mirror of
https://github.com/certbot/certbot.git
synced 2026-05-28 04:34:11 -04:00
0eb8af20a5
Fixes https://github.com/certbot/certbot/issues/10599 This approach creates a new azure stage Notify and posts to the mattermost webhook directly from within azure. The python script uses the azure rest api to get the status of the Deploy stage specifically. This will be failed if it failed, or skipped if a previous stage failed, or abandoned if it timed out. We may want to remove the existing azure build failure notification when this is merged. It can be deleted from [here](https://dev.azure.com/certbot/certbot/_settings/serviceHooks) (it's the one that says "Build release, status Failed"), although personally I think it's fine to keep it. History of alternate general approaches I investigated: 1. give azure a custom file to say a message that depends on the requestedBy field. impossible. no custom messages at all, much less dependant ones. 2. hook azure build completed webhook trigger directly to github respository_dispatch event. impossible. azure will send data in a [specific format](https://learn.microsoft.com/en-us/azure/devops/service-hooks/events?view=azure-devops#build.complete), which is not the format [github requires](https://docs.github.com/en/rest/repos/repos?apiVersion=2026-03-10#create-a-repository-dispatch-event). 3. option 2, but put a custom server somewhere to translate them. or to grab azure and send directly to mattermost. this is a horrible idea; no one wants to be managing a production server with secrets on it. 4. a mattermost bot is just a special user account. the sender still has to format the data so mm can read it. 5. block on migrating from azure to github actions. drawback: this will likely take a while, and also we're not definitely doing it. see https://github.com/certbot/certbot/issues/10581 6. smaller than 5; wrap release in a github action that calls azure inside of it. and then if we end up migrating more, it should be pretty smooth to move things inside of actions. drawback: this will probably not integrate as smoothly, given we use the azure integration. I did not investigate further. 7. there doesn't seem to be any sort of github actions event about builds passing on a certain branch that we can check 8. just message mattermost directly from within the pipeline as a final stage --> where I landed. There's further discussion in the comments about others ways we tried to structure the pipeline and get information from azure that's not super necessary to read to review this PR. Relevant links: https://learn.microsoft.com/en-us/azure/devops/service-hooks/events?view=azure-devops#build.complete https://learn.microsoft.com/en-us/azure/devops/service-hooks/services/webhooks?view=azure-devops#resource-details-to-send https://learn.microsoft.com/en-us/azure/devops/pipelines/build/variables?view=azure-devops&tabs=yaml#agent-variables https://learn.microsoft.com/en-us/azure/devops/pipelines/process/conditions?view=azure-devops&tabs=yaml#job-status-functions https://docs.github.com/en/actions/reference/workflows-and-actions/events-that-trigger-workflows https://docs.github.com/en/rest/repos/repos?apiVersion=2026-03-10#create-a-repository-dispatch-event https://docs.github.com/en/webhooks/webhook-events-and-payloads#repository_dispatch Results of tests with the latest code are here: https://dev.azure.com/certbot/certbot/_build/results?buildId=10309&view=results https://dev.azure.com/certbot/certbot/_build/results?buildId=10310&view=results https://dev.azure.com/certbot/certbot/_build/results?buildId=10311&view=results Plus the mattermost messages did get sent. --------- Co-authored-by: Brad Warren <bmw@users.noreply.github.com>
98 lines
3.3 KiB
Python
Executable file
98 lines
3.3 KiB
Python
Executable file
#!/usr/bin/env python
|
|
"""
|
|
Script to notify the person doing the release that the Azure run was successful.
|
|
|
|
Run:
|
|
|
|
python tools/notify_mattermost.py GITHUB_AUTHOR_NAME MATTERMOST_WEBHOOK_URL
|
|
"""
|
|
import os
|
|
import random
|
|
import requests
|
|
import sys
|
|
|
|
repo_name = os.environ['BUILD_REPOSITORY_ID']
|
|
build_id = os.environ['BUILD_BUILDID']
|
|
|
|
def get_greeting():
|
|
fun_greetings = [
|
|
'Hey',
|
|
'Paging',
|
|
'Hi',
|
|
'Pinging',
|
|
]
|
|
return random.choice(fun_greetings)
|
|
|
|
def get_message():
|
|
fun_success_messages = [
|
|
'the certbot release is ready to come out of the oven!',
|
|
"it's release-finishing go time!",
|
|
'all certbot release systems are set for launch!',
|
|
]
|
|
|
|
# https://learn.microsoft.com/en-us/rest/api/azure/devops/build/timeline/get?view=azure-devops-rest-7.1
|
|
timeline_url = f'https://dev.azure.com/{repo_name}/_apis/build/builds/{build_id}/timeline/?api-version=7.1'
|
|
response = requests.get(timeline_url)
|
|
response.raise_for_status()
|
|
data = response.json()
|
|
deploy_record = next((rec for rec in data['records'] if rec['name'] == 'Deploy'), None)
|
|
if deploy_record is None:
|
|
raise RuntimeError('Unable to find the record for the Deploy stage')
|
|
deploy_result = deploy_record['result']
|
|
if deploy_result in ['succeeded', 'succeededWithIssues']:
|
|
message = random.choice(fun_success_messages)
|
|
elif deploy_result in ['skipped', 'failed', 'abandoned']:
|
|
message = "the release pipeline has failed."
|
|
else:
|
|
raise RuntimeError('Unexpected stage result {0}'.format(deploy_result))
|
|
return message
|
|
|
|
def get_mattermost_url():
|
|
# This should be a mattermost webhook url that posts to a specific channel,
|
|
# created by certbotbot, with a file containing the url saved in azure pipelines secret
|
|
# files, under pipelines > library. The secret file will need to be given permission to
|
|
# be used by the specific pipeline, in this case 'release.'
|
|
url_path = sys.argv[2]
|
|
with open(url_path, 'r') as file:
|
|
url = file.read().rstrip()
|
|
return url
|
|
|
|
def get_headers():
|
|
headers = {
|
|
'Content-Type': 'application/json',
|
|
}
|
|
return headers
|
|
|
|
def get_content():
|
|
build_url = f'https://dev.azure.com/{repo_name}/_build/results?buildId={build_id}&view=results'
|
|
|
|
# We use github author here because it's what we have access to. If the name sometimes
|
|
# changes, add any name it might be. Check the git log.
|
|
requested_for = sys.argv[1].rstrip()
|
|
# This is a map of team member github author names to opensource mattermost username
|
|
usernames_map = {
|
|
'Will Greenberg': 'willg',
|
|
'Erica Portnoy': 'erica',
|
|
'Brad Warren': 'brad',
|
|
'ohemorange': 'erica',
|
|
}
|
|
|
|
if requested_for in usernames_map:
|
|
text_body = f'{get_greeting()} @{usernames_map[requested_for]}, {get_message()}\n{build_url}'
|
|
else:
|
|
text_body = (f"{get_greeting()} {requested_for}, {get_message()}\nIf you'd like to get @ mentioned for "
|
|
"releases you do in the future, please modify tools/notify_mattermost.py with your "
|
|
f"git author name.\n{build_url}")
|
|
|
|
content = {
|
|
'text': text_body,
|
|
}
|
|
return content
|
|
|
|
response = requests.request(
|
|
method='POST',
|
|
url=get_mattermost_url(),
|
|
headers=get_headers(),
|
|
json=get_content(),
|
|
)
|
|
response.raise_for_status()
|