chore(ci): update notifications (#279)

Signed-off-by: Evgeniy Frolov <[email protected]>
werf · Dec 9, 2024 · e5e242a · e5e242a
1 parent 9836157
commit e5e242a
Show file tree

Hide file tree

Showing 12 changed files with 232 additions and 194 deletions.
diff --git a/.github/workflows/_notification.yml b/.github/workflows/_notification.yml
@@ -0,0 +1,73 @@
+name: xxxxx(internal)
+
+on:
+  workflow_call:
+    secrets:
+      webhook:
+        description: "Loop webhook URL"
+        required: true
+      notificationChannel:
+        description: "Loop notification channel"
+        required: true
+      loopNotificationGroup:
+        description: "Loop notification group"
+        required: false
+
+defaults:
+  run:
+    shell: bash
+
+jobs:
+  _:
+    runs-on: ubuntu-22.04
+    timeout-minutes: 10
+    steps:
+      - name: Run workflow status conclusion manager
+        uses: technote-space/workflow-conclusion-action@v3
+
+      - if: env.WORKFLOW_CONCLUSION == 'failure'
+        name: get failed jobs
+        id: failed_jobs
+        run: |
+          echo 'failed<<EOF' >> $GITHUB_OUTPUT 
+          echo "$(curl ${{ github.api_url }}/repos/${{ github.repository }}/actions/runs/${{ github.run_id }}/jobs | jq -r '.jobs[]| select (.conclusion == "failure") | .html_url')" >> $GITHUB_OUTPUT
+          echo 'EOF' >> $GITHUB_OUTPUT
+      - if: (env.WORKFLOW_CONCLUSION == 'failure' && startsWith(github.ref, 'refs/pull/'))
+        name: get user
+        id: get_user
+        run: |
+          echo username=$(curl ${{ github.api_url }}/users/${{ github.triggering_actor }} | jq -r '.name' | tr '[:upper:]' '[:lower:]' | tr " " . ) >> $GITHUB_OUTPUT
+
+      - if: "(env.WORKFLOW_CONCLUSION == 'failure' && ! startsWith(github.ref, 'refs/pull/'))"
+        name: Failure notify
+        uses: mattermost/action-mattermost-notify@master
+        with:
+          MATTERMOST_WEBHOOK_URL: ${{ secrets.webhook }}
+          MATTERMOST_CHANNEL: ${{ secrets.notificationChannel }}
+          TEXT: |
+            ${{ secrets.loopNotificationGroup }} Прод упал в ${{ github.repository }} :pepe_monkaw: 
+            [${{ github.workflow }}](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}) ${{ github.ref_name }} :pepe_deadge: 
+            Упавшие джобы:
+            ${{ steps.failed_jobs.outputs.failed }}
+
+      - if: env.WORKFLOW_CONCLUSION == 'success'
+        name: Success notify
+        uses: mattermost/action-mattermost-notify@master
+        with:
+          MATTERMOST_WEBHOOK_URL: ${{ secrets.webhook }}
+          MATTERMOST_CHANNEL: ${{ secrets.notificationChannel }}
+          TEXT: |
+            Workflow успешно завершился в ${{ github.repository }} :bender: 
+            [${{ github.workflow }}](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}) ${{ github.ref_name }} :success:
+
+      - if: (env.WORKFLOW_CONCLUSION == 'failure' && startsWith(github.ref, 'refs/pull/'))
+        name: Failure notify for PRs
+        uses: mattermost/action-mattermost-notify@master
+        with:
+          MATTERMOST_WEBHOOK_URL: ${{ secrets.webhook }}
+          MATTERMOST_CHANNEL: ${{ secrets.notificationChannel }}
+          TEXT: |
+            @${{ steps.get_user.outputs.username }} Проблема в ветке в ${{ github.repository }} :press_f:
+            [${{ github.workflow }}](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}) ${{ github.ref_name }} :pepe_deadge: 
+            Упавшие джобы:
+            ${{ steps.failed_jobs.outputs.failed }}
diff --git a/.github/workflows/docs_cli_and_api_partials_checker.yml b/.github/workflows/docs_cli_and_api_partials_checker.yml
@@ -2,9 +2,9 @@ name: CLI and API partials checker
 on:
   push:
     paths:
-      - '.github/workflows/docs_cli_and_api_partials_checker.yml'
-      - 'client/cmd/**'
-      - 'server/**'
+      - ".github/workflows/docs_cli_and_api_partials_checker.yml"
+      - "client/cmd/**"
+      - "server/**"
   workflow_dispatch:
 
 jobs:

diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml
@@ -2,7 +2,7 @@ name: Lint
 on:
   push:
     paths:
-      - '**/*.go'
+      - "**/*.go"
   workflow_dispatch:
 
 jobs:
@@ -15,7 +15,7 @@ jobs:
       max-parallel: 6
       fail-fast: false
       matrix:
-        directory: [ "client", "server", "e2e" ]
+        directory: ["client", "server", "e2e"]
     steps:
       - name: Checkout code
         uses: actions/checkout@v4

diff --git a/.github/workflows/release_please.yml b/.github/workflows/release_please.yml
@@ -2,42 +2,42 @@ name: Do release PR or GitHub release
 on:
   push:
     branches:
-    - main
+      - main
   workflow_dispatch:
 
 jobs:
   release-please:
     runs-on: ubuntu-latest
     steps:
-    - uses: werf/third-party-release-please-action@werf
-      with:
-        release-type: go
-        token: ${{ secrets.RELEASE_PLEASE_TOKEN }}
-        release-notes-header: "## Changelog"
-        release-notes-footer: |
-          ## Installation
-          Download `trdl` Vault plugin binaries from here:
-          * [Linux amd64](https://storage.googleapis.com/trdl-server-tuf/targets/releases/{{> version }}/linux-amd64/bin/vault-plugin-secrets-trdl) ([PGP signature](https://storage.googleapis.com/trdl-server-tuf/targets/signatures/{{> version }}/linux-amd64/bin/vault-plugin-secrets-trdl.sig))
-          * [Linux arm64](https://storage.googleapis.com/trdl-server-tuf/targets/releases/{{> version }}/linux-arm64/bin/vault-plugin-secrets-trdl) ([PGP signature](https://storage.googleapis.com/trdl-server-tuf/targets/signatures/{{> version }}/linux-arm64/bin/vault-plugin-secrets-trdl.sig))
-          * [macOS amd64](https://storage.googleapis.com/trdl-server-tuf/targets/releases/{{> version }}/darwin-amd64/bin/vault-plugin-secrets-trdl) ([PGP signature](https://storage.googleapis.com/trdl-server-tuf/targets/signatures/{{> version }}/darwin-amd64/bin/vault-plugin-secrets-trdl.sig))
-          * [macOS arm64](https://storage.googleapis.com/trdl-server-tuf/targets/releases/{{> version }}/darwin-arm64/bin/vault-plugin-secrets-trdl) ([PGP signature](https://storage.googleapis.com/trdl-server-tuf/targets/signatures/{{> version }}/darwin-arm64/bin/vault-plugin-secrets-trdl.sig))
-          * [Windows amd64](https://storage.googleapis.com/trdl-server-tuf/targets/releases/{{> version }}/windows-amd64/bin/vault-plugin-secrets-trdl.exe) ([PGP signature](https://storage.googleapis.com/trdl-server-tuf/targets/signatures/{{> version }}/windows-amd64/bin/vault-plugin-secrets-trdl.exe.sig))
+      - uses: werf/third-party-release-please-action@werf
+        with:
+          release-type: go
+          token: ${{ secrets.RELEASE_PLEASE_TOKEN }}
+          release-notes-header: "## Changelog"
+          release-notes-footer: |
+            ## Installation
+            Download `trdl` Vault plugin binaries from here:
+            * [Linux amd64](https://storage.googleapis.com/trdl-server-tuf/targets/releases/{{> version }}/linux-amd64/bin/vault-plugin-secrets-trdl) ([PGP signature](https://storage.googleapis.com/trdl-server-tuf/targets/signatures/{{> version }}/linux-amd64/bin/vault-plugin-secrets-trdl.sig))
+            * [Linux arm64](https://storage.googleapis.com/trdl-server-tuf/targets/releases/{{> version }}/linux-arm64/bin/vault-plugin-secrets-trdl) ([PGP signature](https://storage.googleapis.com/trdl-server-tuf/targets/signatures/{{> version }}/linux-arm64/bin/vault-plugin-secrets-trdl.sig))
+            * [macOS amd64](https://storage.googleapis.com/trdl-server-tuf/targets/releases/{{> version }}/darwin-amd64/bin/vault-plugin-secrets-trdl) ([PGP signature](https://storage.googleapis.com/trdl-server-tuf/targets/signatures/{{> version }}/darwin-amd64/bin/vault-plugin-secrets-trdl.sig))
+            * [macOS arm64](https://storage.googleapis.com/trdl-server-tuf/targets/releases/{{> version }}/darwin-arm64/bin/vault-plugin-secrets-trdl) ([PGP signature](https://storage.googleapis.com/trdl-server-tuf/targets/signatures/{{> version }}/darwin-arm64/bin/vault-plugin-secrets-trdl.sig))
+            * [Windows amd64](https://storage.googleapis.com/trdl-server-tuf/targets/releases/{{> version }}/windows-amd64/bin/vault-plugin-secrets-trdl.exe) ([PGP signature](https://storage.googleapis.com/trdl-server-tuf/targets/signatures/{{> version }}/windows-amd64/bin/vault-plugin-secrets-trdl.exe.sig))
 
-          These binaries were signed with PGP and could be verified with [this PGP public key](https://trdl.dev/trdl-server.asc).
+            These binaries were signed with PGP and could be verified with [this PGP public key](https://trdl.dev/trdl-server.asc).
 
-          Download `trdl` client binaries from here:
-          * [Linux amd64](https://tuf.trdl.dev/targets/releases/{{> version }}/linux-amd64/bin/trdl) ([PGP signature](https://tuf.trdl.dev/targets/signatures/{{> version }}/linux-amd64/bin/trdl.sig))
-          * [Linux arm64](https://tuf.trdl.dev/targets/releases/{{> version }}/linux-arm64/bin/trdl) ([PGP signature](https://tuf.trdl.dev/targets/signatures/{{> version }}/linux-arm64/bin/trdl.sig))
-          * [macOS amd64](https://tuf.trdl.dev/targets/releases/{{> version }}/darwin-amd64/bin/trdl) ([PGP signature](https://tuf.trdl.dev/targets/signatures/{{> version }}/darwin-amd64/bin/trdl.sig))
-          * [macOS arm64](https://tuf.trdl.dev/targets/releases/{{> version }}/darwin-arm64/bin/trdl) ([PGP signature](https://tuf.trdl.dev/targets/signatures/{{> version }}/darwin-arm64/bin/trdl.sig))
-          * [Windows amd64](https://tuf.trdl.dev/targets/releases/{{> version }}/windows-amd64/bin/trdl.exe) ([PGP signature](https://tuf.trdl.dev/targets/signatures/{{> version }}/windows-amd64/bin/trdl.exe.sig))
+            Download `trdl` client binaries from here:
+            * [Linux amd64](https://tuf.trdl.dev/targets/releases/{{> version }}/linux-amd64/bin/trdl) ([PGP signature](https://tuf.trdl.dev/targets/signatures/{{> version }}/linux-amd64/bin/trdl.sig))
+            * [Linux arm64](https://tuf.trdl.dev/targets/releases/{{> version }}/linux-arm64/bin/trdl) ([PGP signature](https://tuf.trdl.dev/targets/signatures/{{> version }}/linux-arm64/bin/trdl.sig))
+            * [macOS amd64](https://tuf.trdl.dev/targets/releases/{{> version }}/darwin-amd64/bin/trdl) ([PGP signature](https://tuf.trdl.dev/targets/signatures/{{> version }}/darwin-amd64/bin/trdl.sig))
+            * [macOS arm64](https://tuf.trdl.dev/targets/releases/{{> version }}/darwin-arm64/bin/trdl) ([PGP signature](https://tuf.trdl.dev/targets/signatures/{{> version }}/darwin-arm64/bin/trdl.sig))
+            * [Windows amd64](https://tuf.trdl.dev/targets/releases/{{> version }}/windows-amd64/bin/trdl.exe) ([PGP signature](https://tuf.trdl.dev/targets/signatures/{{> version }}/windows-amd64/bin/trdl.exe.sig))
 
-          These binaries were signed with PGP and could be verified with [this PGP public key](https://trdl.dev/trdl-client.asc).
+            These binaries were signed with PGP and could be verified with [this PGP public key](https://trdl.dev/trdl-client.asc).
 
-          For example, `trdl` client binary can be downloaded, verified with `gpg` and then installed to `~/bin/` on Linux with these commands:
-          ```shell
-          curl -sSLO "https://tuf.trdl.dev/targets/releases/{{> version }}/linux-amd64/bin/trdl" -O "https://tuf.trdl.dev/targets/signatures/{{> version }}/linux-amd64/bin/trdl.sig"
-          curl -sSL https://trdl.dev/trdl-client.asc | gpg --import
-          gpg --verify trdl.sig trdl
-          install -D trdl ~/bin/trdl
-          ```
+            For example, `trdl` client binary can be downloaded, verified with `gpg` and then installed to `~/bin/` on Linux with these commands:
+            ```shell
+            curl -sSLO "https://tuf.trdl.dev/targets/releases/{{> version }}/linux-amd64/bin/trdl" -O "https://tuf.trdl.dev/targets/signatures/{{> version }}/linux-amd64/bin/trdl.sig"
+            curl -sSL https://trdl.dev/trdl-client.asc | gpg --import
+            gpg --verify trdl.sig trdl
+            install -D trdl ~/bin/trdl
+            ```
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
@@ -1,30 +1,30 @@
 name: Tests
 on:
   push:
+    branches: [main]
     paths:
-      - 'client/scripts/ci'
-      - 'client/scripts/minio'
-      - '.github/workflows/tests.yml'
-      - '**/*.go'
+      - "client/scripts/ci"
+      - "client/scripts/minio"
+      - ".github/workflows/tests.yml"
+      - "**/*.go"
       - go.mod
   schedule:
-    - cron: '0 8 * * *'
+    - cron: "0 8 * * *"
+  pull_request:
   repository_dispatch:
-    types: [ tests ]
+    types: [tests]
   workflow_dispatch:
 
 jobs:
-
   tests:
     name: Tests
     strategy:
       fail-fast: false
       matrix:
-        directory: [ server ]
-        os: [ ubuntu-latest ]
+        directory: [server]
+        os: [ubuntu-latest]
     runs-on: ${{ matrix.os }}
     steps:
-
       - name: Checkout code
         uses: actions/checkout@v4
 
@@ -39,20 +39,20 @@ jobs:
           export TRDL_TEST_COVERAGE_DIR=$GITHUB_WORKSPACE/tests_coverage/tests/${{ matrix.os }}/${{ matrix.directory }}
           mkdir -p $TRDL_TEST_COVERAGE_DIR
           echo TRDL_TEST_COVERAGE_DIR=$TRDL_TEST_COVERAGE_DIR >> $GITHUB_ENV
-          
+
           # git user
           ./e2e/scripts/ci/git.sh
-          
+
           # install gpg
           sudo apt-get update
           sudo apt-get install gpg
-          
+
           # install git-signatures
           git clone https://github.com/werf/3p-git-signatures.git
           cd 3p-git-signatures
           make install
           echo "~/.local/bin" >> $GITHUB_PATH
-          
+
           # install ginkgo
           go install github.com/onsi/ginkgo/v2/ginkgo@latest
         shell: bash
@@ -72,10 +72,9 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        os: [ ubuntu-latest ]
+        os: [ubuntu-latest]
     runs-on: ${{ matrix.os }}
     steps:
-
       - name: Checkout code
         uses: actions/checkout@v4
 
@@ -100,11 +99,11 @@ jobs:
 
           # git user
           ./scripts/ci/git.sh
-          
+
           # install gpg
           sudo apt-get update
           sudo apt-get install gpg
-          
+
           # install git-signatures
           git clone https://github.com/werf/3p-git-signatures.git
           cd 3p-git-signatures
@@ -130,7 +129,6 @@ jobs:
       - e2e_tests
     runs-on: ubuntu-latest
     steps:
-
       - name: Checkout code
         uses: actions/checkout@v4
 
@@ -180,14 +178,8 @@ jobs:
     name: Notification
     if: always()
     needs: upload_coverage
-    runs-on: ubuntu-latest
-    steps:
-
-      - uses: technote-space/workflow-conclusion-action@v2
-
-      - name: Notify
-        uses: rtCamp/action-slack-notify@v2
-        env:
-          SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
-          SLACK_COLOR: ${{ env.WORKFLOW_CONCLUSION }}
-          MSG_MINIMAL: "ref,actions url"
+    uses: ./.github/workflows/_notification.yml
+    secrets:
+      loopNotificationGroup: ${{ secrets.LOOP_NOTIFICATION_GROUP }}
+      webhook: ${{ secrets.LOOP_NOTIFICATION_WEBHOOK }}
+      notificationChannel: ${{ secrets.LOOP_NOTIFICATION_CHANNEL }}
diff --git a/.github/workflows/trdl_publisher.yml b/.github/workflows/trdl_publisher.yml
@@ -12,36 +12,30 @@ jobs:
     name: Publish release channels using trdl server
     runs-on: ubuntu-latest
     steps:
-    - name: Publish client channels
-      uses: werf/trdl-vault-actions/publish@main
-      with:
-        vault-addr: ${{ secrets.TRDL_VAULT_ADDR }}
-        project-name: trdl
-        vault-auth-method: approle
-        vault-role-id: ${{ secrets.TRDL_VAULT_ROLE_ID }}
-        vault-secret-id: ${{ secrets.TRDL_VAULT_SECRET_ID }}
+      - name: Publish client channels
+        uses: werf/trdl-vault-actions/publish@main
+        with:
+          vault-addr: ${{ secrets.TRDL_VAULT_ADDR }}
+          project-name: trdl
+          vault-auth-method: approle
+          vault-role-id: ${{ secrets.TRDL_VAULT_ROLE_ID }}
+          vault-secret-id: ${{ secrets.TRDL_VAULT_SECRET_ID }}
 
-    - name: Publish server channels
-      uses: werf/trdl-vault-actions/publish@main
-      with:
-        vault-addr: ${{ secrets.TRDL_VAULT_ADDR }}
-        project-name: trdl-server
-        vault-auth-method: approle
-        vault-role-id: ${{ secrets.TRDL_VAULT_ROLE_ID_FOR_TRDL_SERVER }}
-        vault-secret-id: ${{ secrets.TRDL_VAULT_SECRET_ID_FOR_TRDL_SERVER }}
+      - name: Publish server channels
+        uses: werf/trdl-vault-actions/publish@main
+        with:
+          vault-addr: ${{ secrets.TRDL_VAULT_ADDR }}
+          project-name: trdl-server
+          vault-auth-method: approle
+          vault-role-id: ${{ secrets.TRDL_VAULT_ROLE_ID_FOR_TRDL_SERVER }}
+          vault-secret-id: ${{ secrets.TRDL_VAULT_SECRET_ID_FOR_TRDL_SERVER }}
 
   notification:
     name: Notification
     if: always()
     needs: publish
-    runs-on: ubuntu-latest
-    steps:
-
-      - uses: technote-space/workflow-conclusion-action@v2
-
-      - name: Notify
-        uses: rtCamp/action-slack-notify@v2
-        env:
-          SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
-          SLACK_COLOR: ${{ env.WORKFLOW_CONCLUSION }}
-          MSG_MINIMAL: "ref,actions url"
+    uses: ./.github/workflows/_notification.yml
+    secrets:
+      loopNotificationGroup: ${{ secrets.LOOP_NOTIFICATION_GROUP }}
+      webhook: ${{ secrets.LOOP_NOTIFICATION_WEBHOOK }}
+      notificationChannel: ${{ secrets.LOOP_NOTIFICATION_CHANNEL }}