codebuild-notifier 1.0.0 → 2.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +60 -6
- data/bin/update-build-status +11 -1
- data/codebuild-notifier.gemspec +2 -1
- data/lib/codebuild-notifier/config.rb +12 -3
- data/lib/codebuild-notifier/dynamo_base.rb +1 -6
- data/lib/codebuild-notifier/slack_sender.rb +21 -8
- data/lib/codebuild-notifier/version.rb +1 -1
- metadata +24 -17
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 0c920099bd3376b99f0eaa8c97e789e7ff1c1febd46ebb345eec0b687fd9d757
|
4
|
+
data.tar.gz: 523dbfff43eed2812eab246a7d0ffcc0acdbc12ff95c9b59eaaf8b0894b3860e
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: c960b34c1deb84be07219f235d37b98eca9eefa36b8a099ebb72cb8e684714a372f349c403a9cbe7319a07d27dfc6f93731064b170e2cd851e8a53d32242f84b
|
7
|
+
data.tar.gz: 1574dc7e7515d4459a3f800e4568dd22231aeb21da169d114962c14fe7e35f41bc2a85614a40e9fa77436ea985622827ef34a1cc880a23af738c138fd0b9fec2
|
data/README.md
CHANGED
@@ -1,11 +1,11 @@
|
|
1
1
|
# codebuild-notifier
|
2
|
-
Reports status of AWS CodeBuild CI jobs to
|
2
|
+
Reports status of AWS CodeBuild CI jobs to Slack.
|
3
3
|
|
4
4
|
# Infrastructure Requirements
|
5
5
|
|
6
6
|
### Slack App or Bot in your workspace
|
7
7
|
|
8
|
-
Notifications will be sent as
|
8
|
+
Notifications will be sent as Slack Direct Messages to users from the default
|
9
9
|
Slack bot in your workspace (e.g. @slackbot)
|
10
10
|
- Go to <a href="https://api.slack.com/apps">https://api.slack.com/apps</a>
|
11
11
|
- Create a New App, e.g. App Name: CodeBuild Notifier
|
@@ -24,7 +24,7 @@ will come from a user with a name you choose, e.g. CodeBuildBot
|
|
24
24
|
- A new OAuth token will be generated specific to the Bot User. Store this in
|
25
25
|
AWS Secrets Manager instead of the App token.
|
26
26
|
|
27
|
-
### DynamoDB table
|
27
|
+
### DynamoDB table for build history
|
28
28
|
- expected to be named 'codebuild-history', but can be configured
|
29
29
|
- the following definition:
|
30
30
|
|
@@ -57,6 +57,39 @@ AWS Secrets Manager instead of the App token.
|
|
57
57
|
{ "token": "xoxo-your-slack-app-token" }
|
58
58
|
```
|
59
59
|
|
60
|
+
### Optional DynamoDB table for Slack aliases
|
61
|
+
|
62
|
+
Slack message recipients are located by extracting the email address of the
|
63
|
+
author/commiter of the git commit triggering the build, then searching
|
64
|
+
for users with that email address within the Slack workspace.
|
65
|
+
|
66
|
+
Users might sign commits with a different email address than they used
|
67
|
+
to register with Slack. Even if their git config has a matching address,
|
68
|
+
merges and commits made via the github web interface may use the primary
|
69
|
+
email address for the user's github account, or username@noreply.github.com.
|
70
|
+
|
71
|
+
To ensure delivery in these cases, a second DynamoDb table can be created
|
72
|
+
and configured to do a second lookup if the original lookup fails.
|
73
|
+
|
74
|
+
- suggested table name: 'codebuild-slack-aliases', but can be configured
|
75
|
+
- by default, the table name is unspecified, meaning no second lookup will
|
76
|
+
be performed
|
77
|
+
- the email address for which the original lookup fails (the commit
|
78
|
+
signature address) should be stored in index field `alternate_email`
|
79
|
+
- the user's Slack email address should be stored in a string field
|
80
|
+
named `workspace_email`
|
81
|
+
- multiple items can be created with different values for `alternate_email`
|
82
|
+
pointing to the same `workspace_email` value
|
83
|
+
- the table should have the following definition:
|
84
|
+
```ruby
|
85
|
+
AttributeDefinitions [
|
86
|
+
{ AttributeName: 'alternate_email', AttributeType: 'S' }
|
87
|
+
]
|
88
|
+
KeySchema [
|
89
|
+
{ AttributeName: 'alternate_email', KeyType: 'HASH' }
|
90
|
+
]
|
91
|
+
```
|
92
|
+
|
60
93
|
### IAM Service Role for CodeBuild projects
|
61
94
|
|
62
95
|
You will likely already have a service role granting CloudWatch access, to
|
@@ -76,7 +109,10 @@ name:
|
|
76
109
|
"Effect": "Allow",
|
77
110
|
"Resource": [
|
78
111
|
"arn:aws:dynamodb:<your-region>:<your-account-id>:table/codebuild-history",
|
79
|
-
"arn:aws:dynamodb:<your-region>:<your-account-id>:table/codbuild-history/*"
|
112
|
+
"arn:aws:dynamodb:<your-region>:<your-account-id>:table/codbuild-history/*",
|
113
|
+
// if optional slack alias table is configured
|
114
|
+
"arn:aws:dynamodb:<your-region>:<your-account-id>:table/codebuild-slack-aliases",
|
115
|
+
"arn:aws:dynamodb:<your-region>:<your-account-id>:table/codbuild-slack-aliases/*"
|
80
116
|
]
|
81
117
|
},
|
82
118
|
{
|
@@ -88,6 +124,7 @@ name:
|
|
88
124
|
}
|
89
125
|
```
|
90
126
|
|
127
|
+
|
91
128
|
# Configuration
|
92
129
|
|
93
130
|
## Installation
|
@@ -261,13 +298,30 @@ phases:
|
|
261
298
|
not set
|
262
299
|
</td>
|
263
300
|
<td>
|
264
|
-
If no
|
301
|
+
If no Slack user can be found in your workspace with the email
|
265
302
|
address of the author or committer of a commit, a message will be
|
266
|
-
sent to the
|
303
|
+
sent to the Slack usernames specified.<br />
|
267
304
|
Separate multiple values with commas, with no spaces.<br />
|
268
305
|
e.g. fred,velma
|
269
306
|
</td>
|
270
307
|
</tr>
|
308
|
+
<tr>
|
309
|
+
<th>
|
310
|
+
CBN_SLACK_ALIAS_TABLE
|
311
|
+
</th>
|
312
|
+
<td>
|
313
|
+
<nobr>--slack-alias-table</nobr>
|
314
|
+
</td>
|
315
|
+
<td>
|
316
|
+
not set
|
317
|
+
</td>
|
318
|
+
<td>
|
319
|
+
If no Slack user can be found in your workspace with the email
|
320
|
+
address of the author or committer of a commit, this table will
|
321
|
+
be queried to find the Slack workspace email matching the failed
|
322
|
+
address.
|
323
|
+
</td>
|
324
|
+
</tr>
|
271
325
|
<tr>
|
272
326
|
<th>
|
273
327
|
CBN_SLACK_SECRET_NAME
|
data/bin/update-build-status
CHANGED
@@ -98,6 +98,16 @@ OptionParser.new do |opts|
|
|
98
98
|
command_line_opts[:slack_admin_users] = usernames
|
99
99
|
end
|
100
100
|
|
101
|
+
opts.on(
|
102
|
+
'--slack-alias-table=TABLE',
|
103
|
+
'optional dynamodb table for storing alternate email addresses for when ' \
|
104
|
+
'the commit author email is different from the address associated with ' \
|
105
|
+
'their slack account; can also help with failed lookups for ' \
|
106
|
+
'someuser@noreply.github.com'
|
107
|
+
) do |table|
|
108
|
+
command_line_opts[:slack_alias_table] = table
|
109
|
+
end
|
110
|
+
|
101
111
|
opts.on(
|
102
112
|
'--slack-secret-name=SECRET',
|
103
113
|
'name of Secrets Manager secret with slack app/bot auth token'
|
@@ -119,7 +129,7 @@ OptionParser.new do |opts|
|
|
119
129
|
end.parse!
|
120
130
|
# rubocop:enable Metrics/BlockLength
|
121
131
|
|
122
|
-
config = CodeBuildNotifier::Config.new(command_line_opts)
|
132
|
+
config = CodeBuildNotifier::Config.new(**command_line_opts)
|
123
133
|
build = CodeBuildNotifier::CurrentBuild.new
|
124
134
|
history = CodeBuildNotifier::BuildHistory.new(config, build)
|
125
135
|
last_build = history.last_entry
|
data/codebuild-notifier.gemspec
CHANGED
@@ -38,10 +38,11 @@ Gem::Specification.new do |spec|
|
|
38
38
|
file.match(%r{^(test|spec|features)/})
|
39
39
|
end
|
40
40
|
|
41
|
-
spec.add_dependency 'activesupport', '
|
41
|
+
spec.add_dependency 'activesupport', '~> 6.0.3.1'
|
42
42
|
spec.add_dependency 'aws-sdk-dynamodb', '~> 1.16'
|
43
43
|
spec.add_dependency 'aws-sdk-secretsmanager', '~> 1.19'
|
44
44
|
spec.add_dependency 'hashie', '> 1.0', '< 4.0'
|
45
|
+
spec.add_dependency 'nokogiri'
|
45
46
|
spec.add_dependency 'slack-ruby-client', '~> 0.13'
|
46
47
|
|
47
48
|
spec.add_development_dependency 'rspec', '~> 3.8'
|
@@ -15,12 +15,15 @@
|
|
15
15
|
# You should have received a copy of the GNU General Public License
|
16
16
|
# along with codebuild-notifier. If not, see <http://www.gnu.org/licenses/>.
|
17
17
|
|
18
|
+
require 'aws-sdk-dynamodb'
|
19
|
+
|
18
20
|
module CodeBuildNotifier
|
19
21
|
class Config
|
20
|
-
DEFAULT_WHITELIST = %w[master]
|
22
|
+
DEFAULT_WHITELIST = %w[master].freeze
|
21
23
|
|
22
|
-
attr_reader :additional_channel, :default_strategy, :dynamo_table,
|
23
|
-
:
|
24
|
+
attr_reader :additional_channel, :default_strategy, :dynamo_table,
|
25
|
+
:region, :slack_admins, :slack_alias_table,
|
26
|
+
:slack_secret_name, :whitelist_branches
|
24
27
|
|
25
28
|
# Configuration values specific to CodeBuild Notifier. CBN_ prefix is
|
26
29
|
# used because ENV vars with CODEBUILD_ prefix are reserved for use by AWS.
|
@@ -30,6 +33,7 @@ module CodeBuildNotifier
|
|
30
33
|
dynamo_table: ENV['CBN_DYNAMO_TABLE'] || 'codebuild-history',
|
31
34
|
region: ENV['CBN_AWS_REGION'] || ENV['AWS_REGION'],
|
32
35
|
slack_admins: ENV['CBN_SLACK_ADMIN_USERNAMES'],
|
36
|
+
slack_alias_table: ENV['CBN_SLACK_ALIAS_TABLE'],
|
33
37
|
slack_secret_name: ENV['CBN_SLACK_SECRET_NAME'] || 'slack/codebuild',
|
34
38
|
strategy_overrides: ENV['CBN_OVERRIDE_NOTIFY_STRATEGY'],
|
35
39
|
whitelist_branches: ENV['CBN_WHITELIST_BRANCHES']
|
@@ -39,11 +43,16 @@ module CodeBuildNotifier
|
|
39
43
|
@dynamo_table = dynamo_table
|
40
44
|
@region = region
|
41
45
|
@slack_admins = slack_admins&.split(',') || []
|
46
|
+
@slack_alias_table = slack_alias_table
|
42
47
|
@slack_secret_name = slack_secret_name
|
43
48
|
@strategy_overrides = strategy_overrides&.split(',') || []
|
44
49
|
@whitelist_branches = whitelist_branches&.split(',') || DEFAULT_WHITELIST
|
45
50
|
end
|
46
51
|
|
52
|
+
def dynamo_client
|
53
|
+
@dynamo_client || Aws::DynamoDB::Client.new(region: region)
|
54
|
+
end
|
55
|
+
|
47
56
|
def strategy_for_branch(branch_name)
|
48
57
|
lookup = @strategy_overrides.map { |override| override.split(':') }.to_h
|
49
58
|
lookup.fetch(branch_name, default_strategy)
|
@@ -17,14 +17,13 @@
|
|
17
17
|
|
18
18
|
require 'active_support'
|
19
19
|
require 'active_support/core_ext'
|
20
|
-
require 'aws-sdk-dynamodb'
|
21
20
|
require 'hashie'
|
22
21
|
|
23
22
|
module CodeBuildNotifier
|
24
23
|
class DynamoBase
|
25
24
|
attr_reader :config, :current_build
|
26
25
|
|
27
|
-
delegate :dynamo_table, to: :config
|
26
|
+
delegate :dynamo_client, :dynamo_table, to: :config
|
28
27
|
|
29
28
|
def initialize(config, build)
|
30
29
|
@config = config
|
@@ -37,10 +36,6 @@ module CodeBuildNotifier
|
|
37
36
|
)
|
38
37
|
end
|
39
38
|
|
40
|
-
private def dynamo_client
|
41
|
-
@dynamo_client || Aws::DynamoDB::Client.new(region: config.region)
|
42
|
-
end
|
43
|
-
|
44
39
|
private def hash_to_dynamo_update(hash)
|
45
40
|
update = hash.each_with_object(
|
46
41
|
expression_attribute_names: {},
|
@@ -34,10 +34,8 @@ module CodeBuildNotifier
|
|
34
34
|
post_message(message, channel)
|
35
35
|
end
|
36
36
|
|
37
|
-
message.recipients.
|
38
|
-
|
39
|
-
slack_user_id && post_message(message, slack_user_id)
|
40
|
-
end
|
37
|
+
user_ids = message.recipients.map { |email| find_slack_user(email)&.id }
|
38
|
+
user_ids.uniq.compact.each { |user_id| post_message(message, user_id) }
|
41
39
|
end
|
42
40
|
|
43
41
|
private def post_message(message, channel)
|
@@ -60,14 +58,29 @@ module CodeBuildNotifier
|
|
60
58
|
end
|
61
59
|
|
62
60
|
private def find_slack_user(email)
|
63
|
-
|
64
|
-
lookup_response.user.id
|
61
|
+
slack_client.users_lookupByEmail(email: email)&.user
|
65
62
|
rescue Slack::Web::Api::Errors::SlackError => e
|
63
|
+
alias_email = find_alias(email)
|
64
|
+
if alias_email
|
65
|
+
find_slack_user(alias_email)
|
66
|
+
else
|
67
|
+
report_lookup_failure(email, e.message)
|
68
|
+
nil
|
69
|
+
end
|
70
|
+
end
|
71
|
+
|
72
|
+
private def report_lookup_failure(email, error_message)
|
66
73
|
admin_send(
|
67
74
|
"Slack user lookup by email for #{email} failed with " \
|
68
|
-
"error: #{
|
75
|
+
"error: #{error_message}"
|
69
76
|
)
|
70
|
-
|
77
|
+
end
|
78
|
+
|
79
|
+
def find_alias(email)
|
80
|
+
config.slack_alias_table && config.dynamo_client.get_item(
|
81
|
+
table_name: config.slack_alias_table,
|
82
|
+
key: { 'alternate_email' => email }
|
83
|
+
).item&.fetch('workspace_email')
|
71
84
|
end
|
72
85
|
|
73
86
|
# If the app token starts with xoxb- then it is a Bot User Oauth token
|
metadata
CHANGED
@@ -1,35 +1,29 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: codebuild-notifier
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version:
|
4
|
+
version: 2.0.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- VHL Ops Team
|
8
|
-
autorequire:
|
8
|
+
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2023-01-26 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: activesupport
|
15
15
|
requirement: !ruby/object:Gem::Requirement
|
16
16
|
requirements:
|
17
|
-
- - "
|
18
|
-
- !ruby/object:Gem::Version
|
19
|
-
version: '2.0'
|
20
|
-
- - "<"
|
17
|
+
- - "~>"
|
21
18
|
- !ruby/object:Gem::Version
|
22
|
-
version:
|
19
|
+
version: 6.0.3.1
|
23
20
|
type: :runtime
|
24
21
|
prerelease: false
|
25
22
|
version_requirements: !ruby/object:Gem::Requirement
|
26
23
|
requirements:
|
27
|
-
- - "
|
28
|
-
- !ruby/object:Gem::Version
|
29
|
-
version: '2.0'
|
30
|
-
- - "<"
|
24
|
+
- - "~>"
|
31
25
|
- !ruby/object:Gem::Version
|
32
|
-
version:
|
26
|
+
version: 6.0.3.1
|
33
27
|
- !ruby/object:Gem::Dependency
|
34
28
|
name: aws-sdk-dynamodb
|
35
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -78,6 +72,20 @@ dependencies:
|
|
78
72
|
- - "<"
|
79
73
|
- !ruby/object:Gem::Version
|
80
74
|
version: '4.0'
|
75
|
+
- !ruby/object:Gem::Dependency
|
76
|
+
name: nokogiri
|
77
|
+
requirement: !ruby/object:Gem::Requirement
|
78
|
+
requirements:
|
79
|
+
- - ">="
|
80
|
+
- !ruby/object:Gem::Version
|
81
|
+
version: '0'
|
82
|
+
type: :runtime
|
83
|
+
prerelease: false
|
84
|
+
version_requirements: !ruby/object:Gem::Requirement
|
85
|
+
requirements:
|
86
|
+
- - ">="
|
87
|
+
- !ruby/object:Gem::Version
|
88
|
+
version: '0'
|
81
89
|
- !ruby/object:Gem::Dependency
|
82
90
|
name: slack-ruby-client
|
83
91
|
requirement: !ruby/object:Gem::Requirement
|
@@ -182,7 +190,7 @@ homepage: https://github.com/vhl/codebuild-notifier
|
|
182
190
|
licenses:
|
183
191
|
- GPL-3.0+
|
184
192
|
metadata: {}
|
185
|
-
post_install_message:
|
193
|
+
post_install_message:
|
186
194
|
rdoc_options: []
|
187
195
|
require_paths:
|
188
196
|
- lib
|
@@ -197,9 +205,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
197
205
|
- !ruby/object:Gem::Version
|
198
206
|
version: '0'
|
199
207
|
requirements: []
|
200
|
-
|
201
|
-
|
202
|
-
signing_key:
|
208
|
+
rubygems_version: 3.2.33
|
209
|
+
signing_key:
|
203
210
|
specification_version: 4
|
204
211
|
summary: Slack notifications for CodeBuild jobs.
|
205
212
|
test_files: []
|