This is a command line helper which aims to send a message to someone over Slack and block until a decision has been made. Depending on the decision, an exit code of 0 or 1 will be returned.
- approve :
exit 0
- deny :
exit 1
My motivation for such tool was to be able to get a live confirmation from someone when some sensitive actions being done as part of an automated process are about to be made (ie: CI/CD) Its current implementation makes it agnostic of any kind of CI/CD platforms. However, for now it only supports Slack as the notification endpoint.
Here is some documentation around how to get started and tinker with it.
Associated / example messages:
~$ approuvez ask \
--message "<your_message" \
--user "<user_id or user_email>" \
# Optionally you can add a link
--link-name "<whatever_suits_you>" \
--link-url "<url>"
INFO[2021-01-22T17:16:30Z] session initiated successfully session_id=a307db07-9993-4467-b11b-c9d7187dc542
INFO[2021-01-22T17:16:30Z] message sent, waiting for user's decision
~$ approuvez ask <args>
[..]
INFO[2021-01-22T17:16:30Z] message sent, waiting for user's decisio
INFO[2021-01-22T17:16:41Z] received response decision=APPROVE user_id=ULP000000 user_name=foo
~$ echo $?
0
~$ approuvez ask <args>
[..]
INFO[2021-01-22T17:16:30Z] message sent, waiting for user's decisio
INFO[2021-01-22T17:16:41Z] received response decision=DENY user_id=ULP000000 user_name=foo
~$ echo $?
1
~$ approuvez --help
NAME:
approuvez - Command line helper to obtain live confirmation from people in a blocking fashion
USAGE:
approuvez [global options] command [command options] [arguments...]
COMMANDS:
ask send a message to someone and wait for a response
serve run the server thing
help, h Shows a list of commands or help for one command
GLOBAL OPTIONS:
--log-level level log level (debug,info,warn,fatal,panic) (default: "info") [$APPROUVEZ_LOG_LEVEL]
--log-format format log format (json,text) (default: "text") [$APPROUVEZ_LOG_FORMAT]
--tls-disable disable mutual tls for gRPC transmissions (use with care!) (default: false) [$APPROUVEZ_TLS_DISABLE]
--tls-ca-cert path TLS CA certificate path [$APPROUVEZ_TLS_CA_CERT]
--tls-cert path TLS certificate path [$APPROUVEZ_TLS_CERT]
--tls-key path TLS key path [$APPROUVEZ_TLS_KEY]
--help, -h show help (default: false)
~$ approuvez serve --help
NAME:
approuvez serve - run the server thing
USAGE:
approuvez serve [command options] [arguments...]
OPTIONS:
--slack-token token token to use in order to authenticate requests against slack [$APPROUVEZ_SLACK_TOKEN]
--listen-address token token to use in order to authenticate requests against slack (default: ":8443") [$APPROUVEZ_LISTEN_ADDRESS]
--help, -h show help (default: false)
~$ approuvez ask --help
NAME:
approuvez ask - send a message to someone and wait for a response
USAGE:
approuvez ask [command options] [arguments...]
OPTIONS:
--endpoint endpoint, -e endpoint server endpoint to connect upon (default: "127.0.0.1:8443") [$APPROUVEZ_SERVER_ENDPOINT]
--user email or slack ID, -u email or slack ID email or slack ID of a person that should review the message [$APPROUVEZ_USER]
--message message, -m message message to display on Slack [$APPROUVEZ_MESSAGE]
--link-name name name of a link button to append to the message [$APPROUVEZ_LINK_NAME]
--link-url url url of a link button to append to the message [$APPROUVEZ_LINK_URL]
--help, -h show help (default: false)
~$ go install github.com/mvisonneau/approuvez/cmd/approuvez@latest
~$ brew install mvisonneau/tap/approuvez
~$ docker run -it --rm docker.io/mvisonneau/approuvez
~$ docker run -it --rm ghcr.io/mvisonneau/approuvez
~$ docker run -it --rm quay.io/mvisonneau/approuvez
~$ scoop bucket add https://github.com/mvisonneau/scoops
~$ scoop install approuvez
Have a look onto the latest release page to pick your flavor and version. Here is an helper to fetch the most recent one:
~$ export APPROUVEZ_VERSION=$(curl -s "https://api.github.com/repos/mvisonneau/approuvez/releases/latest" | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/')
# Binary (eg: linux/amd64)
~$ wget https://github.com/mvisonneau/approuvez/releases/download/${APPROUVEZ_VERSION}/approuvez_${APPROUVEZ_VERSION}_linux_amd64.tar.gz
~$ tar zxvf approuvez_${APPROUVEZ_VERSION}_linux_amd64.tar.gz -C /usr/local/bin
# DEB package (eg: linux/386)
~$ wget https://github.com/mvisonneau/approuvez/releases/download/${APPROUVEZ_VERSION}/approuvez_${APPROUVEZ_VERSION}_linux_386.deb
~$ dpkg -i approuvez_${APPROUVEZ_VERSION}_linux_386.deb
# RPM package (eg: linux/arm64)
~$ wget https://github.com/mvisonneau/approuvez/releases/download/${APPROUVEZ_VERSION}/approuvez_${APPROUVEZ_VERSION}_linux_arm64.rpm
~$ rpm -ivh approuvez_${APPROUVEZ_VERSION}_linux_arm64.rpm
If you want to make the server run on kubernetes, there is a helm chart available for this purpose.
You can check the chart's values.yml for complete configuration options.
# Add the helm repository to your local client
~$ helm repo add mvisonneau https://charts.visonneau.fr
# Minimal configuration to get it to run successfully
~$ cat <<EOF > values.yml
envVariables:
# You can refer to examples/quickstart.md whichwill guide you through how to obtain this value
- name: APPROUVEZ_SLACK_TOKEN
value: "<your-slack-app-oauth-token>"
# For testing purposes you can use this value, otherwise, you should be setting
# APPROUVEZ_TLS_CA_CERT, APPROUVEZ_TLS_CERT, APPROUVEZ_TLS_KEY accordingly
- name: APPROUVEZ_TLS_DISABLE
value: "true"
# You will also probably want to expose the service publically or configure
# an ingress for this purpose
EOF
# Release the chart on your Kubernetes cluster
~$ helm upgrade -i approuvez mvisonneau/approuvez -f values.yml
You can leverage mTLS to secure the gRPC connections between the client and the server. The interaction endpoint between slack and the server still needs some more love though!
~$ make build
~$ ./approuvez
If you want to build and/or release your own version of approuvez
, you need the following prerequisites :
~$ git clone git@github.com:mvisonneau/approuvez.git && cd approuvez
# Build the binaries locally
~$ make build-local
# Build the binaries and release them (you will need a GITHUB_TOKEN and to reconfigure .goreleaser.yml)
~$ make release
Contributions are more than welcome! Feel free to submit a PR.
approuvez
is a conjugation of the verb approuver in French π«π·, equivalent to approve
in English π¬π§