Skip to content

feat(ci): page Grafana IRM on main-branch workflow failures#255

Merged
DevSecNinja merged 2 commits intomainfrom
feat/notify-irm
May 1, 2026
Merged

feat(ci): page Grafana IRM on main-branch workflow failures#255
DevSecNinja merged 2 commits intomainfrom
feat/notify-irm

Conversation

@DevSecNinja
Copy link
Copy Markdown
Owner

@DevSecNinja DevSecNinja commented May 1, 2026

Summary

Adds a notify-irm job to every push-triggered workflow that consumes the new reusable composite action DevSecNinja/.github/.github/actions/notify-irm. On a push:main failure the workflow POSTs state=alerting to the homelab Grafana IRM Custom webhook; a green follow-up run posts state=ok to the same alert_uid (gha-<repo>-<workflow>-<branch>) so the open incident auto-resolves.

Mirrors the same rollout in DevSecNinja/truenas-apps#306.

Workflows extended

Workflow Page when resolve-on-success
ci.yaml push to main default true
devcontainer-prebuild.yaml every non-PR run (push:main, tags, schedule, dispatch) default true
docs.yml push to main default true
release-please.yml push to main default true
sign-powershell.yml push to main default true
release.yml (tag push) every run (if: always()) falsealert_uid is keyed on the tag and never re-fires

The composite action is silently skipped when GRAFANA_IRM_WEBHOOK_URL is unset, so this remains a no-op on forks and during initial bring-up.

Verification

  • actionlint and zizmor produced only pre-existing findings (unrelated to the new notify-irm jobs).
  • The composite action is pinned to a877d352 (merge SHA of DevSecNinja/.github#51 on main).

DevSecNinja added 2 commits May 1, 2026 10:44
@DevSecNinja
feat(ci): page Grafana IRM on main-branch workflow failures
5108a16 
Adds a notify-irm job to every push-triggered workflow that consumes
the new reusable composite action
DevSecNinja/.github/.github/actions/notify-irm. On a push:main
failure the workflow POSTs state=alerting to the homelab Grafana IRM
Custom webhook; a green follow-up run posts state=ok to the same
alert_uid (gha-<repo>-<workflow>-<branch>) so the open incident
auto-resolves.

Workflows extended:
- ci.yaml             (push:main)
- devcontainer-prebuild.yaml (push:main + tags + schedule + dispatch;
                              PR runs excluded)
- docs.yml            (push:main)
- release-please.yml  (push:main)
- sign-powershell.yml (push:main)
- release.yml         (tag-push; resolve-on-success disabled because
                       alert_uid is per-tag and never re-fires)

The composite action is silently skipped when GRAFANA_IRM_WEBHOOK_URL
is unset, so this is a no-op for forks.
@DevSecNinja
Merge branch 'main' into feat/notify-irm
86f646d
@DevSecNinja DevSecNinja enabled auto-merge (squash) May 1, 2026 10:47
@DevSecNinja DevSecNinja merged commit 8b48ad6 into main May 1, 2026
20 checks passed
@DevSecNinja DevSecNinja deleted the feat/notify-irm branch May 1, 2026 10:52
@devsecninja-release-please devsecninja-release-please Bot mentioned this pull request May 1, 2026
Merged
@DevSecNinja DevSecNinja mentioned this pull request May 1, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@DevSecNinja