Allowing CI jobs triggered by ChatOps to respond like a built-in ChatOps command
Currently for all release-related commands, we trigger a pipeline in release-tools
that does the actual work, because that's where that logic currently lives. I think this is a better solution than trying to move all of that into ChatOps itself, especially when we might still need to run these commands as a fallback outside of a chat environment.
The problem is that these triggered jobs can't respond in Slack the way ChatOps can. This creates a disconnect where ChatOps triggers a job, responds "Hey I triggered this job, here's its URL" and it's up to the user to follow that and eventually get the information they actually want, such as the URL of the issue it created.
What we need is a way to pass the slack_token
and the channel
values so that the triggered jobs can post messages to Slack the way ChatOps would. We can't pass them as variables because they'll be exposed in plaintext.
I know Slack provides an ephemeral response_url
value that you can POST
messages to, up to 5 times in 30 minutes. This should get us what we need, but again, this would be passed in plaintext. The ephemeral nature of it makes it slightly less insecure than just giving the token, but it would still be open for potential abuse.
@yorickpeterse Any ideas for this?