Manual dev/staging Deploy #33
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Manual dev/staging Deploy | |
on: | |
workflow_dispatch: | |
inputs: | |
commit_sha: | |
description: Deploy a specific commit | |
required: true | |
deploy_environment: | |
type: choice | |
description: The environment to deploy to | |
required: true | |
options: | |
- dev | |
- staging | |
- both | |
env: | |
DEVOPS_CHANNEL_ID: C37M86Y8G #devops-deploys | |
CONTENT_BUILD_CHANNEL_ID: C02VD909V08 #status-content-build | |
jobs: | |
set-environment: | |
name: Set environment to deploy | |
runs-on: ubuntu-latest | |
outputs: | |
environment: ${{ steps.set-output.outputs.environment }} | |
env: | |
dev: "{\\\"environment\\\": \\\"vagovdev\\\", \\\"bucket\\\": \\\"content.dev.va.gov\\\"}" | |
staging: "{\\\"environment\\\": \\\"vagovstaging\\\", \\\"bucket\\\": \\\"content.staging.va.gov\\\"}" | |
steps: | |
- name: Set output | |
id: set-output | |
run: | | |
if [[ ${{ github.event.inputs.deploy_environment }} == 'dev' ]]; then | |
echo environment={\"include\":[${{env.dev}}]} >> $GITHUB_OUTPUT | |
elif [[ ${{ github.event.inputs.deploy_environment }} == 'staging' ]]; then | |
echo environment={\"include\":[${{env.staging}}]} >> $GITHUB_OUTPUT | |
else | |
echo environment={\"include\":[${{env.dev}},${{env.staging}}]} >> $GITHUB_OUTPUT | |
fi | |
deploy: | |
name: Deploy | |
runs-on: [self-hosted] | |
needs: set-environment | |
strategy: | |
matrix: ${{ fromJson(needs.set-environment.outputs.environment) }} | |
env: | |
NODE_EXTRA_CA_CERTS: /etc/ssl/certs/ca-certificates.crt | |
steps: | |
- name: Checkout | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
- name: Configure AWS credentials (1) | |
uses: aws-actions/configure-aws-credentials@e1e17a757e536f70e52b5a12b2e8d1d1c60e04ef # v2.0.0 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: us-gov-west-1 | |
- name: Get role from Parameter Store | |
uses: department-of-veterans-affairs/action-inject-ssm-secrets@d8e6de3bde4dd728c9d732baef58b3c854b8c4bb # latest | |
with: | |
ssm_parameter: /frontend-team/github-actions/parameters/AWS_FRONTEND_NONPROD_ROLE | |
env_variable_name: AWS_FRONTEND_NONPROD_ROLE | |
- name: Configure AWS Credentials (2) | |
uses: aws-actions/configure-aws-credentials@e1e17a757e536f70e52b5a12b2e8d1d1c60e04ef # v2.0.0 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: us-gov-west-1 | |
role-to-assume: ${{ env.AWS_FRONTEND_NONPROD_ROLE }} | |
role-duration-seconds: 900 | |
role-session-name: vsp-frontendteam-githubaction | |
- name: Deploy | |
run: ./script/github-actions/deploy.sh -s $SRC -d $DEST -v | |
env: | |
SRC: s3://vetsgov-website-builds-s3-upload/content-build/${{ github.event.inputs.commit_sha }}/${{ matrix.environment }}.tar.bz2 | |
DEST: s3://${{ matrix.bucket }} | |
notify-failure: | |
name: Notify Failure | |
runs-on: ubuntu-latest | |
if: ${{ failure() || cancelled() }} | |
needs: deploy | |
steps: | |
- name: Checkout | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
- name: Notify Slack | |
uses: department-of-veterans-affairs/platform-release-tools-actions/slack-notify@8c496a4b0c9158d18edcd9be8722ed0f79e8c5b4 # main | |
continue-on-error: true | |
with: | |
attachments: '[{"mrkdwn_in": ["text"], "color": "#D33834", "text": "content-build manual dev/staging deploy failed!: <https://github.com/${{github.repository}}/actions/runs/${{github.run_id}}>"}]' | |
channel_id: ${{ env.CONTENT_BUILD_CHANNEL_ID }} | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} |