Skip to content

Deploy road-registry to prd: 4.16.7 #150

Deploy road-registry to prd: 4.16.7

Deploy road-registry to prd: 4.16.7 #150

Workflow file for this run

name: 3. Deploy
run-name: 'Deploy road-registry to ${{ github.event.inputs.environment }}: ${{ github.event.inputs.version }}'
on:
workflow_dispatch:
inputs:
environment:
type: choice
description: Select the environment
options:
- tst
- stg
- prd
required: true
version:
description: Version
required: true
jobs:
deploy_start_slack:
if: github.repository_owner == 'Informatievlaanderen'
name: Deploy started
runs-on: ubuntu-latest
steps:
- name: Parse repository name
run: echo REPOSITORY_NAME=$(echo ""$GITHUB_REPOSITORY"" | awk -F / '{print $2}' | sed -e ""s/:refs//"") >> $GITHUB_ENV
shell: bash
- name: Notify deployment started
uses: slackapi/[email protected]
with:
channel-id: '#team-wegenregister-dev'
slack-message: Deployment of road-registry ${{ github.event.inputs.version }} to ${{ github.event.inputs.environment }} has started. View run at ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
env:
SLACK_BOT_TOKEN: ${{ secrets.VBR_SLACK_BOT_TOKEN }}
SLACK_CHANNEL: ${{ secrets.VBR_NOTIFIER_CHANNEL_NAME }}
REPOSITORY_NAME: ${{ env.REPOSITORY_NAME }}
deploy_services:
if: github.repository_owner == 'Informatievlaanderen'
needs: [deploy_start_slack]
name: Deploy services
runs-on: ubuntu-latest
strategy:
matrix:
services: [
'road-backoffice-api',
'road-backoffice-commandhost',
'road-backoffice-eventhost',
'road-backoffice-extracthost',
'road-backoffice-ui',
'road-editor-projectionhost',
'road-producer-snapshot-projectionhost',
'road-product-projectionhost',
'road-projector',
'road-synchost',
'road-wfs-projectionhost',
'road-wms-projectionhost'
]
steps:
- name: CD services
env:
BUILD_URL: ${{ vars.VBR_AWS_BUILD_API_DEVOPS }}/${{matrix.services}}
STATUS_URL: ${{ vars.VBR_AWS_BUILD_STATUS_API_DEVOPS }}/${{matrix.services}}
uses: informatievlaanderen/awscurl-polling-action/polling-action@main
with:
environment: ${{ github.event.inputs.environment }}
version: ${{ github.event.inputs.version }}
status-url: $STATUS_URL
deploy-url: $BUILD_URL
access-key: ${{ secrets.VBR_AWS_ACCESS_KEY_ID_DEVOPS }}
secret-key: ${{ secrets.VBR_AWS_SECRET_ACCESS_KEY_DEVOPS }}
interval: 2
deploy-target: 'agb_ecs_service'
domain: 'basisregisters'
project: 'basisregisters'
- name: Output CD services
shell: bash
run: |
echo build-uuid: ${{ steps.awscurl-polling-action.outputs.build-uuid }}
echo Status: ${{ steps.awscurl-polling-action.outputs.status }}
echo ${{ steps.awscurl-polling-action.outputs.final-message }}
deploy_tasks:
if: github.repository_owner == 'Informatievlaanderen'
needs: [deploy_start_slack]
name: Deploy tasks
runs-on: ubuntu-latest
strategy:
matrix:
services: [
'road-adminhost',
'road-jobs-processor'
]
steps:
- name: CD services
env:
BUILD_URL: ${{ vars.VBR_AWS_BUILD_API_DEVOPS }}/${{matrix.services}}
STATUS_URL: ${{ vars.VBR_AWS_BUILD_STATUS_API_DEVOPS }}/${{matrix.services}}
uses: informatievlaanderen/awscurl-polling-action/polling-action@main
with:
environment: ${{ github.event.inputs.environment }}
version: ${{ github.event.inputs.version }}
status-url: $STATUS_URL
deploy-url: $BUILD_URL
access-key: ${{ secrets.VBR_AWS_ACCESS_KEY_ID_DEVOPS }}
secret-key: ${{ secrets.VBR_AWS_SECRET_ACCESS_KEY_DEVOPS }}
interval: 2
deploy-target: 'ecs_scheduled_task'
domain: 'basisregisters'
project: 'basisregisters'
- name: Output CD tasks
shell: bash
run: |
echo build-uuid: ${{ steps.awscurl-polling-action.outputs.build-uuid }}
echo Status: ${{ steps.awscurl-polling-action.outputs.status }}
echo ${{ steps.awscurl-polling-action.outputs.final-message }}
deploy_lambda:
if: github.repository_owner == 'Informatievlaanderen' && github.event.inputs.environment != 'prd'
needs: [deploy_services, deploy_tasks]
name: Deploy lambda(s)
runs-on: ubuntu-latest
strategy:
matrix:
functions: [
'rr-sqsbackofficefunction',
'rr-sqssnapshotfunction'
]
steps:
- name: Promote Lambda
uses: Informatievlaanderen/build-pipeline/.github/actions/deploy-lambda@main
with:
function-name: ${{ matrix.functions }}
deploy-url: ${{ vars.VBR_AWS_DEPLOY_LAMBDA_DEVOPS_BASEURL }}
access-key-id: ${{ secrets.VBR_AWS_ACCESS_KEY_ID_DEVOPS }}
secret-access-key-id: ${{ secrets.VBR_AWS_SECRET_ACCESS_KEY_DEVOPS }}
region: ${{ secrets.VBR_AWS_REGION_PRD }}
version: ${{ github.event.inputs.version }}
environment: ${{ github.event.inputs.environment }}
deploy_lambda_prd:
if: github.repository_owner == 'Informatievlaanderen' && github.event.inputs.environment == 'prd'
needs: [deploy_services, deploy_tasks]
name: Deploy lambda(s)
runs-on: ubuntu-latest
steps:
- name: CD Lambda(s) Configure credentials
uses: aws-actions/[email protected]
with:
aws-access-key-id: ${{ github.event.inputs.environment == 'tst' && secrets.VBR_AWS_ACCESS_KEY_ID_DEVOPS || github.event.inputs.environment == 'stg' && secrets.VBR_AWS_ACCESS_KEY_ID_DEVOPS || github.event.inputs.environment == 'prd' && secrets.VBR_AWS_ACCESS_KEY_ID_NEWPRD || ''}}
aws-secret-access-key: ${{ github.event.inputs.environment == 'tst' && secrets.VBR_AWS_SECRET_ACCESS_KEY_DEVOPS || github.event.inputs.environment == 'stg' && secrets.VBR_AWS_SECRET_ACCESS_KEY_DEVOPS || github.event.inputs.environment == 'prd' && secrets.VBR_AWS_SECRET_ACCESS_KEY_NEWPRD || ''}}
aws-region: ${{ secrets.VBR_AWS_REGION_PRD }}
- name: Prepare Lambda(s)
shell: bash
run: |
aws s3 cp $S3_BASEURL-$FUNCTION_BACKOFFICE/$VERSION/lambda.zip $S3_BASEURL-$FUNCTION_BACKOFFICE/lambda.zip --copy-props none
aws s3 cp $S3_BASEURL-$FUNCTION_SNAPSHOT/$VERSION/lambda.zip $S3_BASEURL-$FUNCTION_SNAPSHOT/lambda.zip --copy-props none
env:
VERSION: ${{ github.event.inputs.version }}
S3_BASEURL: ${{ github.event.inputs.environment == 'tst' && 's3://s3-vbr-tst-basisregisters-lam' || github.event.inputs.environment == 'stg' && 's3://s3-vbr-stg-basisregisters-lam' || github.event.inputs.environment == 'prd' && 's3://077849980894-vbr-prd-lam' || '' }}
FUNCTION_BACKOFFICE: ${{ github.event.inputs.environment == 'tst' && 'rr-sqsbackofficefunction' || github.event.inputs.environment == 'stg' && 'rr-sqsbackofficefunction' || github.event.inputs.environment == 'prd' && 'rr-sqsbackoffice' || '' }}
FUNCTION_SNAPSHOT: ${{ github.event.inputs.environment == 'tst' && 'rr-sqssnapshotfunction' || github.event.inputs.environment == 'stg' && 'rr-sqssnapshotfunction' || github.event.inputs.environment == 'prd' && 'rr-sqssnapshot' || '' }}
- name: Promote Lambda(s)
shell: bash
run: |
docker pull ghcr.io/okigan/awscurl:latest
docker run --rm okigan/awscurl --access_key $ACCESS_KEY_ID --secret_key $SECRET_ACCESS_KEY_ID --region $REGION -X POST -d '{ "functionName": "'$FUNCTION_BACKOFFICE'", "project": "basisregisters", "domain": "basisregisters" }' $PROMOTEURL/$ENVIRONMENT
docker run --rm okigan/awscurl --access_key $ACCESS_KEY_ID --secret_key $SECRET_ACCESS_KEY_ID --region $REGION -X POST -d '{ "functionName": "'$FUNCTION_SNAPSHOT'", "project": "basisregisters", "domain": "basisregisters" }' $PROMOTEURL/$ENVIRONMENT
env:
ACCESS_KEY_ID: ${{ github.event.inputs.environment == 'tst' && secrets.VBR_AWS_ACCESS_KEY_ID_DEVOPS || github.event.inputs.environment == 'stg' && secrets.VBR_AWS_ACCESS_KEY_ID_DEVOPS || secrets.VBR_AWS_ACCESS_KEY_ID_TST }}
SECRET_ACCESS_KEY_ID: ${{ github.event.inputs.environment == 'tst' && secrets.VBR_AWS_SECRET_ACCESS_KEY_DEVOPS || github.event.inputs.environment == 'stg' && secrets.VBR_AWS_SECRET_ACCESS_KEY_DEVOPS || secrets.VBR_AWS_SECRET_ACCESS_KEY_TST }}
ENVIRONMENT: ${{ github.event.inputs.environment == 'tst' && 'tst' || github.event.inputs.environment == 'prd' && 'acc' || github.event.inputs.environment }}
REGION: ${{ secrets.VBR_AWS_REGION_PRD }}
PROMOTEURL: ${{ github.event.inputs.environment == 'tst' && vars.VBR_AWS_PROMOTE_LAMBDA_DEVOPS_BASEURL || github.event.inputs.environment == 'stg' && vars.VBR_AWS_PROMOTE_LAMBDA_DEVOPS_BASEURL || secrets.VBR_AWS_PROMOTE_LAMBDA_BASEURL }}
FUNCTION_BACKOFFICE: ${{ github.event.inputs.environment == 'tst' && 'rr-sqsbackofficefunction' || github.event.inputs.environment == 'stg' && 'rr-sqsbackofficefunction' || github.event.inputs.environment == 'prd' && 'rr-sqsbackofficefunction' || '' }}
FUNCTION_SNAPSHOT: ${{ github.event.inputs.environment == 'tst' && 'rr-sqssnapshotfunction' || github.event.inputs.environment == 'stg' && 'rr-sqssnapshotfunction' || github.event.inputs.environment == 'prd' && 'rr-sqssnapshotfunction' || '' }}
system_healthcheck:
needs: [ deploy_lambda, deploy_lambda_prd ]
if: ${{ github.repository_owner == 'Informatievlaanderen' && always() && (needs.deploy_lambda.result == 'success' || needs.deploy_lambda.result == 'skipped') && (needs.deploy_lambda_prd.result == 'success' || needs.deploy_lambda_prd.result == 'skipped') }}
name: System healthcheck
runs-on: ubuntu-latest
steps:
- name: Run
run: |
URL=$BACKOFFICE_API_URL/v1/system/healthcheck
aws configure set default.aws_access_key_id $ACCESS_KEY_ID
aws configure set default.aws_secret_access_key $SECRET_ACCESS_KEY_ID
aws configure set default.region $REGION
aws configure set default.role_session_name "Pipeline"
aws configure set region $REGION --profile cross-account
aws configure set role_arn arn:aws:iam::$ACCOUNT_ID:role/bastion-ssm-send-command --profile cross-account
aws configure set source_profile default --profile cross-account
echo $URL
COMMAND_ID=$(aws ssm send-command --profile cross-account --instance-id $INSTANCE_ID --document-name AWS-RunShellScript --parameters "{\"commands\":[\"#!/bin/bash\",\"curl -X POST $URL -H 'x-api-key: $ROAD_API_KEY' --fail\"]}" --query 'Command.CommandId' --output text)
for i in {1..120}
do
status=$(aws ssm get-command-invocation --profile cross-account --instance-id $INSTANCE_ID --command-id $COMMAND_ID --query 'Status' --output text)
if [[ "$status" == "Failed" ]]; then
exit 1
fi
echo $status
if [[ "$status" == "Success" ]]; then
break
fi
sleep 1
done
if [[ "$status" == "InProgress" ]]; then
echo "Timed out"
exit 1
fi
response=$(aws ssm get-command-invocation --profile cross-account --instance-id $INSTANCE_ID --command-id $COMMAND_ID --query 'StandardOutputContent' --output text)
echo "$response"
if echo "$response" | grep -q "unhealthy"; then
echo "System is unhealthy"
exit 1
fi
if echo "$response" | grep -q "healthy"; then
echo "System is healthy"
exit 0
fi
exit 1
shell: bash
env:
ACCESS_KEY_ID: ${{ secrets.VBR_AWS_ACCESS_KEY_ID_DEVOPS }}
SECRET_ACCESS_KEY_ID: ${{ secrets.VBR_AWS_SECRET_ACCESS_KEY_DEVOPS }}
REGION: ${{ secrets.VBR_AWS_REGION_PRD }}
INSTANCE_ID: ${{ github.event.inputs.environment == 'tst' && secrets.AWS_BASTION_ID_TST || github.event.inputs.environment == 'stg' && secrets.AWS_BASTION_ID_STG || secrets.AWS_BASTION_ID_PRD }}
ACCOUNT_ID: ${{ github.event.inputs.environment == 'tst' && secrets.AWS_ACCOUNT_ID_TST || github.event.inputs.environment == 'stg' && secrets.AWS_ACCOUNT_ID_STG || secrets.AWS_ACCOUNT_ID_PRD }}
BACKOFFICE_API_URL: ${{ github.event.inputs.environment == 'tst' && vars.BACKOFFICE_API_URL_TST || github.event.inputs.environment == 'stg' && vars.BACKOFFICE_API_URL_STG || vars.BACKOFFICE_API_URL_PRD }}
ROAD_API_KEY: ${{ secrets.HEALTHCHECK_APIKEY }}
deploy_finish_slack:
needs: [system_healthcheck]
if: ${{ github.repository_owner == 'Informatievlaanderen' && always() && needs.system_healthcheck.result == 'success' }}
name: Deploy finished
runs-on: ubuntu-latest
steps:
- name: Parse repository name
run: echo REPOSITORY_NAME=$(echo ""$GITHUB_REPOSITORY"" | awk -F / '{print $2}' | sed -e ""s/:refs//"") >> $GITHUB_ENV
shell: bash
- name: Notify deployment finished
uses: slackapi/[email protected]
with:
channel-id: '#team-wegenregister-dev'
slack-message: ":white_check_mark: Deployment of road-registry ${{ github.event.inputs.version }} to ${{ github.event.inputs.environment }} has finished."
env:
SLACK_BOT_TOKEN: ${{ secrets.VBR_SLACK_BOT_TOKEN }}
SLACK_CHANNEL: ${{ secrets.VBR_NOTIFIER_CHANNEL_NAME }}
REPOSITORY_NAME: ${{ env.REPOSITORY_NAME }}
deployment_notify_failure:
needs: [ system_healthcheck ]
if: ${{ github.repository_owner == 'Informatievlaanderen' && failure() }}
name: Notify deployment failed
runs-on: ubuntu-latest
steps:
- name: Notify deployment failed
id: slack
uses: slackapi/[email protected]
with:
channel-id: '#team-wegenregister-dev'
slack-message: ":x: Deployment of road-registry ${{ github.event.inputs.version }} to ${{ github.event.inputs.environment }} has failed. View run at ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"
env:
SLACK_BOT_TOKEN: ${{ secrets.VBR_SLACK_BOT_TOKEN }}
SLACK_CHANNEL: ${{ secrets.VBR_NOTIFIER_CHANNEL_NAME }}