feat: implement silence failure (#15)

camunda · Jun 13, 2024 · c5385fa · c5385fa
1 parent 1e91b5f
commit c5385fa
Show file tree

Hide file tree

Showing 2 changed files with 50 additions and 1 deletion.
diff --git a/.github/actions/report-failure-on-slack/README.md b/.github/actions/report-failure-on-slack/README.md
@@ -9,7 +9,8 @@ It helps automate incident reporting and ensures timely notifications to the rel
 - **vault_role_id**: (required) The role ID used for authentication with Vault.
 - **vault_secret_id**: (required) The secret ID used for authentication with Vault.
 - **slack_channel_id**: (optional) The Slack channel ID where the notification will be sent. Default is 'C076N4G1162' (#infraex-alerts).
-- **slack_mention_people**: (optional) The Slack people to mention of the notification. Default is '@infraex-medic'.
+- **slack_mention_people**: (optional) The Slack people to mention in the notification. Default is '@infraex-medic'.
+- **disable_silence_check**: (optional) Disable silence check. By default, alerts can be disabled by creating an issue in the repository with the label `alert-management` and with the title: `silence: name of your workflow`. Default is 'false'.
 
 ## Usage
 
@@ -36,4 +37,6 @@ jobs:
           vault_role_id: ${{ secrets.VAULT_ROLE_ID }}
           vault_secret_id: ${{ secrets.VAULT_SECRET_ID }}
           slack_channel_id: 'your-slack-channel-id' # Optional
+          slack_mention_people: '@your-mention' # Optional
+          disable_silence_check: 'false' # Optional
 ```
diff --git a/.github/actions/report-failure-on-slack/action.yml b/.github/actions/report-failure-on-slack/action.yml
@@ -16,12 +16,57 @@ inputs:
   slack_mention_people:
     description: "People to mention in the alert message"
     default: "@infraex-medic"
+  disable_silence_check:
+    description: |
+      Disable silence check.
+      By default, alerts can be disabled by creating an issue in the repository
+      with the label alert-management and with the title:
+      silence: name of your workflow
+    required: false
+    default: 'false'
 
 runs:
   using: 'composite'
   steps:
+    - name: Generate token for GitHub
+      id: generate-github-token
+      if: ${{ inputs.disable_silence_check == 'false' }}
+      uses: camunda/infra-global-github-actions/generate-github-app-token-from-vault-secrets@c9230b32c5af82329db40f325758d2141e5f5da9  # main
+      with:
+        github-app-id-vault-key: GITHUB_APP_ID
+        github-app-id-vault-path: secret/data/products/infrastructure-experience/ci/common
+        github-app-private-key-vault-key: GITHUB_APP_PRIVATE_KEY
+        github-app-private-key-vault-path: secret/data/products/infrastructure-experience/ci/common
+        vault-auth-method: approle
+        vault-auth-role-id: ${{ inputs.vault_role_id }}
+        vault-auth-secret-id: ${{ inputs.vault_secret_id }}
+        vault-url: ${{ inputs.vault_addr }}
+
+    - name: Check for Silence Issue
+      id: silence-check
+      if: ${{ inputs.disable_silence_check == 'false' }}
+      shell: bash
+      continue-on-error: true
+      run: |
+        ISSUE_TITLE="silence: ${{ github.workflow }}"
+        ISSUE_SEARCH=$(gh issue list --repo ${{ github.repository }} --state open --search "$ISSUE_TITLE in:title" --label "alert-management" --json number,title,url)
+        ISSUE_COUNT=$(echo "$ISSUE_SEARCH" | jq '. | length')
+
+        if [ "$ISSUE_COUNT" -gt 0 ]; then
+          ISSUE_TITLE=$(echo "$ISSUE_SEARCH" | jq -r '.[0].title')
+          ISSUE_URL=$(echo "$ISSUE_SEARCH" | jq -r '.[0].url')
+          echo "Issue found: $ISSUE_TITLE - $ISSUE_URL . Skipping notification. Close this issue to re-enable notifications."
+          exit 0
+        else
+          echo "No silence issue found, triggering the slack alert."
+          exit 1
+        fi
+      env:
+        GITHUB_TOKEN: ${{ steps.generate-github-token.outputs.token }}
+
     - name: Import Secrets
       id: secrets
+      if: ${{ steps.silence-check.outcome != 'success' }} # in case of success it means that a silence issue exists
       uses: hashicorp/vault-action@d1720f055e0635fd932a1d2a48f87a666a57906c # v3
       with:
         url: ${{ inputs.vault_addr }}
@@ -34,6 +79,7 @@ runs:
 
     - name: Notify in Slack in case of failure
       id: slack-notification
+      if: ${{ steps.silence-check.outcome != 'success' }} # in case of success it means that a silence issue exists
       uses: slackapi/slack-github-action@70cd7be8e40a46e8b0eced40b0de447bdb42f68e # v1.26.0
       with:
         channel-id: ${{ inputs.slack_channel_id }}