gnezim/flights_web
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
flights_web/scripts/ci/notify-telegram.sh
T
gnezim 03eeddfbf8 CI/CD pipeline: ssh -L tunnel for TIM API + manual Jenkins trigger 
Two design pivots discovered during Phase B prerequisites:

Routing: Replace static-route + NAT plan with persistent ssh -L tunnel
from pve-201 to webzavod (deployment/systemd/flights-tim-tunnel.service).
nginx proxies /api/ and /map/api/ to https://127.0.0.1:8443 with SNI/Host
overrides so cert validation still targets the real hostname. No webzavod
kernel changes (no ip_forward/MASQUERADE), no /etc/hosts pin needed.

Workflow B: Drop Jenkins trigger/poll automation (operator lacks Jenkins
job-configure access and user API token access). release.yml now stops
after MR merge with a Telegram message containing the Jenkins job URL.
release-verify.yml (new, workflow_dispatch only) runs the customer-URL
e2e suite once the operator has triggered Jenkins manually and it has
completed.

Other:
- SSR loopback port 8081 -> 3002 (8081 was taken by openwebui on pve-201)
- notify-telegram.sh skips cleanly when TG secrets unset (was: hard-fail)
- README + spec addendum cover the new prereqs and removed steps
2026-04-27 11:58:39 +03:00

76 lines
2.1 KiB
Bash
Executable File
Raw Permalink Blame History

#!/usr/bin/env bash
# notify-telegram.sh — post a Telegram message for a CI stage.
#
# Usage: notify-telegram.sh [--dry-run] <start|ok|fail> <stage> [<extra-context>]
#
# Env (required unless --dry-run):
# TELEGRAM_BOT_TOKEN, TELEGRAM_CHAT_ID
# Env (always read for context):
# GITHUB_REPOSITORY, GITHUB_RUN_ID, GITHUB_SERVER_URL, GITHUB_SHA, GITHUB_WORKFLOW
set -euo pipefail
DRY_RUN=0
if [ "${1:-}" = "--dry-run" ]; then
DRY_RUN=1
shift
fi
VERB="${1:-}"
STAGE="${2:-}"
EXTRA="${3:-}"
LOG_PATH="${4:-}"
case "$VERB" in
start|ok|fail) ;;
*) echo "usage: $0 [--dry-run] <start|ok|fail> <stage> [<extra-context>]" >&2; exit 2 ;;
esac
[ -n "$STAGE" ] || { echo "usage: $0 [--dry-run] <start|ok|fail> <stage> [<extra-context>]" >&2; exit 2; }
if [ "$DRY_RUN" -eq 0 ]; then
if [ -z "${TELEGRAM_BOT_TOKEN:-}" ] || [ -z "${TELEGRAM_CHAT_ID:-}" ]; then
echo "notify-telegram: TELEGRAM_BOT_TOKEN/TELEGRAM_CHAT_ID unset — skipping" >&2
exit 0
fi
fi
REPO="${GITHUB_REPOSITORY:-unknown/repo}"
RUN_ID="${GITHUB_RUN_ID:-0}"
SERVER="${GITHUB_SERVER_URL:-https://git.gnerim.ru}"
SHA="${GITHUB_SHA:-unknown}"
SHORT_SHA="${SHA:0:7}"
RUN_URL="${SERVER}/${REPO}/actions/runs/${RUN_ID}"
case "$VERB" in
start) ICON="🚀"; HEAD="${ICON} ${STAGE} started" ;;
ok) ICON="✅"; HEAD="${ICON} ${STAGE} passed" ;;
fail) ICON="❌"; HEAD="${ICON} ${STAGE} FAILED${EXTRA:+ at step \"${EXTRA}\"}" ;;
esac
# Body is plain text (no HTML escaping needed for our content).
BODY="${HEAD}
commit: ${SHORT_SHA}
gitea run: ${RUN_URL}"
if [ "$VERB" = "fail" ] && [ -n "$LOG_PATH" ] && [ -f "$LOG_PATH" ]; then
TAIL_LINES=$(tail -n 30 "$LOG_PATH")
TAIL_COUNT=$(printf '%s\n' "$TAIL_LINES" | wc -l | tr -d ' ')
BODY="${BODY}
last ${TAIL_COUNT} lines:
${TAIL_LINES}"
fi
if [ "$DRY_RUN" -eq 1 ]; then
printf '%s\n' "$BODY"
exit 0
fi
# Send via curl. Use --data-urlencode to avoid encoding pitfalls.
curl -fsS -X POST \
"https://api.telegram.org/bot${TELEGRAM_BOT_TOKEN}/sendMessage" \
--data-urlencode "chat_id=${TELEGRAM_CHAT_ID}" \
--data-urlencode "text=${BODY}" \
--data-urlencode "disable_web_page_preview=true" \
>/dev/null
Reference in New Issue View Git Blame Copy Permalink