-
Notifications
You must be signed in to change notification settings - Fork 9
105 lines (90 loc) · 3.9 KB
/
manual-deploy-dev-staging.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
name: Manual dev/staging Deploy
on:
workflow_dispatch:
inputs:
commit_sha:
description: Deploy a specific commit
required: true
deploy_environment:
type: choice
description: The environment to deploy to
required: true
options:
- dev
- staging
- both
env:
DEVOPS_CHANNEL_ID: C37M86Y8G #devops-deploys
CONTENT_BUILD_CHANNEL_ID: C02VD909V08 #status-content-build
jobs:
set-environment:
name: Set environment to deploy
runs-on: ubuntu-latest
outputs:
environment: ${{ steps.set-output.outputs.environment }}
env:
dev: "{\\\"environment\\\": \\\"vagovdev\\\", \\\"bucket\\\": \\\"content.dev.va.gov\\\"}"
staging: "{\\\"environment\\\": \\\"vagovstaging\\\", \\\"bucket\\\": \\\"content.staging.va.gov\\\"}"
steps:
- name: Set output
id: set-output
run: |
if [[ ${{ github.event.inputs.deploy_environment }} == 'dev' ]]; then
echo environment={\"include\":[${{env.dev}}]} >> $GITHUB_OUTPUT
elif [[ ${{ github.event.inputs.deploy_environment }} == 'staging' ]]; then
echo environment={\"include\":[${{env.staging}}]} >> $GITHUB_OUTPUT
else
echo environment={\"include\":[${{env.dev}},${{env.staging}}]} >> $GITHUB_OUTPUT
fi
deploy:
name: Deploy
runs-on: [self-hosted]
needs: set-environment
strategy:
matrix: ${{ fromJson(needs.set-environment.outputs.environment) }}
env:
NODE_EXTRA_CA_CERTS: /etc/ssl/certs/ca-certificates.crt
steps:
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Configure AWS credentials (1)
uses: aws-actions/configure-aws-credentials@e1e17a757e536f70e52b5a12b2e8d1d1c60e04ef # v2.0.0
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-gov-west-1
- name: Get role from Parameter Store
uses: department-of-veterans-affairs/action-inject-ssm-secrets@d8e6de3bde4dd728c9d732baef58b3c854b8c4bb # latest
with:
ssm_parameter: /frontend-team/github-actions/parameters/AWS_FRONTEND_NONPROD_ROLE
env_variable_name: AWS_FRONTEND_NONPROD_ROLE
- name: Configure AWS Credentials (2)
uses: aws-actions/configure-aws-credentials@e1e17a757e536f70e52b5a12b2e8d1d1c60e04ef # v2.0.0
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-gov-west-1
role-to-assume: ${{ env.AWS_FRONTEND_NONPROD_ROLE }}
role-duration-seconds: 900
role-session-name: vsp-frontendteam-githubaction
- name: Deploy
run: ./script/github-actions/deploy.sh -s $SRC -d $DEST -v
env:
SRC: s3://vetsgov-website-builds-s3-upload/content-build/${{ github.event.inputs.commit_sha }}/${{ matrix.environment }}.tar.bz2
DEST: s3://${{ matrix.bucket }}
notify-failure:
name: Notify Failure
runs-on: ubuntu-latest
if: ${{ failure() || cancelled() }}
needs: deploy
steps:
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Notify Slack
uses: department-of-veterans-affairs/platform-release-tools-actions/slack-notify@8c496a4b0c9158d18edcd9be8722ed0f79e8c5b4 # main
continue-on-error: true
with:
attachments: '[{"mrkdwn_in": ["text"], "color": "#D33834", "text": "content-build manual dev/staging deploy failed!: <https://github.com/${{github.repository}}/actions/runs/${{github.run_id}}>"}]'
channel_id: ${{ env.CONTENT_BUILD_CHANNEL_ID }}
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}