-
Notifications
You must be signed in to change notification settings - Fork 2.2k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
IL-582 Notify when ARM_CLIENT_SECRET is going to expire
- Loading branch information
1 parent
6cc1158
commit d38dc41
Showing
1 changed file
with
80 additions
and
4 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,9 +1,85 @@ | ||
# Copyright (c) HashiCorp, Inc. | ||
# SPDX-License-Identifier: MPL-2.0 | ||
# SPDX-License-Identifier: Apache-2.0 | ||
# | ||
# See IL-574 for secret and variables definitions | ||
name: hashicorp/hashicat-azure/secret-expiration | ||
on: workflow_dispatch | ||
on: | ||
workflow_dispatch: | ||
schedule: | ||
# This is UTC | ||
- cron: 37 4 * * * | ||
permissions: {} | ||
jobs: | ||
this-is-so-stupid: | ||
check-arm-client-secret: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- run: echo "this is so stupid" | ||
- name: Build Message | ||
id: build-message | ||
shell: python | ||
continue-on-error: true | ||
run: |- | ||
import datetime | ||
import os | ||
expiry_date = datetime.datetime.fromisoformat("${{ vars.ARM_CLIENT_SECRET_EXPIRY }}") | ||
now = datetime.date.today() | ||
time_left = expiry_date.date() - now | ||
days_left = time_left.days | ||
print(f"ARM_CLIENT_SECRET has {days_left} days left") | ||
# Set some output to trigger the Slack step | ||
gho = open(os.environ.get('GITHUB_OUTPUT'), 'a') | ||
gho.writelines([f'days_left={days_left}\n']) | ||
if days_left <= ${{ vars.ARM_CLIENT_SECRET_MIN_DAYS_REMAINING }}: | ||
gho.writelines(['do_notify=true\n']) | ||
else: | ||
gho.writelines(['do_notify=false\n']) | ||
gho.close() | ||
- name: Notify Slack on Build Message Error | ||
id: notify-build-message-error | ||
if: ${{ steps.build-message.outcome == 'failure' }} | ||
uses: slackapi/slack-github-action@007b2c3c751a190b6f0f040e47ed024deaa72844 # v1.23.0 | ||
with: | ||
channel-id: ${{ vars.SLACK_NOTIFICATION_CHANNELS_FAIL_ONLY }} | ||
payload: |- | ||
{ | ||
"blocks": [ | ||
{ | ||
"type": "section", | ||
"text": { | ||
"type": "mrkdwn", | ||
"text": ":exclamation: Workflow <${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|${{ github.workflow }} #${{ github.run_number }}> *FAILED*" | ||
} | ||
} | ||
] | ||
} | ||
env: | ||
SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }} | ||
- name: Notify Slack | ||
id: notify-slack | ||
if: ${{ steps.build-message.outputs.do_notify == 'true' }} | ||
uses: slackapi/slack-github-action@007b2c3c751a190b6f0f040e47ed024deaa72844 # v1.23.0 | ||
with: | ||
channel-id: ${{ vars.SLACK_NOTIFICATION_CHANNELS_FAIL_ONLY }} | ||
payload: |- | ||
{ | ||
"blocks": [ | ||
{ | ||
"type": "section", | ||
"text": { | ||
"type": "mrkdwn", | ||
"text": ":exclamation: Workflow <${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|${{ github.workflow }} #${{ github.run_number }}> *ALERT*" | ||
} | ||
}, | ||
{ | ||
"type": "divider" | ||
}, | ||
{ | ||
"type": "section", | ||
"text": { | ||
"type": "mrkdwn", | ||
"text": "The secret ARM_CLIENT_SECRET has ${{ steps.build-message.outputs.days_left }} days left, less than ${{ vars.ARM_CLIENT_SECRET_MIN_DAYS_REMAINING }}. See IL-574 for information on how to renew it" | ||
} | ||
} | ||
] | ||
} | ||
env: | ||
SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }} |