Prep for OSS release! (#1)

OSS release for Metaflowbot


Co-authored-by: Savin <[email protected]>

.github/workflows/docker_publish.yml

@@ -0,0 +1,37 @@
+name: Docker Image CI
+on:
+  release:
+    types : [published]
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v2
+    - name: Docker meta
+      id: meta
+      uses: docker/metadata-action@v3
+      with:
+        images: |
+          outerbounds/metaflowbot
+        tags: |
+          type=ref,event=branch
+          type=ref,event=pr
+          type=semver,pattern={{version}}
+          type=semver,pattern={{major}}.{{minor}}
+          type=sha
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v1
+    - name: Login to DockerHub
+      if: github.event_name != 'pull_request'
+      uses: docker/login-action@v1 
+      with:
+        username: ${{ secrets.DOCKER_USERNAME }}
+        password: ${{ secrets.DOCKER_ACCESS_TOKEN }}
+    - name: Build and push
+      uses: docker/build-push-action@v2
+      with:
+        context: .
+        push: ${{ github.event_name != 'pull_request' }}
+        tags: ${{ steps.meta.outputs.tags }}
+        labels: ${{ steps.meta.outputs.labels }}

.github/workflows/pypi_publish.yml

@@ -0,0 +1,27 @@
+name: Publish PyPi
+on:
+  release:
+    types: [published]
+jobs:
+  publish:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+    - name: Set up Python 3.7.x
+      uses: actions/setup-python@v1
+      with:
+        python-version: '3.7.x'
+    - name: Install Python 3.7.x dependencies
+      run: |
+        python3 -m pip install --upgrade pip
+        pip3 install setuptools wheel twine
+    - name: Build package
+      run: |
+        python3 setup.py sdist bdist_wheel --universal
+    - name: Publish package
+      uses: pypa/gh-action-pypi-publish@release/v1
+      with:
+        user: __token__
+        password: ${{ secrets.PYPI_PASSWORD }}
+        verbose: true
+

Dockerfile

@@ -2,5 +2,5 @@
 FROM python:3.7.2
 ADD . /metaflowbot
 RUN pip3 install /metaflowbot/.
-RUN pip3 install git+https://github.com/outerbounds/metaflowbot-jokes-action
+RUN pip3 install metaflowbot-actions-jokes
 CMD python3 -m metaflowbot --slack-bot-token $(echo $SLACK_BOT_TOKEN) server --admin $(echo $ADMIN_USER_ADDRESS)

LICENSE

@@ -186,7 +186,7 @@
       same "printed page" as the copyright notice for easier
       identification within third-party archives.
 
-   Copyright [yyyy] [name of copyright owner]
+   Copyright 2021 Netflix, Inc., Step Computing, Inc
 
    Licensed under the Apache License, Version 2.0 (the "License");
    you may not use this file except in compliance with the License.

README.md

@@ -1,14 +1,20 @@
-# Metaflow Bot
+# Metaflowbot - Slack Bot for your Metaflow flows!
 
-## Documentation
-Thorough Documentation is present in the [Documentation folder](./docs)
-## Bot Commands
+Metaflowbot makes it fun and easy to monitor your Metaflow runs, past and present. Imagine starting a training run that lasts for hours - you can now monitor it anywhere using Slack on your mobile device!
 
-- `@flowey help` | `@flowey hi` : Help
+![2021-08-09 15 57 31](https://user-images.githubusercontent.com/763451/128784858-d9e37401-05de-4d02-82c5-29444ab4e1b3.gif)
+
+The bot is [easy to deploy](./docs/deployment.md): It is just a Python process with few external dependencies - no databases needed. Its [security footprint is small](./docs/slack-scopes.md) as it uses only a tightly scoped set of Slack calls. During development you can run the bot on any workstation, so it is quick to [iterate on custom actions](./docs/creating-custom-actions.md) and extend it to suit your needs. For production deployments the bot ships with a [CloudFormation template](./deployment/mfbot-cfn-template.yml) for automating your deployments to AWS.
+
+## Communicating with the bot
+
+There are two ways interact with the Metaflow bot. You can invite the bot on a `channel` or directly speak to it via `direct message`.
+
+- `@flowey help` : Help
 
 - `@flowey tell me a joke`
 
-- `@flowey inspect` | `@flowey how to inspect` : How to inspect
+- `@flowey how to inspect` : How to inspect
 
 - `@flowey inspect HelloFlow` : Inspect `Run`s of a particular `Flow`
 
@@ -20,34 +26,7 @@ Thorough Documentation is present in the [Documentation folder](./docs)
 
 - `@flowey inspect the latest run of HelloFlow` : Inspect an individual `Run` instance
 
-- `@flowey inspect dberg's latest run of HelloFlow` : Inspect an individual `Run` instance
-
-
-## Communicating with the bot
-
-There are two places to interact with Metaflowbot : on a `channel` or via `direct message`. But for either places, the following is the general behavior of the bot:
-
-> *When a user messages the bot, the bot will open a new message thread and will engage with the user on the same thread. The user can open multiple threads with the bot. Each thread is an independent discussion*
-
-The following are interaction/UX restrictions based on where the user is conversing with the Metaflow bot.
-### Communicating with the bot on a channel
-
-As the current [manifest.yml](./manifest.yml) only supports `app_mention` and `message.im` events. This means that when users want to talk to the bot on a channel, then they need to specifically need to mention `@flowey` or `@custombotname` to talk to the bot. We don't listen to messages on channels only `app_mentions`.
-
-### Communicating with the bot through direct messages
-
-Users can message the bot without `@` mentions via direct messages. The bot will support the same command list.
-
-## References:
+- `@flowey inspect savin's latest run of HelloFlow` : Inspect an individual `Run` instance
 
-- [Slack Permission Scopes](https://api.slack.com/scopes)
-- [Slack Events](https://api.slack.com/events)
-- [Slack Socket Mode](https://slack.dev/python-slack-sdk/socket-mode/index.html#socketmodeclient)
-- [How to make threads in slack via python API](https://slack.dev/python-slack-sdk/web/index.html)
 
-## PRE OSS Release TODOS
-- [ ] Create Deployment on cloudformation 
-    - [ ] Check Auth of the deployed template.
-    - [ ] Deploy on ECS as a Fargate task 
-- [X] Deploy on Heroku with New OSS Code.
-- [ ] Document the Rule data structure
+If you require some customization for your deployment or need additional help, please feel free to reach out to us at http://slack.outerbounds.co. We are very happy to help!

deployment/mfbot-cfn-template.yml

@@ -0,0 +1,246 @@
+Description: Cloudformation Stack for Deploying Metaflowbot
+Parameters:
+  AdminEmailAddress:
+    Description: Email address of the admin user in the slack workspace
+    Type: String
+  MetadataServiceAuthParameterKey:
+    Default: METADATASERVICE_AUTH_KEY
+    Description: Key for Metadata service auth parameter in Secrets Manager.
+    Type: String
+  MetadataServiceUrl:
+    Description: URL of the metadata service
+    Type: String
+  MetaflowDatastoreSysrootS3:
+    Description: 'Amazon S3 URL for Metaflow DataStore '
+    Type: String
+  MetaflowbotSecretsManagerARN:
+    Description: ARN of the secret holding Metaflowbot credentials in Secrets Manager
+    Type: String
+  SlackAppTokenParameterKey:
+    Default: SLACK_APP_TOKEN_KEY
+    Description: Key for SLACK_APP_TOKEN parameter in Secrets Manager.
+    Type: String
+  SlackBotTokenParameterKey:
+    Default: SLACK_BOT_TOKEN_KEY
+    Description: Key for SLACK_BOT_TOKEN parameter in Secrets Manager.
+    Type: String
+Resources:
+  EcsClusterRole:
+    Properties:
+      AssumeRolePolicyDocument:
+        Statement:
+          - Action: sts:AssumeRole
+            Effect: Allow
+            Principal:
+              Service: ecs-tasks.amazonaws.com
+        Version: '2012-10-17'
+      ManagedPolicyArns:
+        - arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforSSM
+      Path: /
+    Type: AWS::IAM::Role
+  EcsTaskRole:
+    Properties:
+      AssumeRolePolicyDocument:
+        Statement:
+          - Action: sts:AssumeRole
+            Effect: Allow
+            Principal:
+              Service: ecs-tasks.amazonaws.com
+        Version: '2012-10-17'
+      Path: /
+    Type: AWS::IAM::Role
+  InternetGatewayAttachment:
+    Properties:
+      InternetGatewayId: !Ref 'MetaflowbotInternetGateway'
+      VpcId: !Ref 'MetaflowbotPublicVpc'
+    Type: AWS::EC2::VPCGatewayAttachment
+  MetaflowbotCluster:
+    Type: AWS::ECS::Cluster
+  MetaflowbotDeployment:
+    Properties:
+      Cluster: !Ref 'MetaflowbotCluster'
+      DesiredCount: 1
+      LaunchType: FARGATE
+      NetworkConfiguration:
+        AwsvpcConfiguration:
+          AssignPublicIp: ENABLED
+          SecurityGroups:
+            - !Ref 'MetaflowbotSecurityGroup'
+          Subnets:
+            - !Ref 'MetaflowbotDeploymentSubnet'
+      TaskDefinition: !Ref 'MetaflowbotTaskDefinition'
+    Type: AWS::ECS::Service
+  MetaflowbotDeploymentSubnet:
+    Properties:
+      AvailabilityZone: !Select
+        - 0
+        - !GetAZs
+          Ref: AWS::Region
+      CidrBlock: 10.0.0.0/24
+      MapPublicIpOnLaunch: true
+      VpcId: !Ref 'MetaflowbotPublicVpc'
+    Type: AWS::EC2::Subnet
+  MetaflowbotInternetGateway:
+    Type: AWS::EC2::InternetGateway
+  MetaflowbotLogGroup:
+    Properties:
+      LogGroupName: !Join
+        - ''
+        - - /ecs/
+          - !Ref 'AWS::StackName'
+          - -metaflowbot
+    Type: AWS::Logs::LogGroup
+  MetaflowbotPublicVpc:
+    Properties:
+      CidrBlock: 10.0.0.0/16
+    Type: AWS::EC2::VPC
+  MetaflowbotSecretAccess:
+    Properties:
+      PolicyDocument:
+        Statement:
+          - Action:
+              - secretsmanager:GetSecretValue
+            Effect: Allow
+            Resource:
+              - !Ref 'MetaflowbotSecretsManagerARN'
+            Sid: S3GetObject
+        Version: '2012-10-17'
+      PolicyName: Metaflowbot
+      Roles:
+        - !Ref 'EcsClusterRole'
+    Type: AWS::IAM::Policy
+  MetaflowbotSecurityGroup:
+    Properties:
+      GroupDescription: Allow All In and outbound traffic
+      SecurityGroupEgress:
+        - CidrIp: '0.0.0.0/0'
+          FromPort: 0
+          IpProtocol: tcp
+          ToPort: 65534
+      VpcId: !Ref 'MetaflowbotPublicVpc'
+    Type: AWS::EC2::SecurityGroup
+  MetaflowbotTaskDefinition:
+    Properties:
+      ContainerDefinitions:
+        - Environment:
+            - Name: ADMIN_USER_ADDRESS
+              Value: !Ref 'AdminEmailAddress'
+            - Name: USERNAME
+              Value: slackbot
+            - Name: METAFLOW_SERVICE_URL
+              Value: !Ref 'MetadataServiceUrl'
+            - Name: METAFLOW_DATASTORE_SYSROOT_S3
+              Value: !Ref 'MetaflowDatastoreSysrootS3'
+            - Name: METAFLOW_DEFAULT_DATASTORE
+              Value: s3
+            - Name: METAFLOW_DEFAULT_METADATA
+              Value: service
+          Essential: true
+          Image: outerbounds/metaflowbot
+          LogConfiguration:
+            LogDriver: awslogs
+            Options:
+              awslogs-group: !Join
+                - ''
+                - - /ecs/
+                  - !Ref 'AWS::StackName'
+                  - -metaflowbot
+              awslogs-region: !Ref 'AWS::Region'
+              awslogs-stream-prefix: ecs
+          Name: metaflowbot
+          Secrets:
+            - Name: METAFLOW_SERVICE_AUTH_KEY
+              ValueFrom: !Join
+                - ''
+                - - !Ref 'MetaflowbotSecretsManagerARN'
+                  - ':'
+                  - !Ref 'MetadataServiceAuthParameterKey'
+                  - '::'
+            - Name: SLACK_APP_TOKEN
+              ValueFrom: !Join
+                - ''
+                - - !Ref 'MetaflowbotSecretsManagerARN'
+                  - ':'
+                  - !Ref 'SlackAppTokenParameterKey'
+                  - '::'
+            - Name: SLACK_BOT_TOKEN
+              ValueFrom: !Join
+                - ''
+                - - !Ref 'MetaflowbotSecretsManagerARN'
+                  - ':'
+                  - !Ref 'SlackBotTokenParameterKey'
+                  - '::'
+      Cpu: '4096'
+      ExecutionRoleArn: !GetAtt 'EcsClusterRole.Arn'
+      Memory: '8192'
+      NetworkMode: awsvpc
+      RequiresCompatibilities:
+        - FARGATE
+      TaskRoleArn: !GetAtt 'EcsTaskRole.Arn'
+    Type: AWS::ECS::TaskDefinition
+  PolicyEcr:
+    Properties:
+      PolicyDocument:
+        Statement:
+          - Action:
+              - ecr:GetAuthorizationToken
+            Effect: Allow
+            Resource:
+              - '*'
+          - Action:
+              - ecr:GetDownloadUrlForLayer
+              - ecr:BatchGetImage
+              - ecr:BatchCheckLayerAvailability
+              - logs:CreateLogStream
+              - logs:PutLogEvents
+            Effect: Allow
+            Resource:
+              - '*'
+            Sid: AllowPull
+        Version: '2012-10-17'
+      PolicyName: MetaflowbotEcrPolicy
+      Roles:
+        - !Ref 'EcsClusterRole'
+    Type: AWS::IAM::Policy
+  PublicDefaultRoute:
+    Properties:
+      DestinationCidrBlock: '0.0.0.0/0'
+      GatewayId: !Ref 'MetaflowbotInternetGateway'
+      RouteTableId: !Ref 'PublicRouteTable'
+    Type: AWS::EC2::Route
+  PublicRouteAssociation:
+    Properties:
+      RouteTableId: !Ref 'PublicRouteTable'
+      SubnetId: !Ref 'MetaflowbotDeploymentSubnet'
+    Type: AWS::EC2::SubnetRouteTableAssociation
+  PublicRouteTable:
+    Properties:
+      VpcId: !Ref 'MetaflowbotPublicVpc'
+    Type: AWS::EC2::RouteTable
+  S3AccessPolicy:
+    Properties:
+      PolicyDocument:
+        Statement:
+          - Action:
+              - s3:GetObject
+              - s3:ListBucket
+            Effect: Allow
+            Resource:
+              - !Join
+                - ''
+                - - !Join
+                    - ''
+                    - - 'arn:aws:s3:::'
+                      - !Select
+                        - 1
+                        - !Split
+                          - s3://
+                          - !Ref 'MetaflowDatastoreSysrootS3'
+                  - /*
+            Sid: S3GetObject
+        Version: '2012-10-17'
+      PolicyName: MetaflowbotS3AccessPolicy
+      Roles:
+        - !Ref 'EcsTaskRole'
+    Type: AWS::IAM::Policy
+