Discuss with expertTry it for free
© 2026 Direct Cursus Technology L.L.C.

Configuring Workflows integrated with Yandex Tracker, Yandex Cloud AI Studio, and Yandex Cloud Postbox

Written by
Updated at June 18, 2026

Note

Workflows is at the Preview stage.

In this tutorial, you will create workflows in Yandex Workflows and configure their integration with Yandex Tracker, Yandex Cloud AI Studio, and Yandex Cloud Postbox.

Your workflows will receive information about the issues in a given Tracker queue and use YandexGPT Pro to analyze the work completed within these issues, their statuses, and evaluation. The results of the analysis and a brief progress report will be saved in a comment to one of the Tracker issues and also sent to the specified email address via Yandex Cloud Postbox.

To configure a workflow in Yandex Workflows:

  1. Get your cloud ready.
  2. Create a service account.
  3. Set up Tracker.
  4. Configure workflow access in Tracker.
  5. Create an address and verify domain ownership in Yandex Cloud Postbox.
  6. Create a Workflows workflow.
  7. Test the workflow.

If you no longer need the resources you created, delete them.

Getting started

  1. Log in to your Yandex account. If you do not have an account, create one.

  2. Sign up for Yandex Cloud and create a billing account:

    1. Navigate to the management console and log in to Yandex Cloud or create a new account.
    2. On the Yandex Cloud Billing page, make sure you have a billing account linked and it has the ACTIVE or TRIAL_ACTIVE status. If you do not have a billing account, create one and link a cloud to it.

    If you have an active billing account, you can create or select a folder for your infrastructure on the cloud page.

    Learn more about clouds and folders here.

  3. Install cURL, as you will need it to send a request for a Yandex ID application OAuth token.

The cost of support for the new infrastructure includes:

Create a service account

  1. In the management console, select the folder where you are going to create your workflows.
  2. Navigate to Identity and Access Management.
  3. Click Create service account, and in the window that opens:
    1. Name the service account: workflow-sa.
    2. Click Add role and select serverless.workflows.executor.
    3. Repeat the previous step to add the postbox.sender and ai.languageModels.user roles.
    4. Click Create.

Set up a queue and issues in Tracker

To make sure the workflows you create in this tutorial work properly, set up a queue in Yandex Tracker.

  1. If Yandex Tracker is not enabled in your organization, enable it.

  2. If you do not have a queue in Tracker yet, create one.

  3. Create 5–10 test issues in your queue that meet the following requirements:

    • The test issues must be created in one queue.
    • All test issues must have the product tag set in the Tags field.
    • All test issues must be evaluated in Story Points in the Story Points field.
    • Some of the test issues must be in the Closed status, and some, in the Open status.
    • Closed test issues must include comments on your work progress.

Configure access for workflow authentication in Tracker

To authenticate your workflow in Yandex Tracker, get a token of an OAuth application with read and write permissions for Tracker.

Create an OAuth application in Yandex ID

To create an OAuth application with read and write access permissions for Tracker:

  1. In your browser, go to the OAuth application creation page. On the page that opens:

    1. In the Service name field, enter the name of the OAuth application you are creating: My Tracker Workflow.

    2. Under Application platforms, select the Web services option and specify the redirect URI in the field that appears: https://oauth.yandex.com/verification_code.

    3. Under Data access, in the Access name field, enter tracker:read and select Read from tracker.

      The Read from tracker option will appear below, in the application access list.

      Similarly, add the tracker:write access (Write to tracker).

    4. Under Email for communication, specify your email address to send notifications about the new application.

    5. Click Create app.

On the new application's page, copy the ClientID and Client secret field values. You will need them in the next step to get an OAuth token.

Get the application's OAuth token

  1. Get the confirmation code. To do this, paste the following address into your browser address bar, replacing the client_id value with the one copied in the previous step:

    https://oauth.yandex.ru/authorize?response_type=code&client_id=<ClientID_value>

    Confirm granting your OAuth application access to Tracker.

    In the window that opens, copy and save the confirmation code you get. You will need this code to get an OAuth token.

  2. Get the application's OAuth token by running this command in the terminal:

    curl \
  --request POST \
  --header "Content-type: application/x-www-form-urlencoded" \
  --data "grant_type=authorization_code&code=<confirmation_code>&client_id=<ClientID_value>&client_secret=<Client_secret_value>" \
  https://oauth.yandex.ru/token

    Where:

    • code: Confirmation code you got in the previous step.
    • client_id: Your OAuth application's ClientID value you got earlier.
    • client_secret: Your OAuth application's Client secret value you got earlier.

    Result:

    {"access_token": "y0__wgBhMmiugUY4b40IJCda4YSeAfV5tAoPqy2tttkQsy********", "expires_in": 31536000, "refresh_token": "1:7WGrfpErRSTlkTJI:NGU-BJxhvhUdwDxDuez5ana4Befm63bXXhNpJFnbWDX1XJ_rJ3qh6DH_AItBhFJk********:ZZP-Pf0nxo4nil********", "token_type": "bearer"}%

    Store the value returned in the access_token field. This is the application's OAuth token the workflow will use to access Tracker.

Create a Yandex Lockbox secret

Create a Yandex Lockbox secret to store your OAuth token and assign access permissions for the new secret to the service account.

  1. In the management console, select the folder where you created the service account earlier.

  2. Navigate to Lockbox.

  3. Click Create secret, and in the window that opens:

    1. In the Name field, specify the secret name: tracker-oauth-token.
    2. In the Secret type field, select Custom.
    3. In the Key field, enter the secret key: oauth.
    4. In the Value field, specify the application OAuth token you got in the previous step.
    5. Click Create.

  4. Click the row with the new secret (tracker-oauth-token) and do the following in the window that opens:

    1. Copy and save the ID field value. You will need it later when creating the workflow specification.
    2. Go to the Access bindings tab and click Assign roles.
    3. In the search bar, enter the name of the service account created earlier (workflow-sa) and select the service account you found.
    4. Click Add role and select lockbox.payloadViewer.
    5. Click Save.

Create an address and verify domain ownership in Yandex Cloud Postbox

To enable the workflow to send emails, create a Yandex Cloud Postbox address and verify the ownership of the sending domain.

Create a Yandex Cloud Postbox address

  1. Generate a key to create a DKIM signature by running this command in the terminal:

    openssl genrsa -out privatekey.pem 2048

    The new key will be saved in the privatekey.pem file in the current directory.

  2. Create an address:

    1. In the management console, select the folder where you created the service account and secret.

    2. Navigate to Cloud Postbox.

    3. Click Create address.

    4. In the Domain field, specify the domain you will use to send emails, e.g., example.com.

      You can use a domain of any level. You must have permissions to add resource records to the public DNS zone of the specified domain to verify your domain ownership.

    5. In the Selector field, specify a selector, e.g., tracker_workflow.

      The name of the selector will be used to create a TXT resource record, so each selector you create must be unique within your domain.

    6. In the Private key field, copy the contents of the privatekey.pem file you created earlier.

    7. Click Create address.

    8. In the list of addresses that appears, select the new address and, under Signature verification on the page that opens, copy and save the Name and Value field values. You will need those to create a TXT resource record.

Verify your domain ownership

  1. In the public DNS zone of your domain, create a TXT resource record using the following values:

    • Record name: Name field value you copied in the previous step.

      In Yandex Cloud DNS, specify the name portion generated when creating the address (without specifying the domain) in <selector>._domainkey format, e.g., tracker_workflow._domainkey.

      For other DNS services, you may need to copy the entire record. The final record must look like this: <selector>._domainkey.<domain>., e.g., tracker_workflow._domainkey.example.com..

    • Record type: TXT.

    • Record value: Value field value you copied in the previous step.

      Note that the record value must be enclosed in quotes, such as follows:

      "v=DKIM1;h=sha256;k=rsa;p=M1B...aCA8"

    Note

    If your domain is delegated to Yandex Cloud DNS, create a resource record according to this guide. Otherwise, use your domain name registrar's personal account. If you have any questions, refer to the relevant documentation or contact the registrar's support service.

  2. Verify your domain ownership.

    1. In the management console, select the folder that contains the address you created.

    2. Go to Cloud Postbox and select the address.

    3. Click Run verification. If the TXT record is created correctly, the verification status on the address page will change to Success.

      DNS server responses are cached, so you may experience delays when updating the resource record.

Create a workflow

  1. Select the specification you will use to create your workflow. Both specifications use integrations with Yandex Tracker, Yandex Cloud AI Studio, and Yandex Cloud Postbox; however, they analyze the input data differently.

    Tip

    This guide describes how to create a workflow using the YaWL specification; however, you can also create and edit workflows using the constructor.

    tracker-yandexgpt-postbox-integrations-first-workflow

    The suggested workflow will analyze the Tracker issues in the specified queue, generate and publish a progress report for these issues:

    1. Analyzing issues with specified tag in a given Tracker queue:
      • Total number of issues.
      • Total sum of Story Points awarded to issues.
      • Number of closed issues.
      • Percentage ratio of the number of closed issues to the total number of issues.
      • Sum of Story Points awarded to closed issues.
      • Percentage ratio of the sum of Story Points awarded to closed issues to the total sum of Story Points awarded to all issues.
    2. Generating a report with the results of the analysis.
    3. Publishing a report in a comment to a specified Tracker issue, sending the report to a specified email address.

    Specification code:

    yawl: "0.1"
start: fetch_tickets
steps:
  fetch_tickets:
    tracker:
      organization:
        cloudOrganizationId: <organization_ID>
      oauthToken: '\(lockboxPayload("<secret_ID>"; "oauth"))'
      listIssues:
        filter:
          issueProperties:
            queue: <queue_key_in_Tracker>
            tags: "product"
      output: |-
        \({
          "sp_sum": [.[].storyPoints] | add,
          "closed_sp_sum": . | map(select(.status.key == "closed")) | map(.storyPoints) | add,
          "ticket_count": . | length,
          "closed_ticket_count": . | map(select(.status.key == "closed")) | length,
          "non_closed_ticket_texts": . | map(select(.status.key != "closed")) | map({
            "key": .key,
            "summary": .summary,
            "description": .description            
          })
        })
      next: summarize_texts
  summarize_texts:
    foundationModelsCall:
      next: create_report
      modelUrl: gpt://<folder_ID>/yandexgpt
      generate:
        maxTokens: 500
        temperature: 0.5
        messages:
          messages:
            - role: system
              text: "Next you will get names of unfinished Tracker issues and their descriptions. State as briefly as possible (no more than three sentences) what remains to be done"
            - role: user
              text: |-
                \("
                  \(.non_closed_ticket_texts | map(.summary + ": " + .description) | join(". "))
                ")
      output: |-
        \({
          "summary": .alternatives.[0].message.text
        })
  create_report:
    noOp:
      output: |-
        \({
        "report_text": "**Total amount of work:** \(.ticket_count) issue(s), \(.sp_sum) sp
        **Work completed:** \(.closed_ticket_count) (\(100 * .closed_ticket_count / .ticket_count | round)%) issue(s), \(.closed_sp_sum) (\(100 * .closed_sp_sum / .sp_sum | round)%) sp

        **Unfinished issues:**
          \(.non_closed_ticket_texts | map(.key) | join("\n"))

        **Summary of what remains:**
          \(.summary)
        ",
        "report_text_html": "<b>Total amount of work:</b> \(.ticket_count) issue(s), \(.sp_sum) sp<br>
        <b>Work completed:</b> \(.closed_ticket_count) (\(100 * .closed_ticket_count / .ticket_count | round)%) issue(s), \(.closed_sp_sum) (\(100 * .closed_sp_sum / .sp_sum | round)%) sp<br>
        <br>
        <b>Unfinished issues:</b><br>
          \(.non_closed_ticket_texts | map("<a href=https://tracker.yandex.ru/" + .key + ">" + .key + "</a>") | join("<br>"))<br>
        <br>
        <b>Summary of what remains:</b><br>
          \(.summary | gsub("\\n"; "<br>"))
        "})
      next: deliver_report
  deliver_report:
    parallel:
      branches:
        tracker:
          start: write_report_to_tracker
          steps:
            write_report_to_tracker:
              tracker:
                organization:
                  cloudOrganizationId: <organization_ID>
                oauthToken: '\(lockboxPayload("<secret_ID>"; "oauth"))'
                createComment:
                  key: <issue_key_with_report>
                  text: \(.report_text)
        postbox:
          start: send_report_via_postbox
          steps:
            send_report_via_postbox:
              postbox:
                simple:
                  subject:
                    data: "Dev progress report"
                    charset: UTF_8
                  body:
                    text:
                      data: \(.report_text)
                      charset: UTF_8
                    html:
                      data: \("<p>\(.report_text_html)</p>")
                      charset: UTF_8
                fromAddress: tracker-robot@<your_domain>
                destination:
                  toAddresses: <recipient_address>

    Where:

    • <organization_ID>: ID of your Yandex Identity Hub.
    • <secret_ID>: Previously saved secret ID with the application's OAuth token.
    • <queue_key_in_Tracker>: Key of the Tracker queue where you created the test issues.
    • <folder_ID>: ID of the folder where you are creating a workflow.
    • <issue_key_with_report>: Key of the Tracker issue in the comment to which the summary of the analyzed test issues will be uploaded.
    • <your_domain>: Domain you specified when creating the Yandex Cloud Postbox address. For the sender address (fromAddress), you can specify any address on this domain, e.g., tracker-robot@example.com or noreply@example.com.
    • <recipient_address>: Email address to which the workflow will send a summary of the analyzed Tracker test issues.

    A workflow comprises the following steps: fetch_tickets, summarize_texts, send_report_via_postbox, and write_report_to_tracker.

    Tip

    This guide describes how to create a workflow using the YaWL specification; however, you can also create and edit workflows using the constructor.

    tracker-yandexgpt-postbox-integrations-second-workflow

    The suggested workflow will analyze closed Tracker issues for the last week, generate and publish a progress report for these issues:

    1. Analysis of issues closed over the past week:
      • Uploading comments to issues.
      • Analysis and summation of comments for each closed issue.
    2. Generating a report summarizing the work done for each closed issue.
    3. Publishing the report in a comment to a specified Tracker issue, sending the report to a specified email address.

    Specification code:

    yawl: "0.1"
start: fetch_tickets
steps:
  fetch_tickets:
    tracker:
      organization:
        cloudOrganizationId: <organization_ID>
      oauthToken: '\(lockboxPayload("<secret_ID>"; "oauth"))'
      listIssues:
        query: 'Status: changed(to: Closed date: >now()-2w)'
      output: |-
        \({
          "closed_tickets": . | map({"ticket_key": .key})
        })
      next: fetch_comments_fe
  fetch_comments_fe:
    foreach:
      input: \(.closed_tickets)
      do:
        start: fetch_comments
        steps:
          fetch_comments:
            tracker:
              organization:
                cloudOrganizationId: <organization_ID>
              oauthToken: '\(lockboxPayload("<secret_ID>"; "oauth"))'
              listComments:
                key: \(.ticket_key)
              output: |-
                \({
                  "comments": .
                })
      output: |-
        \({
          "comment_text": map(.comments[].text) | join("\n")
        })
      next: summarize_texts
  summarize_texts:
    foundationModelsCall:
      modelUrl: gpt://<folder_ID>/yandexgpt
      generate:
        maxTokens: 500
        temperature: 0.5
        messages:
          messages:
            - role: system
              text: "Next you will get comments of completed issues in Tracker. State as briefly as possible (no more than three sentences) what work has been done."
            - role: user
              text: \(.comment_text)
      output: |-
        \({
          "summary": .alternatives.[0].message.text
        })
      next: create_report
  create_report:
    noOp:
      output: |-
        \({
          "report_text": "
            Completed issues:
              \(.closed_tickets | map(.ticket_key) | join("\n"))
            Summary of closed issues:
              \(.summary)
          ",
          "report_text_html": "
            Completed issues:<br>
              \(.closed_tickets | map("<a href=https://tracker.yandex.ru/" + .ticket_key + ">" + .ticket_key + "</a>") | join("<br>"))<br>

            <br>
            Summary of closed issues:<br>
              \(.summary | gsub("\\n"; "<br>")))
          "
        })
      next: deliver_report
  deliver_report:
    parallel:
      branches:
        tracker:
          start: write_report_to_tracker
          steps:
            write_report_to_tracker:
              tracker:
                organization:
                  cloudOrganizationId: <organization_ID>
                oauthToken: '\(lockboxPayload("<secret_ID>"; "oauth"))'
                createComment:
                  key: <issue_key_with_report>
                  text: \(.report_text)
        postbox:
          start: send_report_via_postbox
          steps:
            send_report_via_postbox:
              postbox:
                simple:
                  subject:
                    data: "Dev progress report (closed issues)"
                    charset: UTF_8
                  body:
                    text:
                      data: \(.report_text)
                      charset: UTF_8
                    html:
                      data: \("<p>\(.report_text_html)</p>")
                      charset: UTF_8
                fromAddress: tracker-robot@<your_domain>
                destination:
                  toAddresses: <recipient_address>

    Where:

    • <organization_ID>: ID of your Yandex Identity Hub.
    • <secret_ID>: Previously saved secret ID with the application's OAuth token.
    • <folder_ID>: ID of the folder where you are creating a workflow.
    • <issue_key_with_report>: Key of the Tracker issue in the comment to which the summary of the analyzed test issues will be uploaded.
    • <your_domain>: Domain you specified when creating the Yandex Cloud Postbox address. For the sender address (fromAddress) you can specify any address on this domain, e.g., tracker-robot@example.com or noreply@example.com.
    • <recipient_address>: Email address to which the workflow will send a summary of the analyzed Tracker test issues.

    A workflow comprises the following steps: fetch_tickets, fetch_comments, summarize_texts, send_report_via_postbox, and write_report_to_tracker.

  2. Create a workflow using the selected specification:

    1. In the management console, select the folder containing the previously created resources: service account, secret, and Yandex Cloud Postbox address.

    2. Navigate to Serverless Integrations.

    3. In the left-hand panel, select Workflows.

    4. In the top-right corner, click Create workflow and in the window that opens:

      1. In the YaML specification field, add the previously selected specification.
      2. Expand Additional parameters.
      3. In the Name field, enter the workflow name: my-tracker-workflow.
      4. In the Service account field, select the workflow-sa service account you previously created.

    5. Click Create.

Test the workflow

Make sure the workflow is running successfully.

  1. In the management console, select the folder with the workflow you created.

  2. Navigate to Serverless Integrations.

  3. In the left-hand panel, select Workflows.

  4. Click next to my-tracker-workflow and select Execute.

  5. In the window that opens, click Start. The workflow will run and may take a few minutes to complete.

  6. Navigate to the Timeline tab.

    Make sure all workflow steps are completed successfully. Each successful step will be marked by a green box with the icon in the relevant line of the time scale.

    If there is an error at any of the steps, a red box with the icon will be displayed in the relevant line of the time scale. Click this box to view the error details.

As a result of the workflow, a comment with a summary of the analyzed test issues will be added to the Tracker issue named in the specification. This summary will also be sent to the email address given in the specification.

How to delete the resources you created

To stop paying for the resources you created:

  1. Delete the workflow:

    1. In the management console, select the folder containing the created resources.
    2. Navigate to Serverless Integrations.
    3. In the left-hand panel, select Workflows.
    4. Click next to my-tracker-workflow and select Delete.
    5. Confirm the deletion.

  2. Delete the secret.

  3. Delete the Tracker issues and queue.

  4. Optionally, delete the Yandex Cloud Postbox address:

    1. In the management console, select the folder with the Yandex Cloud Postbox address.
    2. Navigate to Cloud Postbox.
    3. In the row with the Yandex Cloud Postbox address, click and select Delete.
    4. Confirm the deletion.
Previous
Scheduled image and PDF recognition in an Object Storage bucket
Next
Monitoring the status of geographically distributed devices