-
Notifications
You must be signed in to change notification settings - Fork 37
165 lines (155 loc) · 6.29 KB
/
dev_on_dispatch_release_build.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
name: "0 [on_dispatch/CD] Create release"
run-name: "Create release ${{ inputs.releaseNumber }}.0.0"
on:
workflow_dispatch:
inputs:
commitHash:
description: "Hash du commit à déployer (ex: cadd172232c80206107e2f0122542adf19fb42af)"
required: true
type: string
releaseNumber:
description: "Numéro de l'itération (ex: 199)"
required: true
type: string
permissions: write-all
jobs:
build-and-tag-version:
name: "Build and tag version"
uses: ./.github/workflows/dev_on_workflow_build_and_tag.yml
secrets:
GCP_EHP_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.GCP_EHP_WORKLOAD_IDENTITY_PROVIDER }}
GCP_EHP_SERVICE_ACCOUNT: ${{ secrets.GCP_EHP_SERVICE_ACCOUNT }}
with:
base_ref: ${{ github.event.inputs.commitHash }}
tag_number: ${{ github.event.inputs.releaseNumber }}.0.0
create-pro-staging-release:
name: "Pro staging"
needs: build-and-tag-version
uses: ./.github/workflows/dev_on_workflow_deploy_pro_pr_version_generic.yml
secrets:
GCP_EHP_SERVICE_ACCOUNT: ${{ secrets.GCP_EHP_SERVICE_ACCOUNT }}
GCP_EHP_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.GCP_EHP_WORKLOAD_IDENTITY_PROVIDER }}
with:
ENV: staging
CHANNEL: "${{ github.event.inputs.releaseNumber }}.0.0"
EXPIRES: "30d"
PUSH_RELEASE_TO_SENTRY: true
REF: v${{ github.event.inputs.releaseNumber }}.0.0
CACHE_BUCKET_NAME: "passculture-infra-prod-github-runner-cache"
create-pro-integration-release:
name: "Pro integration"
needs: build-and-tag-version
uses: ./.github/workflows/dev_on_workflow_deploy_pro_pr_version_generic.yml
secrets:
GCP_EHP_SERVICE_ACCOUNT: ${{ secrets.GCP_EHP_SERVICE_ACCOUNT }}
GCP_EHP_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.GCP_EHP_WORKLOAD_IDENTITY_PROVIDER }}
with:
ENV: integration
CHANNEL: "${{ github.event.inputs.releaseNumber }}.0.0"
EXPIRES: "30d"
REF: v${{ github.event.inputs.releaseNumber }}.0.0
CACHE_BUCKET_NAME: "passculture-infra-prod-github-runner-cache"
create-pro-production-release:
name: "Pro production"
needs: build-and-tag-version
uses: ./.github/workflows/dev_on_workflow_deploy_pro_pr_version_generic.yml
secrets:
GCP_EHP_SERVICE_ACCOUNT: ${{ secrets.GCP_EHP_SERVICE_ACCOUNT }}
GCP_EHP_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.GCP_EHP_WORKLOAD_IDENTITY_PROVIDER }}
with:
ENV: production
CHANNEL: "${{ github.event.inputs.releaseNumber }}.0.0"
EXPIRES: "30d"
REF: v${{ github.event.inputs.releaseNumber }}.0.0
PUSH_RELEASE_TO_SENTRY: true
CACHE_BUCKET_NAME: "passculture-infra-prod-github-runner-cache"
create-maintenance-branch:
name: "Create maintenance branch"
needs:
- build-and-tag-version
- create-pro-production-release
- create-pro-staging-release
- create-pro-integration-release
runs-on: ubuntu-latest
env:
MAINTENANCE_BRANCH: maint/v${{ github.event.inputs.releaseNumber }}
steps:
- name: "Checkout new tag"
uses: actions/[email protected]
with:
ref: v${{ github.event.inputs.releaseNumber }}.0.0
- name: "Create maintenance branch"
run: |
git checkout -b "$MAINTENANCE_BRANCH"
git push origin "$MAINTENANCE_BRANCH"
slack-notification:
runs-on: ubuntu-latest
needs:
- build-and-tag-version
- create-pro-production-release
- create-pro-staging-release
- create-pro-integration-release
if: always()
env:
TAG_NAME: v${{ github.event.inputs.releaseNumber }}.0.0
steps:
- uses: technote-space/workflow-conclusion-action@v3
- name: "Authentification to Google"
uses: 'google-github-actions/auth@v2'
with:
workload_identity_provider: ${{ secrets.GCP_EHP_WORKLOAD_IDENTITY_PROVIDER }}
service_account: ${{ secrets.GCP_EHP_SERVICE_ACCOUNT }}
- name: "Get Secret"
id: 'secrets'
uses: 'google-github-actions/get-secretmanager-secrets@v2'
with:
secrets: |-
SLACK_BOT_TOKEN:passculture-metier-ehp/passculture-ci-slack-bot-token
- name: "Slack output"
id: "slack-text"
run: |
if [ "${{ env.WORKFLOW_CONCLUSION }}" == "success" ]; then
echo text="La pose du tag *${{ env.TAG_NAME }}* a réussi. Vous pouvez maintenant le <https://github.com/pass-culture/pass-culture-main/actions/workflows/dev_on_dispatch_release_deploy.yml|déployer> :rocket:" | tee -a $GITHUB_OUTPUT
elif [ "${{ env.WORKFLOW_CONCLUSION }}" == "cancelled" ]; then
echo text="La pose du tag a été annulée. Détails sur <${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|Github>" | tee -a $GITHUB_OUTPUT
else
echo text="La pose du tag *${{ env.TAG_NAME }}* a échoué :x: Détails sur <${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|Github>" | tee -a $GITHUB_OUTPUT
fi
- name: "Post on #shérif"
if: always()
uses: slackapi/[email protected]
env:
SLACK_BOT_TOKEN: ${{ steps.secrets.outputs.SLACK_BOT_TOKEN }}
with:
channel-id: CU0SQ8Y58
payload: |
{
"attachments": [
{
"color": "${{ fromJSON('["#36a64f", "#A30002"]')[env.WORKFLOW_CONCLUSION == 'failure'] }}",
"blocks": [
{
"type": "context",
"elements": [
{
"type": "image",
"image_url": "https://github.com/${{github.actor}}.png",
"alt_text": "${{github.actor}}"
},
{
"type": "mrkdwn",
"text": "<https://github.com/${{github.actor}}|*${{github.actor}}*>"
}
]
},
{
"type": "section",
"text": {
"type": "mrkdwn",
"text": "${{ steps.slack-text.outputs.text }}"
}
}
]
}
]
}