Daily Production Release #737
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Daily Production Release | |
| on: | |
| workflow_dispatch: | |
| schedule: | |
| - cron: 0 15 * * 1-5 | |
| concurrency: | |
| group: daily-prod-release | |
| cancel-in-progress: true | |
| env: | |
| CHANNEL_ID: C0MQ281DJ # vfs-platform-builds | |
| CONTENT_BUILD_CHANNEL_ID: C02VD909V08 #status-content-build | |
| DSVA_SCHEDULE_ENABLED: true | |
| jobs: | |
| create-release: | |
| name: Create Release | |
| runs-on: ubuntu-latest | |
| outputs: | |
| RELEASE_NAME: ${{ steps.export-release-name.outputs.RELEASE_NAME }} | |
| steps: | |
| - name: Cancel workflow due to DSVA schedule | |
| if: ${{ github.event_name == 'schedule' && env.DSVA_SCHEDULE_ENABLED != 'true' }} | |
| uses: andymckay/cancel-action@b9280e3f8986d7a8e91c7462efc0fa318010c8b1 # v0.3 | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@e1e17a757e536f70e52b5a12b2e8d1d1c60e04ef # v2.0.0 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: us-gov-west-1 | |
| - name: Get bot token from Parameter Store | |
| uses: department-of-veterans-affairs/action-inject-ssm-secrets@d8e6de3bde4dd728c9d732baef58b3c854b8c4bb # latest | |
| with: | |
| ssm_parameter: /devops/VA_VSP_BOT_GITHUB_TOKEN | |
| env_variable_name: VA_VSP_BOT_GITHUB_TOKEN | |
| - name: Checkout | |
| uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
| with: | |
| token: ${{ env.VA_VSP_BOT_GITHUB_TOKEN }} | |
| - name: Install dependencies | |
| uses: ./.github/workflows/install | |
| with: | |
| key: ${{ hashFiles('yarn.lock') }} | |
| yarn_cache_folder: ~/.cache/yarn | |
| path: | | |
| ~/.cache/yarn | |
| node_modules | |
| - name: Get current ref | |
| id: get-current-ref | |
| run: echo REF=$(git rev-parse HEAD) >> $GITHUB_OUTPUT | |
| - name: Validate build status | |
| run: node ./script/github-actions/validate-build-status.js ${{ steps.get-current-ref.outputs.REF }} | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Get latest tag | |
| id: get-latest-tag | |
| run: echo LATEST_TAG_VERSION=$(git fetch --all --tags > /dev/null && git tag -l | sort -V --reverse | head -n 1) >> $GITHUB_OUTPUT | |
| - name: Get next tag version | |
| run: | | |
| current_patch=$(echo ${{ steps.get-latest-tag.outputs.LATEST_TAG_VERSION }} | cut -d'.' -f3) | |
| echo "new_patch=$(echo $(( $current_patch + 1 )))" >> $GITHUB_ENV | |
| - name: Create next tag | |
| uses: nick-invision/retry@943e742917ac94714d2f408a0e8320f2d1fcafcd # v2.8.3 | |
| with: | |
| timeout_seconds: 30 | |
| max_attempts: 3 | |
| command: git tag v0.0.${{ env.new_patch }} ${{ steps.get-current-ref.outputs.REF }} && git push --no-verify origin v0.0.${{ env.new_patch }} | |
| new_command_on_retry: | | |
| next_patch=$(echo $(( ${{ env.new_patch }} + 1 ))) | |
| echo "new_patch=$next_patch" >> $GITHUB_ENV | |
| git tag v0.0.$next_patch ${{ steps.get-current-ref.outputs.REF }} && git push --no-verify origin v0.0.$next_patch | |
| - name: Create release | |
| uses: ncipollo/release-action@a2e71bdd4e7dab70ca26a852f29600c98b33153e # v1.12.0 | |
| with: | |
| tag: v0.0.${{ env.new_patch }} | |
| name: content-build/v0.0.${{ env.new_patch }} | |
| token: ${{ env.VA_VSP_BOT_GITHUB_TOKEN }} | |
| commit: ${{ steps.get-current-ref.outputs.REF }} | |
| - name: Export new release name | |
| id: export-release-name | |
| run: | | |
| echo RELEASE_NAME=v0.0.${{ env.new_patch }} >> $GITHUB_OUTPUT | |
| notify-success: | |
| name: Notify Success | |
| runs-on: ubuntu-latest | |
| needs: create-release | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
| - name: Notify Slack | |
| uses: department-of-veterans-affairs/platform-release-tools-actions/slack-notify@8c496a4b0c9158d18edcd9be8722ed0f79e8c5b4 # main | |
| continue-on-error: true | |
| with: | |
| payload: '{"attachments": [{"color": "#07711E","blocks": [{"type": "section","text": {"type": "mrkdwn","text": "Successfully tagged new content-build release: ${{ needs.create-release.outputs.RELEASE_NAME }}"}}]}]}' | |
| channel_id: ${{ env.CONTENT_BUILD_CHANNEL_ID }} | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| notify-failure: | |
| name: Notify Failure | |
| runs-on: ubuntu-latest | |
| if: ${{ failure() || cancelled() }} | |
| needs: create-release | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
| - name: Notify Slack | |
| if: ${{ env.DSVA_SCHEDULE_ENABLED == 'true' }} | |
| uses: department-of-veterans-affairs/platform-release-tools-actions/slack-notify@8c496a4b0c9158d18edcd9be8722ed0f79e8c5b4 # main | |
| continue-on-error: true | |
| with: | |
| payload: '{"attachments": [{"color": "#D33834","blocks": [{"type": "section","text": {"type": "mrkdwn","text": "<!here> New content-build release could not be tagged!: <https://github.com/${{github.repository}}/actions/runs/${{github.run_id}}>"}}]}]}' | |
| channel_id: ${{ env.CONTENT_BUILD_CHANNEL_ID }} | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} |