After upgrading from slackapi/slack-github-action@v2.1.0 to v2.1.1, our previously working workflow fails with: SlackError: Missing input! A token must be provided to use the method decided.
However, the token is being passed explicitly via the with: block, and the secret is defined and available. The same configuration works without issue on v2.1.0. We also had just minutes before gotten a properly formatted message sent to our channel about a PR then minutes later this PR came in but failed on the workflow for the above error. So we know it works with a previous version just fine and had been seeing PR's come in all day yesterday on v2.1.0.
Did this introduce stricter input validation or escaping?
Steps to Reproduce
- Create a workflow step using
slackapi/slack-github-action@v2.1.1
- Pass
token: ${{ secrets.SLACK_BOT_TOKEN }} inside the with: block
- Ensure the secret is present, non-empty, and has been verified to work on
v2.1.0
- Run the workflow
Below is our working version on v2.1.0 but on v2.1.1 it breaks
- name: Notify Slack (if all checks passed)
if: steps.checks.outputs.ready == 'true' || github.event.pull_request.user.login == 'dependabot[bot]'
uses: slackapi/slack-github-action@v2.1.0
with:
token: ${{ secrets.SLACK_BOT_TOKEN }}
method: chat.postMessage
errors: "true"
payload: |
channel: ${{ secrets.SLACK_CHANNEL_ID }}
text: "Pull Request is ready to merge"
blocks:
- type: section
text:
type: mrkdwn
text: |
:rocket: *Pull Request Ready to Merge*
*<https://github.com/${{ github.repository }}/tree/${{ github.event.pull_request.head.ref }}|${{ github.event.pull_request.head.ref }}>*
Author: ${{ github.event.pull_request.user.login == 'dependabot[bot]' && ':robot_face: Dependabot' || format('<https://github.com/{0}|@{0}>', github.event.pull_request.user.login || github.actor || 'N/A') }}
- type: context
elements:
- type: mrkdwn
text: "Branch: `${{ github.event.pull_request.head.ref || github.ref_name }} → ${{ github.event.pull_request.base.ref || 'main' }}`"
- type: mrkdwn
text: "Repo: `${{ github.repository }}`"
- type: mrkdwn
text: "${{ steps.checks.outputs.check_summary || '⚠️ Skipped waiting for checks (Dependabot)' }}"
- type: actions
elements:
- type: button
text:
type: plain_text
text: "View PR"
emoji: true
style: primary
url: "${{ github.event.pull_request.html_url || format('https://github.com/{0}/pulls', github.repository) }}"
After upgrading from
slackapi/slack-github-action@v2.1.0tov2.1.1, our previously working workflow fails with:SlackError: Missing input! A token must be provided to use the method decided.However, the
tokenis being passed explicitly via thewith:block, and the secret is defined and available. The same configuration works without issue onv2.1.0. We also had just minutes before gotten a properly formatted message sent to our channel about a PR then minutes later this PR came in but failed on the workflow for the above error. So we know it works with a previous version just fine and had been seeing PR's come in all day yesterday onv2.1.0.Did this introduce stricter input validation or escaping?
Steps to Reproduce
slackapi/slack-github-action@v2.1.1token: ${{ secrets.SLACK_BOT_TOKEN }}inside thewith:blockv2.1.0Below is our working version on
v2.1.0but onv2.1.1it breaks