From 78f5da9cff138f2e26da7e21fb721149f0920fda Mon Sep 17 00:00:00 2001 From: Kenzo Date: Wed, 7 Jan 2026 16:32:00 +0100 Subject: [PATCH] feat(woodpecker): add Discord notifications for build status - Implemented success and failure notifications using `jq` for secure payload formatting. - Enhanced YAML to manage build alerts and improve CI visibility. --- .woodpecker.yml | 140 ++++++++++++++++++++++++++++++++++++++---------- 1 file changed, 111 insertions(+), 29 deletions(-) diff --git a/.woodpecker.yml b/.woodpecker.yml index b3c98ec..d54a31b 100644 --- a/.woodpecker.yml +++ b/.woodpecker.yml @@ -5,6 +5,7 @@ steps: DISCORD_WEBHOOK: from_secret: discord_webhook commands: + - apt-get update && apt-get install -y jq - npm install --package-lock-only - npm audit --audit-level=moderate || AUDIT_EXIT=$? - | @@ -17,38 +18,36 @@ steps: echo "==========================================" echo "" - # Discord Benachrichtigung senden + # Discord Benachrichtigung mit jq (sicher gegen Sonderzeichen) if [ ! -z "$DISCORD_WEBHOOK" ]; then - curl -H "Content-Type: application/json" \ - -d "{ - \"embeds\": [{ - \"title\": \"⚠️ npm audit Warnung\", - \"description\": \"Es wurden Sicherheitslücken in den Dependencies gefunden!\", - \"color\": 16744448, - \"fields\": [ - { - \"name\": \"Repository\", - \"value\": \"Gallus_Pub\", - \"inline\": true - }, - { - \"name\": \"Branch\", - \"value\": \"${CI_COMMIT_BRANCH}\", - \"inline\": true - }, - { - \"name\": \"Commit\", - \"value\": \"${CI_COMMIT_SHA:0:7}\", - \"inline\": true - } + PAYLOAD=$(printf '%s' "${CI_COMMIT_MESSAGE:-No commit message}" | jq -Rs \ + --arg title "⚠️ npm audit Warnung - Build #${CI_BUILD_NUMBER}" \ + --arg repo "${CI_REPO}" \ + --arg branch "${CI_COMMIT_BRANCH}" \ + --arg commit "${CI_COMMIT_SHA:0:7}" \ + --arg author "${CI_COMMIT_AUTHOR}" \ + --arg timestamp "$(date -u +%Y-%m-%dT%H:%M:%S.000Z)" \ + '. as $message | { + embeds: [{ + title: $title, + description: "Es wurden Sicherheitslücken in den Dependencies gefunden!", + color: 16744448, + fields: [ + { name: "Repository", value: $repo, inline: true }, + { name: "Branch", value: $branch, inline: true }, + { name: "Commit", value: ("`" + $commit + "`"), inline: true }, + { name: "Author", value: $author, inline: true }, + { name: "Commit Message", value: $message, inline: false } ], - \"footer\": { - \"text\": \"Build läuft trotzdem durch\" + footer: { + text: "Build läuft trotzdem durch" }, - \"timestamp\": \"$(date -u +%Y-%m-%dT%H:%M:%S.000Z)\" + timestamp: $timestamp }] - }" \ - "$DISCORD_WEBHOOK" + }') + + curl -H "Content-Type: application/json" -X POST \ + -d "$PAYLOAD" "$DISCORD_WEBHOOK" fi else echo "✓ No vulnerabilities found" @@ -63,10 +62,93 @@ steps: environment: FLY_API_TOKEN: from_secret: FLY_API_TOKEN + DISCORD_WEBHOOK: + from_secret: discord_webhook commands: + - apt-get update && apt-get install -y jq - curl -L https://fly.io/install.sh | sh - export PATH="$HOME/.fly/bin:$PATH" - flyctl deploy --config fly.toml --app gallus-pub --remote-only when: branch: main - event: push \ No newline at end of file + event: push + + notify_success: + image: node:20 + environment: + DISCORD_WEBHOOK: + from_secret: discord_webhook + commands: + - apt-get update && apt-get install -y jq + - | + if [ ! -z "$DISCORD_WEBHOOK" ]; then + PAYLOAD=$(printf '%s' "${CI_COMMIT_MESSAGE:-No commit message}" | jq -Rs \ + --arg title "✅ Build #${CI_BUILD_NUMBER} - Success" \ + --arg repo "${CI_REPO}" \ + --arg branch "${CI_COMMIT_BRANCH}" \ + --arg commit "${CI_COMMIT_SHA:0:7}" \ + --arg author "${CI_COMMIT_AUTHOR}" \ + --arg timestamp "$(date -u +%Y-%m-%dT%H:%M:%S.000Z)" \ + '. as $message | { + embeds: [{ + title: $title, + description: "Build und Deployment erfolgreich abgeschlossen!", + color: 3066993, + fields: [ + { name: "Repository", value: $repo, inline: true }, + { name: "Branch", value: $branch, inline: true }, + { name: "Commit", value: ("`" + $commit + "`"), inline: true }, + { name: "Author", value: $author, inline: true }, + { name: "Commit Message", value: $message, inline: false } + ], + timestamp: $timestamp + }] + }') + + curl -H "Content-Type: application/json" -X POST \ + -d "$PAYLOAD" "$DISCORD_WEBHOOK" + fi + when: + branch: main + event: push + status: success + + notify_failure: + image: node:20 + environment: + DISCORD_WEBHOOK: + from_secret: discord_webhook + commands: + - apt-get update && apt-get install -y jq + - | + if [ ! -z "$DISCORD_WEBHOOK" ]; then + PAYLOAD=$(printf '%s' "${CI_COMMIT_MESSAGE:-No commit message}" | jq -Rs \ + --arg title "❌ Build #${CI_BUILD_NUMBER} - Failure" \ + --arg repo "${CI_REPO}" \ + --arg branch "${CI_COMMIT_BRANCH}" \ + --arg commit "${CI_COMMIT_SHA:0:7}" \ + --arg author "${CI_COMMIT_AUTHOR}" \ + --arg timestamp "$(date -u +%Y-%m-%dT%H:%M:%S.000Z)" \ + '. as $message | { + embeds: [{ + title: $title, + description: "Build oder Deployment ist fehlgeschlagen!", + color: 15158332, + fields: [ + { name: "Repository", value: $repo, inline: true }, + { name: "Branch", value: $branch, inline: true }, + { name: "Commit", value: ("`" + $commit + "`"), inline: true }, + { name: "Author", value: $author, inline: true }, + { name: "Commit Message", value: $message, inline: false } + ], + timestamp: $timestamp + }] + }') + + curl -H "Content-Type: application/json" -X POST \ + -d "$PAYLOAD" "$DISCORD_WEBHOOK" + fi + when: + branch: main + event: push + status: failure \ No newline at end of file