GHA-219 Replace Docker-based Slack notifier with Python script (#125)

Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>

Author: nils-werner-sonarsource

.github/workflows/test-all.yml

@@ -45,6 +45,9 @@ jobs:
   test-update-rule-metadata:
     uses: ./.github/workflows/test-update-rule-metadata.yml
 
+  test-notify-slack:
+    uses: ./.github/workflows/test-notify-slack.yml
+
   test-lock-branch:
     uses: ./.github/workflows/test-lock-branch.yml
 

.github/workflows/test-lock-branch.yml

@@ -39,4 +39,4 @@ jobs:
       - name: Run unit tests
         run: |
           cd lock-branch
-          python -m pytest test_utils.py test_lock_branch.py test_notify_slack.py -v --cov=utils --cov=lock_branch --cov=notify_slack --cov-report=term-missing
+          python -m pytest test_utils.py test_lock_branch.py -v --cov=utils --cov=lock_branch --cov-report=term-missing

.github/workflows/test-notify-slack.yml

@@ -0,0 +1,60 @@
+name: Test Notify Slack Action
+
+on:
+  workflow_call:
+  pull_request:
+    paths:
+      - 'notify-slack/**'
+      - '.github/workflows/test-notify-slack.yml'
+  push:
+    branches:
+      - branch-*
+    paths:
+      - 'notify-slack/**'
+      - '.github/workflows/test-notify-slack.yml'
+  workflow_dispatch:
+
+jobs:
+  integration-test:
+    name: Send Test Notification
+    runs-on: ubuntu-latest
+    continue-on-error: true
+    permissions:
+      id-token: write
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - name: Send test Slack notification
+        uses: ./notify-slack
+        with:
+          project-name: release-github-actions
+          slack-channel: alerts-release-github-actions
+          icon: ':test_tube:'
+          color: good
+          message: 'Test notification from `notify-slack` action on branch `${{ github.ref_name }}`'
+
+  unit-tests:
+    name: Run Unit Tests
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: Set up Python
+        uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
+        with:
+          python-version: '3.10'
+          cache: 'pip'
+          cache-dependency-path: notify-slack/requirements.txt
+
+      - name: Install dependencies
+        run: |
+          cd notify-slack
+          pip install -r requirements.txt
+          pip install pytest pytest-cov
+
+      - name: Run unit tests
+        run: |
+          cd notify-slack
+          python -m pytest test_notify_slack.py -v --cov=notify_slack --cov-report=term-missing

lock-branch/action.yml

@@ -14,9 +14,6 @@ inputs:
   github-token:
     description: 'GitHub token with admin permissions (defaults to Vault)'
     required: false
-  slack-token:
-    description: 'Slack token for notifications (defaults to Vault)'
-    required: false
 
 outputs:
   branch:
@@ -34,12 +31,11 @@ runs:
   steps:
     - name: Get Secrets from Vault
       id: secrets
-      if: ${{ !inputs.github-token || (!inputs.slack-token && inputs.slack-channel) }}
+      if: ${{ !inputs.github-token }}
       uses: SonarSource/vault-action-wrapper@v3
       with:
         secrets: |
           development/github/token/{REPO_OWNER_NAME_DASH}-lock token | GITHUB_LOCK_TOKEN;
-          development/kv/data/slack token | SLACK_TOKEN;
 
     - name: Set up Python
       uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
@@ -64,18 +60,41 @@ runs:
           --repository "${{ github.repository }}" \
           >> $GITHUB_OUTPUT
 
-    - name: Send Slack Notification
+    - name: Build Slack Message
+      id: slack-message
       if: ${{ inputs.slack-channel != '' }}
       shell: bash
       env:
-        SLACK_TOKEN: ${{ inputs.slack-token || fromJSON(steps.secrets.outputs.vault).SLACK_TOKEN }}
-        INPUT_CHANNEL: ${{ inputs.slack-channel }}
         INPUT_BRANCH: ${{ inputs.branch }}
         INPUT_FREEZE: ${{ inputs.freeze }}
+        RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
       run: |
-        python ${{ github.action_path }}/notify_slack.py \
-          --channel "$INPUT_CHANNEL" \
-          --branch "$INPUT_BRANCH" \
-          --repository "${{ github.repository }}" \
-          --freeze "$INPUT_FREEZE" \
-          --run-url "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"
+        if [[ "$INPUT_FREEZE" == "true" ]]; then
+          ICON=":ice_cube:"
+          ACTION="frozen"
+          COLOR="warning"
+        else
+          ICON=":sun_with_face:"
+          ACTION="unfrozen"
+          COLOR="good"
+        fi
+        echo "icon=$ICON" >> $GITHUB_OUTPUT
+        echo "color=$COLOR" >> $GITHUB_OUTPUT
+        DELIMITER="$(openssl rand -hex 8)"
+        {
+          echo "message<<${DELIMITER}"
+          printf '%s Branch `%s` has been %s in `${{ github.repository }}`\n*Run:* <%s|View workflow run>' \
+            "$ICON" "$INPUT_BRANCH" "$ACTION" "$RUN_URL"
+          echo
+          echo "${DELIMITER}"
+        } >> $GITHUB_OUTPUT
+
+    - name: Send Slack Notification
+      if: ${{ inputs.slack-channel != '' }}
+      uses: SonarSource/release-github-actions/notify-slack@v1
+      with:
+        project-name: ${{ github.repository }}
+        slack-channel: ${{ inputs.slack-channel }}
+        icon: ${{ steps.slack-message.outputs.icon }}
+        color: ${{ steps.slack-message.outputs.color }}
+        message: ${{ steps.slack-message.outputs.message }}