[QQ-1736] feature/migration-detector by zejuniortdr · Pull Request #32 · iclinic/automations

zejuniortdr · 2026-02-25T20:03:02Z

Ticket

Automatizar a notificação para o time de dados sempre que houver uma migração no banco.

Descrição

Após alguns alinhamentos com o time de dados e uma das dores que eles trouxeram é com relação a eventuais mudanças que a gente possa fazer que acabe quebrando do lado deles.

Há um tempo existiu uma iniciativa de automatizar no Jira essa comunicação, mas que acabou não indo tão pra frente.

Visando aumentar a integração entre tech e dados, esse card visa trazer uma proposta para notificação automática sempre que houver alguma migração no banco, considerando os cenários:

Safe Change

Descrição
Adição da coluna qty na tabela database.table.

Exemplos:

Adicionar coluna opcional
Adicionar nova tabela não consumida
Adicionar novo valor enum com fallback
Adicionar índice
Adicionar campo novo na camada analítica

Mudança Controlada

Descrição
Alteração de VARCHAR (30) para VARCHAR (255) do campo qty na tabela database.table

Exemplos:

Alterar tamanho de varchar
Alterar precisão numérica
Tornar campo nullable
Alterar valor default

Breaking Change

Descrição
Remoção do campo qty na tabela database.table

Exemplos:

Remover campo
Renomear campo
Alterar tipo de dado
Alterar chave primária
Remoção de tabela consumida

wedneyyuri

Bom trabalho no conceito e na spec do README! A implementação está bem encaminhada, mas encontrei alguns pontos que precisam de atenção antes do merge — especialmente o fail_on_breaking que não tem efeito no código atual.

Resumo:

🔴 2 issues críticas
🟠 4 issues altas
🟡 6 issues médias
🟢 2 issues baixas

Pontos positivos:

README excelente com spec clara, guia de setup e regras de governança
Boa estratégia de fallback quando IA falha (default para controlled)
Promoção de confiança inteligente (safe → controlled quando baixa confiança)
Formatação limpa da mensagem Slack com cores por severidade
Suporte flexível de providers (GitHub Models vs hub externo)

Security fixes: - Replace grep -Eiv with grep -Fiv to prevent command injection - Remove SLACK_WEBHOOK_URL from collect step env, use boolean flag - Use curl --data @- to pipe JSON payload via stdin Code quality improvements: - Add set -euo pipefail to all multi-line shell blocks - Fix mutation patterns with immutable spread syntax - Add retry logic (2 retries, 2s sleep) for AI API calls - Add warning log when file truncation occurs - Add env var validation with user-friendly error messages Refactoring: - Split requirements.txt into runtime and dev dependencies - Remove undocumented "MO" fallback key from build_slack_text - Replace lambda assignment with def for PEP 8 compliance - Update tests to reflect new behavior All 63 tests pass. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

wedneyyuri · 2026-02-26T15:12:24Z

Code Review Fixes Applied

I've reviewed PR #32 and applied fixes for 13 security and code quality issues across 7 files. All changes have been committed in ae8ac14.

Summary of Changes

🔒 Security Fixes (CRITICAL/HIGH)

Command injection prevention — Changed grep -Eiv "$term" to grep -Fiv "$term" in action.yml:156 to prevent regex metacharacter injection via user-supplied ignore terms
Secret exposure — Removed SLACK_WEBHOOK_URL from the collect step's environment (replaced with HAS_SLACK_WEBHOOK boolean flag). The webhook secret is now only present in the step that actually uses it
Defense-in-depth curl usage — Changed from --data "$PAYLOAD" to --data @- with stdin piping in action.yml:286-293, eliminating shell interpolation of JSON content

✅ Code Quality Improvements (HIGH/MEDIUM)

Error handling — Added set -euo pipefail to all 7 multi-line shell run: blocks for proper error propagation
Immutability — Fixed mutation patterns in classify.py:290 and apply_confidence_threshold:169 using immutable spread syntax {**dict, key: val}
AI retry logic — Added 2-retry loop with 2s sleep in classify.py:265-278 to handle transient API failures before falling back to conservative result
File truncation warning — Added stderr warning in classify.py:76-79 when migration files are truncated at 6KB limit
Env var validation — Added SystemExit with user-friendly error messages in classify.py:241-244 for missing AI_API_URL/AI_MODEL
Git diff error check — Changed from unreliable $? pattern to if ! CHANGED=$(...) in action.yml:102 for compatibility with set -e

🧹 Refactoring (MEDIUM/LOW)

Dependency separation — Split requirements.txt into runtime (openai==2.24.0) and dev (requirements-dev.txt with pytest>=8.0) to avoid installing test deps in production
Removed legacy code — Deleted undocumented "MO" fallback key from build_slack_text:187 in classify.py
Immutable dict construction — Refactored build_slack_payload.py:9-22 to use conditional spread **({"channel": channel} if channel else {}) instead of post-construction mutation
PEP 8 compliance — Changed lambda assignment to def in test_build_slack_payload.py:15

Verification

✅ All 63 tests passing
✅ Final review completed — no blocking issues remaining
✅ Ready to merge

Files Modified

migration-detector/action.yml (+21/-13 lines)
migration-detector/classify.py (+27/-16 lines)
migration-detector/build_slack_payload.py (+1/-7 lines)
migration-detector/requirements.txt (-1 line)
migration-detector/requirements-dev.txt (new file, +2 lines)
migration-detector/tests/test_build_slack_payload.py (+2/-1 lines)
migration-detector/tests/test_classify.py (+4/-1 lines)

The code follows all security best practices, uses immutable patterns throughout, and has comprehensive test coverage. 🚀

LFelipe-sb

🚀
Fiz uma sugestão, mas vou deixar aprovado caso avalie não ser necessário.

gleberdiniz

🚀

gleberdiniz · 2026-02-27T20:35:22Z

Talvez uma melhoria para projetos django seria rodar esse cara aqui antes, não teria custo da IA:
https://github.com/YasserShkeir/django-safe-migrations

zejuniortdr · 2026-03-02T13:52:58Z

https://github.com/YasserShkeir/django-safe-migrations

@gleberdiniz , acho excelente conseguimos colocar isso nos projetos que usam o Django até para reduzir o custo com IA. Olhando a doc, achei bem completo os erros mapeados e que podemos fazer para uma futura melhoria é ajustar o prompt aqui para seguir estas regras também.

Como essa actions além de classificar, também fará um resumo do que está sendo alterado, principalmente para contexto do time de dados, acho que não seria escopo desse repo, mas sim dos que utilizam o framework, o que acha?

RafaelMascarenhasC

TOP DEMAIS !!! 🚀

zejuniortdr added 7 commits February 25, 2026 11:29

poc: migration detector

890c5b0

poc: migration detector

d93c9c3

fix: regex

b513742

fix: model

19abdc2

fix: regex

d297bfa

fix: slack webhook envvar

4971e58

feature: warning intead break

efee45f

zejuniortdr self-assigned this Feb 25, 2026

github-actions Bot added the waiting review Waiting 2 approvals label Feb 25, 2026

zejuniortdr changed the title ~~[QQ-1736] Feature/ migration detector~~ [QQ-1736] Feature/migration-detector Feb 25, 2026

zejuniortdr changed the title ~~[QQ-1736] Feature/migration-detector~~ [QQ-1736] feature/migration-detector Feb 25, 2026

zejuniortdr requested review from a team, almeidaraphael, asoaresjr, ingridmachado and wedneyyuri February 25, 2026 21:05

wedneyyuri requested changes Feb 25, 2026

View reviewed changes

zejuniortdr mentioned this pull request Feb 26, 2026

Feature/migration detector #31

Closed

zejuniortdr added 4 commits February 26, 2026 10:14

fix: suggestions for improvements

22820a9

fix: requirements path

bb35d3f

fix: cache pip

6452d7c

fix: classify path

3ecc9d6

zejuniortdr requested a review from wedneyyuri February 26, 2026 13:50

zejuniortdr and others added 2 commits February 26, 2026 11:01

chore: update readme

5f86edc

wedneyyuri previously approved these changes Feb 26, 2026

View reviewed changes

LFelipe-sb reviewed Feb 26, 2026

View reviewed changes

Comment thread migration-detector/classify.py Outdated

LFelipe-sb previously approved these changes Feb 26, 2026

View reviewed changes

github-actions Bot added the waiting QA label Feb 26, 2026

github-actions Bot removed the waiting review Waiting 2 approvals label Feb 26, 2026

wedneyyuri dismissed stale reviews from LFelipe-sb and themself via ae8ac14 February 26, 2026 22:08

github-actions Bot added waiting review Waiting 2 approvals and removed waiting QA labels Feb 26, 2026

feat: add logger

fb1f969

zejuniortdr requested review from a team and LFelipe-sb February 27, 2026 12:51

gleberdiniz approved these changes Feb 27, 2026

View reviewed changes

asoaresjr approved these changes Mar 2, 2026

View reviewed changes

github-actions Bot added waiting QA and removed waiting review Waiting 2 approvals labels Mar 2, 2026

RafaelMascarenhasC approved these changes Mar 2, 2026

View reviewed changes

zejuniortdr merged commit c133189 into main Mar 5, 2026
7 of 8 checks passed

zejuniortdr deleted the feature/QQ-1736-migration-detector branch March 5, 2026 13:00

Conversation

zejuniortdr commented Feb 25, 2026

Ticket

Descrição

Safe Change

Mudança Controlada

Breaking Change

Uh oh!

wedneyyuri left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

wedneyyuri commented Feb 26, 2026

Code Review Fixes Applied

Summary of Changes

🔒 Security Fixes (CRITICAL/HIGH)

✅ Code Quality Improvements (HIGH/MEDIUM)

🧹 Refactoring (MEDIUM/LOW)

Verification

Files Modified

Uh oh!

Uh oh!

LFelipe-sb left a comment

Choose a reason for hiding this comment

Uh oh!

gleberdiniz left a comment

Choose a reason for hiding this comment

Uh oh!

gleberdiniz commented Feb 27, 2026

Uh oh!

zejuniortdr commented Mar 2, 2026

Uh oh!

RafaelMascarenhasC left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

6 participants