update py webhook action to use a channel-specific url; add debug

logging to self-tests

Author: qrkourier

.github/workflows/zhook.yml

@@ -20,32 +20,40 @@ jobs:
     runs-on: ubuntu-latest
     name: POST Webhook
     steps:
-      - uses: actions/checkout@v4
-      - name: run hook directly
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Run Python Script Directly
         if: |
-          github.repository_owner == 'openziti'
+          github.repository_owner == 'qrkourier'
           && ((github.event_name != 'pull_request_review')
           || (github.event_name == 'pull_request_review' && github.event.review.state == 'approved'))
         env:
           INPUT_ZITIID: ${{ secrets.ZITI_MATTERMOST_IDENTITY }}
-          INPUT_WEBHOOKURL: ${{ secrets.ZHOOK_URL }}
+          INPUT_WEBHOOKURL: ${{ secrets.ZHOOK_URL_DEV_NOTIFICATIONS }}
           INPUT_EVENTJSON: ${{ toJson(github.event) }}
           INPUT_SENDERUSERNAME: GitHubZ
           INPUT_DESTCHANNEL: dev-notifications
           INPUT_SENDERICONURL: https://github.com/fluidicon.png
+          ZITI_LOG: 6
+          TLSUV_DEBUG: 6
+        shell: bash
         run: |
-          pip install --upgrade requests openziti
+          set -o pipefail
+          set -o xtrace
+          pip install --user --upgrade requests openziti==1.2.0
+          echo "DEBUG: PYTHONPATH=${PYTHONPATH:-}"
           python ./zhook.py
-          
-      - uses: ./  # use self to bring the pain forward
-        name: run action
+
+      - uses: ./
+        name: Run as a GH Action from the Local Checkout
         if: |
-          github.repository_owner == 'openziti'
+          github.repository_owner == 'qrkourier'
           && ((github.event_name != 'pull_request_review')
           || (github.event_name == 'pull_request_review' && github.event.review.state == 'approved'))
         with:
           zitiId: ${{ secrets.ZITI_MATTERMOST_IDENTITY }}
-          webhookUrl: ${{ secrets.ZHOOK_URL }}
+          webhookUrl: ${{ secrets.ZHOOK_URL_DEV_NOTIFICATIONS }}
           eventJson: ${{ toJson(github.event) }}
-          senderUsername: "GitHubZ"
-          destChannel: "dev-notifications"
+          senderUsername: GitHubZ
+          destChannel: dev-notifications

Dockerfile

@@ -1,6 +1,6 @@
 FROM python:3-slim AS builder
 
-RUN pip install --target=/app requests openziti
+RUN pip install --target=/app requests openziti==1.2.0
 
 # https://github.com/GoogleContainerTools/distroless
 FROM gcr.io/distroless/python3-debian12

action.yml

@@ -1,30 +1,30 @@
-name: 'Ziti Mattermost Action - Python'
-description: 'POST to Mattermost Webhook endpoint over a Ziti network'
+name: Ziti Mattermost Action - Python
+description: POST to Mattermost Webhook endpoint over a Ziti network
 branding:
-  icon: 'zap'  
-  color: 'red'
+  icon: zap
+  color: red
 inputs:
   zitiId:
-    description: 'Identity JSON for an enrolled Ziti endpoint'
+    description: Identity JSON for an enrolled Ziti endpoint
     required: true
   webhookUrl:
-    description: 'URL for posting the payload'
+    description: URL for posting the payload
     required: true
   eventJson:
-    description: 'GitHub event JSON (github.event)'
+    description: GitHub event JSON (github.event)
     required: true
   senderUsername:
-    description: 'Mattermost username'
+    description: Mattermost username
     required: false
-    default: "GithubZ"
+    default: GithubZ
   senderIconUrl:
-    description: 'Mattermost user icon URL'
+    description: Mattermost user icon URL
     required: false
-    default: "https://github.com/fluidicon.png"
+    default: https://github.com/fluidicon.png
   destChannel:
-    description: 'Mattermost channel'
+    description: Mattermost channel
     required: false
-    default: "dev-notifications"
+    default: dev-notifications
 runs:
-  using: "docker"
-  image: "Dockerfile"
+  using: docker
+  image: Dockerfile

zhook.py

@@ -74,7 +74,7 @@ def __init__(self, username, icon, channel, eventName, eventJsonStr, actionRepo)
     elif eventName == "repository_dispatch":
       event_type = self.eventJson.get("action", None)
       if event_type == "ziti_release":
-        self.addFipsReleaseDetails()
+        self.addFipsPreReleaseDetails()
       elif event_type == "ziti_promote_stable":
         self.addFipsPromoteStableDetails()
       else:
@@ -283,16 +283,16 @@ def addReleaseDetails(self):
 
     self.attachment["text"] = bodyText
 
-  def addFipsReleaseDetails(self):
+  def addFipsPreReleaseDetails(self):
     # Pre-release announcement (ziti_release)
     payload = self.eventJson.get("client_payload", {})
     version = payload.get("version")
     if not version:
         self.attachment["text"] = "[ziti-fips] Pre-release published, but version not found in event."
         return
     repo = self.repoJson["full_name"]
-    release_url = f"https://github.com/{repo}/releases/tag/{version}"
-    self.body["text"] = f"FIPS Pre-release published by [{repo}](https://github.com/{repo})"
+    release_url = f"https://github.com/{repo}/releases/tag/v{version}"
+    self.body["text"] = f"FIPS Pre-release published in [{repo}](https://github.com/{repo})"
     self.attachment["color"] = self.releaseColor
     self.attachment["thumb_url"] = self.fipsReleaseThumbnail
     self.attachment["text"] = f"FIPS Pre-release [{version}]({release_url}) is now available."
@@ -305,7 +305,7 @@ def addFipsPromoteStableDetails(self):
         self.attachment["text"] = "[ziti-fips] Stable promotion, but version not found in event."
         return
     repo = self.repoJson["full_name"]
-    release_url = f"https://github.com/{repo}/releases/tag/{version}"
+    release_url = f"https://github.com/{repo}/releases/tag/v{version}"
     self.body["text"] = f"FIPS Release promoted to stable in [{repo}](https://github.com/{repo})"
     self.attachment["color"] = self.releaseColor
     self.attachment["thumb_url"] = self.fipsReleaseThumbnail
@@ -414,10 +414,55 @@ def dumpJson(self):
     print("ERROR: no Ziti identity provided, set INPUT_ZITIID or INPUT_ZITIJWT")
     exit(1)
 
+  def generate_json_schema(obj, max_depth=10, current_depth=0):
+    """Generate a schema representation of a JSON object by inferring types from values."""
+    if current_depth >= max_depth:
+      return "<max_depth_reached>"
+
+    if obj is None:
+      return "null"
+    elif isinstance(obj, bool):
+      return "boolean"
+    elif isinstance(obj, int):
+      return "integer"
+    elif isinstance(obj, float):
+      return "number"
+    elif isinstance(obj, str):
+      return "string"
+    elif isinstance(obj, list):
+      if len(obj) == 0:
+        return "array[]"
+      # Get schema of first element as representative
+      element_schema = generate_json_schema(obj[0], max_depth, current_depth + 1)
+      return f"array[{element_schema}]"
+    elif isinstance(obj, dict):
+      schema = {}
+      for key, value in obj.items():
+        schema[key] = generate_json_schema(value, max_depth, current_depth + 1)
+      return schema
+    else:
+      return f"unknown_type({type(obj).__name__})"
+
+  # Validate zitiId as JSON
+  try:
+    zitiIdJson = json.loads(zitiId)
+  except Exception as e:
+    print(f"ERROR: zitiId is not valid JSON: {e}")
+    print(f"zitiId content: {zitiId}")
+    exit(1)
+
   idFilename = "id.json"
   with open(idFilename, 'w') as f:
     f.write(zitiId)
+
+  # Load the identity file after it's been written and closed
+  try:
     openziti.load(idFilename)
+  except Exception as e:
+    print(f"ERROR: Failed to load Ziti identity: {e}")
+    schema = generate_json_schema(zitiIdJson)
+    print(f"DEBUG: zitiId schema for troubleshooting: {json.dumps(schema, indent=2)}")
+    raise e
 
   # Create webhook body
   try: