Configuring a Workflows workflow integrated with Yandex Tracker, YandexGPT API, and Yandex Cloud Postbox
Note
Workflows is at the Preview stage. To gain access, submit a request
In this tutorial, you will create Yandex Workflows workflows and configure their integration with Yandex Tracker
Your workflows will receive information about the issues in the specified Tracker queue
To configure a Workflows workflow:
- Get your cloud ready.
- Create a service account.
- Prepare Tracker.
- Configure workflow access in Tracker.
- Create an address and pass a domain rights check in Yandex Cloud Postbox.
- Create a Workflows workflow.
- Test the workflow.
If you no longer need the resources you created, delete them.
Getting started
-
Log in
to your Yandex account. If you do not have an account, create one. -
Sign up for Yandex Cloud and create a billing account:
- Go to the management console
and log in to Yandex Cloud or register a new account. - On the Yandex Cloud Billing
page, make sure you have a billing account linked and it has theACTIVE
orTRIAL_ACTIVE
status. If you do not have a billing account, create one and link a cloud to it.
If you have an active billing account, you can go to the cloud page
to create or select a folder for your infrastructure to operate in. - Go to the management console
-
Install cURL
: you will need it to send a request for an OAuth token for the Yandex ID application.
Required paid resources
The cost of the web service infrastructure support includes:
- Fee for storing the secret and requests to the secret (see Yandex Lockbox pricing).
- Fee for using YandexGPT API (see Yandex Foundation Models pricing).
- Fee for using Yandex Tracker (see Tracker pricing
). - Fee for using Yandex Cloud Postbox (see Yandex Cloud Postbox pricing).
Create a service account
- In the management console
, select the folder you will be creating your workflows in. - From the list of services, select Identity and Access Management.
- Click Create service account, and in the window that opens:
- Enter a name for the service account:
workflow-sa
. - Click
Add role and select theserverless.workflows.executor
role. - Repeat the previous step to add the
postbox.sender
andai.languageModels.user
roles. - Click Create.
- Enter a name for the service account:
Prepare your queue and issues in Tracker
For the workflows you are creating in this tutorial to work correctly, configure your queue in Yandex Tracker.
-
If your organization does not have Yandex Tracker connected, connect
it. -
If you do not have a queue in Tracker yet, create
one. -
Create
5-10 test issues in your queue meeting the following requirements:- The test issues must be created in one queue.
- All test issues must have the
product
tag set in the Tags field. - All test issues must be evaluated in Story Points
in the Story Points field. - Some of the test issues should be in
Closed
status , and some inOpen
status. - Comments about your progress on closed test issues must be added
to these issues.
Configure access for workflow authentication in Tracker
To authenticate your workflow in Yandex Tracker, get a token of an OAuth application
Create an OAuth application in Yandex ID
To create an OAuth application with read and write access rights to Tracker:
- In your browser, go to the OAuth application creation page
. On the page that opens:-
In the Service name field, enter the name of the OAuth application you are creating:
My Tracker Workflow
. -
Under Application platforms, select the Web services option and specify Redirect URI in the field that appears:
https://oauth.yandex.com/verification_code
. -
Under Data access, in the Access name field, enter
tracker:read
and select theRead from tracker
access.The
Read from tracker
access will appear below in the list of application accesses.Similarly, add the
tracker:write
access (Write to tracker
). -
Under Email for communication, specify your email address to send notifications about the new application.
-
Click Create app.
-
On the new application's page, copy the ClientID and Client secret field values. You will need them in the next step to get an OAuth token.
Get the application's OAuth token
-
Get
the confirmation code. To do this, paste the following address into your browser address bar with the value you copied in the previous step asclient_id
:https://oauth.yandex.ru/authorize?response_type=code&client_id=<ClientID_value>
Confirm granting your OAuth application access to Tracker.
In the window that opens, copy and save the confirmation code you get. You will need this code to get an OAuth token.
-
Get the application's OAuth token by running this command in the terminal:
curl \ --request POST \ --header "Content-type: application/x-www-form-urlencoded" \ --data "grant_type=authorization_code&code=<confirmation_code>&client_id=<ClientID_value>&client_secret=<Client_secret_value>" \ https://oauth.yandex.ru/token
Where:
code
: Confirmation code you got in the previous step.client_id
: Your OAuth application's ClientID value you got earlier.client_secret
: Your OAuth application's Client secret value you got earlier.
Result:
{"access_token": "y0__wgBhMmiugUY4b40IJCda4YSeAfV5tAoPqy2tttkQsy********", "expires_in": 31536000, "refresh_token": "1:7WGrfpErRSTlkTJI:NGU-BJxhvhUdwDxDuez5ana4Befm63bXXhNpJFnbWDX1XJ_rJ3qh6DH_AItBhFJk********:ZZP-Pf0nxo4nil********", "token_type": "bearer"}%
Save the resulting
access_token
field value. This is the application's OAuth token the workflow will need to access Tracker.
Create a Yandex Lockbox secret
Create a Yandex Lockbox secret to store your OAuth token and assign the service account access permissions for the new secret.
-
In the management console
, select the folder you created the service account in earlier. -
From the list of services, select Lockbox.
-
Click Create secret, and in the window that opens:
- In the Name field, specify the secret name:
tracker-oauth-token
. - In the Secret type field, select
Custom
. - Under Version:
- In the Key field, enter the secret key:
oauth
. - In the Value field, specify the application OAuth token you got in the previous step.
- In the Key field, enter the secret key:
- Click Create.
- In the Name field, specify the secret name:
-
Click the line with the new secret (
tracker-oauth-token
) and do the following in the window that opens:- Copy and save the ID field value. You will need it later when creating the workflow specification.
- Go to the
Access bindings tab and click Assign bindings. - In the search bar, enter the name of the service account created earlier (
workflow-sa
) and select the service account you found. - Click
Add role and select thelockbox.payloadViewer
role. - Click Save.
Create an address and pass a domain rights check in Yandex Cloud Postbox
For the workflow to be able to send emails, create a Yandex Cloud Postbox address and confirm the ownership of the domain the emails will be sent from.
Create a Yandex Cloud Postbox address
-
Generate a key to create a DKIM signature by running this command in the terminal:
openssl genrsa -out privatekey.pem 2048
The new key will be saved in the
privatekey.pem
file in the current directory. -
Create an address:
Management console-
In the management console
, select the folder you used to create the service account and secret in. -
From the list of services, select Cloud Postbox.
-
Click Create address.
-
In the Domain field, specify the domain to send emails from. e.g.,
example.com
.The domain can be of any level. You must have permissions to add resource records to the public DNS zone of the specified domain. This is required to confirm your right to use it.
-
In the Selector field, specify a selector, e.g.,
tracker_workflow
.The name of the selector will be used to create a TXT resource record, so each selector you create must be unique within your domain.
-
In the Private key field, copy the contents of the
privatekey.pem
private key file you created earlier. -
Click Create address.
-
In the list of addresses that appears, select the created address and, under Signature verification on the page that opens, copy and save the values of the Name and Value fields. You will need these to create a TXT resource record.
-
Pass a domain rights check
-
In the public DNS zone of your domain, create a TXT resource record using the following values:
-
Record name: Name field value you copied in the previous step.
In Yandex Cloud DNS, specify the name portion generated when creating the address (without specifying the domain) in
<selector>._domainkey
format, e.g.,tracker_workflow._domainkey
.For other DNS services, you may need to copy the entire record. The final record must look like this:
<selector>._domainkey.<domain>.
, e.g.,tracker_workflow._domainkey.example.com.
. -
Record type:
TXT
. -
Record value: Value field value you copied in the previous step.
Note that the record value must be enclosed in quotes, for example:
"v=DKIM1;h=sha256;k=rsa;p=M1B...aCA8"
Note
If your domain is delegated to Yandex Cloud DNS, use this guide to create a resource record. In other cases, use your domain name registrar's personal account page. If you have any questions, refer to the relevant documentation or contact the registrar's support service.
-
-
Run a domain rights check.
Management console-
In the management console
, select the folder the new address is in. -
In the list of services, select Cloud Postbox and select the required address.
-
Click Verify address. If the TXT record is created correctly, the verification status on the address page will change to
Success
.DNS server responses are cached, so delays may occur when updating a resource record.
-
Create a Workflows workflow
-
Select the specification you will use to create your workflow. Both the above specifications use integrations with Yandex Tracker, YandexGPT API, and Yandex Cloud Postbox; however, they analyze the input data differently.
Option 1Option 2The suggested workflow will analyze the Tracker issues in the specified queue, generate and publish a progress report for these issues:
- Analyzing issues with specified tag in a given Tracker queue:
- Total number of issues.
- Total sum of Story Points
awarded to issues. - Number of closed issues.
- Percentage ratio of the number of closed issues to the total number of issues.
- Sum of
Story Points
awarded to closed issues. - Percentage ratio of the sum of
Story Points
awarded to closed issues to the total sum ofStory Points
awarded to all issues.
- Generating a report with the results of the analysis.
- Publishing a report in a comment to a specified Tracker issue, sending the report to a specified email address.
Specification code:
yawl: "0.1" start: fetch_tickets steps: fetch_tickets: tracker: organization: cloudOrganizationId: <organization_ID> oauthToken: '\(lockboxPayload("<secret_ID>"; "oauth"))' listIssues: filter: issueProperties: queue: <queue_key_in_Tracker> tags: "product" output: |- \({ "sp_sum": [.[].storyPoints] | add, "closed_sp_sum": . | map(select(.status.key == "closed")) | map(.storyPoints) | add, "ticket_count": . | length, "closed_ticket_count": . | map(select(.status.key == "closed")) | length, "non_closed_ticket_texts": . | map(select(.status.key != "closed")) | map({ "key": .key, "summary": .summary, "description": .description }) }) next: summarize_texts summarize_texts: foundationModelsCall: next: create_report modelUrl: gpt://<folder_ID>/yandexgpt generate: maxTokens: 500 temperature: 0.5 messages: messages: - role: system text: "Next you will be given names of unfinished issues in Tracker and their descriptions. State as briefly as possible (no more than three sentences) what remains to be done" - role: user text: |- \(" \(.non_closed_ticket_texts | map(.summary + ": " + .description) | join(". ")) ") output: |- \({ "summary": .alternatives.[0].message.text }) create_report: noOp: output: |- \({ "report_text": "**Total amount of work:** \(.ticket_count) issue(s), \(.sp_sum) sp **Work completed:** \(.closed_ticket_count) (\(100 * .closed_ticket_count / .ticket_count | round)%) issue(s), \(.closed_sp_sum) (\(100 * .closed_sp_sum / .sp_sum | round)%) sp **Unfinished issues:** \(.non_closed_ticket_texts | map(.key) | join("\n")) **Summary of what remains:** \(.summary) ", "report_text_html": "<b>Total amount of work:</b> \(.ticket_count) issue(s), \(.sp_sum) sp<br> <b>Work completed:</b> \(.closed_ticket_count) (\(100 * .closed_ticket_count / .ticket_count | round)%) issue(s), \(.closed_sp_sum) (\(100 * .closed_sp_sum / .sp_sum | round)%) sp<br> <br> <b>Unfinished issues:</b><br> \(.non_closed_ticket_texts | map("<a href=https://tracker.yandex.ru/" + .key + ">" + .key + "</a>") | join("<br>"))<br> <br> <b>Summary of what remains:</b><br> \(.summary | gsub("\\n"; "<br>")) "}) next: deliver_report deliver_report: parallel: branches: tracker: start: write_report_to_tracker steps: write_report_to_tracker: tracker: organization: cloudOrganizationId: <organization_ID> oauthToken: '\(lockboxPayload("<secret_ID>"; "oauth"))' createComment: key: <issue_key_with_report> text: \(.report_text) postbox: start: send_report_via_postbox steps: send_report_via_postbox: postbox: simple: subject: data: "Dev progress report" charset: UTF_8 body: text: data: \(.report_text) charset: UTF_8 html: data: \("<p>\(.report_text_html)</p>") charset: UTF_8 fromAddress: tracker-robot@<your_domain> destination: toAddresses: <recipient_address>
Where:
<organization_ID>
: ID of your Yandex Cloud Organization.<secret_ID>
: Previously saved secret ID with the application's OAuth token.<queue_key_in_Tracker>
: Key of the Tracker queue you created the test issues in.<folder_ID>
: ID of the folder you are creating a workflow in.<issue_key_with_report>
: Key of the Tracker issue in the comment to which the summary of the analyzed test issues will be uploaded.<your_domain>
: Domain you specified when creating the Yandex Cloud Postbox address. For the sender address (fromAddress
) you can specify any address on this domain. Example:tracker-robot@example.com
ornoreply@example.com
.<recipient_address>
: Email address the workflow will send an email to with a summary of the analyzed Tracker test issues.
A workflow comprises the following steps:
fetch_tickets
,summarize_texts
,send_report_via_postbox
, andwrite_report_to_tracker
.The suggested workflow will analyze closed Tracker issues for the last week, generate and publish a progress report for these issues:
- Analysis of issues closed over the past week:
- Uploading comments to issues.
- Analysis and summation of comments for each closed issue.
- Generating a report summarizing the work done for each closed issue.
- Publishing the report in a comment to a specified Tracker issue, sending the report to a specified email address.
Specification code:
yawl: "0.1" start: fetch_tickets steps: fetch_tickets: tracker: organization: cloudOrganizationId: <organization_ID> oauthToken: '\(lockboxPayload("<secret_ID>"; "oauth"))' listIssues: query: 'Status: changed(to: Closed date: >now()-2w)' output: |- \({ "closed_tickets": . | map({"ticket_key": .key}) }) next: fetch_comments_fe fetch_comments_fe: foreach: input: \(.closed_tickets) do: start: fetch_comments steps: fetch_comments: tracker: organization: cloudOrganizationId: <organization_ID> oauthToken: '\(lockboxPayload("<secret_ID>"; "oauth"))' listComments: key: \(.ticket_key) output: |- \({ "comments": . }) output: |- \({ "comment_text": map(.comments[].text) | join("\n") }) next: summarize_texts summarize_texts: foundationModelsCall: modelUrl: gpt://<folder_ID>/yandexgpt generate: maxTokens: 500 temperature: 0.5 messages: messages: - role: system text: "Next you will be given comments of completed issues in Tracker. State as briefly as possible (no more than three sentences) what work has been done." - role: user text: \(.comment_text) output: |- \({ "summary": .alternatives.[0].message.text }) next: create_report create_report: noOp: output: |- \({ "report_text": " Completed issues: \(.closed_tickets | map(.ticket_key) | join("\n")) Summary of closed issues: \(.summary) ", "report_text_html": " Completed issues:<br> \(.closed_tickets | map("<a href=https://tracker.yandex.ru/" + .ticket_key + ">" + .ticket_key + "</a>") | join("<br>"))<br> <br> Summary of closed issues:<br> \(.summary | gsub("\\n"; "<br>"))) " }) next: deliver_report deliver_report: parallel: branches: tracker: start: write_report_to_tracker steps: write_report_to_tracker: tracker: organization: cloudOrganizationId: <organization_ID> oauthToken: '\(lockboxPayload("<secret_ID>"; "oauth"))' createComment: key: <issue_key_with_report> text: \(.report_text) postbox: start: send_report_via_postbox steps: send_report_via_postbox: postbox: simple: subject: data: "Dev progress report (closed issues)" charset: UTF_8 body: text: data: \(.report_text) charset: UTF_8 html: data: \("<p>\(.report_text_html)</p>") charset: UTF_8 fromAddress: tracker-robot@<your_domain> destination: toAddresses: <recipient_address>
Where:
<organization_ID>
: ID of your Yandex Cloud Organization.<secret_ID>
: Previously saved secret ID with the application's OAuth token.<folder_ID>
: ID of the folder you are creating a workflow in.<issue_key_with_report>
: Key of the Tracker issue in the comment to which the summary of the analyzed test issues will be uploaded.<your_domain>
: Domain you specified when creating the Yandex Cloud Postbox address. For the sender address (fromAddress
) you can specify any address on this domain. Example:tracker-robot@example.com
ornoreply@example.com
.<recipient_address>
: Email address to which the workflow will send a summary of the analyzed Tracker test issues.
A workflow comprises the following steps:
fetch_tickets
,fetch_comments
,summarize_texts
,send_report_via_postbox
, andwrite_report_to_tracker
. - Analyzing issues with specified tag in a given Tracker queue:
-
Create a Workflows workflow using the selected specification:
Management console-
In the management console
, select the folder containing the previously created resources: service account, secret, and Yandex Cloud Postbox address. -
From the list of services, select Serverless Integrations.
-
In the left-hand panel, select
Workflows. -
In the top-right corner, click Create workflow and do the following in the window that opens:
- In the YaML specification field, add the previously selected specification.
- Expand the Additional parameters section.
- In the Name field, enter the workflow name:
my-tracker-workflow
. - In the Service account field, select the previously created service account named
workflow-sa
.
-
Click Create.
-
Test your workflow
Make sure the Workflows workflow is being executed.
-
In the management console
, select the folder the new Workflows workflow is in. -
From the list of services, select Serverless Integrations.
-
In the left-hand panel, select
Workflows. -
Click
next tomy-tracker-workflow
and select Execute. -
In the window that opens, click Start. The previously created workflow will be launched; it may take a few minutes to complete.
-
Navigate to the
Timeline tab.Make sure all workflow steps are completed successfully. Each successful step will be marked by a green box with the
icon in the relevant line of the time scale.If there is an error at any of the steps, a red box with the
icon will be displayed in the relevant line of the time scale. Click this box to view the details about the error.
As a result of the workflow, a comment with a summary of the analyzed test issues will be added to the Tracker issue named in the specification. This summary will also be backed up with an email to the address given in the specification.
How to delete the resources you created
To stop paying for the resources you created:
-
Delete your workflow:
Management console- In the management console
, select the folder the created resources are located in. - From the list of services, select Serverless Integrations.
- In the left-hand panel, select
Workflows. - Click
next tomy-tracker-workflow
and select Delete. - Confirm the deletion.
- In the management console
-
Delete the Yandex Cloud Postbox address if you need to:
Management console- In the management console
, select the folder the Yandex Cloud Postbox address is in. - From the list of services, select Cloud Postbox.
- In the row with the Yandex Cloud Postbox address, click
and select Delete. - Confirm the deletion.
- In the management console