Add async ImagingRefreshJob behind Flipper toggles #8579
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Settings Checks | |
| on: | |
| pull_request: | |
| types: [opened, reopened, synchronize] | |
| paths: | |
| - 'config/settings.yml' | |
| - 'config/settings/*.yml' | |
| permissions: | |
| id-token: write | |
| contents: read | |
| checks: write | |
| jobs: | |
| validate-config-files: | |
| env: | |
| COVERBAND_DISABLE_AUTO_START: true | |
| BUNDLE_ENTERPRISE__CONTRIBSYS__COM: ${{ secrets.BUNDLE_ENTERPRISE__CONTRIBSYS__COM }} | |
| permissions: write-all | |
| runs-on: ubuntu-32-cores-latest | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 | |
| - uses: ruby/setup-ruby@3ff19f5e2baf30647122352b96108b1fbe250c64 # v1 | |
| with: | |
| bundler-cache: true | |
| - name: Install pdftk | |
| run: sudo apt-get update && sudo apt-get install -y pdftk-java | |
| - name: Run Settings Validation Rake task | |
| run: bundle exec rake settings:validate | |
| - name: Add Settings Failure label | |
| if: failure() && github.event_name == 'pull_request' | |
| uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 | |
| with: | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| script: | | |
| const prNumber = context.payload.pull_request.number | |
| await github.rest.issues.addLabels({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| issue_number: prNumber, | |
| labels: ['settings-failure'], | |
| }) | |
| - name: Remove Settings Failure label | |
| if: success() && github.event_name == 'pull_request' | |
| uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 | |
| with: | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| script: | | |
| const prNumber = context.payload.pull_request.number | |
| try { | |
| await github.rest.issues.removeLabel({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| issue_number: prNumber, | |
| name: 'settings-failure', | |
| }) | |
| } catch (e) { | |
| if (e.status !== 404) throw e | |
| } | |
| check-parameters: | |
| runs-on: ubuntu-32-cores-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 | |
| with: | |
| fetch-depth: 0 | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7 # v6 | |
| with: | |
| role-to-assume: ${{ vars.AWS_ASSUME_ROLE }} | |
| aws-region: us-gov-west-1 | |
| - name: Obtain GitHub Token | |
| uses: department-of-veterans-affairs/action-inject-ssm-secrets@d8e6de3bde4dd728c9d732baef58b3c854b8c4bb # latest | |
| with: | |
| ssm_parameter: /devops/VA_VSP_BOT_GITHUB_TOKEN | |
| env_variable_name: VA_VSP_BOT_GITHUB_TOKEN | |
| - name: Install jq | |
| run: | | |
| sudo apt update | |
| sudo apt install jq -y | |
| - name: Fetch the remote master branch | |
| run: git fetch origin master | |
| - name: Check ENV diff for aws_ssm_custom lookups | |
| run: | | |
| diff_output=$(git diff origin/master config/settings.yml) | |
| if [[ -z "$diff_output" ]]; then | |
| echo "No changes detected in config/settings.yml." | |
| exit 0 | |
| fi | |
| new_env_keys=$(git diff --unified=0 origin/master config/settings.yml | \ | |
| grep '^+' | grep -o 'ENV\[[^]]*\]' | sed 's/ENV\[\([^]]*\)\]/\1/' | sort -u) | |
| if [[ -z "$new_env_keys" ]]; then | |
| echo "No ENV variables found in changes." | |
| exit 0 | |
| fi | |
| keys=() | |
| for line in $new_env_keys; do | |
| # Remove any quotes that might be present | |
| line=$(echo "$line" | tr -d "'") | |
| keys+=("$line") | |
| done | |
| echo "Found the following ENV keys:" | |
| for key in "${keys[@]}"; do | |
| echo " - $key" | |
| done | |
| echo "PARAM_STORE_VARS=true" >> $GITHUB_ENV | |
| invalid_parameters=() | |
| for key in "${keys[@]}"; do | |
| param_names=() | |
| # replace double underscores with slashes | |
| formatted_key=$(echo "$key" | sed 's/__/\//g') | |
| echo "Processing key: $key (formatted as: $formatted_key)" | |
| dev_ssm_param="/dsva-vagov/vets-api/dev/env_vars/$formatted_key" | |
| staging_ssm_param="/dsva-vagov/vets-api/staging/env_vars/$formatted_key" | |
| sandbox_ssm_param="/dsva-vagov/vets-api/sandbox/env_vars/$formatted_key" | |
| prod_ssm_param="/dsva-vagov/vets-api/prod/env_vars/$formatted_key" | |
| param_names+=("$dev_ssm_param") | |
| param_names+=("$staging_ssm_param") | |
| param_names+=("$sandbox_ssm_param") | |
| param_names+=("$prod_ssm_param") | |
| # Use a more resilient approach for the AWS command | |
| set +e # Don't exit on error | |
| ssm_output=$(aws ssm get-parameters \ | |
| --names "${param_names[@]}" \ | |
| --query "InvalidParameters" \ | |
| --output json 2>&1) | |
| aws_exit_code=$? | |
| set -e # Restore exit on error | |
| if [ $aws_exit_code -ne 0 ]; then | |
| echo "AWS SSM command failed with output: $ssm_output" | |
| continue # Skip to next key | |
| fi | |
| # Process invalid parameters | |
| if [[ -n "$ssm_output" && "$ssm_output" != "[]" && "$ssm_output" != "null" ]]; then | |
| # Parse the JSON output to extract invalid parameters | |
| while read -r param; do | |
| if [[ -n "$param" ]]; then | |
| invalid_parameters+=("$param") | |
| fi | |
| done < <(echo "$ssm_output" | jq -r '.[]' 2>/dev/null || echo "") | |
| fi | |
| done | |
| # Display invalid parameters | |
| echo "Invalid parameters found: ${#invalid_parameters[@]}" | |
| if [[ ${#invalid_parameters[@]} -gt 0 ]]; then | |
| for param in "${invalid_parameters[@]}"; do | |
| echo " - $param" | |
| done | |
| invalid_params_string=$(printf -- '- %s\n' "${invalid_parameters[@]}") | |
| { | |
| echo "INVALID_PARAMETERS<<EOF" | |
| echo "$invalid_params_string" | |
| echo "EOF" | |
| } >> "$GITHUB_ENV" | |
| else | |
| echo "No invalid parameters found" | |
| echo "INVALID_PARAMETERS=" >> $GITHUB_ENV | |
| fi | |
| - name: Respond to PR if invalid parameters are found | |
| if: env.INVALID_PARAMETERS != '' | |
| uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 | |
| with: | |
| github-token: ${{ env.VA_VSP_BOT_GITHUB_TOKEN }} | |
| script: | | |
| const prNumber = context.payload.pull_request.number | |
| const invalidParameters = process.env.INVALID_PARAMETERS || '' | |
| const body = `:warning: The following Parameter Store values are invalid. Please make sure the values are correct and exist in AWS Parameter Store before merging:\n\n${invalidParameters}` | |
| await github.rest.issues.createComment({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| issue_number: prNumber, | |
| body, | |
| }) | |
| - name: Fail if invalid parameters are found | |
| if: env.INVALID_PARAMETERS != '' | |
| run: exit 1 | |
| - name: Respond to PR if no invalid parameters are found | |
| if: env.INVALID_PARAMETERS == '' && env.PARAM_STORE_VARS == 'true' | |
| uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 | |
| with: | |
| github-token: ${{ env.VA_VSP_BOT_GITHUB_TOKEN }} | |
| script: | | |
| const prNumber = context.payload.pull_request.number | |
| await github.rest.issues.createComment({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| issue_number: prNumber, | |
| body: ':+1: All Parameter Store values in this PR are valid', | |
| }) |