Deploy road-registry to prd: 4.21.6 #168
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: 3. Deploy | |
| run-name: 'Deploy road-registry to ${{ github.event.inputs.environment }}: ${{ github.event.inputs.version }}' | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| environment: | |
| type: choice | |
| description: Select the environment | |
| options: | |
| - tst | |
| - stg | |
| - prd | |
| required: true | |
| version: | |
| description: Version | |
| required: true | |
| jobs: | |
| deploy_start_slack: | |
| if: github.repository_owner == 'Informatievlaanderen' | |
| name: Deploy started | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Parse repository name | |
| run: echo REPOSITORY_NAME=$(echo ""$GITHUB_REPOSITORY"" | awk -F / '{print $2}' | sed -e ""s/:refs//"") >> $GITHUB_ENV | |
| shell: bash | |
| - name: Notify deployment started | |
| uses: slackapi/slack-github-action@v1.25.0 | |
| with: | |
| channel-id: '#team-wegenregister-dev' | |
| slack-message: Deployment of road-registry ${{ github.event.inputs.version }} to ${{ github.event.inputs.environment }} has started. View run at ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} | |
| env: | |
| SLACK_BOT_TOKEN: ${{ secrets.VBR_SLACK_BOT_TOKEN }} | |
| SLACK_CHANNEL: ${{ secrets.VBR_NOTIFIER_CHANNEL_NAME }} | |
| REPOSITORY_NAME: ${{ env.REPOSITORY_NAME }} | |
| deploy_services: | |
| if: github.repository_owner == 'Informatievlaanderen' | |
| needs: [deploy_start_slack] | |
| name: Deploy services | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| services: [ | |
| 'road-backoffice-api', | |
| 'road-backoffice-commandhost', | |
| 'road-backoffice-eventhost', | |
| 'road-backoffice-extracthost', | |
| 'road-backoffice-ui', | |
| 'road-editor-projectionhost', | |
| 'road-producer-snapshot-projectionhost', | |
| 'road-product-projectionhost', | |
| 'road-projector', | |
| 'road-synchost', | |
| 'road-wfs-projectionhost', | |
| 'road-wms-projectionhost' | |
| ] | |
| steps: | |
| - name: CD services | |
| env: | |
| BUILD_URL: ${{ vars.VBR_AWS_BUILD_API_DEVOPS }}/${{matrix.services}} | |
| STATUS_URL: ${{ vars.VBR_AWS_BUILD_STATUS_API_DEVOPS }}/${{matrix.services}} | |
| uses: informatievlaanderen/awscurl-polling-action/polling-action@main | |
| with: | |
| environment: ${{ github.event.inputs.environment }} | |
| version: ${{ github.event.inputs.version }} | |
| status-url: $STATUS_URL | |
| deploy-url: $BUILD_URL | |
| access-key: ${{ secrets.VBR_AWS_ACCESS_KEY_ID_DEVOPS }} | |
| secret-key: ${{ secrets.VBR_AWS_SECRET_ACCESS_KEY_DEVOPS }} | |
| interval: 2 | |
| deploy-target: 'agb_ecs_service' | |
| domain: 'basisregisters' | |
| project: 'basisregisters' | |
| - name: Output CD services | |
| shell: bash | |
| run: | | |
| echo build-uuid: ${{ steps.awscurl-polling-action.outputs.build-uuid }} | |
| echo Status: ${{ steps.awscurl-polling-action.outputs.status }} | |
| echo ${{ steps.awscurl-polling-action.outputs.final-message }} | |
| deploy_tasks: | |
| if: github.repository_owner == 'Informatievlaanderen' | |
| needs: [deploy_start_slack] | |
| name: Deploy tasks | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| services: [ | |
| 'road-adminhost', | |
| 'road-jobs-processor' | |
| ] | |
| steps: | |
| - name: CD services | |
| env: | |
| BUILD_URL: ${{ vars.VBR_AWS_BUILD_API_DEVOPS }}/${{matrix.services}} | |
| STATUS_URL: ${{ vars.VBR_AWS_BUILD_STATUS_API_DEVOPS }}/${{matrix.services}} | |
| uses: informatievlaanderen/awscurl-polling-action/polling-action@main | |
| with: | |
| environment: ${{ github.event.inputs.environment }} | |
| version: ${{ github.event.inputs.version }} | |
| status-url: $STATUS_URL | |
| deploy-url: $BUILD_URL | |
| access-key: ${{ secrets.VBR_AWS_ACCESS_KEY_ID_DEVOPS }} | |
| secret-key: ${{ secrets.VBR_AWS_SECRET_ACCESS_KEY_DEVOPS }} | |
| interval: 2 | |
| deploy-target: 'ecs_scheduled_task' | |
| domain: 'basisregisters' | |
| project: 'basisregisters' | |
| - name: Output CD tasks | |
| shell: bash | |
| run: | | |
| echo build-uuid: ${{ steps.awscurl-polling-action.outputs.build-uuid }} | |
| echo Status: ${{ steps.awscurl-polling-action.outputs.status }} | |
| echo ${{ steps.awscurl-polling-action.outputs.final-message }} | |
| deploy_lambda: | |
| if: github.repository_owner == 'Informatievlaanderen' && github.event.inputs.environment != 'prd' | |
| needs: [deploy_services, deploy_tasks] | |
| name: Deploy lambda(s) | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| functions: [ | |
| 'rr-sqsbackofficefunction', | |
| 'rr-sqssnapshotfunction' | |
| ] | |
| steps: | |
| - name: Promote Lambda | |
| uses: Informatievlaanderen/build-pipeline/.github/actions/deploy-lambda-v4@main | |
| with: | |
| function-name: ${{ matrix.functions }} | |
| deploy-url: ${{ vars.VBR_AWS_DEPLOY_LAMBDA_DEVOPS_BASEURL }} | |
| access-key-id: ${{ secrets.VBR_AWS_ACCESS_KEY_ID_DEVOPS }} | |
| secret-access-key-id: ${{ secrets.VBR_AWS_SECRET_ACCESS_KEY_DEVOPS }} | |
| region: ${{ secrets.VBR_AWS_REGION_PRD }} | |
| version: ${{ github.event.inputs.version }} | |
| environment: ${{ github.event.inputs.environment }} | |
| deploy_lambda_prd: | |
| if: github.repository_owner == 'Informatievlaanderen' && github.event.inputs.environment == 'prd' | |
| needs: [deploy_services, deploy_tasks] | |
| name: Deploy lambda(s) prd | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: CD Lambda(s) Configure credentials | |
| uses: aws-actions/configure-aws-credentials@v4.0.2 | |
| with: | |
| aws-access-key-id: ${{ github.event.inputs.environment == 'tst' && secrets.VBR_AWS_ACCESS_KEY_ID_DEVOPS || github.event.inputs.environment == 'stg' && secrets.VBR_AWS_ACCESS_KEY_ID_DEVOPS || github.event.inputs.environment == 'prd' && secrets.VBR_AWS_ACCESS_KEY_ID_NEWPRD || ''}} | |
| aws-secret-access-key: ${{ github.event.inputs.environment == 'tst' && secrets.VBR_AWS_SECRET_ACCESS_KEY_DEVOPS || github.event.inputs.environment == 'stg' && secrets.VBR_AWS_SECRET_ACCESS_KEY_DEVOPS || github.event.inputs.environment == 'prd' && secrets.VBR_AWS_SECRET_ACCESS_KEY_NEWPRD || ''}} | |
| aws-region: ${{ secrets.VBR_AWS_REGION_PRD }} | |
| - name: Prepare Lambda(s) | |
| shell: bash | |
| run: | | |
| aws s3 cp $S3_BASEURL-$FUNCTION_BACKOFFICE/$VERSION/lambda.zip $S3_BASEURL-$FUNCTION_BACKOFFICE/lambda.zip --copy-props none | |
| aws s3 cp $S3_BASEURL-$FUNCTION_SNAPSHOT/$VERSION/lambda.zip $S3_BASEURL-$FUNCTION_SNAPSHOT/lambda.zip --copy-props none | |
| env: | |
| VERSION: ${{ github.event.inputs.version }} | |
| S3_BASEURL: ${{ github.event.inputs.environment == 'tst' && 's3://s3-vbr-tst-basisregisters-lam' || github.event.inputs.environment == 'stg' && 's3://s3-vbr-stg-basisregisters-lam' || github.event.inputs.environment == 'prd' && 's3://077849980894-vbr-prd-lam' || '' }} | |
| FUNCTION_BACKOFFICE: ${{ github.event.inputs.environment == 'tst' && 'rr-sqsbackofficefunction' || github.event.inputs.environment == 'stg' && 'rr-sqsbackofficefunction' || github.event.inputs.environment == 'prd' && 'rr-sqsbackoffice' || '' }} | |
| FUNCTION_SNAPSHOT: ${{ github.event.inputs.environment == 'tst' && 'rr-sqssnapshotfunction' || github.event.inputs.environment == 'stg' && 'rr-sqssnapshotfunction' || github.event.inputs.environment == 'prd' && 'rr-sqssnapshot' || '' }} | |
| - name: Promote Lambda(s) | |
| shell: bash | |
| run: | | |
| docker pull ghcr.io/okigan/awscurl:latest | |
| docker run --rm okigan/awscurl --access_key $ACCESS_KEY_ID --secret_key $SECRET_ACCESS_KEY_ID --region $REGION -X POST -d '{ "functionName": "'$FUNCTION_BACKOFFICE'", "project": "basisregisters", "domain": "basisregisters" }' $PROMOTEURL/$ENVIRONMENT | |
| docker run --rm okigan/awscurl --access_key $ACCESS_KEY_ID --secret_key $SECRET_ACCESS_KEY_ID --region $REGION -X POST -d '{ "functionName": "'$FUNCTION_SNAPSHOT'", "project": "basisregisters", "domain": "basisregisters" }' $PROMOTEURL/$ENVIRONMENT | |
| env: | |
| ACCESS_KEY_ID: ${{ github.event.inputs.environment == 'tst' && secrets.VBR_AWS_ACCESS_KEY_ID_DEVOPS || github.event.inputs.environment == 'stg' && secrets.VBR_AWS_ACCESS_KEY_ID_DEVOPS || secrets.VBR_AWS_ACCESS_KEY_ID_TST }} | |
| SECRET_ACCESS_KEY_ID: ${{ github.event.inputs.environment == 'tst' && secrets.VBR_AWS_SECRET_ACCESS_KEY_DEVOPS || github.event.inputs.environment == 'stg' && secrets.VBR_AWS_SECRET_ACCESS_KEY_DEVOPS || secrets.VBR_AWS_SECRET_ACCESS_KEY_TST }} | |
| ENVIRONMENT: ${{ github.event.inputs.environment == 'tst' && 'tst' || github.event.inputs.environment == 'prd' && 'acc' || github.event.inputs.environment }} | |
| REGION: ${{ secrets.VBR_AWS_REGION_PRD }} | |
| PROMOTEURL: ${{ github.event.inputs.environment == 'tst' && vars.VBR_AWS_PROMOTE_LAMBDA_DEVOPS_BASEURL || github.event.inputs.environment == 'stg' && vars.VBR_AWS_PROMOTE_LAMBDA_DEVOPS_BASEURL || secrets.VBR_AWS_PROMOTE_LAMBDA_BASEURL }} | |
| FUNCTION_BACKOFFICE: ${{ github.event.inputs.environment == 'tst' && 'rr-sqsbackofficefunction' || github.event.inputs.environment == 'stg' && 'rr-sqsbackofficefunction' || github.event.inputs.environment == 'prd' && 'rr-sqsbackofficefunction' || '' }} | |
| FUNCTION_SNAPSHOT: ${{ github.event.inputs.environment == 'tst' && 'rr-sqssnapshotfunction' || github.event.inputs.environment == 'stg' && 'rr-sqssnapshotfunction' || github.event.inputs.environment == 'prd' && 'rr-sqssnapshotfunction' || '' }} | |
| system_healthcheck: | |
| needs: [ deploy_lambda, deploy_lambda_prd ] | |
| if: ${{ github.repository_owner == 'Informatievlaanderen' && always() && (needs.deploy_lambda.result == 'success' || needs.deploy_lambda.result == 'skipped') && (needs.deploy_lambda_prd.result == 'success' || needs.deploy_lambda_prd.result == 'skipped') }} | |
| name: System healthcheck | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Run | |
| run: | | |
| URL=$BACKOFFICE_API_URL/v1/system/healthcheck | |
| aws configure set default.aws_access_key_id $ACCESS_KEY_ID | |
| aws configure set default.aws_secret_access_key $SECRET_ACCESS_KEY_ID | |
| aws configure set default.region $REGION | |
| aws configure set default.role_session_name "Pipeline" | |
| aws configure set region $REGION --profile cross-account | |
| aws configure set role_arn arn:aws:iam::$ACCOUNT_ID:role/bastion-ssm-send-command --profile cross-account | |
| aws configure set source_profile default --profile cross-account | |
| CALLER_IDENTITY=$(aws sts get-caller-identity --profile cross-account --instance-id $INSTANCE_ID --output text) | |
| echo "CallerIdentity: $CALLER_IDENTITY" | |
| echo $URL | |
| COMMAND_ID=$(aws ssm send-command --profile cross-account --instance-id $INSTANCE_ID --document-name AWS-RunShellScript --parameters "{\"commands\":[\"#!/bin/bash\",\"curl -X POST $URL -H 'x-api-key: $ROAD_API_KEY' --fail\"]}" --query 'Command.CommandId' --output text) | |
| for i in {1..120} | |
| do | |
| status=$(aws ssm get-command-invocation --profile cross-account --instance-id $INSTANCE_ID --command-id $COMMAND_ID --query 'Status' --output text) | |
| if [[ "$status" == "Failed" ]]; then | |
| exit 1 | |
| fi | |
| echo $status | |
| if [[ "$status" == "Success" ]]; then | |
| break | |
| fi | |
| sleep 1 | |
| done | |
| if [[ "$status" == "InProgress" ]]; then | |
| echo "Timed out" | |
| exit 1 | |
| fi | |
| response=$(aws ssm get-command-invocation --profile cross-account --instance-id $INSTANCE_ID --command-id $COMMAND_ID --query 'StandardOutputContent' --output text) | |
| echo "$response" | |
| if echo "$response" | grep -q "unhealthy"; then | |
| echo "System is unhealthy" | |
| exit 1 | |
| fi | |
| if echo "$response" | grep -q "healthy"; then | |
| echo "System is healthy" | |
| exit 0 | |
| fi | |
| exit 1 | |
| shell: bash | |
| env: | |
| ACCESS_KEY_ID: ${{ secrets.VBR_AWS_ACCESS_KEY_ID_DEVOPS }} | |
| SECRET_ACCESS_KEY_ID: ${{ secrets.VBR_AWS_SECRET_ACCESS_KEY_DEVOPS }} | |
| REGION: ${{ secrets.VBR_AWS_REGION_PRD }} | |
| INSTANCE_ID: ${{ github.event.inputs.environment == 'tst' && secrets.AWS_BASTION_ID_TST || github.event.inputs.environment == 'stg' && secrets.AWS_BASTION_ID_STG || secrets.AWS_BASTION_ID_PRD }} | |
| ACCOUNT_ID: ${{ github.event.inputs.environment == 'tst' && secrets.AWS_ACCOUNT_ID_TST || github.event.inputs.environment == 'stg' && secrets.AWS_ACCOUNT_ID_STG || secrets.AWS_ACCOUNT_ID_PRD }} | |
| BACKOFFICE_API_URL: ${{ github.event.inputs.environment == 'tst' && vars.BACKOFFICE_API_URL_TST || github.event.inputs.environment == 'stg' && vars.BACKOFFICE_API_URL_STG || vars.BACKOFFICE_API_URL_PRD }} | |
| ROAD_API_KEY: ${{ secrets.HEALTHCHECK_APIKEY }} | |
| deploy_finish_slack: | |
| needs: [system_healthcheck] | |
| if: ${{ github.repository_owner == 'Informatievlaanderen' && always() && needs.system_healthcheck.result == 'success' }} | |
| name: Notify deployment succeeded | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Parse repository name | |
| run: echo REPOSITORY_NAME=$(echo ""$GITHUB_REPOSITORY"" | awk -F / '{print $2}' | sed -e ""s/:refs//"") >> $GITHUB_ENV | |
| shell: bash | |
| - name: Notify deployment succeeded | |
| uses: slackapi/slack-github-action@v1.25.0 | |
| with: | |
| channel-id: '#team-wegenregister-dev' | |
| slack-message: ":white_check_mark: Deployment of road-registry ${{ github.event.inputs.version }} to ${{ github.event.inputs.environment }} has finished." | |
| env: | |
| SLACK_BOT_TOKEN: ${{ secrets.VBR_SLACK_BOT_TOKEN }} | |
| SLACK_CHANNEL: ${{ secrets.VBR_NOTIFIER_CHANNEL_NAME }} | |
| REPOSITORY_NAME: ${{ env.REPOSITORY_NAME }} | |
| deployment_notify_failure: | |
| needs: [ system_healthcheck ] | |
| if: ${{ github.repository_owner == 'Informatievlaanderen' && failure() }} | |
| name: Notify deployment failed | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Notify deployment failed | |
| id: slack | |
| uses: slackapi/slack-github-action@v1.25.0 | |
| with: | |
| channel-id: '#team-wegenregister-dev' | |
| slack-message: ":x: Deployment of road-registry ${{ github.event.inputs.version }} to ${{ github.event.inputs.environment }} has failed. View run at ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" | |
| env: | |
| SLACK_BOT_TOKEN: ${{ secrets.VBR_SLACK_BOT_TOKEN }} | |
| SLACK_CHANNEL: ${{ secrets.VBR_NOTIFIER_CHANNEL_NAME }} |