Deployment notifications alert you when a new deployment has started or succeeded and allow you to respond to failing deploys quicker.
FlexStack offers three ways to get notified about changes to deployment state: Slack, webhook events, and email.
Configure Slack notifications
First, visit Project Settings > Notifications. Then, click "Add to Slack", select a workspace, select a channel, and you're set!
From there you'll be able to configure when you want to receive notifications to your Slack channel.
Slack notifications are available on the Team plan.
After the FlexStack for Slack app is installed, you'll start receiving notifications based on your configuration. Each notification will include links to the Project and Environment that was deployed, in addition to any stacks or Components that were updated, along with a status for each.
Configure webhook events
When you add webhook notifications to a project, we'll send a POST
request to an endpoint you specify. Requests will be retried for up to 24 hours if we don't receive a 2xx status code in response. Each request contains a payload with an event id
, type
, timestamp
, and data
payload. For example:
Deployment notifications have the following event types:
Event type | Description |
---|---|
deployments.in_progress | One or several stacks have started deploying. |
deployments.succeeded | One or several stacks have successfully. deployed |
deployments.failed | One or several stacks have failed to deploy. A deployment enters a "failed" state any time one of its stacks fails, regardless of how many succeeded in the same deployment. |
Each webhook request is signed with a secret prefixed with sig_
that you'll receive after you create the integration. You can use the X-FlexStack-Signature
header to validate requests received by your webhook endpoint.
Important things to keep in mind when validating the request:
- FlexStack uses a HMAC hexadecimal digest to compute the hash.
- The signature header value always starts with
sha256=
. - The signature is generated using your webhook's secret token and the bytes of the payload contents. Pseudo code for this would look like
signature = hash.sha256(requestBody, webhookSecret)
. - The webhook secret can be found and copied in your webhook notification settings.
- You need to handle the payload as UTF-8.
- Never use a plain
==
operator to compare signatures. Use methods likecrypto.timingSafeEqual
orsubtle.ConstantTimeCompare
which perform constant time comparisons to help mitigate timing attacks.
Configure email notifications
To manage your email notifications, head over to Account Settings > Notifications. Here you'll be able to select which email you want to receive notifications to, in addition to if/when you want to be notified. Alternatively, click "Unsubscribe from all" to remove all email notifications.
By default, you'll receive notifications when deployments in environments you have at least Contributor access to succeed or fail.