Skip to content

Nightly Archive

Nightly Archive #285

Workflow file for this run

name: Nightly Archive
permissions:
id-token: write # This is required for requesting the JWT for AWS creds
contents: read # This is required for actions/checkout
on:
# Schedule; currently once nightly, at 5:00 UTC.
# This is deliberately set at a different time than the broken link check to reduce load on runners.
schedule:
- cron: 0 5 * * *
env:
BUILD_TYPE: vagovprod
APP_ENV: prod
NODE_EXTRA_CA_CERTS: /etc/ssl/certs/ca-certificates.crt
SLACK_CHANNEL: C06DSBT7CBW #status-next-build
jobs:
# This is necessary to get credentials to use the private ECR image defined in the build job container.
login-to-amazon-ecr:
runs-on: ubuntu-latest
steps:
- name: Configure AWS credentials
uses: aws-actions/[email protected]
with:
aws-region: us-gov-west-1
role-to-assume: ${{ vars.AWS_ASSUME_ROLE }}
mask-aws-account-id: 'false'
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2
with:
mask-password: 'false'
outputs:
docker_username: ${{ steps.login-ecr.outputs.docker_username_008577686731_dkr_ecr_us_gov_west_1_amazonaws_com }}
docker_password: ${{ steps.login-ecr.outputs.docker_password_008577686731_dkr_ecr_us_gov_west_1_amazonaws_com }}
validate-build-status:
name: Validate Build Status
runs-on: ubuntu-latest
outputs:
REF: ${{ steps.get-latest-release.outputs.target_commitish }}
TAG: ${{ steps.get-latest-release.outputs.tag_name }}
APPROX_WORKFLOW_START_TIME: ${{ steps.export-approx-workflow-start-time.outputs.APPROX_WORKFLOW_START_TIME }}
timeout-minutes: 15
steps:
- name: Export approximate workflow start time
id: export-approx-workflow-start-time
run: echo APPROX_WORKFLOW_START_TIME=$(date +"%s") >> $GITHUB_OUTPUT
- name: Checkout
uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: 20 # the validate-build-status requires node12, node16, node20...
- name: Setup Yarn
run: |
corepack enable
corepack install -g --cache-only .yarn/releases/corepack.tgz
- name: Install dependencies
run: yarn
- name: Get latest release
id: get-latest-release
uses: ./.github/workflows/fetch-latest-release
- name: Validate build status
run: node ./scripts/github-actions/validate-build-status.js ${{ steps.get-latest-release.outputs.target_commitish }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
build:
name: Archive static build on S3
timeout-minutes: 60
runs-on: [self-hosted, asg]
needs: [validate-build-status, login-to-amazon-ecr]
container:
image: 008577686731.dkr.ecr.us-gov-west-1.amazonaws.com/node-18.19.0-bullseye:latest
credentials:
username: ${{ needs.login-to-amazon-ecr.outputs.docker_username }}
password: ${{ needs.login-to-amazon-ecr.outputs.docker_password }}
# Certs added for the self hosted runner
env:
NODE_EXTRA_CA_CERTS: ${{ env.NODE_EXTRA_CA_CERTS }}
APP_ENV: ${{ env.APP_ENV }}
ports:
- 80
volumes:
- /etc/ssl/certs:/etc/ssl/certs
steps:
- name: Checkout next-build
uses: actions/checkout@v4
with:
repository: department-of-veterans-affairs/next-build
ref: ${{ needs.validate-build-status.outputs.TAG }}
path: main
- name: Checkout vets-website
uses: actions/checkout@v4
with:
repository: department-of-veterans-affairs/vets-website
path: vets-website
- name: Install awscli
run: |
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip -o awscliv2.zip
./aws/install
- uses: actions/setup-node@v4
with:
node-version: 18
- name: Setup Yarn
run: |
cd main
corepack enable
corepack install -g --cache-only .yarn/releases/corepack.tgz
- name: Install dependencies
run: cd main && yarn
- name: Gather vets-website assets
run: cd main && yarn setup
- name: Build site
uses: nick-fields/retry@v3
with:
max_attempts: 3
retry_on: error
timeout_minutes: 30
command: cd main && BUILD_OPTION=static yarn export --DRUPAL_CLIENT_ID ${{ secrets.PROD_DRUPAL_CLIENT_ID }} --DRUPAL_CLIENT_SECRET ${{ secrets.PROD_DRUPAL_CLIENT_SECRET }} --no-USE_REDIS
- name: Build sitemap
run: cd main && yarn build:sitemap
- name: Compress built site for archive
run: tar -c main/out/ -cf ${{ env.BUILD_TYPE }}.tar.bz2 .
- name: Configure AWS Credentials
uses: aws-actions/[email protected]
with:
aws-region: us-gov-west-1
role-to-assume: ${{ vars.AWS_ASSUME_ROLE }}
role-duration-seconds: 900
- name: Upload archive to S3
run: aws s3 cp ${{ env.BUILD_TYPE }}.tar.bz2 s3://vetsgov-website-builds-s3-upload/next-build/${{needs.validate-build-status.outputs.REF}}/${{ env.BUILD_TYPE }}.tar.bz2 --acl public-read --region us-gov-west-1 --no-progress
env:
SRC: ./out/
DEST: s3://next-content.www.va.gov
notify-success:
name: Notify Success (Slack)
needs: [validate-build-status, build]
runs-on: ubuntu-latest
steps:
- name: Check out repo
uses: actions/checkout@v4
- name: Notify Slack
uses: department-of-veterans-affairs/platform-release-tools-actions/slack-notify@8c496a4b0c9158d18edcd9be8722ed0f79e8c5b4 # main
continue-on-error: true
with:
payload: '{"attachments": [{"color": "#07711E","blocks": [{"type": "section","text": {"type": "mrkdwn","text": "Successfully archived next-build release: ${{ needs.validate-build-status.outputs.TAG }} at s3://vetsgov-website-builds-s3-upload/next-build/${{needs.validate-build-status.outputs.REF}}/${{ env.BUILD_TYPE }}.tar.bz2"}}]}]}'
channel_id: ${{ env.SLACK_CHANNEL }}
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
notify-failure:
name: Notify Failure (Slack)
runs-on: ubuntu-latest
needs: build
if: ${{ failure() || cancelled() }}
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Notify Slack
uses: department-of-veterans-affairs/platform-release-tools-actions/slack-notify@8c496a4b0c9158d18edcd9be8722ed0f79e8c5b4 # main
continue-on-error: true
with:
payload: '{"attachments": [{"color": "#D33834","blocks": [{"type": "section","text": {"type": "mrkdwn","text": ">:warning: The latest nightly archive failed to complete: <https://github.com/${{github.repository}}/actions/runs/${{github.run_id}}>"}}]}]}'
channel_id: ${{ env.SLACK_CHANNEL }}
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}