Merge pull request 'Add loop-channel-export plugin action' (#14) from loop-plugin-channel-export-template into master

Reviewed-on: #14

.gitea/actions/plugin/build-channel-export/action.yml

@@ -0,0 +1,45 @@
+name: build-channel-export
+description: Build plugin via make
+
+inputs:
+  go_version:
+    required: false
+    description: 'GO version'
+  go_cache:
+    required: false
+    description: 'For direct disable go-cache if needed'
+  node_version:
+    required: false
+    description: 'Node.js version'
+
+runs:
+  using: composite
+  steps:
+    - name: ci/setup-go
+      uses: actions/setup-go@v4
+      if: ${{ inputs.go_version && inputs.go_cache != 'false' }}
+      with:
+        go-version: "${{ inputs.go_version }}"
+        cache-dependency-path: |
+          go.sum
+          server/go.sum
+
+    - name: ci/setup-go-wo-cache
+      uses: actions/setup-go@v4
+      if: ${{ inputs.go_version && inputs.go_cache == 'false' }}
+      with:
+        go-version: "${{ inputs.go_version }}"
+        cache: false
+
+    - name: ci/setup-node
+      uses: actions/setup-node@v4
+      if: ${{ inputs.node_version }}
+      with:
+        node-version: "${{ inputs.node_version }}"
+
+    - name: ci/plugin-build
+      shell: bash
+      run: |
+        echo "::group::dist"
+        make dist
+        echo "::endgroup::"

.gitea/workflows/java-pull-request-check-template.yml

@@ -42,12 +42,12 @@ env:
 jobs:
   check:
     name: check and test
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-latest
     steps:
       - uses: https://github.com/actions/checkout@v3
       - uses: https://github.com/actions/setup-java@v3
         with:
-          distribution: 'temurin'
+          distribution: 'zulu'
           java-version: 21
           check-latest: "false"
       - uses: https://github.com/gradle/gradle-build-action@v2
@@ -138,4 +138,4 @@ jobs:
 
       - name: loop fail notification
         if: ${{ inputs.notification_enabled && job.status == 'failure' }}
-        uses: https://github.com/mattermost/action-mattermost-notify@master
+        uses: https://github.com/mattermost/action-mattermost-notify@1.1.0

.gitea/workflows/loop-plugin-channel-export-template.yml

@@ -0,0 +1,136 @@
+name: Build and sign plugin with marketplace json formation
+on:
+  workflow_call:
+    inputs:
+      go_version:
+        required: false
+        description: 'GO version'
+      go_cache:
+        required: false
+        description: 'For direct disable go-cache if needed'
+      node_version:
+        required: false
+        description: 'Node.js version'
+      vault_secrets_base_path:
+        required: true
+        description: 'Base vault secret path'
+      artifacts_url:
+        required: true
+        description: 'Artifacts URL'
+      artifacts_repository:
+        required: true
+        description: 'Artifacts repository'
+    secrets:
+      VAULT_ROLE_ID:
+        required: true
+      VAULT_SECRET_ID:
+        required: true
+
+jobs:
+  release:
+    name: release
+    runs-on: ubuntu-22.04
+    steps:
+      - name: ci/checkout-repo
+        uses: actions/checkout@v3
+
+      - id: publish-secrets
+        name: ci/publish-secrets
+        uses: https://github.com/hashicorp/vault-action@v2
+        with:
+          url: https://vault.wilix.dev
+          method: approle
+          roleId: ${{ secrets.VAULT_ROLE_ID }}
+          secretId: ${{ secrets.VAULT_SECRET_ID }}
+          secrets: |
+            ${{ inputs.vault_secrets_base_path }} ARTIFACTS_USERNAME ;
+            ${{ inputs.vault_secrets_base_path }} ARTIFACTS_PASSWORD ;
+
+      - id: key
+        name: ci/key
+        uses: https://github.com/hashicorp/vault-action@v2
+        with:
+          url: https://vault.wilix.dev
+          method: approle
+          roleId: ${{ secrets.VAULT_ROLE_ID }}
+          secretId: ${{ secrets.VAULT_SECRET_ID }}
+          secrets: |
+            ${{ inputs.vault_secrets_base_path }} SIGN_PRIVATE_KEY_EXPORTED ;
+            ${{ inputs.vault_secrets_base_path }} SIGN_PRIVATE_KEY_ID ;
+            ${{ inputs.vault_secrets_base_path }} SIGN_PRIVATE_KEY_PASSPHRASE ;
+
+      - id: plugin-meta
+        name: ci/plugin-meta
+        shell: bash
+        run: |
+          apt-get update
+          apt-get install -y jq
+          echo "PLUGIN=$(jq -r '.id + "-" + .version + ".tar.gz"' plugin.json)" >> "$GITHUB_OUTPUT"
+          echo "PLUGIN_ID=$(jq -r '.id' plugin.json)" >> "$GITHUB_OUTPUT"
+          echo "PLUGIN_VERSION=$(jq -r '.version' plugin.json)" >> "$GITHUB_OUTPUT" 
+          echo "ENTERPRISE=$(jq -r '.props.enterprise == true' plugin.json)" >> "$GITHUB_OUTPUT" 
+          echo "BETA=$(jq -r '.version | contains("SNAPSHOT")' plugin.json)" >> "$GITHUB_OUTPUT" 
+          echo "EXPERIMENTAL=$(jq -r '.props.experimental == true' plugin.json)" >> "$GITHUB_OUTPUT"
+
+      - name: ci/plugin-build
+        uses: https://git.wilix.dev/wilix-infra/actions/.gitea/actions/plugin/build-channel-export@master
+        with:
+          go_version: ${{ inputs.go_version }}
+          go_cache: ${{ inputs.go_cache }}
+          node_version: ${{ inputs.node_version }}
+          ssh_key: ${{ secrets.AI_DEPLOY_KEY }}
+
+      - name: ci/plugin-sign
+        uses: https://git.wilix.dev/wilix-infra/actions/.gitea/actions/file-sign@master
+        with:
+          private_key: ${{ steps.key.outputs.SIGN_PRIVATE_KEY_EXPORTED }}
+          private_key_id: ${{ steps.key.outputs.SIGN_PRIVATE_KEY_ID }}
+          private_key_passphrase: ${{ steps.key.outputs.SIGN_PRIVATE_KEY_PASSPHRASE }}
+          filepath: ${{ gitea.workspace }}/dist/${{ steps.plugin-meta.outputs.PLUGIN }}
+
+      - name: ci/push-plugin
+        uses: sonatype-nexus-community/nexus-repo-github-action@master
+        with:
+          serverUrl: ${{ inputs.artifacts_url }}
+          username: ${{ steps.publish-secrets.outputs.ARTIFACTS_USERNAME }}
+          password: ${{ steps.publish-secrets.outputs.ARTIFACTS_PASSWORD }}
+          format: raw
+          repository: ${{ inputs.artifacts_repository }}
+          coordinates: directory=plugins/${{ steps.plugin-meta.outputs.PLUGIN_ID }}/${{ steps.plugin-meta.outputs.PLUGIN_VERSION }}
+          assets: filename=${{ steps.plugin-meta.outputs.PLUGIN }}
+          filename: dist/${{ steps.plugin-meta.outputs.PLUGIN }}
+
+      - name: ci/push-plugin-sign
+        uses: sonatype-nexus-community/nexus-repo-github-action@master
+        with:
+          serverUrl: ${{ inputs.artifacts_url }}
+          username: ${{ steps.publish-secrets.outputs.ARTIFACTS_USERNAME }}
+          password: ${{ steps.publish-secrets.outputs.ARTIFACTS_PASSWORD }}
+          format: raw
+          repository: ${{ inputs.artifacts_repository }}
+          coordinates: directory=plugins/${{ steps.plugin-meta.outputs.PLUGIN_ID }}/${{ steps.plugin-meta.outputs.PLUGIN_VERSION }}
+          assets: filename=${{ steps.plugin-meta.outputs.PLUGIN }}.sig
+          filename: dist/${{ steps.plugin-meta.outputs.PLUGIN }}.sig
+
+      - name: ci/plugin-json
+        uses: https://git.wilix.dev/wilix-infra/actions/.gitea/actions/plugin/json@master
+        with:
+          plugin_id: ${{ steps.plugin-meta.outputs.PLUGIN_ID }}
+          plugin_version: ${{ steps.plugin-meta.outputs.PLUGIN_VERSION }}
+          enterprise: ${{ steps.plugin-meta.outputs.ENTERPRISE }}
+          beta: ${{ steps.plugin-meta.outputs.BETA }}
+          experimental: ${{ steps.plugin-meta.outputs.EXPERIMENTAL }}
+          artifacts_url: ${{ inputs.artifacts_url }}
+          artifacts_repository: ${{ inputs.artifacts_repository }}
+
+      - name: ci/push-plugin-json
+        uses: sonatype-nexus-community/nexus-repo-github-action@master
+        with:
+          serverUrl: ${{ inputs.artifacts_url }}
+          username: ${{ steps.publish-secrets.outputs.ARTIFACTS_USERNAME }}
+          password: ${{ steps.publish-secrets.outputs.ARTIFACTS_PASSWORD }}
+          format: raw
+          repository: ${{ inputs.artifacts_repository }}
+          coordinates: directory=plugins/${{ steps.plugin-meta.outputs.PLUGIN_ID }}/${{ steps.plugin-meta.outputs.PLUGIN_VERSION }}
+          assets: filename=${{ steps.plugin-meta.outputs.PLUGIN }}.json
+          filename: dist/${{ steps.plugin-meta.outputs.PLUGIN }}.json

.gitea/workflows/loop-plugin-with-marketplace-template.yml

@@ -57,7 +57,7 @@ jobs:
           secrets: |
             ${{ inputs.vault_secrets_base_path }} SIGN_PRIVATE_KEY_EXPORTED ;
             ${{ inputs.vault_secrets_base_path }} SIGN_PRIVATE_KEY_ID ;
-            ${{ inputs.vault_secrets_base_path }} SIGN_PRIVATE_KEY_PASSPHRASE ; 
+            ${{ inputs.vault_secrets_base_path }} SIGN_PRIVATE_KEY_PASSPHRASE ;
 
       - id: plugin-meta
         name: ci/plugin-meta
@@ -65,8 +65,8 @@ jobs:
         run: |
           apt-get update
           apt-get install -y jq
-          echo "PLUGIN=$(jq -r '.id + "-" + .version + ".tar.gz"' plugin.json)" >> "$GITHUB_OUTPUT" 
-          echo "PLUGIN_ID=$(jq -r '.id' plugin.json)" >> "$GITHUB_OUTPUT" 
+          echo "PLUGIN=$(jq -r '.id + "-" + .version + ".tar.gz"' plugin.json)" >> "$GITHUB_OUTPUT"
+          echo "PLUGIN_ID=$(jq -r '.id' plugin.json)" >> "$GITHUB_OUTPUT"
           echo "PLUGIN_VERSION=$(jq -r '.version' plugin.json)" >> "$GITHUB_OUTPUT" 
           echo "ENTERPRISE=$(jq -r '.props.enterprise == true' plugin.json)" >> "$GITHUB_OUTPUT" 
           echo "BETA=$(jq -r '.version | contains("SNAPSHOT")' plugin.json)" >> "$GITHUB_OUTPUT" 
@@ -76,7 +76,9 @@ jobs:
         uses: https://git.wilix.dev/wilix-infra/actions/.gitea/actions/plugin/build@master
         with:
           go_version: ${{ inputs.go_version }}
+          go_cache: ${{ inputs.go_cache }}
           node_version: ${{ inputs.node_version }}
+          ssh_key: ${{ secrets.AI_DEPLOY_KEY }}
 
       - name: ci/plugin-sign
         uses: https://git.wilix.dev/wilix-infra/actions/.gitea/actions/file-sign@master

.gitea/workflows/mobile-pull-request-check-template.yml

@@ -0,0 +1,115 @@
+name: Mobile pull request check
+on:
+  workflow_call:
+    inputs:
+      node-version:
+        description: "Set node version"
+        default: 20
+        type: string
+      notification_enabled:
+        description: "Включение оповещений о разворачивании, требуется иметь url для оповещений в vault"
+        default: false
+        required: false
+        type: boolean
+      custom_notification_hook_enabled:
+        description: "Использовать ли кастомный url хук для оповещений (должен лежать в vault секрете проекта)"
+        default: false
+        required: false
+        type: boolean
+      notification_channel:
+        description: "Канал для оповещений о результатах деплоя"
+        default: internal_projects_notifications
+        required: false
+        type: string
+      vault_secrets_base_path:
+        description: 'Базовый путь для секретов проекта в vault'
+        required: false
+        type: string
+    secrets:
+      VAULT_ROLE_ID:
+        required: true
+      VAULT_SECRET_ID:
+        required: true
+
+env:
+  vault_main_base_path: dev/wilix/main/data/ci
+
+jobs:
+  check:
+    name: mobile check and test
+    runs-on: ubuntu-latest
+    steps:
+      - name: ci/checkout-repo
+        uses: actions/checkout@v3
+
+      - name: Use Node.js ${{ inputs.node-version }}
+        uses: https://github.com/actions/setup-node@v3
+        with:
+          node-version: ${{ inputs.node-version }}
+
+      - name: ci/prepare-node-deps
+        uses: ./.gitea/actions/prepare-node-deps
+
+      - name: ci/check-styles
+        shell: bash
+        run: |
+          echo "::group::check-styles"
+          npm run check
+          echo "::endgroup::"
+
+      - name: ci/run-tests
+        shell: bash
+        run: |
+          echo "::group::run-tests"
+          npm run test:ci
+          echo "::endgroup::"
+
+      - name: Get general notification url
+        if: ${{ inputs.notification_enabled && ! inputs.custom_notification_hook_enabled && (job.status == 'success' || job.status == 'failure') }}
+        uses: https://github.com/hashicorp/vault-action@v2
+        with:
+          url: https://vault.wilix.dev
+          method: approle
+          roleId: ${{ secrets.VAULT_ROLE_ID }}
+          secretId: ${{ secrets.VAULT_SECRET_ID }}
+          secrets: |
+            ${{ env.vault_main_base_path }} notification_url | MATTERMOST_WEBHOOK_URL ;
+
+      - name: Get custom notification url
+        if: ${{ inputs.notification_enabled && inputs.custom_notification_hook_enabled && (job.status == 'success' || job.status == 'failure') }}
+        uses: https://github.com/hashicorp/vault-action@v2
+        with:
+          url: https://vault.wilix.dev
+          method: approle
+          roleId: ${{ secrets.VAULT_ROLE_ID }}
+          secretId: ${{ secrets.VAULT_SECRET_ID }}
+          secrets: |
+            ${{ inputs.vault_secrets_base_path }} notification_url | MATTERMOST_WEBHOOK_URL ;
+
+      - name: prepare failed notification body
+        if: ${{ inputs.notification_enabled && job.status == 'failure' }}
+        uses: https://github.com/finnp/create-file-action@master
+        env:
+          FILE_NAME: "mattermost.json"
+          FILE_DATA: |
+            {
+              "channel": "${{ inputs.notification_channel }}",
+              "attachments": [
+                {
+                  "fallback": "Проверка упала ${{ gitea.repository }}",
+                  "text": "@${{ gitea.actor }} упала тестовая сборка",
+                  "color": "#FF0000",
+                  "fields": [
+                    {
+                      "short": true,
+                      "title": "Сборка",
+                      "value": "https://git.wilix.dev/${{ gitea.repository }}/actions/runs/${{ gitea.run_id }}"
+                    }
+                  ]
+                }
+              ]
+            }
+
+      - name: loop fail notification
+        if: ${{ inputs.notification_enabled && job.status == 'failure' }}
+        uses: https://github.com/mattermost/action-mattermost-notify@1.1.0

.gitea/workflows/node-pull-request-check-template.yml

@@ -0,0 +1,112 @@
+name: Pull request check
+on:
+  workflow_call:
+    inputs:
+      node-version:
+        description: "Set node version"
+        default: 20
+        type: string
+      yarn-commands:
+        description: "yarn-commands"
+        default: |-
+          yarn install
+          yarn test
+        type: string
+      notification_enabled:
+        description: "Включение оповещений о разворачивании, требуется иметь url для оповещений в vault"
+        default: false
+        required: false
+        type: boolean
+      custom_notification_hook_enabled:
+        description: "Использовать ли кастомный url хук для оповещений (должен лежать в vault секрете проекта)"
+        default: false
+        required: false
+        type: boolean
+      notification_channel:
+        description: "Канал для оповещений о результатах деплоя"
+        default: internal_projects_notifications
+        required: false
+        type: string
+      vault_secrets_base_path:
+        description: 'Базовый путь для секретов проекта в vault'
+        required: false
+        type: string
+      sonar_enabled:
+        default: false
+        required: false
+        type: boolean
+    secrets:
+      VAULT_ROLE_ID:
+        required: true
+      VAULT_SECRET_ID:
+        required: true
+
+env:
+  vault_main_base_path: dev/wilix/main/data/ci
+
+jobs:
+  check:
+    name: check and test
+    runs-on: ubuntu-latest
+    steps:
+      - uses: https://github.com/actions/checkout@v3
+      - name: Use Node.js ${{ inputs.node-version }}
+        uses: https://github.com/actions/setup-node@v3
+        with:
+          node-version: ${{ inputs.node-version }}
+      - run: ${{ inputs.yarn-commands }}
+
+      - name: dockerfile lint check
+        uses: https://github.com/hadolint/hadolint-action@v3.1.0
+        with:
+          dockerfile: Dockerfile
+
+      - name: Get general notification url
+        if: ${{ inputs.notification_enabled && ! inputs.custom_notification_hook_enabled && (job.status == 'success' || job.status == 'failure') }}
+        uses: https://github.com/hashicorp/vault-action@v2
+        with:
+          url: https://vault.wilix.dev
+          method: approle
+          roleId: ${{ secrets.VAULT_ROLE_ID }}
+          secretId: ${{ secrets.VAULT_SECRET_ID }}
+          secrets: |
+            ${{ env.vault_main_base_path }} notification_url | MATTERMOST_WEBHOOK_URL ;
+
+      - name: Get custom notification url
+        if: ${{ inputs.notification_enabled && inputs.custom_notification_hook_enabled && (job.status == 'success' || job.status == 'failure') }}
+        uses: https://github.com/hashicorp/vault-action@v2
+        with:
+          url: https://vault.wilix.dev
+          method: approle
+          roleId: ${{ secrets.VAULT_ROLE_ID }}
+          secretId: ${{ secrets.VAULT_SECRET_ID }}
+          secrets: |
+            ${{ inputs.vault_secrets_base_path }} notification_url | MATTERMOST_WEBHOOK_URL ;
+
+      - name: prepare failed notification body
+        if: ${{ inputs.notification_enabled && job.status == 'failure' }}
+        uses: https://github.com/finnp/create-file-action@master
+        env:
+          FILE_NAME: "mattermost.json"
+          FILE_DATA: |
+            {
+              "channel": "${{ inputs.notification_channel }}",
+              "attachments": [
+                {
+                  "fallback": "Проверка упала ${{ gitea.repository }}",
+                  "text": "@${{ gitea.actor }} упала тестовая сборка",
+                  "color": "#FF0000",
+                  "fields": [
+                    {
+                      "short": true,
+                      "title": "Сборка",
+                      "value": "https://git.wilix.dev/${{ gitea.repository }}/actions/runs/${{ gitea.run_id }}"
+                    }
+                  ]
+                }
+              ]
+            }
+
+      - name: loop fail notification
+        if: ${{ inputs.notification_enabled && job.status == 'failure' }}
+        uses: https://github.com/mattermost/action-mattermost-notify@1.1.0

.gitea/workflows/werf-cleanup-template.yml

@@ -26,7 +26,7 @@ env:
 jobs:
   cleanup:
     name: Cleanup
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-latest
     steps:
       - uses: https://github.com/actions/checkout@v3
       - name: Fetch all history for all tags and branches

.gitea/workflows/werf-deploy-template.yml

@@ -62,7 +62,7 @@ env:
 jobs:
   converge:
     name: Deploy stand
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-latest
     steps:
 
       - name: Checkout code
@@ -197,5 +197,5 @@ jobs:
             }
 
       - name: loop fail notification
-        uses: https://github.com/mattermost/action-mattermost-notify@master
+        uses: https://github.com/mattermost/action-mattermost-notify@1.1.0
         if: ${{ inputs.notification_enabled && (job.status == 'success' || job.status == 'failure') }}

.gitea/workflows/werf-yonote-cleanup-template.yml

@@ -0,0 +1,68 @@
+name: Cleanup Yonote Docker registry
+on:
+  workflow_call:
+    inputs:
+      docker_repo_path:
+        default: private.docker.wilix.dev
+        required: false
+        type: string
+      docker_images_path:
+        description: 'Относительный путь для образов проекта'
+        required: true
+        type: string
+      werf_debug:
+        default: false
+        required: false
+        type: boolean
+    secrets:
+      VAULT_ROLE_ID:
+        required: true
+      VAULT_SECRET_ID:
+        required: true
+
+env:
+  vault_main_base_path: dev/wilix/main/data/ci
+
+jobs:
+  cleanup:
+    name: Cleanup
+    runs-on: ubuntu-latest
+    steps:
+      - uses: https://github.com/actions/checkout@v3
+      - name: Fetch all history for all tags and branches
+        run: git fetch --prune --unshallow
+
+      # FIXME Эти секреты нужно будет сделать полностью различными для проектов, идеально - краткосрочные генерируемые vault
+      - id: import-secrets
+        uses: https://github.com/hashicorp/vault-action@v2
+        with:
+          url: https://vault.wilix.dev
+          method: approle
+          roleId: ${{ secrets.VAULT_ROLE_ID }}
+          secretId: ${{ secrets.VAULT_SECRET_ID }}
+          secrets: |
+            ${{ env.vault_main_base_path }} local_cluster_kube_config_base64 ;
+            ${{ env.vault_main_base_path }} docker_registry_username ;
+            ${{ env.vault_main_base_path }} docker_registry_password ;
+            dev/wilix/yonote/data/ci/yonote NPM_AUTH_TOKEN ;
+        
+      - name: Login to wilix nexus Container Registry
+        uses: https://github.com/docker/login-action@v2
+        with:
+          registry: ${{ inputs.docker_repo_path }}
+          username: ${{ steps.import-secrets.outputs.docker_registry_username }}
+          password: ${{ steps.import-secrets.outputs.docker_registry_password }}
+
+      - name: Install werf
+        uses: https://github.com/werf/actions/install@v1.2
+
+      - name: Setup debug if need
+        if: ${{ inputs.werf_debug }}
+        run: echo "WERF_LOG_DEBUG=true" >> "$GITHUB_ENV"
+
+      - name: Cleanup
+        run: werf cleanup
+        env:
+          WERF_REPO: ${{ inputs.docker_repo_path }}/${{ inputs.docker_images_path }}
+          WERF_KUBECONFIG_BASE64: ${{ steps.import-secrets.outputs.local_cluster_kube_config_base64 }}
+          NPM_AUTH_TOKEN: ${{ steps.import-secrets.outputs.NPM_AUTH_TOKEN }}

.gitea/workflows/yonote-node-pull-request-check-template.yml

@@ -0,0 +1,107 @@
+name: Pull request check
+on:
+  workflow_call:
+    inputs:
+      node-version:
+        description: "Set node version"
+        default: 20
+        type: string
+      yarn-commands:
+        description: "yarn-commands"
+        default: |-
+          yarn install
+          yarn test
+        type: string
+      notification_enabled:
+        description: "Включение оповещений о разворачивании, требуется иметь url для оповещений в vault"
+        default: false
+        required: false
+        type: boolean
+      custom_notification_hook_enabled:
+        description: "Использовать ли кастомный url хук для оповещений (должен лежать в vault секрете проекта)"
+        default: false
+        required: false
+        type: boolean
+      notification_channel:
+        description: "Канал для оповещений о результатах деплоя"
+        default: internal_projects_notifications
+        required: false
+        type: string
+      vault_secrets_base_path:
+        description: 'Базовый путь для секретов проекта в vault'
+        required: false
+        type: string
+      sonar_enabled:
+        default: false
+        required: false
+        type: boolean
+    secrets:
+      VAULT_ROLE_ID:
+        required: true
+      VAULT_SECRET_ID:
+        required: true
+
+env:
+  vault_main_base_path: dev/wilix/main/data/ci
+
+jobs:
+  check:
+    name: check and test
+    runs-on: ubuntu-latest
+    steps:
+      - uses: https://github.com/actions/checkout@v3
+      - name: Use Node.js ${{ inputs.node-version }}
+        uses: https://github.com/actions/setup-node@v3
+        with:
+          node-version: ${{ inputs.node-version }}
+      - run: ${{ inputs.yarn-commands }}
+
+      - name: Get general notification url
+        if: ${{ inputs.notification_enabled && ! inputs.custom_notification_hook_enabled && (job.status == 'success' || job.status == 'failure') }}
+        uses: https://github.com/hashicorp/vault-action@v2
+        with:
+          url: https://vault.wilix.dev
+          method: approle
+          roleId: ${{ secrets.VAULT_ROLE_ID }}
+          secretId: ${{ secrets.VAULT_SECRET_ID }}
+          secrets: |
+            ${{ env.vault_main_base_path }} notification_url | MATTERMOST_WEBHOOK_URL ;
+
+      - name: Get custom notification url
+        if: ${{ inputs.notification_enabled && inputs.custom_notification_hook_enabled && (job.status == 'success' || job.status == 'failure') }}
+        uses: https://github.com/hashicorp/vault-action@v2
+        with:
+          url: https://vault.wilix.dev
+          method: approle
+          roleId: ${{ secrets.VAULT_ROLE_ID }}
+          secretId: ${{ secrets.VAULT_SECRET_ID }}
+          secrets: |
+            ${{ inputs.vault_secrets_base_path }} notification_url | MATTERMOST_WEBHOOK_URL ;
+
+      - name: prepare failed notification body
+        if: ${{ inputs.notification_enabled && job.status == 'failure' }}
+        uses: https://github.com/finnp/create-file-action@master
+        env:
+          FILE_NAME: "mattermost.json"
+          FILE_DATA: |
+            {
+              "channel": "${{ inputs.notification_channel }}",
+              "attachments": [
+                {
+                  "fallback": "Проверка упала ${{ gitea.repository }}",
+                  "text": "@${{ gitea.actor }} упала тестовая сборка",
+                  "color": "#FF0000",
+                  "fields": [
+                    {
+                      "short": true,
+                      "title": "Сборка",
+                      "value": "https://git.wilix.dev/${{ gitea.repository }}/actions/runs/${{ gitea.run_id }}"
+                    }
+                  ]
+                }
+              ]
+            }
+
+      - name: loop fail notification
+        if: ${{ inputs.notification_enabled && job.status == 'failure' }}
+        uses: https://github.com/mattermost/action-mattermost-notify@1.1.0