This repository is currently being migrated. It's locked while the migration is in progress.
-
Notifications
You must be signed in to change notification settings - Fork 94
121 lines (108 loc) · 4.83 KB
/
deploy-template.yml
File metadata and controls
121 lines (108 loc) · 4.83 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
name: Release and Update Manifests
on:
workflow_call:
inputs:
ecr_repository:
required: true
type: string
manifests_directory:
required: true
type: string
auto_deploy_envs:
required: true
type: string
commit_sha: # #${{ github.event.workflow_run.head_commit.id }}
required: true
type: string
secrets:
aws_access_key_id: #${{ secrets.AWS_ACCESS_KEY_ID }}
required: true
aws_secret_access_key: #${{ secrets.AWS_SECRET_ACCESS_KEY }}
required: true
permissions:
id-token: write
contents: read
jobs:
prepare-values:
runs-on: ubuntu-latest
outputs:
environments: ${{ steps.set-environments.outputs.environments }}
steps:
- name: Set to auto deploy environments on push to master
run: |
echo "triggered via schedule"
echo "environments=${{inputs.auto_deploy_envs}}" >> $GITHUB_ENV
- name: Set output
id: set-environments
run: |
echo "environments=${{ env.environments }}" >> $GITHUB_OUTPUT
release:
needs: [prepare-values]
if: github.ref == 'refs/heads/master'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7 # v6
with:
role-to-assume: ${{ vars.AWS_ASSUME_ROLE }}
aws-region: "us-gov-west-1"
- name: Log into ECR
id: ecr-login
uses: aws-actions/amazon-ecr-login@183a1442edf41672e66566b7fc560e297a290896 # v2
- name: Get bot token from Parameter Store
uses: marvinpinto/action-inject-ssm-secrets@40db08dfe313758837e611cac1679e3a89b35531 # latest
with:
ssm_parameter: /devops/VA_VSP_BOT_GITHUB_TOKEN
env_variable_name: VA_VSP_BOT_GITHUB_TOKEN
- name: Install yq
run: |
wget https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 -O yq
chmod +x yq
sudo mv yq /usr/local/bin/
yq --version
- name: Check out Manifest Repo
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
repository: department-of-veterans-affairs/vsp-infra-application-manifests
token: ${{ env.VA_VSP_BOT_GITHUB_TOKEN }}
fetch-depth: 1
path: vsp-infra-application-manifests
ref: refs/heads/main
- name: Update vets-api image and version name in Manifest repo
env:
ECR_REGISTRY: ${{ steps.ecr-login.outputs.registry }}
ECR_REPOSITORY: dsva/${{inputs.ecr_repository}}
run: |
cd vsp-infra-application-manifests/apps/${{inputs.manifests_directory}}
for env in dev staging prod sandbox; do
has_parent=$(yq e 'has("vets-api-parent")' "$env/values.yaml")
has_vets=$(yq e 'has("vets-api")' "$env/values.yaml")
if [[ "$has_parent" == "true" ]]; then
chart_key="vets-api-parent"
elif [[ "$has_vets" == "true" ]]; then
chart_key="vets-api"
else
echo "Image tag failure. No known chart key found in $env/values.yaml."
exit 1
fi
echo "$env -> $chart_key"
export chart_key
yq e -i '(.[env(chart_key)].image.tag) |= "${{ inputs.commit_sha }}"' "$env/values.yaml"
yq e -i '(.[env(chart_key)].web.envSecrets[] | select(.name=="DD_VERSION").value) |= "${{ inputs.commit_sha }}"' "$env/values.yaml"
yq e -i '(.[env(chart_key)].web.dbMigrate.envSecrets[] | select(.name=="DD_VERSION").value) |= "${{ inputs.commit_sha }}"' "$env/values.yaml"
yq e -i '(.[env(chart_key)].worker.envSecrets[] | select(.name=="DD_VERSION").value) |= "${{ inputs.commit_sha }}"' "$env/values.yaml"
yq e -i '(.[env(chart_key)].web.envSecrets[] | select(.name=="DD_GIT_COMMIT_SHA").value) |= "${{ inputs.commit_sha }}"' "$env/values.yaml"
yq e -i '(.[env(chart_key)].web.dbMigrate.envSecrets[] | select(.name=="DD_GIT_COMMIT_SHA").value) |= "${{ inputs.commit_sha }}"' "$env/values.yaml"
yq e -i '(.[env(chart_key)].worker.envSecrets[] | select(.name=="DD_GIT_COMMIT_SHA").value) |= "${{ inputs.commit_sha }}"' "$env/values.yaml"
done
git diff
- name: Add and Commit file
uses: EndBug/add-and-commit@290ea2c423ad77ca9c62ae0f5b224379612c0321 # v10.0.0
with:
new_branch: main
add: "*"
cwd: vsp-infra-application-manifests/apps
author_name: va-vsp-bot
author_email: 70344339+va-vsp-bot@users.noreply.github.com
message: "Release ${{ needs.prepare-values.outputs.environments }} for ${{inputs.ecr_repository}} : ${{ inputs.commit_sha }}."