From edc3c8a18d1f04ebd29472cf5d831af14cc06772 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marc=20Busqu=C3=A9?= <marc@lamarciana.com>
Date: Thu, 9 Feb 2023 15:39:36 +0100
Subject: [PATCH] Remove Slack notifications for CI failures

We were storing the Slack secrets on a CircleCI context [1]. Although we
were also passing them to forks [2], it resulted on unauthorized builds
for external contributions.

We could work around the issue in two ways:

- Having the secrets outside of any context, but that would compromise
 the security of the associated Slack channel for:
  - Send messages as @CircleCI notifications
  - Send messages to channels @CircleCI notifications isn't a member of
  - Upload, edit, and delete files as CircleCI notifications
- Using CircleCI logic statements [3] to conditionally run jobs when
`CIRCLECI_USERNAME` or `CIRCLE_PR_USERNAME` env vars [4] are in a list
of allowed users. However, that would be something difficult to
maintain, and there's no other way to check the user's role.

Given that we don't find those trade-offs to be acceptable, we remove
the integration for now.

[1] - https://circleci.com/docs/contexts/
[2] - https://circleci.com/docs/oss/#pass-secrets-to-builds-from-forked-pull-requests
[3] - https://circleci.com/docs/configuration-reference/#logic-statements
[4] - https://circleci.com/docs/variables/
---
 .circleci/config.yml | 23 ++++-------------------
 1 file changed, 4 insertions(+), 19 deletions(-)

diff --git a/.circleci/config.yml b/.circleci/config.yml
index c8919c9..12bb10e 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -6,35 +6,22 @@ orbs:
   # to change this configuration every time a Solidus version is released
   # or goes EOL.
   solidusio_extensions: solidusio/extensions@volatile
-  slack: circleci/slack@4.9.3
-
-commands:
-  notify:
-      steps:
-        - slack/notify:
-            event: fail
-            template: basic_fail_1
-            branch_pattern: master
 
 jobs:
   run-specs-with-postgres:
     executor: solidusio_extensions/postgres
     steps:
       - solidusio_extensions/run-tests
-      - notify
   run-specs-with-mysql:
     executor: solidusio_extensions/mysql
     steps:
       - solidusio_extensions/run-tests
-      - notify
 
 workflows:
   "Run specs on supported Solidus versions":
     jobs:
-      - run-specs-with-postgres:
-          context: slack-secrets
-      - run-specs-with-mysql:
-          context: slack-secrets
+      - run-specs-with-postgres
+      - run-specs-with-mysql
   "Weekly run specs against master":
     triggers:
       - schedule:
@@ -44,7 +31,5 @@ workflows:
               only:
                 - master
     jobs:
-      - run-specs-with-postgres:
-          context: slack-secrets
-      - run-specs-with-mysql:
-          context: slack-secrets
+      - run-specs-with-postgres
+      - run-specs-with-mysql