fix(ci): Notification workflow for Slack

[justin-tahara]

Description

These steps fail since we are reaching out to AWS for a secret that does not exist.

This aligns usage across the codebase.

How Has This Been Tested?

Additional Options

• [Required] I have considered whether this PR needs to be cherry-picked to the latest beta branch.
• [Optional] Override Linear Check

---

Summary by cubic

Fix Slack notifications in the deployment workflow by reading the webhook from GitHub Secrets instead of AWS Secrets Manager. This stops CI failures caused by missing AWS secrets and standardizes secret usage.

• Bug Fixes
  • Removed AWS credential and Secrets Manager steps from .github/workflows/deployment.yml.
  • Updated both Slack notify steps to use secrets.MONITOR_DEPLOYMENTS_WEBHOOK.

^{Written for commit 92d4380. Summary will update on new commits.}

[cubic-dev-ai]

No issues found across 1 file

[greptile-apps]

Greptile Overview

Greptile Summary

Removed AWS Secrets Manager integration from Slack notification jobs in the deployment workflow. The change switches from fetching MONITOR_DEPLOYMENTS_WEBHOOK via AWS Secrets Manager to using it directly from GitHub secrets, which aligns with the pattern used in other workflows like tag-nightly.yml.

Key Changes:

• Removed AWS credential configuration steps from notify-slack-on-tag-check-failure and notify-slack-on-deployment-failure jobs
• Removed aws-secretsmanager-get-secrets action calls
• Changed webhook-url parameter from ${{ env.MONITOR_DEPLOYMENTS_WEBHOOK }} to ${{ secrets.MONITOR_DEPLOYMENTS_WEBHOOK }}

This simplifies the workflow by eliminating dependencies on AWS OIDC authentication and Secrets Manager for these notification steps, fixing failures caused by missing AWS secrets.

Confidence Score: 5/5

• This PR is safe to merge with no risk
• The changes are straightforward and well-aligned with existing patterns in the codebase. The fix removes unnecessary AWS integration and uses GitHub secrets directly, which is the standard approach used in other workflows. The change is minimal, focused, and addresses the root cause of the failure mentioned in the PR description.
• No files require special attention

Important Files Changed

Filename	Overview
.github/workflows/deployment.yml	Removed AWS secret fetching and switched to direct GitHub secrets for Slack webhook, aligning with codebase patterns

Sequence Diagram

sequenceDiagram
    participant GHA as GitHub Actions
    participant Secret as GitHub Secrets
    participant Slack as Slack Action
    participant SlackAPI as Slack API

    Note over GHA: notify-slack-on-tag-check-failure job
    GHA->>GHA: Check if check-version-tag failed
    alt check-version-tag failed
        GHA->>Secret: Fetch MONITOR_DEPLOYMENTS_WEBHOOK
        Secret-->>GHA: Return webhook URL
        GHA->>Slack: Call slack-notify action
        Slack->>SlackAPI: POST notification with webhook URL
        SlackAPI-->>Slack: Notification sent
    end

    Note over GHA: notify-slack-on-deployment-failure job
    GHA->>GHA: Check if any build jobs failed
    alt Any build job failed
        GHA->>GHA: Determine which jobs failed
        GHA->>Secret: Fetch MONITOR_DEPLOYMENTS_WEBHOOK
        Secret-->>GHA: Return webhook URL
        GHA->>Slack: Call slack-notify action
        Slack->>SlackAPI: POST notification with webhook URL
        SlackAPI-->>Slack: Notification sent
    end

Loading