-
Notifications
You must be signed in to change notification settings - Fork 128
136 lines (118 loc) · 5.4 KB
/
cd-deploy-test.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
name: Continuous Deploy Production Test Workflow
on:
workflow_dispatch:
inputs:
commit_sha:
description: Deploy specific commit
required: true
jobs:
get-workflow-environment:
runs-on: ubuntu-latest
outputs:
environment_name: ${{ steps.check-environment.outputs.env_name }}
steps:
- name: Check environment
id: check-environment
run: echo env_name='production' >> $GITHUB_OUTPUT
deploy:
name: Deploy
if: ${{ github.event.client_payload.github_ref == 'refs/heads/main' }}
runs-on: ubuntu-latest
needs: [get-workflow-environment]
steps:
- name: Checkout
uses: actions/checkout@cd7d8d697e10461458bc61a30d094dc601a8b017
with:
fetch-depth: 0
- name: Install dependencies
uses: ./.github/workflows/install
timeout-minutes: 30
with:
key: ${{ hashFiles('yarn.lock') }}
yarn_cache_folder: .cache/yarn
path: |
.cache/yarn
node_modules
- name: Check if commit can be deployed
id: check-deployability
run: node ./script/github-actions/check-deployability.js
env:
BUILDTYPE: vagovprod
- name: Configure AWS credentials (1)
if: steps.check-deployability.outputs.is_deployable == 'true'
uses: ./.github/workflows/configure-aws-credentials
with:
aws_id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws_region: us-gov-west-1
- name: Get AWS IAM role
if: steps.check-deployability.outputs.is_deployable == 'true'
uses: ./.github/workflows/inject-secrets
with:
ssm_parameter: /frontend-team/github-actions/parameters/AWS_FRONTEND_PROD_ROLE
env_variable_name: AWS_FRONTEND_PROD_ROLE
- name: Configure AWS Credentials (2)
if: steps.check-deployability.outputs.is_deployable == 'true'
uses: ./.github/workflows/configure-aws-credentials
with:
aws_id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws_region: us-gov-west-1
role: ${{ env.AWS_FRONTEND_NONPROD_ROLE != '' && env.AWS_FRONTEND_NONPROD_ROLE || env.AWS_FRONTEND_PROD_ROLE }}
role_duration: 900
session_name: vsp-frontendteam-githubaction
- name: Deploy
if: steps.check-deployability.outputs.is_deployable == 'true'
run: ./script/github-actions/partial-deploy.sh -s $SRC -d $DEST -a $ASSET_DEST -v
env:
SRC: s3://vetsgov-website-builds-s3-upload/${{ github.event.client_payload.github_sha }}/vagovprod.tar.bz2
DEST: s3://www.va.gov
ASSET_DEST: s3://prod-va-gov-assets
notify-failure:
name: Notify Failure
runs-on: ubuntu-latest
if: ${{ github.ref == 'refs/heads/main' && (failure() || cancelled()) }}
needs: [deploy]
env:
ALERT_TEAMS: true # Alerts teams for single/grouped app builds when set to true
DEVOPS_CHANNEL_ID: C37M86Y8G #devops-deploys
VETS_WEBSITE_CHANNEL_ID: C02V265VCGH #status-vets-website
steps:
- name: Checkout
uses: actions/checkout@cd7d8d697e10461458bc61a30d094dc601a8b017
with:
fetch-depth: 0
- name: Install dependencies
if: env.ALERT_TEAMS == 'true'
uses: ./.github/workflows/install
timeout-minutes: 30
with:
key: ${{ hashFiles('yarn.lock') }}
yarn_cache_folder: .cache/yarn
path: |
.cache/yarn
node_modules
- name: Get changed applications
id: get-changed-apps
if: env.ALERT_TEAMS == 'true'
uses: ./.github/workflows/get-changed-apps
with:
output-type: 'slack_group'
- name: Notify application team in Slack
if: env.ALERT_TEAMS == 'true' && steps.get-changed-apps.outputs.slack_groups != ''
uses: department-of-veterans-affairs/platform-release-tools-actions/slack-notify@main
continue-on-error: true
with:
payload: '{"attachments": [{"color": "#FF0800","blocks": [{"type": "section","text": {"type": "mrkdwn","text": "${{steps.get-changed-apps.outputs.slack_groups}} CI for your application failed on the `main` branch in `vets-website`: <https://github.com/${{github.repository}}/actions/runs/${{github.run_id}}|${{github.run_id}}>\n For help troubleshooting, see the <https://depo-platform-documentation.scrollhelp.site/developer-docs/Handling-failed-single%2Fgrouped-application-pipelines.2066645150.html|documentation> on failed workflow runs."}}]}]}'
channel_id: ${{ env.VETS_WEBSITE_CHANNEL_ID }}
aws_id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
- name: Notify Slack
if: steps.get-changed-apps.outputs.slack_groups == ''
uses: department-of-veterans-affairs/platform-release-tools-actions/slack-notify@main
continue-on-error: true
with:
payload: '{"attachments": [{"color": "#FF0800","blocks": [{"type": "section","text": {"type": "mrkdwn","text": "`main` branch CI in `vets-website` failed: <https://github.com/${{github.repository}}/actions/runs/${{github.run_id}}|${{github.run_id}}>"}}]}]}'
channel_id: ${{ env.VETS_WEBSITE_CHANNEL_ID }}
aws_id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}