feat: send Keybase build notifications using the opensentinel API

BREAKING CHANGE: This no longer sends out Keybase messages directly
(using a username + paperkey), but instead makes use of the an API to do
so.

Author: marvinpinto

.github/workflows/ci.yml

@@ -27,3 +27,9 @@ jobs:
           yarn run lint
           yarn run test
           yarn run build
+      - uses: "./packages/keybase-notifications"
+        if: always()
+        with:
+          job_status: ${{ job.status }}
+          opensentinel_owner: ${{ secrets.OSL_OWNER }}
+          opensentinel_token: ${{ secrets.OSL_TOKEN }}

.github/workflows/keybase.yml

@@ -31,7 +31,6 @@ jobs:
           files: |
             packages/automatic-releases/dist/index.js
             packages/keybase-notifications/dist/index.js
-            packages/keybase-notifications/dist/keybase
         id: "automatic_releases"
 
       # marvinpinto/action-keybase-notifications
@@ -42,10 +41,9 @@ jobs:
         run: |
           ./scripts/mirror-actions.sh "$AUTOMATIC_RELEASES_TAG"
 
-      - uses: "./packages/keybase-notifications/"
+      - uses: "./packages/keybase-notifications"
+        if: always()
         with:
-          message: "Version `${{ steps.automatic_releases.outputs.automatic_releases_tag }}` of `${{ github.repository }}` successfully released."
-          keybase_username: "${{ secrets.KeybaseUsername }}"
-          keybase_paper_key: "${{ secrets.KeybasePaperKey }}"
-          keybase_team_name: "${{ secrets.KeybaseTeamName }}"
-          keybase_topic_name: "${{ secrets.KeybaseTopicName }}"
+          job_status: ${{ job.status }}
+          opensentinel_owner: ${{ secrets.OSL_OWNER }}
+          opensentinel_token: ${{ secrets.OSL_TOKEN }}

.github/workflows/pre-release.yml

@@ -29,7 +29,6 @@ jobs:
           files: |
             packages/automatic-releases/dist/index.js
             packages/keybase-notifications/dist/index.js
-            packages/keybase-notifications/dist/keybase
         id: "automatic_releases"
 
       # marvinpinto/action-keybase-notifications
@@ -41,9 +40,8 @@ jobs:
           ./scripts/mirror-actions.sh "$AUTOMATIC_RELEASES_TAG"
 
       - uses: "marvinpinto/action-keybase-notifications@latest"
+        if: always()
         with:
-          message: "Version `${{ steps.automatic_releases.outputs.automatic_releases_tag }}` of `${{ github.repository }}` successfully released."
-          keybase_username: "${{ secrets.KeybaseUsername }}"
-          keybase_paper_key: "${{ secrets.KeybasePaperKey }}"
-          keybase_team_name: "${{ secrets.KeybaseTeamName }}"
-          keybase_topic_name: "${{ secrets.KeybaseTopicName }}"
+          job_status: ${{ job.status }}
+          opensentinel_owner: ${{ secrets.OSL_OWNER }}
+          opensentinel_token: ${{ secrets.OSL_TOKEN }}

.github/workflows/tagged-release.yml

@@ -33,21 +33,21 @@
     "@commitlint/cli": "^8.2.0",
     "@commitlint/config-conventional": "^8.2.0",
     "@commitlint/config-lerna-scopes": "^8.2.0",
-    "@types/jest": "^24.0.18",
-    "@types/node": "^12.7.12",
-    "@typescript-eslint/eslint-plugin": "^2.3.3",
-    "@typescript-eslint/parser": "^2.3.3",
+    "@types/jest": "^24.0.24",
+    "@types/node": "^13.1.0",
+    "@typescript-eslint/eslint-plugin": "^2.13.0",
+    "@typescript-eslint/parser": "^2.13.0",
     "@zeit/ncc": "^0.20.5",
-    "eslint": "^6.5.1",
-    "eslint-config-prettier": "^6.4.0",
-    "eslint-plugin-jest": "^22.17.0",
-    "eslint-plugin-prettier": "^3.1.1",
+    "eslint": "^6.8.0",
+    "eslint-config-prettier": "^6.7.0",
+    "eslint-plugin-jest": "^23.1.1",
+    "eslint-plugin-prettier": "^3.1.2",
     "jest": "^24.9.0",
     "jest-circus": "^24.9.0",
     "lerna": "^3.17.0",
-    "prettier": "^1.18.2",
-    "ts-jest": "^24.1.0",
-    "typescript": "^3.6.4"
+    "prettier": "^1.19.1",
+    "ts-jest": "^24.2.0",
+    "typescript": "^3.7.4"
   },
   "eslintIgnore": [
     "!.*.js"

package.json

@@ -24,7 +24,6 @@
     "@actions/core": "^1.1.3",
     "@actions/github": "^1.1.0",
     "@octokit/rest": "^16.33.0",
-    "@types/lodash": "^4.14.144",
     "conventional-changelog-angular": "^5.0.5",
     "conventional-commits-parser": "^3.0.5",
     "globby": "^10.0.1",

packages/automatic-releases/package.json

@@ -1,8 +1,12 @@
 import * as core from '@actions/core';
-import {getShortSHA} from '../../keybase-notifications/src/githubEvent';
 import * as Octokit from '@octokit/rest';
 import defaultChangelogOpts from 'conventional-changelog-angular';
 
+export const getShortSHA = (sha: string): string => {
+  const coreAbbrev = 7;
+  return sha.substring(0, coreAbbrev);
+};
+
 export type ParsedCommitsExtraCommit = Octokit.ReposCompareCommitsResponseCommitsItem & {
   author: {
     email: string;

packages/automatic-releases/src/utils.ts

@@ -1,14 +1,14 @@
-# Keybase Chat Notifications
+# Keybase Build Notifications
 
-This action allows you to post messages to [Keybase Chat](https://keybase.io/blog/keybase-chat) channels, teams, and DMs. It sends messages using a Keybase paperkey and the corresponding Keybase username.
+This action allows you to post GitHub build notifications to [Keybase Chat](https://keybase.io/blog/keybase-chat) channels, teams, and DMs. It sends messages via the [opensentinel API](https://keybase.io/sentinelbot), using your `owner` and `token` values.
 
 ![Keybase default GitHub notification](images/keybase-gh-notification-example.png)
 
 ## Contents
 
 1. [Using the Action](#using-the-action)
 1. [Parameters](#parameters)
-1. [Supported GitHub Events](#supported-github-events)
+1. [What about other GitHub events?](#what-about-other-github-events)
 1. [Filtering Notifications](#filtering-notifications)
 1. [Versioning](#versioning)
 1. [How to get help](#how-to-get-help)
@@ -18,112 +18,102 @@ This action allows you to post messages to [Keybase Chat](https://keybase.io/blo
 
 ## Using the Action
 
-You will need a Keybase paperkey and its corresponding username. It is probably a good idea to create a dedicated Keybase account for this purpose, or at the very least generate a dedicated paperkey on your existing account. This makes it easier to revoke if needed.
+You will need an opensentinel API token in order to use this action. Go through the [@sentinelbot](https://keybase.io/sentinelbot) setup flow for a **Generic Webhook** and make a note of the `owner` and `token` values in the URL you receive.
 
-### Pull Request Notifications Example
+As a reference, `@sentinelbot` Webhook URLs for Keybase will look something like:
+
+```text
+https://api.opensentinel.com/kb/webhooks?owner=<OSL_OWNER>&token=<OSL_TOKEN>
+```
+
+### Build notifications for CI Tests
 
 ```yaml
-name: "keybase"
+name: "CI Tests"
 
 on:
-  pull_request:
-    types:
-      - "opened"
-      - "closed"
-      - "reopened"
-      - "synchronize"
+  push:
 
 jobs:
-  keybase:
+  ci:
     runs-on: "ubuntu-latest"
     steps:
+      # ...
+      - name: "Build & test"
+        run: |
+          echo "done!"
+
+      # Add the notification step as the last one
       - uses: "marvinpinto/action-keybase-notifications@latest"
+        if: always()
         with:
-          keybase_username: "${{ secrets.KeybaseUsername }}"
-          keybase_paper_key: "${{ secrets.KeybasePaperKey }}" # "fancy regular ..."
-          keybase_team_name: "${{ secrets.KeybaseTeamName }}" # "keybasefriends"
-          keybase_topic_name: "${{ secrets.KeybaseTopicName }}" # "general"
+          job_status: ${{ job.status }}
+          opensentinel_owner: ${{ secrets.OSL_OWNER }}
+          opensentinel_token: ${{ secrets.OSL_TOKEN }}
+          on_success: "never"
+          on_failure: "always"
 ```
 
-### Private Messaging
+This will send you a Keybase chat notification whenever a CI build fails but not when it passes (if you wanted to reduce channel noise). The `if: always()` stanza above ensures that the notification step [runs no matter what](https://help.github.com/en/actions/automating-your-workflow-with-github-actions/contexts-and-expression-syntax-for-github-actions#job-status-check-functions).
+
+### Build notifications for releases
 
 ```yaml
+on:
+  push:
+    tags:
+      - "v*"
+
 jobs:
-  keybase:
+  ci:
     runs-on: "ubuntu-latest"
     steps:
-      - uses: "marvinpinto/action-keybase-notifications@latest"
-        with:
-          keybase_username: "${{ secrets.KeybaseUsername }}"
-          keybase_paper_key: "${{ secrets.KeybasePaperKey }}" # "fancy regular ..."
-          keybase_channel: "${{ secrets.KeybaseChannel }}" # "you,robot,chris"
-```
+      # ...
+      - name: "Build & test"
+        run: |
+          echo "done!"
 
-### Custom Notification Message
+      - name: "Deploy to production"
+        run: |
+          echo "+1"
 
-```yaml
-jobs:
-  keybase:
-    runs-on: "ubuntu-latest"
-    steps:
       - uses: "marvinpinto/action-keybase-notifications@latest"
+        if: always()
         with:
-          message: "Hey there, world!"
-          keybase_username: "${{ secrets.KeybaseUsername }}"
-          keybase_paper_key: "${{ secrets.KeybasePaperKey }}" # "fancy regular ..."
-          keybase_team_name: "${{ secrets.KeybaseTeamName }}" # "keybasefriends"
-          keybase_topic_name: "${{ secrets.KeybaseTopicName }}" # "general"
+          job_status: ${{ job.status }}
+          job_name: "Production Release"
+          opensentinel_owner: ${{ secrets.OSL_OWNER }}
+          opensentinel_token: ${{ secrets.OSL_TOKEN }}
 ```
 
+This will send you a notification message to let you know if the production release was successful or not.
+
 ## Parameters
 
-| Parameter               | Description                                 | Default |
-| ----------------------- | ------------------------------------------- | ------- |
-| `keybase_username`\*\*  | Keybase username, e.g. `spacedrop`          | `null`  |
-| `keybase_paper_key`\*\* | Keybase Paper Key, e.g. `fancy regular ...` | `null`  |
-| `keybase_channel`       | Peer channels, e.g. `you,robot,chris`       | `null`  |
-| `keybase_team_name`     | Keybase Team Name, e.g. `keybasefriends`    | `null`  |
-| `keybase_topic_name`    | Team channel, e.g. `general`                | `null`  |
+| Parameter                | Description                                          | Default       |
+| ------------------------ | ---------------------------------------------------- | ------------- |
+| `opensentinel_owner`\*\* | URL querystring value for owner                      | `null`        |
+| `opensentinel_token`\*\* | URL querystring value for token                      | `null`        |
+| `job_status`\*\*         | GitHub Actions job status - use `${{ job.status }}`  | `null`        |
+| `job_name`               | Display name to use in the chat message              | Workflow name |
+| `on_success`             | When a build passes, notify you "always" or "never"? | `always`      |
+| `on_failure`             | When a build fails, notify you "always" or "never"?  | `always`      |
 
 ### Notes:
 
 - Parameters denoted with `**` are required.
-- `keybase_team_name` and `keybase_topic_name` are required for messaging within team chat rooms.
-- `keybase_channel` is required for peer-to-peer messages.
 
-## Supported GitHub Events
+## What about other GitHub events?
 
-The following events are supported in this action. Everything else gets silently ignored. Have a read through the [Events that trigger workflows](https://help.github.com/en/articles/events-that-trigger-workflows) document for more information on how this works.
+Due to the way the permission system around GitHub Actions works, repo secrets cannot be accessed by users on forks & such. In general, an Action that requires a secret will fail when invoked through a pull request from a fork.
 
-```yaml
-on:
-  watch: # when someone stars a repository
-    types:
-      - "started"
-  push: # when someone pushes to a repository branch
-  pull_request:
-    types:
-      - "opened"
-      - "closed"
-      - "reopened"
-      - "synchronize"
-  commit_comment:
-  issues:
-    types:
-      - "opened"
-      - "edited"
-      - "closed"
-      - "reopened"
-  issue_comment:
-    types:
-      - "created"
-      - "edited"
-      - "deleted"
-```
+This action will do its hardest to **NOT fail the build** as a result of a processing error (network/permissions/etc).
+
+If you're still interested in receiving Keybase notifications for other GitHub events (`push`, `pull_request`, etc), set up a **GitHub Notification** webhook with [opensentinel](https://keybase.io/sentinelbot) and add that to your repository. The webhook system is not bound by the permission issues mentioned here!
 
 ## Filtering Notifications
 
-You can cut down on chat noise by applying filters to events that trigger this action. For example, you can send a Keybase chat notification only when someone pushes to the `master` branch.
+You can cut down on chat noise by applying filters to events that trigger this action. For example, you can send a Keybase build notification only when someone pushes to the `master` branch.
 
 ```yaml
 on:
@@ -144,7 +134,7 @@ Every commit that lands on master for this project triggers an automatic build a
 
 ## How to get help
 
-The main [README](https://github.com/marvinpinto/actions/blob/master/README.md) for this project has a bunch of information related to debugging & submitting issues. If you're still stuck, try and get a hold of me on [keybase](https://keybase.io/marvinpinto) and I will do my best to help you out.
+The main [README](https://github.com/marvinpinto/actions/blob/master/README.md) for this project has a bunch of information related to debugging & submitting issues. [Opensentinel](https://keybase.io/sentinelbot) help is available in the [opensentinel.users](https://keybase.io/team/opensentinel.users) user group. If you're still stuck, try and get a hold of me on [keybase](https://keybase.io/marvinpinto) and I will do my best to help you out.
 
 ## License