New Workflow to be used with Discord Webhook #7177
Conversation
quyykk
added
the
cd/ci/testing
We can and apparently do already use the github push webhook, so "post commits to discord" isn't a reason to merge the PR:
But then we go and add a new action, which can have its own security issues😉
This is the bit that is differentiating IMO. How useful is it, vs the default formatting, given the information available in the commit webhook payload? I don't personally find a list of commits that interesting, so doing work to format them differently isn't very appealing. |
The one we have set up now was just for me to test. It's not posted publicly in any way, this PR is a continuation of the testing that I started doing with that default webhook 😉
True, but when we previously looked into something like IFTTT or Zapier, it was essentially looking for Admin-level access, which none of us felt comfortable with. Specifically, it was asking for the following:
This is the main advantage I would say of doing it via an action rather than the default.
My apologies; looking back, this is all information I should have included in the PR description for clarity. |
|
There's also a lot of things you can do with the custom webhook - like ping reviewers when new PR's are created - which are simply unsupported by the default webhook functionality in Github. |
To be fair, GitHub's webhooks aren't intended to do crazy things -- they're a notification service for a particular activity. They send a blob of data about the event, and then it's on the receiver to do cool things with the information. Discord has kindly provided a basic template for displaying the JSON, and anyone who wants to do something more needs to do the work. It usually means your own server and integrating with the associated client libraries to do whatever it is you want. IMO I would rather we forward the relevant events to our existing Discord bot and have it perform the necessary actions, rather than add a new workflow. Configuring James to tag a user group when a particular label is newly applied to an open PR should not be too difficult. @MCOfficer thoughts? |
|
I came up with this idea, because writing a discord bot to receive, understand, filter & pass on events webhooks is
Whereas github actions are open-source, several handful people in the community know how to edit them if needed, and have no bus-factor or risk beyond our repo's existing one. For clarity, these were the other options:
|
|
Would it be possible to use both a GitHub action and a Discord bot? We could use the action to build a usefully formatted message that avoids the issues I mentioned above, specifically:
The discord bot would then be available to do more advanced actions, like reacting to the message, opening threads, pinging various groups etc. The main advantages are:
|
|
Just to note: I have put in place the secret |
You're correct on all these counts. James would need some attention from a DevOps perspective to limit the impacts, including (egads) automated testing and at least an on-demand deploy workflow. I don't know any of the bot's current metrics to determine which tiers of various hosting providers we might fall into.
Also not wrong. But we are limited by the available Marketplace actions w.r.t. what we can do with the workflow.
I agree on not using ifttt / zapier.
Yes, but it isn't ideal, as we lose a lot of information on the handoff. When James receives the webhook directly, we can use all attributes of the JSON payload to dispatch the correct behavior. If James is only listening to a particular channel for a post by a particular user, all we have available is the content of that post and its authorship -- anything we want to do with James has to be drivable solely from that. Any changes to content of the action's post would need to ensure that James still gets all the information needed, which would likely be link parsing and then one or more calls to the GitHub API for attributes available from the referenced PR or branch + sha.
Does this still happen? I don't see duplicate commits in the current commit stream channel using the default discord formatted webhook. |
Because people are deleting all the duplicates. |
This particular point is entirely a non-issue. |
Even if it isn't ideal, could we use it for now until we get a better implementation? It sounds like this is something we could start using immediately while we work on getting James set up to handle the webhook payloads, which from what you and MCO are saying, sounds like it will be a decent amount of work and probably take a while to get going. Realistically, for the "Commit Stream" that this would be doing, the only information your general user will want is just what the commit changed in a human-readable format which is information most readily available via the commit title. In the future, if we want to start doing more with this, I agree with your suggestion to send the payload directly to James, but for now, I'd like to get something in place even if it's not ideal since it will work for what we need, and work much better than the default discord-formatted webhook. Edit: |
^This. Let's not overengineer a perfectly expandable solution that we may never truly need. If the need for role pings or more faceted notifications comes up, by all means let's explore all possible solutions - but let's also not force ourselves into a "perfect is the enemy of good" situation over such a mundane thing as notifications. This is not complicated code you will have to maintain for years, it's a yaml file that can be deleted any time. |
There was a problem hiding this comment.
I'm curious how one tags a Discord user/group in the given message, and if Ilshidur/action-discord#82 is going to be applicable. (Both those questions don't block this PR.)
.github/workflows/webhook.yml
Outdated
| DISCORD_WEBHOOK: ${{ secrets.DISCORD_WEBHOOK }} | ||
| uses: Ilshidur/[email protected] | ||
| with: | ||
| args: '{{ EVENT_PAYLOAD.head_commit.author.name }}: {{ EVENT_PAYLOAD.head_commit.message }}' |
There was a problem hiding this comment.
As an example, both the author name and the commit message may contain :, so a consumer is not guaranteed to be able to parse the information from just the Discord message.
I personally think there should be a link to view the commit, too, but YMMV.
There was a problem hiding this comment.
Changed this to commit message committed by author.
I am open to additional feedback on this and would like to hear what kind of formatting others might want and whether a link is something we want.
It's just a text code string pushed out in the message intended to be printed: |
There was a problem hiding this comment.
QA time: what, specifically, would be posted to Discord by this proposed workflow if the commit pushed is e.g. aa6cccb
In other words, you're posting whatever is in the head_commit object's message field. How much stuff might that be? 100 characters? 1000? If it's more than 2000 Discord is going to reject the request, but I suspect you're going to want to cap it much more quickly than that.
| - env: | ||
| DISCORD_WEBHOOK: ${{ secrets.DISCORD_WEBHOOK }} | ||
| uses: Ilshidur/[email protected] | ||
| if: "${{ env.DISCORD_WEBHOOK != '' }}" |
There was a problem hiding this comment.
Ideally the workflow should not run, rather than just skipping a step in a single job. Is that possible?
There was a problem hiding this comment.
Haven't found anything. See for example actions/runner#520
There was a problem hiding this comment.
Yeah, I looked and didn't find any way to stop the "workflow" itself from running, since I'm pretty sure it has to run in order for the secret to be loaded into an environment variable in order to be used in a conditional.
Though if anyone does know of a way, I'd be more than happy to add it.
| uses: Ilshidur/[email protected] | ||
| if: "${{ env.DISCORD_WEBHOOK != '' }}" | ||
| with: | ||
| args: '{{ EVENT_PAYLOAD.head_commit.message }} committed by {{ EVENT_PAYLOAD.head_commit.author.name }}' |
There was a problem hiding this comment.
The previous format of "author before commit" is more natural to read. My previous comment was just calling out the possible ambiguity involved when parsing the messages produced by this job; This format also has ambiguity, since committed by is not a reserved construct that is unable to appear in the commit message.
|
You should consider the commit title to be whatever is before the first 2 newline characters (either 2 That screenshot also suggests you need to add handling for link references ( |
|
Some of the suggestions brought up are going to require sending the webhook as a discord embed JSON object rather than a string like it is now. Given that's going to be a fairly substantial edit to what I already have, I think it's best that I put this to draft for now while I work on doing that. |
|
I don't see myself getting to this any time soon, so I'm going to close it so as to not clutter up our PRs |
Feature: This PR implements a new workflow to post new commits to the community Discord automatically
Feature Details
With the addition of this new workflow, we can host a commit-stream channel to keep the community as a whole and content creators informed of any changes. This has been an oft-requested feature.
Using a workflow rather than an external service avoids needing to allow external service access to the repository, which is beneficial for security purposes. It also allows us complete control over what content is displayed, which would not be possible using the built-in GitHub webhook.
Screenshots
An example of how a commit would look when posted to Discord; It is currently showing the author's name and commit message.
Requirements for merge
When merging this PR, two additional updates will need to be made to the Endless Sky repo in order for it to work correctly.
An admin will need to add the discord webhook URL as a new environment variable, which I will provide privately to keep it secret.Our current commit log webhook should be turned off to avoid duplicating new commit messages.Testing Done
I have tested this workflow and confirmed that it ran and posted correctly when using a private fork of the repository.