minute/.github/workflows/release.yml at main · kdee19000-netizen/minute · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
# Put action within a raw block so that the curly bracket expressions aren't picked up by the cookiecutter
#
name: release-infrastructure

on:
  push:
    tags:
      - release-dev-**
      - release-preprod-**

  workflow_run:
    workflows: [build-push]
    types: [completed]
    branches: [main]

jobs:
  set-vars:
    runs-on: ubuntu-latest
    outputs:
      app-name: ${{ steps.export.outputs.app-name }}
      ec2-instance-type: ${{ steps.export.outputs.ec2-instance-type }}
      version: ${{ steps.export.outputs.version }}
      repo: ${{ steps.export.outputs.repo }}
      infra-config-repo: ${{ steps.export.outputs.infra-config-repo }}
      environment: ${{ steps.env-var.outputs.environment }}
      ecr-repo: ${{ steps.export.outputs.ecr-repo }}

    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - id: export
        run: |
          . ./.github/.github.env
          echo "ec2-instance-type=${EC2_INSTANCE_TYPE}" >> $GITHUB_OUTPUT
          echo "app-name=${APP_NAME}" >> $GITHUB_OUTPUT
          echo "aws-region=${AWS_REGION}" >> $GITHUB_OUTPUT
          echo "version=${VERSION}" >> $GITHUB_OUTPUT
          echo "data-path=${DATA_PATH}" >> $GITHUB_OUTPUT
          echo "repo=${REPO}" >> $GITHUB_OUTPUT
          echo "infra-config-repo=${INFRA_CONFIG_REPO}" >> $GITHUB_OUTPUT
          echo "ecr-repo=${ECR_REPO}" >> $GITHUB_OUTPUT
          echo "::add-mask::${AWS_REGION}"

      - id: env-var
        run: |
          # prod env from main branch
          if [[ "${{ github.ref_name }}" == main ]]; then
            export ENVIRONMENT=prod
          else
            export ENVIRONMENT=$(echo ${{ github.ref_name }} | awk -F- '{ print $2 }')
          fi
          echo "environment=${ENVIRONMENT}"
          echo "environment=${ENVIRONMENT}" >> $GITHUB_OUTPUT

  start-runner:
    uses: i-dot-ai/i-dot-ai-core-github-actions/.github/workflows/start-runner.yml@main
    needs: set-vars
    permissions: write-all
    with:
      EC2_INSTANCE_TYPE: ${{ needs.set-vars.outputs.ec2-instance-type }}
      RUNNER_SIZE: ${{ needs.set-vars.outputs.runner-size }}
      ENVIRONMENT: ${{ needs.set-vars.outputs.environment }}
      USE_OIDC: true
    secrets:
      AWS_GITHUBRUNNER_USER_ACCESS_KEY: ${{ secrets.AWS_GITHUBRUNNER_USER_ACCESS_KEY }}
      AWS_GITHUBRUNNER_USER_SECRET_ID: ${{ secrets.AWS_GITHUBRUNNER_USER_SECRET_ID }}
      AWS_GITHUBRUNNER_PAT: ${{ secrets.AWS_GITHUBRUNNER_PAT}}
      AWS_REGION: ${{ secrets.AWS_REGION }}
      AWS_ACCOUNT_ID: ${{ secrets.AWS_ACCOUNT_ID }}

  apply-infra:
    needs:
      - set-vars
      - start-runner
    permissions: write-all
    uses: i-dot-ai/i-dot-ai-core-github-actions/.github/workflows/apply-terraform.yml@main
    with:
      APP_NAME: ${{ needs.set-vars.outputs.app-name }}
      RUNNER_LABEL: ${{ needs.start-runner.outputs.label }}
      ENVIRONMENT: ${{ needs.set-vars.outputs.environment }}
      ECR_REPO: ${{ needs.set-vars.outputs.ecr-repo }}
      PUBLIC_INFRA_DEPLOYMENT: false
      IMAGE_TAG: ${{ github.sha }}
      USE_OIDC: true
    secrets:
      AWS_GITHUBRUNNER_PAT: ${{ secrets.AWS_GITHUBRUNNER_PAT }}
      AWS_GITHUBRUNNER_PAT_USER: ${{ secrets.AWS_GITHUBRUNNER_PAT_USER }}
      AWS_REGION: ${{ secrets.AWS_REGION }}
      AWS_ACCOUNT_ID: ${{ secrets.AWS_ACCOUNT_ID }}

  notify-slack:
    uses: i-dot-ai/i-dot-ai-core-github-actions/.github/workflows/slack-notify.yml@main
    needs:
      - set-vars
      - start-runner
      - apply-infra
    with:
      RUNNER_LABEL: ${{ needs.start-runner.outputs.label }}
      WORKFLOW_PASSED: "${{ needs.apply-infra.result  == 'success' }}"
      SUCCESS_PAYLOAD: '{"blocks":[{"type":"header","text":{"type":"plain_text","text":":airplane: ${{ github.repository }} - Deployment to ${{ needs.set-vars.outputs.environment }} Succeeded :large_green_circle:"}},{"type":"section","text":{"type":"mrkdwn","text":"${{ github.sha }} successfully deployed to ${{ needs.set-vars.outputs.environment }}"}}]}'
      FAILURE_PAYLOAD: '{"blocks":[{"type":"header","text":{"type":"plain_text","text":":x: ${{ github.repository }} - Deployment to ${{ needs.set-vars.outputs.environment }} Failed :x:"}},{"type":"section","text":{"type":"mrkdwn","text":"${{ github.sha }} failed to deploy to ${{ needs.set-vars.outputs.environment }}"}}]}'
    secrets:
      SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}

  stop-runner:
    needs:
      - set-vars
      - start-runner
      - apply-infra
      - notify-slack
    permissions: write-all
    uses: i-dot-ai/i-dot-ai-core-github-actions/.github/workflows/stop-runner.yml@main
    if: needs.start-runner.outputs.use-persisted == 0 && always()
    with:
      RUNNER_LABEL: ${{ needs.start-runner.outputs.label }}
      EC2_INSTANCE_ID: ${{ needs.start-runner.outputs.ec2-instance-id }}
      ENVIRONMENT: ${{ needs.set-vars.outputs.environment }}
      USE_OIDC: true
    secrets:
      AWS_GITHUBRUNNER_USER_ACCESS_KEY: ${{ secrets.AWS_GITHUBRUNNER_USER_ACCESS_KEY }}
      AWS_GITHUBRUNNER_USER_SECRET_ID: ${{ secrets.AWS_GITHUBRUNNER_USER_SECRET_ID }}
      AWS_GITHUBRUNNER_PAT: ${{ secrets.AWS_GITHUBRUNNER_PAT }}
      AWS_REGION: ${{ secrets.AWS_REGION }}
      AWS_ACCOUNT_ID: ${{ secrets.AWS_ACCOUNT_ID }}
#