Administration of Jenkins Slack Trigger
Last updated
Last updated
The Jenkins Slack Trigger is a Slack Application that is installed in the Lion Studios Slack workspace, and it allows slack users to trigger Jenkins builds of their games directly from Slack itself. It has its own Access Control List that determines which Slack users are allowed to invoke it, and which Jenkins projects those Slack Users are allowed to trigger builds for.
The ACL is stored in AWS’s DynamoDB service. Within DynamoDB, there is a Users table, and a Projects table.
The Users table (named “jenkins-build-trigger-users”) contains all of the users that the Slack Trigger knows about, as well as the projects they’re allowed to build, and their user_name (for convenience). The Partition Key (Primary Key) of the table is the user_id column, which contains the Slack member id of the user. When a Slack user triggers a Jenkins build, we receive information about the user, including their slack member id. We look up the user in this table by their member id. If the user doesn’t exist in the table, then that means they don’t have access to trigger any Jenkins builds. Otherwise, users only have the ability to trigger Jenkins builds for projects that are listed in the projects column for their user_id.
The Projects table contains all of the projects that the Jenkins Slack Trigger knows to build. The Partition Key (Primary Key) of the table is project_name, which is a short, simple identifier that resembles the name of the game. The friendly_name is used for display purposes within the Slack Jenkins popup window. The platforms column is a JSON map who’s keys are the specific platform (”ios” or “android”), and the value is the actual Job name that is found inside the Jenkins dashboard. Lastly, the slack_channel column is passed to Jenkins when making the HTTP request as a parameter to the job, so the job knows which channel to post messages/links into.
First, before you can add a new project to the Slack Trigger, the project must already exist inside Jenkins. This usually means having two projects in Jenkins, one for iOS and one for Android. Make a note of the name of the projects.
In the screenshot above, the names that appear in the “Name” column are project names. When Jenkins is called to trigger a build, we pass it the project name so it knows what to build.
Let’s say you have two project names, “SquareBall-iOS” and “SquareBall-Android”, and you want these to be able to be triggered from Slack. You’ll first need to navigate to the DynamoDB table that contains the projects:
Here, click the “Create Item” button found in the top right section of the table.
After clicking “Create Item”, you will be presented with a screen where you can define the item properties.
The only field so far is “project_name”, so for this example, we would enter “squareball” into the field. The label “project_name” is a bit confusing here, but it should be a simple, lowercase string that can quickly and easily identify the game.
Next, click the “Add new attribute” button, and select “String” from the list. A new string field will be added below the “project_name” field. Change the Attribute Name to become “friendly_name”, and for the Attribute Value, enter the human-readable name of the game. For this example, we’ll put in “SquareBall - A Ball, but square!”
Click the “Add new attribute” button again, but this time, select “Map” from the bottom of the list. For the Attribute Name, enter “platforms”. Under the Attribute Value column, click the button that says “Insert a field”, then select “String”. This will create a new String field within the Map field. For the new String field, for the Attribute Name, enter “ios”, and for the Attribute Value, enter the Jenkins Project Name you took note of earlier (the one for iOS).
Next, do the same for Android. Click the “Insert a field” button and select “String”. For the Attribute Name, enter “android”, and for the Attribute Value, enter the name of the Jenkins android project you took note of above.
Lastly, you need to add one more field for the Slack channel that messages and links to the builds should be posted into. At the top right, click the “Add new attribute” button (Not the “Insert a field” button), and select “String”. In the Attribute Name, enter “slack_channel”, and in the Attribute Value, put the name of the slack channel, minus the hash symbol.
Once you’ve entered the slack channel, and your Item looks similar to the one above, it’s time to press “Create Item”. After that, the game should now be buildable from Slack, but most people won’t have access to this game, yet.
To add new Users to the Slack trigger, you’ll first need to navigate to the DynamoDB table that contains all the users and the projects they are able to trigger builds for:
Now, click the “Create Item” button found at the top right section of the table.
After clicking “Create Item”, you will be presented with a screen where you can define the item properties.
The only field so far is “user_id”, which needs to be the “Slack member id” of the Slack user you want to add to the Jenkins Slack Trigger. You can find this member id by going into Slack, clicking into the profile of the user you want to add, click the kebab menu button in the profile, and selecting “Copy member ID”
After clicking “Copy member ID”, paste it into the empty field of the DynamoDB item you’re creating.
Next, we need to define the projects that this user should be able to trigger builds for. Click the button labeled, “Add new attribute”, and select “String Set”.
Under the Attribute Name column where it says “NewValue”, change that to become “projects”. Then, where it says “Empty value”, but the DynamoDB project_name from before (in this example, you would put “squareball”). This is how the two tables are linked together.
If you want this user to be able to build more than just the one game, click “Insert a field”, and add additional project_names of games they should be able to build.
If the user you’re adding needs to be able to build every game, maybe because they work at Lion Studios and are in an administrative role, you can simply have one single project named “all”, and this will give them access to all projects.
Finally, click the “Add new attribute” button and select “String”. In the Attribute Name column, enter “user_name”, and for the Attribute Value, enter their Slack username. This is just for convenience, so whenever we’re looking through this table, we know which user_id belongs to which slack user.
Lastly, click the button labeled “Create Item”. The user has now been added to the Slack Trigger and can now build games from Slack (but only the games you gave them access to).
