Promote #49
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Promote | |
| on: | |
| workflow_dispatch: | |
| env: | |
| IMAGE_NAME: teleservices/bookworm | |
| DEBIAN_VERSION: bookworm | |
| jobs: | |
| staging: | |
| environment: | |
| name: staging | |
| runs-on: | |
| group: self-hosted | |
| steps: | |
| - name: Build push prod image and notify | |
| uses: IMIO/gha/[email protected] | |
| with: | |
| IMAGE_NAME: ${{ env.IMAGE_NAME }} | |
| IMAGE_TAGS: | | |
| ${{ secrets.HARBOR_URL }}/${{ env.IMAGE_NAME }}:staging | |
| ${{ secrets.HARBOR_URL }}/${{ env.IMAGE_NAME }}:staging-${{ github.run_number }} | |
| REGISTRY_URL: ${{ secrets.HARBOR_URL }} | |
| REGISTRY_USERNAME: ${{ secrets.TELESERVICES_HARBOR_USERNAME }} | |
| REGISTRY_PASSWORD: ${{ secrets.TELESERVICES_HARBOR_PASSWORD }} | |
| MATTERMOST_WEBHOOK_URL: ${{ secrets.TELESERVICES_MATTERMOST_WEBHOOK_URL }} | |
| CONTEXT: 'teleservices' | |
| DOCKERFILE: 'teleservices/Dockerfile' | |
| BUILD_ARGS: 'DEBIAN_VERSION=${{ env.DEBIAN_VERSION }}' | |
| TARGET: 'prod-image' | |
| - name: Build push dev image and notify | |
| uses: IMIO/gha/[email protected] | |
| with: | |
| IMAGE_NAME: ${{ env.IMAGE_NAME }} | |
| IMAGE_TAGS: | | |
| ${{ secrets.HARBOR_URL }}/${{ env.IMAGE_NAME }}-test:staging | |
| ${{ secrets.HARBOR_URL }}/${{ env.IMAGE_NAME }}-test:staging-${{ github.run_number }} | |
| REGISTRY_URL: ${{ secrets.HARBOR_URL }} | |
| REGISTRY_USERNAME: ${{ secrets.TELESERVICES_HARBOR_USERNAME }} | |
| REGISTRY_PASSWORD: ${{ secrets.TELESERVICES_HARBOR_PASSWORD }} | |
| MATTERMOST_WEBHOOK_URL: ${{ secrets.TELESERVICES_MATTERMOST_WEBHOOK_URL }} | |
| CONTEXT: 'teleservices' | |
| DOCKERFILE: 'teleservices/Dockerfile' | |
| BUILD_ARGS: 'DEBIAN_VERSION=${{ env.DEBIAN_VERSION }}' | |
| TARGET: 'dev-image' | |
| - name: Install jq | |
| run: sudo apt-get update && sudo apt-get install -y jq | |
| - name: Restart staging instances | |
| uses: IMIO/gha/[email protected] | |
| with: | |
| RUNDECK_URL: ${{ secrets.RUNDECK_URL }} | |
| RUNDECK_TOKEN: ${{ secrets.TELESERVICES_RUNDECK_TOKEN }} | |
| RUNDECK_JOB_ID: ${{ secrets.RUNDECK_JOB_ID }} | |
| RUNDECK_PARAMETERS: '-F "filter=name ${{ vars.NODE_NAME }}"' | |
| MATTERMOST_WEBHOOK_URL: ${{ secrets.TELESERVICES_MATTERMOST_WEBHOOK_URL }} | |
| - name: Sleep 30s to let instances restart | |
| run: sleep 30 | |
| shell: bash | |
| - name: Test staging instance | |
| uses: IMIO/gha/[email protected] | |
| with: | |
| URL: ${{ secrets.STAGING_HEALTH_API_URL }} | |
| - name: Test staging services | |
| timeout-minutes: 5 | |
| run: | | |
| until curl -m 2 --output /dev/null --silent --fail '${{ secrets.STAGING_HEALTH_API_URL }}' | jq ' | |
| .data.passerelle.is_running | |
| and .data.portal.is_running | |
| and ".data.portal-agent.is_running" | |
| and .data.idp.is_running | |
| and .data.eservices.is_running | |
| and .data.agenda.is_running | |
| and .data.statistics.is_running' | |
| do | |
| sleep 3 | |
| echo 'Waiting until services are running on guichet-citoyen staging instance' | |
| done | |
| echo 'services are running on guichet-citoyen staging instance' | |
| - name : Send failure notification on Mattermost | |
| if: failure() | |
| run: | | |
| JOB_URL="$GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID" | |
| MESSAGE="Error : docker staging image $IMAGE_NAME has not been updated on registry. [Click here to see job on GitHub]($JOB_URL)" | |
| curl -i -X POST -H 'Content-Type: application/json' -d "{\"text\": \"$MESSAGE\"}" ${{ secrets.TELESERVICES_MATTERMOST_WEBHOOK_URL }} | |
| canary: | |
| needs: [staging] | |
| environment: | |
| name: canary | |
| timeout-minutes: 2880 | |
| runs-on: | |
| group: self-hosted | |
| steps: | |
| - name: Get tomorrow date | |
| run: echo "DEPLOY_DATE=$(date --date='01:00 tomorrow' +'%Y-%m-%dT%H:%M:%S%z')" >> $GITHUB_ENV | |
| - name: Tag prod image and notify | |
| uses: IMIO/gha/[email protected] | |
| with: | |
| IMAGE_NAME: ${{ env.IMAGE_NAME }} | |
| IMAGE_TAG: 'staging' | |
| NEW_IMAGE_TAGS: | | |
| latest | |
| latest-${{ github.run_number }} | |
| REGISTRY_URL: ${{ secrets.HARBOR_URL }} | |
| REGISTRY_USERNAME: ${{ secrets.TELESERVICES_HARBOR_USERNAME }} | |
| REGISTRY_PASSWORD: ${{ secrets.TELESERVICES_HARBOR_PASSWORD }} | |
| MATTERMOST_WEBHOOK_URL: ${{ secrets.TELESERVICES_MATTERMOST_WEBHOOK_URL }} | |
| - name: Tag test image and notify | |
| uses: IMIO/gha/[email protected] | |
| with: | |
| IMAGE_NAME: ${{ env.IMAGE_NAME }}-test | |
| IMAGE_TAG: 'staging' | |
| NEW_IMAGE_TAGS: | | |
| latest | |
| latest-${{ github.run_number }} | |
| REGISTRY_URL: ${{ secrets.HARBOR_URL }} | |
| REGISTRY_USERNAME: ${{ secrets.TELESERVICES_HARBOR_USERNAME }} | |
| REGISTRY_PASSWORD: ${{ secrets.TELESERVICES_HARBOR_PASSWORD }} | |
| MATTERMOST_WEBHOOK_URL: ${{ secrets.TELESERVICES_MATTERMOST_WEBHOOK_URL }} | |
| - name: Schedule restart of canary instances | |
| uses: IMIO/gha/[email protected] | |
| with: | |
| RUNDECK_URL: ${{ secrets.RUNDECK_URL }} | |
| RUNDECK_TOKEN: ${{ secrets.TELESERVICES_RUNDECK_TOKEN }} | |
| RUNDECK_JOB_ID: ${{ secrets.RUNDECK_JOB_ID }} | |
| RUNDECK_PARAMETERS: '-F "runAtTime=${{ env.DEPLOY_DATE }}" -F "filter=name ${{ vars.NODE_NAME }}"' | |
| MATTERMOST_WEBHOOK_URL: ${{ secrets.TELESERVICES_MATTERMOST_WEBHOOK_URL }} | |
| production: | |
| needs: [canary] | |
| environment: | |
| name: production | |
| timeout-minutes: 5760 | |
| runs-on: | |
| group: self-hosted | |
| steps: | |
| - name: Get tomorrow date | |
| run: echo "DEPLOY_DATE=$(date --date='01:00 tomorrow' +'%Y-%m-%dT%H:%M:%S%z')" >> $GITHUB_ENV | |
| - name: Schedule restart of prod instances | |
| uses: IMIO/gha/[email protected] | |
| with: | |
| RUNDECK_URL: ${{ secrets.RUNDECK_URL }} | |
| RUNDECK_TOKEN: ${{ secrets.TELESERVICES_RUNDECK_TOKEN }} | |
| RUNDECK_JOB_ID: ${{ secrets.RUNDECK_JOB_ID }} | |
| RUNDECK_PARAMETERS: '-F "runAtTime=${{ env.DEPLOY_DATE }}"' | |
| MATTERMOST_WEBHOOK_URL: ${{ secrets.TELESERVICES_MATTERMOST_WEBHOOK_URL }} |