Remove Slack notifications for CI failures

waiting-for-dev · waiting-for-dev · commit 5bcf4c863480 · 2023-02-15T05:19:07.000+01:00
We were storing the Slack secrets on a CircleCI context [1]. Although we were also passing them to forks [2], it resulted on unauthorized builds for external contributions. We could work around the issue in two ways: - Having the secrets outside of any context, but that would compromise the security of the associated Slack channel for: - Send messages as @circleci notifications - Send messages to channels @circleci notifications isn't a member of - Upload, edit, and delete files as CircleCI notifications - Using CircleCI logic statements [3] to conditionally run jobs when `CIRCLECI_USERNAME` or `CIRCLE_PR_USERNAME` env vars [4] are in a list of allowed users. However, that would be something difficult to maintain, and there's no other way to check the user's role. Given that we don't find those trade-offs to be acceptable, we remove the integration for now. [1] - https://circleci.com/docs/contexts/ [2] - https://circleci.com/docs/oss/#pass-secrets-to-builds-from-forked-pull-requests [3] - https://circleci.com/docs/configuration-reference/#logic-statements [4] - https://circleci.com/docs/variables/
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -10,16 +10,6 @@ orbs:
   # or goes EOL.
   solidusio_extensions: solidusio/extensions@volatile
 
-  slack: circleci/slack@4.9.3
-
-commands:
-  notify:
-      steps:
-        - slack/notify:
-            event: fail
-            template: basic_fail_1
-            branch_pattern: master
-
 jobs:
   run-specs-with-postgres:
     executor:
@@ -30,7 +20,6 @@ jobs:
       - browser-tools/install-chrome
       - solidusio_extensions/run-tests-solidus-master
       - solidusio_extensions/store-test-results
-      - notify
 
   run-specs-with-mysql:
     executor:
@@ -41,7 +30,6 @@ jobs:
       - browser-tools/install-chrome
       - solidusio_extensions/run-tests-solidus-current
       - solidusio_extensions/store-test-results
-      - notify
 
   run-specs-with-sqlite:
     executor:
@@ -52,25 +40,19 @@ jobs:
       - browser-tools/install-chrome
       - solidusio_extensions/run-tests-solidus-older
       - solidusio_extensions/store-test-results
-      - notify
 
   lint-code:
     executor: solidusio_extensions/sqlite
     steps:
       - solidusio_extensions/lint-code
-      - notify
 
 workflows:
   "Run specs on supported Solidus versions":
     jobs:
-      - run-specs-with-postgres:
-          context: slack-secrets
-      - run-specs-with-mysql:
-          context: slack-secrets
-      - run-specs-with-sqlite:
-          context: slack-secrets
-      - lint-code:
-          context: slack-secrets
+      - run-specs-with-postgres
+      - run-specs-with-mysql
+      - run-specs-with-sqlite
+      - lint-code
 
   "Weekly run specs against master":
     triggers:
@@ -81,9 +63,6 @@ workflows:
               only:
                 - master
     jobs:
-      - run-specs-with-postgres:
-          context: slack-secrets
-      - run-specs-with-mysql:
-          context: slack-secrets
-      - run-specs-with-sqlite:
-          context: slack-secrets
+      - run-specs-with-postgres
+      - run-specs-with-mysql
+      - run-specs-with-sqlite
