Skip to content

Commit

Permalink
feat: implement commit on match (#57)
Browse files Browse the repository at this point in the history
  • Loading branch information
@leiicamundi
leiicamundi committed Sep 20, 2024
1 parent bcb0beb commit 029c517
Show file tree
Hide file tree
Showing 9 changed files with 396 additions and 256 deletions.
87 changes: 57 additions & 30 deletions .github/actions/report-failure-on-slack/README.md
View file
Original file line number Diff line number Diff line change
@@ -1,42 +1,69 @@
# Report Failure and Notify Slack

## Description

This GitHub composite action imports secrets from HashiCorp Vault and sends a Slack notification in case of a workflow failure.
It helps automate incident reporting and ensures timely notifications to the relevant Slack channel.
Use it with `if: failure()`


## Inputs

- **vault_addr**: (required) The address of the Vault instance.
- **vault_role_id**: (required) The role ID used for authentication with Vault.
- **vault_secret_id**: (required) The secret ID used for authentication with Vault.
- **slack_channel_id**: (optional) The Slack channel ID where the notification will be sent. Default is 'C076N4G1162' (#infraex-alerts).
- **slack_mention_people**: (optional) The Slack people to mention in the notification. Default is '@infraex-medic'.
- **disable_silence_check**: (optional) Disable silence check. By default, alerts can be disabled by creating an issue in the repository with the label `alert-management` and with the title: `silence: name of your workflow`. Default is 'false'.
| name | description | required | default |
| --- | --- | --- | --- |
| `vault_addr` | <p>The address of the Vault instance</p> | `true` | `""` |
| `vault_role_id` | <p>The role ID used for authentication with Vault</p> | `true` | `""` |
| `vault_secret_id` | <p>The secret ID used for authentication with Vault</p> | `true` | `""` |
| `slack_channel_id` | <p>The Slack channel ID where the notification will be sent.</p> | `false` | `C076N4G1162` |
| `slack_mention_people` | <p>The Slack people to mention in the notification.</p> | `false` | `@infraex-medic` |
| `disable_silence_check` | <p>Disable silence check. By default, alerts can be disabled by creating an issue in the repository with the label alert-management and with the title: silence: name of your workflow</p> | `false` | `false` |

## Usage

To use this composite action in your workflow, include it as a step and provide the necessary inputs. Below is an example workflow using this action:
## Runs

This action is a `composite` action.

## Usage

```yaml
name: Example Workflow
on: [push, pull_request]

jobs:
example-job:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2

# Other steps of your workflow

- name: Report Failure and Notify Slack
if: failure() && github.event_name == 'schedule'
uses: camunda/infraex-common-config/.github/actions/report-failure-on-slack@main
with:
vault_addr: ${{ secrets.VAULT_ADDR }}
vault_role_id: ${{ secrets.VAULT_ROLE_ID }}
vault_secret_id: ${{ secrets.VAULT_SECRET_ID }}
slack_channel_id: 'your-slack-channel-id' # Optional
slack_mention_people: '@your-mention' # Optional
disable_silence_check: 'false' # Optional
- uses: camunda/infraex-common-config/.github/actions/report-failure-on-slack@main
with:
vault_addr:
# The address of the Vault instance
#
# Required: true
# Default: ""

vault_role_id:
# The role ID used for authentication with Vault
#
# Required: true
# Default: ""

vault_secret_id:
# The secret ID used for authentication with Vault
#
# Required: true
# Default: ""

slack_channel_id:
# The Slack channel ID where the notification will be sent.
#
# Required: false
# Default: C076N4G1162

slack_mention_people:
# The Slack people to mention in the notification.
#
# Required: false
# Default: @infraex-medic

disable_silence_check:
# Disable silence check.
# By default, alerts can be disabled by creating an issue in the repository
# with the label alert-management and with the title:
# silence: name of your workflow
#
# Required: false
# Default: false
```
197 changes: 101 additions & 96 deletions .github/actions/report-failure-on-slack/action.yml
View file
Original file line number Diff line number Diff line change
@@ -1,103 +1,108 @@
name: 'Report Failure and Notify Slack'
description: 'Imports secrets and sends a Slack notification in case of failure'
---
name: Report Failure and Notify Slack
description: |
This GitHub composite action imports secrets from HashiCorp Vault and sends a Slack notification in case of a workflow failure.
It helps automate incident reporting and ensures timely notifications to the relevant Slack channel.
Use it with `if: failure()`
inputs:
vault_addr:
description: 'Vault address'
required: true
vault_role_id:
description: 'Vault role ID'
required: true
vault_secret_id:
description: 'Vault secret ID'
required: true
slack_channel_id:
description: 'Slack channel ID'
default: 'C076N4G1162' # infraex-alerts
slack_mention_people:
description: "People to mention in the alert message"
default: "@infraex-medic"
disable_silence_check:
description: |
Disable silence check.
By default, alerts can be disabled by creating an issue in the repository
with the label alert-management and with the title:
silence: name of your workflow
required: false
default: 'false'
vault_addr:
description: The address of the Vault instance
required: true
vault_role_id:
description: The role ID used for authentication with Vault
required: true
vault_secret_id:
description: The secret ID used for authentication with Vault
required: true
slack_channel_id:
description: The Slack channel ID where the notification will be sent.
default: C076N4G1162 # infraex-alerts
slack_mention_people:
description: The Slack people to mention in the notification.
default: '@infraex-medic'
disable_silence_check:
description: |
Disable silence check.
By default, alerts can be disabled by creating an issue in the repository
with the label alert-management and with the title:
silence: name of your workflow
required: false
default: 'false'

runs:
using: 'composite'
steps:
- name: Generate token for GitHub
id: generate-github-token
if: ${{ inputs.disable_silence_check == 'false' }}
uses: camunda/infra-global-github-actions/generate-github-app-token-from-vault-secrets@f5bbd25c97507d6d2a884eebecaa804a6e34b15f # main
with:
github-app-id-vault-key: GITHUB_APP_ID
github-app-id-vault-path: secret/data/products/infrastructure-experience/ci/common
github-app-private-key-vault-key: GITHUB_APP_PRIVATE_KEY
github-app-private-key-vault-path: secret/data/products/infrastructure-experience/ci/common
vault-auth-method: approle
vault-auth-role-id: ${{ inputs.vault_role_id }}
vault-auth-secret-id: ${{ inputs.vault_secret_id }}
vault-url: ${{ inputs.vault_addr }}
using: composite
steps:
- name: Generate token for GitHub
id: generate-github-token
if: ${{ inputs.disable_silence_check == 'false' }}
uses: camunda/infra-global-github-actions/generate-github-app-token-from-vault-secrets@f5bbd25c97507d6d2a884eebecaa804a6e34b15f # main
with:
github-app-id-vault-key: GITHUB_APP_ID
github-app-id-vault-path: secret/data/products/infrastructure-experience/ci/common
github-app-private-key-vault-key: GITHUB_APP_PRIVATE_KEY
github-app-private-key-vault-path: secret/data/products/infrastructure-experience/ci/common
vault-auth-method: approle
vault-auth-role-id: ${{ inputs.vault_role_id }}
vault-auth-secret-id: ${{ inputs.vault_secret_id }}
vault-url: ${{ inputs.vault_addr }}

- name: Check for Silence Issue
id: silence-check
if: ${{ inputs.disable_silence_check == 'false' }}
shell: bash
continue-on-error: true
run: |
ISSUE_TITLE="silence: ${{ github.workflow }}"
ISSUE_SEARCH=$(gh issue list --repo ${{ github.repository }} --state open --search "$ISSUE_TITLE in:title" --label "alert-management" --json number,title,url)
ISSUE_COUNT=$(echo "$ISSUE_SEARCH" | jq '. | length')
- name: Check for Silence Issue
id: silence-check
if: ${{ inputs.disable_silence_check == 'false' }}
shell: bash
continue-on-error: true
run: |
ISSUE_TITLE="silence: ${{ github.workflow }}"
ISSUE_SEARCH=$(gh issue list --repo ${{ github.repository }} --state open --search "$ISSUE_TITLE in:title" --label "alert-management" --json number,title,url)
ISSUE_COUNT=$(echo "$ISSUE_SEARCH" | jq '. | length')
if [ "$ISSUE_COUNT" -gt 0 ]; then
ISSUE_TITLE=$(echo "$ISSUE_SEARCH" | jq -r '.[0].title')
ISSUE_URL=$(echo "$ISSUE_SEARCH" | jq -r '.[0].url')
echo "Issue found: $ISSUE_TITLE - $ISSUE_URL . Skipping notification. Close this issue to re-enable notifications."
exit 0
else
echo "No silence issue found, triggering the slack alert."
exit 1
fi
env:
GITHUB_TOKEN: ${{ steps.generate-github-token.outputs.token }}
if [ "$ISSUE_COUNT" -gt 0 ]; then
ISSUE_TITLE=$(echo "$ISSUE_SEARCH" | jq -r '.[0].title')
ISSUE_URL=$(echo "$ISSUE_SEARCH" | jq -r '.[0].url')
echo "Issue found: $ISSUE_TITLE - $ISSUE_URL . Skipping notification. Close this issue to re-enable notifications."
exit 0
else
echo "No silence issue found, triggering the slack alert."
exit 1
fi
env:
GITHUB_TOKEN: ${{ steps.generate-github-token.outputs.token }}

- name: Import Secrets
id: secrets
if: ${{ steps.silence-check.outcome != 'success' }} # in case of success it means that a silence issue exists
uses: hashicorp/vault-action@d1720f055e0635fd932a1d2a48f87a666a57906c # v3
with:
url: ${{ inputs.vault_addr }}
method: approle
roleId: ${{ inputs.vault_role_id }}
secretId: ${{ inputs.vault_secret_id }}
exportEnv: false
secrets: |
secret/data/products/infrastructure-experience/ci/common SLACK_BOT_TOKEN;
- name: Import Secrets
id: secrets
if: ${{ steps.silence-check.outcome != 'success' }} # in case of success it means that a silence issue exists
uses: hashicorp/vault-action@d1720f055e0635fd932a1d2a48f87a666a57906c # v3
with:
url: ${{ inputs.vault_addr }}
method: approle
roleId: ${{ inputs.vault_role_id }}
secretId: ${{ inputs.vault_secret_id }}
exportEnv: false
secrets: |
secret/data/products/infrastructure-experience/ci/common SLACK_BOT_TOKEN;
- name: Notify in Slack in case of failure
id: slack-notification
if: ${{ steps.silence-check.outcome != 'success' }} # in case of success it means that a silence issue exists
uses: slackapi/slack-github-action@37ebaef184d7626c5f204ab8d3baff4262dd30f0 # v1.27.0
with:
channel-id: ${{ inputs.slack_channel_id }}
payload: |
{
"unfurl_links": false,
"unfurl_media": false,
"text": "${{ github.event.repository.name }} (${{ github.server_url }}/${{ github.repository }}) scheduled workflow: ${{ github.workflow }} failed! Please check: ${{ env.WORKFLOW_URL }} (cc ${{ inputs.slack_mention_people }})",
"blocks": [
{
"type": "section",
"text": {
"type": "mrkdwn",
"text": ":automation-platform-failure: :mechanic: <${{ github.server_url }}/${{ github.repository }}|[${{ github.event.repository.name }}]> scheduled workflow: ${{ github.workflow }} failed! \n :link: Please check: ${{ env.WORKFLOW_URL }} \n (cc ${{ inputs.slack_mention_people }})"
}
}
]
}
env:
SLACK_BOT_TOKEN: ${{ steps.secrets.outputs.SLACK_BOT_TOKEN }}
WORKFLOW_URL: "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"
- name: Notify in Slack in case of failure
id: slack-notification
if: ${{ steps.silence-check.outcome != 'success' }} # in case of success it means that a silence issue exists
uses: slackapi/slack-github-action@37ebaef184d7626c5f204ab8d3baff4262dd30f0 # v1.27.0
with:
channel-id: ${{ inputs.slack_channel_id }}
payload: |
{
"unfurl_links": false,
"unfurl_media": false,
"text": "${{ github.event.repository.name }} (${{ github.server_url }}/${{ github.repository }}) scheduled workflow: ${{ github.workflow }} failed! Please check: ${{ env.WORKFLOW_URL }} (cc ${{ inputs.slack_mention_people }})",
"blocks": [
{
"type": "section",
"text": {
"type": "mrkdwn",
"text": ":automation-platform-failure: :mechanic: <${{ github.server_url }}/${{ github.repository }}|[${{ github.event.repository.name }}]> scheduled workflow: ${{ github.workflow }} failed! \n :link: Please check: ${{ env.WORKFLOW_URL }} \n (cc ${{ inputs.slack_mention_people }})"
}
}
]
}
env:
SLACK_BOT_TOKEN: ${{ steps.secrets.outputs.SLACK_BOT_TOKEN }}
WORKFLOW_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
Loading

0 comments on commit 029c517

Please sign in to comment.