Add send-system-notification callable workflow (#812)

- Add callable workflow send-system-notification.yml
- Add project-config/system-notifications.tf configuration for defining
channel

.github/workflows/send-system-notification.yml

@@ -0,0 +1,65 @@
+name: "Send system notification"
+
+on:
+  workflow_dispatch:
+    inputs:
+      channel:
+        description: "Name of channel to use. Must be defined in /infra/project-config/system-notifications.tf"
+        required: true
+        type: string
+      message:
+        description: "Message to send"
+        required: true
+        type: string
+  workflow_call:
+    inputs:
+      channel:
+        description: "Name of channel to use. Must be defined in /infra/project-config"
+        required: true
+        type: string
+      message:
+        description: "Message to send"
+        required: true
+        type: string
+
+jobs:
+  notify:
+    name: Notify
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Get channel configuration
+        id: get-channel-type
+        run: |
+          echo "Get channel type for channel=${{ inputs.channel }}"
+
+          terraform -chdir="infra/project-config" init > /dev/null
+          terraform -chdir="infra/project-config" apply -auto-approve > /dev/null
+
+          channel_config="$(terraform -chdir="infra/project-config" output -json system_notifications_config | jq -r '.channels."${{ inputs.channel }}"')"
+
+          channel_type="$(echo "${channel_config}" | jq -r ".type")"
+          echo "Channel type: ${channel_type}"
+          echo "channel_type=${channel_type}" >> "$GITHUB_OUTPUT"
+
+          if [[ "${channel_type}" == "slack" ]]; then
+            channel_id_secret_name="$(echo "${channel_config}" | jq -r ".channel_id_secret_name")"
+            echo "Channel ID secret name: ${channel_id_secret_name}"
+            echo "CHANNEL_ID_SECRET_NAME=${channel_id_secret_name}" >> "$GITHUB_ENV"
+
+            slack_token_secret_name="$(echo "${channel_config}" | jq -r ".slack_token_secret_name")"
+            echo "Slack token secret name: ${slack_token_secret_name}"
+            echo "SLACK_TOKEN_SECRET_NAME=${slack_token_secret_name}" >> "$GITHUB_ENV"
+          fi
+        shell: bash
+
+      - name: Send Slack message
+        if: ${{ steps.get-channel-type.outputs.channel_type == 'slack' }}
+        uses: slackapi/[email protected]
+        with:
+          method: chat.postMessage
+          token: ${{ secrets[env.SLACK_TOKEN_SECRET_NAME] }}
+          payload: |
+            channel: ${{ secrets[env.CHANNEL_ID_SECRET_NAME] }}
+            text: ${{ inputs.message }}

infra/project-config/outputs.tf

@@ -46,3 +46,7 @@ output "owner" {
 output "project_name" {
   value = local.project_name
 }
+
+output "system_notifications_config" {
+  value = local.system_notifications_config
+}

infra/project-config/system-notifications.tf

@@ -0,0 +1,17 @@
+locals {
+  topics = {
+    "workflows" = {
+    }
+  }
+
+  system_notifications_config = {
+    channels = {
+      workflow-failures = {
+        "type" = "slack" # or "teams"
+        # Name of the secret in GitHub
+        "channel_id_secret_name"  = "SYSTEM_NOTIFICATIONS_SLACK_CHANNEL_ID"
+        "slack_token_secret_name" = "SYSTEM_NOTIFICATIONS_SLACK_BOT_TOKEN"
+      }
+    }
+  }
+}