From 1c6e00dc19537bcf36753f5754934af963605bd8 Mon Sep 17 00:00:00 2001 From: Zac Farrell Date: Tue, 16 Jun 2026 10:09:04 -0700 Subject: [PATCH 1/2] ci(publish): post to #deploy on PyPI publish --- .github/workflows/publish.yml | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 641ec4e..1c9d9ff 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -67,3 +67,28 @@ jobs: - name: Publish via Trusted Publishing uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # v1.13.0 + + # Announce the release in #deploy. Runs only when the publish above + # succeeded. Posts via the shared Hotdata CI Slack app (bot token), so the + # same SLACK_CI_BOT_TOKEN org secret drives notifications across SDK repos. + - name: "Notify #deploy on Slack" + # The publish above is irreversible, so a Slack/token hiccup must not + # mark a successful release as failed and trigger false-alarm retries. + continue-on-error: true + env: + SLACK_CI_BOT_TOKEN: ${{ secrets.SLACK_CI_BOT_TOKEN }} + run: | + set -euo pipefail + if [ -z "${SLACK_CI_BOT_TOKEN:-}" ]; then + echo "SLACK_CI_BOT_TOKEN not set; skipping Slack notification" >&2 + exit 0 + fi + version="${GITHUB_REF_NAME#v}" + text=":package: *hotdata* \`v${version}\` published to PyPI — · " + # #deploy channel ID (rename-proof). chat.postMessage returns HTTP 200 + # even on logical errors, so assert on .ok to fail the step. + curl -sSf -X POST https://slack.com/api/chat.postMessage \ + -H "Authorization: Bearer ${SLACK_CI_BOT_TOKEN}" \ + -H 'Content-Type: application/json; charset=utf-8' \ + --data "$(jq -n --arg ch 'C0ARK84E1D4' --arg text "$text" '{channel:$ch, text:$text}')" \ + | jq -e '.ok' >/dev/null From 34d0f73c835284b9a1c1620ebb620fea2024432c Mon Sep 17 00:00:00 2001 From: Zac Farrell Date: Tue, 16 Jun 2026 10:14:49 -0700 Subject: [PATCH 2/2] ci(publish): log Slack error on notify failure --- .github/workflows/publish.yml | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 1c9d9ff..9289485 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -86,9 +86,14 @@ jobs: version="${GITHUB_REF_NAME#v}" text=":package: *hotdata* \`v${version}\` published to PyPI — · " # #deploy channel ID (rename-proof). chat.postMessage returns HTTP 200 - # even on logical errors, so assert on .ok to fail the step. - curl -sSf -X POST https://slack.com/api/chat.postMessage \ + # even on logical errors, so capture the body and assert on .ok — + # echoing Slack's error makes a swallowed (continue-on-error) miss + # debuggable in the job log instead of disappearing silently. + response="$(curl -sS -X POST https://slack.com/api/chat.postMessage \ -H "Authorization: Bearer ${SLACK_CI_BOT_TOKEN}" \ -H 'Content-Type: application/json; charset=utf-8' \ - --data "$(jq -n --arg ch 'C0ARK84E1D4' --arg text "$text" '{channel:$ch, text:$text}')" \ - | jq -e '.ok' >/dev/null + --data "$(jq -n --arg ch 'C0ARK84E1D4' --arg text "$text" '{channel:$ch, text:$text}')")" + if ! jq -e '.ok' >/dev/null <<<"$response"; then + echo "Slack notification failed: $(jq -r '.error // "unknown"' <<<"$response")" >&2 + exit 1 + fi