-
Notifications
You must be signed in to change notification settings - Fork 129
130 lines (110 loc) · 5.43 KB
/
continuous-deploy-production.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
name: Continuous Deploy Production
on:
repository_dispatch:
types: [cd-production-deploy]
jobs:
deploy:
name: Deploy
# if: always() && github.event.client_payload.github_ref == 'refs/heads/main' && needs.set-deploy-environments.result == 'success'
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@cd7d8d697e10461458bc61a30d094dc601a8b017
with:
fetch-depth: 0
- name: Install dependencies
uses: ./.github/workflows/install
timeout-minutes: 30
with:
key: ${{ hashFiles('yarn.lock') }}
yarn_cache_folder: .cache/yarn
path: |
.cache/yarn
node_modules
- name: Check if commit can be deployed
id: check-deployability
run: node ./script/github-actions/check-deployability.js
env:
BUILDTYPE: vagovprod
- name: Configure AWS credentials (1)
if: steps.check-deployability.outputs.is_deployable == 'true'
uses: ./.github/workflows/configure-aws-credentials
with:
aws_id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws_region: us-gov-west-1
- name: Get AWS IAM role
if: steps.check-deployability.outputs.is_deployable == 'true'
uses: ./.github/workflows/inject-secrets
with:
ssm_parameter: /frontend-team/github-actions/parameters/AWS_FRONTEND_PROD_ROLE
env_variable_name: AWS_FRONTEND_PROD_ROLE
- name: Configure AWS Credentials (2)
if: steps.check-deployability.outputs.is_deployable == 'true'
uses: ./.github/workflows/configure-aws-credentials
with:
aws_id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws_region: us-gov-west-1
role: ${{ env.AWS_FRONTEND_NONPROD_ROLE != '' && env.AWS_FRONTEND_NONPROD_ROLE || env.AWS_FRONTEND_PROD_ROLE }}
role_duration: 900
session_name: vsp-frontendteam-githubaction
- name: Output Deploy src
run: echo s3://vetsgov-website-builds-s3-upload/${{ github.event.client_payload.github_sha }}/vagovprod.tar.bz2
- name: Log GitHub Sha
run: echo ${{ github.event.client_payload.github_sha }}
# - name: Deploy
# if: steps.check-deployability.outputs.is_deployable == 'true'
# run: ./script/github-actions/partial-deploy.sh -s $SRC -d $DEST -a $ASSET_DEST -v
# env:
# SRC: s3://vetsgov-website-builds-s3-upload/${{ github.event.client_payload.github_sha }}/vagovprod.tar.bz2
# DEST: s3://www.va.gov
# ASSET_DEST: s3://prod-va-gov-assets
# notify-failure:
# name: Notify Failure
# runs-on: ubuntu-latest
# if: ${{ github.ref == 'refs/heads/main' && (failure() || cancelled()) }}
# needs: [deploy]
# env:
# ALERT_TEAMS: true # Alerts teams for single/grouped app builds when set to true
# DEVOPS_CHANNEL_ID: C37M86Y8G #devops-deploys
# VETS_WEBSITE_CHANNEL_ID: C02V265VCGH #status-vets-website
# steps:
# - name: Checkout
# uses: actions/checkout@cd7d8d697e10461458bc61a30d094dc601a8b017
# with:
# fetch-depth: 0
# - name: Install dependencies
# if: env.ALERT_TEAMS == 'true'
# uses: ./.github/workflows/install
# timeout-minutes: 30
# with:
# key: ${{ hashFiles('yarn.lock') }}
# yarn_cache_folder: .cache/yarn
# path: |
# .cache/yarn
# node_modules
# - name: Get changed applications
# id: get-changed-apps
# if: env.ALERT_TEAMS == 'true'
# uses: ./.github/workflows/get-changed-apps
# with:
# output-type: 'slack_group'
# - name: Notify application team in Slack
# if: env.ALERT_TEAMS == 'true' && steps.get-changed-apps.outputs.slack_groups != ''
# uses: department-of-veterans-affairs/platform-release-tools-actions/slack-notify@main
# continue-on-error: true
# with:
# payload: '{"attachments": [{"color": "#FF0800","blocks": [{"type": "section","text": {"type": "mrkdwn","text": "${{steps.get-changed-apps.outputs.slack_groups}} CI for your application failed on the `main` branch in `vets-website`: <https://github.com/${{github.repository}}/actions/runs/${{github.run_id}}|${{github.run_id}}>\n For help troubleshooting, see the <https://depo-platform-documentation.scrollhelp.site/developer-docs/Handling-failed-single%2Fgrouped-application-pipelines.2066645150.html|documentation> on failed workflow runs."}}]}]}'
# channel_id: ${{ env.VETS_WEBSITE_CHANNEL_ID }}
# aws_id: ${{ secrets.AWS_ACCESS_KEY_ID }}
# aws_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
# - name: Notify Slack
# if: steps.get-changed-apps.outputs.slack_groups == ''
# uses: department-of-veterans-affairs/platform-release-tools-actions/slack-notify@main
# continue-on-error: true
# with:
# payload: '{"attachments": [{"color": "#FF0800","blocks": [{"type": "section","text": {"type": "mrkdwn","text": "`main` branch CI in `vets-website` failed: <https://github.com/${{github.repository}}/actions/runs/${{github.run_id}}|${{github.run_id}}>"}}]}]}'
# channel_id: ${{ env.VETS_WEBSITE_CHANNEL_ID }}
# aws_id: ${{ secrets.AWS_ACCESS_KEY_ID }}
# aws_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}