[NOTIFY] Include SAS token in Teams notifications

* Since now the links available in the notification message displayed in Teams channel with the link, changelog and job results report were broken for software artifacts in private container. * Introducing the creation of read-only SAS token with 6-months expiration policy also for reports. * Fix in deploy stage for software artifact URL generation in case of public containers.

[NOTIFY] Include SAS token in Teams notifications
* Since now the links available in the notification message displayed in Teams channel with the link, changelog and job results report were broken for software artifacts in private container. * Introducing the creation of read-only SAS token with 6-months expiration policy also for reports. * Fix in deploy stage for software artifact URL generation in case of public containers.
68ca4c93 · Lorenzo Pagliai · f9a26792 · 68ca4c93
Commit 68ca4c93 authored 10 months ago by Lorenzo Pagliai
--- a/scripts/notify_message.sh
+++ b/scripts/notify_message.sh
@@ -35,15 +35,55 @@ az storage blob upload --account-name $AZURE_STORAGE_ACCOUNT \
    --overwrite

 cp .gitlab-ci/notification.json .
-job_report="$(az storage blob url --container-name $AZURE_CONTAINER_NAME --name ${AZURE_PATH}/Job_report_edgehog_${TAG_NAME}.txt)"
+
+case "$AZURE_CONTAINER_NAME" in 
+    *"private"*)
+      # Get the current year and month
+      current_year=$(date -u '+%Y')
+      current_month=$(date -u '+%m')
+      
+      # Calculate the token expiration month and year
+      future_month=$(( (current_month + 6) % 12 ))
+      future_year=$(( current_year + (current_month + 6) / 12 ))
+      
+      # Adjust the year if the future month is 0
+      if [ $future_month -eq 0 ]; then
+          future_month=12
+          future_year=$(( future_year - 1 ))
+      fi
+          
+      # Format the expiration date
+      expire_date="${future_year}-${future_month}-01T00:00Z"
+
+      # Get read-only blob SAS tokens
+      sas_job_report=$(az storage blob generate-sas --account-key $AZURE_STORAGE_KEY --container-name $AZURE_CONTAINER_NAME --name ${AZURE_PATH}/Job_report_edgehog_${TAG_NAME}.txt --permissions r --expiry "$expire_date" --output tsv)
+      sas_link_report=$(az storage blob generate-sas --account-key $AZURE_STORAGE_KEY --container-name $AZURE_CONTAINER_NAME --name ${AZURE_PATH}/Link_report_edgehog_${TAG_NAME}.txt --permissions r --expiry "$expire_date" --output tsv)
+      sas_changelog_report=$(az storage blob generate-sas --account-key $AZURE_STORAGE_KEY --container-name $AZURE_CONTAINER_NAME --name ${AZURE_PATH}/Changelog_edgehog_${TAG_NAME}.md --permissions r --expiry "$expire_date" --output tsv)
+
+      # Get URLs without SAS container token, which shall be replaced with the blob one
+      job_report=$(az storage blob url --container-name $AZURE_CONTAINER_NAME --name ${AZURE_PATH}/Job_report_edgehog_${TAG_NAME}.txt --output tsv | sed -E 's/\?s.*//')
+      link_report=$(az storage blob url --container-name $AZURE_CONTAINER_NAME --name ${AZURE_PATH}/Link_report_edgehog_${TAG_NAME}.txt --output tsv | sed -E 's/\?s.*//')
+      changelog_report=$(az storage blob url --container-name $AZURE_CONTAINER_NAME --name ${AZURE_PATH}/Changelog_edgehog_${TAG_NAME}.md --output tsv | sed -E 's/\?s.*//')
+
+      #Construct final URLs
+      job_report="$job_report?$sas_job_report"
+      link_report="$link_report?$sas_link_report"
+      changelog_report="$changelog_report?$sas_changelog_report"
+      ;;
+    *)
+      # Get URLs without SAS container token
+      job_report=$(az storage blob url --container-name $AZURE_CONTAINER_NAME --name ${AZURE_PATH}/Job_report_edgehog_${TAG_NAME}.txt --output tsv | sed -E 's/\?s.*//')
+      link_report=$(az storage blob url --container-name $AZURE_CONTAINER_NAME --name ${AZURE_PATH}/Link_report_edgehog_${TAG_NAME}.txt --output tsv | sed -E 's/\?s.*//')
+      changelog_report=$(az storage blob url --container-name $AZURE_CONTAINER_NAME --name ${AZURE_PATH}/Changelog_edgehog_${TAG_NAME}.md --output tsv | sed -E 's/\?s.*//')
+      ;;
+esac
+
 job_report="$(echo $job_report | sed -E 's/\s.*$//')"
 jq --arg job_var $job_report '.potentialAction[0].targets[0].uri = $job_var' notification.json >notification_1.json

-link_report="$(az storage blob url --container-name $AZURE_CONTAINER_NAME --name ${AZURE_PATH}/Link_report_edgehog_${TAG_NAME}.txt)"
 link_report="$(echo $link_report | sed -E 's/\s.*$//')"
 jq --arg link_var $link_report '.potentialAction[1].targets[0].uri = $link_var' notification_1.json >notification_2.json

-changelog_report="$(az storage blob url --container-name $AZURE_CONTAINER_NAME --name ${AZURE_PATH}/Changelog_edgehog_${TAG_NAME}.md)"
 changelog_report="$(echo $changelog_report | sed -E 's/\s.*$//')"
 jq --arg changelog_var $changelog_report '.potentialAction[2].targets[0].uri = $changelog_var' notification_2.json >notification_3.json
 sed -i -E 's/\\"//g' notification_3.json
@@ -56,4 +96,4 @@ curl -X POST -H "Content-Type: application/json" --data @notification_4.json $WE
 cp Link_report_edgehog_${TAG_NAME}.txt Link_report.txt
 sed -i 's/\"//g' Link_report.txt

-echo "${changelog_report#?}" | cut -f1 -d"?" >changelog_link.txt
+echo "$changelog_report" >changelog_link.txt