-
Notifications
You must be signed in to change notification settings - Fork 9
134 lines (112 loc) · 5.3 KB
/
daily-production-release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
name: Daily Production Release
on:
workflow_dispatch:
schedule:
- cron: 0 20 * * 1-5
concurrency:
group: daily-prod-release
cancel-in-progress: true
env:
CHANNEL_ID: C0MQ281DJ # vfs-platform-builds
CONTENT_BUILD_CHANNEL_ID: C02VD909V08 #status-content-build
DSVA_SCHEDULE_ENABLED: true
jobs:
create-release:
name: Create Release
runs-on: ubuntu-latest
outputs:
RELEASE_NAME: ${{ steps.export-release-name.outputs.RELEASE_NAME }}
steps:
- name: Cancel workflow due to DSVA schedule
if: ${{ github.event_name == 'schedule' && env.DSVA_SCHEDULE_ENABLED != 'true' }}
uses: andymckay/cancel-action@b9280e3f8986d7a8e91c7462efc0fa318010c8b1 # v0.3
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@e1e17a757e536f70e52b5a12b2e8d1d1c60e04ef # v2.0.0
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-gov-west-1
- name: Get bot token from Parameter Store
uses: department-of-veterans-affairs/action-inject-ssm-secrets@d8e6de3bde4dd728c9d732baef58b3c854b8c4bb # latest
with:
ssm_parameter: /devops/VA_VSP_BOT_GITHUB_TOKEN
env_variable_name: VA_VSP_BOT_GITHUB_TOKEN
- name: Checkout
uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
with:
token: ${{ env.VA_VSP_BOT_GITHUB_TOKEN }}
- name: Install dependencies
uses: ./.github/workflows/install
with:
key: ${{ hashFiles('yarn.lock') }}
yarn_cache_folder: ~/.cache/yarn
path: |
~/.cache/yarn
node_modules
- name: Get current ref
id: get-current-ref
run: echo REF=$(git rev-parse HEAD) >> $GITHUB_OUTPUT
- name: Validate build status
run: node ./script/github-actions/validate-build-status.js ${{ steps.get-current-ref.outputs.REF }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Get latest tag
id: get-latest-tag
run: echo LATEST_TAG_VERSION=$(git fetch --all --tags > /dev/null && git tag -l | sort -V --reverse | head -n 1) >> $GITHUB_OUTPUT
- name: Get next tag version
run: |
current_patch=$(echo ${{ steps.get-latest-tag.outputs.LATEST_TAG_VERSION }} | cut -d'.' -f3)
echo "new_patch=$(echo $(( $current_patch + 1 )))" >> $GITHUB_ENV
- name: Create next tag
uses: nick-invision/retry@943e742917ac94714d2f408a0e8320f2d1fcafcd # v2.8.3
with:
timeout_seconds: 30
max_attempts: 3
command: git tag v0.0.${{ env.new_patch }} ${{ steps.get-current-ref.outputs.REF }} && git push --no-verify origin v0.0.${{ env.new_patch }}
new_command_on_retry: |
next_patch=$(echo $(( ${{ env.new_patch }} + 1 )))
echo "new_patch=$next_patch" >> $GITHUB_ENV
git tag v0.0.$next_patch ${{ steps.get-current-ref.outputs.REF }} && git push --no-verify origin v0.0.$next_patch
- name: Create release
uses: ncipollo/release-action@a2e71bdd4e7dab70ca26a852f29600c98b33153e # v1.12.0
with:
tag: v0.0.${{ env.new_patch }}
name: content-build/v0.0.${{ env.new_patch }}
token: ${{ env.VA_VSP_BOT_GITHUB_TOKEN }}
commit: ${{ steps.get-current-ref.outputs.REF }}
- name: Export new release name
id: export-release-name
run: |
echo RELEASE_NAME=v0.0.${{ env.new_patch }} >> $GITHUB_OUTPUT
notify-success:
name: Notify Success
runs-on: ubuntu-latest
needs: create-release
steps:
- name: Checkout
uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
- name: Notify Slack
uses: department-of-veterans-affairs/platform-release-tools-actions/slack-notify@8c496a4b0c9158d18edcd9be8722ed0f79e8c5b4 # main
continue-on-error: true
with:
payload: '{"attachments": [{"color": "#07711E","blocks": [{"type": "section","text": {"type": "mrkdwn","text": "Successfully tagged new content-build release: ${{ needs.create-release.outputs.RELEASE_NAME }}"}}]}]}'
channel_id: ${{ env.CONTENT_BUILD_CHANNEL_ID }}
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
notify-failure:
name: Notify Failure
runs-on: ubuntu-latest
if: ${{ failure() || cancelled() }}
needs: create-release
steps:
- name: Checkout
uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
- name: Notify Slack
if: ${{ env.DSVA_SCHEDULE_ENABLED == 'true' }}
uses: department-of-veterans-affairs/platform-release-tools-actions/slack-notify@8c496a4b0c9158d18edcd9be8722ed0f79e8c5b4 # main
continue-on-error: true
with:
payload: '{"attachments": [{"color": "#D33834","blocks": [{"type": "section","text": {"type": "mrkdwn","text": "<!here> New content-build release could not be tagged!: <https://github.com/${{github.repository}}/actions/runs/${{github.run_id}}>"}}]}]}'
channel_id: ${{ env.CONTENT_BUILD_CHANNEL_ID }}
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}