From a4848f9e900c24d90c0286414874b86230b7fe81 Mon Sep 17 00:00:00 2001
From: Wayne Starr <Racer159@users.noreply.github.com>
Date: Wed, 2 Aug 2023 18:13:34 -0500
Subject: [PATCH] Add a slack webhook for when nightly tests fail (#1941)

## Description

This adds a slack notification when a nightly test fails so that we get
a ping.

## Related Issue

Fixes #N/A

## Type of change

- [ ] Bug fix (non-breaking change which fixes an issue)
- [ ] New feature (non-breaking change which adds functionality)
- [X] Other (security config, docs update, etc)

## Checklist before merging

- [X] Test, docs, adr added or updated as needed
- [X] [Contributor Guide
Steps](https://github.com/defenseunicorns/zarf/blob/main/CONTRIBUTING.md#developer-workflow)
followed

---------

Co-authored-by: razzle <harry@razzle.cloud>
---
 .github/actions/slack/action.yaml    | 45 ++++++++++++++++++++++++++++
 .github/workflows/nightly-ecr.yml    |  6 ++++
 .github/workflows/nightly-eks.yml    |  6 ++++
 src/cmd/root.go                      |  2 +-
 src/test/nightly/ecr_publish_test.go |  8 ++---
 5 files changed, 62 insertions(+), 5 deletions(-)
 create mode 100644 .github/actions/slack/action.yaml

diff --git a/.github/actions/slack/action.yaml b/.github/actions/slack/action.yaml
new file mode 100644
index 0000000000..6063f45b60
--- /dev/null
+++ b/.github/actions/slack/action.yaml
@@ -0,0 +1,45 @@
+name: slack
+description: "Post a message to slack with the workflow status"
+
+inputs:
+  slack-webhook-url:
+    description: 'The webhook URL to use to post to slack'
+    required: true
+
+runs:
+  using: composite
+  steps:
+    - uses: slackapi/slack-github-action@e28cf165c92ffef168d23c5c9000cffc8a25e117 #v1.24.0
+      with:
+        payload: |
+          {
+            "blocks": [
+              {
+                "type": "section",
+                "text": {
+                  "type": "mrkdwn",
+                  "text": "The GitHub Action Workflow **'${{ github.workflow }}'** had a result of: `${{ job.status }}`."
+                }
+              },
+              {
+                "type": "section",
+                "text": {
+                  "type": "mrkdwn",
+                  "text": "View Workflow Run"
+                },
+                "accessory": {
+                  "type": "button",
+                  "text": {
+                    "type": "plain_text",
+                    "text": "Click Me",
+                    "emoji": true
+                  },
+                  "value": "click_me_workflow_run",
+                  "url": "https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}",
+                  "action_id": "button-action"
+                }
+              }
+            ]
+          }
+      env:
+        SLACK_WEBHOOK_URL: ${{ inputs.slack-webhook-url }}
diff --git a/.github/workflows/nightly-ecr.yml b/.github/workflows/nightly-ecr.yml
index e5526c9078..64ecc2f7a3 100644
--- a/.github/workflows/nightly-ecr.yml
+++ b/.github/workflows/nightly-ecr.yml
@@ -47,3 +47,9 @@ jobs:
       - name: Save logs
         if: always()
         uses: ./.github/actions/save-logs
+
+      - name: Send trigger to Slack on workflow failure
+        if: failure()
+        uses: ./.github/actions/slack
+        with:
+          slack-webhook-url: ${{ secrets.SLACK_WEBHOOK_URL }}
diff --git a/.github/workflows/nightly-eks.yml b/.github/workflows/nightly-eks.yml
index 12b367aa26..ce9bf52450 100644
--- a/.github/workflows/nightly-eks.yml
+++ b/.github/workflows/nightly-eks.yml
@@ -73,3 +73,9 @@ jobs:
       - name: Save logs
         if: always()
         uses: ./.github/actions/save-logs
+
+      - name: Send trigger to Slack on workflow failure
+        if: failure()
+        uses: ./.github/actions/slack
+        with:
+          slack-webhook-url: ${{ secrets.SLACK_WEBHOOK_URL }}
diff --git a/src/cmd/root.go b/src/cmd/root.go
index 8117d4eeab..6c7e18ba89 100644
--- a/src/cmd/root.go
+++ b/src/cmd/root.go
@@ -40,7 +40,7 @@ var rootCmd = &cobra.Command{
 
 		exec.ExitOnInterrupt()
 
-		// Don't add the logo to the help command
+		// Don't log the help command
 		if cmd.Parent() == nil {
 			config.SkipLogFile = true
 		}
diff --git a/src/test/nightly/ecr_publish_test.go b/src/test/nightly/ecr_publish_test.go
index 9ce2402522..f7400b84f6 100644
--- a/src/test/nightly/ecr_publish_test.go
+++ b/src/test/nightly/ecr_publish_test.go
@@ -62,7 +62,7 @@ func TestECRPublishing(t *testing.T) {
 	// Ensure we get a warning when trying to inspect the online published package
 	stdOut, stdErr, err = e2e.Zarf("package", "inspect", upstreamPackageURL, keyFlag)
 	require.NoError(t, err, stdOut, stdErr)
-	require.Contains(t, stdErr, "Zarf is unable to validate the checksums of remote OCI packages.")
+	require.Contains(t, stdErr, "Checksums validated!")
 	require.Contains(t, stdErr, "Package signature validated!")
 
 	// Ensure we get an error when trying to pull the package without providing the public key
@@ -77,12 +77,12 @@ func TestECRPublishing(t *testing.T) {
 	// Ensure we get a warning when trying to inspect the package without providing the public key
 	stdOut, stdErr, err = e2e.Zarf("package", "inspect", testPackageFileName)
 	require.NoError(t, err, stdOut, stdErr)
-	require.Contains(t, stdErr, "The package you are inspecting has been signed but a public key was not provided.")
-	require.Contains(t, stdErr, "All of the checksums matched!")
+	require.Contains(t, stdErr, "Checksums validated!")
+	require.Contains(t, stdErr, "The package was signed but no public key was provided, skipping signature validation")
 
 	// Validate that we get no warnings when inspecting the package while providing the public key
 	stdOut, stdErr, err = e2e.Zarf("package", "inspect", testPackageFileName, keyFlag)
 	require.NoError(t, err, stdOut, stdErr)
-	require.Contains(t, stdErr, "All of the checksums matched!")
+	require.Contains(t, stdErr, "Checksums validated!")
 	require.Contains(t, stdErr, "Package signature validated!")
 }