CodePipeline live feedback on slack - with git tags

ziadnosman

Ziad Osman

Posted on August 30, 2022

CodePipeline live feedback on slack - with git tags

Introduction

This guide is for you if you have ever wanted to get live feedback on how your Pipelines on AWS are going. Additionally, if you keep track of your application version on git tags, I’m going to also show you how to retrieve them in CodeBuild and, as a bonus, how to also send them as slack messages.

Credits

While mathmaticians and phycisits stand on the shoulders of giants, software engineers stand on the shoulders of other software engineers. This guide would not be possible without Wesley’s charles’ contribution, as he made the script for the slack bot. As for how to retrieve git tags from CodeBuild, that as well would not have been possible without the contribution of Timothy Jones who wrote a fantastic script to do so.

Pre requisites

  • A configured AWS CLI

  • AWS SAM CLI (we will be deploying our slack bot script with the help of AWS SAM)

  • A working AWS CodePipeline (including CodeCommit, CodeBuild, and CodeDeploy)

  • Sufficient credentials for the AWS User

Cloning the slack bot script

The first thing we need to do is clone the slack bot repo to a local machine.

After cloning the repo, we should have these files inside of our directory
│ .gitignore
│ build.gif
│ LICENSE
│ Pipfile
│ README.md
│ template.yml

└───src
.pylintrc
build_info.py
message_builder.py
notifier.py
requirements.txt
slack_helper.py

Configuring slack

Creating a slack app

First up we need to create a slack app. For that head on to https://api.slack.com/apps.
Click on Create New App

Image description

Click “From Scratch”

Image description
For App Name, it doesn’t matter. I picked “Pipeline progress”. For workspace, choose your workspace from the drop-down list.

Image description

After your app is created, in the Sidebar, go to OAuth & Permissions.

Image description

Now Scroll down to scope and add the following permissions one by one: channels:history, channels:manage, channels:read, chat:write, chat:write.customize, chat:write.public, groups:history, groups:read, im:read, links:write, mpim:read

Image description

Now, scroll to the top of the page, generate a Bot User OAuth Token

Note: make note of the OAuth Token, as we will need it soon.

Image description

Finally, press the button : install the app to your workspace. This is what the button will look like after a successful installation.

Image description

Add app to slack

Go to slack and create a new channel called builds. This is the default channel name that the script takes. If you name your channel anything else, I will show you in a later step where to specify it.

Inside your builds channel, in the dialog box, press /.
This opens up a search box. Search for apps and click on add apps to this channel

Image description
On the next page, search for your app by its name and add it to the channel. In my case, the name is Pipeline progress.
This is what it should look like after adding it to the channel.

Image description

Deploying the script to AWS

Note: For this step, make sure you have the AWS CLI installed and configured, along with the SAM CLI.
To deploy, open a CMD in the script directory, and first run:
sam build
followed by:
sam deploy --guided
this will open up an interactive prompt.

For stack name, I chose to name it as “aws-codepipeline-slack”.
Stack Name [sam-app]: aws-codepipeline-slack

For region, if the default is fine press enter, otherwise specify the region
AWS Region [eu-west-1]:

For SlackBotUserOAuthAccessToken, paste the OAuth token we created in a previous step. Note that this is a hidden field, meaning that what you paste won’t show on the screen.
Parameter SlackBotUserOAuthAccessToken:

For SlackChannel, if you kept the channel name as build, then just press enter. Otherwise, specify the channel name
Parameter SlackChannel [builds]:

For SlackBotName, this is the name of the bot that will send pipeline updates. I left it at default and pressed enter.
Parameter SlackBotName [PipelineBuildBot]:

For SlackBotIcon, this is the icon of the bot that will send pipeline updates. I left it at default and pressed enter.
Parameter SlackBotIcon [:robot_face:]:

For show resource change, if you select y, it will show you changes of resources and prompt you to accept them before it deploys on each time you run SAM deploy.
#Shows you resources changes to be deployed and require a 'Y' to initiate deploy
Confirm changes before deploy [y/N]:

For SAM permissions, keep it at the default Y
#SAM needs permission to be able to create roles to connect to the resources in your template
Allow SAM CLI IAM role creation [Y/n]:

For Disable rollback, choose according to your use-case, it won’t matter much if you’re only planning on deploying once.
#Preserves the state of previously provisioned resources when an operation fails
Disable rollback [y/N]:

For authorization, select Y
Notifier Function Url may not have authorization defined, Is this okay? [y/N]: Y

For save arguments to config file, select Y. this will make future deployments faster since the default values are saved.
Save arguments to configuration file [Y/n]: Y

Press enter to keep the default config file as samconfig.toml
SAM configuration file [samconfig.toml]:

Press enter to keep the configuration environment as default
SAM configuration environment [default]:

This should be enough to successfully deploy the script. If you selected Y for “Confirm changes before deploy” then you’ll get an additional prompt confirming if you want to deploy. Select Y on it and you’re good to go.

With this, we’re done! you are now able to get updates on the states of your pipelines.
You can check out your new lambda function if you go into your AWS console and go to lambda

Image description

Adding support for git tags

If you happen to keep track of your application version using git tags, and you’d like to also get notified of the version that’s getting deployed on slack. Then please read along and follow these steps.
We need to enable function url on our newly deployed lambda function, so that we can call the function from CodeBuild and pass to it the git tag. We will also need to add some permissions to the CodeBuild service role. Finally , we will need to add a bash script to our CodeCommit repo that enables CodeBuild to clone the repo and retrieve the git tag from it. If you want to learn more about why we need to do this workaround instead of just retrieving the git tags from our CodeCommit repo, then I highly suggest reading Timothy Jones’s article, the person behind the bash script we will be using.

Enabling function url

To enable function url on our slack script. Open the function code locally on your favorite IDE. Navigate to template.yml, and uncomment these two lines. (line 28 and 29).

Image description
And that’s it! Now follow the same steps above to deploy
sam build
followed by:
sam deploy --guided
Now if you got back to your AWS console, and go to your lambda function, you should be able to find your function url under configurtation -> function url

Image description
Note: make note of your function URL as we will need it in the next step

adding the bash script to CodeCommit

as explained, we will be using a bash script in CodeBuild to help us retrieve the git tag.
Add this file to your CodeCommit repo’s base directory. Make sure the file name is: codebuild-git-wrapper.sh

Adding the necessary permissions to CodeBuild

You will need to add 2 policies to your CodeBuild service role.
The first one will enable CodeBuild to perform git pull on the CodeCommit repo. This is the policy template. Make sure to add your repo ARN under Resource.

{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": "codecommit:GitPull",
"Resource": "YOUR_REPO_ARN"
}
]
}

The second policy will give CodeBuild permission to invoke the lambda function url. This is the policy template. Make sure to replace the resource with your lambda function ARN.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": "lambda:InvokeFunctionUrl",
"Resource": "YOUR_FUNCTION_ARN"
}
]
}

Modify your buildspec.yml

Finally, we will be adding commands to buildspec.yml to clone the repo, retrieve the git tag, and pass the git tag to our function url.
Go to your buildspec.yml file, and in the first step of the build stage, add the following commands.
build:
commands:
- echo get version
- /bin/bash codebuild-git-wrapper.sh YOUR_REPO_URL YOUR_BRANCH_NAME
#get release version from git tag
- RELEASE_VERSION=$(git tag --points-at HEAD)
#send git version to slack
- curl YOUR_FUNCTION_URL/?git-tag=$RELEASE_VERSION -o /dev/null

Make sure to change the following fields:

  • YOUR_REPO_URL: your code commit repository url. You can retrieve this by going to CodeCommit, and clicking on HTTPS under Clone URL

Image description

  • YOUR_BRANCH_NAME: the name of the branch the CodePipeline gets triggered on. Normally this should be: main. but check your pipeline configuration to be sure.

  • YOUR_FUNCTION_URL: the lambda function url we created and took note of in a previous step.

Security considerations

As it stands, your function url can be invoked by anyone that has the url and send messages to your slack channel. You can secure your function by either using IAM authentication or putting your lambda function behind API Gateway and using api keys.

Done!

Congratulations! You now have a slack bot that will give you updates on the state of your CodePipeline pipelines. And if you followed the additional steps, it will also send you a message of your release version via git tags.

Image description

Image description

💖 💪 🙅 🚩
ziadnosman
Ziad Osman

Posted on August 30, 2022

Join Our Newsletter. No Spam, Only the good stuff.

Sign up to receive the latest update from our blog.

Related