npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

lucify-notifier

v0.1.17

Published

Integrates with the GitHub deployments API and Flowdock

Downloads

28

Readme

lucify-notifier

A Node.js CLI utility for sending deployment notifications to Flowdock and/or to GitHub's Deployments API.

lucify-notifier wraps a shell command and sends success or failure notifications based on the exit code of the wrapped executable.

At Lucify we use lucify-notifier as part of our CI pipeline, for example with the following deploy script in package.json:

"scripts": {
  "deploy": "lucify-notifier ecs-updater"
}

Authentication

Flowdock

The flow and the authorization to post to it are specified with the FLOWDOCK_FLOW_TOKEN environment variable. This needs to be a so called source flow_token: https://www.flowdock.com/api/sources.

GitHub

To authorize with GitHub, you need to create and install a GitHub Integration (still an early access feature) for your organization. The integration needs to have read and write access to commit statuses and deployments. With the integration installed, the following environment variables need to be set:

GITHUB_CREDENTIALS_INTEGRATION_ID="<the id of the integration>"
GITHUB_CREDENTIALS_INSTALLATION_ID="<the installation id of the above integration>"
GITHUB_CREDENTIALS_KEY="<the secret key retrieved from GH's UI when installing the integration>"

Another way to provide the GitHub credentials is store the above information as a json file in a S3 bucket. The json should have the following schema:

{
  "integration_id": "number",
  "installation_id": "number",
  "key": "string"
}

In this scenario the following environment variables need to be set:

AWS_ACCESS_KEY_ID="<credentials for accessing the above S3 object>"
AWS_SECRET_ACCESS_KEY="<credentials for accessing the above S3 object>"

The location of the credentials file can be provided as an environment variable

GITHUB_S3_CREDENTIALS="s3://<bucket>/<key>"

or specified as github.s3_credentials in the configuration file described below.

Configuration

lucify-notifier has three sources for its configuration, which are in order of preference:

  1. environment variables
  2. configuration file
  3. defaults

There are quite a few settings, here's the complete json schema with their defaults:

{
  github: {
    // these correspond directly
    // to the options in
    // https://developer.github.com/v3/repos/deployments/#create-a-deployment
    deploymentOptions: {
      required_contexts: [],
      task: 'deploy',
      auto_merge: false,
      payload: '',
      description: '',
      transient_environment: false,
      production_environment: process.env.NODE_ENV === 'production',
    },
    // either credentials OR s3_credentials are required
    credentials: {
      integration_id: 0,
      installation_id: 0,
      key: '',
    },
    s3_credentials: '',
  },
  flowdock: {
    flow_token: '', // required
    author: {
      name: '',
      email: '', // required
    },
  },
  deployment: {
    branch: {
      ref: 'master',
      repository: '', // required
      owner: '', // username or organization, required
    },
    environment: process.env.NODE_ENV,
    committer: '', // required, explained in more detail below
    url: '', // explained in more detail below
    build_url: '', // explained in more detail below
    commit_message: '', // explained in more detail below
  },
  build_command: '', // defaults to the one given on the command-line
  decryption_key: '',
  aws_temporary: '',
}

deployment.committer

This is crucial for the GitHub notifications. It has to correspond to a GitHub user who has authorization to create deployments in the specified repository. More information about integrations acting on behalf of users can be found on https://developer.github.com/early-access/integrations/authentication/#requesting-an-access-token-on-behalf-of-a-user.

If flowdock.author.name is undefined, it defaults to deployment.committer.

deployment.url

Used in the notification content. Should be specified if the deployment can be viewed in the browser. In GitHub's case, if specified, it will show a view deployment button in pull requests. In flowdock, it's part of the notification payload.

deployment.build_url

Used in the notification content. Should point to a url where a log of the build process can be viewed, such as a CI/CD service. In GitHub's case, if specified, it will show a deployed link in PRs. In flowdock, it's part of the notification payload.

deployment.commit_message

Used in the notification content. If not specified and the current working directory is a git repository, then the latest commit message from that repository is used.

Environment variables

Each of the options can be specified with an environment variable. The variable names correspond to the above schema, so that , for example, flowdock.author.name would be looked from FLOWDOCK_AUTHOR_NAME and decryption_key from DECRYPTION_KEY.

Configuration file

If a file named lucify-notifier.config.js|json is found in the directory where lucify-notifieris executed, it is assumed to contain a json object with the schema specified above. A .js file should export the json with

module.exports = <json>

Here's an example of a typical configuration file:

const envVars = process.env;
const environment = envVars.NODE_ENV === 'production' ? 'production' : 'staging';
const statusUrl = `https://${environment === 'production' ? '' : 'staging.'}foo.io/status`;
module.exports = {
  deployment: {
    branch: {
      ref: envVars.CIRCLE_BRANCH,
      owner: envVars.CIRCLE_PROJECT_USERNAME,
      repository: envVars.CIRCLE_PROJECT_REPONAME,
    },
    committer: envVars.CIRCLE_USERNAME,
    build_url: envVars.CIRCLE_BUILD_URL,
    url: statusUrl,
    environment,
  },
  github: {
    s3_credentials: 's3://<bucket>/<aws_credentials_key>',
    deploymentOptions: {
      transient_environment: true,
    },
  },
  flowdock: {
    flow_token: '',
    author: {
      email: '[email protected]',
    },
  },
  decryption_key: '',
}

Credential decryption

In general lucify-notifier tries to not affect the executable it wraps in any way. All the environment variables are passed on, with one exception: if the AWS_TEMPORARY option is specified, then it is assumed that it constains encrypted temporary AWS credentials that should be decrypted and provided as environment variables for the the wrapped executable.

The mapping from the decrypted AWS_TEMPORARY json to environment variables is:

{
  'accessKeyId': 'AWS_ACCESS_KEY_ID',
  'secretAccessKey': 'AWS_SECRET_ACCESS_KEY',
  'sessionToken': 'AWS_SESSION_TOKEN',
}

This feature serves a very specific purpose: when launching production deployments in CircleCI via its REST API, the extra environment variables specified in the request, including the aws credentials, are visible in the build log output. To prevent revealing them, one can then specify the DECRYPTION_KEY environment variable in the CircleCI project settings (these are never visible) and provide an encrypted json object in the AWS_TEMPORARY variable. If DECRYPTION_KEY is not defined, it defaults to AWS_ACCESS_KEY_ID.

The encryption and decryption details are a bit involved, but they use aes-256-gcm symmetric authenticated cryptography. See utils.ts for the code.