|
| 1 | +# Notify Failure Action |
| 2 | + |
| 3 | +This GitHub Action sends a rich Slack failure notification automatically assembled from GitHub context and the GitHub API — no message-building boilerplate required. |
| 4 | + |
| 5 | +## Description |
| 6 | + |
| 7 | +When a CI job fails, this action fetches relevant context (commit info, job logs) from the GitHub API and posts a structured Slack message containing: |
| 8 | + |
| 9 | +- Repository, branch, and workflow name |
| 10 | +- Failed job names |
| 11 | +- Run attempt number (shows when a job has been retried) |
| 12 | +- Last commit author and commit message |
| 13 | +- Root cause: first meaningful error line extracted from the failed job logs |
| 14 | +- Develocity build scan link (if present in the logs) |
| 15 | +- Links to view the run and re-run failed jobs |
| 16 | + |
| 17 | +All sections are included by default. Individual sections can be excluded via inputs. |
| 18 | + |
| 19 | +## Dependencies |
| 20 | + |
| 21 | +- [SonarSource/vault-action-wrapper](https://github.com/SonarSource/vault-action-wrapper) to retrieve the Slack token from Vault |
| 22 | +- GitHub token (`github.token`) for reading commit info and job logs via the GitHub API |
| 23 | + |
| 24 | +## Example Slack Output |
| 25 | + |
| 26 | +``` |
| 27 | +🚨 CI Failure — SonarSource/sonar-php |
| 28 | +
|
| 29 | +Workflow: Java CI • Branch: `main` • Attempt: 2 |
| 30 | +Triggered by: janedoe |
| 31 | +PR: #42 Fix authentication bug |
| 32 | +Failed Jobs: qa_plugin (step: Run unit tests), build |
| 33 | +
|
| 34 | +🚨 Flaky: This workflow has failed 3 consecutive times on this branch |
| 35 | +
|
| 36 | +🔬 Root Cause: error: method analyze(UCFG) is not public |
| 37 | +🧪 Test Failures: 3 failures, 1 error (across 42 tests) |
| 38 | +📊 Build Scan: View Develocity Scan |
| 39 | +
|
| 40 | +🔍 View Run & Re-run Failed Jobs |
| 41 | +``` |
| 42 | + |
| 43 | +## Inputs |
| 44 | + |
| 45 | +| Input | Description | Required | Default | |
| 46 | +|-------|-------------|----------|---------| |
| 47 | +| `project-name` | The display name of the project; used in the Slack username. | Yes | - | |
| 48 | +| `slack-channel` | Slack channel to post to (without `#`). | Yes | - | |
| 49 | +| `needs` | The `toJSON(needs)` object from the caller workflow, used to identify which jobs failed. | Yes | - | |
| 50 | +| `github-token` | GitHub token for API calls (read commits and job logs). | No | `${{ github.token }}` | |
| 51 | +| `include-pr-info` | Include PR title and link when the run is associated with a pull request. | No | `true` | |
| 52 | +| `include-failed-step` | Include the name of the failed step within each failed job. | No | `true` | |
| 53 | +| `include-test-counts` | Include failed test counts parsed from Maven surefire output in job logs. | No | `true` | |
| 54 | +| `include-flakiness` | Include a flakiness indicator when the workflow has failed consecutively on this branch. | No | `true` | |
| 55 | +| `include-root-cause` | Include a root cause line extracted from failed job logs. | No | `true` | |
| 56 | +| `include-develocity` | Include a Develocity build scan link if found in the logs. | No | `true` | |
| 57 | +| `include-run-attempt` | Include the run attempt number. | No | `true` | |
| 58 | + |
| 59 | +## Outputs |
| 60 | + |
| 61 | +No outputs are produced by this action. |
| 62 | + |
| 63 | +## Usage |
| 64 | + |
| 65 | +```yaml |
| 66 | +jobs: |
| 67 | + build: |
| 68 | + runs-on: ubuntu-latest |
| 69 | + steps: |
| 70 | + - run: ./gradlew build |
| 71 | + |
| 72 | + test: |
| 73 | + runs-on: ubuntu-latest |
| 74 | + needs: build |
| 75 | + steps: |
| 76 | + - run: ./gradlew test |
| 77 | + |
| 78 | + notify_on_failure: |
| 79 | + needs: [build, test] |
| 80 | + runs-on: ubuntu-latest |
| 81 | + if: failure() |
| 82 | + permissions: |
| 83 | + id-token: write |
| 84 | + actions: read # needed to read job logs |
| 85 | + steps: |
| 86 | + - uses: SonarSource/release-github-actions/notify-failure@v1 |
| 87 | + with: |
| 88 | + project-name: 'My Project' |
| 89 | + slack-channel: 'squad-alerts' |
| 90 | + needs: ${{ toJSON(needs) }} |
| 91 | +``` |
| 92 | +
|
| 93 | +### Excluding sections |
| 94 | +
|
| 95 | +```yaml |
| 96 | +- uses: SonarSource/release-github-actions/notify-failure@v1 |
| 97 | + with: |
| 98 | + project-name: 'My Project' |
| 99 | + slack-channel: 'squad-alerts' |
| 100 | + needs: ${{ toJSON(needs) }} |
| 101 | + include-develocity: 'false' |
| 102 | + include-run-attempt: 'false' |
| 103 | +``` |
| 104 | +
|
| 105 | +## Prerequisites |
| 106 | +
|
| 107 | +- Vault policy granting access to `development/kv/data/slack` must be configured for the repository. |
| 108 | +- The job must have `id-token: write` permission (for Vault) and `actions: read` permission (for reading job logs via the GitHub API). |
| 109 | + |
| 110 | +## Notes |
| 111 | + |
| 112 | +- Root cause extraction uses heuristics (javac error lines, Maven `BUILD FAILURE`, `Exception in thread`, etc.) and may not always find the most relevant line. It is best-effort. |
| 113 | +- Develocity scan links are extracted by regex from job logs. If a project does not use Develocity, the section is simply omitted. |
| 114 | +- When `github.token` is used (the default), it has read access to the repository's actions data. No additional token configuration is needed for most public or internal repositories. |
0 commit comments