{"id":35324560,"url":"https://github.com/umairedu/argocd-slack-bot","last_synced_at":"2026-04-07T16:31:31.819Z","repository":{"id":325643990,"uuid":"1101914383","full_name":"umairedu/argocd-slack-bot","owner":"umairedu","description":"A Slack bot for managing ArgoCD deployments, rollbacks, logs. Enables developers to sync production deployments without direct access, reducing DevOps bottlenecks.","archived":false,"fork":false,"pushed_at":"2025-11-26T13:49:34.000Z","size":673,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-01-03T22:50:24.646Z","etag":null,"topics":["argocd","argocd-api","devops","devops-tools","flask","gitops","kubernetes","python","slack","slack-api","slack-bot"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/umairedu.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-11-22T13:28:41.000Z","updated_at":"2025-11-26T13:49:38.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/umairedu/argocd-slack-bot","commit_stats":null,"previous_names":["umairedu/argocd-slack-bot"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/umairedu/argocd-slack-bot","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/umairedu%2Fargocd-slack-bot","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/umairedu%2Fargocd-slack-bot/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/umairedu%2Fargocd-slack-bot/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/umairedu%2Fargocd-slack-bot/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/umairedu","download_url":"https://codeload.github.com/umairedu/argocd-slack-bot/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/umairedu%2Fargocd-slack-bot/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31520423,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-07T16:28:08.000Z","status":"ssl_error","status_checked_at":"2026-04-07T16:28:06.951Z","response_time":105,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["argocd","argocd-api","devops","devops-tools","flask","gitops","kubernetes","python","slack","slack-api","slack-bot"],"created_at":"2025-12-31T01:06:58.347Z","updated_at":"2026-04-07T16:31:31.811Z","avatar_url":"https://github.com/umairedu.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# ArgoCD Deployment Bot\n\nA production-ready Slack bot for managing ArgoCD deployments, rollbacks, and monitoring. This bot allows you to interact with your ArgoCD instance directly from Slack, making deployment operations more accessible to your team.\n\n![Python](https://img.shields.io/badge/python-3.8+-blue.svg)\n\n## Why This Project?\n\nIn many organizations, production deployments don't sync automatically, and developers typically don't have direct production access due to company security policies. This creates a bottleneck where developers must loop in the DevOps team every time they need to sync a production deployment or perform a rollback.\n\n**This bot solves that problem** by providing a secure, controlled way for authorized developers to:\n- Sync production deployments without waiting for DevOps\n- Rollback to previous versions when needed\n- View application logs and status\n- All without requiring direct production access\n\nThe bot acts as a bridge between your development team and production infrastructure, enabling faster iteration while maintaining security through user authorization controls. Only users in the allowed list can perform operations, ensuring that deployment actions remain controlled and auditable.\n\n## Features\n\n- **List Applications**: View all active ArgoCD applications with their current status and Git tags\n- **Sync Applications**: Synchronize applications with the latest release\n- **View Logs**: Download and view application logs directly in Slack\n- **Rollback Management**: List available revisions and rollback to previous versions\n- **Configurable Rollback Table**: Customize rollback table columns with Helm parameter fields (e.g., tag_version, replicaCount)\n- **Interactive Commands**: User-friendly confirmation dialogs for all operations\n- **Easy Deployment**: Helm chart included for Kubernetes deployment\n- **Production Ready**: Tested and ready for production use\n\n## Screenshots\n\n### Help Command\n\u003cimg src=\"screenshot/help.png\" width=\"1000\" height=\"600\"\u003e\n\n\nThe bot provides a comprehensive help message showing all available commands and their usage.\n\n### List Applications\n\u003cimg src=\"screenshot/list_apps.png\" width=\"1000\" height=\"600\"\u003e\n\nView all active ArgoCD applications with their current Git tags and health status in a formatted table.\n\n### Application Logs\n\u003cimg src=\"screenshot/logs.png\" width=\"1000\" height=\"600\"\u003e\n\nDownload and view application logs directly in Slack. Logs are formatted in a table and provided as a downloadable file.\n\n## Prerequisites\n\n- Python 3.8 or higher\n- Access to an ArgoCD instance\n- A Slack workspace with permissions to create apps\n- ArgoCD API token with appropriate permissions\n\n## Installation\n\n###  Deployment\n\nThe easiest way to deploy this bot in a Kubernetes environment is using the included Helm chart.\n\n#### Prerequisites\n- Kubernetes cluster with Helm 3.x installed\n- ArgoCD instance accessible from the cluster\n- Slack app configured (see [Slack App Registration](#step-2-slack-app-registration))\n\n#### Deploy with Helm\n\n1. **Clone the Repository**\n\n```bash\ngit clone git@github.com:umairedu/argocd-slack-bot.git\ncd argocd-slack-bot\n```\n\n2. **Configure Values**\n\nEdit `helm/deployment-bot/production/values.yaml`:\n\n```yaml\n# Update image tag\ntag_version: \"latest\"  # or your specific version\n\n# Configure environment variables\ndeployment_bot:\n  plain:\n    ARGOCD_URL: https://argocd-server.example.com\n    ARGOCD_VERIFY_SSL: \"False\"\n    ARGOCD_LOG_TAIL_LINES: \"50\"\n    BOT_NAME: ArgoCD Deployment Bot\n    BOT_DESCRIPTION: Your bot description\n    ROLLBACK_TABLE_FIELDS: tag_version,replicaCount  # Optional: comma-separated Helm parameter fields\n    AUTO_DISABLE_SYNC_ON_ROLLBACK: \"True\"  # Optional: automatically disable auto-sync on rollback\n  \n  secrets:\n    SLACK_TOKEN: xoxb-your-slack-token\n    SIGNING_SECRET: your-signing-secret\n    VERIFICATION_TOKEN: your-verification-token\n    ARGOCD_TOKEN: your-argocd-token\n    ALLOWED_USERS: U1234567890,U0987654321  # Optional but recommended\n```\n\n3. **Deploy**\n\n```bash\n# Create namespace (if it doesn't exist)\nkubectl create namespace argocd\n\n# Install the chart\nhelm upgrade --install deployment-bot ./helm/deployment-bot \\\n  --namespace argocd \\\n  -f ./helm/deployment-bot/production/values.yaml \n  ```\n\n4. **Verify Deployment**\n\n```bash\n# Check pod status\nkubectl get pods -n argocd -l app.kubernetes.io/name=deployment-bot\n\n# Check logs\nkubectl logs -n argocd -l app.kubernetes.io/name=deployment-bot --follow\n```\n\n5. **Update Deployment**\n\n```bash\nhelm upgrade --install deployment-bot ./helm/deployment-bot \\\n  --namespace argocd \\\n  -f ./helm/deployment-bot/production/values.yaml\n```\n\n#### Helm Chart Configuration\n\nThe Helm chart supports the following key configurations:\n\n- **Image**: Customize the Docker image repository and tag\n- **Resources**: Configure CPU and memory limits/requests\n- **Service**: Configure service type and ports\n- **Ingress**: Enable and configure ingress (Mandatory for Slack calls)\n- **Environment Variables**: Set all bot configuration via `deployment_bot.plain` and `deployment_bot.secrets`\n\nFor detailed configuration options, see `helm/deployment-bot/production/values.yaml`.\n\n\n#### Finding Slack User IDs\n\nTo find Slack user IDs for the `ALLOWED_USERS` configuration:\n\n1. **Using Slack API** (recommended):\n   ```bash\n   curl -H \"Authorization: Bearer $SLACK_TOKEN\" \\\n        https://slack.com/api/users.list | jq '.members[] | {id: .id, name: .name, real_name: .real_name}'\n   ```\n\n2. **Using Slack Web UI**:\n   - Right-click on a user's profile in Slack\n   - Select \"View profile\"\n   - The user ID is in the URL: `https://workspace.slack.com/team/U1234567890`\n\n3. **Using Bot Response**:\n   - Ask the bot for help: `@bot help`\n   - The bot will mention users with their IDs in the format `\u003c@U1234567890\u003e`\n\n## Setup Guide\n\n### Step 1: ArgoCD API Token Generation\n\nTo generate an API token for the bot, you need to create an API account in ArgoCD and generate a token for it.\n\n#### 1.1 Login to ArgoCD\n\n```bash\nargocd login \u003cargocd-server-url\u003e --username admin --grpc-web-root-path /\n```\n\nReplace `\u003cargocd-server-url\u003e` with your ArgoCD server URL (e.g., `127.0.0.1:8080` or `argocd.example.com`).\n\n#### 1.2 Create API Account\n\nFirst, check existing accounts:\n\n```bash\nargocd account list\n```\n\nIf you need to create a new account, you can do so through the ArgoCD UI or CLI. For this example, we'll use an account named `api_bot`.\n\n#### 1.3 Set Account Password\n\n```bash\nargocd account update-password \\\n  --account api_bot \\\n  --new-password \u003csecure-password\u003e\n```\n\n#### 1.4 Generate API Token\n\n```bash\nargocd account generate-token --account api_bot\n```\n\nCopy the generated token and use it as `ARGOCD_TOKEN` in your `.env` file.\n\n#### 1.5 Configure RBAC Permissions\n\nEdit the ArgoCD ConfigMap to grant appropriate permissions to your API account:\n\n```bash\nkubectl edit cm argocd-rbac-cm -n argocd\n```\n\nAdd the following RBAC policies in the `data` section:\n\n```yaml\ndata:\n  policy.csv: |\n    # Allow read and write access to applications\n    p, role:readwrite, applications, get, */*, allow\n    p, role:readwrite, applications, sync, */*, allow\n    p, role:readwrite, applications, rollback, */*, allow\n    p, role:readwrite, applications, logs, */*, allow\n    p, role:readwrite, applications, update, */*, allow\n    \n    # Allow read and execute access\n    p, role:readexecute, applications, get, */*, allow\n    p, role:readexecute, applications, sync, */*, allow\n    p, role:readexecute, applications, rollback, */*, allow\n    p, role:readexecute, applications, logs, */*, allow\n    p, role:readexecute, applications, update, */*, allow\n    \n    # Assign roles to API account\n    g, api_bot, role:readwrite\n    g, api_bot, role:readexecute\n  policy.default: role:deny\n```\n\n**Note**: Adjust the permissions based on your security requirements. The above configuration allows the bot to:\n- Get application details\n- Sync applications\n- Rollback applications\n- View application logs\n- Update applications (required for `AUTO_DISABLE_SYNC_ON_ROLLBACK` feature)\n\nSave and exit the editor. ArgoCD will automatically reload the RBAC configuration.\n\n### Step 2: Slack App Registration\n\n#### 2.1 Create a Slack App\n\n1. Go to [https://api.slack.com/apps](https://api.slack.com/apps)\n2. Click **\"Create New App\"**\n3. Choose **\"From scratch\"**\n4. Enter your app name (e.g., \"ArgoCD Bot\")\n5. Select your workspace\n6. Click **\"Create App\"**\n\n#### 2.2 Configure Bot Token Scopes\n\n1. In your app settings, go to **\"OAuth \u0026 Permissions\"** in the left sidebar\n2. Scroll down to **\"Bot Token Scopes\"**\n3. Add the following scopes:\n   - `app_mentions:read` - Listen for bot mentions\n   - `chat:write` - Send messages\n   - `files:write` - Upload log files\n   - `channels:read` - Read channel information\n   - `groups:read` - Read private channel information\n   - `im:read` - Read direct messages\n   - `mpim:read` - Read group direct messages\n\n#### 2.3 Enable Event Subscriptions\n\n1. Go to **\"Event Subscriptions\"** in the left sidebar\n2. Toggle **\"Enable Events\"** to On\n3. Enter your Request URL: `https://your-domain.com/slack/events`\n4. Under **\"Subscribe to bot events\"**, add:\n   - `app_mention` - Listen for mentions of your bot\n\n#### 2.4 Enable Interactive Components\n\n1. Go to **\"Interactivity\"** in the left sidebar\n2. Toggle **\"Interactivity\"** to On\n3. Enter your Request URL: `https://your-domain.com/interactions`\n\n#### 2.5 Install App to Workspace\n\n1. Go to **\"OAuth \u0026 Permissions\"** in the left sidebar\n2. Click **\"Install to Workspace\"**\n3. Review the permissions and click **\"Allow\"**\n4. Copy the **\"Bot User OAuth Token\"** (starts with `xoxb-`) - this is your `SLACK_TOKEN`\n\n#### 2.6 Get Signing Secret\n\n1. Go to **\"Basic Information\"** in the left sidebar\n2. Under **\"App Credentials\"**, find **\"Signing Secret\"**\n3. Click **\"Show\"** and copy the value - this is your `SIGNING_SECRET`\n\n#### 2.7 Get Verification Token (if needed)\n\n1. In **\"Basic Information\"**, find **\"Verification Token\"**\n2. Copy the value - this is your `VERIFICATION_TOKEN`\n\n**Note**: Verification Token is deprecated in newer Slack apps but may still be required for some configurations.\n\n#### 2.8 Invite Bot to Channels\n\nInvite your bot to the channels where you want to use it:\n\n```\n/invite @YourBotName\n```\n\n## Usage\n\n### Available Commands\n\nMention the bot in a channel and use one of these commands:\n\n- `@bot list_apps` - List all active ArgoCD applications\n- `@bot sync APP_NAME` - Synchronize an application with the latest release\n- `@bot logs APP_NAME` - Download and view application logs\n- `@bot rollback_revisions APP_NAME` - List available revisions for rollback\n- `@bot rollback APP_NAME REVISION_NUMBER` - Rollback to a specific revision (automatically handles auto-sync if configured)\n- `@bot help` - Show help message with all available commands\n\n### Rollback Table Configuration\n\nThe rollback table can be customized to display additional Helm parameter fields. This is useful for showing deployment-specific information like image tags, replica counts, or other configuration values.\n\n#### Configuration\n\nSet the `ROLLBACK_TABLE_FIELDS` environment variable with comma-separated Helm parameter field names:\n\n```bash\nROLLBACK_TABLE_FIELDS=tag_version,replicaCount\n```\n\n#### How It Works\n\n1. When you run `@bot rollback_revisions APP_NAME`, the bot:\n   - Fetches all available revisions from ArgoCD history\n   - For each revision, calls the ArgoCD appdetails API to retrieve Helm parameters\n   - Extracts the specified fields from the Helm parameters\n   - Displays them as additional columns in the rollback table\n\n2. **Default Behavior**: If `ROLLBACK_TABLE_FIELDS` is not set, the table shows only:\n   - App Name\n   - Revision Number\n   - Last Deploy Time\n\n3. **With Custom Fields**: When configured, the table includes the base columns plus your custom fields:\n   - App Name\n   - Revision Number\n   - Last Deploy Time\n   - tag_version (or your first field)\n   - replicaCount (or your second field)\n   - ... (additional fields)\n\n#### Example\n\nWith `ROLLBACK_TABLE_FIELDS=tag_version,replicaCount`, the rollback table will display:\n\n```\n+------------+------------------+---------------------+------------+--------------+\n| App Name   | Revision Number  | Last Deploy Time    | tag_version| replicaCount |\n+------------+------------------+---------------------+------------+--------------+\n| my-app     | 3177             | 2025-11-26T07:00:17Z| 8ecf283f   | 1            |\n| my-app     | 3176             | 2025-11-26T06:49:05Z| 7d8e9f10   | 2            |\n+------------+------------------+---------------------+------------+--------------+\n```\n\n#### Notes\n\n- Field names must match exactly the Helm parameter names in your values.yaml\n- If a field is not found for a revision, \"N/A\" will be displayed\n- The API call is made for each revision, so response time may increase with many revisions\n- Only Helm-based applications support this feature\n\n### Auto-Sync Handling for Rollbacks\n\nArgoCD prevents rollbacks when auto-sync is enabled for an application. The bot can automatically handle this situation.\n\n#### Configuration\n\nSet the `AUTO_DISABLE_SYNC_ON_ROLLBACK` environment variable to enable automatic auto-sync disabling:\n\n```bash\nAUTO_DISABLE_SYNC_ON_ROLLBACK=True\n```\n\n#### How It Works\n\n1. **When Rollback Fails Due to Auto-Sync**:\n   - The bot detects the auto-sync error (code 9)\n   - If `AUTO_DISABLE_SYNC_ON_ROLLBACK=True`, it automatically disables auto-sync for the application\n   - The bot then retries the rollback operation\n   - If successful, the rollback completes\n\n2. **When Auto-Disable is Not Configured**:\n   - The bot returns an error message indicating auto-sync is enabled\n   - You must manually disable auto-sync in ArgoCD before attempting rollback\n\n3. **What Gets Preserved**:\n   - When disabling auto-sync, the bot preserves:\n     - Retry configuration\n     - Sync options\n     - Other sync policy settings\n   - Only the `automated` field is removed\n\n#### Example Flow\n\n```\nUser: @bot rollback my-app 12345\nBot: Auto-sync is enabled for my-app. Attempting to disable it...\nBot: Successfully disabled auto-sync for application my-app\nBot: Retrying rollback for my-app after disabling auto-sync...\nBot: `my-app` rolled back to revision `12345` successfully. ✅\n```\n\n#### Important Notes\n\n- **Auto-sync remains disabled** after the rollback. You may want to re-enable it manually if needed\n- The bot requires appropriate ArgoCD RBAC permissions to modify application sync policies\n- If auto-sync disabling fails, the bot will return an error message with instructions\n- This feature only works if the ArgoCD API account has permissions to update application specs\n\n### Examples\n\n```\n@argocd-bot list_apps\n@argocd-bot sync my-app\n@argocd-bot logs my-app\n@argocd-bot rollback_revisions my-app\n@argocd-bot rollback my-app 12345\n@argocd-bot help\n```\n\n## Configuration Options\n\n### Environment Variables\n\n| Variable | Required | Default | Description |\n|----------|----------|---------|-------------|\n| `SLACK_TOKEN` | Yes | - | Slack bot OAuth token |\n| `SIGNING_SECRET` | Yes | - | Slack app signing secret |\n| `VERIFICATION_TOKEN` | Yes | - | Slack verification token |\n| `ARGOCD_TOKEN` | Yes | - | ArgoCD API token |\n| `ARGOCD_URL` | Yes | - | ArgoCD server URL |\n| `ALLOWED_USERS` | No* | - | Comma-separated list of Slack user IDs allowed to use the bot |\n| `BOT_NAME` | No | \"ArgoCD Deployment Bot\" | Custom bot name |\n| `BOT_DESCRIPTION` | No | Default description | Custom bot description |\n| `FLASK_HOST` | No | \"0.0.0.0\" | Flask server host |\n| `FLASK_PORT` | No | \"5000\" | Flask server port |\n| `FLASK_DEBUG` | No | \"False\" | Enable Flask debug mode |\n| `ARGOCD_VERIFY_SSL` | No | \"False\" | Verify SSL certificates |\n| `ARGOCD_LOG_TAIL_LINES` | No | \"50\" | Number of log lines to fetch |\n| `ROLLBACK_TABLE_FIELDS` | No | - | Comma-separated list of Helm parameter field names to display in rollback table (e.g., `tag_version,replicaCount`) |\n| `AUTO_DISABLE_SYNC_ON_ROLLBACK` | No | \"False\" | Automatically disable auto-sync when rollback fails due to auto-sync being enabled |\n\n\\* **Required for production**: If not set, all users will be allowed (not recommended for production environments).\n\n## Security Considerations\n\n1. **User Authorization**: **CRITICAL** - Always configure `ALLOWED_USERS` in production to restrict bot access to authorized personnel only. Without this setting, any user in your Slack workspace can perform deployment operations.\n\n2. **Token Security**: Never commit tokens or secrets to version control. Use environment variables or secret management systems.\n\n3. **RBAC Permissions**: Configure ArgoCD RBAC to grant only the minimum required permissions to the API account.\n\n4. **Network Security**: In production, ensure the bot is only accessible from trusted networks and use HTTPS.\n\n5. **SSL Verification**: Enable `ARGOCD_VERIFY_SSL=True` in production to verify ArgoCD SSL certificates.\n\n6. **Slack Security**: Use Slack's signing secret verification (already implemented) to verify request authenticity.\n\n### User Authorization\n\nThe bot implements user authorization to ensure only authorized users can perform deployment operations:\n\n- **Configuration**: Set `ALLOWED_USERS` environment variable with comma-separated Slack user IDs\n- **Behavior**: \n  - Authorized users can use all bot commands (except `help` which is available to everyone)\n  - Unauthorized users receive an access denied message when attempting to use the bot\n  - Authorization is checked both for command mentions and button interactions\n- **Help Command**: The `help` command is available to all users (no authorization required)\n- **Logging**: All unauthorized access attempts are logged for security auditing\n\n## Troubleshooting\n\n### ArgoCD API errors\n\n- Verify `ARGOCD_TOKEN` is valid and not expired\n- Check ArgoCD RBAC permissions for the API account\n- Ensure `ARGOCD_URL` is correct and accessible\n- Verify SSL settings if using HTTPS\n\n## Project Structure\n\n```\nargocd-slack-bot/\n├── helm/                      # Helm chart for Kubernetes deployment\n│   └── deployment-bot/\n│       ├── Chart.yaml\n│       ├── production/\n│       │   └── values.yaml    # Production configuration\n│       └── templates/         # Kubernetes manifests\n├── screenshot/                # Screenshots for documentation\n│   ├── help.png\n│   ├── list_apps.png\n│   └── logs.png\n├── main.py                    # Main application entry point\n├── slack_api.py               # Slack API interaction handlers\n├── argocd_api.py              # ArgoCD API client\n├── config.py                  # Configuration management\n├── Dockerfile                 # Docker image definition\n├── requirements.txt           # Python dependencies\n├── env.example               # Environment variables template\n└── README.md                 # This file\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fumairedu%2Fargocd-slack-bot","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fumairedu%2Fargocd-slack-bot","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fumairedu%2Fargocd-slack-bot/lists"}