Moved slack notification direct into job instead of dispatch for security (#690)

lamATnginx · web-flow · commit 259a174b3692 · 2025-06-17T07:10:12.000-07:00
diff --git a/.github/workflows/build-push.yml b/.github/workflows/build-push.yml
@@ -79,16 +79,37 @@ jobs:
     runs-on: ubuntu-latest
     permissions: read-all
     steps:
-      - name: Trigger 'Slack notification for new theme release' workflow in 'nginx-hugo-theme' repo.
-        run: |
-           curl -L \
-              -X POST \
-              -H "Accept: application/vnd.github+json" \
-              -H "Authorization: Bearer ${{ secrets.THEME_SLACK_FLOW_PAT }}" \
-              -H "X-GitHub-Api-Version: 2022-11-28" \
-              "https://api.github.com/repos/${{ secrets.OWNER }}/${{ secrets.REPO }}/dispatches" \
-              -d "{\"event_type\": \"trigger-slack-notification\", \"client_payload\": {\"previewURL\": \"${{ env.PREVIEW_URL }}\",  \"author\": \"${{ github.event.client_payload.author}}\", \"tag_name\": \"${{ github.event.client_payload.tag_name }}\", \"release_name\": \"${{ github.event.client_payload.release_name }}\"}}"
+      - name: Send notification
+        uses:  8398a7/action-slack@1750b5085f3ec60384090fb7c52965ef822e869e # v3.18.0
+        with: 
+          status: custom
+          custom_payload: |
+            {
+                username: 'Github',
+                mention: 'channel',
+                attachments: [{
+                  title: `New theme release - ${{ github.event.client_payload.release_name }}`,
+                  color: '#009223',
+                  fields: [
+                  {
+                    title: 'Tag',
+                    value: ${{ github.event.client_payload.tag_name }},
+                    short: true
+                  },
+                  {
+                    title: 'Author',
+                    value: ${{ github.event.client_payload.author }},
+                    short: true
+                  },
+                  {
+                    title: 'Preview URL',
+                    value: ${{ env.PREVIEW_URL }},
+                    short: true
+                  }]
+                }]
+            }
     env:
+      SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL_FRIENDS_OF_DOCS }}
       PREVIEW_URL: ${{ needs.call-docs-build-push.outputs.PREVIEW_URL }}
 
 
