chore: fix-slackbot

[ryanbas21]

JIRA Ticket

N/A

Description

bad interpolation fix in 2ba62e4

the other two commits are me refactoring the workflows to use composite actions. I felt they were getting unmaintainbly long. just wanted to make it easier to parse through.

We can hold off on merging these until i'm back if preferred, they look like they all work fine but i'd hate for them not to and someone have to debug and fix it.

@spetrov maybe can review

Summary by CodeRabbit

• Chores
  • Centralized CI setup and caching for faster, more reliable builds; snapshot job migrated to the centralized setup.
• New Features
  • Automated beta publish flow that creates PRs and deploys beta API docs.
  • Automated release flow that deploys API docs and posts reformatted release notifications to Slack.
• Notes
  • No user-facing app functionality changes.

[changeset-bot]

⚠️ No Changeset found

Latest commit: f932124

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[coderabbitai]

Walkthrough

Replaces inline CI setup, caching, and publish steps with three local composite GitHub Actions: Setup Project, Publish Beta Steps, and Publish Release Steps. The top-level publish workflow and snapshot job now invoke these actions, pass inputs like pnpm-cache-folder and publishedPackages, and swap direct Slack/docs/npm steps for the new composite actions.

Changes

Cohort / File(s)	Summary of Changes
Top-level publish workflow .github/workflows/publish.yml	Replaced inlined setup/cache/publish steps with calls to local composite actions; added pnpm-cache-folder input and CODECOV_TOKEN exposure, removed explicit pnpm/action-setup/actions/setup-node/npm cache steps and direct Codecov/pack/docs steps; reorganized release vs beta paths to call the new actions.
Setup action .github/actions/setup/action.yml	Added Setup Project composite action that centralizes checkout, pnpm/node setup, npm update, dependency install, Nx Cloud start, Playwright cache/install, pnpm store configuration, nx affected tasks (build/lint/test/e2e), and artifact upload. Inputs: fetch-depth, token, node-version-file, pnpm-cache-folder.
Publish beta action .github/actions/publish-beta/action.yml	Added Publish Beta Steps composite action that runs a pnpm command to create a PR for beta publishing and deploys API docs to the beta target using github-pages-deploy-action.
Publish release action .github/actions/publish-release/action.yml	Added Publish Release Steps composite action with inputs publishedPackages and slackWebhook; formats publishedPackages for Slack (output), posts Slack notification via slackapi/slack-github-action, and deploys API docs via github-pages-deploy-action.

Sequence Diagram(s)

sequenceDiagram
  participant Workflow as publish.yml
  participant Setup as .github/actions/setup
  participant PublishRelease as .github/actions/publish-release
  participant PublishBeta as .github/actions/publish-beta
  participant Slack as slackapi/slack-github-action
  participant Pages as github-pages-deploy-action

  rect rgb(245,250,255)
  Workflow->>Setup: call "Setup Project" (inputs: token, pnpm-cache-folder, node-version-file, ...)
  Setup-->>Workflow: setup complete
  end

  alt release path (published == true)
    Workflow->>PublishRelease: call "Publish Release Steps" (publishedPackages, slackWebhook)
    PublishRelease->>PublishRelease: format publishedPackages -> output
    PublishRelease->>Slack: post formatted payload
    PublishRelease->>Pages: deploy api docs (chore: release-api-docs)
    PublishRelease-->>Workflow: release done
  else beta path
    Workflow->>PublishBeta: call "Publish Beta Steps"
    PublishBeta->>PublishBeta: run pnpm PR publish command
    PublishBeta->>Pages: deploy beta docs (beta commit message)
    PublishBeta-->>Workflow: beta done
  end

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• ci: use-trusted-publishers #418 — Related changes to publish workflow and moving publish steps into reusable actions.
• chore: add-continuous-publish #399 — Related adjustments to pnpm-based publishing and continuous publish orchestration.

Suggested reviewers

• cerebrl

Poem

I hop through CI with a cheerful cheer,
Replacing steps to keep the path clear.
Docs take flight and Slack gets a bell,
Beta and release all rung from one shell.
Carrots for build — hoppity hooray! 🥕🐇

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Title Check	⚠️ Warning	The title “chore: fix-slackbot” only references correcting a Slack publish interpolation issue but omits the significant refactoring of workflows into composite actions and the introduction of new publish-beta, publish-release, and setup actions. This narrow focus may mislead reviewers about the full scope of the changeset and does not clearly summarize the primary update to centralize and streamline CI workflows. To improve clarity, the title should reflect both the interpolation fix and the broader workflow restructuring.	Revise the title to clearly reflect the main workflow refactoring alongside the Slack interpolation fix, for example “chore: refactor CI workflows into composite actions and fix Slack publish interpolation.”

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	The description includes the required JIRA Ticket and Description headings and summarizes both the bad interpolation fix and the workflow refactoring into composite actions in line with the template. It clearly states the ticket status and outlines the purpose of the commits, providing adequate context for reviewers. While it does not explicitly note whether a changeset was added, it covers the core modifications and intent. Overall, the structure and content are informative and appropriately follow the repository’s template.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix-publish-packages-slack

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[nx-cloud]

View your CI Pipeline Execution ↗ for commit f932124

Command	Status	Duration	Result
nx run-many -t build	✅ Succeeded	<1s	View ↗
nx affected -t build typecheck lint test e2e-ci	✅ Succeeded	1m 27s	View ↗
nx-cloud record -- nx format:check	✅ Succeeded	1s	View ↗

---

☁️ Nx Cloud last updated this comment at 2025-10-03 16:37:41 UTC

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 6b110df and 2ba62e4.

📒 Files selected for processing (1)

• .github/workflows/publish.yml (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: pr

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 18.75%. Comparing base (6b110df) to head (f932124).

❌ Your project status has failed because the head coverage (18.75%) is below the target coverage (40.00%). You can increase the head coverage or adjust the target coverage.

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #427   +/-   ##
=======================================
  Coverage   18.75%   18.75%           
=======================================
  Files         138      138           
  Lines       27368    27368           
  Branches      951      951           
=======================================
  Hits         5132     5132           
  Misses      22236    22236           

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[pkg-pr-new]

Open in StackBlitz

@forgerock/davinci-client

pnpm add https://pkg.pr.new/ForgeRock/ping-javascript-sdk/@forgerock/davinci-client@427

@forgerock/oidc-client

pnpm add https://pkg.pr.new/ForgeRock/ping-javascript-sdk/@forgerock/oidc-client@427

@forgerock/protect

pnpm add https://pkg.pr.new/ForgeRock/ping-javascript-sdk/@forgerock/protect@427

@forgerock/sdk-types

pnpm add https://pkg.pr.new/ForgeRock/ping-javascript-sdk/@forgerock/sdk-types@427

@forgerock/sdk-utilities

pnpm add https://pkg.pr.new/ForgeRock/ping-javascript-sdk/@forgerock/sdk-utilities@427

@forgerock/iframe-manager

pnpm add https://pkg.pr.new/ForgeRock/ping-javascript-sdk/@forgerock/iframe-manager@427

@forgerock/sdk-logger

pnpm add https://pkg.pr.new/ForgeRock/ping-javascript-sdk/@forgerock/sdk-logger@427

@forgerock/sdk-oidc

pnpm add https://pkg.pr.new/ForgeRock/ping-javascript-sdk/@forgerock/sdk-oidc@427

@forgerock/sdk-request-middleware

pnpm add https://pkg.pr.new/ForgeRock/ping-javascript-sdk/@forgerock/sdk-request-middleware@427

@forgerock/storage

pnpm add https://pkg.pr.new/ForgeRock/ping-javascript-sdk/@forgerock/storage@427

commit: f932124

[github-actions]

Deployed e0cab0c to https://ForgeRock.github.io/ping-javascript-sdk/pr-427/e0cab0c7f97ced3abfc7073f691879eabf5eb944 branch gh-pages in ForgeRock/ping-javascript-sdk

[github-actions]

📦 Bundle Size Analysis

📦 Bundle Size Analysis

🚨 Significant Changes

🔻 @forgerock/journey-client - 0.0 KB (-82.0 KB, -100.0%)

📊 Minor Changes

📈 @forgerock/journey-client - 82.0 KB (+0.0 KB)

➖ No Changes

➖ @forgerock/device-client - 9.2 KB
➖ @forgerock/oidc-client - 23.0 KB
➖ @forgerock/protect - 150.1 KB
➖ @forgerock/sdk-utilities - 7.5 KB
➖ @forgerock/sdk-types - 8.0 KB
➖ @forgerock/storage - 1.4 KB
➖ @forgerock/sdk-logger - 1.6 KB
➖ @forgerock/iframe-manager - 2.4 KB
➖ @forgerock/sdk-request-middleware - 4.4 KB
➖ @forgerock/sdk-oidc - 2.5 KB
➖ @forgerock/davinci-client - 34.5 KB

---

13 packages analyzed • Baseline from latest main build

Legend

🆕 New package
🔺 Size increased
🔻 Size decreased
➖ No change

ℹ️ How bundle sizes are calculated

• Current Size: Total gzipped size of all files in the package's dist directory
• Baseline: Comparison against the latest build from the main branch
• Files included: All build outputs except source maps and TypeScript build cache
• Exclusions: .map, .tsbuildinfo, and .d.ts.map files

---

_{🔄 Updated automatically on each push to this PR}

[coderabbitai]

Actionable comments posted: 4

🧹 Nitpick comments (1)

.github/actions/publish-beta/action.yml (1)

4-7: Remove the dead branch input (or actually use it).

The action exposes a branch input but never consumes it, so callers pass data that’s silently ignored. Please either wire the input into the action logic or drop it from the interface.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 2ba62e4 and 63871b1.

📒 Files selected for processing (4)

• .github/actions/publish-beta/action.yml (1 hunks)
• .github/actions/publish-release/action.yml (1 hunks)
• .github/actions/setup/action.yml (1 hunks)
• .github/workflows/publish.yml (2 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: pr

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Slack payload missing required text (webhook rejects it).

Incoming webhooks expect a text or blocks field; sending { "publishedPackages": "…" } results in invalid_payload, so the notification never lands. Wrap the formatted string under text (or build a proper block) before calling the Slack action.

🤖 Prompt for AI Agents

In .github/actions/publish-release/action.yml around lines 27 to 29, the JSON
payload currently sends { "publishedPackages": "${{
steps.slackify.outputs.message }}" } which Slack incoming webhooks reject
because they require a top-level text or blocks field; replace the payload so it
wraps the message under a "text" key (or construct a "blocks" array) e.g. set
the payload to { "text": "${{ steps.slackify.outputs.message }}" } and ensure
any escaping/quoting matches the YAML/step input format.

[ryanbas21]

There should be nothing different, i just refactored this to be more "clean" and use a composite action that can be reused across steps.

[ryanbas21]

removed this b/c unneccessary

[ryanbas21]

Broke this branching out into reusable composite actions

just to clean up this workflow

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 63871b1 and 54f42cf.

📒 Files selected for processing (2)

• .github/actions/setup/action.yml (1 hunks)
• .github/workflows/publish.yml (3 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: pr

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (6)

.github/actions/publish-beta/action.yml (3)

3-7: Remove empty inputs block or define real inputs

An empty inputs: is noise. Either remove it or add explicit inputs (e.g., token, docs-folder, branch) you plan to consume.

---

8-11: Ensure auth for PR creation (GITHUB_TOKEN) is wired

pnpm pkg-pr-new publish … will need a token to open PRs. Composite actions don’t auto-inject inputs; rely on GITHUB_TOKEN from the caller job and ensure permissions: contents: write, pull-requests: write are set, or accept a token input and pass it as env.

Example adjustment within this action:

 inputs:
+  token:
+    description: 'GitHub token with contents & pull-requests write'
+    required: false

   steps:
     - name: Create PR for beta publish
       shell: bash
-      run: pnpm pkg-pr-new publish './packages/*' './packages/sdk-effects/*' --packageManager=pnpm --comment=off
+      run: pnpm pkg-pr-new publish './packages/*' './packages/sdk-effects/*' --packageManager=pnpm --comment=off
+      env:
+        GITHUB_TOKEN: ${{ inputs.token || env.GITHUB_TOKEN }}

Optionally confirm the caller workflow sets:

• job permissions: contents: write, pull-requests: write
• env: GITHUB_TOKEN provided by GitHub

---

12-17: Pin action to a commit SHA and set target branch explicitly

For supply‑chain safety, pin JamesIves/github-pages-deploy-action to a commit SHA. Also set branch explicitly (usually gh-pages) to avoid environment drift.

-    - name: Publish api docs [beta]
-      uses: JamesIves/[email protected]
+    - name: Publish api docs [beta]
+      uses: JamesIves/github-pages-deploy-action@9dc5b8d3b75f3cc1b1b5a7eaa63a6a5c9e1d2b48 # v4.7.3
       with:
-        folder: docs
+        branch: gh-pages
+        folder: docs
         commit-message: 'chore: release-api-docs-beta'
         target-folder: 'beta'

Also ensure the caller job has pages: write or contents: write permissions as required by the action and that docs/ is built before invoking this step.

.github/actions/setup/action.yml (3)

22-26: Pin third‑party actions to commit SHAs

Pin all marketplace actions to immutable SHAs (checkout, pnpm/action-setup, setup-node, actions/cache, nrwl/nx-set-shas, upload-artifact) to reduce supply‑chain risk.

Example:

• actions/checkout@v4 → actions/checkout@b4ffde6
• pnpm/action-setup@v4 → pnpm/action-setup@
• actions/setup-node@v4 → actions/setup-node@
• actions/cache@v4 → actions/cache@
• nrwl/nx-set-shas@v4 → nrwl/nx-set-shas@
• actions/upload-artifact@v4 → actions/upload-artifact@

Also applies to: 27-29, 31-36, 56-62, 67-67, 73-80

---

37-39: Updating npm globally may be unnecessary and adds time

Unless you hit a specific npm bug, consider omitting npm install -g npm@latest to speed up CI and keep npm aligned with the selected Node version.

---

63-66: Playwright install nuances

If using GitHub-hosted runners, browsers are often preinstalled/restored via cache; consider skipping install for non-e2e jobs, or gate with a boolean input to reduce time. Use --with-deps only when needed on self-hosted Linux.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 54f42cf and f932124.

📒 Files selected for processing (3)

• .github/actions/publish-beta/action.yml (1 hunks)
• .github/actions/publish-release/action.yml (1 hunks)
• .github/actions/setup/action.yml (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• .github/actions/publish-release/action.yml

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: pr

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Fix pnpm cache miss: configure store before setup-node caching

actions/setup-node@v4 with cache: 'pnpm' determines the store path before your pnpm config set store-dir … runs, so the restored cache won’t match the configured store. Move the pnpm config step above setup-node.

     - uses: pnpm/action-setup@v4
       with:
         run_install: false

-    - uses: actions/setup-node@v4
-      with:
-        node-version-file: ${{ inputs.node-version-file }}
-        cache: 'pnpm'
-        registry-url: 'https://registry.npmjs.org'
-
-    - name: Update npm
-      run: npm install -g npm@latest
-      shell: bash
-
-    - name: Setup pnpm config
+    - name: Setup pnpm config (global)
       run: pnpm config set store-dir ${{ inputs.pnpm-cache-folder }} --global
       shell: bash
+
+    - uses: actions/setup-node@v4
+      with:
+        node-version-file: ${{ inputs.node-version-file }}
+        cache: 'pnpm'
+        registry-url: 'https://registry.npmjs.org'
+
+    - name: Update npm
+      run: npm install -g npm@latest
+      shell: bash

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	- uses: actions/setup-node@v4
	with:
	node-version-file: ${{ inputs.node-version-file }}
	cache: 'pnpm'
	registry-url: 'https://registry.npmjs.org'
	- name: Update npm
	run: npm install -g npm@latest
	shell: bash
	- name: Setup pnpm config
	run: pnpm config set store-dir ${{ inputs.pnpm-cache-folder }} --global
	shell: bash
	- name: Install dependencies
	run: pnpm install --frozen-lockfile
	- uses: pnpm/action-setup@v4
	with:
	run_install: false
	- name: Setup pnpm config (global)
	run: pnpm config set store-dir ${{ inputs.pnpm-cache-folder }} --global
	shell: bash
	- uses: actions/setup-node@v4
	with:
	node-version-file: ${{ inputs.node-version-file }}
	cache: 'pnpm'
	registry-url: 'https://registry.npmjs.org'
	- name: Update npm
	run: npm install -g npm@latest
	shell: bash
	- name: Install dependencies
	run: pnpm install --frozen-lockfile

🤖 Prompt for AI Agents

In .github/actions/setup/action.yml around lines 31 to 46, the pnpm store-dir is
configured after actions/setup-node evaluates its pnpm cache key, causing cache
misses; move the "Setup pnpm config" step (pnpm config set store-dir ${{
inputs.pnpm-cache-folder }} --global) to run before the actions/setup-node@v4
step (so the cache key is computed against the configured store path), keep the
setup-node step with cache: 'pnpm' afterwards, and ensure subsequent steps
(Update npm, Install dependencies) remain in correct order.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

Verify Nx Cloud distribution file and env var presence

Ensure .nx/workflows/dynamic-changesets.yml exists and CODECOV_TOKEN is available (optional) in the caller job env; otherwise the start-ci-run could fail or run suboptimally.

---

🏁 Script executed:

#!/bin/bash
# Verify Nx distribution config file and docs presence used elsewhere
set -euo pipefail
echo "Nx distribution file:"
fd dynamic-changesets.yml -H -a | sed -n '1,5p'
echo "Codecov token env set? (expect non-empty or intentionally unset)"
test -n "${CODECOV_TOKEN:-}" && echo "CODECOV_TOKEN is set" || echo "CODECOV_TOKEN not set"

Length of output: 164

---

Add CODECOV_TOKEN or remove it from --with-env-vars
.nx/workflows/dynamic-changesets.yml exists, but CODECOV_TOKEN isn’t set in this job—add it to the workflow env or drop it from the --with-env-vars flag to avoid passing an empty value.

🤖 Prompt for AI Agents

.github/actions/setup/action.yml lines 49-54: The Nx Cloud start step includes
--with-env-vars="CODECOV_TOKEN" but CODECOV_TOKEN is not provided in this job;
either add CODECOV_TOKEN to the job's environment or remove it from the
--with-env-vars flag so an empty value isn't passed. Update the workflow by (A)
adding CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} or similar to the env block
for this job, or (B) deleting CODECOV_TOKEN from the --with-env-vars argument if
codecov is not needed here.