[Workflow] Weekly Refresh #115
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "[Workflow] Weekly Refresh" | |
| on: | |
| schedule: | |
| # 6am on Wednesdays | |
| - cron: '0 6 * * 3' | |
| concurrency: | |
| group: ${{ github.ref }}-${{ github.workflow }} | |
| cancel-in-progress: true | |
| defaults: | |
| run: | |
| shell: bash | |
| permissions: | |
| contents: write | |
| security-events: write | |
| pull-requests: read | |
| actions: none | |
| checks: none | |
| deployments: none | |
| issues: none | |
| packages: none | |
| repository-projects: none | |
| statuses: none | |
| jobs: | |
| set_variables: | |
| name: Generate image tags | |
| runs-on: ubuntu-latest | |
| outputs: | |
| short_sha: ${{ steps.short_sha.outputs.short_sha }} | |
| environment_terraform_version: ${{ steps.terraform_version_environment.outputs.version }} | |
| account_terraform_version: ${{ steps.terraform_version_account.outputs.version }} | |
| region_terraform_version: ${{ steps.terraform_version_region.outputs.version }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 | |
| with: | |
| fetch-depth: 2 | |
| - name: Set output to penultimate short SHA | |
| id: short_sha | |
| run: | | |
| echo "short_sha=$(git rev-list --no-merges -n 1 HEAD | cut -c1-7)" >> $GITHUB_OUTPUT | |
| - name: Set terraform version - environment | |
| id: terraform_version_environment | |
| uses: ministryofjustice/opg-github-actions/.github/actions/[email protected] | |
| with: | |
| terraform_directory: "./terraform/environment" | |
| - name : Set terraform version - account | |
| id: terraform_version_account | |
| uses: ministryofjustice/opg-github-actions/.github/actions/[email protected] | |
| with: | |
| terraform_directory: "./terraform/account" | |
| - name: Set terraform version - region | |
| id: terraform_version_region | |
| uses: ministryofjustice/opg-github-actions/.github/actions/[email protected] | |
| with: | |
| terraform_directory: "./terraform/region" | |
| docker_build_scan_push: | |
| name: Docker Build, Scan and Push | |
| uses: ./.github/workflows/docker_job.yml | |
| needs: | |
| - set_variables | |
| with: | |
| tag: ${{ needs.set_variables.outputs.short_sha }} | |
| secrets: inherit | |
| slack_msg_production_deploy_begin: | |
| name: Annouce Production Deployment | |
| runs-on: ubuntu-latest | |
| outputs: | |
| ts: ${{ steps.slack.outputs.ts }} | |
| needs: | |
| - set_variables | |
| steps: | |
| - id: slack | |
| uses: slackapi/slack-github-action@fcfb566f8b0aab22203f066d80ca1d7e4b5d05b3 # v1.27.1 | |
| with: | |
| channel-id: "C9PNCT2KS" | |
| payload: | | |
| { | |
| "blocks": [ | |
| { | |
| "type": "header", | |
| "text": { | |
| "type": "plain_text", | |
| "text": "Production Deployment", | |
| "emoji": true | |
| } | |
| }, | |
| { | |
| "type": "section", | |
| "fields": [ | |
| { | |
| "type": "mrkdwn", | |
| "text": "*Status:*\nStarted" | |
| }, | |
| { | |
| "type": "mrkdwn", | |
| "text": "*Started by:*\n Cron (Weekly Refresh)" | |
| } | |
| ] | |
| }, | |
| { | |
| "type": "section", | |
| "fields": [ | |
| { | |
| "type": "mrkdwn", | |
| "text": "*Commit:*\n <https://github.com/ministryofjustice/opg-lpa/commit/${{ github.sha }}|${{ needs.set_variables.outputs.short_sha }}>" | |
| } | |
| ] | |
| }, | |
| { | |
| "type": "section", | |
| "text": { | |
| "type": "mrkdwn", | |
| "text": "<https://github.com/ministryofjustice/opg-lpa/actions/runs/${{github.run_id}}|View workflow>" | |
| } | |
| } | |
| ] | |
| } | |
| env: | |
| SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN}} | |
| terraform_account_production: | |
| name: TF Production - Account | |
| uses: ministryofjustice/opg-github-workflows/.github/workflows/[email protected] | |
| needs: | |
| - slack_msg_production_deploy_begin | |
| - set_variables | |
| with: | |
| terraform_version: ${{ needs.set_variables.outputs.account_terraform_version }} | |
| terraform_workspace: production | |
| is_ephemeral: false | |
| terraform_apply: true | |
| terraform_directory: ./terraform/account | |
| secrets: | |
| GITHUB_ACCESS_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| PAGERDUTY_TOKEN: ${{ secrets.PAGERDUTY_TOKEN }} | |
| AWS_ACCESS_KEY_ID_ACTIONS: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }} | |
| AWS_SECRET_ACCESS_KEY_ACTIONS: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }} | |
| SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }} | |
| terraform_region_production: | |
| name: TF Production - Region | |
| uses: ministryofjustice/opg-github-workflows/.github/workflows/[email protected] | |
| needs: | |
| - slack_msg_production_deploy_begin | |
| - set_variables | |
| with: | |
| terraform_version: ${{ needs.set_variables.outputs.region_terraform_version }} | |
| terraform_workspace: production | |
| is_ephemeral: false | |
| terraform_apply: true | |
| terraform_directory: ./terraform/region | |
| secrets: | |
| GITHUB_ACCESS_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| PAGERDUTY_TOKEN: ${{ secrets.PAGERDUTY_TOKEN }} | |
| AWS_ACCESS_KEY_ID_ACTIONS: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }} | |
| AWS_SECRET_ACCESS_KEY_ACTIONS: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }} | |
| SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }} | |
| terraform_environment_production: | |
| name: TF Production - Environment | |
| uses: ministryofjustice/opg-github-workflows/.github/workflows/[email protected] | |
| needs: | |
| - docker_build_scan_push | |
| - slack_msg_production_deploy_begin | |
| - set_variables | |
| with: | |
| terraform_version: ${{ needs.set_variables.outputs.environment_terraform_version }} | |
| terraform_workspace: production | |
| is_ephemeral: false | |
| terraform_apply: true | |
| terraform_directory: ./terraform/environment | |
| use_ssh_private_key: true | |
| persist_artifacts: true | |
| terraform_variables: "-var container_version=${{ needs.set_variables.outputs.short_sha }}" | |
| secrets: | |
| GITHUB_ACCESS_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| PAGERDUTY_TOKEN: ${{ secrets.PAGERDUTY_TOKEN }} | |
| AWS_ACCESS_KEY_ID_ACTIONS: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }} | |
| AWS_SECRET_ACCESS_KEY_ACTIONS: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }} | |
| SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }} | |
| run_smoke_tests: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| smoke_test_status: ${{ steps.smoke_tests.outputs.smoke_test_status }} | |
| needs: | |
| - terraform_environment_production | |
| - terraform_region_production | |
| - terraform_account_production | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 | |
| - name: Download Terraform Task definition | |
| uses: actions/[email protected] | |
| with: | |
| name: terraform-artifact | |
| path: /tmp/ | |
| - name: Setup Python | |
| uses: actions/setup-python@b64ffcaf5b410884ad320a9cfac8866006a109aa # v4.8.0 | |
| with: | |
| python-version: '3.9' | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install -r scripts/pipeline/requirements.txt | |
| - name: Run smoke tests | |
| id: smoke_tests | |
| run: | | |
| if python scripts/pipeline/healthcheck_test/healthcheck_test.py; then | |
| echo "smoke_test_status=passed" >> $GITHUB_OUTPUT | |
| else | |
| echo "smoke_test_status=failed" >> $GITHUB_OUTPUT | |
| fi | |
| slack_msg_production_deployed: | |
| name: Post-Deployment Slack message | |
| runs-on: ubuntu-latest | |
| if: always() | |
| needs: | |
| - slack_msg_production_deploy_begin | |
| - run_smoke_tests | |
| - set_variables | |
| steps: | |
| - uses: slackapi/slack-github-action@fcfb566f8b0aab22203f066d80ca1d7e4b5d05b3 # v1.27.1 | |
| if: needs.run_smoke_tests.outputs.smoke_test_status == 'passed' | |
| with: | |
| channel-id: "C9PNCT2KS" | |
| update-ts: ${{ needs.slack_msg_production_deploy_begin.outputs.ts }} | |
| payload: | | |
| { | |
| "blocks": [ | |
| { | |
| "type": "header", | |
| "text": { | |
| "type": "plain_text", | |
| "text": "Production Deployment", | |
| "emoji": true | |
| } | |
| }, | |
| { | |
| "type": "section", | |
| "fields": [ | |
| { | |
| "type": "mrkdwn", | |
| "text": "*Status:*\nStarted" | |
| }, | |
| { | |
| "type": "mrkdwn", | |
| "text": "*Started by:*\n Cron (Weekly Refresh)" | |
| } | |
| ] | |
| }, | |
| { | |
| "type": "section", | |
| "fields": [ | |
| { | |
| "type": "mrkdwn", | |
| "text": "*Commit:*\n <https://github.com/ministryofjustice/opg-lpa/commit/${{ github.sha }}|${{ needs.set_variables.outputs.short_sha }}>" | |
| } | |
| ] | |
| }, | |
| { | |
| "type": "section", | |
| "text": { | |
| "type": "mrkdwn", | |
| "text": "<https://github.com/ministryofjustice/opg-lpa/actions/runs/${{github.run_id}}|View workflow>" | |
| } | |
| } | |
| ] | |
| } | |
| env: | |
| SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }} | |
| - uses: slackapi/slack-github-action@fcfb566f8b0aab22203f066d80ca1d7e4b5d05b3 # v1.27.1 | |
| if: needs.run_smoke_tests.outputs.smoke_test_status == 'passed' | |
| with: | |
| channel-id: "C9PNCT2KS" | |
| update-ts: ${{ needs.slack_msg_production_deploy_begin.outputs.ts }} | |
| payload: | | |
| { | |
| "icon_emoji": ":robot_face:", | |
| "blocks": [ | |
| { | |
| "type": "header", | |
| "text": { | |
| "type": "plain_text", | |
| "text": "Production Deployment", | |
| "emoji": true | |
| } | |
| }, | |
| { | |
| "type": "section", | |
| "fields": [ | |
| { | |
| "type": "mrkdwn", | |
| "text": "*Status:*\nComplete :white_check_mark:" | |
| }, | |
| { | |
| "type": "mrkdwn", | |
| "text": "*Started by:*\n Cron (Weekly Refresh)" | |
| } | |
| ] | |
| }, | |
| { | |
| "type": "section", | |
| "fields": [ | |
| { | |
| "type": "mrkdwn", | |
| "text": "*Commit:*\n <https://github.com/ministryofjustice/opg-lpa/commit/${{ github.sha }}|${{ needs.set_variables.outputs.short_sha }}>" | |
| } | |
| ] | |
| }, | |
| { | |
| "type": "section", | |
| "text": { | |
| "type": "mrkdwn", | |
| "text": "<https://github.com/ministryofjustice/opg-lpa/actions/runs/${{github.run_id}}|View workflow>" | |
| } | |
| } | |
| ] | |
| } | |
| env: | |
| SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }} | |
| - uses: slackapi/slack-github-action@fcfb566f8b0aab22203f066d80ca1d7e4b5d05b3 # v1.27.1 | |
| if: needs.run_smoke_tests.outputs.smoke_test_status != 'passed' | |
| with: | |
| channel-id: "C9PNCT2KS" | |
| update-ts: ${{ needs.slack_msg_production_deploy_begin.outputs.ts }} | |
| payload: | | |
| { | |
| "icon_emoji": ":robot_face:", | |
| "blocks": [ | |
| { | |
| "type": "header", | |
| "text": { | |
| "type": "plain_text", | |
| "text": "Production Deployment", | |
| "emoji": true | |
| } | |
| }, | |
| { | |
| "type": "section", | |
| "fields": [ | |
| { | |
| "type": "mrkdwn", | |
| "text": "*Status:*\nFailed! :x:" | |
| }, | |
| { | |
| "type": "mrkdwn", | |
| "text": "*Started by:*\n Cron (Weekly Refresh)" | |
| } | |
| ] | |
| }, | |
| { | |
| "type": "section", | |
| "fields": [ | |
| { | |
| "type": "mrkdwn", | |
| "text": "*Commit:*\n <https://github.com/ministryofjustice/opg-lpa/commit/${{ github.sha }}|${{ needs.set_variables.outputs.short_sha }}>" | |
| } | |
| ] | |
| }, | |
| { | |
| "type": "section", | |
| "text": { | |
| "type": "mrkdwn", | |
| "text": "<https://github.com/ministryofjustice/opg-lpa/actions/runs/${{github.run_id}}|View workflow>" | |
| } | |
| } | |
| ] | |
| } | |
| env: | |
| SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }} | |
| - uses: slackapi/slack-github-action@fcfb566f8b0aab22203f066d80ca1d7e4b5d05b3 # v1.27.1 | |
| if: needs.run_smoke_tests.outputs.smoke_test_status != 'passed' | |
| with: | |
| channel-id: "C9PNCT2KS" | |
| payload: | | |
| { | |
| "icon_emoji": ":warning:", | |
| "blocks": [ | |
| { | |
| "type": "section", | |
| "text": { | |
| "type": "mrkdwn", | |
| "text": "Production Make deployment failed. Please check the <https://github.com/ministryofjustice/opg-lpa/actions/runs/${{github.run_id}}|workflow> for more details. <!here>" | |
| } | |
| } | |
| ] | |
| } | |
| env: | |
| SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }} |