.github/workflows/daily-deploy-production.yml
name: Daily Production Deploy
on:
workflow_dispatch:
inputs:
release_wait:
description: Minutes to wait before creating release
required: false
default: '0'
commit_sha:
description: Deploy specific commit
required: false
schedule:
- cron: 0 17 * * 1-5
env:
CHANNEL_ID: C0MQ281DJ # vfs-platform-builds
VETS_WEBSITE_CHANNEL_ID: C02V265VCGH # status-vets-website
DSVA_SCHEDULE_ENABLED: true
BUILD_ENV: vagovprod
jobs:
get-workflow-environment:
runs-on: ubuntu-latest
outputs:
environment_name: ${{ steps.check-environment.outputs.env_name }}
steps:
- name: Check environment
id: check-environment
run: |
if [[ ${{ github.event_name }} == 'workflow_dispatch' ]]; then
echo env_name='production' >> $GITHUB_OUTPUT
else
echo env_name='' >> $GITHUB_OUTPUT
fi
set-env:
name: Set Env Variables
runs-on: ubuntu-latest
outputs:
LATEST_TAG_VERSION: ${{ steps.get-latest-tag.outputs.LATEST_TAG_VERSION }}
RELEASE_WAIT: ${{ env.RELEASE_WAIT }}
COMMIT_SHA: ${{ env.COMMIT_SHA }}
steps:
- name: Cancel workflow due to DSVA schedule
if: ${{ env.DSVA_SCHEDULE_ENABLED != 'true' }}
uses: andymckay/cancel-action@0.2
- name: Checkout
uses: actions/checkout@cd7d8d697e10461458bc61a30d094dc601a8b017
with:
fetch-depth: 0
- name: Get latest tag
id: get-latest-tag
run: echo LATEST_TAG_VERSION=$(git describe --tags `git rev-list --tags --max-count=1`) >> $GITHUB_OUTPUT
- name: Get release wait time (scheduled release)
if: ${{ github.event.schedule != '' }}
run: echo 'RELEASE_WAIT=0' >> $GITHUB_ENV
- name: Get release wait time (workflow_dispatch)
if: ${{ github.event_name == 'workflow_dispatch' }}
run: echo 'RELEASE_WAIT=${{ github.event.inputs.release_wait }}' >> $GITHUB_ENV
- name: Get commit sha (latest commit)
if: ${{ github.event.schedule != '' || (github.event_name == 'workflow_dispatch' && github.event.inputs.commit_sha == '') }}
run: |
COMMIT_SHA=$(git rev-list -n 1 ${{ steps.get-latest-tag.outputs.LATEST_TAG_VERSION }})
echo "COMMIT_SHA=$COMMIT_SHA" >> $GITHUB_ENV
- name: Get commit sha (workflow_dispatch)
if: ${{ github.event_name == 'workflow_dispatch' && github.event.inputs.commit_sha != '' }}
run: echo 'COMMIT_SHA=${{ github.event.inputs.commit_sha }}' >> $GITHUB_ENV
notify-start:
name: Notify Start
runs-on: ubuntu-latest
needs: set-env
steps:
- name: Checkout
uses: actions/checkout@cd7d8d697e10461458bc61a30d094dc601a8b017
- name: Notify Slack
uses: ./.github/workflows/slack-notify
continue-on-error: true
env:
RELEASE_WAIT_MINUTES: ${{ needs.set-env.outputs.RELEASE_WAIT < 5 && 'a few' || needs.set-env.outputs.RELEASE_WAIT }}
with:
channel_id: ${{ env.VETS_WEBSITE_CHANNEL_ID }}
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
payload: |
{
"attachments": [
{
"color": "#07711E",
"blocks": [
{
"type": "section",
"text": {
"type": "mrkdwn",
"text": "Stand by, production deploy for vets-website coming up in ${{ env.RELEASE_WAIT_MINUTES }} minutes. View what's coming here: <https://github.com/${{ github.repository }}/compare/${{ needs.set-env.outputs.LATEST_TAG_VERSION }}...${{ needs.set-env.outputs.COMMIT_SHA }}>"
}
}
]
}
]
}
create-release:
name: Create Release
runs-on: ubuntu-latest
needs: [set-env, notify-start]
steps:
- name: Checkout
uses: actions/checkout@cd7d8d697e10461458bc61a30d094dc601a8b017
with:
fetch-depth: 0
- name: Configure AWS Credentials
uses: ./.github/workflows/configure-aws-credentials
with:
aws_id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws_region: us-gov-west-1
- name: Get bot token from Parameter Store
uses: ./.github/workflows/inject-secrets
with:
ssm_parameter: /devops/VA_VSP_BOT_GITHUB_TOKEN
env_variable_name: VA_VSP_BOT_GITHUB_TOKEN
- name: Waiting to release
run: |
echo 'Waiting to release: https://github.com/${{ github.repository }}/compare/${{ needs.set-env.outputs.LATEST_TAG_VERSION }}...${{ needs.set-env.outputs.COMMIT_SHA }}'
- name: Sleep for ${{ needs.set-env.outputs.RELEASE_WAIT }} minutes
uses: whatnick/wait-action@master
with:
time: ${{ needs.set-env.outputs.RELEASE_WAIT }}m
- name: Create GitHub Release
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
TAG_NAME: ${{ needs.set-env.outputs.LATEST_TAG_VERSION }}
RELEASE_NAME: vets-website/${{ needs.set-env.outputs.LATEST_TAG_VERSION }}
run: |
curl -X POST \
-H "Accept: application/vnd.github+json" \
-H "Authorization: token $GITHUB_TOKEN" \
https://api.github.com/repos/${{ github.repository }}/releases \
-d "{
\"tag_name\": \"$TAG_NAME\",
\"name\": \"$RELEASE_NAME\",
\"body\": \"Release notes go here.\",
\"draft\": false,
\"prerelease\": false
}"
deploy:
name: Deploy
runs-on: ubuntu-latest
needs: [set-env, create-release, get-workflow-environment]
environment: ${{ needs.get-workflow-environment.outputs.environment_name }}
env:
DEPLOY_BUCKET: www.va.gov
ASSET_BUCKET: prod-va-gov-assets
steps:
- name: Checkout
uses: actions/checkout@cd7d8d697e10461458bc61a30d094dc601a8b017
- name: Configure AWS credentials (1)
uses: ./.github/workflows/configure-aws-credentials
with:
aws_id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws_region: us-gov-west-1
- name: Get AWS IAM role
uses: ./.github/workflows/inject-secrets
with:
ssm_parameter: /frontend-team/github-actions/parameters/AWS_FRONTEND_PROD_ROLE
env_variable_name: AWS_FRONTEND_PROD_ROLE
- name: Configure AWS Credentials (2)
uses: ./.github/workflows/configure-aws-credentials
with:
aws_id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws_region: us-gov-west-1
role: ${{ env.AWS_FRONTEND_PROD_ROLE }}
role_duration: 900
session_name: vsp-frontendteam-githubaction
- name: Deploy
run: ./script/github-actions/deploy.sh -s $SRC -d $DEST -a $ASSET_DEST -v
env:
SRC: s3://vetsgov-website-builds-s3-upload/${{ needs.set-env.outputs.COMMIT_SHA }}/${{ env.BUILD_ENV }}.tar.bz2
DEST: s3://${{ env.DEPLOY_BUCKET }}
ASSET_DEST: s3://${{ env.ASSET_BUCKET }}
notify-success:
name: Notify Success
runs-on: ubuntu-latest
needs: deploy
steps:
- name: Checkout
uses: actions/checkout@cd7d8d697e10461458bc61a30d094dc601a8b017
- name: Notify Slack
uses: ./.github/workflows/slack-notify
continue-on-error: true
with:
payload: '{"attachments": [{"color": "#07711E","blocks": [{"type": "section","text": {"type": "mrkdwn","text": "Successfully deployed vets-website to production"}}]}]}'
channel_id: ${{ env.VETS_WEBSITE_CHANNEL_ID }}
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
notify-failure:
name: Notify Failure
runs-on: ubuntu-latest
if: ${{ failure() || cancelled() }}
needs: deploy
steps:
- name: Checkout
uses: actions/checkout@cd7d8d697e10461458bc61a30d094dc601a8b017
- name: Notify Slack
if: ${{ env.DSVA_SCHEDULE_ENABLED == 'true' }}
uses: ./.github/workflows/slack-notify
continue-on-error: true
with:
payload: '{"attachments": [{"color": "#FF0800","blocks": [{"type": "section","text": {"type": "mrkdwn","text": "<!here> Production deploy for vets-website has failed!: <https://github.com/${{github.repository}}/actions/runs/${{github.run_id}}>"}}]}]}'
channel_id: ${{ env.VETS_WEBSITE_CHANNEL_ID }}
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}