ci: alert on pipelines failing

[arealmaas]

Description

Related Issue(s)

• Rapportere til Slack status på CI/CD/E2E #230

Verification

• Your code builds clean without any errors or warnings
• Manual testing done (required)
• Relevant automated test added (if you find this hard, leave it and we'll help out)

Documentation

• Documentation is updated (either in docs-directory, Altinnpedia or a separate linked PR in altinn-studio-docs., if applicable)

Summary by CodeRabbit

• New Features

  • Introduced a Slack message template for pipeline failures, enhancing communication during CI/CD processes.
  • Added a send-slack-message job to CI/CD workflows for staging, production, and main environments to notify teams of failures.

• Bug Fixes

  • Improved visibility into deployment issues through automated Slack notifications.

[coderabbitai]

📝 Walkthrough

Walkthrough

This pull request introduces a new Slack message template for pipeline failures and adds a corresponding job to multiple CI/CD workflows. A JSON file named pipeline-failed.json is created in the .github/slack-templates directory, detailing the structure of the Slack message. Additionally, a send-slack-message job is added to the CI/CD workflows in .github/workflows/ci-cd-main.yml, .github/workflows/ci-cd-prod.yml, and .github/workflows/ci-cd-staging.yml, which sends a notification to Slack when the workflow fails.

Changes

File Path	Change Summary
.github/slack-templates/pipeline-failed.json	New file added to define a Slack message template for pipeline failures.
.github/workflows/ci-cd-main.yml	New job send-slack-message added to send a Slack notification on workflow failure.
.github/workflows/ci-cd-prod.yml	New job send-slack-message added to send a Slack notification on production workflow failure.
.github/workflows/ci-cd-staging.yml	New job send-slack-message added to send a Slack notification on staging workflow failure.

Possibly related PRs

• ci: send message on release created and successfully validated #1185: This PR introduces a send-slack-message job in a CI/CD workflow that also utilizes the slackapi/slack-github-action to send messages to Slack, similar to the main PR's addition of a Slack message template for pipeline failures.

Suggested reviewers

• oskogstad

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

[coderabbitai]

Actionable comments posted: 2

🧹 Outside diff range and nitpick comments (5)

.github/slack-templates/pipeline-failed.json (2)

3-9: LGTM: Section block is well-structured

The section block effectively communicates the pipeline failure and uses markdown formatting for emphasis. The dynamic environment variable is correctly implemented.

Consider adding more context to the message, such as the branch name or commit SHA, to help identify the specific pipeline run. For example:

-          "text": "*:rotating_light: Pipeline failing for *${{ env.ENVIRONMENT }}* :rotating_light:*\n\nPlease check the workflow for more details."
+          "text": "*:rotating_light: Pipeline failing for *${{ env.ENVIRONMENT }}* :rotating_light:*\n\nBranch: `${{ github.ref_name }}`\nCommit: `${{ github.sha }}`\n\nPlease check the workflow for more details."

---

11-23: LGTM: Actions block provides useful quick access

The actions block is well-structured and includes a button that links directly to the GitHub Actions run, which is very helpful for quick troubleshooting.

Consider enhancing the button's visibility and clarity:

           {
             "type": "button",
             "text": {
               "type": "plain_text",
-              "text": "View Run"
+              "text": "View Run :arrow_right:",
+              "emoji": true
             },
+            "style": "primary",
             "url": "https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}"
           }

This change adds an arrow emoji to the button text, enables emoji rendering, and sets the button style to "primary" for better visibility.

.github/workflows/ci-cd-main.yml (2)

153-169: LGTM with suggestions for improvement

The implementation of the send-slack-message job is well-structured and serves its purpose of notifying about pipeline failures. Here are some suggestions to enhance its robustness and flexibility:

1. Consider adding error handling and logging for the Slack message sending step. This will help diagnose issues if the notification fails to send.

2. The payload file path is currently hardcoded. For better flexibility, consider parameterizing this path, especially if you plan to use multiple templates in the future.

Here's a suggested improvement for error handling and logging:

- name: Send GitHub slack message
  id: slack
  env:
    SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}
    ENVIRONMENT: test
  uses: slackapi/[email protected]
  with:
    channel-id: ${{ secrets.SLACK_CHANNEL_ID_FOR_RELEASES }}
    payload-file-path: "./.github/slack-templates/pipeline-failed.json"
- name: Check Slack message status
  if: failure()
  run: |
    echo "Failed to send Slack message"
    echo "Slack API Response: ${{ steps.slack.outputs.slack-result }}"

For parameterizing the payload file path:

env:
  SLACK_PAYLOAD_PATH: "./.github/slack-templates/pipeline-failed.json"
...
with:
  payload-file-path: ${{ env.SLACK_PAYLOAD_PATH }}

This allows you to easily change the payload file path for different scenarios if needed in the future.

---

155-155: Consider more granular failure notifications

The current setup notifies on any workflow failure, which is good for overall monitoring. However, you might want to consider more granular notifications for specific job failures. This could help in quickly identifying which part of the pipeline failed without needing to check the GitHub Actions interface.

You could achieve this by:

1. Creating separate Slack message templates for different types of failures.
2. Using job outputs to pass failure information to the send-slack-message job.
3. Conditionally selecting the appropriate template based on which job(s) failed.

This approach would require restructuring the send-slack-message job and creating additional templates, but it could significantly improve the speed of identifying and responding to specific types of failures.

.github/workflows/ci-cd-prod.yml (1)

138-154: LGTM! Consider adding a comment for clarity.

The implementation of the send-slack-message job looks good. It's correctly set up to trigger on failure of the deployment jobs and uses the Slack GitHub action to send notifications.

Consider adding a brief comment above the job to explain its purpose, for example:

  # Notify team via Slack if any deployment job fails
  send-slack-message:
    name: Send Slack message on failure
    ...

This would enhance readability and make the workflow's structure more immediately clear to other developers.

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL

📥 Commits

Files that changed from the base of the PR and between 4c43e2f and d1b6efb.

📒 Files selected for processing (4)

• .github/slack-templates/pipeline-failed.json (1 hunks)
• .github/workflows/ci-cd-main.yml (1 hunks)
• .github/workflows/ci-cd-prod.yml (1 hunks)
• .github/workflows/ci-cd-staging.yml (1 hunks)

🧰 Additional context used

🔇 Additional comments (9)

.github/slack-templates/pipeline-failed.json (3)

1-25: LGTM: Overall structure is correct

The JSON structure follows the Slack Block Kit format, which is appropriate for creating custom Slack messages. The use of a "blocks" array allows for a flexible and well-structured message layout.

---

10-10: LGTM: Divider block is correctly implemented

The divider block provides a clear visual separation between the message content and the action button.

---

1-25: Overall: Well-structured Slack message template for pipeline failures

This JSON file effectively defines a Slack message template for alerting about pipeline failures. It uses Slack's Block Kit format correctly and includes all necessary components: a clear message, visual separation, and an action button for quick access to the failing run.

The use of GitHub Actions context variables ensures that the message will be dynamically populated with relevant information. The suggested enhancements, if implemented, would further improve the clarity and usability of the message.

Great job on implementing this alerting mechanism!

.github/workflows/ci-cd-staging.yml (3)

117-133: Summary: Changes align well with PR objectives.

The addition of the send-slack-message job successfully implements an alerting mechanism for failing pipelines, which aligns perfectly with the PR objectives. The job is well-integrated into the existing workflow and follows good practices for GitHub Actions:

1. It runs only on workflow failure, ensuring notifications are sent when needed.
2. It uses secrets for sensitive information, maintaining security.
3. It depends on the relevant jobs in the workflow, ensuring it runs after all critical steps.

With the minor suggestions for improvement addressed (updating the Slack GitHub Action version and verifying the template file), this implementation will provide valuable notifications for pipeline failures in the staging environment.

---

119-119: Verify the existence of all dependent jobs.

The send-slack-message job depends on several other jobs. Let's ensure all these jobs exist in the workflow:

#!/bin/bash
# Verify the existence of all dependent jobs
dependent_jobs=("deploy-infra-staging" "deploy-apps-staging" "deploy-slack-notifier-staging" "run-e2e-tests" "publish-schema-npm")
missing_jobs=()

for job in "${dependent_jobs[@]}"; do
    if ! grep -q "name: $job" .github/workflows/ci-cd-staging.yml; then
        missing_jobs+=("$job")
    fi
done

if [ ${#missing_jobs[@]} -eq 0 ]; then
    echo "All dependent jobs exist in the workflow."
else
    echo "Error: The following dependent jobs are missing from the workflow:"
    printf '%s\n' "${missing_jobs[@]}"
    exit 1
fi

---

117-133: LGTM: Well-implemented Slack notification for pipeline failures.

The new send-slack-message job is well-structured and correctly integrated into the workflow. It's set to run on failure, which aligns with the PR objective of alerting on failing pipelines.

Consider updating the Slack GitHub Action to the latest version.

The current implementation uses slackapi/[email protected]. Consider updating to the latest version (v1.28.0 as of this review) to ensure you have the most recent features and bug fixes.

You can update the action version like this:

-        uses: slackapi/[email protected]
+        uses: slackapi/[email protected]

Verify the existence of the Slack message template file.

The job references a Slack message template file at ./.github/slack-templates/pipeline-failed.json. Ensure this file exists in your repository and contains the appropriate message structure.

✅ Verification successful

Verified: The Slack message template file ./.github/slack-templates/pipeline-failed.json exists and is correctly structured.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Verify the existence of the Slack message template file
if [ -f "./.github/slack-templates/pipeline-failed.json" ]; then
    echo "Slack message template file exists."
    cat "./.github/slack-templates/pipeline-failed.json"
else
    echo "Error: Slack message template file not found."
    exit 1
fi

Length of output: 1223

---

Script:

#!/bin/bash
# Verify the existence of the Slack message template file
if [ -f "./.github/slack-templates/pipeline-failed.json" ]; then
    echo "Slack message template file exists."
    cat "./.github/slack-templates/pipeline-failed.json"
else
    echo "Error: Slack message template file not found."
    exit 1
fi

Length of output: 831

.github/workflows/ci-cd-main.yml (1)

153-169: Overall assessment: Good addition with room for refinement

The addition of the send-slack-message job is a valuable enhancement to the CI/CD workflow, directly addressing the PR objective of implementing an alerting mechanism for failing pipelines. It provides immediate notification of failures, which can significantly improve response times to issues.

The implementation is generally well-structured and secure. However, there are opportunities for refinement in areas such as error handling, flexibility, and granularity of notifications.

Consider implementing the suggestions provided in the previous comments to further improve this feature. These enhancements will make the notification system more robust, flexible, and informative, ultimately contributing to a more efficient CI/CD process.

.github/workflows/ci-cd-prod.yml (2)

138-154: Overall assessment: Approved with suggestions for improvement

The addition of the Slack notification job for deployment failures is a valuable enhancement to the CI/CD workflow. It provides timely alerts that can improve response times and system reliability.

Summary of findings and suggestions:

1. The implementation of the send-slack-message job is correct and well-integrated into the existing workflow.
2. Consider adding a brief comment above the job to explain its purpose.
3. The workflow's structure could be improved by grouping related jobs together.
4. Monitor the impact on workflow execution time and optimize if necessary.
5. Ensure proper security measures for the Slack-related secrets.

These changes are approved, but implementing the suggested improvements would further enhance the workflow's clarity, maintainability, and security.

---

138-154: Consider performance and security implications.

The addition of the Slack notification job is a valuable enhancement to the workflow. However, consider the following points:

1. Performance: The additional job might slightly increase the overall workflow execution time. Monitor the impact and consider optimizing if necessary.

2. Security: Ensure that the SLACK_BOT_TOKEN and SLACK_CHANNEL_ID_FOR_RELEASES secrets are properly secured and rotated regularly.

To verify the security settings, you can run the following script:

This script will help you verify that the Slack-related secrets exist, check when they were last updated, and review repository settings to ensure limited access to these secrets.