Hotfix on workflows-service #2
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Under Testing - Hotfix on workflows-service | |
on: | |
workflow_dispatch: | |
inputs: | |
environment: | |
type: choice | |
description: 'Choose Environment for Hotfix' | |
required: true | |
default: 'dev' | |
options: | |
- 'dev' | |
- 'sb' | |
- 'prod' | |
env: | |
REGISTRY: ghcr.io | |
IMAGE_NAME: ${{ github.repository_owner }}/workflows-service | |
jobs: | |
build-and-push-image: | |
runs-on: ubuntu-latest | |
permissions: | |
contents: read | |
packages: write | |
outputs: | |
sha_short: ${{ steps.version.outputs.sha_short }} # short sha of the commit | |
image_tags: ${{ steps.docker_meta.outputs.tags }} # <short_sha>-<branch_name>, <branch_name>, latest(for prod branch only) | |
version: ${{ steps.bump-version.outputs.version }} # [email protected] | |
bumped_tag: ${{ steps.bump-version.outputs.tag }} # bumped patched version X.X.X+1 | |
docker_image: ${{ steps.docker-version.outputs.image }} # ghcr.io/ballerine-io/workflows-service | |
docker_tag: ${{ steps.docker-version.outputs.tag }} # <short_sha>-<branch_name> | |
docker_full_image: ${{ steps.docker-version.outputs.full_image }} # ghcr.io/ballerine-io/workflows-service:<short_sha>-<branch_name> | |
sanitized-branch: ${{ steps.sanitized-branch.outputs.sanitized-branch-name }} | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
- name: Get tags | |
run: git fetch --tags origin | |
- name: Get version | |
id: version | |
run: | | |
TAG=$(git tag -l "$(echo workflow-service@)*" | sort -V -r | head -n 1) | |
echo "tag=$TAG" | |
echo "tag=$TAG" >> "$GITHUB_OUTPUT" | |
echo "TAG=$TAG" >> "$GITHUB_ENV" | |
SHORT_SHA=$(git rev-parse --short HEAD) | |
echo "sha_short=$SHORT_SHA" | |
echo "sha_short=$SHORT_SHA" >> $GITHUB_OUTPUT | |
echo "SHORT_SHA=$SHORT_SHA" >> $GITHUB_ENV | |
echo "DEV_WF_SHORT_SHA=$SHORT_SHA" >> $GITHUB_ENV | |
- name: Bump version | |
id: bump-version | |
uses: ./.github/actions/bump-version | |
with: | |
tag: ${{ steps.version.outputs.tag }} | |
- name: "Determine Branch" | |
id: sanitized-branch | |
uses: transferwise/sanitize-branch-name@v1 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v2 | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v2 | |
with: | |
platforms: 'arm64,arm' | |
- name: Cache Docker layers | |
id: cache | |
uses: actions/cache@v2 | |
with: | |
path: /tmp/.buildx-cache | |
key: ${{ runner.os }}-docker-${{ hashFiles('**/Dockerfile') }} | |
restore-keys: | | |
${{ runner.os }}-docker-${{ hashFiles('**/Dockerfile') }} | |
${{ runner.os }}-docker- | |
- name: Log in to the Container registry | |
uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 | |
with: | |
registry: ${{ env.REGISTRY }} | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Extract metadata for Docker images | |
id: docker_meta | |
uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7 | |
with: | |
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | |
tags: | | |
type=raw,value=${{ github.ref_name }} | |
type=raw,value=dev | |
type=raw,value=${{ steps.version.outputs.sha_short }}-${{ steps.sanitized-branch.outputs.sanitized-branch-name }} | |
type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'prod') }} | |
type=sha,format=short | |
- name: Docker metadata version | |
id: docker-version | |
run: | | |
DOCKER_IMAGE=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | |
DOCKER_TAG=${{ steps.version.outputs.sha_short }}-${{ github.ref_name }} | |
DOCKER_FULL_IMAGE=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.version.outputs.sha_short }}-${{ steps.sanitized-branch.outputs.sanitized-branch-name }} | |
echo "DOCKER_IMAGE=$DOCKER_IMAGE" | |
echo "DOCKER_TAG=$DOCKER_TAG" | |
echo "DOCKER_FULL_IMAGE=$DOCKER_FULL_IMAGE" | |
echo "image=$DOCKER_IMAGE" >> $GITHUB_OUTPUT | |
echo "tag=$DOCKER_TAG" >> $GITHUB_OUTPUT | |
echo "full_image=$DOCKER_FULL_IMAGE" >> $GITHUB_OUTPUT | |
- name: Print docker version outputs | |
run: | | |
echo "Metadata: ${{ steps.docker_meta.outputs.tags }}" | |
echo "sha_short: ${{ steps.version.outputs.sha_short }}" | |
echo "docker_meta-tags: ${{ steps.docker_meta.outputs.tags }}" | |
echo "bump-version-version: ${{ steps.bump-version.outputs.version }}" | |
echo "bump-version-tag: ${{ steps.bump-version.outputs.tag }}" | |
- name: Build and push Docker image | |
uses: docker/build-push-action@v5 | |
with: | |
context: services/workflows-service | |
platforms: linux/amd64 | |
push: true | |
cache-from: type=local,src=/tmp/.buildx-cache | |
cache-to: type=local,dest=/tmp/.buildx-cache | |
tags: ${{ steps.docker_meta.outputs.tags }} | |
build-args: | | |
"RELEASE=${{ steps.bump-version.outputs.tag }}" | |
"SHORT_SHA=${{ steps.version.outputs.sha_short }}" | |
- name: Scan Docker Image | |
uses: aquasecurity/trivy-action@master | |
continue-on-error: true | |
with: | |
cache-dir: | |
image-ref: ${{ steps.docker-version.outputs.full_image }} | |
format: 'table' | |
ignore-unfixed: true | |
exit-code: 1 | |
trivyignores: ./.trivyignore | |
vuln-type: 'os,library' | |
severity: 'CRITICAL' | |
build-and-push-ee-image: | |
runs-on: ubuntu-latest | |
needs: build-and-push-image | |
outputs: | |
SUBMODULE_SHORT_HASH: ${{ steps.lastcommit.outputs.shorthash }} # short sha of the commit | |
docker_tag: ${{ steps.docker-version.outputs.wf_m_tag }} | |
permissions: | |
contents: read | |
packages: write | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 1 | |
submodules: 'recursive' | |
token: ${{ secrets.SUBMODULES_TOKEN }} | |
- name: Cache Docker layers | |
id: cache | |
uses: actions/cache@v2 | |
with: | |
path: /tmp/.buildx-cache | |
key: ${{ runner.os }}-docker-${{ hashFiles('**/Dockerfile') }} | |
restore-keys: | | |
${{ runner.os }}-docker-${{ hashFiles('**/Dockerfile') }} | |
${{ runner.os }}-docker- | |
- name: Checkout wf-data-migration | |
uses: actions/checkout@v4 | |
with: | |
repository: ballerine-io/wf-data-migration | |
token: ${{ secrets.SUBMODULES_TOKEN }} | |
ref: ${{ inputs.environment }} | |
fetch-depth: 1 | |
path: services/workflows-service/prisma/data-migrations | |
- name: Get Latest Commit ID | |
id: lastcommit | |
uses: nmbgeek/github-action-get-latest-commit@main | |
with: | |
owner: ${{ github.repository_owner }} | |
token: ${{ secrets.SUBMODULES_TOKEN }} | |
repo: wf-data-migration | |
branch: ${{ inputs.environment }} | |
- name: Set Commit Id as Env | |
run: echo "SUBMODULE_SHORT_HASH=${{ steps.lastcommit.outputs.shorthash }}" >> $GITHUB_ENV | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v3 | |
with: | |
platforms: 'arm64,arm' | |
- name: Log in to the container registry | |
uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 | |
with: | |
registry: ${{ env.REGISTRY }} | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Extract metadata for ee Docker images | |
id: eemeta | |
uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7 | |
with: | |
images: ${{needs.build-and-push-image.outputs.docker_image}}-ee | |
tags: | | |
type=raw,value=${{ inputs.environment }} | |
type=raw,value=${{ needs.build-and-push-image.outputs.sha_short }}-${{ steps.lastcommit.outputs.shorthash }}-${{ needs.build-and-push-image.outputs.sanitized-branch }} | |
type=sha,format=short | |
- name: Docker metadata version | |
id: docker-version | |
run: | | |
DOCKER_IMAGE=${{needs.build-and-push-image.outputs.docker_image}}-ee | |
DOCKER_TAG=${{ needs.build-and-push-image.outputs.sha_short }}-${{ steps.lastcommit.outputs.shorthash }}-${{ needs.build-and-push-image.outputs.sanitized-branch }} | |
DOCKER_FULL_IMAGE=$DOCKER_IMAGE:$DOCKER_TAG | |
echo "DOCKER_IMAGE=$DOCKER_IMAGE" | |
echo "DOCKER_TAG=$DOCKER_TAG" | |
echo "DOCKER_FULL_IMAGE=$DOCKER_FULL_IMAGE" | |
echo "wf_m_image=$DOCKER_IMAGE" >> $GITHUB_OUTPUT | |
echo "wf_m_tag=$DOCKER_TAG" >> $GITHUB_OUTPUT | |
echo "wf_m_full_image=$DOCKER_FULL_IMAGE" >> $GITHUB_OUTPUT | |
- name: Build and push ee Docker image | |
uses: docker/build-push-action@v5 | |
with: | |
context: services/workflows-service | |
file: services/workflows-service/Dockerfile.ee | |
platforms: linux/amd64 | |
push: true | |
cache-from: type=local,src=/tmp/.buildx-cache | |
tags: ${{ steps.eemeta.outputs.tags }} | |
build-args: | | |
"BASE_IMAGE=${{needs.build-and-push-image.outputs.docker_full_image}}" | |
"RELEASE=${{ needs.build-and-push-image.outputs.bumped_tag }}" | |
"SHORT_SHA=${{ needs.build-and-push-image.outputs.sha_short }}" | |
update-helm-chart: | |
runs-on: ubuntu-latest | |
needs: [build-and-push-ee-image,build-and-push-image] | |
permissions: | |
contents: read | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 1 | |
- name: Checkout cloud-infra-config repository | |
uses: actions/checkout@v4 | |
with: | |
repository: ballerine-io/cloud-infra-config | |
token: ${{ secrets.GIT_TOKEN }} | |
ref: main | |
fetch-depth: 1 | |
sparse-checkout: | | |
kubernetes/helm/wf-service-migration | |
sparse-checkout-cone-mode: true | |
- name: Check if values yaml file exists | |
id: update_helm_check | |
shell: bash | |
run: | | |
if [ -f "kubernetes/helm/wf-service-migration/${{ inputs.environment }}-custom-values.yaml" ]; then | |
echo "file_name=${{ inputs.environment }}-custom-values.yaml" >> "$GITHUB_OUTPUT" | |
echo ${{ needs.build-and-push-image.outputs.sha_short }}-${{ needs.build-and-push-ee-image.outputs.SUBMODULE_SHORT_HASH }} | |
else | |
echo "file_name=dev-custom-values.yaml" >> "$GITHUB_OUTPUT" | |
echo ${{ needs.build-and-push-image.outputs.sha_short }}-${{ needs.build-and-push-ee-image.outputs.SUBMODULE_SHORT_HASH }} | |
fi | |
- name: Update workflow-service image version in the HelmChart | |
uses: fjogeleit/yaml-update-action@main | |
with: | |
repository: ballerine-io/cloud-infra-config | |
branch: main | |
commitChange: true | |
message: "Performed HotFix to ${{ inputs.environment }} Sample wf-service application image Version to ${{ needs.build-and-push-image.outputs.sha_short }}-${{ needs.build-and-push-ee-image.outputs.SUBMODULE_SHORT_HASH }}-${{ inputs.environment }} - (Commit hash: ${{ github.sha }}, commit message: ${{ github.event.head_commit.message }})" | |
token: ${{ secrets.GIT_TOKEN }} | |
changes: | | |
{ | |
"kubernetes/helm/wf-service-migration/${{steps.update_helm_check.outputs.file_name}}": { | |
"image.tag": "${{ needs.build-and-push-image.outputs.sha_short }}-${{ needs.build-and-push-ee-image.outputs.SUBMODULE_SHORT_HASH }}-${{ needs.build-and-push-image.outputs.sanitized-branch }}", | |
"prismaMigrate.image.tag": "${{ needs.build-and-push-image.outputs.sha_short }}-${{ needs.build-and-push-ee-image.outputs.SUBMODULE_SHORT_HASH }}-${{ needs.build-and-push-image.outputs.sanitized-branch }}", | |
"dbMigrate.image.tag": "${{ needs.build-and-push-image.outputs.sha_short }}-${{ needs.build-and-push-ee-image.outputs.SUBMODULE_SHORT_HASH }}-${{ needs.build-and-push-image.outputs.sanitized-branch }}", | |
"dataSync.image.tag": "${{ needs.build-and-push-image.outputs.sha_short }}-${{ needs.build-and-push-ee-image.outputs.SUBMODULE_SHORT_HASH }}-${{ needs.build-and-push-image.outputs.sanitized-branch }}" | |
} | |
} | |
send-to-slack: | |
runs-on: ubuntu-latest | |
needs: [update-helm-chart,build-and-push-ee-image,build-and-push-image] | |
if: ${{ needs.update-helm-chart.result == 'success' }} | |
permissions: | |
contents: read | |
packages: write | |
steps: | |
- name: Send alert to Slack channel | |
id: slack | |
uses: slackapi/[email protected] | |
with: | |
channel-id: '${{ secrets.ARGO_SLACK_CHANNEL_ID }}' | |
slack-message: "Hotfix tested on Wf-service Sample app Deployment in ${{ inputs.environment }} with tag ${{ needs.build-and-push-image.outputs.sha_short }}-${{ needs.build-and-push-ee-image.outputs.SUBMODULE_SHORT_HASH }}-${{ inputs.environment }} build result: ${{ job.status }}. successfully updated the hotfix on wf-service helm values for ${{ inputs.environment }}." | |
env: | |
SLACK_BOT_TOKEN: ${{ secrets.ARGO_SLACK_BOT_TOKEN }} | |
# release: | |
# runs-on: ubuntu-latest | |
# needs: [build-and-push-image,update-helm-chart] | |
# if: ${{ needs.update-helm-chart.result=='success' }} && (startsWith(github.ref, 'refs/heads/prod') || startsWith(github.ref, 'refs/heads/dev') || startsWith(github.ref, 'refs/heads/sb') || github.event.inputs.environment == 'dev') | |
# env: | |
# GH_TOKEN: ${{ github.token }} | |
# steps: | |
# - name: Checkout repository | |
# uses: actions/checkout@v4 | |
# - name: Release | |
# run: | | |
# if [ "${{ inputs.environment }}" == "dev" ]; then | |
# suffix="-dev-${{ needs.build-and-push-image.outputs.sha_short }}" | |
# else | |
# suffix="" | |
# fi | |
# prefix="hotfix-" | |
# gh release create ${prefix}${{ needs.build-and-push-image.outputs.version }}${suffix} --notes-start-tag ${{ needs.build-and-push-image.outputs.bumped_tag }} | |
# sentry: | |
# runs-on: ubuntu-latest | |
# needs: [release,build-and-push-image] | |
# env: | |
# GH_TOKEN: ${{ github.token }} | |
# steps: | |
# - name: Checkout | |
# uses: actions/checkout@v4 | |
# # TODO: add caching for docker_full_image which build previously | |
# - name: Run Container and Copy File | |
# run: | | |
# id=$(docker run --rm --name tmp -d ${{ needs.build-and-push-image.outputs.docker_full_image }} tail -f /dev/null) | |
# mkdir -p ./dist | |
# docker cp $id:/app/dist/ ./dist | |
# curl -sL https://sentry.io/get-cli/ | SENTRY_CLI_VERSION="2.31.0" bash | |
# sentry-cli releases new "${{needs.build-and-push-image.outputs.version}}" | |
# echo "sentry-cli releases new ${{needs.build-and-push-image.outputs.version}}" | |
# sentry-cli releases set-commits "${{needs.build-and-push-image.outputs.version}}" --auto --ignore-missing | |
# echo "sentry-cli releases set-commits ${{needs.build-and-push-image.outputs.version}} --auto --ignore-missing" | |
# sentry-cli sourcemaps upload --dist="${{needs.build-and-push-image.outputs.sha_short}}" --release="${{needs.build-and-push-image.outputs.version}}" ./dist | |
# echo "sentry-cli sourcemaps upload --dist=${{needs.build-and-push-image.outputs.sha_short}} --release=${{needs.build-and-push-image.outputs.version}} ./dist" | |
# env: | |
# SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} | |
# SENTRY_ORG: ${{ secrets.SENTRY_ORG }} | |
# SENTRY_PROJECT: ${{ secrets.WF_SENTRY_PROJECT }} |