From 705df1af7d06626b8c6838f58123bb3bf84fc093 Mon Sep 17 00:00:00 2001 From: Leo J <153937047+leiicamundi@users.noreply.github.com> Date: Thu, 6 Jun 2024 09:58:30 +0200 Subject: [PATCH] feat: report failure gha on slack (#11) --- .../actions/report-failure-on-slack/README.md | 39 +++++++++++++ .../report-failure-on-slack/action.yml | 57 +++++++++++++++++++ 2 files changed, 96 insertions(+) create mode 100644 .github/actions/report-failure-on-slack/README.md create mode 100644 .github/actions/report-failure-on-slack/action.yml diff --git a/.github/actions/report-failure-on-slack/README.md b/.github/actions/report-failure-on-slack/README.md new file mode 100644 index 0000000..808213e --- /dev/null +++ b/.github/actions/report-failure-on-slack/README.md @@ -0,0 +1,39 @@ +# Report Failure and Notify Slack + +This GitHub composite action imports secrets from HashiCorp Vault and sends a Slack notification in case of a workflow failure. +It helps automate incident reporting and ensures timely notifications to the relevant Slack channel. + +## Inputs + +- **vault_addr**: (required) The address of the Vault instance. +- **vault_role_id**: (required) The role ID used for authentication with Vault. +- **vault_secret_id**: (required) The secret ID used for authentication with Vault. +- **slack_channel_id**: (optional) The Slack channel ID where the notification will be sent. Default is 'C076N4G1162' (#infraex-alerts). +- **slack_mention_people**: (optional) The Slack people to mention of the notification. Default is '@infraex-medic'. + +## Usage + +To use this composite action in your workflow, include it as a step and provide the necessary inputs. Below is an example workflow using this action: + +```yaml +name: Example Workflow +on: [push, pull_request] + +jobs: + example-job: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v2 + + # Other steps of your workflow + + - name: Report Failure and Notify Slack + if: failure() && github.event_name == 'schedule' + uses: camunda/infraex-common-config/.github/actions/report-failure-on-slack@main + with: + vault_addr: ${{ secrets.VAULT_ADDR }} + vault_role_id: ${{ secrets.VAULT_ROLE_ID }} + vault_secret_id: ${{ secrets.VAULT_SECRET_ID }} + slack_channel_id: 'your-slack-channel-id' # Optional +``` diff --git a/.github/actions/report-failure-on-slack/action.yml b/.github/actions/report-failure-on-slack/action.yml new file mode 100644 index 0000000..e565f83 --- /dev/null +++ b/.github/actions/report-failure-on-slack/action.yml @@ -0,0 +1,57 @@ +name: 'Report Failure and Notify Slack' +description: 'Imports secrets and sends a Slack notification in case of failure' +inputs: + vault_addr: + description: 'Vault address' + required: true + vault_role_id: + description: 'Vault role ID' + required: true + vault_secret_id: + description: 'Vault secret ID' + required: true + slack_channel_id: + description: 'Slack channel ID' + default: 'C076N4G1162' # infraex-alerts + slack_mention_people: + description: "People to mention in the alert message" + default: "@infraex-medic" + +runs: + using: 'composite' + steps: + - name: Import Secrets + id: secrets + uses: hashicorp/vault-action@d1720f055e0635fd932a1d2a48f87a666a57906c # v3 + with: + url: ${{ inputs.vault_addr }} + method: approle + roleId: ${{ inputs.vault_role_id }} + secretId: ${{ inputs.vault_secret_id }} + exportEnv: false + secrets: | + secret/data/products/infrastructure-experience/ci/common SLACK_BOT_TOKEN; + + - name: Notify in Slack in case of failure + id: slack-notification + uses: slackapi/slack-github-action@70cd7be8e40a46e8b0eced40b0de447bdb42f68e # v1.26.0 + with: + channel-id: ${{ inputs.slack_channel_id }} + payload: | + { + "unfurl_links": false, + "unfurl_media": false, + "text": "${{ github.event.repository.name }} (${{ github.server_url }}/${{ github.repository }}) scheduled workflow: ${{ github.workflow }} failed! Please check: ${{ env.WORKFLOW_URL }} (cc ${{ inputs.slack_mention_people }})", + "blocks": [ + { + "type": "section", + "text": { + "type": "mrkdwn", + "text": ":automation-platform-failure: :mechanic: <${{ github.server_url }}/${{ github.repository }}|[${{ github.event.repository.name }}]> scheduled workflow: ${{ github.workflow }} failed! \n :link: Please check: ${{ env.WORKFLOW_URL }} \n (cc ${{ inputs.slack_mention_people }})" + } + } + ] + } + env: + SLACK_BOT_TOKEN: ${{ steps.secrets.outputs.SLACK_BOT_TOKEN }} + WORKFLOW_URL: "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"