From 1a9c627516e3b6ecf790d03246ecfd510658b15c Mon Sep 17 00:00:00 2001
From: Pierre Merlet <pierre.merlet@forestadmin.com>
Date: Tue, 12 May 2026 15:51:28 +0200
Subject: [PATCH 1/2] chore(ci): remove vulnerability-scan workflow

Security vulnerability fixes are now handled by a Claude routine on a
weekly basis.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 .github/workflows/vulnerability-scan.yml | 13 -------------
 1 file changed, 13 deletions(-)
 delete mode 100644 .github/workflows/vulnerability-scan.yml

diff --git a/.github/workflows/vulnerability-scan.yml b/.github/workflows/vulnerability-scan.yml
deleted file mode 100644
index a73def890..000000000
--- a/.github/workflows/vulnerability-scan.yml
+++ /dev/null
@@ -1,13 +0,0 @@
-name: Vulnerability Scan and Slack Notification
-
-on:
-  schedule:
-    # Run every friday at 9 AM UTC
-    - cron: '0 9 * * 5'
-  workflow_dispatch:
-
-jobs:
-  vulnerability-scan:
-    name: Scan and Send Slack notification
-    uses: 'ForestAdmin/github-workflows/.github/workflows/vulnerability-scan.yml@main'
-    secrets: inherit

From 93202d0c219170fb6aba92e6ef4ea0e6f288749d Mon Sep 17 00:00:00 2001
From: Pierre Merlet <pierre.merlet@forestadmin.com>
Date: Tue, 12 May 2026 15:53:09 +0200
Subject: [PATCH 2/2] chore(ci): add Slack notification workflow for
 security-labeled PRs
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Thin caller — delegates to forestadmin/.github reusable workflow.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 .github/workflows/security-slack-notify.yml | 27 +++++++++++++++++++++
 1 file changed, 27 insertions(+)
 create mode 100644 .github/workflows/security-slack-notify.yml

diff --git a/.github/workflows/security-slack-notify.yml b/.github/workflows/security-slack-notify.yml
new file mode 100644
index 000000000..ef64552b6
--- /dev/null
+++ b/.github/workflows/security-slack-notify.yml
@@ -0,0 +1,27 @@
+# Notify #tech_all on Slack when a security PR is opened.
+# Mentions @first_level_support so the team can prioritize review.
+#
+# Thin caller workflow — all logic lives in forestadmin/.github
+
+name: Notify Slack on security PR
+
+on:
+  pull_request:
+    types: [labeled]
+
+permissions:
+  contents: read
+
+jobs:
+  notify:
+    if: "github.event.label.name == ':lock: security'"
+    uses: forestadmin/.github/.github/workflows/notify-slack-security-pr.yml@main
+    with:
+      slack_channel_id: GAZF5Q5RV
+      slack_usergroup_id: S09SUAY74TD
+      pr_title: ${{ github.event.pull_request.title }}
+      pr_url: ${{ github.event.pull_request.html_url }}
+      pr_author: ${{ github.event.pull_request.user.login }}
+      repo: ${{ github.repository }}
+    secrets:
+      SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}