#348 Migrate workflows to centralized SDK version matrix and fix job outputs

[kernelsam]

Summary

• Migrate hardcoded senzingsdk-version matrix entries to use centralized senzing-factory/build-resources/sdk-versions@v4 composite action
• Remove deprecated outputs: status: ${{ job.status }} blocks from jobs
• Replace .outputs.status references with .result in slack notification jobs
• Fix .claude/settings.json

Test plan

• Verify sdk-versions job runs and provides correct matrix values
• Verify test/build jobs receive matrix values via fromJSON()
• Verify slack notifications use .result correctly

---

Resolves #348

[github-actions]

🤖 Claude Code Review

PR Code Review

This PR migrates GitHub Actions workflows to use a centralized SDK version matrix and fixes job status outputs. Here's my analysis:

---

Code Quality

✅ No commented-out code - Clean diff with only functional changes.

✅ Meaningful variable names - senzingsdk-versions, sdk-versions job naming are clear and consistent.

✅ DRY principle followed - This PR improves DRY by centralizing SDK versions into a shared build-resources/sdk-versions@v4 action instead of duplicating [production-v4, staging-v4] across three files.

✅ Bug fix: job.status → needs.<job>.result - The original pattern of exposing job.status via outputs was incorrect in GitHub Actions. job.status within the job's own outputs context is unreliable/unsupported for cross-job status checks. Using needs.pylint.result is the correct GitHub Actions API. This is a valid and important fix.

✅ No defects identified - The sdk-versions job pattern correctly:

• Runs on ubuntu-latest (lightweight)
• Exposes output via steps.cfg.outputs.senzingsdk-versions
• Is consumed with fromJSON() to convert the string output to an array for the matrix

⚠️ Minor: Blank lines after jobs: key - In pytest-darwin.yaml, pytest-linux.yaml, and pytest-windows.yaml, there is a blank line after jobs: before the sdk-versions job definition (e.g., pytest-linux.yaml diff shows jobs: followed by an empty line). While not a functional issue, this is inconsistent with YAML conventions. The original files did not have this blank line.

---

Testing

✅ N/A - These are CI workflow files, not application code. No unit tests are applicable.

✅ The change is self-validating - Once merged, the workflows themselves will test whether the sdk-versions action returns valid versions that can be used in the matrix.

---

Documentation

✅ No README/API doc changes needed - These are internal CI configuration changes.

✅ CHANGELOG.md - Not included in the diff. If this project maintains a changelog for CI infrastructure changes, it should be updated. However, for workflow-only changes this is commonly omitted.

---

Security

✅ No hardcoded credentials - Secrets are properly referenced via ${{ secrets.SLACK_BOT_TOKEN }} and ${{ secrets.SLACK_CHANNEL }}.

✅ No sensitive data - Clean.

✅ Action pinning - All external actions use @v4 tag references (e.g., senzing-factory/build-resources/sdk-versions@v4). This is consistent with the existing patterns in this repo. Note that using version tags rather than SHA pins is a common tradeoff between convenience and supply chain security — acceptable given this is a Senzing Garage (experimental) project.

✅ No license files (.lic) or AQAAAD-prefixed strings - Not present.

---

Summary

Category	Status
Code Quality	✅
Testing	✅ N/A
Documentation	✅
Security	✅

Overall: Approved. The changes are correct, improve maintainability by centralizing SDK version management, and fix a subtle but real GitHub Actions bug (job.status outputs → needs.<job>.result). The only minor note is the extraneous blank lines after jobs: in the three pytest workflow files, which is cosmetic.

Automated code review analyzing defects and coding standards

[github-actions]

Super-linter summary

Language	Validation result
CHECKOV	Pass ✅
GITHUB_ACTIONS	Pass ✅
GITHUB_ACTIONS_ZIZMOR	Pass ✅
GITLEAKS	Pass ✅
GIT_MERGE_CONFLICT_MARKERS	Pass ✅
JSCPD	Pass ✅
PRE_COMMIT	Pass ✅
SPELL_CODESPELL	Pass ✅
TRIVY	Pass ✅
YAML	Pass ✅
YAML_PRETTIER	Fail ❌

Super-linter detected linting errors

For more information, see the GitHub Actions workflow run

Powered by Super-linter

YAML_PRETTIER

Checking formatting...[�[33mwarn�[39m] .github/workflows/pytest-darwin.yaml
[�[33mwarn�[39m] .github/workflows/pytest-linux.yaml
[�[33mwarn�[39m] .github/workflows/pytest-windows.yaml
[�[33mwarn�[39m] Code style issues found in 3 files. Run Prettier with --write to fix.

[github-actions]

🤖 Claude Code Review

PR Code Review

Code Quality

✅ Style guide adherence - YAML workflow files follow standard GitHub Actions conventions.

✅ No commented-out code - No commented-out code present.

✅ Meaningful variable names - sdk-versions, senzingsdk-versions, cfg are all clear and descriptive.

✅ DRY principle - The change improves DRY by centralizing SDK version management via senzing-factory/build-resources/sdk-versions@v4 instead of hardcoding [production-v4, staging-v4] in three separate files.

✅ No defects - Logic is sound:

• pylint.yaml: Correctly replaces needs.pylint.outputs.status (which required the now-removed outputs block) with needs.pylint.result (a built-in GitHub Actions job property). This is the correct fix.
• pytest-{darwin,linux,windows}.yaml: The new sdk-versions job pattern is consistent and correctly wired with needs: sdk-versions and fromJSON(needs.sdk-versions.outputs.senzingsdk-versions).

✅ CLAUDE.md - No concerns; the project instructions are general and environment-agnostic.

---

Testing

✅ Not applicable - This PR only modifies CI workflow YAML files. No application logic changed.

---

Documentation

✅ README - No changes needed; this is a CI infrastructure change.

✅ CHANGELOG.md - Not present in diff; acceptable for CI-only changes in a garage/experimental project.

✅ Inline comments - Logic is self-evident; no comments needed.

---

Security

✅ No hardcoded credentials - None present.

✅ Input validation - N/A for workflow files.

✅ No sensitive data - Clean.

✅ No license files - No .lic files or AQAAAD-prefixed strings.

---

Summary

This is a clean, well-scoped change. Two distinct improvements:

1. pylint.yaml: Removes the custom outputs: status workaround and uses the native needs.<job>.result context — this is the idiomatic GitHub Actions approach and eliminates the now-unnecessary output declaration.

2. pytest-*.yaml: Centralizes SDK version matrix configuration by delegating to a reusable action (senzing-factory/build-resources/sdk-versions@v4), replacing the hardcoded [production-v4, staging-v4] list in three files. This means future SDK version updates only require a change in one place.

No issues found. Approved.

Automated code review analyzing defects and coding standards

[github-actions]

Super-linter summary

Language	Validation result
CHECKOV	Pass ✅
GITHUB_ACTIONS	Pass ✅
GITHUB_ACTIONS_ZIZMOR	Pass ✅
GITLEAKS	Pass ✅
GIT_MERGE_CONFLICT_MARKERS	Pass ✅
JSCPD	Pass ✅
PRE_COMMIT	Pass ✅
SPELL_CODESPELL	Pass ✅
TRIVY	Pass ✅
YAML	Pass ✅
YAML_PRETTIER	Pass ✅

All files and directories linted successfully

For more information, see the GitHub Actions workflow run

Powered by Super-linter