Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

PLT-655 Add workflows to promote images and release app #1397

Merged
merged 38 commits into from
Oct 4, 2024
Merged
Show file tree
Hide file tree
Changes from 32 commits
Commits
Show all changes
38 commits
Select commit Hold shift + click to select a range
1fcaf09
adding workflow to promote images
Sep 24, 2024
42118d3
add on pr run
oluwolenpbc Sep 25, 2024
4b2fe0f
add dispatch
oluwolenpbc Sep 25, 2024
0b117a2
node20 workaround
oluwolenpbc Sep 25, 2024
475607b
address comments
oluwolenpbc Sep 26, 2024
b74532e
plt-656 add release workflow
Sep 26, 2024
4e4b23e
change to reflect pr yml
oluwolenpbc Oct 1, 2024
3556193
fix promote.yml
oluwolenpbc Oct 1, 2024
42eb7cf
fix release.yml
oluwolenpbc Oct 1, 2024
922ef33
Update release.yml
oluwolenpbc Oct 1, 2024
3c45265
Merge branch 'main' into PLT-655
oluwolenpbc Oct 1, 2024
5bb10d9
Update release.yml
oluwolenpbc Oct 1, 2024
07f08fb
Update release.yml
oluwolenpbc Oct 1, 2024
ed9d805
remove oidc connector
oluwolenpbc Oct 1, 2024
a8ada07
readd steps
oluwolenpbc Oct 1, 2024
092743f
update image tag
oluwolenpbc Oct 1, 2024
0572581
add debug
oluwolenpbc Oct 1, 2024
8c4bbdf
Update promote.yml
oluwolenpbc Oct 1, 2024
bffe65b
add region
oluwolenpbc Oct 1, 2024
6abad2c
Update promote.yml
oluwolenpbc Oct 1, 2024
5febb49
change to self hosted
oluwolenpbc Oct 1, 2024
cfa7ccd
Update promote.yml
oluwolenpbc Oct 1, 2024
a51ac93
change sandbox to sbx
oluwolenpbc Oct 2, 2024
86e3120
add permissions
oluwolenpbc Oct 2, 2024
39d9948
remove permissions
oluwolenpbc Oct 2, 2024
25ab282
readd permissions
oluwolenpbc Oct 2, 2024
a28631f
add permissions to release
oluwolenpbc Oct 2, 2024
2f98642
fix tagging
Oct 2, 2024
e1dfb87
fix indention
Oct 2, 2024
92b9f62
end file
Oct 2, 2024
f62c7da
fix identation
Oct 2, 2024
589259e
make prod ready
Oct 2, 2024
d799ee8
Update release.yml
oluwolenpbc Oct 3, 2024
33ed7e1
Update promote.yml
oluwolenpbc Oct 3, 2024
7529597
Update release.yml
oluwolenpbc Oct 3, 2024
65643eb
Separate permissions line
oluwolenpbc Oct 3, 2024
7a8ba0c
Remove comment
oluwolenpbc Oct 3, 2024
87c28d1
Remove prod api
oluwolenpbc Oct 3, 2024
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
82 changes: 82 additions & 0 deletions .github/workflows/promote.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,82 @@
name: promote

on:
workflow_call:
inputs:
environment:
required: true
type: string
module:
required: true
type: string
workflow_dispatch:
inputs:
environment:
required: true
type: choice
options:
- sbx
- prod
- prod-test
oluwolenpbc marked this conversation as resolved.
Show resolved Hide resolved
module:
required: true
type: choice
options:
- api
- worker
permissions:
contents: read
id-token: write
gsf marked this conversation as resolved.
Show resolved Hide resolved

jobs:
promote:
runs-on: ubuntu-latest
env:
ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION: true
oluwolenpbc marked this conversation as resolved.
Show resolved Hide resolved
AWS_REGION: ${{ vars.AWS_REGION }}
DEPLOYMENT_ENV: ${{ vars[format('{0}_DEPLOYMENT_ENV', inputs.environment)] }}

steps:
- name: Checkout Code
uses: actions/checkout@v3

- name: Assume role in AB2D Management account
uses: aws-actions/configure-aws-credentials@v3
with:
aws-region: ${{ vars.AWS_REGION }}
role-to-assume: arn:aws:iam::${{ secrets.MGMT_ACCOUNT_ID }}:role/delegatedadmin/developer/ab2d-mgmt-github-actions

- name: Retag images in ECR
run: |
SHA_SHORT=$(git rev-parse --short HEAD)
ECR_REPO_DOMAIN="${{ secrets.MGMT_ACCOUNT_ID }}.dkr.ecr.$AWS_REGION.amazonaws.com"
ECR_REPO_URI="$ECR_REPO_DOMAIN/ab2d_${{ inputs.module }}"

# Define target tags based on the environment
if [ "${{ inputs.environment }}" == "sbx" ]; then
TARGET_TAG="ab2d-sbx-sandbox-latest"
elif [ "${{ inputs.environment }}" == "prod" ]; then
TARGET_TAG="ab2d-east-prod-latest"
elif [ "${{ inputs.environment }}" == "prod-test" ]; then
TARGET_TAG="ab2d-east-prod-test-latest"
else
echo "Unsupported environment: ${{ inputs.environment }}"
exit 1
fi

oluwolenpbc marked this conversation as resolved.
Show resolved Hide resolved

IMAGE_EXISTS=$(aws ecr describe-images --repository-name "ab2d_${{ inputs.module }}" --image-ids imageTag=$TARGET_TAG --query 'imageDetails' --output text)

if [ -n "$IMAGE_EXISTS" ]; then
echo "Image with tag $TARGET_TAG already exists. Skipping put-image."
else
# Get the manifest of the latest test image
MANIFEST=$(aws ecr batch-get-image --repository-name "ab2d_${{ inputs.module }}" --image-ids imageTag=ab2d-east-impl-latest --output text --query 'images[].imageManifest' --debug)

# Retag the image
aws ecr put-image --repository-name "ab2d_${{ inputs.module }}" --image-tag "$TARGET_TAG-$SHA_SHORTs" --image-manifest "$MANIFEST"
fi

- name: Verify new tags
oluwolenpbc marked this conversation as resolved.
Show resolved Hide resolved
run: |
aws ecr describe-images --repository-name "ab2d_${{ inputs.module }}"
104 changes: 104 additions & 0 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,104 @@
name: release

on:
release:
types: [released]
workflow_dispatch:
inputs:
environment:
required: true
type: choice
options:
- sbx
- prod
- prod-test
oluwolenpbc marked this conversation as resolved.
Show resolved Hide resolved

permissions:
contents: read
id-token: write

jobs:
# Promote and Deploy to prod-test
oluwolenpbc marked this conversation as resolved.
Show resolved Hide resolved
promote-prod-test-api:
uses: ./.github/workflows/promote.yml
with:
environment: prod-test
module: api
secrets: inherit
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The promote-prod-test-api job is not needed


promote-prod-test-worker:
uses: ./.github/workflows/promote.yml
with:
environment: prod-test
module: worker
secrets: inherit

deploy-prod-test-worker:
needs: promote-prod-test-worker
uses: ./.github/workflows/deploy.yml
with:
environment: prod-test
module: worker
secrets: inherit

# Promote and Deploy to prod
promote-prod-api:
uses: ./.github/workflows/promote.yml
with:
environment: prod
module: api
secrets: inherit

promote-prod-worker:
uses: ./.github/workflows/promote.yml
with:
environment: prod
module: worker
secrets: inherit

deploy-prod-api:
needs: promote-prod-api
uses: ./.github/workflows/deploy.yml
with:
environment: prod
module: api
secrets: inherit

deploy-prod-worker:
needs: promote-prod-worker
uses: ./.github/workflows/deploy.yml
with:
environment: prod
module: worker
secrets: inherit

# Promote and Deploy to sandbox
promote-sbx-api:
uses: ./.github/workflows/promote.yml
with:
environment: sbx
module: api
secrets: inherit

promote-sbx-worker:
uses: ./.github/workflows/promote.yml
with:
environment: sbx
module: worker
secrets: inherit

deploy-sbx-api:
needs: promote-sbx-api
uses: ./.github/workflows/deploy.yml
with:
environment: sbx
module: api
secrets: inherit

deploy-sbx-worker:
needs: promote-sbx-worker
uses: ./.github/workflows/deploy.yml
with:
environment: sbx
module: worker
secrets: inherit
Loading