abinoda / slack-action Goto Github PK

Hey @abinoda thank you creating this action! I wanted to know if you have successfully used it with env variables on the message like the $GITHUB_ACTOR and $GITHUB_REPOSITORY that github provides to create dynamic messages?

e.g. {\"channel\":\"123243434\",\"text\":\"$GITHUB_ACTOR just pushed to $GITHUB_REPOSITORY\"}

At https://github.com/step-security/secure-workflows we are building a knowledge-base (KB) of GITHUB_TOKEN permissions needed by different GitHub Actions. When developers try to set minimum token permissions for their workflows, they can use this knowledge-base instead of trying to research permissions needed by each GitHub Action they use.

Below you can see the KB of your GITHUB Action.

name: Post Slack messages # pullreminders/slack-action
# GITHUB_TOKEN not used

If you think this information is not accurate, or if in the future your GitHub Action starts using a different set of permissions, please create an issue at https://github.com/step-security/secure-workflows/issues to let us know.

This issue is automatically created by our analysis bot, feel free to close after reading :)

References:

GitHub asks users to define workflow permissions, see https://github.blog/changelog/2021-04-20-github-actions-control-permissions-for-github_token/ and https://docs.github.com/en/actions/security-guides/automatic-token-authentication#modifying-the-permissions-for-the-github_token for securing GitHub workflows against supply-chain attacks.

Setting minimum token permissions is also checked for by Open Source Security Foundation (OpenSSF) Scorecards. Scorecards recommend using https://github.com/step-security/secure-workflows so developers can fix this issue in an easier manner.

New Github actions format dropped the support for HCL language, the project, and the documentation should be updated accordingly.

Hello,
I would like github notification to be on slack but I am experiencing difficulty.
Currently, our github account is an organization with 5 memebers.
Github account's setting has 2 Github apps installed, which are "Pull Panda" and "Slack"
Slack has "Pull Reminder" app installed and I checked all settings and configuration to be in order.
But I am not receiving any message when I put @ mention in our github issues.

Is there any totorial that I could walk through how to set up Github-Pull Reminder-Slack to show Github mention to show on Slack ?

Thank you for your help.

How would I go about doing something like:

with:
    args: '{\"channel\":\"C1234567890\",\"text\":\"Hello world $VERSION \"}'

This line would spend time a lot.

https://github.com/pullreminders/slack-action/blob/da2ae3e1a32c9e629f5f6fa59a95f846366e85ff/Dockerfile#L13

I tested this action in my repository, and just building an docker image consumed 40s.

Generally speaking, pulling pre-built image from docker hub is a better option compared to buliding it every time the action is called.

However, I suggest not to use docker just for using curl. According to https://help.github.com/en/articles/software-in-virtual-environments-for-github-actions#ubuntu-1804-lts, VMs already have curl preinstalled. So directly executing entrypoint.sh would be the best.

It'd be nice to add a full example workflow, e.g. posting messages about opened and merged pull requests to a Slack channel.

The example below should not return exit code 0, as SLACK_BOT_TOKEN was invalid. However, it actually doesn't throw an error, which caused github's cogniting the result successful.

https://github.com/jjangga0214/hasura-cli/runs/240981007#step:6:13

Is this intentional as notificatoin is not core part of CI, which you think shouldn't block other important jobs even if there's an error?

As you can see from the screenshot, there is no longer a section for "Bot Users." Instead, it is required to create OAuth Bot Token Scopes prior to adding the app to the workspace.

I've been working through various scope permissions, but it's been mostly trial and error, and I'd like more guidance on what I should be using.

Since few days github action failed with this error message

Followed the README, and it doesn't work for me, here's the problem:

Link to failing job: https://github.com/chapati23/hello-github-actions/pull/4/checks#step:3:7

My job code is as follows:

jobs:
  slack-notifier:
    runs-on: ubuntu-latest
    steps:
      - name: Notify slack
        env:
          SLACK_BOT_TOKEN: ${{secrets.SLACK_BOT_TOKEN}}
        uses: pullreminders/slack-action@master
        with:
          args: '{\"channel\":\"D790ZUYJH\",\"text\":\"Hello world\"}'

Not 100% sure but this looks like some shell/bash syntax issue.

Any idea what's going wrong here?

This is not related to how this action works, it's more related to how GH Actions work, in general.

I was testing sending a message after running unit tests and was surprised that I never got a slack notification for it, when looking at the debug output I saw this

##[debug]Evaluating: secrets.SLACK_BOT_TOKEN
##[debug]Evaluating Index:
##[debug]..Evaluating secrets:
##[debug]..=> Object
##[debug]..Evaluating String:
##[debug]..=> 'SLACK_BOT_TOKEN'
##[debug]=> '***'
##[debug]Result: '***'
##[debug]Evaluating condition for step: 'Notify slack'
##[debug]Parsing expression: <success()>
##[debug]Evaluating: success()
##[debug]Evaluating success:
##[debug]=> false
##[debug]Result: false

Meaning the step didn't run, because the previous one had failed. I worked around this issue by adding if: always() at the top of the step and it worked just fine.

This got me wondering, should this be stated in the README?

I'm trying to find the equivalent for Windows.

Hello, I've been using this. Thanks for creating btw. As of a couple days ago I had stopped receiving the message. All green checkmarks shown, no errors shown. Checking the logs shows this message and I'm not sure why. I've created an action and pasted in the example shown on documentation for this action so is there something I can do to understand what's causing this?

{"ok":false,"error":"json_not_object","warning":"missing_charset","response_metadata":{"warnings":["missing_charset"]}}

This is the basic action getting an error.

on: push
name: Slack Notification Demo
jobs:
    slackNotification:
      name: Slack Notification Demo
      runs-on: ubuntu-latest
      steps:
      - name: Notify slack
        env:
            SLACK_BOT_TOKEN: ${{ secrets.SLACKBOT_TOKEN }}
        uses: pullreminders/slack-action@master
        with:
            args: '{\"channel\":\"GD0RL3545\",\"text\":\"Hello world\"}'