terraform-google-cloud-build-slack-notifier

A Terraform module to enable Slack notifications for Cloud Build events.

Note - This will add the following resources to your project:

Google Cloud Storage Bucket for storing the notifier configuration
Google Pub/Sub for events emitted from Cloud Build
Google Cloud Run for processing the events emitted from Cloud Build

This module is based on the instructions found in GCP's Configuring Slack notifications guide.

Setup

You will need a Slack app incoming webhook url stored in a Google Secret Manager secret for this to work.

Create a Slack app for your desired Slack workspace.
Activate incoming webhooks to post messages from Cloud Build to Slack.
Create a new secret in Google Secret Manager and store the webhook url in it.

Pre-commit Hooks

Pre-commit hooks have been configured for this repo.

The enabled hooks check for a variety of common problems in Terraform code, and will run any time you commit to your branch.

Pre-commit (and dependencies) can be installed by following the instructions found here:

To enable the hooks locally, run the following from the root of this repo: pre-commit install

To uninstall the hooks, run the following from the root of this repo: pre-commit uninstall

To skip running the hooks when you commit: git commit -n aka git commit --no-verify

Currently enabled plugins:

pre-commit-terraform
- terraform_fmt: Rewrites all Terraform configuration files to a canonical format
- terraform_docs: Inserts input and output documentation into README.md
- terraform_validate: Validates all Terraform configuration files
pre-commit-hooks
- end-of-file-fixer: Makes sure files end in a newline and only a newline
- trailing-whitespace: Trims trailing whitespace
- check-merge-conflict: Check for files that contain merge conflict strings

Requirements

Name	Version
terraform	>= 0.13
google	>= 3.20
google-beta	>= 3.30
random	>= 2.1

Providers

Name	Version
google	>= 3.20
google-beta	>= 3.30
random	>= 2.1

Modules

No modules.

Resources

Name	Type
google-beta_google_cloud_run_service.cloud_build_notifier	resource
google-beta_google_project_service_identity.pubsub	resource
google_project_iam_member.notifier_project_roles	resource
google_project_iam_member.pubsub_invoker_roles	resource
google_project_iam_member.pubsub_project_roles	resource
google_project_service.apis	resource
google_pubsub_subscription.cloud_builds	resource
google_pubsub_topic.cloud_builds	resource
google_secret_manager_secret_iam_member.notifier_secret_accessor	resource
google_service_account.notifier	resource
google_service_account.pubsub_invoker	resource
google_storage_bucket.cloud_build_notifier	resource
google_storage_bucket_object.cloud_build_notifier_config	resource
google_storage_bucket_object.slack_template	resource
random_id.cloud_build_notifier	resource
random_id.cloud_build_notifier_service	resource
google_secret_manager_secret_version.slack_webhook_url	data source

Inputs

Name	Description	Type	Default
cloud_build_event_filter	The CEL filter to apply to incoming Cloud Build events.	`string`	`"build.substitutions['BRANCH_NAME'] == 'main' && build.status in [Build.Status.SUCCESS, Build.Status.FAILURE, Build.Status.TIMEOUT]"`
cloud_build_notifier_image	The image to use for the notifier.	`string`	`"us-east1-docker.pkg.dev/gcb-release/cloud-build-notifiers/slack:latest"`
disable_services_on_destroy	If true, the service APIs used will be disabled on destroy.	`bool`	`false`
name	The name to use on all resources created.	`string`	n/a
override_slack_template_json	Custom template to use for the Slack notifications, which overrides the default.	`string`	`""`
project_id	Project ID of the project in which Cloud Build is running.	`string`	n/a
region	The region in which to deploy the notifier service.	`string`	`"us-central1"`
slack_webhook_url_secret_id	The ID of an existing Google Secret Manager secret, containing a Slack webhook URL. This is usually the `id` from the output of a `google_secret_manager_secret` resource.	`string`	n/a
slack_webhook_url_secret_project	The project ID containing the slack_webhook_url_secret_id.	`string`	n/a

Outputs

No outputs.

failed to run SendNotification: failed to write Slack message: failed to unmarshal templating JSON

After applying terraform and once the cloud build image gets built successfully, I'm unable to receive slack notifications and here is the below error:

DEFAULT 2023-04-21T07:15:17.598870Z I0421 07:15:17.598745 1 main.go:80] sending Slack webhook for Build "1c955b29-fd76-44c9-9215-5667e5c876ed" (status: "SUCCESS")
DEFAULT 2023-04-21T07:15:17.598891Z E0421 07:15:17.598798 1 notifiers.go:549] failed to run SendNotification: failed to write Slack message: failed to unmarshal templating JSON: unexpected end of JSON input

As per the Google docs - https://cloud.google.com/build/docs/configuring-notifications/configure-slack#configuring_slack_notifications , on point 7- for slack notifier configuration file, it contains the below template param which has the JSON template path for the slack message to be sent.

    template:
      type: golang
      uri: gs://example-gcs-bucket/slack.json

## The uri field references the slack.json file. This file contains a JSON template hosted on Cloud Storage and represents your notification message to your Slack space.

While looking at the cloud_build_notifier_config in the main.tf file - https://github.com/simplifi/terraform-google-cloud-build-slack-notifier/blob/main/main.tf#L125 I don't see the template being passed, I think it needs the above template param along with the JSON template URI.

Here are the environment details:

Terraform v1.4.5
+ provider registry.terraform.io/hashicorp/google v4.20.0
+ provider registry.terraform.io/hashicorp/google-beta v4.62.1
+ provider registry.terraform.io/hashicorp/random v3.5.1

simplifi / terraform-google-cloud-build-slack-notifier Goto Github PK