-
Notifications
You must be signed in to change notification settings - Fork 128
124 lines (106 loc) · 5.01 KB
/
continuous-deploy-production.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
name: Continuous Deploy Production
on:
repository_dispatch:
types: [cd-production-deploy]
jobs:
deploy:
name: Deploy
if: ${{ github.event.client_payload.github_ref == 'refs/heads/main' }}
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@cd7d8d697e10461458bc61a30d094dc601a8b017
with:
fetch-depth: 0
- name: Install dependencies
uses: ./.github/workflows/install
timeout-minutes: 30
with:
key: ${{ hashFiles('yarn.lock') }}
yarn_cache_folder: .cache/yarn
path: |
.cache/yarn
node_modules
- name: Check if commit can be deployed
id: check-deployability
run: node ./script/github-actions/check-deployability.js
env:
BUILDTYPE: vagovprod
- name: Configure AWS credentials (1)
if: steps.check-deployability.outputs.is_deployable == 'true'
uses: ./.github/workflows/configure-aws-credentials
with:
aws_id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws_region: us-gov-west-1
- name: Get AWS IAM role
if: steps.check-deployability.outputs.is_deployable == 'true'
uses: ./.github/workflows/inject-secrets
with:
ssm_parameter: /frontend-team/github-actions/parameters/AWS_FRONTEND_PROD_ROLE
env_variable_name: AWS_FRONTEND_PROD_ROLE
- name: Configure AWS Credentials (2)
if: steps.check-deployability.outputs.is_deployable == 'true'
uses: ./.github/workflows/configure-aws-credentials
with:
aws_id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws_region: us-gov-west-1
role: ${{ env.AWS_FRONTEND_NONPROD_ROLE != '' && env.AWS_FRONTEND_NONPROD_ROLE || env.AWS_FRONTEND_PROD_ROLE }}
role_duration: 900
session_name: vsp-frontendteam-githubaction
- name: Deploy
if: steps.check-deployability.outputs.is_deployable == 'true'
run: ./script/github-actions/partial-deploy.sh -s $SRC -d $DEST -a $ASSET_DEST -v
env:
SRC: s3://vetsgov-website-builds-s3-upload/${{ github.event.client_payload.github_sha }}/vagovprod.tar.bz2
DEST: s3://www.va.gov
ASSET_DEST: s3://prod-va-gov-assets
notify-failure:
name: Notify Failure
runs-on: ubuntu-latest
if: ${{ github.ref == 'refs/heads/main' && (failure() || cancelled()) }}
needs: [deploy]
env:
ALERT_TEAMS: true # Alerts teams for single/grouped app builds when set to true
DEVOPS_CHANNEL_ID: C37M86Y8G #devops-deploys
VETS_WEBSITE_CHANNEL_ID: C02V265VCGH #status-vets-website
steps:
- name: Checkout
uses: actions/checkout@cd7d8d697e10461458bc61a30d094dc601a8b017
with:
fetch-depth: 0
- name: Install dependencies
if: env.ALERT_TEAMS == 'true'
uses: ./.github/workflows/install
timeout-minutes: 30
with:
key: ${{ hashFiles('yarn.lock') }}
yarn_cache_folder: .cache/yarn
path: |
.cache/yarn
node_modules
- name: Get changed applications
id: get-changed-apps
if: env.ALERT_TEAMS == 'true'
uses: ./.github/workflows/get-changed-apps
with:
output-type: 'slack_group'
- name: Notify application team in Slack
if: env.ALERT_TEAMS == 'true' && steps.get-changed-apps.outputs.slack_groups != ''
uses: department-of-veterans-affairs/platform-release-tools-actions/slack-notify@main
continue-on-error: true
with:
payload: '{"attachments": [{"color": "#FF0800","blocks": [{"type": "section","text": {"type": "mrkdwn","text": "${{steps.get-changed-apps.outputs.slack_groups}} CI for your application failed on the `main` branch in `vets-website`: <https://github.com/${{github.repository}}/actions/runs/${{github.run_id}}|${{github.run_id}}>\n For help troubleshooting, see the <https://depo-platform-documentation.scrollhelp.site/developer-docs/Handling-failed-single%2Fgrouped-application-pipelines.2066645150.html|documentation> on failed workflow runs."}}]}]}'
channel_id: ${{ env.VETS_WEBSITE_CHANNEL_ID }}
aws_id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
- name: Notify Slack
if: steps.get-changed-apps.outputs.slack_groups == ''
uses: department-of-veterans-affairs/platform-release-tools-actions/slack-notify@main
continue-on-error: true
with:
payload: '{"attachments": [{"color": "#FF0800","blocks": [{"type": "section","text": {"type": "mrkdwn","text": "`main` branch CI in `vets-website` failed: <https://github.com/${{github.repository}}/actions/runs/${{github.run_id}}|${{github.run_id}}>"}}]}]}'
channel_id: ${{ env.VETS_WEBSITE_CHANNEL_ID }}
aws_id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}