diff --git a/.github/actions/notify-slack/action.yaml b/.github/actions/notify-slack/action.yaml new file mode 100644 index 0000000000..b508d5d6be --- /dev/null +++ b/.github/actions/notify-slack/action.yaml @@ -0,0 +1,42 @@ +name: notify-slack +description: notify slack +inputs: + channel: + description: channel to send message + required: true + token: + description: token with chat:write and chat:write.public permissions + required: true + message: + description: message formatted in Markdown + required: true +runs: + using: composite + steps: + # see https://api.slack.com/tutorials/tracks/posting-messages-with-curl#let-us-hello-then__making-your-messages-more-fantastic + - name: notify-slack + shell: bash + run: | + curl https://slack.com/api/chat.postMessage \ + -X POST --fail --silent --show-error \ + -H "Authorization: Bearer ${SLACK_TOKEN}" \ + -H "Content-type: application/json; charset=utf-8" \ + --data @<(yq -pjson -ojson '.channel = env(SLACK_CHANNEL) | .blocks[0].text.text = env(MESSAGE)' <<'EOF' + { + "channel": "", + "blocks": [ + { + "type": "section", + "text": { + "type": "mrkdwn", + "text": "" + } + } + ] + } + EOF + ) >/dev/null + env: + SLACK_CHANNEL: ${{ inputs.channel }} + SLACK_TOKEN: ${{ inputs.token }} + MESSAGE: ${{ inputs.message }} diff --git a/.github/workflows/deployment-pipeline.yml b/.github/workflows/deployment-pipeline.yml index 70fe640881..dce19dace4 100644 --- a/.github/workflows/deployment-pipeline.yml +++ b/.github/workflows/deployment-pipeline.yml @@ -103,6 +103,12 @@ jobs: service: infisical-core-gamma-stage cluster: infisical-gamma-stage wait-for-service-stability: true + # only notify of success because continue-on-error is so tricky, see https://www.kenmuse.com/blog/how-to-handle-step-and-job-errors-in-github-actions/ + - uses: ./.github/actions/notify-slack + with: + token: ${{ secrets.SLACK_TOKEN }} + channel: ${{ secrets.SLACK_CHANNEL }} + message: deployed infisical/staging_infisical:${{ steps.commit.outputs.short }} to ${{ vars.ENVIRONMENT }} production-us: name: US production deploy @@ -159,6 +165,12 @@ jobs: service: infisical-core-platform cluster: infisical-core-platform wait-for-service-stability: true + # only notify of success because continue-on-error is so tricky, see https://www.kenmuse.com/blog/how-to-handle-step-and-job-errors-in-github-actions/ + - uses: ./.github/actions/notify-slack + with: + token: ${{ secrets.SLACK_TOKEN }} + channel: ${{ secrets.SLACK_CHANNEL }} + message: deployed infisical/staging_infisical:${{ steps.commit.outputs.short }} to ${{ vars.ENVIRONMENT }} production-eu: name: EU production deploy @@ -210,3 +222,9 @@ jobs: service: infisical-core-platform cluster: infisical-core-platform wait-for-service-stability: true + # only notify of success because continue-on-error is so tricky, see https://www.kenmuse.com/blog/how-to-handle-step-and-job-errors-in-github-actions/ + - uses: ./.github/actions/notify-slack + with: + token: ${{ secrets.SLACK_TOKEN }} + channel: ${{ secrets.SLACK_CHANNEL }} + message: deployed infisical/staging_infisical:${{ steps.commit.outputs.short }} to ${{ vars.ENVIRONMENT }}