_decision != 'APPROVED' ||
+          steps.pr.outputs.already_notified == 'true'
+        run: |
+          echo "### Notification Skipped" >> $GITHUB_STEP_SUMMARY
+          echo "" >> $GITHUB_STEP_SUMMARY
+          echo "| Condition | Value |" >> $GITHUB_STEP_SUMMARY
+          echo "|-----------|-------|" >> $GITHUB_STEP_SUMMARY
+          echo "| Is Draft | ${{ steps.pr.outputs.is_draft }} |" >> $GITHUB_STEP_SUMMARY
+          echo "| Review Decision | ${{ steps.pr.outputs.review_decision }} |" >> $GITHUB_STEP_SUMMARY
+          echo "| Already Notified | ${{ steps.pr.outputs.already_notified }} |" >> $GITHUB_STEP_SUMMARY
+
+      - name: Post to Slack
+        if: |
+          (inputs.skip-draft == false || steps.pr.outputs.is_draft != 'true') &&
+          steps.pr.outputs.review_decision == 'APPROVED' &&
+          steps.pr.outputs.already_notified != 'true'
+        uses: slackapi/slack-github-action@v2
+        with:
+          payload: |
+            {
+              "text": "${{ inputs.slack-message-prefix }}\n<${{ steps.pr.outputs.url }}|PR #${{ steps.pr.outputs.number }} — ${{ steps.pr.outputs.title }}>\nBase: `${{ steps.pr.outputs.base }}`  Head: `${{ steps.pr.outputs.head_sha }}`\nApproved by: `${{ github.event.review.user.login }}`"
+            }
+        env:
+          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_RELEASE_CHANGELOG_WEBHOOK }}
+
+      - name: Add marker comment (dedupe for this SHA)
+        if: |
+          (inputs.skip-draft == false || steps.pr.outputs.is_draft != 'true') &&
+          steps.pr.outputs.review_decision == 'APPROVED' &&
+          steps.pr.outputs.already_notified != 'true'
+        uses: actions/github-script@v7
+        with:
+          github-token: ${{ secrets.GH_TOKEN || github.token }}
+          script: |
+            const { owner, repo } = context.repo;
+            const prNumber = context.payload.pull_request.number;
+            const marker = `${{ steps.pr.outputs.marker }}`;
+            const headSha = `${{ steps.pr.outputs.head_sha }}`;
+
+            await github.rest.issues.createComment({
+              owner,
+              repo,
+              issue_number: prNumber,
+              body: `${marker}\n:bell: Slack notified for head SHA \`${headSha}\`.`,
+            });
+
+      - name: Summary (notification sent)
+        if: |
+          (inputs.skip-draft == false || steps.pr.outputs.is_draft != 'true') &&
+          steps.pr.outputs.review_decision == 'APPROVED' &&
+          steps.pr.outputs.already_notified != 'true'
+        run: |
+          echo "### Slack Notification Sent" >> $GITHUB_STEP_SUMMARY
+          echo "" >> $GITHUB_STEP_SUMMARY
+          echo "| Field | Value |" >> $GITHUB_STEP_SUMMARY
+          echo "|-------|-------|" >> $GITHUB_STEP_SUMMARY
+          echo "| PR | [#${{ steps.pr.outputs.number }}](${{ steps.pr.outputs.url }}) |" >> $GITHUB_STEP_SUMMARY
+          echo "| Title | ${{ steps.pr.outputs.title }} |" >> $GITHUB_STEP_SUMMARY
+          echo "| Base | \`${{ steps.pr.outputs.base }}\` |" >> $GITHUB_STEP_SUMMARY
+          echo "| Head SHA | \`${{ steps.pr.outputs.head_sha }}\` |" >> $GITHUB_STEP_SUMMARY
+          echo "| Approved By | @${{ github.event.review.user.login }} |" >> $GITHUB_STEP_SUMMARY
diff --git a/README.md b/README.md
@@ -82,6 +82,42 @@ jobs:
       SLACK_RELEASE_CHANGELOG_WEBHOOK: ${{ secrets.SLACK_RELEASE_CHANGELOG_WEBHOOK }}
 ```
 
+#### For CODEOWNERS Approval Events
+
+Create `.github/workflows/codeowners-approved.yml`:
+
+```yaml
+name: CODEOWNERS Approved - Slack
+
+on:
+  pull_request_review:
+    types: [submitted]
+
+permissions:
+  pull-requests: read
+  issues: write
+  contents: read
+
+jobs:
+  notify:
+    uses: dualentry/github-actions/.github/workflows/codeowners-approved-slack.yml@main
+    # with:
+    #   skip-draft: true                                    # Skip draft PRs (default: true)
+    #   slack-message-prefix: ":rocket: Ready for merge"   # Custom message prefix
+    secrets:
+      SLACK_RELEASE_CHANGELOG_WEBHOOK: ${{ secrets.SLACK_RELEASE_CHANGELOG_WEBHOOK }}
+```
+
+**Prerequisites for CODEOWNERS approval notifications:**
+
+1. Enable branch protection on your target branch with:
+   - Require a pull request before merging
+   - Require approvals (>= 1)
+   - **Require review from Code Owners** (this is key!)
+2. Create a `CODEOWNERS` file in your repo
+3. Add `SLACK_RELEASE_CHANGELOG_WEBHOOK` secret (Slack incoming webhook)
+4. **Important**: This workflow file must exist on the default branch for the `pull_request_review` trigger to work
+
 ### 2. Workflow Inputs
 
 #### linear-slack-pr-opened.yml
@@ -99,6 +135,18 @@ jobs:
 | `environment` | Environment name for Slack message | No | `production` |
 | `update-linear-status` | Whether to update Linear ticket status to Done | No | `true` |
 
+#### codeowners-approved-slack.yml
+
+| Input | Description | Required | Default |
+|-------|-------------|----------|---------|
+| `skip-draft` | Skip notification for draft PRs | No | `true` |
+| `slack-message-prefix` | Custom prefix for Slack message (emoji + text) | No | `:white_check_mark: CODEOWNERS gate satisfied` |
+
+| Secret | Description | Required |
+|--------|-------------|----------|
+| `SLACK_RELEASE_CHANGELOG_WEBHOOK` | Slack incoming webhook URL | Yes |
+| `GH_TOKEN` | GitHub token with PR read access | No (uses `GITHUB_TOKEN`) |
+
 ### 3. Example Workflow for Dev Branch
 
 If you want to trigger notifications for `dev` branch as well:
@@ -158,6 +206,21 @@ Environment: `production`
 • Add onboarding checklist visibility endpoints (DEV-8282)
 ```
 
+### CODEOWNERS Approved
+
+```
+✅ CODEOWNERS gate satisfied
+PR #123 — feat: add new feature
+Base: `main`  Head: `abc1234...`
+Approved by: `reviewer-username`
+```
+
+**Behavior notes:**
+
+- Only triggers when the `reviewDecision` becomes `APPROVED` (i.e., all required CODEOWNERS have approved)
+- De-duplicates per head SHA: if you push new commits and get re-approved, it will notify again
+- Adds a hidden marker comment to track which SHA was notified
+
 ## Scripts
 
 The repository includes three main scripts:
diff --git a/examples/codeowners-approved.yml b/examples/codeowners-approved.yml
@@ -0,0 +1,30 @@
+# Copy this file to .github/workflows/codeowners-approved.yml in your repository
+#
+# IMPORTANT: This workflow file must exist on the default branch for the
+# pull_request_review trigger to work. Merge this to main/master first.
+#
+# Prerequisites:
+# 1. Enable branch protection on your target branch with:
+#    - Require a pull request before merging
+#    - Require approvals (>= 1)
+#    - Require review from Code Owners
+# 2. Create a CODEOWNERS file in your repo
+# 3. Add SLACK_RELEASE_CHANGELOG_WEBHOOK secret (Slack incoming webhook)
+
+name: CODEOWNERS Verification Step
+
+on:
+  pull_request_review:
+    types: [submitted]
+
+# Minimum permissions required
+permissions:
+  pull-requests: read
+  issues: write
+  contents: read
+
+jobs:
+  notify:
+    uses: dualentry/github-actions/.github/workflows/codeowners-approved-slack.yml@main
+    secrets:
+      SLACK_RELEASE_CHANGELOG_WEBHOOK: ${{ secrets.SLACK_RELEASE_CHANGELOG_WEBHOOK }}
