-
Notifications
You must be signed in to change notification settings - Fork 128
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'main' into alert-autofix-66
- Loading branch information
Showing
2,554 changed files
with
89,214 additions
and
63,875 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,139 @@ | ||
name: Continuous Deploy Production Test Workflow | ||
|
||
on: | ||
workflow_dispatch: | ||
inputs: | ||
commit_sha: | ||
description: Deploy specific commit | ||
required: true | ||
|
||
jobs: | ||
get-workflow-environment: | ||
runs-on: ubuntu-latest | ||
outputs: | ||
environment_name: ${{ steps.check-environment.outputs.env_name }} | ||
steps: | ||
- name: Check environment | ||
id: check-environment | ||
run: | | ||
if [[ ${{ github.event_name }} == 'workflow_dispatch' ]]; then | ||
echo env_name='production' >> $GITHUB_OUTPUT | ||
else | ||
echo env_name='' >> $GITHUB_OUTPUT | ||
fi | ||
deploy: | ||
name: Deploy | ||
if: ${{ github.event.client_payload.github_ref == 'refs/heads/main' }} | ||
runs-on: ubuntu-latest | ||
|
||
steps: | ||
- name: Checkout | ||
uses: actions/checkout@cd7d8d697e10461458bc61a30d094dc601a8b017 | ||
with: | ||
fetch-depth: 0 | ||
|
||
- name: Install dependencies | ||
uses: ./.github/workflows/install | ||
timeout-minutes: 30 | ||
with: | ||
key: ${{ hashFiles('yarn.lock') }} | ||
yarn_cache_folder: .cache/yarn | ||
path: | | ||
.cache/yarn | ||
node_modules | ||
- name: Check if commit can be deployed | ||
id: check-deployability | ||
run: node ./script/github-actions/check-deployability.js | ||
env: | ||
BUILDTYPE: vagovprod | ||
|
||
- name: Configure AWS credentials (1) | ||
if: steps.check-deployability.outputs.is_deployable == 'true' | ||
uses: ./.github/workflows/configure-aws-credentials | ||
with: | ||
aws_id: ${{ secrets.AWS_ACCESS_KEY_ID }} | ||
aws_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | ||
aws_region: us-gov-west-1 | ||
|
||
|
||
- name: Get AWS IAM role | ||
if: steps.check-deployability.outputs.is_deployable == 'true' | ||
uses: ./.github/workflows/inject-secrets | ||
with: | ||
ssm_parameter: /frontend-team/github-actions/parameters/AWS_FRONTEND_PROD_ROLE | ||
env_variable_name: AWS_FRONTEND_PROD_ROLE | ||
|
||
- name: Configure AWS Credentials (2) | ||
if: steps.check-deployability.outputs.is_deployable == 'true' | ||
uses: ./.github/workflows/configure-aws-credentials | ||
with: | ||
aws_id: ${{ secrets.AWS_ACCESS_KEY_ID }} | ||
aws_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | ||
aws_region: us-gov-west-1 | ||
role: ${{ env.AWS_FRONTEND_NONPROD_ROLE != '' && env.AWS_FRONTEND_NONPROD_ROLE || env.AWS_FRONTEND_PROD_ROLE }} | ||
role_duration: 900 | ||
session_name: vsp-frontendteam-githubaction | ||
|
||
- name: Deploy | ||
if: steps.check-deployability.outputs.is_deployable == 'true' | ||
run: ./script/github-actions/partial-deploy.sh -s $SRC -d $DEST -a $ASSET_DEST -v | ||
|
||
env: | ||
SRC: s3://vetsgov-website-builds-s3-upload/${{ github.event.client_payload.github_sha }}/vagovprod.tar.bz2 | ||
DEST: s3://www.va.gov | ||
ASSET_DEST: s3://prod-va-gov-assets | ||
|
||
notify-failure: | ||
name: Notify Failure | ||
runs-on: ubuntu-latest | ||
if: ${{ github.ref == 'refs/heads/main' && (failure() || cancelled()) }} | ||
needs: [deploy] | ||
env: | ||
ALERT_TEAMS: true # Alerts teams for single/grouped app builds when set to true | ||
DEVOPS_CHANNEL_ID: C37M86Y8G #devops-deploys | ||
VETS_WEBSITE_CHANNEL_ID: C02V265VCGH #status-vets-website | ||
|
||
steps: | ||
- name: Checkout | ||
uses: actions/checkout@cd7d8d697e10461458bc61a30d094dc601a8b017 | ||
with: | ||
fetch-depth: 0 | ||
|
||
- name: Install dependencies | ||
if: env.ALERT_TEAMS == 'true' | ||
uses: ./.github/workflows/install | ||
timeout-minutes: 30 | ||
with: | ||
key: ${{ hashFiles('yarn.lock') }} | ||
yarn_cache_folder: .cache/yarn | ||
path: | | ||
.cache/yarn | ||
node_modules | ||
- name: Get changed applications | ||
id: get-changed-apps | ||
if: env.ALERT_TEAMS == 'true' | ||
uses: ./.github/workflows/get-changed-apps | ||
with: | ||
output-type: 'slack_group' | ||
|
||
- name: Notify application team in Slack | ||
if: env.ALERT_TEAMS == 'true' && steps.get-changed-apps.outputs.slack_groups != '' | ||
uses: department-of-veterans-affairs/platform-release-tools-actions/slack-notify@main | ||
continue-on-error: true | ||
with: | ||
payload: '{"attachments": [{"color": "#FF0800","blocks": [{"type": "section","text": {"type": "mrkdwn","text": "${{steps.get-changed-apps.outputs.slack_groups}} CI for your application failed on the `main` branch in `vets-website`: <https://github.com/${{github.repository}}/actions/runs/${{github.run_id}}|${{github.run_id}}>\n For help troubleshooting, see the <https://depo-platform-documentation.scrollhelp.site/developer-docs/Handling-failed-single%2Fgrouped-application-pipelines.2066645150.html|documentation> on failed workflow runs."}}]}]}' | ||
channel_id: ${{ env.VETS_WEBSITE_CHANNEL_ID }} | ||
aws_id: ${{ secrets.AWS_ACCESS_KEY_ID }} | ||
aws_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | ||
|
||
- name: Notify Slack | ||
if: steps.get-changed-apps.outputs.slack_groups == '' | ||
uses: department-of-veterans-affairs/platform-release-tools-actions/slack-notify@main | ||
continue-on-error: true | ||
with: | ||
payload: '{"attachments": [{"color": "#FF0800","blocks": [{"type": "section","text": {"type": "mrkdwn","text": "`main` branch CI in `vets-website` failed: <https://github.com/${{github.repository}}/actions/runs/${{github.run_id}}|${{github.run_id}}>"}}]}]}' | ||
channel_id: ${{ env.VETS_WEBSITE_CHANNEL_ID }} | ||
aws_id: ${{ secrets.AWS_ACCESS_KEY_ID }} | ||
aws_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -4,7 +4,6 @@ on: | |
repository_dispatch: | ||
types: [cd-production-deploy] | ||
|
||
|
||
jobs: | ||
deploy: | ||
name: Deploy | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,47 @@ | ||
name: GitHub Environment Cleanup | ||
|
||
on: | ||
schedule: | ||
- cron: 0 0 * * 1-5 | ||
|
||
jobs: | ||
deploy: | ||
name: Clean Up Environments | ||
runs-on: ubuntu-latest | ||
|
||
steps: | ||
- name: Checkout | ||
uses: actions/checkout@cd7d8d697e10461458bc61a30d094dc601a8b017 | ||
with: | ||
fetch-depth: 0 | ||
|
||
- name: Install dependencies | ||
uses: ./.github/workflows/install | ||
timeout-minutes: 30 | ||
with: | ||
key: ${{ hashFiles('yarn.lock') }} | ||
yarn_cache_folder: .cache/yarn | ||
path: | | ||
.cache/yarn | ||
node_modules | ||
- name: Configure AWS credentials | ||
uses: ./.github/workflows/configure-aws-credentials | ||
with: | ||
aws_id: ${{ secrets.AWS_ACCESS_KEY_ID }} | ||
aws_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | ||
aws_region: us-gov-west-1 | ||
|
||
|
||
- name: Get va-vsp-bot token | ||
uses: ./.github/workflows/inject-secrets | ||
with: | ||
ssm_parameter: /devops/VA_VSP_BOT_GITHUB_TOKEN | ||
env_variable_name: VA_VSP_BOT_GITHUB_TOKEN | ||
|
||
|
||
- name: Clean up Environments | ||
if: ${{ always() }} | ||
run: node script/github-actions/gh-env-cleanup.js | ||
env: | ||
GITHUB_TOKEN: ${{ env.VA_VSP_BOT_GITHUB_TOKEN }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,85 @@ | ||
/* eslint-disable no-console */ | ||
/* eslint-disable camelcase */ | ||
/* eslint-disable no-await-in-loop */ | ||
/* eslint-disable consistent-return */ | ||
const { Octokit } = require('@octokit/rest'); | ||
|
||
const delay = ms => new Promise(resolve => setTimeout(resolve, ms)); | ||
|
||
const octokit = new Octokit({ | ||
auth: process.env.GITHUB_TOKEN, | ||
}); | ||
|
||
const fetchAllEnvironments = async (owner, repo) => { | ||
let environments = []; | ||
let page = 1; | ||
|
||
try { | ||
while (true) { | ||
console.log(`Fetching page ${page}...`); | ||
|
||
const { data } = await octokit.request( | ||
'GET /repos/{owner}/{repo}/environments', | ||
{ | ||
owner, | ||
repo, | ||
per_page: 100, | ||
page, | ||
}, | ||
); | ||
|
||
environments = environments.concat(data.environments); | ||
|
||
if (data.environments.length === 0) { | ||
break; | ||
} | ||
|
||
page += 1; | ||
} | ||
|
||
return environments; | ||
} catch (error) { | ||
console.error('Error fetching environments:', error); | ||
process.exit(1); | ||
} | ||
}; | ||
|
||
const filterOldEnvironments = (environments, days) => { | ||
const cutoffDate = new Date(Date.now() - days * 24 * 60 * 60 * 1000); | ||
return environments.filter(env => { | ||
const createdAt = new Date(env.created_at); | ||
return createdAt < cutoffDate && env.protection_rules.length === 0; | ||
}); | ||
}; | ||
|
||
const deleteEnvironment = async (owner, repo, environment) => { | ||
try { | ||
await octokit.request( | ||
'DELETE /repos/{owner}/{repo}/environments/{environment_name}', | ||
{ | ||
owner, | ||
repo, | ||
environment_name: environment.name, | ||
}, | ||
); | ||
console.log(`Successfully deleted environment: ${environment.name}`); | ||
} catch (error) { | ||
console.error(`Error deleting environment ${environment.name}:`, error); | ||
} | ||
}; | ||
|
||
const OWNER = 'department-of-veterans-affairs'; | ||
const REPO = 'vets-website'; | ||
const DAYS = 90; | ||
|
||
(async () => { | ||
const environments = await fetchAllEnvironments(OWNER, REPO); | ||
const oldEnvironments = await filterOldEnvironments(environments, DAYS); | ||
|
||
console.log('Deleting ', oldEnvironments.length, ` envioronments`); | ||
|
||
for (const environment of oldEnvironments) { | ||
await deleteEnvironment(OWNER, REPO, environment); | ||
await delay(2000); | ||
} | ||
})(); |
File renamed without changes.
File renamed without changes.
Oops, something went wrong.