Skip to content

eli 452 cicd improvements #362

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
shweta-nhs merged 23 commits into from
Sep 18, 2025
Merged

eli 452 cicd improvements #362

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
23 commits
Select commit Hold shift + click to select a range
fde879a
(ELI-444) removing concurrency and adding deploy lock
TOEL2 Sep 16, 2025
a762e60
(ELI-452) moving env check inside the job
TOEL2 Sep 16, 2025
6457509
(ELI-452) increased timeout and removed double env check
TOEL2 Sep 16, 2025
2ea55cd
(ELI-452) increased timeout again
TOEL2 Sep 16, 2025
9a78845
(ELI-452) removed dependency on env input
TOEL2 Sep 16, 2025
dca6185
(ELI-452) removed double env check again
TOEL2 Sep 16, 2025
bbcfcc9
(ELI-452) adding script
TOEL2 Sep 17, 2025
be1bb74
ELI-452: Adds test yml for tag and release
shweta-nhs Sep 17, 2025
b3276f5
ELI-452: Using existing yml for workflow to test
shweta-nhs Sep 17, 2025
8785c94
ELI-452: Using existing yml for workflow to test
shweta-nhs Sep 17, 2025
e45c147
ELI-452: WIP test
shweta-nhs Sep 17, 2025
87a39fe
ELI-452: WIP test
shweta-nhs Sep 17, 2025
54bca6e
ELI-452: WIP test
shweta-nhs Sep 17, 2025
cdc784b
ELI-452: install request depenedency
shweta-nhs Sep 17, 2025
2ca9162
ELI-452: install request using poetry
shweta-nhs Sep 17, 2025
7774a66
ELI-452: install request using poetry
shweta-nhs Sep 17, 2025
2eac4df
ELI-452: install request using poetry
shweta-nhs Sep 17, 2025
8d8e43b
ELI-452: install request using poetry
shweta-nhs Sep 17, 2025
936b200
ELI-452: tag creation done
shweta-nhs Sep 17, 2025
89b0127
ELI-452: removes seed script, renames workflows
shweta-nhs Sep 17, 2025
abb71d2
ELI-452: Moves non workflows to helpers
shweta-nhs Sep 17, 2025
7484b2f
Revert "ELI-452: Moves non workflows to helpers"
shweta-nhs Sep 18, 2025
461ab13
Merge branch 'main' into feauture/te-sd-ELI-452-cicd-improvements
shweta-nhs Sep 18, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
135 changes: 16 additions & 119 deletions .github/workflows/base-deploy.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -89,10 +89,19 @@ jobs:
with:
terraform_version: ${{ needs.metadata.outputs.terraform_version }}

- name: "Install Poetry"
run: |
curl -sSL https://install.python-poetry.org | python3 -
echo "$HOME/.local/bin" >> $GITHUB_PATH

- name: "Set up Python"
uses: actions/setup-python@v5
with:
python-version: "3.13"
cache: 'poetry'

- name: "Install dependencies"
run: poetry install

- name: "Checkout repository at ref"
uses: actions/checkout@v5
Expand Down Expand Up @@ -144,135 +153,23 @@ jobs:
echo "Running: make terraform env=$ENVIRONMENT workspace=$WORKSPACE stack=api-layer tf-command=apply"
make terraform env=$ENVIRONMENT stack=api-layer tf-command=apply workspace=$WORKSPACE

- name: "Set up git identity"
if: ${{ needs.metadata.outputs.environment == 'preprod' || needs.metadata.outputs.environment == 'prod' }}
run: |
git config user.name "github-actions"
git config user.email "[email protected]"

- name: "Validate Feature Toggles"
env:
ENV: ${{ needs.metadata.outputs.environment }}
run: |
pip install boto3
python scripts/feature_toggle/validate_toggles.py

# ---------- Preprod path: create RC tag + pre-release ----------
- name: "Create/Push RC tag for preprod"
if: ${{ needs.metadata.outputs.environment == 'preprod' }}
id: rc_tag
shell: bash
run: |
set -euo pipefail
git fetch --tags

# Helper: get latest final and latest RC (across all bases)
latest_final="$(git tag -l 'v[0-9]*.[0-9]*.[0-9]*' \
| grep -E '^v[0-9]+\.[0-9]+\.[0-9]+$' | sort -V | tail -n1 || true)"
latest_any_rc="$(git tag -l 'v[0-9]*.[0-9]*.[0-9]*-rc.*' \
| sort -V | tail -n1 || true)"

# Determine the base version (vX.Y.Z) we will use for the next RC.
# If release_type=rc and we already have RCs, keep the SAME base as the latest RC.
# Otherwise, derive base from latest FINAL and bump per release_type.
if [[ "${{ inputs.release_type }}" == "rc" && -n "${latest_any_rc}" ]]; then
base="${latest_any_rc%-rc.*}" # strip '-rc.N' → vX.Y.Z
else
# Start from latest FINAL (or 0.0.0 if none)
if [[ -z "${latest_final}" ]]; then
base_major=0; base_minor=0; base_patch=0
else
IFS='.' read -r base_major base_minor base_patch <<< "${latest_final#v}"
fi

case "${{ inputs.release_type }}" in
major) base_major=$((base_major+1)); base_minor=0; base_patch=0 ;;
minor) base_minor=$((base_minor+1)); base_patch=0 ;;
patch|rc|*) base_patch=$((base_patch+1)) ;; # 'rc' with no prior RCs → default to patch bump
esac

base="v${base_major}.${base_minor}.${base_patch}"
fi

# Compute next RC number for this base
last_rc_for_base="$(git tag -l "${base}-rc.*" | sort -V | tail -n1 || true)"
if [[ -z "${last_rc_for_base}" ]]; then
next_rc="${base}-rc.1"
else
n="${last_rc_for_base##*-rc.}"
next_rc="${base}-rc.$((n+1))"
fi

# Tag current commit (whatever ref was checked out)
sha="$(git rev-parse HEAD)"
echo "Tagging ${sha} as ${next_rc}"
git tag -a "${next_rc}" "${sha}" -m "Release candidate ${next_rc}"
git push origin "${next_rc}"

echo "rc=${next_rc}" >> "$GITHUB_OUTPUT"

- name: "Create GitHub Pre-release (preprod)"
if: ${{ needs.metadata.outputs.environment == 'preprod' }}
uses: actions/create-release@v1
- name: "Tag and Release"
if: ${{ needs.metadata.outputs.environment == 'preprod' || needs.metadata.outputs.environment == 'prod' }}
env:
ENVIRONMENT: ${{ needs.metadata.outputs.environment }}
REF: ${{ needs.metadata.outputs.ref }}
INPUT_RELEASE_TYPE: ${{ inputs.release_type }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: ${{ steps.rc_tag.outputs.rc }}
release_name: "Pre-release ${{ steps.rc_tag.outputs.rc }}"
body: |
Auto pre-release created during preprod deployment.
draft: false
prerelease: true

# ---------- Prod path: promote RC to final ----------
- name: "Validate input is an RC tag (prod)"
if: ${{ needs.metadata.outputs.environment == 'prod' }}
shell: bash
run: |
set -euo pipefail
ref="${{ needs.metadata.outputs.ref }}"
if [[ ! "$ref" =~ ^v[0-9]+\.[0-9]+\.[0-9]+-rc\.[0-9]+$ ]]; then
echo "ERROR: For prod, 'ref' must be an RC tag like v1.4.0-rc.2 (got: $ref)"
exit 1
fi
git fetch --tags --quiet
if ! git rev-parse -q --verify "refs/tags/$ref" >/dev/null; then
echo "ERROR: Tag '$ref' does not exist on origin."
exit 1
fi

- name: "Create final tag from RC (prod)"
if: ${{ needs.metadata.outputs.environment == 'prod' }}
id: final_tag
shell: bash
run: |
set -euo pipefail
rc="${{ needs.metadata.outputs.ref }}"
final="${rc%-rc.*}" # strip '-rc.N'
sha=$(git rev-list -n 1 "$rc")

if git rev-parse -q --verify "refs/tags/${final}" >/dev/null; then
echo "ERROR: Final tag ${final} already exists."
exit 1
fi
GITHUB_REPOSITORY: ${{ github.repository }}
run: poetry run python scripts/workflow/tag_and_release.py

echo "Promoting $rc ($sha) to final $final"
git tag -a "${final}" "${sha}" -m "Release ${final}"
git push origin "${final}"
echo "final=${final}" >> $GITHUB_OUTPUT

- name: "Create GitHub Release (prod)"
if: ${{ needs.metadata.outputs.environment == 'prod' }}
uses: actions/create-release@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: ${{ steps.final_tag.outputs.final }}
release_name: "Release ${{ steps.final_tag.outputs.final }}"
body: |
Auto-release created during production deployment.
draft: false
prerelease: false

regression-tests:
name: "Regression Tests"
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/cicd-1-pull-request.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
name: "CI/CD pull request"
name: "1. CI | Pull Request"

# The total recommended execution time for the "CI/CD Pull Request" workflow is around 20 minutes.

Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/cicd-2-publish.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
# Triggered on push to main. Tags the commit with a dev-<timestamp> label.
# Does not create GitHub Releases or production tags (v1.x.x).

name: "CI/CD publish"
name: "2. CD | Deploy to Dev"

on:
push:
Expand Down
12 changes: 7 additions & 5 deletions .github/workflows/cicd-3-test_auto.yaml → .github/workflows/cicd-3-test-deploy.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,14 +1,10 @@
name: "Auto Deploy to test"
name: "3. CD | Deploy to Test"

on:
workflow_run:
workflows: ["CI/CD publish"]
types: [completed]

concurrency:
group: terraform-deploy-test
cancel-in-progress: false

permissions:
contents: read
id-token: write
Expand Down Expand Up @@ -55,10 +51,16 @@ jobs:
runs-on: ubuntu-latest
needs: [metadata]
environment: test
timeout-minutes: 10080
permissions:
id-token: write
contents: read
steps:
- name: "Acquire deploy lock"
uses: softprops/turnstyle@v2
with:
poll-interval-seconds: 10

- name: "Checkout same commit"
uses: actions/checkout@v5
with:
Expand Down
141 changes: 0 additions & 141 deletions .github/workflows/cicd-3-test.yaml
View file
Open in desktop

This file was deleted.

2 changes: 1 addition & 1 deletion .github/workflows/cicd-4a-preprod-deploy.yml → .github/workflows/cicd-4-preprod-deploy.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
name: Preprod Deploy
name: "4. CD | Deploy to PreProd"

concurrency:
group: terraform-deploy-preprod
Expand Down
Loading