Steps and actions are the building blocks of workflows in Keep Workflow Engine. While they share a similar structure and syntax, the difference between steps and actions is mostly semantic:
- Steps: Focused on querying data or triggering fetch-like operations from providers (e.g., querying databases, fetching logs, or retrieving information).
- Actions: Geared toward notifying or triggering outcomes, such as sending notifications, updating tickets, or invoking external services.
Together, steps and actions allow workflows to both gather the necessary data and act upon it.
General Structure
Both steps and actions are defined using a similar schema:
Steps
Used for querying or fetching data.
Step uses the _query method of each provider.
steps:
- name: <step-name>
provider:
type: <provider-type>
config: <provider-config>
with:
<provider-specific-parameters>
Actions
Used for notifications or triggering effects.
Action uses the _notify method of each provider.
actions:
- name: <action-name>
provider:
type: <provider-type>
config: <provider-config>
with:
<provider-specific-parameters>
Examples
Fetch data from a MySQL database
steps:
- name: get-user-data
provider:
type: mysql
config: "{{ providers.mysql-prod }}"
with:
query: "SELECT * FROM users WHERE id = 1"
single_row: true
Retrieve logs from Datadog
steps:
- name: get-service-logs
provider:
type: datadog
config: "{{ providers.datadog }}"
with:
query: "service:keep and @error"
timeframe: "1h"
Query Kubernetes for running pods
steps:
- name: get-pods
provider:
type: k8s
config: "{{ providers.k8s-cluster }}"
with:
command_type: get_pods
Send an email
actions:
- name: send-email
provider:
type: email
config: "{{ providers.email }}"
with:
to: "[email protected]"
subject: "Account Updated"
body: "Your account details have been updated."
Send a Slack Message
actions:
- name: notify-slack
provider:
type: slack
config: "{{ providers.slack-demo }}"
with:
message: "Critical alert received!"
Create a ticket in ServiceNow
actions:
- name: create-servicenow-ticket
provider:
type: servicenow
config: "{{ providers.servicenow }}"
with:
table_name: INCIDENT
payload:
short_description: "New incident created by Keep"
description: "Please investigate the issue."
Combining Steps and Actions
A workflow typically combines steps (for querying data) with actions (for notifications or outcomes).
Here’s few examples:
Query and Notify
workflow:
id: query-and-notify
description: "Query a database and notify via Slack"
steps:
- name: get-user-data
provider:
type: mysql
config: "{{ providers.mysql-prod }}"
with:
query: "SELECT email FROM users WHERE id = 1"
single_row: true
actions:
- name: send-notification
provider:
type: slack
config: "{{ providers.slack-demo }}"
with:
message: "User email: {{ steps.get-user-data.results.email }}"
Alert and Incident Management
workflow:
id: alert-management
description: "Handle alerts and create incidents"
steps:
- name: get-alert-details
provider:
type: datadog
config: "{{ providers.datadog }}"
with:
query: "service:keep and @alert"
timeframe: "1h"
actions:
- name: create-incident
provider:
type: servicenow
config: "{{ providers.servicenow }}"
with:
table_name: INCIDENT
payload:
short_description: "Alert from Datadog: {{ steps.get-alert-details.results.alert_name }}"
description: "Details: {{ steps.get-alert-details.results.alert_description }}"
Error Handling and Retries
Both steps and actions support error handling to ensure workflows can recover from failures.
steps:
- name: fetch-data
provider:
type: http
with:
url: "https://api.example.com/data"
on-failure:
retry:
count: 3
# Retry every 5 seconds
interval: 5
