Notifications in Slack for CloudBuild activity (#100)

This sets up the "prod" environment which talks to the public cloudbuild-notifications channel. The names of the resources needed to be shortened in the main module because the extra character in the env name was too long.
transparency-dev · Feb 21, 2024 · 61aa7cb · 61aa7cb
1 parent 4cbbd8b
commit 61aa7cb
Show file tree

Hide file tree

Showing 5 changed files with 89 additions and 3 deletions.
diff --git a/deployment/live/cloudbuild/README.md b/deployment/live/cloudbuild/README.md
@@ -13,3 +13,18 @@ Error: Error creating Trigger: googleapi: Error 400: Repository mapping does not
 
 This is a manual one-time step that needs to be followed to integrate GCB and the GitHub project.
 
+### Slack notifications
+
+Each cloudbuild environment sets up a Slack integration. This requires:
+ 1. A webhook to have been created in a Slack app (https://api.slack.com/apps/A06KYD43DPE/incoming-webhooks)
+ 2. This webhook URL has been stored as a secret in Secret Manager in cloud
+
+One unfortunate issue is that there is a common dependency on the pubsub topic `cloud-builds`.
+The first environment will create this, and other environments will then fail to create it because the name is in use.
+To work around this:
+
+```
+terragrunt import module.cloud-build-slack-notifier.google_pubsub_topic.cloud_builds projects/checkpoint-distributor/topics/cloud-builds
+```
+
+This imports the resource into this configuration, and running `terragrunt apply` again after this should work.
diff --git a/deployment/live/cloudbuild/prod/.terraform.lock.hcl b/deployment/live/cloudbuild/prod/.terraform.lock.hcl
diff --git a/deployment/live/cloudbuild/prod/slack.json b/deployment/live/cloudbuild/prod/slack.json
@@ -0,0 +1,30 @@
+[
+    {
+      "type": "section",
+      "text": {
+        "type": "mrkdwn",
+        "text": "Cloud Build {{.Build.ProjectId}} {{.Build.Id}} {{.Build.Status}}"
+      }
+    },
+    {
+      "type": "divider"
+    },
+    {
+      "type": "section",
+      "text": {
+        "type": "mrkdwn",
+        "text": "View Build Logs"
+      },
+      "accessory": {
+        "type": "button",
+        "text": {
+          "type": "plain_text",
+          "text": "Logs"
+        },
+        "value": "click_me_123",
+        "url": "{{.Build.LogUrl}}",
+        "action_id": "button-action"
+      }
+    }
+  ]
+
diff --git a/deployment/live/cloudbuild/prod/terragrunt.hcl b/deployment/live/cloudbuild/prod/terragrunt.hcl
@@ -13,8 +13,9 @@ locals {
 inputs = merge(
   local.common_vars.locals,
   {
-    env               = "prod"
-    cloud_run_service = "distributor-service-ci"
+    env                 = "prod"
+    cloud_run_service   = "distributor-service-ci"
+    slack_template_json = file("slack.json")
   }
 )
 
diff --git a/deployment/modules/cloudbuild/main.tf b/deployment/modules/cloudbuild/main.tf
@@ -117,7 +117,7 @@ module "cloud-build-slack-notifier" {
   # source  = "simplifi/cloud-build-slack-notifier/google"
   # version = "0.3.0"
 
-  name       = "gcp-slack-notifier-${var.env}"
+  name       = "gcp-slack-${var.env}"
   project_id = var.project_id
 
   # https://api.slack.com/apps/A06KYD43DPE/incoming-webhooks