-
Notifications
You must be signed in to change notification settings - Fork 3
181 lines (167 loc) · 6.83 KB
/
deploy.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
name: Deploy
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
on:
workflow_call:
inputs:
# Sets the Mina environment (e.g. staging, production)
# A task by the same name must exist in config/deploy.rb
environment:
required: true
type: string
# Sets the Git branch which will be checked out
branch:
required: true
type: string
# Determines who can manually trigger the workflow
# Example: "@github_username1 @github_username2"
# See: https://docs.github.com/en/actions/managing-workflow-runs/manually-running-a-workflow
deployers:
required: false
type: string
default: ''
# Sets BUNDLE_APP_CONFIG environment variable
# See: https://bundler.io/man/bundle-config.1.html
bundle_app_config:
required: false
type: string
default: .bundle/ci-deploy
# Selects the runner on which the workflow will run
# See: https://docs.github.com/en/actions/using-github-hosted-runners/about-github-hosted-runners#supported-runners-and-hardware-resources
runner:
required: false
type: string
default: ubuntu-22.04
# Defines the Slack channel to which a notification will be sent upon completion of the workflow
# Format: channel name (without the #)
# Example: 'my-channel-name'
slack_notification_channel:
required: false
type: string
# Defines on which events the notification is sent to the Slack channel defined in `slack_notification_channel` input
# By default, all events will trigger a notification
# Enum: success | failure | all
notify_on:
required: false
type: string
default: all
secrets:
SSH_PRIVATE_KEY:
required: true
SLACK_BOT_TOKEN:
required: false
# Additional environment variables set in the workflow
# Format: JSON object with string values (key becomes env variable name, value becomes env variable value)
# Example: '{ "FOO": "BAR", "BAZ": "${{ secrets.BAZ }}" }'
ADDITIONAL_VARIABLES:
required: false
jobs:
deploy:
name: Deploy
runs-on: ${{ inputs.runner }}
timeout-minutes: 30
env:
BUNDLE_APP_CONFIG: ${{ inputs.bundle_app_config }}
if: ${{ github.event_name == 'workflow_dispatch' && contains(inputs.deployers, format('@{0}', github.actor)) || github.event.workflow_run.conclusion == 'success' }}
steps:
- name: Set up additional environment variables
env:
ADDITIONAL_VARIABLES: ${{ secrets.ADDITIONAL_VARIABLES }}
if: ${{ env.ADDITIONAL_VARIABLES }}
run: >
if echo '${{ env.ADDITIONAL_VARIABLES }}' | jq >/dev/null 2>&1; then
echo '${{ env.ADDITIONAL_VARIABLES }}' | jq -r 'to_entries[] | "\(.key) \(.value)"' | \
while read -r key value; do echo "$key=$value" >> $GITHUB_ENV && echo "Variable $key has been set"; done
else
echo "ADDITIONAL_VARIABLES secret you supplied is not a valid JSON object. Check the formatting of the secret."
exit 1
fi
- name: Git checkout
uses: actions/checkout@v4
with:
ref: ${{ inputs.branch }}
- name: Set up Ruby
uses: ruby/setup-ruby@v1
with:
bundler-cache: true
- name: Prepare SSH agent
uses: webfactory/[email protected]
with:
ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }}
- name: Deploy
id: deploy
run: bin/deploy ${{ inputs.environment }}
- name: Notify on Slack
env:
SUCCESS: ${{ steps.deploy.outcome == 'success' }}
FAILURE: ${{ steps.deploy.outcome == 'failure' }}
CHANNEL: ${{ inputs.slack_notification_channel }}
NOTIFY_ON: ${{ inputs.notify_on }}
SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
DEPLOY_ENVIRONMENT: ${{ inputs.environment }}
if: ${{ always() && inputs.slack_notification_channel }}
run: |
if [ -z "$SLACK_BOT_TOKEN" ] ; then
echo "SLACK_BOT_TOKEN secret is missing from the workflow!"
exit 1
fi
if [[ "$NOTIFY_ON" != "success" && "$NOTIFY_ON" != "failure" && "$NOTIFY_ON" != "all" ]] ; then
echo "notify_on input is not valid. Must be one of: 'success', 'failure', or 'all'"
exit 1
fi
SHORT_SHA=$(git rev-parse --short HEAD)
FULL_SHA=$(git rev-parse HEAD)
COMMIT_MESSAGE=$(git show -s --format=%s)
GITHUB_RUN_URL="$GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID"
GITHUB_COMMIT_URL="$GITHUB_SERVER_URL/$GITHUB_REPOSITORY/commit/$FULL_SHA"
if [[ "$SUCCESS" = true && ("$NOTIFY_ON" = "success" || "$NOTIFY_ON" = "all") ]] ; then
curl -X POST https://slack.com/api/chat.postMessage \
-H "Content-type: application/json; charset=utf-8" \
-H "Authorization: Bearer $SLACK_BOT_TOKEN" \
-s -S \
-d @- <<- EOF
{
"channel": "$CHANNEL",
"attachments": [
{
"color": "#19a974",
"blocks": [
{
"type": "section",
"text": {
"type": "mrkdwn",
"text": "$GITHUB_ACTOR <$GITHUB_RUN_URL|deployed> to *$DEPLOY_ENVIRONMENT*! :tada: \n _ $COMMIT_MESSAGE _ (<$GITHUB_COMMIT_URL|$SHORT_SHA>)"
}
}
]
}
]
}
EOF
fi
if [[ "$FAILURE" = true && ("$NOTIFY_ON" = "failure" || "$NOTIFY_ON" = "all") ]] ; then
curl -X POST https://slack.com/api/chat.postMessage \
-H "Content-type: application/json; charset=utf-8" \
-H "Authorization: Bearer $SLACK_BOT_TOKEN" \
-s -S \
-d @- <<- EOF
{
"channel": "$CHANNEL",
"attachments": [
{
"color": "#f75819",
"blocks": [
{
"type": "section",
"text": {
"type": "mrkdwn",
"text": "$GITHUB_ACTOR failed to <$GITHUB_RUN_URL|deploy> to *$DEPLOY_ENVIRONMENT*! :boom: \n _ $COMMIT_MESSAGE _ (<$GITHUB_COMMIT_URL|$SHORT_SHA>)"
}
}
]
}
]
}
EOF
fi