dev_on_dispatch_release_build_hotfix.yml

name: "0 [on_dispatch/CD] Create hotfix release"

run-name: "Create a hotfix release from ${{ github.ref }}"

on:
  workflow_dispatch

permissions: write-all

jobs:
  check-worflow-ref:
    name: "Check worflow ref"
    runs-on: ubuntu-latest
    steps:
      - name: Check worflow ref
        run: |
          if ! [[ ${{ github.ref }} == refs/heads/maint/v* ]]; then
            echo "This workflow can only be triggered from a maintenance branch (starting with 'maint/v')"
            exit 1
          fi

  find-hotfix-tag-number:
    # Find the next hotfix version available
    # Example: given branch maint/v200 and existing tags v200.0.0, v200.0.1 then output == 200.0.2
    name: "Find hotfix tag number"
    needs: check-worflow-ref
    runs-on: ubuntu-latest
    outputs:
      hotfixTagNumber: ${{ steps.find-hotfix-tag-number.outputs.hotfixTagNumber }}
    steps:
      - name: "Checkout 🛎️"
        uses: actions/checkout@v4.1.7
        with:
          persist-credentials: false
          fetch-depth: 0 # Fetch all history to get all tags
      - name: "Find hotfix tag number"
        id: "find-hotfix-tag-number"
        run: |
          GITHUB_REF=${{ github.ref }}
          MAJOR_NUMBER=(${GITHUB_REF//refs\/heads\/maint\/v/ })
          CURRENT_PATCH_NUMBER=$(git tag -l "v${MAJOR_NUMBER}.0.*" | sort -V | tail -n 1 | cut -d. -f3)
          NEXT_PATCH_NUMBER=$((CURRENT_PATCH_NUMBER + 1))
          echo "hotfixTagNumber=${MAJOR_NUMBER}.0.${NEXT_PATCH_NUMBER}" | tee -a $GITHUB_OUTPUT

  build-and-tag-version:
    name: "Build and tag version"
    needs: find-hotfix-tag-number
    uses: ./.github/workflows/dev_on_workflow_build_and_tag.yml
    secrets:
      GCP_EHP_SERVICE_ACCOUNT: ${{ secrets.GCP_EHP_SERVICE_ACCOUNT }}
      GCP_EHP_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.GCP_EHP_WORKLOAD_IDENTITY_PROVIDER }}
    with:
      base_ref: ${{ github.ref }}
      tag_number: ${{ needs.find-hotfix-tag-number.outputs.hotfixTagNumber }}
      base_ref_is_a_branch: true

  create-pro-staging-release:
    name: "Pro staging"
    needs: [build-and-tag-version, find-hotfix-tag-number]
    uses: ./.github/workflows/dev_on_workflow_deploy_pro_pr_version_generic.yml
    secrets:
      GCP_EHP_SERVICE_ACCOUNT: ${{ secrets.GCP_EHP_SERVICE_ACCOUNT }}
      GCP_EHP_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.GCP_EHP_WORKLOAD_IDENTITY_PROVIDER }}
    with:
      ENV: "staging"
      CHANNEL: "${{ needs.find-hotfix-tag-number.outputs.hotfixTagNumber }}"
      EXPIRES: "30d"
      PUSH_RELEASE_TO_SENTRY: true
      REF: v${{ needs.find-hotfix-tag-number.outputs.hotfixTagNumber }}
      CACHE_BUCKET_NAME: "passculture-infra-prod-github-runner-cache"

  create-pro-integration-release:
    name: "Pro integration"
    needs: [build-and-tag-version, find-hotfix-tag-number]
    uses: ./.github/workflows/dev_on_workflow_deploy_pro_pr_version_generic.yml
    secrets:
      GCP_EHP_SERVICE_ACCOUNT: ${{ secrets.GCP_EHP_SERVICE_ACCOUNT }}
      GCP_EHP_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.GCP_EHP_WORKLOAD_IDENTITY_PROVIDER }}
    with:
      ENV: "integration"
      CHANNEL: "${{ needs.find-hotfix-tag-number.outputs.hotfixTagNumber }}"
      EXPIRES: "30d"
      REF: v${{ needs.find-hotfix-tag-number.outputs.hotfixTagNumber }}
      CACHE_BUCKET_NAME: "passculture-infra-prod-github-runner-cache"

  create-pro-production-release:
    name: "Pro production"
    needs: [build-and-tag-version, find-hotfix-tag-number]
    uses: ./.github/workflows/dev_on_workflow_deploy_pro_pr_version_generic.yml
    secrets:
      GCP_EHP_SERVICE_ACCOUNT: ${{ secrets.GCP_EHP_SERVICE_ACCOUNT }}
      GCP_EHP_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.GCP_EHP_WORKLOAD_IDENTITY_PROVIDER }}
    with:
      ENV: "production"
      CHANNEL: "${{ needs.find-hotfix-tag-number.outputs.hotfixTagNumber }}"
      EXPIRES: "30d"
      PUSH_RELEASE_TO_SENTRY: true
      REF: v${{ needs.find-hotfix-tag-number.outputs.hotfixTagNumber }}
      CACHE_BUCKET_NAME: "passculture-infra-prod-github-runner-cache"

  slack-notification:
    runs-on: ubuntu-latest
    needs:
      - find-hotfix-tag-number
      - build-and-tag-version
      - create-pro-staging-release
      - create-pro-integration-release
      - create-pro-production-release
    if: always()
    env:
      TAG_NAME: v${{ needs.find-hotfix-tag-number.outputs.hotfixTagNumber }}
    steps:
      - uses: technote-space/workflow-conclusion-action@v3
      - name: "Authentification to Google"
        uses: 'google-github-actions/auth@v2'
        with:
          workload_identity_provider: ${{ secrets.GCP_EHP_WORKLOAD_IDENTITY_PROVIDER }}
          service_account: ${{ secrets.GCP_EHP_SERVICE_ACCOUNT }}
      - name: "Get Secret"
        id: 'secrets'
        uses: 'google-github-actions/get-secretmanager-secrets@v2'
        with:
          secrets: |-
            SLACK_BOT_TOKEN:passculture-metier-ehp/passculture-ci-slack-bot-token
      - name: "Slack output"
        id: "slack-text"
        run: |
          if [ "${{ env.WORKFLOW_CONCLUSION }}" == "success" ]; then
            echo text="La pose du tag *${{ env.TAG_NAME }}* a réussi. Vous pouvez maintenant le <https://github.com/pass-culture/pass-culture-main/actions/workflows/dev_on_dispatch_release_deploy.yml|déployer> :rocket:" | tee -a $GITHUB_OUTPUT
          elif [ "${{ env.WORKFLOW_CONCLUSION }}" == "cancelled" ]; then
            echo text="La pose du tag a été annulée. Détails sur <${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|Github>" | tee -a $GITHUB_OUTPUT
          else
            echo text="La pose du tag *${{ env.TAG_NAME }}* a échoué :x: Détails sur <${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|Github>" | tee -a $GITHUB_OUTPUT
          fi
      - name: "Post on #shérif"
        if: always()
        uses: slackapi/slack-github-action@v1.26.0
        env:
          SLACK_BOT_TOKEN: ${{ steps.secrets.outputs.SLACK_BOT_TOKEN }}
        with:
          channel-id: CU0SQ8Y58
          payload: |
            {
              "attachments": [
                {
                  "color": "${{ fromJSON('["#36a64f", "#A30002"]')[env.WORKFLOW_CONCLUSION == 'failure'] }}",
                  "blocks": [
                    {
                      "type": "context",
                      "elements": [
                        {
                          "type": "image",
                          "image_url": "https://github.com/${{github.actor}}.png",
                          "alt_text": "${{github.actor}}"
                        },
                        {
                          "type": "mrkdwn",
                          "text": "<https://github.com/${{github.actor}}|*${{github.actor}}*>"
                        }
                      ]
                    },
                    {
                      "type": "section",
                      "text": {
                        "type": "mrkdwn",
                        "text": "${{ steps.slack-text.outputs.text }}"
                      }
                    }
                  ]
                }
              ]
            }