ci: Slack-notify failed pipeline runs only
All checks were successful
ci/woodpecker/push/default Pipeline was successful
All checks were successful
ci/woodpecker/push/default Pipeline was successful
Viktor doesn't want a Slack message for every CI run — only failures. The infra apply pipeline posted a status line to #general on every push, and the renew-tls / postmortem-todos / registry-config-sync / pve-nfs-exports-sync crons posted on every scheduled run (~30+ routine messages a week). Now: the apply pipeline's success post is gone (notify-failure already covers failures), all cron notifies are status:[failure] with explicit FAILED texts, and drift-detection is silent when all stacks are clean (still posts drift findings and errors, and gains a hard-failure catch step it previously lacked). Kept: notify-nonadmin-push (org audit feed) and the actionable provision-user post. Per-app deploy template in ci-cd.md updated to match. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
This commit is contained in:
parent
a64d2ba2b9
commit
88c86e2109
7 changed files with 39 additions and 20 deletions
|
|
@ -293,7 +293,9 @@ The infra repo runs on Woodpecker via **two** forge registrations: the Forgejo
|
|||
forge (repo id 82, registered 2026-06-08) and the legacy GitHub forge (repo id
|
||||
1). Pushes to **Forgejo** `master` fire `.woodpecker/default.yml`
|
||||
(changed-stacks terragrunt apply, in `infra-ci`) plus the `notify-nonadmin-push`
|
||||
Slack audit step. Operational facts (2026-06-10):
|
||||
Slack audit step. **Slack policy (2026-07-02): every infra pipeline posts only
|
||||
on FAILURE** (plus the non-admin audit post and drift/error findings) — routine
|
||||
successful runs are silent. Operational facts (2026-06-10):
|
||||
|
||||
- **Webhook URL is the IN-CLUSTER service**:
|
||||
`http://woodpecker-server.woodpecker.svc.cluster.local/api/hook?...` (PATCHed
|
||||
|
|
@ -375,7 +377,8 @@ steps:
|
|||
notify:
|
||||
image: plugins/slack
|
||||
when:
|
||||
status: [success, failure]
|
||||
# Failure-only (2026-07-02 policy): CI notifies about failed runs only.
|
||||
status: [failure]
|
||||
```
|
||||
|
||||
### CI/CD secrets sync
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue