Skip to content

Slack notifications for group @-mentions

Alexander Dietrich requested to merge slack-group-mentions into master

What does this MR do and why?

Implements an AppSec request for receiving Slack notifications when their GitLab group is @-mentioned on GitLab.com. This implementation covers issue descriptions, merge request descriptions, and notes on issues or merge requests.

The original feature request was for Slack notifications, but any chat system might potentially be a target (in the future).

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

New Slack notification event types

Screenshot_2023-06-21_at_16.55.01

Slack notification examples

Screenshot_2022-11-16_at_18.08.42

How to set up and validate locally

  1. Enable the group_mentions feature flag.
  2. Create an Incoming Webhook in Slack.
  3. In a GitLab group, open Settings > Integrations > Slack notifications.
  4. Copy the Incoming Webhook URL into the Webhook field, enable Group mention in public/Group mention in private and save.
  5. @-mention the group in issue and merge request descriptions or comments to generate Slack notifications.

DB Migration Output

$ scripts/validate_migration_schema
$ git diff --name-only --diff-filter=A master -- db/migrate db/post_migrate
db/migrate/20230607163100_add_group_mention_events_to_integrations.rb
$ scripts/db_tasks db:migrate:down VERSION=20230607163100
Running: `bundle exec rake db:migrate:down:main VERSION=20230607163100`
main: == [advisory_lock_connection] object_id: 220120, pg_backend_pid: 117
main: == 20230607163100 AddGroupMentionEventsToIntegrations: reverting ==============
main: -- remove_column(:integrations, :group_confidential_mention_events, :boolean, {:null=>false, :default=>false})
main:    -> 0.0016s
main: -- remove_column(:integrations, :group_mention_events, :boolean, {:null=>false, :default=>false})
main:    -> 0.0007s
main: == 20230607163100 AddGroupMentionEventsToIntegrations: reverted (0.0121s) =====
main: == [advisory_lock_connection] object_id: 220120, pg_backend_pid: 117
$ scripts/db_tasks db:schema:dump
Running: `bundle exec rake db:schema:dump:main`
$ git diff master -- db/structure.sql
$ scripts/db_tasks db:migrate
Running: `bundle exec rake db:migrate:main`
main: == [advisory_lock_connection] object_id: 219880, pg_backend_pid: 149
main: == 20230607163100 AddGroupMentionEventsToIntegrations: migrating ==============
main: -- add_column(:integrations, :group_mention_events, :boolean, {:null=>false, :default=>false})
main:    -> 0.0028s
main: -- add_column(:integrations, :group_confidential_mention_events, :boolean, {:null=>false, :default=>false})
main:    -> 0.0011s
main: == 20230607163100 AddGroupMentionEventsToIntegrations: migrated (0.0105s) =====
main: == [advisory_lock_connection] object_id: 219880, pg_backend_pid: 149

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Alexander Dietrich

Merge request reports