Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

VACMS-16863: Trigger manifest update from image creation workflow. #440

Merged
merged 1 commit into from
Mar 6, 2024
Merged

VACMS-16863: Trigger manifest update from image creation workflow. #440

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 11 additions & 2 deletions .github/workflows/mirror-images.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ on:
workflow_run:
workflows: ['Create Production Tag']
types: [completed]
# branches: [main]
branches: [main]

jobs:
mirror:
Expand All @@ -35,7 +35,7 @@ jobs:
repository: department-of-veterans-affairs/vets-website
path: vets-website

- name: 'Download artifact'
- name: 'Download tag artifact'
if: ${{ github.event_name == 'workflow_run' }}
uses: actions/github-script@v6
with:
Expand Down Expand Up @@ -88,4 +88,13 @@ jobs:
docker build . -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG -f ./Dockerfile
docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG

- name: Write release name as artifact
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is the same logic as in the production tag creation workflow.

run: |
mkdir -p ./tag
echo $IMAGE_TAG > ./tag/tag.txt

- uses: actions/upload-artifact@v4
with:
name: tag.txt
path: tag/
## Needs failure state handling, and in general this and update manifest need notification handling.
78 changes: 74 additions & 4 deletions .github/workflows/update-manifest.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,40 +22,110 @@ on:
type: string
required: true
default: "staging"
workflow_run:
workflows: ['Create and Commit Next-Build Docker Image']
types: [completed]
branches: [main]

jobs:
update-manifest:
if: ${{ !(github.event_name == 'workflow_run' && github.event.workflow_run.conclusion == 'failure') }}
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same as before: if this is triggered by workflow_run and that was a failure, do not run.

runs-on: ubuntu-20.04
env:
IMAGE_TAG: ${{ inputs.image_tag }}
strategy:
fail-fast: false
max-parallel: 4
matrix:
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This setup is so we can deploy all environments at once.

app_name: ['next-build', 'next-build-test']
environment: ['staging', prod]
steps:
- name: 'Download tag artifact'
if: ${{ github.event_name == 'workflow_run' }}
uses: actions/github-script@v6
with:
script: |
let allArtifacts = await github.rest.actions.listWorkflowRunArtifacts({
owner: context.repo.owner,
repo: context.repo.repo,
run_id: context.payload.workflow_run.id,
});
let matchArtifact = allArtifacts.data.artifacts.filter((artifact) => {
return artifact.name == "tag.txt"
})[0];
let download = await github.rest.actions.downloadArtifact({
owner: context.repo.owner,
repo: context.repo.repo,
artifact_id: matchArtifact.id,
archive_format: 'zip',
});
let fs = require('fs');
fs.writeFileSync(`${process.env.GITHUB_WORKSPACE}/tag.zip`, Buffer.from(download.data));

- name: 'Unzip artifact'
if: ${{ github.event_name == 'workflow_run' }}
run: unzip tag.zip

- name: 'Read tag version'
if: ${{ github.event_name == 'workflow_run' }}
run: |
echo "IMAGE_TAG=$(cat tag.txt)" >> $GITHUB_ENV

- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-region: us-gov-west-1
role-to-assume: ${{ vars.AWS_ASSUME_ROLE }}
role-duration-seconds: 900
role-session-name: vsp-vagov-next-build-githubaction

- name: Get bot token from Parameter Store
uses: department-of-veterans-affairs/action-inject-ssm-secrets@d8e6de3bde4dd728c9d732baef58b3c854b8c4bb # latest
with:
ssm_parameter: /devops/VA_VSP_BOT_GITHUB_TOKEN
env_variable_name: VA_VSP_BOT_GITHUB_TOKEN

- name: Check out Manifest Repo
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
repository: department-of-veterans-affairs/vsp-infra-application-manifests
token: ${{ env.VA_VSP_BOT_GITHUB_TOKEN }}
fetch-depth: 1
path: vsp-infra-application-manifests
- name: Update image and helm chart versions

# If this is triggered manually, use the input values
- name: Update image and helm chart versions (dispatch)
if: ${{ github.event_name == 'workflow_dispatch' }}
run: |
cd vsp-infra-application-manifests/apps/${{ inputs.app_name }}/${{ inputs.environment }}
yq e -i '.deployment.container.image = "008577686731.dkr.ecr.us-gov-west-1.amazonaws.com/dsva/next-build-node:${{ inputs.image_tag }}"' values.yaml
yq e -i '.deployment.container.image = "008577686731.dkr.ecr.us-gov-west-1.amazonaws.com/dsva/next-build-node:${{ env.IMAGE_TAG }}"' values.yaml
git diff
- name: Add and Commit file

- name: Add and Commit file (dispatch)
if: ${{ github.event_name == 'workflow_dispatch' }}
uses: EndBug/add-and-commit@a94899bca583c204427a224a7af87c02f9b325d5 # v9.1.4
with:
add: '*.yaml'
cwd: vsp-infra-application-manifests/apps/${{ inputs.app_name }}/${{ inputs.environment }}
author_name: va-vsp-bot
author_email: [email protected]
message: 'auto update next-build images and helm chart'
message: 'auto update next-build images and helm chart'

# If this is triggered via workflow_run, run as a matrix and deploy all
# apps and envs.
- name: Update image and helm chart versions (triggered by upstream)
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If these steps run (because triggered by workflow_run), it will cause the job to be split out into 4 parallel jobs which will deploy each environment.

if: ${{ github.event_name == 'workflow_run' }}
run: |
cd vsp-infra-application-manifests/apps/${{ matrix.app_name }}/${{ matrix.environment }}
yq e -i '.deployment.container.image = "008577686731.dkr.ecr.us-gov-west-1.amazonaws.com/dsva/next-build-node:${{ env.IMAGE_TAG }}"' values.yaml
git diff

- name: Add and Commit file (triggered by upstream)
if: ${{ github.event_name == 'workflow_run' }}
uses: EndBug/add-and-commit@a94899bca583c204427a224a7af87c02f9b325d5 # v9.1.4
with:
add: '*.yaml'
cwd: vsp-infra-application-manifests/apps/${{ matrix.app_name }}/${{ matrix.environment }}
author_name: va-vsp-bot
author_email: [email protected]
message: 'auto update next-build images and helm chart'