Skip to content

Commit

Permalink
Update README.md
Browse files Browse the repository at this point in the history
  • Loading branch information
jimmymaise authored Oct 13, 2023
1 parent fa8e7d6 commit 56dd4f7
Showing 1 changed file with 47 additions and 139 deletions.
186 changes: 47 additions & 139 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,176 +1,84 @@
## Introduction
# Slack Bot README

## How to create an internal bot
## Overview

1. Visit: https://api.slack.com/
This document outlines the steps for setting up, deploying, and managing an internal Slack bot. The bot is designed to be hosted on AWS Lambda and works with Google Sheets via a service account. Below you'll find guidelines for local debugging, deploying via Terraform, and incorporating CI/CD through GitHub Actions.

2. Click "Create an app", select from Scratch
## Setting Up the Slack Bot

3. Fill in the request information
1. Make sure we are saving changes as we follow these next steps
### Initial Configuration

4. In 'Basic Information' under 'Settings' we can scroll all the way down to change the bot icon/name/description
1. Navigate to [Slack API Portal](https://api.slack.com/)
2. Click on "Create an app" and choose "From Scratch."
3. Complete the required fields.
- Remember to save your changes regularly.

5. Go to 'OAuth & Permissions' under 'Features'. Then scoll down to the 'Scopes' section and add an OAuth scope for:
### Personalize Your Bot

1. Under 'Settings' → 'Basic Information', you can customize the bot's icon, name, and description.

### Setting Permissions

1. Visit 'Features' → 'OAuth & Permissions'.
2. In the 'Scopes' section, add the following OAuth scopes:
- channels:history
- channels:manage
- channels:read
- chat:write
- chat:write.public
- commands
- groups:history
- groups:read
- im:read
- im:write
- mpim:read
- reactions:read
- team:read
- users:read
- usergroups:read

6. In the same section, we will find a 'Bot User OAuth Access Token'. Copy and use it as `SLACK_BOT_TOKEN` for
environment variable

7. Go to 'Basic Information' under 'Settings', click show next to the 'Signing Secret'. Copy and use it
as `SLACK_SIGNING_SECRET` for environment variable

8. In the same section, click 'Install our app' into the workspace. Allow the requested access.

Assume that we have deployed the bot to the Lambda (Check Deployment stage below) and have
the `permanent address`: https://xyz123.execute-api.us-west-1.amazonaws.com/slack-bot-bip

9. Then go to 'Event Subscriptions' under 'Features'. In the 'Request URL' field type the above address. We should see a
green 'Verified' checkmark above the text-field

10. Check the 'Subscribe to bot events' section below, add some events:
1. message.channels
2. message.groups
3. app_home_opened
4. team_join

11. Go to 'Interactivity & Shortcuts' under 'Features'. In the 'Request URL' field type the above address

12. Go to 'Slash Commands' under 'Features'.Fill in the information:
1. In the 'Command' field type in: "/vacation
2. Continue to the above link for Requests URL
3. Repeat 1&2 with command "/ooo-today"

13. Go to 'App Home' under 'Features'. Enable tabs in Show Tabs
1. Home Tab
2. Message Tab

14. Add the bot to the manager approval channel for posting the message

## Deployment

### Preparation

Enter folder terraform and check variables in variables.tf. Create a secret.tfvars for these variables

`SLACK_SIGNING_SECRET`: Slack signs its requests using this secret that's unique to our app. It has format like
a1bc2345.....
- and others (see original README for complete list)

`SLACK_BOT_TOKEN`: The OAuth token we use to call the Slack API has access to the data on the workspace where it is
installed. It has format like xoxb-123....
3. Retrieve your 'Bot User OAuth Access Token' and set it as an environment variable `SLACK_BOT_TOKEN`.
4. Obtain the 'Signing Secret' from 'Settings' → 'Basic Information', and set it as `SLACK_SIGNING_SECRET`.

`GOOGLE_SERVICE_BASE64_FILE_CONTENT`: The Base64 encoded of the content of Google Service Account Key File (Json File).
As this account needs to access Google sheet, so we must enable the Google Sheets API
Read [this instruction](https://support.google.com/a/answer/7378726?hl=en) to know how to create service account and
enable Google Sheets API. After having the service account, go to key tab and click Add key. A new key file will be
downloaded. Open this file and encode its content as base64
### Installation & Event Configuration

`REGION`: The AWS region
1. Install the bot into your workspace and grant the necessary permissions.
2. Go to 'Features' → 'Event Subscriptions' and set the Request URL to your Lambda URL.
3. Subscribe the bot to events like `message.channels`, `message.groups`, etc.

`DB_SPREADSHEET_ID`: The id of Spreadsheet. It should have some sheets like the samples https://docs.google.com/spreadsheets/d/1QUU0J_LaggqQQHmCFnQfzFXngl9ECqfE96qwwqT2ADM/edit?headers=1#gid=444918440
### Interactivity & Slash Commands

### Deploy steps
1. In 'Features' → 'Interactivity & Shortcuts', set the Request URL to your Lambda URL.
2. Under 'Slash Commands', define commands such as `/vacation` and `/ooo-today`.

1. Install Docker if don't have
### App Home Customization

2. docker pull lambci/lambda:build-python3.8
1. In 'Features' → 'App Home', enable the Home and Message Tabs.
2. Add the bot to the manager approval channel for posting messages.

3. Setup backend bucket
## Deployment with Terraform

1. Add below environment variable to the deployment machine. Replace us-west-2 and leave-management-bimodal depend
on environment you are working for (using us-west-1 and dev-leave-management-bimodal for dev env)
1. export REGION="us-west-2"
2. export S3_BACKEND_BUCKET="leave-management-bimodal"
2. aws s3api create-bucket --bucket "${S3_BACKEND_BUCKET}" --region "${REGION}" --create-bucket-configuration
LocationConstraint="${REGION}"
3. terraform init -backend-config="bucket="${S3_BACKEND_BUCKET}"" -backend-config="region="${REGION}""
### Prerequisites

4. terraform apply --var-file=secret.tfvars
- Set your environment variables as outlined in `variables.tf`.
- Have Docker installed.

5. Get the permanent URL and use it to update slack bot (step 9, 11, 12)
### Steps

## How to run the bot locally for debuging
1. Pull the Docker image: `docker pull lambci/lambda:build-python3.8`.
2. Initialize your Terraform backend and apply the configuration.

1. Run file local_run.py
2. Using application like ngrok to map a localhost address to an internet address
3. Using this internet address to bot configuration (http://abc-..-..-xyz.ngrok.io)
## Local Debugging

## How to use the bot
- Run `local_run.py`.
- Use tools like ngrok for tunneling.

Currently, the bot just support two commands `/vacation` and `/ooo-today`. Let's play with it.
## Bot Commands

## How to setup Github Action
The bot currently supports `/vacation` and `/ooo-today`.

Go to Repo Settings->Secrets->Action and add below secrets (Using repo secret not organization secret)
## GitHub Actions Setup

AWS_ACCESS_KEY_ID
Add the specified secrets under 'Repo Settings' → 'Secrets' → 'Action'.

AWS_REGION
## Create CI User

AWS_SECRET_ACCESS_KEY

TF_VAR_BUILD_IN_DOCKER (value should be false as Github Action runner doesn't have Docker)

TF_VAR_GOOGLE_SERVICE_BASE64_FILE_CONTENT

TF_VAR_LEAVE_REGISTER_SHEET

TF_VAR_MANAGER_LEAVE_APPROVAL_CHANNEL

TF_VAR_OOO_CHANNEL

TF_VAR_S3_BACKEND_BUCKET

TF_VAR_SLACK_BOT_TOKEN

TF_VAR_SLACK_SIGNING_SECRET

TF_VAR_TEAM_SHEET

TF_VAR_TEAM_MEMBER_SHEET

TF_VAR_LEAVE_TYPE_SHEET

TF_VAR_MUST_READ_SHEET

With dev env, we will add the prefix DEV_, Example: TF_VAR_LEAVE_TYPE_SHEET becomes DEV_TF_VAR_LEAVE_TYPE_SHEET

## How to create CI user

1. Cd to folder tf_ci_account
2. Add below environment variable to the deployment machine. Replace us-west-2 and leave-management-bimodal depend on
environment you are working for.
1. export REGION="us-west-2"
2. export S3_BACKEND_BUCKET="leave-management-bimodal"
3. terraform init -backend-config="bucket="
${S3_BACKEND_BUCKET}"" -backend-config="region="${REGION}""
4. terraform apply
5. Run below command to get the secret key (You must have jq)
1. terraform state pull | jq '.resources[] | select(.type == "aws_iam_access_key") | .instances[0]
.attributes.secret'
6. copy aws access key, aws secret key and use them for Github actions
Follow the steps in the original README to create a CI user for deployments.

## Contributing

Pull requests are welcome. For major changes, please open an issue first to discuss what we would like to change.

Please make sure to update tests as appropriate.
Feel free to open pull requests or issues for significant changes. Remember to update the tests accordingly.

## License

[MIT](https://choosealicense.com/licenses/mit/)
Licensed under the [MIT License](https://choosealicense.com/licenses/mit/).

0 comments on commit 56dd4f7

Please sign in to comment.