|
| 1 | +name: Release and Update Manifests |
| 2 | + |
| 3 | +on: |
| 4 | + workflow_call: |
| 5 | + inputs: |
| 6 | + ecr_repository: |
| 7 | + required: true |
| 8 | + type: string |
| 9 | + manifests_directory: |
| 10 | + required: true |
| 11 | + type: string |
| 12 | + auto_deploy_envs: |
| 13 | + required: true |
| 14 | + type: string |
| 15 | + commit_sha: |
| 16 | + required: true |
| 17 | + type: string |
| 18 | + secrets: |
| 19 | + aws_access_key_id: |
| 20 | + required: true |
| 21 | + aws_secret_access_key: |
| 22 | + required: true |
| 23 | +permissions: |
| 24 | + id-token: write |
| 25 | + contents: read |
| 26 | +jobs: |
| 27 | + prepare-values: |
| 28 | + runs-on: ubuntu-latest |
| 29 | + outputs: |
| 30 | + environments: ${{ steps.set-environments.outputs.environments }} |
| 31 | + steps: |
| 32 | + - name: Set to auto deploy environments on push to master |
| 33 | + run: | |
| 34 | + echo "environments=${{inputs.auto_deploy_envs}}" >> $GITHUB_ENV |
| 35 | + - name: Set output |
| 36 | + id: set-environments |
| 37 | + run: | |
| 38 | + echo "environments=${{ env.environments }}" >> $GITHUB_OUTPUT |
| 39 | + release: |
| 40 | + needs: [prepare-values] |
| 41 | + if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/main' |
| 42 | + runs-on: ubuntu-latest |
| 43 | + steps: |
| 44 | + - uses: actions/checkout@v6 |
| 45 | + |
| 46 | + - name: Configure AWS Credentials |
| 47 | + uses: aws-actions/configure-aws-credentials@v6 |
| 48 | + with: |
| 49 | + role-to-assume: ${{ vars.AWS_ASSUME_ROLE }} |
| 50 | + aws-region: "us-gov-west-1" |
| 51 | + |
| 52 | + - name: Log into ECR |
| 53 | + id: ecr-login |
| 54 | + uses: aws-actions/amazon-ecr-login@v2 |
| 55 | + |
| 56 | + - name: Get bot token from Parameter Store |
| 57 | + uses: marvinpinto/action-inject-ssm-secrets@latest |
| 58 | + with: |
| 59 | + ssm_parameter: /devops/VA_VSP_BOT_GITHUB_TOKEN |
| 60 | + env_variable_name: VA_VSP_BOT_GITHUB_TOKEN |
| 61 | + |
| 62 | + - name: Install yq |
| 63 | + run: | |
| 64 | + wget https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 -O yq |
| 65 | + chmod +x yq |
| 66 | + sudo mv yq /usr/local/bin/ |
| 67 | + yq --version |
| 68 | +
|
| 69 | + - name: Check out Manifest Repo |
| 70 | + uses: actions/checkout@v6 |
| 71 | + with: |
| 72 | + repository: department-of-veterans-affairs/vsp-infra-application-manifests |
| 73 | + token: ${{ env.VA_VSP_BOT_GITHUB_TOKEN }} |
| 74 | + fetch-depth: 1 |
| 75 | + path: vsp-infra-application-manifests |
| 76 | + ref: refs/heads/main |
| 77 | + |
| 78 | + - name: Update gi-bill-data-service image tag in Manifest repo |
| 79 | + env: |
| 80 | + ECR_REGISTRY: ${{ steps.ecr-login.outputs.registry }} |
| 81 | + ECR_REPOSITORY: dsva/${{inputs.ecr_repository}} |
| 82 | + run: | |
| 83 | + cd vsp-infra-application-manifests/apps/${{inputs.manifests_directory}} |
| 84 | + envs=( ${{ needs.prepare-values.outputs.environments }} ) |
| 85 | + for env in ${envs[*]}; |
| 86 | + do |
| 87 | + yq e -i '(."gi-bill-data-service".image.tag) |= "${{ inputs.commit_sha }}"' $env/values.yaml |
| 88 | + done |
| 89 | + git diff |
| 90 | +
|
| 91 | + - name: Add and Commit file |
| 92 | + uses: EndBug/add-and-commit@v9 |
| 93 | + with: |
| 94 | + new_branch: main |
| 95 | + add: "*" |
| 96 | + cwd: vsp-infra-application-manifests/apps |
| 97 | + author_name: va-vsp-bot |
| 98 | + author_email: 70344339+va-vsp-bot@users.noreply.github.com |
| 99 | + message: "Release ${{ needs.prepare-values.outputs.environments }} for ${{inputs.ecr_repository}} : ${{ inputs.commit_sha }}." |
0 commit comments