-
Notifications
You must be signed in to change notification settings - Fork 1
150 lines (137 loc) · 5.74 KB
/
release.yml
File metadata and controls
150 lines (137 loc) · 5.74 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
# Put action within a raw block so that the curly bracket expressions aren't picked up by the cookiecutter
#
name: release-infrastructure
on:
push:
tags:
- release-dev-**
- release-preprod-**
workflow_run:
workflows: [build-push]
types: [completed]
branches: [main]
workflow_dispatch:
jobs:
set-vars:
runs-on: ubuntu-latest
outputs:
app-name: ${{ steps.export.outputs.app-name }}
ec2-instance-type: ${{ steps.export.outputs.ec2-instance-type }}
version: ${{ steps.export.outputs.version }}
repo: ${{ steps.export.outputs.repo }}
infra-config-repo: ${{ steps.export.outputs.infra-config-repo }}
environment: ${{ steps.env-var.outputs.environment }}
ecr-repo: ${{ steps.export.outputs.ecr-repo }}
steps:
- name: Checkout
uses: actions/checkout@v4
- id: export
run: |
. ./.github/.github.env
echo "ec2-instance-type=${EC2_INSTANCE_TYPE}" >> $GITHUB_OUTPUT
echo "app-name=${APP_NAME}" >> $GITHUB_OUTPUT
echo "aws-region=${AWS_REGION}" >> $GITHUB_OUTPUT
echo "version=${VERSION}" >> $GITHUB_OUTPUT
echo "data-path=${DATA_PATH}" >> $GITHUB_OUTPUT
echo "repo=${REPO}" >> $GITHUB_OUTPUT
echo "infra-config-repo=${INFRA_CONFIG_REPO}" >> $GITHUB_OUTPUT
echo "ecr-repo=${ECR_REPO}" >> $GITHUB_OUTPUT
echo "::add-mask::${AWS_REGION}"
- id: env-var
run: |
# prod env from main branch
if [[ "${{ github.ref_name }}" == main ]]; then
export ENVIRONMENT=prod
else
export ENVIRONMENT=$(echo ${{ github.ref_name }} | awk -F- '{ print $2 }')
fi
echo "environment=${ENVIRONMENT}"
echo "environment=${ENVIRONMENT}" >> $GITHUB_OUTPUT
start-runner:
uses: i-dot-ai/i-dot-ai-core-github-actions/.github/workflows/start-runner.yml@main
needs: set-vars
permissions: write-all
with:
EC2_INSTANCE_TYPE: ${{ needs.set-vars.outputs.ec2-instance-type }}
ENVIRONMENT: ${{ needs.set-vars.outputs.environment }}
USE_OIDC: true
secrets:
AWS_GITHUBRUNNER_USER_ACCESS_KEY: ${{ secrets.AWS_GITHUBRUNNER_USER_ACCESS_KEY }}
AWS_GITHUBRUNNER_USER_SECRET_ID: ${{ secrets.AWS_GITHUBRUNNER_USER_SECRET_ID }}
AWS_GITHUBRUNNER_PAT: ${{ secrets.AWS_GITHUBRUNNER_PAT}}
AWS_REGION: ${{ secrets.AWS_REGION }}
AWS_ACCOUNT_ID: ${{ secrets.AWS_ACCOUNT_ID }}
apply-infra:
needs:
- set-vars
- start-runner
permissions: write-all
uses: i-dot-ai/i-dot-ai-core-github-actions/.github/workflows/apply-terraform.yml@main
with:
APP_NAME: ${{ needs.set-vars.outputs.app-name }}
RUNNER_LABEL: ${{ needs.start-runner.outputs.label }}
ENVIRONMENT: ${{ needs.set-vars.outputs.environment }}
ECR_REPO: ${{ needs.set-vars.outputs.ecr-repo }}
PUBLIC_INFRA_DEPLOYMENT: true
IMAGE_TAG: ${{ github.sha }}
USE_OIDC: true
INFRA_CONFIG_REPO: ${{ needs.set-vars.outputs.infra-config-repo }}
secrets:
AWS_GITHUBRUNNER_PAT: ${{ secrets.AWS_GITHUBRUNNER_PAT }}
AWS_GITHUBRUNNER_PAT_USER: ${{ secrets.AWS_GITHUBRUNNER_PAT_USER }}
AWS_REGION: ${{ secrets.AWS_REGION }}
AWS_ACCOUNT_ID: ${{ secrets.AWS_ACCOUNT_ID }}
determine-success:
needs:
- set-vars
- start-runner
- apply-infra
runs-on: ${{ needs.start-runner.outputs.label }}
if: always()
outputs:
success: ${{ steps.success.outputs.success }}
steps:
- id: success
run: |
if [[ "${{ needs.apply-infra.result }}" == "success" ]]; then
echo "success=true" >> $GITHUB_OUTPUT
else
echo "success=false" >> $GITHUB_OUTPUT
fi
notify-slack:
uses: i-dot-ai/i-dot-ai-core-github-actions/.github/workflows/slack-notify.yml@main
needs:
- set-vars
- start-runner
- apply-infra
- determine-success
if: always()
with:
WORKFLOW_PASSED: ${{ needs.determine-success.outputs.success == 'true' }}
RUNNER_LABEL: ${{ needs.start-runner.outputs.label }}
SUCCESS_PAYLOAD: "{\"blocks\":[{\"type\":\"header\",\"text\":{\"type\":\"plain_text\",\"text\":\":airplane: ${{ github.repository }} - Deployment to ${{ needs.set-vars.outputs.environment }} Succeeded :large_green_circle:\"}},{\"type\":\"section\",\"text\":{\"type\":\"mrkdwn\",\"text\":\"${{ github.sha }} successfully deployed to ${{ needs.set-vars.outputs.environment }}\"}}]}"
FAILURE_PAYLOAD: "{\"blocks\":[{\"type\":\"header\",\"text\":{\"type\":\"plain_text\",\"text\":\":x: ${{ github.repository }} - Deployment to ${{ needs.set-vars.outputs.environment }} Failed :x:\"}},{\"type\":\"section\",\"text\":{\"type\":\"mrkdwn\",\"text\":\"${{ github.sha }} failed to deploy to ${{ needs.set-vars.outputs.environment }}\"}}]}"
secrets:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
stop-runner:
needs:
- set-vars
- start-runner
- apply-infra
- determine-success
- notify-slack
permissions: write-all
uses: i-dot-ai/i-dot-ai-core-github-actions/.github/workflows/stop-runner.yml@main
if: needs.start-runner.outputs.use-persisted == 0 && always()
with:
RUNNER_LABEL: ${{ needs.start-runner.outputs.label }}
EC2_INSTANCE_ID: ${{ needs.start-runner.outputs.ec2-instance-id }}
USE_OIDC: true
ENVIRONMENT: ${{ needs.set-vars.outputs.environment }}
secrets:
AWS_GITHUBRUNNER_USER_ACCESS_KEY: ${{ secrets.AWS_GITHUBRUNNER_USER_ACCESS_KEY }}
AWS_GITHUBRUNNER_USER_SECRET_ID: ${{ secrets.AWS_GITHUBRUNNER_USER_SECRET_ID }}
AWS_GITHUBRUNNER_PAT: ${{ secrets.AWS_GITHUBRUNNER_PAT }}
AWS_REGION: ${{ secrets.AWS_REGION }}
AWS_ACCOUNT_ID: ${{ secrets.AWS_ACCOUNT_ID }}
#