Add failure notification job to deployer workflow#42
Merged
Conversation
Adds a job to notify a bot in case of deployment failure.
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
Comment on lines
+230
to
+253
| runs-on: ubuntu-latest | ||
| needs: [fetch-versions, determine-if-deployment-needed, deploy] | ||
| if: failure() || cancelled() | ||
| steps: | ||
| - name: Send failure notice to deploymentPromoted bot | ||
| env: | ||
| BOT_ENDPOINT: https://deployment-promoted.vercel.app/api/deploymentPromoted | ||
| PROJECT_NAME: v4-web | ||
| LATEST_PATCH: ${{ needs.fetch-versions.outputs.latest-patch-in-line-version }} | ||
| PRODUCTION_VERSION: ${{ needs.fetch-versions.outputs.production-version }} | ||
| run: | | ||
| VERSION_PAYLOAD="$LATEST_PATCH" | ||
| if [ -z "$VERSION_PAYLOAD" ]; then | ||
| VERSION_PAYLOAD="$PRODUCTION_VERSION" | ||
| fi | ||
|
|
||
| curl -X POST "$BOT_ENDPOINT" \ | ||
| -H "Content-Type: application/json" \ | ||
| -d "$(jq -n \ | ||
| --arg project "$PROJECT_NAME" \ | ||
| --arg status "failed" \ | ||
| --arg version "$VERSION_PAYLOAD" \ | ||
| --arg workflow_run "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" \ | ||
| '{project: $project, status: $status, version: $version, meta: {workflow_run: $workflow_run}}')" |
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 6 months ago
To fix this issue, explicitly limit the permissions at the root of the workflow (.github/workflows/deployer.yml) by setting a permissions: block. Since no step in this workflow appears to require write access to repository contents, secrets, or other sensitive scopes (other than the use of a GitHub App token in the deploy job, which is handled via an app token, not the Actions default token), the safest minimal setting is to declare permissions: read-all at the workflow/root level. If finer granularity is desired, specify only those permissions required (e.g., contents: read); for most workflows, contents: read is enough, and jobs that require more can declare it themselves. For maximal security and future clarity, add the block just after the workflow name: and before the on: key.
No external dependencies or package changes are required.
Suggested changeset
1
.github/workflows/deployer.yml
| @@ -1,4 +1,6 @@ | ||
| name: Deploy new upstream release to Vercel | ||
| permissions: | ||
| contents: read | ||
|
|
||
| on: | ||
| workflow_dispatch: |
Copilot is powered by AI and may make mistakes. Always verify output.
pswies
approved these changes
Dec 11, 2025
pswies
left a comment
pswies
left a comment
There was a problem hiding this comment.
LGTM; please schedule a task to add authentication to the bot
2dpetkov
approved these changes
Dec 11, 2025
dos-automation-bot Bot
pushed a commit
that referenced
this pull request
Dec 11, 2025
* Add failure notification job to deployer workflow Adds a job to notify a bot in case of deployment failure. * Use variable for BOT_ENDPOINT in deployer.yml
dos-automation-bot Bot
pushed a commit
that referenced
this pull request
Dec 12, 2025
* Add failure notification job to deployer workflow Adds a job to notify a bot in case of deployment failure. * Use variable for BOT_ENDPOINT in deployer.yml
rudimocnik
pushed a commit
that referenced
this pull request
Dec 12, 2025
* Add failure notification job to deployer workflow Adds a job to notify a bot in case of deployment failure. * Use variable for BOT_ENDPOINT in deployer.yml
dos-automation-bot Bot
pushed a commit
that referenced
this pull request
Dec 15, 2025
* Add failure notification job to deployer workflow Adds a job to notify a bot in case of deployment failure. * Use variable for BOT_ENDPOINT in deployer.yml
dos-automation-bot Bot
pushed a commit
that referenced
this pull request
Dec 15, 2025
* Add failure notification job to deployer workflow Adds a job to notify a bot in case of deployment failure. * Use variable for BOT_ENDPOINT in deployer.yml
dos-automation-bot Bot
pushed a commit
that referenced
this pull request
Dec 15, 2025
* Add failure notification job to deployer workflow Adds a job to notify a bot in case of deployment failure. * Use variable for BOT_ENDPOINT in deployer.yml
dos-automation-bot Bot
pushed a commit
that referenced
this pull request
Dec 16, 2025
* Add failure notification job to deployer workflow Adds a job to notify a bot in case of deployment failure. * Use variable for BOT_ENDPOINT in deployer.yml
dos-automation-bot Bot
pushed a commit
that referenced
this pull request
Dec 16, 2025
* Add failure notification job to deployer workflow Adds a job to notify a bot in case of deployment failure. * Use variable for BOT_ENDPOINT in deployer.yml
dos-automation-bot Bot
pushed a commit
that referenced
this pull request
Dec 17, 2025
* Add failure notification job to deployer workflow Adds a job to notify a bot in case of deployment failure. * Use variable for BOT_ENDPOINT in deployer.yml
dos-automation-bot Bot
pushed a commit
that referenced
this pull request
Dec 17, 2025
* Add failure notification job to deployer workflow Adds a job to notify a bot in case of deployment failure. * Use variable for BOT_ENDPOINT in deployer.yml
dos-automation-bot Bot
pushed a commit
that referenced
this pull request
Dec 18, 2025
* Add failure notification job to deployer workflow Adds a job to notify a bot in case of deployment failure. * Use variable for BOT_ENDPOINT in deployer.yml
dos-automation-bot Bot
pushed a commit
that referenced
this pull request
Dec 18, 2025
* Add failure notification job to deployer workflow Adds a job to notify a bot in case of deployment failure. * Use variable for BOT_ENDPOINT in deployer.yml
dos-automation-bot Bot
pushed a commit
that referenced
this pull request
Dec 19, 2025
* Add failure notification job to deployer workflow Adds a job to notify a bot in case of deployment failure. * Use variable for BOT_ENDPOINT in deployer.yml
dos-automation-bot Bot
pushed a commit
that referenced
this pull request
Dec 19, 2025
* Add failure notification job to deployer workflow Adds a job to notify a bot in case of deployment failure. * Use variable for BOT_ENDPOINT in deployer.yml
rudimocnik
pushed a commit
that referenced
this pull request
Dec 19, 2025
* Add failure notification job to deployer workflow Adds a job to notify a bot in case of deployment failure. * Use variable for BOT_ENDPOINT in deployer.yml
dos-automation-bot Bot
pushed a commit
that referenced
this pull request
Dec 19, 2025
* Add failure notification job to deployer workflow Adds a job to notify a bot in case of deployment failure. * Use variable for BOT_ENDPOINT in deployer.yml
dos-automation-bot Bot
pushed a commit
that referenced
this pull request
Dec 19, 2025
* Add failure notification job to deployer workflow Adds a job to notify a bot in case of deployment failure. * Use variable for BOT_ENDPOINT in deployer.yml
dos-automation-bot Bot
pushed a commit
that referenced
this pull request
Dec 26, 2025
* Add failure notification job to deployer workflow Adds a job to notify a bot in case of deployment failure. * Use variable for BOT_ENDPOINT in deployer.yml
dos-automation-bot Bot
pushed a commit
that referenced
this pull request
Jan 1, 2026
* Add failure notification job to deployer workflow Adds a job to notify a bot in case of deployment failure. * Use variable for BOT_ENDPOINT in deployer.yml
dos-automation-bot Bot
pushed a commit
that referenced
this pull request
Jan 5, 2026
* Add failure notification job to deployer workflow Adds a job to notify a bot in case of deployment failure. * Use variable for BOT_ENDPOINT in deployer.yml
rudimocnik
pushed a commit
that referenced
this pull request
Jan 7, 2026
* Add failure notification job to deployer workflow Adds a job to notify a bot in case of deployment failure. * Use variable for BOT_ENDPOINT in deployer.yml
dos-automation-bot Bot
pushed a commit
that referenced
this pull request
Jan 8, 2026
* Add failure notification job to deployer workflow Adds a job to notify a bot in case of deployment failure. * Use variable for BOT_ENDPOINT in deployer.yml
rudimocnik
pushed a commit
that referenced
this pull request
Jan 9, 2026
* Add failure notification job to deployer workflow Adds a job to notify a bot in case of deployment failure. * Use variable for BOT_ENDPOINT in deployer.yml
dos-automation-bot Bot
pushed a commit
that referenced
this pull request
Jan 10, 2026
* Add failure notification job to deployer workflow Adds a job to notify a bot in case of deployment failure. * Use variable for BOT_ENDPOINT in deployer.yml
rudimocnik
pushed a commit
that referenced
this pull request
Jan 13, 2026
* Add failure notification job to deployer workflow Adds a job to notify a bot in case of deployment failure. * Use variable for BOT_ENDPOINT in deployer.yml
dos-automation-bot Bot
pushed a commit
that referenced
this pull request
Jan 15, 2026
* Add failure notification job to deployer workflow Adds a job to notify a bot in case of deployment failure. * Use variable for BOT_ENDPOINT in deployer.yml
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Adds a job to notify a bot in case of deployment failure.