Skip to content

Daily Production Release #452

Daily Production Release

Daily Production Release #452

name: Daily Production Release
on:
workflow_dispatch:
schedule:
- cron: 0 19 * * 1-5
concurrency:
group: daily-prod-release
cancel-in-progress: true
env:
CHANNEL_ID: C0MQ281DJ # vfs-platform-builds
CONTENT_BUILD_CHANNEL_ID: C02VD909V08 #status-content-build
DSVA_SCHEDULE_ENABLED: true
jobs:
create-release:
name: Create Release
runs-on: ubuntu-latest
outputs:
RELEASE_NAME: ${{ steps.export-release-name.outputs.RELEASE_NAME }}
steps:
- name: Cancel workflow due to DSVA schedule
if: ${{ github.event_name == 'schedule' && env.DSVA_SCHEDULE_ENABLED != 'true' }}
uses: andymckay/cancel-action@b9280e3f8986d7a8e91c7462efc0fa318010c8b1 # v0.3
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@e1e17a757e536f70e52b5a12b2e8d1d1c60e04ef # v2.0.0
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-gov-west-1
- name: Get bot token from Parameter Store
uses: department-of-veterans-affairs/action-inject-ssm-secrets@d8e6de3bde4dd728c9d732baef58b3c854b8c4bb # latest
with:
ssm_parameter: /devops/VA_VSP_BOT_GITHUB_TOKEN
env_variable_name: VA_VSP_BOT_GITHUB_TOKEN
- name: Checkout
uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
with:
token: ${{ env.VA_VSP_BOT_GITHUB_TOKEN }}
- name: Install dependencies
uses: ./.github/workflows/install
with:
key: ${{ hashFiles('yarn.lock') }}
yarn_cache_folder: ~/.cache/yarn
path: |
~/.cache/yarn
node_modules
- name: Get current ref
id: get-current-ref
run: echo REF=$(git rev-parse HEAD) >> $GITHUB_OUTPUT
- name: Validate build status
run: node ./script/github-actions/validate-build-status.js ${{ steps.get-current-ref.outputs.REF }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Get latest tag
id: get-latest-tag
run: echo LATEST_TAG_VERSION=$(git fetch --all --tags > /dev/null && git tag -l | sort -V --reverse | head -n 1) >> $GITHUB_OUTPUT
- name: Get next tag version
run: |
current_patch=$(echo ${{ steps.get-latest-tag.outputs.LATEST_TAG_VERSION }} | cut -d'.' -f3)
echo "new_patch=$(echo $(( $current_patch + 1 )))" >> $GITHUB_ENV
- name: Create next tag
uses: nick-invision/retry@943e742917ac94714d2f408a0e8320f2d1fcafcd # v2.8.3
with:
timeout_seconds: 30
max_attempts: 3
command: git tag v0.0.${{ env.new_patch }} ${{ steps.get-current-ref.outputs.REF }} && git push --no-verify origin v0.0.${{ env.new_patch }}
new_command_on_retry: |
next_patch=$(echo $(( ${{ env.new_patch }} + 1 )))
echo "new_patch=$next_patch" >> $GITHUB_ENV
git tag v0.0.$next_patch ${{ steps.get-current-ref.outputs.REF }} && git push --no-verify origin v0.0.$next_patch
- name: Create release
uses: ncipollo/release-action@a2e71bdd4e7dab70ca26a852f29600c98b33153e # v1.12.0
with:
tag: v0.0.${{ env.new_patch }}
name: content-build/v0.0.${{ env.new_patch }}
token: ${{ env.VA_VSP_BOT_GITHUB_TOKEN }}
commit: ${{ steps.get-current-ref.outputs.REF }}
- name: Export new release name
id: export-release-name
run: |
echo RELEASE_NAME=v0.0.${{ env.new_patch }} >> $GITHUB_OUTPUT
notify-success:
name: Notify Success
runs-on: ubuntu-latest
needs: create-release
steps:
- name: Checkout
uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
- name: Notify Slack
uses: department-of-veterans-affairs/platform-release-tools-actions/slack-notify@8c496a4b0c9158d18edcd9be8722ed0f79e8c5b4 # main
continue-on-error: true
with:
payload: '{"attachments": [{"color": "#07711E","blocks": [{"type": "section","text": {"type": "mrkdwn","text": "Successfully tagged new content-build release: ${{ needs.create-release.outputs.RELEASE_NAME }}"}}]}]}'
channel_id: ${{ env.CONTENT_BUILD_CHANNEL_ID }}
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
notify-failure:
name: Notify Failure
runs-on: ubuntu-latest
if: ${{ failure() || cancelled() }}
needs: create-release
steps:
- name: Checkout
uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
- name: Notify Slack
if: ${{ env.DSVA_SCHEDULE_ENABLED == 'true' }}
uses: department-of-veterans-affairs/platform-release-tools-actions/slack-notify@8c496a4b0c9158d18edcd9be8722ed0f79e8c5b4 # main
continue-on-error: true
with:
payload: '{"attachments": [{"color": "#D33834","blocks": [{"type": "section","text": {"type": "mrkdwn","text": "<!here> New content-build release could not be tagged!: <https://github.com/${{github.repository}}/actions/runs/${{github.run_id}}>"}}]}]}'
channel_id: ${{ env.CONTENT_BUILD_CHANNEL_ID }}
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}