I wanted to play around with Amazon Lambda, Slack, and the libraries.io API. This was an excellent chance to combine all 3.
What it does
Health Check for Github Libraries - Identify strengths and weaknesses of public Github libraries without leaving Slack. Pulls information about any Public Github library linked in Slack from the Github API / Libraries.io API, and posts an overview of the data in
How I built it
I started by typing into the Lambda console directly in the browser, and got a basic slack bot working, but soon needed to include npm libraries, and wanted better version control. Claudia.js provides all these things so I adapted the code to run in that framework (although not using the claudia-bot-builder library as it didn't seem to support the Slack Events API).
The bot itself runs on AWS Lambda, the OAuth authentication works using API Gateway & redirects, the tokens are stored in DynamoDB and even the website is a static website hosted on S3, so there are no EC2 servers required at all for any step of the process!
Challenges I ran into
Slack has a lot of documentation (which is good), but there are so many different APIs and methods of integrating that it took me a long time to figure out exactly which flow & APIs were needed to get the flow I wanted.
It was difficult to get Lambda to respond to Slack's message within their 3 second deadline, and continue processing. In the end, I work around this limitation by calling a second lambda function from the first function so that the first function could return immediately, and the second function could continue to process in the background. (https://claudiajs.com/tutorials/slack-delayed-responses.html)
Accomplishments that I'm proud of
There are lots of tests (at least for the testable parts!)
What I learned
How to use AWS Lambda & integrate into Slack.
What's next for Repo Info
There's a lot of features I'd like to add:
- Package managers this repo is release on (eg. "available on npm, bower")
- Release Frequency
- Number of regular contributors (Bus count)
- Number of Transitive dependencies (how big is the dependency tree?)
- Issues / Pull requests closed / opened recently
- Transitive licensing issues?
- Github badges / shields: eg. Travis' "Build passing" or the "Dependencies up-to-date" etc. Just scrape the readme for these?
- Security issues? Known bad versions of dependencies? nodesecurity
- Avg. time to fix when a vulnerability becomes known?
- Score each area and colour it red/green in the Slack window with formatting
- Code-Climate score?
- Overall health rating? Some function of the above fields.
- A graph of health-ratings? A bad "red" dependency colours the tree that depends on it?
- "Star on Github" button
- Test coverage (integrate with travis?)
- Change colour of attachment sidebar by sending "color: #ff0000" in chat.postMessage. Red / orange / green for repo health.