Implement Staged Continuous Deployment (#34442)

* Set up test trigger for workflow * Set up test trigger for workflow * Set up test trigger for workflow * Add slack channel ID * Add slack channel ID * Add slack channel ID * change slack message color * change slack message color * remove test workflow, uncomment deploy step * replace inputs with client payload --------- Co-authored-by: Curt Bonade <[email protected]>
department-of-veterans-affairs · Feb 3, 2025 · 99d05e3 · 99d05e3
1 parent 0e85e9e
commit 99d05e3
Show file tree

Hide file tree

Showing 3 changed files with 27 additions and 145 deletions.
diff --git a/.github/workflows/cd-deploy-test.yml b/.github/workflows/cd-deploy-test.yml
diff --git a/.github/workflows/continuous-deploy-production.yml b/.github/workflows/continuous-deploy-production.yml
@@ -4,11 +4,32 @@ on:
   repository_dispatch:
     types: [cd-production-deploy]
 
+run-name: "Triggered by: ${{ github.event.client_payload.github_message }}"
+
 jobs:
+  notify-pending-deployment:
+    name: Notify of Pending Deployment
+    if: ${{ github.event.client_payload.github_ref == 'refs/heads/main' }}
+    runs-on: ubuntu-latest
+    env: 
+      VETS_WEBSITE_CHANNEL_ID: C02V265VCGH #status-vets-website
+
+    steps:
+      - name: Notify application team in Slack
+        uses: department-of-veterans-affairs/platform-release-tools-actions/slack-notify@main
+        continue-on-error: true
+        with:
+          payload: '{"attachments": [{"color": "#FFCC00","blocks": [{"type": "section","text": {"type": "mrkdwn","text": "A deployment for ${{ github.event.client_payload.entry_names }} is awaiting approval on the `main` branch in `vets-website`: <https://github.com/${{github.repository}}/actions/runs/${{github.run_id}}|${{github.event.client_payload.github_message}}>\n For help troubleshooting, see the <https://depo-platform-documentation.scrollhelp.site/developer-docs/frontend-deployment-changes-2025|documentation> on deployments."}}]}]}'
+          channel_id: ${{ env.VETS_WEBSITE_CHANNEL_ID }}
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+
   deploy:
     name: Deploy
     if: ${{ github.event.client_payload.github_ref == 'refs/heads/main' }}
+    needs: [notify-pending-deployment]
     runs-on: ubuntu-latest
+    environment: production-cd
 
     steps:
       - name: Checkout
@@ -71,7 +92,7 @@ jobs:
   notify-failure:
     name: Notify Failure
     runs-on: ubuntu-latest
-    if: ${{ github.ref == 'refs/heads/main' && (failure() || cancelled()) }}
+    if: ${{ always() && github.ref == 'refs/heads/main' && (failure() || cancelled()) }}
     needs: [deploy]
     env:
       ALERT_TEAMS: true # Alerts teams for single/grouped app builds when set to true
@@ -109,8 +130,8 @@ jobs:
         with:
           payload: '{"attachments": [{"color": "#FF0800","blocks": [{"type": "section","text": {"type": "mrkdwn","text": "${{steps.get-changed-apps.outputs.slack_groups}} CI for your application failed on the `main` branch in `vets-website`: <https://github.com/${{github.repository}}/actions/runs/${{github.run_id}}|${{github.run_id}}>\n For help troubleshooting, see the <https://depo-platform-documentation.scrollhelp.site/developer-docs/Handling-failed-single%2Fgrouped-application-pipelines.2066645150.html|documentation> on failed workflow runs."}}]}]}'
           channel_id: ${{ env.VETS_WEBSITE_CHANNEL_ID }}
-          aws_id: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          aws_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
 
       - name: Notify Slack
         if: steps.get-changed-apps.outputs.slack_groups == ''
@@ -119,5 +140,5 @@ jobs:
         with:
           payload: '{"attachments": [{"color": "#FF0800","blocks": [{"type": "section","text": {"type": "mrkdwn","text": "`main` branch CI in `vets-website` failed: <https://github.com/${{github.repository}}/actions/runs/${{github.run_id}}|${{github.run_id}}>"}}]}]}'
           channel_id: ${{ env.VETS_WEBSITE_CHANNEL_ID }}
-          aws_id: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          aws_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
diff --git a/.github/workflows/continuous-integration.yml b/.github/workflows/continuous-integration.yml
@@ -1932,7 +1932,7 @@ jobs:
           -H "Accept: application/vnd.github.v3+json" \
           -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \
           https://api.github.com/repos/${{ github.repository }}/dispatches \
-          -d '{"event_type":"cd-production-deploy", "client_payload": {"github_sha": "'"${{ github.sha }}"'","github_ref": "'"${{ github.ref }}"'"}}'
+          -d '{"event_type":"cd-production-deploy", "client_payload": {"github_sha": "'"${{ github.sha }}"'","github_ref": "'"${{ github.ref }}"'","github_message": "'"${{ github.event.head_commit.message }}"'", "entry_app": "'"${{ needs.build.outputs.entry_names }}"'"}}'
                     
   notify-failure:
     name: Notify Failure