fix(automation): resolve n8n workflow ↔ CMS webhook contract drift#59
Merged
Merged
Conversation
…bhooks Lifecycle webhooks (submission-received, approved, declined, changes-requested) no longer carried the submitter's email/name, so downstream n8n email workflows had no recipient. Add owner_email/owner_name (from the submit payload on create; from the populated owner relation on publish/decide) plus a coarse kind (plugin|template) for routing/labels. Keeps canonical Strapi field names (documentId, name, git_repository, slug). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Workflows were authored against an older payload. Map body fields to canonical names (plugin_name/template_name->name, submissionId/package_id->documentId, repository_url->git_repository, package_slug->slug); fix security-scan/stale-scan callbacks to use the correct route plurals (packages/templates) and authenticate via Authorization: Bearer $env.STRAPI_API_TOKEN instead of an unset credential; standardize on $env.STRAPI_BASE_URL. Add the n8n env wiring (STRAPI_BASE_URL/API_TOKEN, N8N_BLOCK_ENV_ACCESS_IN_NODE) needed for the workflows to reach Strapi. Production-faithful: SendGrid + header-auth webhooks retained. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
config/database.ts supports a postgres client but the driver was never installed, so the app could only run on the sqlite default. Required to run against the (staging) Postgres database. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
This was referenced Jun 24, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What & why
The n8n automation workflows had drifted out of sync with the moderation plugin's current webhook payloads, so the automation loop was broken. Most importantly, lifecycle webhooks no longer carried the submitter's email, so every developer email had no recipient. Field names, callback route plurals, and the security-scan callback auth had also diverged.
This PR resolves the drift on both sides and adds the bits needed to actually run the loop locally.
Changes
fix(cms/moderation)— lifecycle webhooks now includeowner_email/owner_name(from the submit payload on create; from the populatedownerrelation on publish/decide) plus a coarsekind(plugin|template). Canonical Strapi field names kept (documentId,name,git_repository,slug).fix(automation)— workflows realigned to the canonical payload (plugin_name/template_name→name,submissionId/package_id→documentId,repository_url→git_repository,package_slug→slug); security-scan / stale-scan callbacks fixed to use the correct route plurals (packages/templates) and to authenticate withAuthorization: Bearer {{ $env.STRAPI_API_TOKEN }}(they referenced an unset credential →Credentials not found); standardized on$env.STRAPI_BASE_URL. Added the n8n env wiring (STRAPI_BASE_URL/STRAPI_API_TOKEN,N8N_BLOCK_ENV_ACCESS_IN_NODE). Production-faithful: SendGrid + header-auth webhooks retained — local-only test overrides (Mailpit SMTP, auth off, Slack disabled) were applied to the running n8n instance only and are not committed.chore(cms)— added thepgdriver (config/database.tssupports a postgres client but it was never installed).Verified
Tested end-to-end against a staging DB dump via a local Strapi + n8n + Mailpit harness. All 8 lifecycle events confirmed (correct, interpolated emails delivered / callback persisted): plugin & template submission-received / approved / declined, plugin changes-requested, and the security-scan callback loop (
security_review→completedwith dependencies/ai/summary written back to Strapi).Notes for reviewers
docker-compose.ymldefaultsSTRAPI_BASE_URLtohttp://host.containers.internal:1337(local podman host gateway); it's overridable via env for other deployments.approvedrequires a publishable record —slug(uid) and, for packages,descriptionmust be set before publish or it 400s and the webhook never fires. This matches the real admin flow (reviewer fills these in); flagging in case we want the submit form / a default to populate them.render-emailsub-workflow against an empty recipient (to_email) — it throws "No recipients defined" for a submission with no owner.🤖 Generated with Claude Code