-
Notifications
You must be signed in to change notification settings - Fork 2
177 lines (165 loc) · 6.46 KB
/
sam_release_code.yml
File metadata and controls
177 lines (165 loc) · 6.46 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
name: sam release code
on:
workflow_call:
inputs:
STACK_NAME:
required: true
type: string
ARTIFACT_BUCKET_PREFIX:
required: true
type: string
TARGET_ENVIRONMENT:
required: true
type: string
BUILD_ARTIFACT:
required: true
type: string
VERSION_NUMBER:
required: true
type: string
COMMIT_ID:
required: true
type: string
LOG_LEVEL:
required: true
type: string
LOG_RETENTION_DAYS:
required: true
type: string
CREATE_INT_RELEASE_NOTES:
type: boolean
default: false
CREATE_INT_RC_RELEASE_NOTES:
type: boolean
default: false
CREATE_PROD_RELEASE_NOTES:
type: boolean
default: false
MARK_JIRA_RELEASED:
type: boolean
default: false
ENABLE_ALERTS:
type: boolean
default: true
pinned_image:
type: string
required: true
secrets:
CLOUD_FORMATION_DEPLOY_ROLE:
required: true
DEV_CLOUD_FORMATION_CHECK_VERSION_ROLE:
required: false
INT_CLOUD_FORMATION_CHECK_VERSION_ROLE:
required: false
PROD_CLOUD_FORMATION_CHECK_VERSION_ROLE:
required: false
DEV_CLOUD_FORMATION_EXECUTE_LAMBDA_ROLE:
required: false
jobs:
sam_release_code:
runs-on: ubuntu-22.04
environment: ${{ inputs.TARGET_ENVIRONMENT }}
container:
image: ${{ inputs.pinned_image }}
options: --user 1001:1001 --group-add 128
defaults:
run:
shell: bash
permissions:
id-token: write
contents: write
steps:
- name: copy .tool-versions
run: |
cp /home/vscode/.tool-versions "$HOME/.tool-versions"
- name: Checkout local github actions
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
with:
ref: ${{ env.BRANCH_NAME }}
fetch-depth: 0
sparse-checkout: |
.github
- name: create_int_rc_release_notes
uses: ./.github/actions/update_confluence_jira
if: ${{ inputs.CREATE_INT_RC_RELEASE_NOTES == true }}
with:
TARGET_ENVIRONMENT: int
RELEASE_TAG: ${{ inputs.VERSION_NUMBER }}
CONFLUENCE_PAGE_ID: "778783127"
CREATE_RC_RELEASE_NOTES: true
DEV_CLOUD_FORMATION_CHECK_VERSION_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_CHECK_VERSION_ROLE }}
TARGET_CLOUD_FORMATION_CHECK_VERSION_ROLE: ${{ secrets.INT_CLOUD_FORMATION_CHECK_VERSION_ROLE }}
DEV_CLOUD_FORMATION_EXECUTE_LAMBDA_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_EXECUTE_LAMBDA_ROLE }}
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7
with:
aws-region: eu-west-2
role-to-assume: ${{ secrets.CLOUD_FORMATION_DEPLOY_ROLE }}
role-session-name: fhir-validator-lambda-release-code
- name: download build artifact
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c
with:
name: ${{ inputs.BUILD_ARTIFACT }}
path: .
- name: release code
shell: bash
working-directory: .github/scripts
env:
ARTIFACT_BUCKET_PREFIX: fhir_validator/${{ inputs.ARTIFACT_BUCKET_PREFIX }}
COMMIT_ID: ${{ inputs.COMMIT_ID }}
LOG_LEVEL: ${{ inputs.LOG_LEVEL }}
LOG_RETENTION_DAYS: ${{ inputs.LOG_RETENTION_DAYS }}
STACK_NAME: ${{ inputs.STACK_NAME }}
TARGET_ENVIRONMENT: ${{ inputs.TARGET_ENVIRONMENT }}
TEMPLATE_FILE: template.yaml
VERSION_NUMBER: ${{ inputs.VERSION_NUMBER }}
ENABLE_ALERTS: ${{ inputs.ENABLE_ALERTS }}
run: ./release_code.sh
- name: create_int_release_notes
uses: ./.github/actions/update_confluence_jira
if: ${{ inputs.CREATE_INT_RELEASE_NOTES == true && always() && !failure() && !cancelled() }}
with:
TARGET_ENVIRONMENT: int
CONFLUENCE_PAGE_ID: "778783122"
CREATE_RC_RELEASE_NOTES: false
DEV_CLOUD_FORMATION_CHECK_VERSION_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_CHECK_VERSION_ROLE }}
TARGET_CLOUD_FORMATION_CHECK_VERSION_ROLE: ${{ secrets.INT_CLOUD_FORMATION_CHECK_VERSION_ROLE }}
DEV_CLOUD_FORMATION_EXECUTE_LAMBDA_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_EXECUTE_LAMBDA_ROLE }}
- name: create_prod_release_notes
uses: ./.github/actions/update_confluence_jira
if: ${{ inputs.CREATE_PROD_RELEASE_NOTES == true && always() && !failure() && !cancelled() }}
with:
TARGET_ENVIRONMENT: prod
CONFLUENCE_PAGE_ID: "778783125"
CREATE_RC_RELEASE_NOTES: false
DEV_CLOUD_FORMATION_CHECK_VERSION_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_CHECK_VERSION_ROLE }}
TARGET_CLOUD_FORMATION_CHECK_VERSION_ROLE: ${{ secrets.PROD_CLOUD_FORMATION_CHECK_VERSION_ROLE }}
DEV_CLOUD_FORMATION_EXECUTE_LAMBDA_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_EXECUTE_LAMBDA_ROLE }}
- name: mark_released_in_jira
uses: ./.github/actions/mark_jira_released
if: ${{ inputs.MARK_JIRA_RELEASED == true && always() && !failure() && !cancelled() }}
with:
RELEASE_TAG: ${{ inputs.VERSION_NUMBER }}
DEV_CLOUD_FORMATION_EXECUTE_LAMBDA_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_EXECUTE_LAMBDA_ROLE }}
- name: Checkout gh-pages
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
with:
ref: gh-pages
path: gh-pages
- name: update release tag in github pages
if: ${{ inputs.TARGET_ENVIRONMENT != 'dev-pr' }}
run: |
cd gh-pages
NOW=$(date +'%Y-%m-%dT%H:%M:%S')
echo "tag,release_datetime" > "_data/${TARGET_ENVIRONMENT}_latest.csv"
echo "${VERSION_NUMBER},${NOW}" >> "_data/${TARGET_ENVIRONMENT}_latest.csv"
echo "${VERSION_NUMBER},${NOW}" >> "_data/${TARGET_ENVIRONMENT}_deployments.csv"
git config user.name github-actions
git config user.email github-actions@github.com
git add "_data/${TARGET_ENVIRONMENT}_latest.csv"
git add "_data/${TARGET_ENVIRONMENT}_deployments.csv"
git commit -m "update releases for ${TARGET_ENVIRONMENT}"
parallel --retries 10 --delay 3 ::: "git pull --rebase && git push"
env:
VERSION_NUMBER: ${{ inputs.VERSION_NUMBER }}
TARGET_ENVIRONMENT: ${{ inputs.TARGET_ENVIRONMENT }}