Merge pull request #24 from cruxstack/dev

sgtoj · web-flow · commit 6dde43bd3745 · 2025-12-09T11:17:56.000-05:00
feat: add optional footer note for pc compliance
diff --git a/.env.example b/.env.example
@@ -30,6 +30,8 @@ APP_SLACK_CHANNEL=C01234ABCDE
 # APP_SLACK_CHANNEL_PR_BYPASS=C01234ABCDE
 # APP_SLACK_CHANNEL_OKTA_SYNC=C01234ABCDE
 # APP_SLACK_CHANNEL_ORPHANED_USERS=C01234ABCDE
+# optional: custom footer note for PR bypass notifications (supports Slack mrkdwn)
+# APP_SLACK_FOOTER_NOTE_PR_BYPASS=_Please review the <https://example.com/policy|security policy>._
 
 # api gateway base path (optional, for lambda deployments with stage prefix)
 # APP_BASE_PATH=v1
diff --git a/internal/app/app.go b/internal/app/app.go
@@ -72,7 +72,10 @@ func New(ctx context.Context, cfg *config.Config) (*App, error) {
 			OktaSync:      cfg.SlackChannelOktaSync,
 			OrphanedUsers: cfg.SlackChannelOrphanedUsers,
 		}
-		app.Notifier = notifiers.NewSlackNotifierWithAPIURL(cfg.SlackToken, channels, cfg.SlackAPIURL)
+		messages := notifiers.SlackMessages{
+			PRBypassFooterNote: cfg.SlackPRBypassFooterNote,
+		}
+		app.Notifier = notifiers.NewSlackNotifierWithAPIURL(cfg.SlackToken, channels, messages, cfg.SlackAPIURL)
 	}
 
 	return app, nil
diff --git a/internal/config/config.go b/internal/config/config.go
@@ -56,6 +56,7 @@ type Config struct {
 	SlackChannelPRBypass      string
 	SlackChannelOktaSync      string
 	SlackChannelOrphanedUsers string
+	SlackPRBypassFooterNote   string
 	SlackAPIURL               string
 }
 
@@ -179,6 +180,7 @@ func NewConfigWithContext(ctx context.Context) (*Config, error) {
 		SlackChannelPRBypass:      os.Getenv("APP_SLACK_CHANNEL_PR_BYPASS"),
 		SlackChannelOktaSync:      os.Getenv("APP_SLACK_CHANNEL_OKTA_SYNC"),
 		SlackChannelOrphanedUsers: os.Getenv("APP_SLACK_CHANNEL_ORPHANED_USERS"),
+		SlackPRBypassFooterNote:   os.Getenv("APP_SLACK_FOOTER_NOTE_PR_BYPASS"),
 		SlackAPIURL:               os.Getenv("APP_SLACK_API_URL"),
 	}
 
@@ -371,6 +373,7 @@ type RedactedConfig struct {
 	SlackChannelPRBypass      string `json:"slack_channel_pr_bypass"`
 	SlackChannelOktaSync      string `json:"slack_channel_okta_sync"`
 	SlackChannelOrphanedUsers string `json:"slack_channel_orphaned_users"`
+	SlackPRBypassFooterNote   string `json:"slack_pr_bypass_footer_note"`
 	SlackAPIURL               string `json:"slack_api_url"`
 }
 
@@ -426,6 +429,7 @@ func (c *Config) Redacted() RedactedConfig {
 		SlackChannelPRBypass:      c.SlackChannelPRBypass,
 		SlackChannelOktaSync:      c.SlackChannelOktaSync,
 		SlackChannelOrphanedUsers: c.SlackChannelOrphanedUsers,
+		SlackPRBypassFooterNote:   c.SlackPRBypassFooterNote,
 		SlackAPIURL:               c.SlackAPIURL,
 	}
 }
diff --git a/internal/notifiers/slack.go b/internal/notifiers/slack.go
@@ -14,27 +14,35 @@ type SlackChannels struct {
 	OrphanedUsers string
 }
 
+// SlackMessages holds optional custom messages for different notification
+// types. empty values are excluded from the notification.
+type SlackMessages struct {
+	PRBypassFooterNote string
+}
+
 // SlackNotifier sends formatted messages to Slack channels.
 type SlackNotifier struct {
 	client   *slack.Client
 	channels SlackChannels
+	messages SlackMessages
 }
 
 // NewSlackNotifier creates a Slack notifier with default API URL.
-func NewSlackNotifier(token string, channels SlackChannels) *SlackNotifier {
-	return NewSlackNotifierWithAPIURL(token, channels, "")
+func NewSlackNotifier(token string, channels SlackChannels, messages SlackMessages) *SlackNotifier {
+	return NewSlackNotifierWithAPIURL(token, channels, messages, "")
 }
 
 // NewSlackNotifierWithAPIURL creates a Slack notifier with custom API URL.
 // useful for testing with mock servers.
-func NewSlackNotifierWithAPIURL(token string, channels SlackChannels, apiURL string) *SlackNotifier {
+func NewSlackNotifierWithAPIURL(token string, channels SlackChannels, messages SlackMessages, apiURL string) *SlackNotifier {
 	var opts []slack.Option
 	if apiURL != "" {
 		opts = append(opts, slack.OptionAPIURL(apiURL))
 	}
 	return &SlackNotifier{
 		client:   slack.New(token, opts...),
 		channels: channels,
+		messages: messages,
 	}
 }
 
diff --git a/internal/notifiers/slack_messages.go b/internal/notifiers/slack_messages.go
@@ -67,6 +67,13 @@ func (s *SlackNotifier) NotifyPRBypass(ctx context.Context, result *client.PRCom
 		))
 	}
 
+	if s.messages.PRBypassFooterNote != "" {
+		blocks = append(blocks, slack.NewContextBlock(
+			"footer",
+			slack.NewTextBlockObject("mrkdwn", s.messages.PRBypassFooterNote, false, false),
+		))
+	}
+
 	channel := s.channelFor(s.channels.PRBypass)
 	_, _, err := s.client.PostMessageContext(
 		ctx,

Original file line number	Diff line number	Diff line change
`@@ -72,7 +72,10 @@ func New(ctx context.Context, cfg config.Config) (App, error) {`
`72`	`72`	`OktaSync: cfg.SlackChannelOktaSync,`
`73`	`73`	`OrphanedUsers: cfg.SlackChannelOrphanedUsers,`
`74`	`74`	`}`
`75`		`- app.Notifier = notifiers.NewSlackNotifierWithAPIURL(cfg.SlackToken, channels, cfg.SlackAPIURL)`
	`75`	`+ messages := notifiers.SlackMessages{`
	`76`	`+ PRBypassFooterNote: cfg.SlackPRBypassFooterNote,`
	`77`	`+ }`
	`78`	`+ app.Notifier = notifiers.NewSlackNotifierWithAPIURL(cfg.SlackToken, channels, messages, cfg.SlackAPIURL)`
`76`	`79`	`}`
`77`	`80`
`78`	`81`	`return app, nil`
Original file line number	Diff line number	Diff line change
`@@ -56,6 +56,7 @@ type Config struct {`
`56`	`56`	`SlackChannelPRBypass string`
`57`	`57`	`SlackChannelOktaSync string`
`58`	`58`	`SlackChannelOrphanedUsers string`
	`59`	`+ SlackPRBypassFooterNote string`
`59`	`60`	`SlackAPIURL string`
`60`	`61`	`}`
`61`	`62`
`@@ -179,6 +180,7 @@ func NewConfigWithContext(ctx context.Context) (*Config, error) {`
`179`	`180`	`SlackChannelPRBypass: os.Getenv("APP_SLACK_CHANNEL_PR_BYPASS"),`
`180`	`181`	`SlackChannelOktaSync: os.Getenv("APP_SLACK_CHANNEL_OKTA_SYNC"),`
`181`	`182`	`SlackChannelOrphanedUsers: os.Getenv("APP_SLACK_CHANNEL_ORPHANED_USERS"),`
	`183`	`+ SlackPRBypassFooterNote: os.Getenv("APP_SLACK_FOOTER_NOTE_PR_BYPASS"),`
`182`	`184`	`SlackAPIURL: os.Getenv("APP_SLACK_API_URL"),`
`183`	`185`	`}`
`184`	`186`
`@@ -371,6 +373,7 @@ type RedactedConfig struct {`
`371`	`373`	SlackChannelPRBypass string `json:"slack_channel_pr_bypass"`
`372`	`374`	SlackChannelOktaSync string `json:"slack_channel_okta_sync"`
`373`	`375`	SlackChannelOrphanedUsers string `json:"slack_channel_orphaned_users"`
	`376`	+ SlackPRBypassFooterNote string `json:"slack_pr_bypass_footer_note"`
`374`	`377`	SlackAPIURL string `json:"slack_api_url"`
`375`	`378`	`}`
`376`	`379`
`@@ -426,6 +429,7 @@ func (c *Config) Redacted() RedactedConfig {`
`426`	`429`	`SlackChannelPRBypass: c.SlackChannelPRBypass,`
`427`	`430`	`SlackChannelOktaSync: c.SlackChannelOktaSync,`
`428`	`431`	`SlackChannelOrphanedUsers: c.SlackChannelOrphanedUsers,`
	`432`	`+ SlackPRBypassFooterNote: c.SlackPRBypassFooterNote,`
`429`	`433`	`SlackAPIURL: c.SlackAPIURL,`
`430`	`434`	`}`
`431`	`435`	`}`