Create a hotfix release from refs/heads/maint/v300 #124
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "0 [on_dispatch/CD] Create hotfix release" | |
| run-name: "Create a hotfix release from ${{ github.ref }}" | |
| on: | |
| workflow_dispatch | |
| permissions: write-all | |
| jobs: | |
| check-worflow-ref: | |
| name: "Check worflow ref" | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check worflow ref | |
| run: | | |
| if ! [[ ${{ github.ref }} == refs/heads/maint/v* ]]; then | |
| echo "This workflow can only be triggered from a maintenance branch (starting with 'maint/v')" | |
| exit 1 | |
| fi | |
| find-hotfix-tag-number: | |
| # Find the next hotfix version available | |
| # Example: given branch maint/v200 and existing tags v200.0.0, v200.0.1 then output == 200.0.2 | |
| name: "Find hotfix tag number" | |
| needs: check-worflow-ref | |
| runs-on: ubuntu-latest | |
| outputs: | |
| hotfixTagNumber: ${{ steps.find-hotfix-tag-number.outputs.hotfixTagNumber }} | |
| steps: | |
| - name: "Checkout 🛎️" | |
| uses: actions/[email protected] | |
| with: | |
| persist-credentials: false | |
| fetch-depth: 0 # Fetch all history to get all tags | |
| - name: "Find hotfix tag number" | |
| id: "find-hotfix-tag-number" | |
| run: | | |
| GITHUB_REF=${{ github.ref }} | |
| MAJOR_NUMBER=(${GITHUB_REF//refs\/heads\/maint\/v/ }) | |
| CURRENT_PATCH_NUMBER=$(git tag -l "v${MAJOR_NUMBER}.0.*" | sort -V | tail -n 1 | cut -d. -f3) | |
| NEXT_PATCH_NUMBER=$((CURRENT_PATCH_NUMBER + 1)) | |
| echo "hotfixTagNumber=${MAJOR_NUMBER}.0.${NEXT_PATCH_NUMBER}" | tee -a $GITHUB_OUTPUT | |
| build-and-tag-version: | |
| name: "Build and tag version" | |
| needs: find-hotfix-tag-number | |
| uses: ./.github/workflows/dev_on_workflow_build_and_tag.yml | |
| secrets: | |
| GCP_EHP_SERVICE_ACCOUNT: ${{ secrets.GCP_EHP_SERVICE_ACCOUNT }} | |
| GCP_EHP_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.GCP_EHP_WORKLOAD_IDENTITY_PROVIDER }} | |
| with: | |
| base_ref: ${{ github.ref }} | |
| tag_number: ${{ needs.find-hotfix-tag-number.outputs.hotfixTagNumber }} | |
| base_ref_is_a_branch: true | |
| create-pro-staging-release: | |
| name: "Pro staging" | |
| needs: [build-and-tag-version, find-hotfix-tag-number] | |
| uses: ./.github/workflows/dev_on_workflow_deploy_pro_pr_version_generic.yml | |
| secrets: | |
| GCP_EHP_SERVICE_ACCOUNT: ${{ secrets.GCP_EHP_SERVICE_ACCOUNT }} | |
| GCP_EHP_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.GCP_EHP_WORKLOAD_IDENTITY_PROVIDER }} | |
| with: | |
| ENV: "staging" | |
| CHANNEL: "${{ needs.find-hotfix-tag-number.outputs.hotfixTagNumber }}" | |
| EXPIRES: "30d" | |
| PUSH_RELEASE_TO_SENTRY: true | |
| REF: v${{ needs.find-hotfix-tag-number.outputs.hotfixTagNumber }} | |
| CACHE_BUCKET_NAME: "passculture-infra-prod-github-runner-cache" | |
| create-pro-integration-release: | |
| name: "Pro integration" | |
| needs: [build-and-tag-version, find-hotfix-tag-number] | |
| uses: ./.github/workflows/dev_on_workflow_deploy_pro_pr_version_generic.yml | |
| secrets: | |
| GCP_EHP_SERVICE_ACCOUNT: ${{ secrets.GCP_EHP_SERVICE_ACCOUNT }} | |
| GCP_EHP_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.GCP_EHP_WORKLOAD_IDENTITY_PROVIDER }} | |
| with: | |
| ENV: "integration" | |
| CHANNEL: "${{ needs.find-hotfix-tag-number.outputs.hotfixTagNumber }}" | |
| EXPIRES: "30d" | |
| REF: v${{ needs.find-hotfix-tag-number.outputs.hotfixTagNumber }} | |
| CACHE_BUCKET_NAME: "passculture-infra-prod-github-runner-cache" | |
| create-pro-production-release: | |
| name: "Pro production" | |
| needs: [build-and-tag-version, find-hotfix-tag-number] | |
| uses: ./.github/workflows/dev_on_workflow_deploy_pro_pr_version_generic.yml | |
| secrets: | |
| GCP_EHP_SERVICE_ACCOUNT: ${{ secrets.GCP_EHP_SERVICE_ACCOUNT }} | |
| GCP_EHP_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.GCP_EHP_WORKLOAD_IDENTITY_PROVIDER }} | |
| with: | |
| ENV: "production" | |
| CHANNEL: "${{ needs.find-hotfix-tag-number.outputs.hotfixTagNumber }}" | |
| EXPIRES: "30d" | |
| PUSH_RELEASE_TO_SENTRY: true | |
| REF: v${{ needs.find-hotfix-tag-number.outputs.hotfixTagNumber }} | |
| CACHE_BUCKET_NAME: "passculture-infra-prod-github-runner-cache" | |
| slack-notification: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - find-hotfix-tag-number | |
| - build-and-tag-version | |
| - create-pro-staging-release | |
| - create-pro-integration-release | |
| - create-pro-production-release | |
| if: always() | |
| env: | |
| TAG_NAME: v${{ needs.find-hotfix-tag-number.outputs.hotfixTagNumber }} | |
| steps: | |
| - uses: technote-space/workflow-conclusion-action@v3 | |
| - name: "Authentification to Google" | |
| uses: 'google-github-actions/auth@v2' | |
| with: | |
| workload_identity_provider: ${{ secrets.GCP_EHP_WORKLOAD_IDENTITY_PROVIDER }} | |
| service_account: ${{ secrets.GCP_EHP_SERVICE_ACCOUNT }} | |
| - name: "Get Secret" | |
| id: 'secrets' | |
| uses: 'google-github-actions/get-secretmanager-secrets@v2' | |
| with: | |
| secrets: |- | |
| SLACK_BOT_TOKEN:passculture-metier-ehp/passculture-ci-slack-bot-token | |
| - name: "Slack output" | |
| id: "slack-text" | |
| run: | | |
| if [ "${{ env.WORKFLOW_CONCLUSION }}" == "success" ]; then | |
| echo text="La pose du tag *${{ env.TAG_NAME }}* a réussi. Vous pouvez maintenant le <https://github.com/pass-culture/pass-culture-main/actions/workflows/dev_on_dispatch_release_deploy.yml|déployer> :rocket:" | tee -a $GITHUB_OUTPUT | |
| elif [ "${{ env.WORKFLOW_CONCLUSION }}" == "cancelled" ]; then | |
| echo text="La pose du tag a été annulée. Détails sur <${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|Github>" | tee -a $GITHUB_OUTPUT | |
| else | |
| echo text="La pose du tag *${{ env.TAG_NAME }}* a échoué :x: Détails sur <${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|Github>" | tee -a $GITHUB_OUTPUT | |
| fi | |
| - name: "Post on #shérif" | |
| if: always() | |
| uses: slackapi/[email protected] | |
| env: | |
| SLACK_BOT_TOKEN: ${{ steps.secrets.outputs.SLACK_BOT_TOKEN }} | |
| with: | |
| channel-id: CU0SQ8Y58 | |
| payload: | | |
| { | |
| "attachments": [ | |
| { | |
| "color": "${{ fromJSON('["#36a64f", "#A30002"]')[env.WORKFLOW_CONCLUSION == 'failure'] }}", | |
| "blocks": [ | |
| { | |
| "type": "context", | |
| "elements": [ | |
| { | |
| "type": "image", | |
| "image_url": "https://github.com/${{github.actor}}.png", | |
| "alt_text": "${{github.actor}}" | |
| }, | |
| { | |
| "type": "mrkdwn", | |
| "text": "<https://github.com/${{github.actor}}|*${{github.actor}}*>" | |
| } | |
| ] | |
| }, | |
| { | |
| "type": "section", | |
| "text": { | |
| "type": "mrkdwn", | |
| "text": "${{ steps.slack-text.outputs.text }}" | |
| } | |
| } | |
| ] | |
| } | |
| ] | |
| } |