feat: mention maintainers in the slack security auditing.

.github/workflows/security-audit.yml

@@ -138,12 +138,32 @@ jobs:
           COMMIT_URL: ${{ github.event.head_commit.url }}
           COMMIT_MESSAGE: ${{ github.event.head_commit.message }}
           COMMIT_AUTHOR: ${{ github.event.head_commit.author.username || github.event.head_commit.author.name }}
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          REPO: ${{ github.repository }}
+        shell: bash
         run: |
           FINDINGS=$(cat /tmp/audit_result.txt)
           COMMIT_TITLE=$(printf '%s\n' "$COMMIT_MESSAGE" | head -n1)
 
-          printf -v HEADER '*Security Audit Finding*\n*Commit:* <%s|%s>\n*Author:* %s\n\n---\n\n' \
-            "$COMMIT_URL" "$COMMIT_TITLE" "$COMMIT_AUTHOR"
+          # GitHub username -> Slack member ID. Entries here are only tagged
+          # when the GitHub API confirms the user currently has the admin or
+          # maintain role on this repo, so stale entries are inert.
+          declare -A SLACK_IDS=(
+            ["danieldk"]="U072206PXLK"
+            ["drbh"]="U06C9TW7RDY"
+            ["sayakpaul"]="U03AU4E7DJB"
+          )
+
+          MENTION=""
+          if [ -n "${SLACK_IDS[$COMMIT_AUTHOR]:-}" ]; then
+            ROLE=$(gh api "repos/${REPO}/collaborators/${COMMIT_AUTHOR}/permission" --jq '.role_name' 2>/dev/null || true)
+            if [ "$ROLE" = "admin" ] || [ "$ROLE" = "maintain" ]; then
+              MENTION="<@${SLACK_IDS[$COMMIT_AUTHOR]}> "
+            fi
+          fi
+
+          printf -v HEADER '%s*Security Audit Finding*\n*Commit:* <%s|%s>\n*Author:* %s\n\n---\n\n' \
+            "$MENTION" "$COMMIT_URL" "$COMMIT_TITLE" "$COMMIT_AUTHOR"
 
           jq -n \
             --arg text "${HEADER}${FINDINGS}" \