Skip to content

Update Sentry npm packages (#5302) #1728

Update Sentry npm packages (#5302)

Update Sentry npm packages (#5302) #1728

on:
# We could allow configuring environment here.
workflow_dispatch: {}
push:
branches:
- main
paths:
- ".github/workflows/hash-backend-cd.yml"
- "apps/hash-ai-worker-ts/**"
- "apps/hash-integration-worker/**"
- "apps/hash-graph/**"
- "apps/hash-api/**"
- "apps/hash-external-services/temporal/**"
- "apps/hash-external-services/kratos/**"
- "apps/hash-external-services/hydra/**"
- "libs/@local/**"
- "infra/docker/api/prod/**"
env:
VAULT_ADDR: ${{ secrets.VAULT_ADDR }}
AWS_REGION: ${{ secrets.AWS_REGION }}
AWS_ECR_URL: ${{ secrets.AWS_ECR_URL }}
GH_RUN_ID: ${{ github.run_id }}
HASH_API_RESOURCE_NAME: ${{ secrets.HASH_API_RESOURCE_NAME }}
HASH_GRAPH_RESOURCE_NAME: ${{ secrets.HASH_GRAPH_RESOURCE_NAME }}
HASH_KRATOS_RESOURCE_NAME: ${{ secrets.HASH_KRATOS_RESOURCE_NAME }}
HASH_HYDRA_RESOURCE_NAME: ${{ secrets.HASH_HYDRA_RESOURCE_NAME }}
HASH_TEMPORAL_AI_TS_WORKER_RESOURCE_NAME: h-hash-prod-usea1-temporalworkeraits
HASH_TEMPORAL_INTEGRATION_WORKER_RESOURCE_NAME: h-hash-prod-usea1-temporalworkerintegration
HASH_TEMPORAL_SETUP_RESOURCE_NAME: h-temporal-prod-usea1-setup
HASH_TEMPORAL_MIGRATE_RESOURCE_NAME: h-temporal-prod-usea1-migrate
HASH_TEMPORAL_VERSION: 1.23.1.0
HASH_ECS_CLUSTER_NAME: h-hash-prod-usea1-ecs
HASH_APP_SERVICE_NAME: h-hash-prod-usea1-appsvc
HASH_GRAPH_SERVICE_NAME: h-hash-prod-usea1-graph
HASH_WORKER_SERVICE_NAME: h-hash-prod-usea1-appworker-svc
HASH_TEMPORAL_ECS_CLUSTER_NAME: h-temporal-prod-usea1-ecs
HASH_TEMPORAL_SERVICE_NAME: h-temporal-prod-usea1-svc
name: HASH backend deployment
jobs:
build-graph:
name: Build and push HASH graph image
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read
steps:
- uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
- name: Authenticate Vault
id: secrets
uses: hashicorp/vault-action@d1720f055e0635fd932a1d2a48f87a666a57906c # v3.0.0
with:
exportToken: true
url: ${{ env.VAULT_ADDR }}
method: jwt
role: prod
# Even though it could look like separate calls to fetch the secrets
# the responses here are cached, so we're only issuing a single set of credentials
secrets: |
aws/creds/prod-deploy access_key | AWS_ACCESS_KEY_ID ;
aws/creds/prod-deploy secret_key | AWS_SECRET_ACCESS_KEY ;
aws/creds/prod-deploy security_token | AWS_SESSION_TOKEN
- name: Docker image build through docker-build-push
uses: ./.github/actions/docker-build-push
id: build
with:
SHORTNAME: "graph"
CONTEXT_PATH: ${{ github.workspace }}/
DOCKERFILE_LOCATION: ${{ github.workspace }}/apps/hash-graph/docker/Dockerfile
AWS_ACCESS_KEY_ID: ${{ steps.secrets.outputs.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ steps.secrets.outputs.AWS_SECRET_ACCESS_KEY }}
AWS_SESSION_TOKEN: ${{ steps.secrets.outputs.AWS_SESSION_TOKEN }}
AWS_REGION: ${{ env.AWS_REGION }}
AWS_ECR_URL: ${{ env.AWS_ECR_URL }}
IMAGE_NAME: ${{ env.HASH_GRAPH_RESOURCE_NAME }}
build-api:
name: Build and push HASH api image
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read
steps:
- uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
- name: Authenticate Vault
id: secrets
uses: hashicorp/vault-action@d1720f055e0635fd932a1d2a48f87a666a57906c # v3.0.0
with:
exportToken: true
url: ${{ env.VAULT_ADDR }}
method: jwt
role: prod
# Even though it could look like separate calls to fetch the secrets
# the responses here are cached, so we're only issuing a single set of credentials
secrets: |
aws/creds/prod-deploy access_key | AWS_ACCESS_KEY_ID ;
aws/creds/prod-deploy secret_key | AWS_SECRET_ACCESS_KEY ;
aws/creds/prod-deploy security_token | AWS_SESSION_TOKEN
- name: Docker image build through docker-build-push
uses: ./.github/actions/docker-build-push
id: build
with:
SHORTNAME: "api"
CONTEXT_PATH: ${{ github.workspace }}
DOCKERFILE_LOCATION: ${{ github.workspace }}/infra/docker/api/prod/Dockerfile
AWS_ACCESS_KEY_ID: ${{ steps.secrets.outputs.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ steps.secrets.outputs.AWS_SECRET_ACCESS_KEY }}
AWS_SESSION_TOKEN: ${{ steps.secrets.outputs.AWS_SESSION_TOKEN }}
AWS_REGION: ${{ env.AWS_REGION }}
AWS_ECR_URL: ${{ env.AWS_ECR_URL }}
IMAGE_NAME: ${{ env.HASH_API_RESOURCE_NAME }}
build-kratos:
name: Build and push Kratos image
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read
steps:
- uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
- name: Authenticate Vault
id: secrets
uses: hashicorp/vault-action@d1720f055e0635fd932a1d2a48f87a666a57906c # v3.0.0
with:
exportToken: true
url: ${{ env.VAULT_ADDR }}
method: jwt
role: prod
# Even though it could look like separate calls to fetch the secrets
# the responses here are cached, so we're only issuing a single set of credentials
secrets: |
aws/creds/prod-deploy access_key | AWS_ACCESS_KEY_ID ;
aws/creds/prod-deploy secret_key | AWS_SECRET_ACCESS_KEY ;
aws/creds/prod-deploy security_token | AWS_SESSION_TOKEN
- name: Docker image build through docker-build-push
uses: ./.github/actions/docker-build-push
id: build
with:
SHORTNAME: "kratos"
CONTEXT_PATH: ${{ github.workspace }}/apps/hash-external-services/kratos
DOCKERFILE_LOCATION: ${{ github.workspace }}/apps/hash-external-services/kratos/Dockerfile
AWS_ACCESS_KEY_ID: ${{ steps.secrets.outputs.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ steps.secrets.outputs.AWS_SECRET_ACCESS_KEY }}
AWS_SESSION_TOKEN: ${{ steps.secrets.outputs.AWS_SESSION_TOKEN }}
AWS_REGION: ${{ env.AWS_REGION }}
AWS_ECR_URL: ${{ env.AWS_ECR_URL }}
IMAGE_NAME: ${{ env.HASH_KRATOS_RESOURCE_NAME }}
BUILD_ARGS: |
ENV=prod
API_SECRET=${{ secrets.HASH_KRATOS_API_SECRET }}
build-hydra:
name: Build and push Hydra image
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read
steps:
- uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
- name: Authenticate Vault
id: secrets
uses: hashicorp/vault-action@d1720f055e0635fd932a1d2a48f87a666a57906c # v3.0.0
with:
exportToken: true
url: ${{ env.VAULT_ADDR }}
method: jwt
role: prod
# Even though it could look like separate calls to fetch the secrets
# the responses here are cached, so we're only issuing a single set of credentials
secrets: |
aws/creds/prod-deploy access_key | AWS_ACCESS_KEY_ID ;
aws/creds/prod-deploy secret_key | AWS_SECRET_ACCESS_KEY ;
aws/creds/prod-deploy security_token | AWS_SESSION_TOKEN
- name: Docker image build through docker-build-push
uses: ./.github/actions/docker-build-push
id: build
with:
SHORTNAME: "hydra"
CONTEXT_PATH: ${{ github.workspace }}/apps/hash-external-services/hydra
DOCKERFILE_LOCATION: ${{ github.workspace }}/apps/hash-external-services/hydra/Dockerfile
AWS_ACCESS_KEY_ID: ${{ steps.secrets.outputs.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ steps.secrets.outputs.AWS_SECRET_ACCESS_KEY }}
AWS_SESSION_TOKEN: ${{ steps.secrets.outputs.AWS_SESSION_TOKEN }}
AWS_REGION: ${{ env.AWS_REGION }}
AWS_ECR_URL: ${{ env.AWS_ECR_URL }}
IMAGE_NAME: ${{ env.HASH_HYDRA_RESOURCE_NAME }}
BUILD_ARGS: |
ENV=prod
build-ts-worker:
name: Build and push Temporal TS AI Worker
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read
steps:
- uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
- name: Authenticate Vault
id: secrets
uses: hashicorp/vault-action@d1720f055e0635fd932a1d2a48f87a666a57906c # v3.0.0
with:
exportToken: true
url: ${{ env.VAULT_ADDR }}
method: jwt
role: prod
# Even though it could look like separate calls to fetch the secrets
# the responses here are cached, so we're only issuing a single set of credentials
secrets: |
aws/creds/prod-deploy access_key | AWS_ACCESS_KEY_ID ;
aws/creds/prod-deploy secret_key | AWS_SECRET_ACCESS_KEY ;
aws/creds/prod-deploy security_token | AWS_SESSION_TOKEN
- name: Docker image build through docker-build-push
uses: ./.github/actions/docker-build-push
id: build
with:
SHORTNAME: "temporal-worker-ai-ts"
CONTEXT_PATH: ${{ github.workspace }}
DOCKERFILE_LOCATION: ${{ github.workspace }}/apps/hash-ai-worker-ts/docker/Dockerfile
AWS_ACCESS_KEY_ID: ${{ steps.secrets.outputs.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ steps.secrets.outputs.AWS_SECRET_ACCESS_KEY }}
AWS_SESSION_TOKEN: ${{ steps.secrets.outputs.AWS_SESSION_TOKEN }}
AWS_REGION: ${{ env.AWS_REGION }}
AWS_ECR_URL: ${{ env.AWS_ECR_URL }}
IMAGE_NAME: ${{ env.HASH_TEMPORAL_AI_TS_WORKER_RESOURCE_NAME }}
build-integration-worker:
name: Build and push Temporal integration Worker
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read
steps:
- uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
- name: Authenticate Vault
id: secrets
uses: hashicorp/vault-action@d1720f055e0635fd932a1d2a48f87a666a57906c # v3.0.0
with:
exportToken: true
url: ${{ env.VAULT_ADDR }}
method: jwt
role: prod
# Even though it could look like separate calls to fetch the secrets
# the responses here are cached, so we're only issuing a single set of credentials
secrets: |
aws/creds/prod-deploy access_key | AWS_ACCESS_KEY_ID ;
aws/creds/prod-deploy secret_key | AWS_SECRET_ACCESS_KEY ;
aws/creds/prod-deploy security_token | AWS_SESSION_TOKEN
- name: Docker image build through docker-build-push
uses: ./.github/actions/docker-build-push
id: build
with:
SHORTNAME: "temporal-integration-worker"
CONTEXT_PATH: ${{ github.workspace }}
DOCKERFILE_LOCATION: ${{ github.workspace }}/apps/hash-integration-worker/docker/Dockerfile
AWS_ACCESS_KEY_ID: ${{ steps.secrets.outputs.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ steps.secrets.outputs.AWS_SECRET_ACCESS_KEY }}
AWS_SESSION_TOKEN: ${{ steps.secrets.outputs.AWS_SESSION_TOKEN }}
AWS_REGION: ${{ env.AWS_REGION }}
AWS_ECR_URL: ${{ env.AWS_ECR_URL }}
IMAGE_NAME: ${{ env.HASH_TEMPORAL_INTEGRATION_WORKER_RESOURCE_NAME }}
build-temporal-migrate:
name: Build and push Temporal Migrate image
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read
steps:
- uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
- name: Authenticate Vault
id: secrets
uses: hashicorp/vault-action@d1720f055e0635fd932a1d2a48f87a666a57906c # v3.0.0
with:
exportToken: true
url: ${{ env.VAULT_ADDR }}
method: jwt
role: prod
# Even though it could look like separate calls to fetch the secrets
# the responses here are cached, so we're only issuing a single set of credentials
secrets: |
aws/creds/prod-deploy access_key | AWS_ACCESS_KEY_ID ;
aws/creds/prod-deploy secret_key | AWS_SECRET_ACCESS_KEY ;
aws/creds/prod-deploy security_token | AWS_SESSION_TOKEN
- name: Docker image build through docker-build-push
uses: ./.github/actions/docker-build-push
id: build
with:
SHORTNAME: "temporal-migrate"
CONTEXT_PATH: ${{ github.workspace }}//apps/hash-external-services/temporal
DOCKERFILE_LOCATION: ${{ github.workspace }}/apps/hash-external-services/temporal/migrate.Dockerfile
AWS_ACCESS_KEY_ID: ${{ steps.secrets.outputs.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ steps.secrets.outputs.AWS_SECRET_ACCESS_KEY }}
AWS_SESSION_TOKEN: ${{ steps.secrets.outputs.AWS_SESSION_TOKEN }}
AWS_REGION: ${{ env.AWS_REGION }}
AWS_ECR_URL: ${{ env.AWS_ECR_URL }}
IMAGE_NAME: ${{ env.HASH_TEMPORAL_MIGRATE_RESOURCE_NAME }}
IMAGE_TAG: ${{ env.HASH_TEMPORAL_VERSION }}
BUILD_ARGS: |
TEMPORAL_VERSION=${{ env.HASH_TEMPORAL_VERSION }}
build-temporal-setup:
name: Build and push Temporal Setup image
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read
steps:
- uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
- name: Authenticate Vault
id: secrets
uses: hashicorp/vault-action@d1720f055e0635fd932a1d2a48f87a666a57906c # v3.0.0
with:
exportToken: true
url: ${{ env.VAULT_ADDR }}
method: jwt
role: prod
# Even though it could look like separate calls to fetch the secrets
# the responses here are cached, so we're only issuing a single set of credentials
secrets: |
aws/creds/prod-deploy access_key | AWS_ACCESS_KEY_ID ;
aws/creds/prod-deploy secret_key | AWS_SECRET_ACCESS_KEY ;
aws/creds/prod-deploy security_token | AWS_SESSION_TOKEN
- name: Docker image build through docker-build-push
uses: ./.github/actions/docker-build-push
id: build
with:
SHORTNAME: "temporal-setup"
CONTEXT_PATH: ${{ github.workspace }}//apps/hash-external-services/temporal
DOCKERFILE_LOCATION: ${{ github.workspace }}/apps/hash-external-services/temporal/setup.Dockerfile
AWS_ACCESS_KEY_ID: ${{ steps.secrets.outputs.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ steps.secrets.outputs.AWS_SECRET_ACCESS_KEY }}
AWS_SESSION_TOKEN: ${{ steps.secrets.outputs.AWS_SESSION_TOKEN }}
AWS_REGION: ${{ env.AWS_REGION }}
AWS_ECR_URL: ${{ env.AWS_ECR_URL }}
IMAGE_NAME: ${{ env.HASH_TEMPORAL_SETUP_RESOURCE_NAME }}
IMAGE_TAG: ${{ env.HASH_TEMPORAL_VERSION }}
BUILD_ARGS: |
TEMPORAL_VERSION=${{ env.HASH_TEMPORAL_VERSION }}
deploy-app:
name: Deploy HASH app images
runs-on: ubuntu-latest
needs:
- build-ts-worker
- build-api
- build-kratos
- build-hydra
permissions:
id-token: write
contents: read
steps:
- uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
- name: Authenticate Vault
id: secrets
uses: hashicorp/vault-action@d1720f055e0635fd932a1d2a48f87a666a57906c # v3.0.0
with:
exportToken: true
url: ${{ env.VAULT_ADDR }}
method: jwt
role: prod
# Even though it could look like separate calls to fetch the secrets
# the responses here are cached, so we're only issuing a single set of credentials
secrets: |
aws/creds/prod-deploy access_key | AWS_ACCESS_KEY_ID ;
aws/creds/prod-deploy secret_key | AWS_SECRET_ACCESS_KEY ;
aws/creds/prod-deploy security_token | AWS_SESSION_TOKEN
- uses: ./.github/actions/docker-ecr-login
with:
AWS_ACCESS_KEY_ID: ${{ steps.secrets.outputs.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ steps.secrets.outputs.AWS_SECRET_ACCESS_KEY }}
AWS_SESSION_TOKEN: ${{ steps.secrets.outputs.AWS_SESSION_TOKEN }}
AWS_REGION: ${{ env.AWS_REGION }}
- name: Redeploy HASH backend service
run: |
aws ecs update-service --cluster ${{ env.HASH_ECS_CLUSTER_NAME }} --service ${{ env.HASH_APP_SERVICE_NAME }} --force-new-deployment 1> /dev/null
deploy-graph:
name: Deploy HASH graph images
runs-on: ubuntu-latest
needs:
- build-graph
permissions:
id-token: write
contents: read
steps:
- uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
- name: Authenticate Vault
id: secrets
uses: hashicorp/vault-action@d1720f055e0635fd932a1d2a48f87a666a57906c # v3.0.0
with:
exportToken: true
url: ${{ env.VAULT_ADDR }}
method: jwt
role: prod
# Even though it could look like separate calls to fetch the secrets
# the responses here are cached, so we're only issuing a single set of credentials
secrets: |
aws/creds/prod-deploy access_key | AWS_ACCESS_KEY_ID ;
aws/creds/prod-deploy secret_key | AWS_SECRET_ACCESS_KEY ;
aws/creds/prod-deploy security_token | AWS_SESSION_TOKEN
- uses: ./.github/actions/docker-ecr-login
with:
AWS_ACCESS_KEY_ID: ${{ steps.secrets.outputs.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ steps.secrets.outputs.AWS_SECRET_ACCESS_KEY }}
AWS_SESSION_TOKEN: ${{ steps.secrets.outputs.AWS_SESSION_TOKEN }}
AWS_REGION: ${{ env.AWS_REGION }}
- name: Redeploy HASH graph service
run: |
aws ecs update-service --cluster ${{ env.HASH_ECS_CLUSTER_NAME }} --service ${{ env.HASH_GRAPH_SERVICE_NAME }} --force-new-deployment 1> /dev/null
deploy-workers:
name: Deploy HASH worker images
runs-on: ubuntu-latest
needs:
- build-integration-worker
permissions:
id-token: write
contents: read
steps:
- uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
- name: Authenticate Vault
id: secrets
uses: hashicorp/vault-action@d1720f055e0635fd932a1d2a48f87a666a57906c # v3.0.0
with:
exportToken: true
url: ${{ env.VAULT_ADDR }}
method: jwt
role: prod
# Even though it could look like separate calls to fetch the secrets
# the responses here are cached, so we're only issuing a single set of credentials
secrets: |
aws/creds/prod-deploy access_key | AWS_ACCESS_KEY_ID ;
aws/creds/prod-deploy secret_key | AWS_SECRET_ACCESS_KEY ;
aws/creds/prod-deploy security_token | AWS_SESSION_TOKEN
- uses: ./.github/actions/docker-ecr-login
with:
AWS_ACCESS_KEY_ID: ${{ steps.secrets.outputs.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ steps.secrets.outputs.AWS_SECRET_ACCESS_KEY }}
AWS_SESSION_TOKEN: ${{ steps.secrets.outputs.AWS_SESSION_TOKEN }}
AWS_REGION: ${{ env.AWS_REGION }}
- name: Redeploy HASH worker service
run: |
aws ecs update-service --cluster ${{ env.HASH_ECS_CLUSTER_NAME }} --service ${{ env.HASH_WORKER_SERVICE_NAME }} --force-new-deployment 1> /dev/null
deploy-temporal:
name: Deploy Temporal images
runs-on: ubuntu-latest
needs:
- build-temporal-migrate
- build-temporal-setup
permissions:
id-token: write
contents: read
steps:
- uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
- name: Authenticate Vault
id: secrets
uses: hashicorp/vault-action@d1720f055e0635fd932a1d2a48f87a666a57906c # v3.0.0
with:
exportToken: true
url: ${{ env.VAULT_ADDR }}
method: jwt
role: prod
# Even though it could look like separate calls to fetch the secrets
# the responses here are cached, so we're only issuing a single set of credentials
secrets: |
aws/creds/prod-deploy access_key | AWS_ACCESS_KEY_ID ;
aws/creds/prod-deploy secret_key | AWS_SECRET_ACCESS_KEY ;
aws/creds/prod-deploy security_token | AWS_SESSION_TOKEN
- uses: ./.github/actions/docker-ecr-login
with:
AWS_ACCESS_KEY_ID: ${{ steps.secrets.outputs.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ steps.secrets.outputs.AWS_SECRET_ACCESS_KEY }}
AWS_SESSION_TOKEN: ${{ steps.secrets.outputs.AWS_SESSION_TOKEN }}
AWS_REGION: ${{ env.AWS_REGION }}
- name: Redeploy Temporal service
run: |
aws ecs update-service --cluster ${{ env.HASH_TEMPORAL_ECS_CLUSTER_NAME }} --service ${{ env.HASH_TEMPORAL_SERVICE_NAME }} --force-new-deployment 1> /dev/null
notify-slack:
name: Notify Slack on failure
needs:
- deploy-app
- deploy-graph
- deploy-workers
- deploy-temporal
runs-on: ubuntu-latest
if: ${{ failure() }}
steps:
- name: Slack Notification
uses: rtCamp/action-slack-notify@c318f0a93a2bbf24828a21c271765cb9a5c92727
env:
SLACK_LINK_NAMES: true
SLACK_MESSAGE: "Error deploying the HASH backend <@U0143NL4GMP> <@U02NLJY0FGX>" # Notifies C & T
SLACK_TITLE: Backend deployment failed
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_URL }}
SLACK_USERNAME: GitHub
VAULT_ADDR: ""
VAULT_TOKEN: ""