codebuild-notifier 1.0.0 → 1.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +60 -6
- data/bin/update-build-status +10 -0
- data/lib/codebuild-notifier/config.rb +12 -3
- data/lib/codebuild-notifier/dynamo_base.rb +1 -6
- data/lib/codebuild-notifier/slack_sender.rb +21 -8
- data/lib/codebuild-notifier/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: db502c3440f34e43f24cc73e679a7fe3d937eb50c1989244799bf713560318cf
|
4
|
+
data.tar.gz: a91c267131b3dbac305f3ecf2a955e7a76050d90f59e8c945640a892b06d1fe4
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 3ef7b68705218fcdbee22f06d72121f6a8340b8aee7ba6346982899d175608ec0f29603d4e37ce93999a25bfd5ab5440ba64e902004737f17931a6d21399452c
|
7
|
+
data.tar.gz: ef31c8ab2dbb9b3cdc566af9edb12dd116f00dc966881b20b95588ecc5c890e3d7534faa982beba97fa04b006bd7cdec5c1f23efdab91689d42ad762d7bb8399
|
data/README.md
CHANGED
@@ -1,11 +1,11 @@
|
|
1
1
|
# codebuild-notifier
|
2
|
-
Reports status of AWS CodeBuild CI jobs to
|
2
|
+
Reports status of AWS CodeBuild CI jobs to Slack.
|
3
3
|
|
4
4
|
# Infrastructure Requirements
|
5
5
|
|
6
6
|
### Slack App or Bot in your workspace
|
7
7
|
|
8
|
-
Notifications will be sent as
|
8
|
+
Notifications will be sent as Slack Direct Messages to users from the default
|
9
9
|
Slack bot in your workspace (e.g. @slackbot)
|
10
10
|
- Go to <a href="https://api.slack.com/apps">https://api.slack.com/apps</a>
|
11
11
|
- Create a New App, e.g. App Name: CodeBuild Notifier
|
@@ -24,7 +24,7 @@ will come from a user with a name you choose, e.g. CodeBuildBot
|
|
24
24
|
- A new OAuth token will be generated specific to the Bot User. Store this in
|
25
25
|
AWS Secrets Manager instead of the App token.
|
26
26
|
|
27
|
-
### DynamoDB table
|
27
|
+
### DynamoDB table for build history
|
28
28
|
- expected to be named 'codebuild-history', but can be configured
|
29
29
|
- the following definition:
|
30
30
|
|
@@ -57,6 +57,39 @@ AWS Secrets Manager instead of the App token.
|
|
57
57
|
{ "token": "xoxo-your-slack-app-token" }
|
58
58
|
```
|
59
59
|
|
60
|
+
### Optional DynamoDB table for Slack aliases
|
61
|
+
|
62
|
+
Slack message recipients are located by extracting the email address of the
|
63
|
+
author/commiter of the git commit triggering the build, then searching
|
64
|
+
for users with that email address within the Slack workspace.
|
65
|
+
|
66
|
+
Users might sign commits with a different email address than they used
|
67
|
+
to register with Slack. Even if their git config has a matching address,
|
68
|
+
merges and commits made via the github web interface may use the primary
|
69
|
+
email address for the user's github account, or username@noreply.github.com.
|
70
|
+
|
71
|
+
To ensure delivery in these cases, a second DynamoDb table can be created
|
72
|
+
and configured to do a second lookup if the original lookup fails.
|
73
|
+
|
74
|
+
- suggested table name: 'codebuild-slack-aliases', but can be configured
|
75
|
+
- by default, the table name is unspecified, meaning no second lookup will
|
76
|
+
be performed
|
77
|
+
- the email address for which the original lookup fails (the commit
|
78
|
+
signature address) should be stored in index field `alternate_email`
|
79
|
+
- the user's Slack email address should be stored in a string field
|
80
|
+
named `workspace_email`
|
81
|
+
- multiple items can be created with different values for `alternate_email`
|
82
|
+
pointing to the same `workspace_email` value
|
83
|
+
- the table should have the following definition:
|
84
|
+
```ruby
|
85
|
+
AttributeDefinitions [
|
86
|
+
{ AttributeName: 'alternate_email', AttributeType: 'S' }
|
87
|
+
]
|
88
|
+
KeySchema [
|
89
|
+
{ AttributeName: 'alternate_email', KeyType: 'HASH' }
|
90
|
+
]
|
91
|
+
```
|
92
|
+
|
60
93
|
### IAM Service Role for CodeBuild projects
|
61
94
|
|
62
95
|
You will likely already have a service role granting CloudWatch access, to
|
@@ -76,7 +109,10 @@ name:
|
|
76
109
|
"Effect": "Allow",
|
77
110
|
"Resource": [
|
78
111
|
"arn:aws:dynamodb:<your-region>:<your-account-id>:table/codebuild-history",
|
79
|
-
"arn:aws:dynamodb:<your-region>:<your-account-id>:table/codbuild-history/*"
|
112
|
+
"arn:aws:dynamodb:<your-region>:<your-account-id>:table/codbuild-history/*",
|
113
|
+
// if optional slack alias table is configured
|
114
|
+
"arn:aws:dynamodb:<your-region>:<your-account-id>:table/codebuild-slack-aliases",
|
115
|
+
"arn:aws:dynamodb:<your-region>:<your-account-id>:table/codbuild-slack-aliases/*"
|
80
116
|
]
|
81
117
|
},
|
82
118
|
{
|
@@ -88,6 +124,7 @@ name:
|
|
88
124
|
}
|
89
125
|
```
|
90
126
|
|
127
|
+
|
91
128
|
# Configuration
|
92
129
|
|
93
130
|
## Installation
|
@@ -261,13 +298,30 @@ phases:
|
|
261
298
|
not set
|
262
299
|
</td>
|
263
300
|
<td>
|
264
|
-
If no
|
301
|
+
If no Slack user can be found in your workspace with the email
|
265
302
|
address of the author or committer of a commit, a message will be
|
266
|
-
sent to the
|
303
|
+
sent to the Slack usernames specified.<br />
|
267
304
|
Separate multiple values with commas, with no spaces.<br />
|
268
305
|
e.g. fred,velma
|
269
306
|
</td>
|
270
307
|
</tr>
|
308
|
+
<tr>
|
309
|
+
<th>
|
310
|
+
CBN_SLACK_ALIAS_TABLE
|
311
|
+
</th>
|
312
|
+
<td>
|
313
|
+
<nobr>--slack-alias-table</nobr>
|
314
|
+
</td>
|
315
|
+
<td>
|
316
|
+
not set
|
317
|
+
</td>
|
318
|
+
<td>
|
319
|
+
If no Slack user can be found in your workspace with the email
|
320
|
+
address of the author or committer of a commit, this table will
|
321
|
+
be queried to find the Slack workspace email matching the failed
|
322
|
+
address.
|
323
|
+
</td>
|
324
|
+
</tr>
|
271
325
|
<tr>
|
272
326
|
<th>
|
273
327
|
CBN_SLACK_SECRET_NAME
|
data/bin/update-build-status
CHANGED
@@ -98,6 +98,16 @@ OptionParser.new do |opts|
|
|
98
98
|
command_line_opts[:slack_admin_users] = usernames
|
99
99
|
end
|
100
100
|
|
101
|
+
opts.on(
|
102
|
+
'--slack-alias-table=TABLE',
|
103
|
+
'optional dynamodb table for storing alternate email addresses for when ' \
|
104
|
+
'the commit author email is different from the address associated with ' \
|
105
|
+
'their slack account; can also help with failed lookups for ' \
|
106
|
+
'someuser@noreply.github.com'
|
107
|
+
) do |table|
|
108
|
+
command_line_opts[:slack_alias_table] = table
|
109
|
+
end
|
110
|
+
|
101
111
|
opts.on(
|
102
112
|
'--slack-secret-name=SECRET',
|
103
113
|
'name of Secrets Manager secret with slack app/bot auth token'
|
@@ -15,12 +15,15 @@
|
|
15
15
|
# You should have received a copy of the GNU General Public License
|
16
16
|
# along with codebuild-notifier. If not, see <http://www.gnu.org/licenses/>.
|
17
17
|
|
18
|
+
require 'aws-sdk-dynamodb'
|
19
|
+
|
18
20
|
module CodeBuildNotifier
|
19
21
|
class Config
|
20
|
-
DEFAULT_WHITELIST = %w[master]
|
22
|
+
DEFAULT_WHITELIST = %w[master].freeze
|
21
23
|
|
22
|
-
attr_reader :additional_channel, :default_strategy, :dynamo_table,
|
23
|
-
:
|
24
|
+
attr_reader :additional_channel, :default_strategy, :dynamo_table,
|
25
|
+
:region, :slack_admins, :slack_alias_table,
|
26
|
+
:slack_secret_name, :whitelist_branches
|
24
27
|
|
25
28
|
# Configuration values specific to CodeBuild Notifier. CBN_ prefix is
|
26
29
|
# used because ENV vars with CODEBUILD_ prefix are reserved for use by AWS.
|
@@ -30,6 +33,7 @@ module CodeBuildNotifier
|
|
30
33
|
dynamo_table: ENV['CBN_DYNAMO_TABLE'] || 'codebuild-history',
|
31
34
|
region: ENV['CBN_AWS_REGION'] || ENV['AWS_REGION'],
|
32
35
|
slack_admins: ENV['CBN_SLACK_ADMIN_USERNAMES'],
|
36
|
+
slack_alias_table: ENV['CBN_SLACK_ALIAS_TABLE'],
|
33
37
|
slack_secret_name: ENV['CBN_SLACK_SECRET_NAME'] || 'slack/codebuild',
|
34
38
|
strategy_overrides: ENV['CBN_OVERRIDE_NOTIFY_STRATEGY'],
|
35
39
|
whitelist_branches: ENV['CBN_WHITELIST_BRANCHES']
|
@@ -39,11 +43,16 @@ module CodeBuildNotifier
|
|
39
43
|
@dynamo_table = dynamo_table
|
40
44
|
@region = region
|
41
45
|
@slack_admins = slack_admins&.split(',') || []
|
46
|
+
@slack_alias_table = slack_alias_table
|
42
47
|
@slack_secret_name = slack_secret_name
|
43
48
|
@strategy_overrides = strategy_overrides&.split(',') || []
|
44
49
|
@whitelist_branches = whitelist_branches&.split(',') || DEFAULT_WHITELIST
|
45
50
|
end
|
46
51
|
|
52
|
+
def dynamo_client
|
53
|
+
@dynamo_client || Aws::DynamoDB::Client.new(region: region)
|
54
|
+
end
|
55
|
+
|
47
56
|
def strategy_for_branch(branch_name)
|
48
57
|
lookup = @strategy_overrides.map { |override| override.split(':') }.to_h
|
49
58
|
lookup.fetch(branch_name, default_strategy)
|
@@ -17,14 +17,13 @@
|
|
17
17
|
|
18
18
|
require 'active_support'
|
19
19
|
require 'active_support/core_ext'
|
20
|
-
require 'aws-sdk-dynamodb'
|
21
20
|
require 'hashie'
|
22
21
|
|
23
22
|
module CodeBuildNotifier
|
24
23
|
class DynamoBase
|
25
24
|
attr_reader :config, :current_build
|
26
25
|
|
27
|
-
delegate :dynamo_table, to: :config
|
26
|
+
delegate :dynamo_client, :dynamo_table, to: :config
|
28
27
|
|
29
28
|
def initialize(config, build)
|
30
29
|
@config = config
|
@@ -37,10 +36,6 @@ module CodeBuildNotifier
|
|
37
36
|
)
|
38
37
|
end
|
39
38
|
|
40
|
-
private def dynamo_client
|
41
|
-
@dynamo_client || Aws::DynamoDB::Client.new(region: config.region)
|
42
|
-
end
|
43
|
-
|
44
39
|
private def hash_to_dynamo_update(hash)
|
45
40
|
update = hash.each_with_object(
|
46
41
|
expression_attribute_names: {},
|
@@ -34,10 +34,8 @@ module CodeBuildNotifier
|
|
34
34
|
post_message(message, channel)
|
35
35
|
end
|
36
36
|
|
37
|
-
message.recipients.
|
38
|
-
|
39
|
-
slack_user_id && post_message(message, slack_user_id)
|
40
|
-
end
|
37
|
+
user_ids = message.recipients.map { |email| find_slack_user(email)&.id }
|
38
|
+
user_ids.uniq.compact.each { |user_id| post_message(message, user_id) }
|
41
39
|
end
|
42
40
|
|
43
41
|
private def post_message(message, channel)
|
@@ -60,14 +58,29 @@ module CodeBuildNotifier
|
|
60
58
|
end
|
61
59
|
|
62
60
|
private def find_slack_user(email)
|
63
|
-
|
64
|
-
lookup_response.user.id
|
61
|
+
slack_client.users_lookupByEmail(email: email)&.user
|
65
62
|
rescue Slack::Web::Api::Errors::SlackError => e
|
63
|
+
alias_email = find_alias(email)
|
64
|
+
if alias_email
|
65
|
+
find_slack_user(alias_email)
|
66
|
+
else
|
67
|
+
report_lookup_failure(email, e.message)
|
68
|
+
nil
|
69
|
+
end
|
70
|
+
end
|
71
|
+
|
72
|
+
private def report_lookup_failure(email, error_message)
|
66
73
|
admin_send(
|
67
74
|
"Slack user lookup by email for #{email} failed with " \
|
68
|
-
"error: #{
|
75
|
+
"error: #{error_message}"
|
69
76
|
)
|
70
|
-
|
77
|
+
end
|
78
|
+
|
79
|
+
def find_alias(email)
|
80
|
+
config.slack_alias_table && config.dynamo_client.get_item(
|
81
|
+
table_name: config.slack_alias_table,
|
82
|
+
key: { 'alternate_email' => email }
|
83
|
+
).item&.fetch('workspace_email')
|
71
84
|
end
|
72
85
|
|
73
86
|
# If the app token starts with xoxb- then it is a Bot User Oauth token
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: codebuild-notifier
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.1.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- VHL Ops Team
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2019-
|
11
|
+
date: 2019-05-13 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: activesupport
|