Integrating GitHub and Slack via Netlify.
Trainees often accidentally create repositories in the CYF GitHub organization. This leads to lots of excess repos and makes it hard to manage the org.
A webhook in GitHub is configured to send all relevant events ("Repository created, deleted, archived, unarchived, publicized, privatized, edited, renamed, or transferred.") in the CYF org to a Netlify function (in CYF's account).
The function in turn interacts with Slack to post messages notifying organization owners of any new repository, allowing them to review and (if necessary) delete the new repository.
The sequence diagram below shows the series of events and calls.
sequenceDiagram
actor Trainee
participant GitHub
participant Netlify
participant Slack
Trainee->>GitHub: Create repo CodeYourFuture/{name}
GitHub->>+Netlify: POST /repo_event
Netlify->>+Slack: POST /chat.postMessage
Note right of Slack: Post in #35;cyf-github-owners
Slack-->>-Netlify: 200 OK
Netlify-->>-GitHub: 200 OK
actor Admin
alt Delete the repo
Admin->>Slack: Click "Delete repo"
Slack->>+Netlify: POST /slack_interaction
Netlify->>+GitHub: DELETE /repos/CodeYourFuture/{name}
GitHub-->>-Netlify: 204 No Content
Netlify->>+Slack: POST /chat.update
Note right of Slack: Update the post
Slack-->>-Netlify: 200 OK
Netlify->>+Slack: POST /reactions.add
Note right of Slack: React to the post
Slack-->>-Netlify: 200 OK
Netlify->>+Slack: POST /chat.postMessage
Note right of Slack: Respond to the post
Slack-->>-Netlify: 200 OK
Netlify-->>-Slack: 200 OK
else Dismiss the message
Admin->>Slack: Click "Dismiss"
Slack->>+Netlify: POST /slack_interaction
Netlify->>+Slack: POST /chat.update
Note right of Slack: Update the post
Slack-->>-Netlify: 200 OK
Netlify->>+Slack: POST /reactions.add
Note right of Slack: React to the post
Slack-->>-Netlify: 200 OK
Netlify->>+Slack: POST /chat.postMessage
Note right of Slack: Respond to the post
Slack-->>-Netlify: 200 OK
Netlify-->>-Slack: 200 OK
end
The Netlify functions require the following environment variables:
GITHUB_TOKEN: Token used to delete repos in GitHub, a fine-grained token:- Resource owner should be CodeYourFuture
- Repository access should be "All repositories"
- Repository permissions should be:
- Administration: read and write (to allow repository deletion)
- Metadata: read (this is set by default)
GITHUB_WEBHOOK_SECRET: Secret used to verify webhook calls from GitHubSLACK_CHANNEL: The channel to post messages in (currently #cyf-github-owners)SLACK_SIGNING_SECRET: Secret used to verify webhook calls from SlackSLACK_TOKEN: Token used to post messages to Slack (with scopeschat:writeandreactions:write)