From 90a301029d5856e66a5a5065aaf9509305e8a5b0 Mon Sep 17 00:00:00 2001 From: Tim Cosgrove Date: Fri, 27 Sep 2024 09:40:39 -0700 Subject: [PATCH] Split releases into 3 workflows. (#748) --- .github/workflows/content-release-dev.yml | 26 +++++++++++++++++ .github/workflows/content-release-prod.yml | 23 +++++++++++++++ .github/workflows/content-release-staging.yml | 26 +++++++++++++++++ .github/workflows/content-release.yml | 28 ++++++++----------- .github/workflows/recurring-release.yml | 27 ------------------ READMEs/devops/content-release.md | 22 +++++++++++++-- 6 files changed, 106 insertions(+), 46 deletions(-) create mode 100644 .github/workflows/content-release-dev.yml create mode 100644 .github/workflows/content-release-prod.yml create mode 100644 .github/workflows/content-release-staging.yml delete mode 100644 .github/workflows/recurring-release.yml diff --git a/.github/workflows/content-release-dev.yml b/.github/workflows/content-release-dev.yml new file mode 100644 index 000000000..d1aff63a4 --- /dev/null +++ b/.github/workflows/content-release-dev.yml @@ -0,0 +1,26 @@ +name: "Content release: Dev" +on: + # Can be manually triggered + workflow_dispatch: + # Runs 5:05 am EDT Monday to Friday. + # This currently UTC -> EDT. + schedule: + - cron: "05 9 * * 1-5" + # Runs each time there is a new Production Tag created. + workflow_run: + workflows: ['Create Production Tag'] + types: [completed] + branches: [main] + +concurrency: next-build-content-release-dev + +jobs: + content-release-dev: + # This job should run for any valid event besides workflow_run, or workflow_run if the conclusion was successful. + if: ${{ github.event_name != 'workflow_run' || github.event.workflow_run.conclusion == 'success' }} + uses: department-of-veterans-affairs/next-build/.github/workflows/content-release.yml@main + with: + build_type: "dev" + secrets: inherit + + diff --git a/.github/workflows/content-release-prod.yml b/.github/workflows/content-release-prod.yml new file mode 100644 index 000000000..02bb86865 --- /dev/null +++ b/.github/workflows/content-release-prod.yml @@ -0,0 +1,23 @@ +name: "Content release: Prod" +on: + # Can be manually triggered + workflow_dispatch: + # Runs automatically every 30 minutes from 8am to 8pm Monday to Friday. + # This currently UTC -> EDT. + schedule: + - cron: "*/30 0,12-23 * * 1-5" + # Runs on API call. Used for CMS-driven build triggers. + repository_dispatch: + types: [content-release] + +concurrency: next-build-content-release-prod + +jobs: + content-release: + uses: department-of-veterans-affairs/next-build/.github/workflows/content-release.yml@main + with: + build_type: "prod" + secrets: inherit + + + diff --git a/.github/workflows/content-release-staging.yml b/.github/workflows/content-release-staging.yml new file mode 100644 index 000000000..125c690cc --- /dev/null +++ b/.github/workflows/content-release-staging.yml @@ -0,0 +1,26 @@ +name: "Content release: Dev" +on: + # Can be manually triggered + workflow_dispatch: + # Runs 5:35 am EDT Monday to Friday. + # This currently UTC -> EDT. + schedule: + - cron: "35 9 * * 1-5" + # Runs each time there is a new Production Tag created. + workflow_run: + workflows: ['Create Production Tag'] + types: [completed] + branches: [main] + +concurrency: next-build-content-release-staging + +jobs: + content-release-staging: + # This job should run for any valid event besides workflow_run, or workflow_run if the conclusion was successful. + if: ${{ github.event_name != 'workflow_run' || github.event.workflow_run.conclusion == 'success' }} + uses: department-of-veterans-affairs/next-build/.github/workflows/content-release.yml@main + with: + build_type: "staging" + secrets: inherit + + diff --git a/.github/workflows/content-release.yml b/.github/workflows/content-release.yml index 4315d986e..89eddbe4b 100644 --- a/.github/workflows/content-release.yml +++ b/.github/workflows/content-release.yml @@ -5,12 +5,7 @@ permissions: contents: read # This is required for actions/checkout on: - repository_dispatch: - types: [content-release] - workflow_run: - workflows: ['Create Production Tag'] - types: [completed] - branches: [main] + # Runs when called from other workflows. Used for ongoing releases for dev/staging/prod. workflow_call: inputs: build_type: @@ -18,6 +13,7 @@ on: description: "Environment this workflow runs against" required: true default: 'PROD' + # Manual release. workflow_dispatch: inputs: build_type: @@ -31,7 +27,7 @@ on: - prod concurrency: - group: ${{ inputs.build_type || 'prod' }} + group: ${{ inputs.build_type || 'prod' }} env: SLACK_CHANNEL: C06DSBT7CBW #status-next-build @@ -107,7 +103,7 @@ jobs: continue-on-error: true with: payload: '{"attachments": [{"color": "#2EB67D","blocks": [{"type": "section","text": {"type": "mrkdwn","text": "Stand by, content release for next-build coming up (using ${{ needs.validate-build-status.outputs.TAG }}). "}}]}]}' - channel_id: ${{ env.SLACK_CHANNEL }} + channel_id: ${{ env.SLACK_CHANNEL }} aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} @@ -133,14 +129,14 @@ jobs: env: NODE_EXTRA_CA_CERTS: /etc/ssl/certs/ca-certificates.crt APP_ENV: ${{ inputs.build_type || 'prod' }} - + ports: - 80 volumes: - /etc/ssl/certs:/etc/ssl/certs steps: - + - name: Export setup start time id: export-setup-start-time run: echo SETUP_START_TIME=$(date +"%s") >> $GITHUB_OUTPUT @@ -208,7 +204,7 @@ jobs: cd out ls -l fi - + - name: Build sitemap run: cd main && yarn build:sitemap @@ -237,7 +233,7 @@ jobs: DEST: s3://next-content.dev.va.gov - if: inputs.build_type == 'staging' name: Deploy to S3 - run: | + run: | cd main && ./scripts/github-actions/deploy.sh -s $SRC -d $DEST -v ls cd out @@ -251,8 +247,8 @@ jobs: env: SRC: ./out/ DEST: s3://next-content.www.va.gov - - - if: inputs.build_type == '' + + - if: inputs.build_type == '' name: Deploy to S3 run: cd main && ./scripts/github-actions/deploy.sh -s $SRC -d $DEST -v env: @@ -262,7 +258,7 @@ jobs: - name: Export deploy end time id: export-deploy-end-time run: echo DEPLOY_END_TIME=$(date +"%s") >> $GITHUB_OUTPUT - + notify-success: name: Notify Success needs: [validate-build-status, build] @@ -380,7 +376,7 @@ jobs: METRIC_NAMESPACE: dsva_vagov.next_build steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v4 #uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Get current timestamp diff --git a/.github/workflows/recurring-release.yml b/.github/workflows/recurring-release.yml deleted file mode 100644 index 32031df82..000000000 --- a/.github/workflows/recurring-release.yml +++ /dev/null @@ -1,27 +0,0 @@ -name: recurring release -on: - workflow_dispatch: - - schedule: - - cron: "*/30 8-20 * * 1-5" # run a build to prod every 30 minutes from 8am to 8pm monday to friday - -jobs: - content-release: - uses: department-of-veterans-affairs/next-build/.github/workflows/content-release.yml@main - with: - build_type: "prod" - secrets: inherit - - content-release-dev: - uses: department-of-veterans-affairs/next-build/.github/workflows/content-release.yml@main - with: - build_type: "dev" - secrets: inherit - - content-release-staging: - uses: department-of-veterans-affairs/next-build/.github/workflows/content-release.yml@main - with: - build_type: "staging" - secrets: inherit - - diff --git a/READMEs/devops/content-release.md b/READMEs/devops/content-release.md index 68001e28f..36bb22f46 100644 --- a/READMEs/devops/content-release.md +++ b/READMEs/devops/content-release.md @@ -4,11 +4,27 @@ Content Release is what VA teams call the process of moving new published conten See [CMS Content Release](https://github.com/department-of-veterans-affairs/va.gov-cms/blob/main/READMES/cms-content-release.md) for more information on how content release is currently triggered via CMS for `content-build` and BRD. -In the short term, next-build will operate in very much the same way. When content is published in Drupal, a dispatch to our [content-release workflow](/.github/workflows/content-release.yml) will be triggered. This workflow builds all the static pages and assets currently known to next-build (as discovered by `RESOURCE_TYPES_TO_BUILD` in the catchall [slug file](/READMEs/slug.md)). It also generates a sitemap for these pages. Once the build process is completed, all of these items are pushed to the appropriate [S3 bucket](/READMEs/devops/infrastructure.md). Once the files are uploaded to S3, they are available for public traffic. +In the short term, next-build will operate in very much the same way. All content that is managed by Next Build will be built with each content release, regardless of whether it is new/changed or unchanged. -This workflow also happens whenever new code is merged to the main branch, to ensure the S3 bucket has the most up-to-date changes. +## Production content release -Right now, the workflow always runs using prod.cms.va.gov as it's data source and pushes output to the production next-content.www S3 bucket. If/when the workflow is parameterized to run against multiple targets (similar to how content-build builds `vagovdev`, `vagovstaging` and `vagovprod`), the sources and output buckets should also be adjusted. +Production content release currently is triggered by the following events: + +- On a schedule, every 30 minutes between 8 am and 8 pm ET +- Manually through the Github Actions interface +- When specific content is published in the CMS + +Production content releases use https://prod.cms.va.gov/ as their content source. + +## Dev and Staging content release + +Dev and Staging content releases are triggered by the following events: + +- On a schedule, nightly at 5:05 am ET or 5:35 am ET for Dev arnd Staging respectively. This keeps content relatively fresh even when there are no code changes to trigger a Dev or Staging content release. +- When any code is merged to the `main` branch of Next Build and has a successfull CI run on main - this is to keep Dev and Staging up-to-date with code changes they come in. +- Manually through the Github Actions interface + +Dev and Staging content releases use https://main-medc0xjkxm4jmpzxl3tfbcs7qcddsivh.ci.cms.va.gov/ as their content source. # Archiving