codebuild-notifier 0.2.0

data/lib/codebuild-notifier/build_history.rb

@@ -0,0 +1,110 @@
+# codebuild-notifier
+# Copyright © 2018 Adam Alboyadjian <adam@cassia.tech>
+# Copyright © 2018 Vista Higher Learning, Inc.
+#
+# codebuild-notifier is free software: you can redistribute it
+# and/or modify it under the terms of the GNU General Public
+# License as published by the Free Software Foundation, either
+# version 3 of the License, or (at your option) any later version.
+#
+# codebuild-notifier is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with codebuild-notifier.  If not, see <http://www.gnu.org/licenses/>.
+
+require 'active_support'
+require 'active_support/core_ext'
+require 'aws-sdk-dynamodb'
+require 'hashie'
+
+module CodeBuildNotifier
+  class BuildHistory
+    attr_reader :config, :current_build
+
+    delegate :dynamo_table, to: :config
+    delegate :launched_by_retry?, to: :current_build
+
+    def initialize(config, current_build)
+      @config = config
+      @current_build = current_build
+    end
+
+    def last_entry
+      # If this build was launched using the Retry command from the console
+      # or api we don't have a Pull Request or branch name to use in the
+      # primary key, so we query by commit hash and project instead.
+      item = launched_by_retry? ? find_by_commit_and_project : find_by_id
+
+      # Provide .dot access to hash values from Dynamo item.
+      item && Hashie::Mash.new(item)
+    end
+
+    def write_entry(source_id)
+      updates = hash_to_dynamo_update(new_entry).merge(
+        key: { source_id: source_id }
+      )
+
+      yield updates if block_given?
+
+      dynamo_client.update_item(
+        updates.merge(table_name: dynamo_table)
+      )
+    end
+
+    # The commit hash and project code are used to find which Pull Request
+    # or branch the current build belongs to, and the previous build status
+    # for that Pull Request or branch.
+    private def find_by_commit_and_project
+      dynamo_client.query(
+        expression_attribute_values: {
+          ':commit_hash' => current_build.commit_hash,
+          ':project_code' => current_build.project_code
+        },
+        filter_expression: 'project_code = :project_code',
+        index_name: 'commit_hash_index',
+        key_condition_expression: 'commit_hash = :commit_hash',
+        table_name: dynamo_table
+      ).items.first
+    end
+
+    private def find_by_id
+      dynamo_client.get_item(
+        key: { 'source_id' => current_build.source_id },
+        table_name: dynamo_table
+      ).item
+    end
+
+    private def new_entry
+      {
+        commit_hash: current_build.commit_hash,
+        project_code: current_build.project_code,
+        status: current_build.status
+      }.tap do |memo|
+        # If launched via manual re-try instead of via a webhook, we don't
+        # want to overwrite the current source_ref value that tells us which
+        # branch or pull request originally created the dynamo record.
+        memo[:source_ref] = current_build.trigger unless launched_by_retry?
+      end
+    end
+
+    private def hash_to_dynamo_update(hash)
+      update = hash.each_with_object(
+        expression_attribute_names: {},
+        expression_attribute_values: {},
+        update_expression: []
+      ) do |(key, value), memo|
+        memo[:expression_attribute_names]["##{key}"] = key.to_s
+        memo[:expression_attribute_values][":#{key}"] = value
+        memo[:update_expression] << "##{key} = :#{key}"
+      end
+      update.merge(update_expression: "SET #{update[:update_expression].join(', ')}")
+    end
+
+    private def dynamo_client
+      @dynamo_client || Aws::DynamoDB::Client.new(region: config.region)
+    end
+  end
+end

data/lib/codebuild-notifier/config.rb

@@ -0,0 +1,52 @@
+# codebuild-notifier
+# Copyright © 2018 Adam Alboyadjian <adam@cassia.tech>
+# Copyright © 2018 Vista Higher Learning, Inc.
+#
+# codebuild-notifier is free software: you can redistribute it
+# and/or modify it under the terms of the GNU General Public
+# License as published by the Free Software Foundation, either
+# version 3 of the License, or (at your option) any later version.
+#
+# codebuild-notifier is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with codebuild-notifier.  If not, see <http://www.gnu.org/licenses/>.
+
+module CodeBuildNotifier
+  class Config
+    DEFAULT_WHITELIST = %w[master release]
+
+    attr_reader :additional_channel, :dynamo_table, :region, :slack_admins,
+                :slack_secret_name, :whitelist_branches
+
+    # Configuration values specific to CodeBuild Notifier. CBN_ prefix is
+    # used because ENV vars with CODEBUILD_ prefix are reserved for use by AWS.
+    def initialize(
+      additional_channel: ENV['CBN_ADDITIONAL_CHANNEL'],
+      dynamo_table: ENV['CBN_DYNAMO_TABLE'] || 'branch-build-status',
+      region: ENV['CBN_AWS_REGION'] || ENV['AWS_REGION'],
+      slack_admins: ENV['CBN_SLACK_ADMIN_USERNAMES'],
+      slack_secret_name: ENV['CBN_SLACK_SECRET_NAME'] || 'slack/codebuild',
+      whitelist_branches: ENV['CBN_WHITELIST_BRANCHES']
+    )
+      @additional_channel = additional_channel
+      @dynamo_table = dynamo_table
+      @region = region
+      @slack_admins = slack_admins&.split(',') || []
+      @slack_secret_name = slack_secret_name
+      @whitelist_branches = whitelist_branches&.split(',') || DEFAULT_WHITELIST
+    end
+
+    # Match the format of the CodeBuild trigger variable
+    def non_pr_branch_ids
+      whitelist_branches.map { |name| "branch/#{name}" }
+    end
+
+    def whitelist
+      whitelist_branches.join(', ')
+    end
+  end
+end

data/lib/codebuild-notifier/current_build.rb

@@ -0,0 +1,69 @@
+# codebuild-notifier
+# Copyright © 2018 Adam Alboyadjian <adam@cassia.tech>
+# Copyright © 2018 Vista Higher Learning, Inc.
+#
+# codebuild-notifier is free software: you can redistribute it
+# and/or modify it under the terms of the GNU General Public
+# License as published by the Free Software Foundation, either
+# version 3 of the License, or (at your option) any later version.
+#
+# codebuild-notifier is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with codebuild-notifier.  If not, see <http://www.gnu.org/licenses/>.
+
+module CodeBuildNotifier
+  class CurrentBuild
+    attr_reader :build_id, :commit_hash, :git_repo_url, :status_code, :trigger
+
+    # Default values are extracted from CODEBUILD_* ENV vars present in each
+    # CodeBuild # job container.
+    def initialize(
+      build_id: ENV['CODEBUILD_BUILD_ID'],
+      commit_hash: ENV['CODEBUILD_RESOLVED_SOURCE_VERSION'],
+      git_repo: ENV['CODEBUILD_SOURCE_REPO_URL'],
+      status_code: ENV['CODEBUILD_BUILD_SUCCEEDING'],
+      trigger: ENV['CODEBUILD_WEBHOOK_TRIGGER']
+    )
+      @build_id = build_id
+      @commit_hash = commit_hash
+      # Handle repos specified with and without optional .git suffix.
+      @git_repo_url = git_repo.to_s.gsub(/\.git\z/, '')
+      @status_code = status_code
+      @trigger = trigger
+    end
+
+    def status
+      status_code.to_s == '1' ? 'SUCCEEDED' : 'FAILED'
+    end
+
+    def project_code
+      @project_code ||= build_id.split(':').first
+    end
+
+    # If trigger is empty, this build was launched using the Retry command from
+    # the console or api.
+    def launched_by_retry?
+      trigger.to_s.empty?
+    end
+
+    def for_pr?
+      %r{^pr/}.match?(trigger.to_s)
+    end
+
+    # source_id, the primary key, is a composite of project_code and
+    # trigger.
+    # e.g.:
+    #   my-app_ruby2-4:branch/master
+    #   my-app_ruby2-3:pr/4056
+    # project_code forms part of the key to support having repos with
+    # multiple projects, for example, with different buildspec files for
+    # different ruby versions, or for rspec vs cucumber.
+    def source_id
+      "#{project_code}:#{trigger}"
+    end
+  end
+end

data/lib/codebuild-notifier/git.rb

@@ -0,0 +1,25 @@
+# codebuild-notifier
+# Copyright © 2018 Adam Alboyadjian <adam@cassia.tech>
+# Copyright © 2018 Vista Higher Learning, Inc.
+#
+# codebuild-notifier is free software: you can redistribute it
+# and/or modify it under the terms of the GNU General Public
+# License as published by the Free Software Foundation, either
+# version 3 of the License, or (at your option) any later version.
+#
+# codebuild-notifier is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with codebuild-notifier.  If not, see <http://www.gnu.org/licenses/>.
+
+module CodeBuildNotifier
+  module Git
+    def current_commit
+      `git show -s --format='%h|%aN|%aE|%cE|%s'`.chomp.split('|')
+    end
+    module_function :current_commit
+  end
+end

data/lib/codebuild-notifier/slack_message.rb

@@ -0,0 +1,98 @@
+# codebuild-notifier
+# Copyright © 2018 Adam Alboyadjian <adam@cassia.tech>
+# Copyright © 2018 Vista Higher Learning, Inc.
+#
+# codebuild-notifier is free software: you can redistribute it
+# and/or modify it under the terms of the GNU General Public
+# License as published by the Free Software Foundation, either
+# version 3 of the License, or (at your option) any later version.
+#
+# codebuild-notifier is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with codebuild-notifier.  If not, see <http://www.gnu.org/licenses/>.
+
+module CodeBuildNotifier
+  class SlackMessage
+    attr_reader :author_email, :author_name, :build, :committer_email,
+                :commit_message_subject, :config, :short_hash, :source_ref
+
+    def initialize(build, config, source_ref)
+      @build = build
+      @config = config
+      @source_ref = source_ref
+      @short_hash, @author_name, @author_email,
+        @committer_email, @commit_message_subject = git_info
+    end
+
+    def payload
+      {
+        color: slack_color,
+        fallback: [title, body].join("\n"),
+        title: title,
+        text: body
+      }
+    end
+
+    def recipients
+      [author_email, committer_email].uniq
+    end
+
+    def additional_channel
+      !build.for_pr? && config.additional_channel
+    end
+
+    private def git_info
+      Git.current_commit
+    end
+
+    private def slack_color
+      {
+        'FAILED' => 'danger',
+        'SUCCEEDED' => 'good'
+      }[build.status]
+    end
+
+    private def title
+      "#{slack_icon} #{author_name}'s " \
+      "<#{details_url}|#{build.project_code} build> - " \
+      "#{build.status.downcase}"
+    end
+
+    private def slack_icon
+      {
+        'FAILED' => ':broken_heart:',
+        'SUCCEEDED' => ':green_heart:'
+      }[build.status]
+    end
+
+    private def details_url
+      'https://console.aws.amazon.com/codesuite/codebuild/projects/' \
+      "#{build.project_code}/build/#{build.build_id}/log?region=#{config.region}"
+    end
+
+    private def body
+      "commit #{commit_link} (#{commit_message_subject}) in " \
+      "#{source_ref_link}"
+    end
+
+    private def commit_link
+      "<#{build.git_repo_url}/commit/#{build.commit_hash}|#{short_hash}>"
+    end
+
+    private def source_ref_link
+      "<#{build.git_repo_url}/#{url_path}|#{source_ref}>"
+    end
+
+    private def url_path
+      if %r{\Apr/}.match?(source_ref)
+        "pull/#{source_ref[3..-1]}"
+      else
+        "tree/#{source_ref.gsub(%r{\Abranch/}, '')}"
+      end
+    end
+  end
+end

data/lib/codebuild-notifier/slack_sender.rb

@@ -0,0 +1,97 @@
+# codebuild-notifier
+# Copyright © 2018 Adam Alboyadjian <adam@cassia.tech>
+# Copyright © 2018 Vista Higher Learning, Inc.
+#
+# codebuild-notifier is free software: you can redistribute it
+# and/or modify it under the terms of the GNU General Public
+# License as published by the Free Software Foundation, either
+# version 3 of the License, or (at your option) any later version.
+#
+# codebuild-notifier is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with codebuild-notifier.  If not, see <http://www.gnu.org/licenses/>.
+
+require 'aws-sdk-secretsmanager'
+require 'slack-ruby-client'
+
+module CodeBuildNotifier
+  class SlackSender
+    attr_reader :config
+
+    def initialize(config)
+      @config = config
+    end
+
+    def send(message)
+      Slack.configure { |slack_config| slack_config.token = app_token }
+      channel = message.additional_channel
+      if channel
+        channel = "##{channel}" unless /\A#/.match?(channel)
+        post_message(message, channel)
+      end
+
+      message.recipients.each do |email|
+        slack_user_id = find_slack_user(email)
+        slack_user_id && post_message(message, slack_user_id)
+      end
+    end
+
+    private def post_message(message, channel)
+      slack_client.chat_postMessage(
+        as_user: app_is_bot_user?,
+        attachments: [message.payload],
+        channel: channel
+      )
+    end
+
+    private def admin_send(message)
+      config.slack_admins.each do |username|
+        username = "@#{username}" unless /\A@/.match?(username)
+        slack_client.chat_postMessage(
+          as_user: false,
+          text: message,
+          channel: username
+        )
+      end
+    end
+
+    private def find_slack_user(email)
+      lookup_response = slack_client.users_lookupByEmail(email: email)
+      lookup_response.user.id
+    rescue Slack::Web::Api::Errors::SlackError => e
+      admin_send(
+        "Slack user lookup by email for #{email} failed with " \
+        "error: #{e.message}"
+      )
+      nil
+    end
+
+    # If the app token starts with xoxb- then it is a Bot User Oauth token
+    # and slack notifications should be posted with as_user: true. If it
+    # starts with xoxp- then it's an app token not associated with a user,
+    # and as_user: should be false.
+    private def app_is_bot_user?
+      /\Axoxb/.match?(app_token)
+    end
+
+    private def secrets_client
+      Aws::SecretsManager::Client.new(region: config.region)
+    end
+
+    private def slack_client
+      @slack_client ||= Slack::Web::Client.new
+    end
+
+    private def app_token
+      @app_token ||= JSON.parse(secret.secret_string)['token']
+    end
+
+    private def secret
+      secrets_client.get_secret_value(secret_id: config.slack_secret_name)
+    end
+  end
+end