Deploy road-registry to stg: 4.38.10 #257
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: 3. Deploy | |
| run-name: 'Deploy road-registry to ${{ github.event.inputs.environment }}: ${{ github.event.inputs.version }}' | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| environment: | |
| type: choice | |
| description: Select the environment | |
| options: | |
| - tst | |
| - stg | |
| - prd | |
| required: true | |
| version: | |
| description: Version | |
| required: true | |
| jobs: | |
| deploy_start_slack: | |
| if: github.repository_owner == 'Informatievlaanderen' | |
| name: Deploy started | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Notify deployment started | |
| uses: slackapi/slack-github-action@v2 | |
| with: | |
| method: chat.postMessage | |
| token: ${{ secrets.VBR_SLACK_BOT_TOKEN }} | |
| payload: | | |
| channel: '#team-dinosaur-dev' | |
| text: 'Deployment of road-registry ${{ github.event.inputs.version }} to ${{ github.event.inputs.environment }} has started. View run at ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}' | |
| deploy_services: | |
| if: github.repository_owner == 'Informatievlaanderen' | |
| needs: [deploy_start_slack] | |
| name: Deploy services | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| services: [ | |
| 'road-backoffice-api', | |
| 'road-backoffice-commandhost', | |
| 'road-backoffice-eventhost', | |
| 'road-backoffice-extracthost', | |
| 'road-backoffice-ui', | |
| 'road-editor-projectionhost', | |
| 'road-producer-snapshot-projectionhost', | |
| 'road-product-projectionhost', | |
| 'road-projector', | |
| 'road-synchost', | |
| 'road-wfs-projectionhost', | |
| 'road-wms-projectionhost' | |
| ] | |
| steps: | |
| - name: CD services | |
| env: | |
| BUILD_URL: ${{ vars.VBR_AWS_BUILD_API_DEVOPS }}/${{matrix.services}} | |
| STATUS_URL: ${{ vars.VBR_AWS_BUILD_STATUS_API_DEVOPS }}/${{matrix.services}} | |
| uses: informatievlaanderen/awscurl-polling-action/polling-action@main | |
| with: | |
| environment: ${{ github.event.inputs.environment }} | |
| version: ${{ github.event.inputs.version }} | |
| status-url: $STATUS_URL | |
| deploy-url: $BUILD_URL | |
| access-key: ${{ secrets.VBR_AWS_ACCESS_KEY_ID_DEVOPS }} | |
| secret-key: ${{ secrets.VBR_AWS_SECRET_ACCESS_KEY_DEVOPS }} | |
| interval: 2 | |
| deploy-target: 'agb_ecs_service' | |
| domain: 'basisregisters' | |
| project: 'basisregisters' | |
| - name: Output CD services | |
| shell: bash | |
| run: | | |
| echo build-uuid: ${{ steps.awscurl-polling-action.outputs.build-uuid }} | |
| echo Status: ${{ steps.awscurl-polling-action.outputs.status }} | |
| echo ${{ steps.awscurl-polling-action.outputs.final-message }} | |
| deploy_tasks: | |
| if: github.repository_owner == 'Informatievlaanderen' | |
| needs: [deploy_start_slack] | |
| name: Deploy tasks | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| services: [ | |
| 'road-adminhost', | |
| 'road-jobs-processor', | |
| 'road-product-publishhost', | |
| ] | |
| steps: | |
| - name: CD services | |
| env: | |
| BUILD_URL: ${{ vars.VBR_AWS_BUILD_API_DEVOPS }}/${{matrix.services}} | |
| STATUS_URL: ${{ vars.VBR_AWS_BUILD_STATUS_API_DEVOPS }}/${{matrix.services}} | |
| uses: informatievlaanderen/awscurl-polling-action/polling-action@main | |
| with: | |
| environment: ${{ github.event.inputs.environment }} | |
| version: ${{ github.event.inputs.version }} | |
| status-url: $STATUS_URL | |
| deploy-url: $BUILD_URL | |
| access-key: ${{ secrets.VBR_AWS_ACCESS_KEY_ID_DEVOPS }} | |
| secret-key: ${{ secrets.VBR_AWS_SECRET_ACCESS_KEY_DEVOPS }} | |
| interval: 2 | |
| deploy-target: 'ecs_scheduled_task' | |
| domain: 'basisregisters' | |
| project: 'basisregisters' | |
| - name: Output CD tasks | |
| shell: bash | |
| run: | | |
| echo build-uuid: ${{ steps.awscurl-polling-action.outputs.build-uuid }} | |
| echo Status: ${{ steps.awscurl-polling-action.outputs.status }} | |
| echo ${{ steps.awscurl-polling-action.outputs.final-message }} | |
| deploy_lambda: | |
| if: github.repository_owner == 'Informatievlaanderen' | |
| needs: [deploy_services, deploy_tasks] | |
| name: Deploy lambda(s) | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| functions: [ | |
| 'rr-sqsbackofficefunction', | |
| 'rr-sqssnapshotfunction' | |
| ] | |
| steps: | |
| - name: Promote Lambda | |
| uses: Informatievlaanderen/build-pipeline/.github/actions/deploy-lambda-v4@main | |
| with: | |
| function-name: ${{ matrix.functions }} | |
| deploy-url: ${{ vars.VBR_AWS_DEPLOY_LAMBDA_DEVOPS_BASEURL }} | |
| access-key-id: ${{ secrets.VBR_AWS_ACCESS_KEY_ID_DEVOPS }} | |
| secret-access-key-id: ${{ secrets.VBR_AWS_SECRET_ACCESS_KEY_DEVOPS }} | |
| region: ${{ secrets.VBR_AWS_REGION_PRD }} | |
| version: ${{ github.event.inputs.version }} | |
| environment: ${{ github.event.inputs.environment }} | |
| system_healthcheck: | |
| needs: [ deploy_lambda ] | |
| if: ${{ github.repository_owner == 'Informatievlaanderen' && always() && (needs.deploy_lambda.result == 'success' || needs.deploy_lambda.result == 'skipped') }} | |
| name: System healthcheck | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Run | |
| run: | | |
| URL=$BACKOFFICE_API_URL/v1/system/healthcheck | |
| aws configure set default.aws_access_key_id $ACCESS_KEY_ID | |
| aws configure set default.aws_secret_access_key $SECRET_ACCESS_KEY_ID | |
| aws configure set default.region $REGION | |
| aws configure set default.role_session_name "Pipeline" | |
| aws configure set region $REGION --profile cross-account | |
| aws configure set role_arn arn:aws:iam::$ACCOUNT_ID:role/bastion-ssm-send-command --profile cross-account | |
| aws configure set source_profile default --profile cross-account | |
| CALLER_IDENTITY=$(aws sts get-caller-identity --profile cross-account --output text) | |
| echo "CallerIdentity: $CALLER_IDENTITY" | |
| echo $URL | |
| COMMAND_ID=$(aws ssm send-command --profile cross-account --instance-id $INSTANCE_ID --document-name AWS-RunShellScript --parameters "{\"commands\":[\"#!/bin/bash\",\"curl -X POST $URL -H 'x-api-key: $ROAD_API_KEY' --fail\"]}" --query 'Command.CommandId' --output text) | |
| for i in {1..120} | |
| do | |
| status=$(aws ssm get-command-invocation --profile cross-account --instance-id $INSTANCE_ID --command-id $COMMAND_ID --query 'Status' --output text) | |
| if [[ "$status" == "Failed" ]]; then | |
| exit 1 | |
| fi | |
| echo $status | |
| if [[ "$status" == "Success" ]]; then | |
| break | |
| fi | |
| sleep 1 | |
| done | |
| if [[ "$status" == "InProgress" ]]; then | |
| echo "Timed out" | |
| exit 1 | |
| fi | |
| response=$(aws ssm get-command-invocation --profile cross-account --instance-id $INSTANCE_ID --command-id $COMMAND_ID --query 'StandardOutputContent' --output text) | |
| echo "$response" | |
| if echo "$response" | grep -q "unhealthy"; then | |
| echo "System is unhealthy" | |
| exit 1 | |
| fi | |
| if echo "$response" | grep -q "healthy"; then | |
| echo "System is healthy" | |
| exit 0 | |
| fi | |
| exit 1 | |
| shell: bash | |
| env: | |
| ACCESS_KEY_ID: ${{ secrets.VBR_AWS_ACCESS_KEY_ID_DEVOPS }} | |
| SECRET_ACCESS_KEY_ID: ${{ secrets.VBR_AWS_SECRET_ACCESS_KEY_DEVOPS }} | |
| REGION: ${{ secrets.VBR_AWS_REGION_PRD }} | |
| INSTANCE_ID: ${{ github.event.inputs.environment == 'tst' && secrets.AWS_BASTION_ID_TST || github.event.inputs.environment == 'stg' && secrets.AWS_BASTION_ID_STG || secrets.AWS_BASTION_ID_PRD }} | |
| ACCOUNT_ID: ${{ github.event.inputs.environment == 'tst' && secrets.AWS_ACCOUNT_ID_TST || github.event.inputs.environment == 'stg' && secrets.AWS_ACCOUNT_ID_STG || secrets.AWS_ACCOUNT_ID_PRD }} | |
| BACKOFFICE_API_URL: ${{ github.event.inputs.environment == 'tst' && vars.BACKOFFICE_API_URL_TST || github.event.inputs.environment == 'stg' && vars.BACKOFFICE_API_URL_STG || vars.BACKOFFICE_API_URL_PRD }} | |
| ROAD_API_KEY: ${{ secrets.HEALTHCHECK_APIKEY }} | |
| deploy_finish_slack: | |
| needs: [system_healthcheck] | |
| if: ${{ github.repository_owner == 'Informatievlaanderen' && always() && needs.system_healthcheck.result == 'success' }} | |
| name: Notify deployment succeeded | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Notify deployment succeeded | |
| uses: slackapi/slack-github-action@v2 | |
| with: | |
| method: chat.postMessage | |
| token: ${{ secrets.VBR_SLACK_BOT_TOKEN }} | |
| payload: | | |
| channel: '#team-dinosaur-dev' | |
| text: ':white_check_mark: Deployment of road-registry ${{ github.event.inputs.version }} to ${{ github.event.inputs.environment }} has finished.' | |
| deployment_notify_failure: | |
| needs: [ system_healthcheck ] | |
| if: ${{ github.repository_owner == 'Informatievlaanderen' && failure() }} | |
| name: Notify deployment failed | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Notify deployment failed | |
| id: slack | |
| uses: slackapi/slack-github-action@v2 | |
| with: | |
| method: chat.postMessage | |
| token: ${{ secrets.VBR_SLACK_BOT_TOKEN }} | |
| payload: | | |
| channel: '#team-dinosaur-dev' | |
| text: ':x: Deployment of road-registry ${{ github.event.inputs.version }} to ${{ github.event.inputs.environment }} has failed. View run at ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}' |