diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml index 42fa24c..4ddb4ff 100644 --- a/.github/workflows/docker-build.yml +++ b/.github/workflows/docker-build.yml @@ -9,6 +9,9 @@ on: - '!.github/workflows/docker.yml' workflow_dispatch: +env: + REGISTRY: ghcr.io + IMAGE_NAME: ${{ github.repository }} jobs: docker-action: @@ -29,22 +32,32 @@ jobs: - name: Login to GitHub Container Registry uses: docker/login-action@v3 with: - registry: ghcr.io + registry: ${{ env.REGISTRY }} username: ${{ github.repository_owner }} password: ${{ secrets.GITHUB_TOKEN }} + - name: Docker metadata + uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1 + id: metadata + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + tags: | + type=raw,value=${{ env.TIMESTAMP_TAG }} + - name: Build for development - uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0 - if: + uses: docker/bake-action@2e3d19baedb14545e5d41222653874f25d5b4dfb # v5.10.0 + env: + REGISTRY: ${{ env.REGISTRY }} + IMAGE_NAME: ${{ env.IMAGE_NAME }} + TIMESTAMP_TAG: ${{ env.TIMESTAMP_TAG }} with: - context: . + files: | + ./docker-bake.hcl + ${{ steps.metadata.outputs.bake-file }} + push: true load: true - platforms: linux/amd64 no-cache: true - pull: true - target: production - tags: "ghcr.io/${{ github.repository }}/github-to-slack-notifier:${{ env.TIMESTAMP_TAG }}" - push: true + targets: build - name: Run Trivy to check Docker images for vulnerabilities uses: aquasecurity/trivy-action@18f2510ee396bbf400402947b394f2dd8c87dbb0 # v0.29.0 @@ -52,21 +65,9 @@ jobs: TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db TRIVY_JAVA_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-java-db with: - image-ref: "ghcr.io/${{ github.repository }}/github-to-slack-notifier:${{ env.TIMESTAMP_TAG }}" + image-ref: "${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.TIMESTAMP_TAG }}" format: 'table' exit-code: '1' ignore-unfixed: true vuln-type: 'os,library' severity: 'CRITICAL,HIGH' - - - name: Build for production - uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0 - if: github.ref == 'refs/heads/main' && github.event_name != 'workflow_dispatch' - with: - context: . - load: true - platforms: linux/amd64 - no-cache: true - pull: true - target: production - tags: "ghcr.io/${{ github.repository }}/github-to-slack-notifier:latest" diff --git a/.github/workflows/docker-release.yml b/.github/workflows/docker-release.yml new file mode 100644 index 0000000..04cafb7 --- /dev/null +++ b/.github/workflows/docker-release.yml @@ -0,0 +1,51 @@ +on: + push: + tags: + - 'v*' + +env: + REGISTRY: ghcr.io + IMAGE_NAME: ${{ github.repository }} + +jobs: + build-release-image: + name: Build release Docker image + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + + steps: + - uses: actions/checkout@v4 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + + - name: Login to GitHub Container Registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Extract metadata for Docker build + id: metadata + uses: docker/metadata-action@v5 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + tags: | + type=semver,pattern={{version}} + + - name: Build for development + uses: docker/bake-action@2e3d19baedb14545e5d41222653874f25d5b4dfb # v5.10.0 + with: + files: | + ./docker-bake.hcl + ${{ steps.metadata.outputs.bake-file }} + push: true + load: true + no-cache: true + targets: build diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..15e8345 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,24 @@ +name: Release + +on: + push: + branches: + - main + paths-ignore: + - '**/*.md' + - '*.md' + - 'LICENSE' + workflow_dispatch: + +jobs: + release: + name: release + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + with: + persist-credentials: false + - name: Semantic Release + uses: cycjimmy/semantic-release-action@cb425203a562475bca039ba4dbf90c7f9ac790f4 # v4.1.0 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/tag.yml b/.github/workflows/tag.yml deleted file mode 100644 index 02aa9da..0000000 --- a/.github/workflows/tag.yml +++ /dev/null @@ -1,49 +0,0 @@ -name: Tag version -on: - push: - branches: - - main - paths-ignore: - - '**/*.md' - - '*.md' - - 'LICENSE' - -jobs: - build: - runs-on: ubuntu-latest - env: - MAJOR_VERSION: 1 - MINOR_VERSION: 0 - steps: - - uses: actions/checkout@v4 - - - name: Remove tag for major version - uses: actions/github-script@v7 - continue-on-error: true - with: - script: | - github.rest.git.deleteRef({ - owner: context.repo.owner, - repo: context.repo.repo, - ref: 'tags/v' + process.env.MAJOR_VERSION, - }) - - - name: Create tag for major version - if: always() - uses: actions/github-script@v7 - with: - script: | - github.rest.git.createRef({ - owner: context.repo.owner, - repo: context.repo.repo, - ref: 'refs/tags/v' + process.env.MAJOR_VERSION, - sha: context.sha - }) - - - name: Bump version and push tag - uses: anothrNick/github-tag-action@f278d49d30cdd8775cc3e7dd00b5ee11686ee297 # v1.71.0 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - WITH_V: true - DEFAULT_BUMP: patch - INITIAL_VERSION: ${{ env.MAJOR_VERSION }}.${{ env.MINOR_VERSION }}.0 diff --git a/.releaserc b/.releaserc new file mode 100644 index 0000000..405df3a --- /dev/null +++ b/.releaserc @@ -0,0 +1,13 @@ +{ + "branches": ["main"], + "plugins": [ + "@semantic-release/commit-analyzer", + "@semantic-release/release-notes-generator", + [ + "@semantic-release/changelog" + ], + [ + "@semantic-release/github" + ] + ] +} diff --git a/README.md b/README.md index 7c920d5..512faf7 100644 --- a/README.md +++ b/README.md @@ -1,9 +1,57 @@ -# github-to-slack-notifier +# Github to Slack Notifier A Github action to send a Slack Direct Message. This action finds the corporate e-mails of a git user in the configured org and sends a DM to a user in Slack with the same corporate e-mail address +## Usage + +### Using the pre-built container + +```yaml +jobs: + send-slack-dm: + name: Send a Slack DM + runs-on: ubuntu-latest + + steps: + name: Send Slack DM to user on deploy failure + id: send-slack-dm + uses: docker://ghcr.io/rewindio/github-to-slack-notifier:latest + with: + github_token: ${{ secrets.GITHUB_USER_LOOKUP_TOKEN }} + slack_bot_token: ${{ secrets.SLACK_DM_TOKEN }} + github_org: ${{ github.repository_owner }} + list_of_github_users: "github_user" + message: "Hello!" +``` + +### Building the container on each Github Action run + +```yaml +jobs: + send-slack-dm: + name: Send a Slack DM + runs-on: ubuntu-latest + + steps: + name: Send Slack DM to user on deploy failure + id: send-slack-dm + uses: rewindio/github-to-slack-notifier@v{VERSION_TAG} + with: + github_token: ${{ secrets.GITHUB_USER_LOOKUP_TOKEN }} + slack_bot_token: ${{ secrets.SLACK_DM_TOKEN }} + github_org: ${{ github.repository_owner }} + list_of_github_users: "github_user" + message: "Hello!" +``` + +This will build the `github-to-slack-notifier` action container on each workflow run. + +The docker build may hang when the action builds the container. + +To prevent long action run times, using the pre-built container is recommended. + ## Input Variables The action requires the following input variables: diff --git a/docker-bake.hcl b/docker-bake.hcl new file mode 100644 index 0000000..6460d21 --- /dev/null +++ b/docker-bake.hcl @@ -0,0 +1,10 @@ +target "docker-metadata-action" {} + +target "build" { + inherits = ["docker-metadata-action"] + context = "./" + dockerfile = "Dockerfile" + platforms = [ + "linux/amd64" + ] +}