Reorg orb and add opsgenie notifications (#6)

Author: Gita Vahdatinia

.circleci/config.yml

@@ -1,22 +1,93 @@
 version: 2.1
 
-executors:
-  validate:
-    resource_class: small
-    docker:
-      - image: circleci/circleci-cli:latest
+orbs:
+  utils: coda/utils@<<pipeline.parameters.dev-orb-version>>
+  orb-tools: circleci/[email protected]
+  bats: circleci/[email protected]
+  shellcheck: circleci/[email protected]
+
+# Pipeline Parameters
+## These parameters are used internally by orb-tools.
+parameters:
+  run-integration-tests:
+    description: An internal flag to prevent integration test from running before a development version has been created.
+    type: boolean
+    default: false
+  dev-orb-version:
+    description: >
+      The development version of the orb to test.
+      A "dev:alpha" version must exist for the initial pipeline run.
+    type: string
+    default: "dev:alpha"
+
+commands:
+
+
 jobs:
-  validate:
-    executor: validate
+  integration-test-notify:
+    docker:
+      - image: cimg/base:stable
+    steps:
+      - checkout
+      - utils/notify:
+          on_success: true
+
+  integration-test-slack:
+    docker:
+      - image: cimg/base:stable
+    steps:
+      - checkout
+      - utils/slack-notify-waiting-for-approval:
+          slack_bot_token: ${PUSH_REMINDER_BOT_TOKEN}
+
+  integration-test-cancel-older-jobs:
+    docker:
+      - image: cimg/base:stable
     steps:
       - checkout
-      - run:
-          name: "Validate ORB config"
-          command: circleci orb validate config.yml
+      - utils/cancel-older-awaiting-approvals
 
 workflows:
-  version: 2
-  commit_validation:
+  test-pack:
+    unless: << pipeline.parameters.run-integration-tests >>
+    jobs:
+      - orb-tools/pack 
+      - shellcheck/check:
+          dir: ./src/scripts
+      - bats/run:
+          path: ./src/tests
+      - hold-for-dev-publish:
+          type: approval
+          requires:
+            - orb-tools/pack
+            - bats/run
+            - shellcheck/check
+      # Publish development version of the orb.
+      - orb-tools/publish-dev:
+          orb-name: coda/utils
+          context: orb-publishing 
+          requires: [hold-for-dev-publish]
+      # dev:${CIRCLE_SHA1:0:7} version of your orb
+      - orb-tools/trigger-integration-tests-workflow:
+          name: trigger-integration-dev
+          context: orb-publishing
+          requires:
+            - orb-tools/publish-dev
+
+  integration-test_deploy:
+    when: << pipeline.parameters.run-integration-tests >>
     jobs:
-      - validate
+      - integration-test-notify
+      - integration-test-slack
+      - utils/cancel-older-awaiting-approvals
+      - orb-tools/dev-promote-prod-from-commit-subject:
+          orb-name: coda/utils
+          context: orb-publishing
+          add-pr-comment: false
+          fail-if-semver-not-indicated: true
+          publish-version-tag: false
+          requires:
+            - integration-test-notify
+            - integration-test-slack
+            - utils/cancel-older-awaiting-approvals
 

.gitignore

@@ -0,0 +1,2 @@
+# orb.yml is "packed" from source, and not published directly from the repository.
+src/orb.yml

LICENSE

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2019 Coda Project
+Copyright (c) 2020 Coda Project
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

README.md

@@ -1,3 +1,32 @@
-# circleci-utils
 
-[CircleCI Orb](https://circleci.com/docs/2.0/reusing-config) containing a set of utilities for controlling CircleCI workflows & builds.
+# CircleCI Utils
+
+
+[![CircleCI Build Status](https://circleci.com/gh/kr-project/circleci-utils.svg?style=shield "CircleCI Build Status")](https://circleci.com/gh/kr-project/circleci-utils) [![CircleCI Orb Version](https://img.shields.io/badge/endpoint.svg?url=https://badges.circleci.io/orb/coda/utils)](https://circleci.com/orbs/registry/orb/coda/utils) [![GitHub License](https://img.shields.io/badge/license-MIT-lightgrey.svg)](https://raw.githubusercontent.com/kr-project/circleci-utils/master/LICENSE) [![CircleCI Community](https://img.shields.io/badge/community-CircleCI%20Discuss-343434.svg)](https://discuss.circleci.com/c/ecosystem/orbs)
+
+[Example Usage](src/examples/example.yml)
+### How to Publish
+* Create and push a branch with your new features.
+* When ready to publish a new production version, create a Pull Request from fore _feature branch_ to `master`.
+* The title of the pull request must contain a special semver tag: `[semver:<segement>]` where `<segment>` is replaced by one of the following values.
+
+| Increment | Description|
+| ----------| -----------|
+| major     | Issue a 1.0.0 incremented release|
+| minor     | Issue a x.1.0 incremented release|
+| patch     | Issue a x.x.1 incremented release|
+| skip      | Do not issue a release|
+
+Example: `[semver:major]`
+
+* Squash and merge. Ensure the semver tag is preserved and entered as a part of the commit message.
+* On merge, after manual approval, the orb will automatically be published to the Orb Registry.
+
+### How to Publish Dev Version
+To manually pack your `orb.yml`, you can run `circleci orb pack .  > orb.yml` at the `@orb.yml` level.
+
+```
+cd src
+circleci orb pack .  > orb.yml
+circleci orb publish orb.yml coda/utils@dev:<your_branch_name>
+```

src/@orb.yml

@@ -0,0 +1,11 @@
+version: 2.1
+
+description: >
+  Utility orb for Coda
+  Allows for:
+  - Push alerts to opsgenie
+  - Push Slack notifications
+  - Cancel older CI alerts waiting for approval 
+
+display:
+  source_url: "https://github.com/kr-project/circleci-utils"

src/commands/cancel-older-awaiting-approvals.yml

@@ -0,0 +1,21 @@
+description: |
+  Cancel all older pipelines waiting on manual approval.
+  Depends on jq being present.
+parameters:
+  circle_token:
+    default: ${CIRCLECI_TOKEN}
+    description: |
+      Env var of a token granted read access to the CircleCI api
+    type: string
+  vcs:
+    description: |
+      Defaults to "gh", but allows other version control systems.
+    type: string
+    default: gh
+steps:
+  - run:
+      name: Cancel older pipelines waiting on manual approval.
+      command: <<include(scripts/cancel_older_approvals.sh)>>
+      environment:
+        vcs: <<parameters.vcs>>
+        CIRCLECI_TOKEN: <<parameters.circle_token>>

src/commands/notify.yml

@@ -0,0 +1,112 @@
+description: Send build results to Opsgenie API, with detailed information
+parameters:
+  CODA_USER_ROSTER_TABLE_URL:
+    description: |
+      Fully qualified API URL to a table containing CIRCLECI_USERNAMEs to email aliases.    Must be of the form
+      https://coda.io/apis/v1/docs/<DOCID>/tables/<TABLEID>/rows.
+    type: string
+    default: https://staging.coda.io/apis/v1/docs/s2i6oFeghW/tables/grid-QGyaiXZDwu/rows
+  CODA_CIRCLECI_USER_NAME_COL:
+    description: |
+      Coda columnId of the column storing the CircleCI username in the CODA_USER_ROSTER_TABLE_URL document.
+    type: string
+    default: c-6ni4kHGNwE
+  CODA_CIRCLECI_USER_ALIAS_COL:
+    description: |
+      Coda columnId of the column storing the user alias (when using EMAIL_DOMAIN), or fully qualified email.
+    type: string
+    default: c-26If9Zttyp
+  endpoint:
+    default: OPSGENIE_WEBHOOK
+    description: Enter either your Full URL value that you copied in Opsgenie
+      Integration Page
+    type: env_var_name
+  on_failure:
+    default: false
+    description: Failure information of circleci build
+    type: boolean
+  on_success:
+    default: true
+    description: Success information of circleci build
+    type: boolean
+  coda_api_token:
+    default: ${CODA_API_TOKEN}
+    description: |
+      Env var of a token granted read access to the CODA_USER_ROSTER_TABLE_URL document.
+    type: string
+  EMAIL_DOMAIN:
+    description: |
+      Optional email domain for users within the workspace.   Must be specified if user aliases are not fully qualified.
+    type: string
+    default: coda.io
+  circle_token:
+    default: ${CIRCLECI_TOKEN}
+    description: |
+      Env var of a token granted read access to the CircleCI api
+    type: string
+steps:
+- run:
+    name: Fetch User Information
+    when: always
+    command: <<include(scripts/fetch_user_handles.sh)>>
+    environment:
+      CODA_API_TOKEN: << parameters.coda_api_token >>
+      CODA_CIRCLECI_USER_ALIAS_COL: <<parameters.CODA_CIRCLECI_USER_ALIAS_COL>>
+      CODA_CIRCLECI_USER_NAME_COL: <<parameters.CODA_CIRCLECI_USER_NAME_COL>>
+      CODA_USER_ROSTER_TABLE_URL: <<parameters.CODA_USER_ROSTER_TABLE_URL>>
+      EMAIL_DOMAIN: <<parameters.EMAIL_DOMAIN>>
+- run:
+    name: Get diff url
+    when: on_fail
+    command: <<include(scripts/get_lkg_hash.sh)>>
+    environment:
+      CIRCLE_TOKEN: << parameters.circle_token >>
+- run:
+    command: |
+      echo '{}' | jq '{
+        "message": "[CircleCI] [#\(env.CIRCLE_PREVIOUS_BUILD_NUM)]: workflow \(env.CIRCLE_BRANCH) stage \(env.CIRCLE_STAGE) job \(env.CIRCLE_JOB)",
+        "alias": "\(env.CIRCLE_PROJECT_REPONAME)/\(env.CIRCLE_BRANCH)#\(env.CIRCLE_JOB) ",
+        "description":"See \(env.CIRCLE_BUILD_URL) for more details. ",
+        "outcome": "unknown",
+        "username": env.CIRCLE_USERNAME,
+        "details": {
+          "build_number":env.CIRCLE_PREVIOUS_BUILD_NUM,
+          "build_url": env.CIRCLE_BUILD_URL
+          }
+      }' > /tmp/raw-webhook.json
+    name: Bundle build info into webhook payload
+    when: always
+- when:
+    condition: $USER_EMAIL
+    steps:
+    - run:
+        command: |
+          cat /tmp/raw-webhook.json | jq --arg USER_EMAIL $USER_EMAIL '.details.username +=  $USER_EMAIL ' > /tmp/webhook_temp.json
+          mv /tmp/webhook_temp.json /tmp/raw-webhook.json
+        name: Add user email to Webhook
+- when:
+    condition: $DIFF_URL
+    steps:
+    - run:
+        command: |
+          cat /tmp/raw-webhook.json | jq --arg DIFF_URL $DIFF_URL '.description +=  " Compare with last passing commit: '$DIFF_URL'"' > /tmp/webhook_temp.json
+          mv /tmp/webhook_temp.json /tmp/raw-webhook.json
+        name: Add latest git hash to Webhook
+- when:
+    condition: <<parameters.on_success>>
+    steps:
+    - run:
+        command: |
+          cat /tmp/raw-webhook.json | jq '.payload.outcome="success"' > /tmp/webhook.json
+          curl -X POST -H"Content-Type:application/json" -H "Authorization: GenieKey ${OPS_GENIE_API_KEY}" -d @/tmp/webhook.json https://api.opsgenie.com/v2/alerts
+        name: Notify $<<parameters.endpoint>> with Success Webhook
+        when: on_success
+- when:
+    condition: <<parameters.on_failure>>
+    steps:
+    - run:
+        command: |
+          cat /tmp/raw-webhook.json | jq '.payload.outcome="failed"'  > /tmp/webhook.json
+          curl -X POST -H"Content-Type:application/json" -H "Authorization: GenieKey ${OPS_GENIE_API_KEY}" -d @/tmp/webhook.json https://api.opsgenie.com/v2/alerts
+        name: Notify $<<parameters.endpoint>> with Failure Webhook
+        when: on_fail

src/commands/slack-notify-waiting-for-approval.yml

@@ -0,0 +1,95 @@
+description: |
+  Notifies the current workflow owner that their workflow is pending approval to proceed.
+  Depends on jq being present.
+
+  Setup:
+    1. Create Coda document with a table containing columns `circleci alias` (ex: github username) and `email`, and populate this table with information for each github user.
+    3. Find the docId, tableId, and columnIds for the circleci user alias and email columnIds.
+    4. Create a Coda API token for this document at https://coda.io/account - limit the token to read access to the target table.
+    5. Setup a Slack Bot account with scopes `users:read`, `users:read.email`, and `chat:write`.
+    6. Configure orb based on required args
+parameters:
+  CODA_USER_ROSTER_TABLE_URL:
+    description: |
+      Fully qualified API URL to a table containing CIRCLECI_USERNAMEs to email aliases.    Must be of the form
+      https://coda.io/apis/v1/docs/<DOCID>/tables/<TABLEID>/rows.
+    type: string
+    default: https://staging.coda.io/apis/v1/docs/s2i6oFeghW/tables/grid-QGyaiXZDwu/rows
+  coda_api_token:
+    description: |
+      Env var of a token granted read access to the CODA_USER_ROSTER_TABLE_URL document.
+    type: string
+    default: ${CODA_API_TOKEN}
+  CODA_CIRCLECI_USER_NAME_COL:
+    description: |
+      Coda columnId of the column storing the CircleCI username in the CODA_USER_ROSTER_TABLE_URL document.
+    type: string
+    default: c-6ni4kHGNwE
+  CODA_CIRCLECI_USER_ALIAS_COL:
+    description: |
+      Coda columnId of the column storing the user alias (when using EMAIL_DOMAIN), or fully qualified email.
+    type: string
+    default: c-26If9Zttyp
+  EMAIL_DOMAIN:
+    description: |
+      Optional email domain for users within the workspace.   Must be specified if user aliases are not fully qualified.
+    type: string
+    default: coda.io
+  slack_bot_token:
+    type: string
+    description: |
+      Token used by Slack bot application.   Must have scopes `users:read`, `users:read.email`, and `chat:write`.
+    default: ${PUSH_REMINDER_BOT_TOKEN}
+  vcs:
+    description: |
+      Defaults to "gh", but allows other version control systems.
+    type: string
+    default: gh
+steps:
+- run:
+    name: Fetch User Information from Look Up Table
+    command: <<include(scripts/fetch_user_handles.sh)>>
+    environment:
+      SLACK_BOT_TOKEN: <<parameters.slack_bot_token>>
+      CODA_API_TOKEN: <<parameters.coda_api_token>>
+      CODA_CIRCLECI_USER_ALIAS_COL: <<parameters.CODA_CIRCLECI_USER_ALIAS_COL>>
+      CODA_CIRCLECI_USER_NAME_COL: <<parameters.CODA_CIRCLECI_USER_NAME_COL>>
+      CODA_USER_ROSTER_TABLE_URL: <<parameters.CODA_USER_ROSTER_TABLE_URL>>
+- when:
+    condition: $SLACK_USER_ID
+    steps:
+    - run:
+        name: Send Slack Message 
+        command: |
+          set -eo pipefail
+          curl -X POST -H "Authorization: Bearer $PUSH_REMINDER_BOT_TOKEN" \
+            -H "Content-Type: application/json" -d \
+            "{ \
+              \"channel\": \"${SLACK_USER_ID}\", \
+              \"attachments\": [ \
+                { \
+                  \"text\": \"Pending Approval for ${CIRCLE_PROJECT_REPONAME} (${CIRCLE_USERNAME})\", \
+                  \"fields\": [ \
+                    { \
+                      \"title\": \"Project\", \
+                      \"value\": \"${CIRCLE_PROJECT_REPONAME}\", \
+                      \"short\": true \
+                    }, \
+                    { \
+                      \"title\": \"Job Number\", \
+                      \"value\": \"${CIRCLE_BUILD_NUM}\", \
+                      \"short\": true \
+                    } \
+                  ], \
+                  \"actions\": [ \
+                    { \
+                      \"type\": \"button\", \
+                      \"text\": \"Visit Workflow\", \
+                      \"url\": \"https://circleci.com/workflow-run/${CIRCLE_WORKFLOW_ID}\" \
+                    } \
+                  ], \
+                  \"color\": \"#f46a54\" \
+                } \
+              ] \
+            }" \
+            'https://slack.com/api/chat.postMessage'