Skip to content

fix(deploy): remove channel field from webhook payload (DEVEX-693)#102

Merged
ronneseth merged 5 commits intomainfrom
devex-693-deploy-slack-updates
Jan 3, 2026
Merged

fix(deploy): remove channel field from webhook payload (DEVEX-693)#102
ronneseth merged 5 commits intomainfrom
devex-693-deploy-slack-updates

Conversation

@ronneseth
Copy link
Contributor

@ronneseth ronneseth commented Jan 3, 2026

Summary

Removes the channel field from the Slack webhook payload. Incoming webhooks post to the channel configured in the webhook URL, so the channel field is not needed.

Changes

  • Removed "channel": "#release" from the payload JSON
  • Kept SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK (correct for webhook URLs)

Technical Details

The webhook URL format (https://hooks.slack.com/services/...) indicates this is an incoming webhook, which posts to the channel configured when the webhook was created. The channel field in the payload is not used by incoming webhooks.

Related

  • DEVEX-693

Testing

  • Verify Slack notification posts to the correct channel (configured in webhook URL) on next production deployment

fix(deploy): remove channel field from webhook payload
19ca2b6 
Remove the channel field from the Slack webhook payload as incoming webhooks post to the channel configured in the webhook URL. The SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK is correct for webhook URLs.

DEVEX-693
@ronneseth ronneseth requested a review from a team as a code owner January 3, 2026 20:56
@ronneseth ronneseth requested a review from aspencer January 3, 2026 20:56
Andreas Ronneseth added 4 commits January 3, 2026 14:00
fix(deploy): conditionally show APM link in Slack notification
c785c2a 
Make the APM link conditional - only show it when apm_url is explicitly provided. This fixes issues where workflows that don't provide apm_url were getting broken or inappropriate links.

DEVEX-693
fix(deploy): replace slack action with direct curl to fix CI errors
40c789e 
Replace slackapi/slack-github-action with direct curl command to avoid action parsing errors. This matches the working curl example and should resolve the 'channel: command not found' CI errors.

DEVEX-693
revert: restore slack-deploy-notification to original state
33958c1 
Revert all DEVEX-693 changes and restore the workflow to its original state before DEVEX-693 work began. The webhook URL in GitHub secrets should be updated to point to the #release channel instead.

DEVEX-693
security: fix command injection risk in JIRA ticket check workflow
3373da2 
Fix potential security issue where JIRA ticket description content could be interpreted as shell commands:

1. Only request 'status' field from JIRA API instead of full ticket (avoids processing description)
2. Use temporary file to safely store curl response instead of direct variable assignment
3. Use printf instead of echo when processing user-controlled content (PR body, commit messages)
4. Use HTTP status codes for error checking instead of parsing JSON error messages
5. Properly quote all variables and use jq with error handling

This prevents ticket descriptions containing shell-like text from being executed as commands.

DEVEX-693
@ronneseth ronneseth merged commit f4c44c2 into main Jan 3, 2026
1 check passed
@ronneseth ronneseth deleted the devex-693-deploy-slack-updates branch January 3, 2026 21:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@aspencer aspencer Awaiting requested review from aspencer aspencer is a code owner automatically assigned from encodium/developer-experience

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ronneseth