-
Notifications
You must be signed in to change notification settings - Fork 11
151 lines (129 loc) · 5.95 KB
/
daily-production-release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
name: Daily Production Release
on:
workflow_dispatch:
inputs:
override_code_freeze:
type: boolean
description: "Override code freeze and create production tag"
default: false
schedule:
- cron: 0 16 * * 1-5
concurrency:
group: daily-prod-release
cancel-in-progress: true
env:
CHANNEL_ID: C0MQ281DJ # vfs-platform-builds
CONTENT_BUILD_CHANNEL_ID: C02VD909V08 #status-content-build
DSVA_SCHEDULE_ENABLED: true
jobs:
holiday-checker:
runs-on: ubuntu-latest
outputs:
is_holiday: ${{ steps.holiday-check.outputs.is_holiday }}
steps:
- name: Check if today is a holiday
id: holiday-check
uses: department-of-veterans-affairs/vsp-github-actions/holiday-checker@main
create-release:
name: Create Release
needs: holiday-checker
runs-on: ubuntu-latest
# Do not run the workflow during VA holidays unless we explicitly override it.
if: >
(needs.holiday-checker.outputs.is_holiday == 'false' || (inputs && inputs.override_code_freeze))
outputs:
RELEASE_NAME: ${{ steps.export-release-name.outputs.RELEASE_NAME }}
steps:
- name: Cancel workflow due to DSVA schedule
if: ${{ github.event_name == 'schedule' && env.DSVA_SCHEDULE_ENABLED != 'true' }}
uses: andymckay/cancel-action@b9280e3f8986d7a8e91c7462efc0fa318010c8b1 # v0.3
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@e1e17a757e536f70e52b5a12b2e8d1d1c60e04ef # v2.0.0
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-gov-west-1
- name: Get bot token from Parameter Store
uses: department-of-veterans-affairs/action-inject-ssm-secrets@d8e6de3bde4dd728c9d732baef58b3c854b8c4bb # latest
with:
ssm_parameter: /devops/VA_VSP_BOT_GITHUB_TOKEN
env_variable_name: VA_VSP_BOT_GITHUB_TOKEN
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
token: ${{ env.VA_VSP_BOT_GITHUB_TOKEN }}
- name: Install dependencies
uses: ./.github/workflows/install
with:
key: ${{ hashFiles('yarn.lock') }}
yarn_cache_folder: ~/.cache/yarn
path: |
~/.cache/yarn
node_modules
- name: Get current ref
id: get-current-ref
run: echo REF=$(git rev-parse HEAD) >> $GITHUB_OUTPUT
- name: Validate build status
run: node ./script/github-actions/validate-build-status.js ${{ steps.get-current-ref.outputs.REF }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Get latest tag
id: get-latest-tag
run: echo LATEST_TAG_VERSION=$(git fetch --all --tags > /dev/null && git tag -l | sort -V --reverse | head -n 1) >> $GITHUB_OUTPUT
- name: Get next tag version
run: |
current_patch=$(echo ${{ steps.get-latest-tag.outputs.LATEST_TAG_VERSION }} | cut -d'.' -f3)
echo "new_patch=$(echo $(( $current_patch + 1 )))" >> $GITHUB_ENV
- name: Create next tag
uses: nick-invision/retry@943e742917ac94714d2f408a0e8320f2d1fcafcd # v2.8.3
with:
timeout_seconds: 30
max_attempts: 3
command: git tag v0.0.${{ env.new_patch }} ${{ steps.get-current-ref.outputs.REF }} && git push --no-verify origin v0.0.${{ env.new_patch }}
new_command_on_retry: |
next_patch=$(echo $(( ${{ env.new_patch }} + 1 )))
echo "new_patch=$next_patch" >> $GITHUB_ENV
git tag v0.0.$next_patch ${{ steps.get-current-ref.outputs.REF }} && git push --no-verify origin v0.0.$next_patch
- name: Create release
uses: ncipollo/release-action@a2e71bdd4e7dab70ca26a852f29600c98b33153e # v1.12.0
with:
tag: v0.0.${{ env.new_patch }}
name: content-build/v0.0.${{ env.new_patch }}
token: ${{ env.VA_VSP_BOT_GITHUB_TOKEN }}
commit: ${{ steps.get-current-ref.outputs.REF }}
- name: Export new release name
id: export-release-name
run: |
echo RELEASE_NAME=v0.0.${{ env.new_patch }} >> $GITHUB_OUTPUT
notify-success:
name: Notify Success
runs-on: ubuntu-latest
needs: create-release
steps:
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Notify Slack
uses: department-of-veterans-affairs/platform-release-tools-actions/slack-notify@8c496a4b0c9158d18edcd9be8722ed0f79e8c5b4 # main
continue-on-error: true
with:
payload: '{"attachments": [{"color": "#07711E","blocks": [{"type": "section","text": {"type": "mrkdwn","text": "Successfully tagged new content-build release: ${{ needs.create-release.outputs.RELEASE_NAME }}"}}]}]}'
channel_id: ${{ env.CONTENT_BUILD_CHANNEL_ID }}
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
notify-failure:
name: Notify Failure
runs-on: ubuntu-latest
if: ${{ failure() || cancelled() }}
needs: create-release
steps:
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Notify Slack
if: ${{ env.DSVA_SCHEDULE_ENABLED == 'true' }}
uses: department-of-veterans-affairs/platform-release-tools-actions/slack-notify@8c496a4b0c9158d18edcd9be8722ed0f79e8c5b4 # main
continue-on-error: true
with:
payload: '{"attachments": [{"color": "#D33834","blocks": [{"type": "section","text": {"type": "mrkdwn","text": "<!here> New content-build release could not be tagged!: <https://github.com/${{github.repository}}/actions/runs/${{github.run_id}}>"}}]}]}'
channel_id: ${{ env.CONTENT_BUILD_CHANNEL_ID }}
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}