Skip to content

Notifiers

Fábio Luciano edited this page Jun 13, 2026 · 7 revisions

Notifiers

Notifiers receive every event that passes their when expression — they are not tied to the scm.provider annotation. All support name, enabled, when; message-based ones support template.

notifiers:
  slack:
    - name: prod-alerts
      enabled: true
      secretRef:
        secretName: slack-webhook
      channel: "#prod-alerts"
      when: 'event.Namespace == "production" && stateIn("failure", "error")'
      template: |
        :rotating_light: *{{.PipelineName}}* failed in *{{.Namespace}}*
        Run: {{.RunName}} · Commit: `{{ .CommitSHA | trunc 8 }}`
        {{if .TargetURL}}<{{.TargetURL}}|View logs>{{end}}

Tip: without a when, a notifier fires for every state of every run — including running. Production configs almost always want stateIn("failure", "error") or terminal-states-only.

Slack

  • Auth: incoming webhook (secretRef.secretName → key webhook_url) or bot token (bot_token.tokenRef.secretName → key token, plus bot_token.channel_id).
  • Extras: channel, username, icon_emoji. Message uses Slack mrkdwn.

Microsoft Teams

  • Auth: incoming webhook URL (secretRef.secretName → key webhook_url).
  • Rendered as an Adaptive Card; keep templates concise.

Discord

  • Auth: webhook URL (secretRef.secretName) or bot token (bot_token.* with channel snowflake ID). Extra: username.

PagerDuty

  • Auth: Events API v2 integration key (secretRef.secretName → key integration_key).
  • Extra: severity. No template — the relay builds the alert payload. Pair with when: 'stateIn("failure", "error")' (and resolve flows on success).

Datadog

  • Auth: API key (secretRef.secretName → key api_key). Extras: site (e.g. datadoghq.eu), tags.
  • Emits Datadog events for correlation on dashboards/monitors.

Grafana annotations

Posts a deployment/event marker to the Grafana Annotations API — the vertical line that lets you correlate "the graph changed here" with "we deployed here".

grafana:
  - name: deploy-markers
    enabled: true
    url: https://grafana.company.example.com
    secretRef:
      secretName: grafana-token            # service-account token, key "token"
    tags: ["deploy"]                    # added to: tekton-events-relay, <state>
    when: 'isPipelineRun() && event.PipelineName.startsWith("deploy-") && stateIn("success", "failure")'

The annotation timestamp is the run's finish time; default text is {{.PipelineName}} {{.State}} ({{.RunName}}) (templatable).

Sentry releases

Creates a Sentry release (version = CommitSHA, Sentry's recommended scheme) and marks a deploy to the environment (scm.context annotation, default production) — unlocking "this error first appeared in commit X". Fires only on success; creating an existing release is an upsert.

sentry:
  - name: sentry
    enabled: true
    org: acme                            # organization slug
    projects: ["api"]
    secretRef:
      secretName: sentry-token             # auth token, key "token"
    # base_url: https://sentry.company.example.com   # self-hosted
    when: 'isPipelineRun() && event.PipelineName.startsWith("deploy-")'

Generic webhook

Sends the event as JSON to any HTTP endpoint — the escape hatch for systems without a dedicated notifier.

webhook:
  - name: devlake
    enabled: true
    secretRef:
      secretName: devlake-webhook          # key "url"
    headers:
      X-Source: tekton-events-relay
    transform: |
      {pipeline: .pipeline_name, result: .state, sha: .commit_sha,
       startedDate: .started_at, finishedDate: .finished_at}
    when: 'isPipelineRun() && stateIn("success", "failure")'
  • Auth (auth.type): bearer, basic, apikey (custom header), or hmac (signs the payload so the receiver can verify it). Each reads its material from *_file Secret mounts.
  • transform: a gojq expression reshaping the event JSON into whatever schema the destination expects — see the DevLake example.

Delivery semantics (all notifiers)

Outbound calls go through the shared retry policy (backoff + jitter, Retry-After aware). Failures are visible in /readyz, tekton_events_relay_notifier_retries_total and, for permanent errors with the DLQ enabled, replayable.

Clone this wiki locally