Add Slack notification on CI failure

[marawan206]

Currently, when a test-ci run fails on master, GitHub only emails the commit author — nothing reaches the team, so a red master can go unnoticed.

This adds a notify-failure job to test-ci.yml that posts a single Slack message when any matrix leg fails.

Behavior

• Fires when any job in test-stable or test-unix-nightly fails (the matrices use fail-fast: false, so all legs finish and one message summarizes the run — not one message per leg).
• Restricted to push events, so manual workflow_dispatch experiments don't post to the channel.
• Runs on ubuntu-latest (GitHub-hosted), so the notification still goes out if a self-hosted runner job fails mid-run.
• Message links the commit, the Actions run logs, and https://ci.comfy.org filtered to the branch.

Setup required before merge

A repo admin needs to add a secret named CI_ALERTS_SLACK_WEBHOOK containing a Slack incoming-webhook URL for the channel that should receive alerts (Slack app → Incoming Webhooks → Add to channel).

If the secret is absent the notify job fails on its own, but test results are unaffected.

Known limitation

If self-hosted runners are fully offline, jobs queue rather than fail, so no notification fires. Covering that needs a separate scheduled health-check — out of scope here.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	pypi/​yarl@​1.24.2

View full report

[coderabbitai]

📝 Walkthrough

Walkthrough

This PR adds a notify-failure job to the test CI workflow that monitors failures in the test-stable and test-unix-nightly jobs. When either job fails on a push event, the new job sends a Slack notification via incoming webhook, including the branch name, commit link, run logs link, and CI dashboard link. The notification credentials are sourced from repository secrets.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'Add Slack notification on CI failure' directly and clearly describes the main change—a new notification feature triggered by CI failures.
Description check	✅ Passed	The description comprehensively explains the feature, its behavior, setup requirements, and known limitations, all directly relevant to the changeset.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/test-ci.yml:
- Line 107: The workflow currently references the Slack action by tag in the
notify-failure job (`uses: slackapi/slack-github-action@v2.1.0`), which can be
retargeted; replace the tag with the action's full commit SHA for the specific
release to pin the dependency (update the `uses:` value in the notify-failure
job to `slackapi/slack-github-action@<full-commit-sha>` so CI won't drift).

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: ed33d8fc-fc7c-48ca-9b6c-89bca9417e99

📥 Commits

Reviewing files that changed from the base of the PR and between 822aca1 and 87b0b6b.

📒 Files selected for processing (1)

• .github/workflows/test-ci.yml

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Verify tag-based action references in GitHub workflows
rg -nP '^\s*uses:\s*[^@]+@(?:v?\d+(?:\.\d+){0,2}|main|master)$' .github/workflows/*.yml

Repository: Comfy-Org/ComfyUI

Length of output: 2179

---

Pin slackapi/slack-github-action to a commit SHA (Line 107)

In the PR-added notify-failure job, uses: slackapi/slack-github-action@v2.1.0 is tag-based and can be retargeted; pin it to the full commit SHA for the intended release to prevent CI drift.

🧰 Tools

🪛 zizmor (1.25.2)

[error] 107-107: unpinned action reference (unpinned-uses): action is not pinned to a hash (required by blanket policy)

(unpinned-uses)

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/test-ci.yml at line 107, The workflow currently references
the Slack action by tag in the notify-failure job (`uses:
slackapi/slack-github-action@v2.1.0`), which can be retargeted; replace the tag
with the action's full commit SHA for the specific release to pin the dependency
(update the `uses:` value in the notify-failure job to
`slackapi/slack-github-action@<full-commit-sha>` so CI won't drift).

Source: Linters/SAST tools