Daily Production Release #821

Workflow file for this run

.github/workflows/daily-production-release.yml at f57d0a3

	name: Daily Production Release

	on:
	workflow_dispatch:
	inputs:
	override_code_freeze:
	type: boolean
	description: "Override code freeze and create production tag"
	default: false
	schedule:
	- cron: 0 16 * * 1-5

	concurrency:
	group: daily-prod-release
	cancel-in-progress: true

	env:
	CHANNEL_ID: C0MQ281DJ # vfs-platform-builds
	CONTENT_BUILD_CHANNEL_ID: C02VD909V08 #status-content-build
	DSVA_SCHEDULE_ENABLED: true

	jobs:
	holiday-checker:
	runs-on: ubuntu-latest
	outputs:
	is_holiday: ${{ steps.holiday-check.outputs.is_holiday }}
	steps:
	- name: Check if today is a holiday
	id: holiday-check
	uses: department-of-veterans-affairs/vsp-github-actions/holiday-checker@main
	create-release:
	name: Create Release
	needs: holiday-checker
	runs-on: ubuntu-latest
	# Do not run the workflow during VA holidays unless we explicitly override it.
	if: >
	(needs.holiday-checker.outputs.is_holiday == 'false' \|\| (inputs && inputs.override_code_freeze))
	outputs:
	RELEASE_NAME: ${{ steps.export-release-name.outputs.RELEASE_NAME }}

	steps:
	- name: Cancel workflow due to DSVA schedule
	if: ${{ github.event_name == 'schedule' && env.DSVA_SCHEDULE_ENABLED != 'true' }}
	uses: andymckay/cancel-action@b9280e3f8986d7a8e91c7462efc0fa318010c8b1 # v0.3

	- name: Configure AWS Credentials
	uses: aws-actions/configure-aws-credentials@4fc4975a852c8cd99761e2de1f4ba73402e44dd9 # v4.0.3
	with:
	aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
	aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
	aws-region: us-gov-west-1

	- name: Get bot token from Parameter Store
	uses: department-of-veterans-affairs/action-inject-ssm-secrets@d8e6de3bde4dd728c9d732baef58b3c854b8c4bb # latest
	with:
	ssm_parameter: /devops/VA_VSP_BOT_GITHUB_TOKEN
	env_variable_name: VA_VSP_BOT_GITHUB_TOKEN

	- name: Checkout
	uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
	with:
	token: ${{ env.VA_VSP_BOT_GITHUB_TOKEN }}

	- name: Install dependencies
	uses: ./.github/workflows/install
	with:
	key: ${{ hashFiles('yarn.lock') }}
	yarn_cache_folder: ~/.cache/yarn
	path: \|
	~/.cache/yarn
	node_modules

	- name: Get current ref
	id: get-current-ref
	run: echo REF=$(git rev-parse HEAD) >> $GITHUB_OUTPUT

	- name: Validate build status
	run: node ./script/github-actions/validate-build-status.js ${{ steps.get-current-ref.outputs.REF }}
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

	- name: Get latest tag
	id: get-latest-tag
	run: echo LATEST_TAG_VERSION=$(git fetch --all --tags > /dev/null && git tag -l \| sort -V --reverse \| head -n 1) >> $GITHUB_OUTPUT

	- name: Get next tag version
	run: \|
	current_patch=$(echo ${{ steps.get-latest-tag.outputs.LATEST_TAG_VERSION }} \| cut -d'.' -f3)
	echo "new_patch=$(echo $(( $current_patch + 1 )))" >> $GITHUB_ENV

	- name: Create next tag
	uses: nick-invision/retry@943e742917ac94714d2f408a0e8320f2d1fcafcd # v2.8.3
	with:
	timeout_seconds: 30
	max_attempts: 3
	command: git tag v0.0.${{ env.new_patch }} ${{ steps.get-current-ref.outputs.REF }} && git push --no-verify origin v0.0.${{ env.new_patch }}
	new_command_on_retry: \|
	next_patch=$(echo $(( ${{ env.new_patch }} + 1 )))
	echo "new_patch=$next_patch" >> $GITHUB_ENV
	git tag v0.0.$next_patch ${{ steps.get-current-ref.outputs.REF }} && git push --no-verify origin v0.0.$next_patch

	- name: Create release
	uses: ncipollo/release-action@a2e71bdd4e7dab70ca26a852f29600c98b33153e # v1.12.0
	with:
	tag: v0.0.${{ env.new_patch }}
	name: content-build/v0.0.${{ env.new_patch }}
	token: ${{ env.VA_VSP_BOT_GITHUB_TOKEN }}
	commit: ${{ steps.get-current-ref.outputs.REF }}

	- name: Export new release name
	id: export-release-name
	run: \|
	echo RELEASE_NAME=v0.0.${{ env.new_patch }} >> $GITHUB_OUTPUT

	notify-success:
	name: Notify Success
	runs-on: ubuntu-latest
	needs: create-release

	steps:
	- name: Checkout
	uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1

	- name: Notify Slack
	uses: department-of-veterans-affairs/platform-release-tools-actions/slack-notify@8c496a4b0c9158d18edcd9be8722ed0f79e8c5b4 # main
	continue-on-error: true
	with:
	payload: '{"attachments": [{"color": "#07711E","blocks": [{"type": "section","text": {"type": "mrkdwn","text": "Successfully tagged new content-build release: ${{ needs.create-release.outputs.RELEASE_NAME }}"}}]}]}'
	channel_id: ${{ env.CONTENT_BUILD_CHANNEL_ID }}
	aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
	aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}

	notify-failure:
	name: Notify Failure
	runs-on: ubuntu-latest
	if: ${{ failure() \|\| cancelled() }}
	needs: create-release

	steps:
	- name: Checkout
	uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1

	- name: Notify Slack
	if: ${{ env.DSVA_SCHEDULE_ENABLED == 'true' }}
	uses: department-of-veterans-affairs/platform-release-tools-actions/slack-notify@8c496a4b0c9158d18edcd9be8722ed0f79e8c5b4 # main
	continue-on-error: true
	with:
	payload: '{"attachments": [{"color": "#D33834","blocks": [{"type": "section","text": {"type": "mrkdwn","text": "<!here> New content-build release could not be tagged!: <https://github.com/${{github.repository}}/actions/runs/${{github.run_id}}>"}}]}]}'
	channel_id: ${{ env.CONTENT_BUILD_CHANNEL_ID }}
	aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
	aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Daily Production Release #821

Workflow file

Daily Production Release #821

Jobs

Run details

Workflow file for this run