fix(deploy): remove channel field from webhook payload (DEVEX-693) #102
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Remove the channel field from the Slack webhook payload as incoming webhooks post to the channel configured in the webhook URL. The SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK is correct for webhook URLs. DEVEX-693
added 4 commits
January 3, 2026 14:00
Make the APM link conditional - only show it when apm_url is explicitly provided. This fixes issues where workflows that don't provide apm_url were getting broken or inappropriate links. DEVEX-693
Replace slackapi/slack-github-action with direct curl command to avoid action parsing errors. This matches the working curl example and should resolve the 'channel: command not found' CI errors. DEVEX-693
Revert all DEVEX-693 changes and restore the workflow to its original state before DEVEX-693 work began. The webhook URL in GitHub secrets should be updated to point to the #release channel instead. DEVEX-693
Fix potential security issue where JIRA ticket description content could be interpreted as shell commands: 1. Only request 'status' field from JIRA API instead of full ticket (avoids processing description) 2. Use temporary file to safely store curl response instead of direct variable assignment 3. Use printf instead of echo when processing user-controlled content (PR body, commit messages) 4. Use HTTP status codes for error checking instead of parsing JSON error messages 5. Properly quote all variables and use jq with error handling This prevents ticket descriptions containing shell-like text from being executed as commands. DEVEX-693
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Removes the
channelfield from the Slack webhook payload. Incoming webhooks post to the channel configured in the webhook URL, so the channel field is not needed.Changes
"channel": "#release"from the payload JSONSLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK(correct for webhook URLs)Technical Details
The webhook URL format (
https://hooks.slack.com/services/...) indicates this is an incoming webhook, which posts to the channel configured when the webhook was created. Thechannelfield in the payload is not used by incoming webhooks.Related
Testing