promote #49
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: promote | |
concurrency: prod-${{ github.ref_name }} | |
on: | |
workflow_call: | |
workflow_dispatch: | |
jobs: | |
run-qa-dev: | |
# Dispatch the qa-dev workflow to validate main prior to promotion | |
runs-on: ubuntu-latest | |
env: | |
WAIT_INTERVAL: "60" | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Capture current timestamp | |
run: | | |
current_time=$(date --utc +%Y-%m-%dT%H:%M:%S+00:00) | |
echo "current_time=${current_time}" >> "$GITHUB_ENV" | |
- name: Dispatch the qa-dev workflow | |
run: | | |
curl -X POST \ | |
-H "Authorization: token ${{secrets.GITHUB_TOKEN}}" \ | |
-H "Accept: application/vnd.github.v3+json" \ | |
"https://api.github.com/repos/${{github.repository}}/actions/workflows/qa-dev.yml/dispatches" \ | |
-d '{"ref": "main", "inputs": {"deployment_size": "small", "pr_or_branch": "main"}}' | |
echo "Triggered qa-dev Workflow." | |
- name: Wait for qa-dev workflow to complete | |
timeout-minutes: 30 | |
run: | | |
check_status() { | |
runs=$(curl -s -H "Authorization: token ${{secrets.GITHUB_TOKEN}}" \ | |
-H "Accept: application/vnd.github.v3+json" \ | |
"https://api.github.com/repos/${{github.repository}}/actions/workflows/qa-dev.yml/runs?per_page=10") | |
latest_run=$(echo "$runs" | jq -r --arg timestamp "$current_time" \ | |
'.workflow_runs[] | select(.created_at >= $timestamp) | .') | |
status=$(echo "$latest_run" | jq -r '.status') | |
conclusion=$(echo "$latest_run" | jq -r '.conclusion') | |
echo "Workflow status: $status, conclusion: $conclusion" | |
if [[ "$status" == "completed" && "$conclusion" == "success" ]]; then | |
return 0 | |
elif [[ "$status" == "completed" && "$conclusion" != "success" ]]; then | |
echo "qa-dev workflow failed. For details, see https://github.com/nexodus-io/nexodus/actions/workflows/qa-dev.yml" | |
exit 1 | |
else | |
return 1 | |
fi | |
} | |
while ! check_status; do | |
echo "Waiting for qa-dev workflow to complete..." | |
sleep "$WAIT_INTERVAL" | |
done | |
update-prod: | |
# Sync prod with the QA ref | |
name: Update Production Deployment | |
runs-on: ubuntu-20.04 | |
needs: ["run-qa-dev"] | |
steps: | |
- name: Checkout the qa Tag | |
uses: actions/checkout@v4 | |
with: | |
ref: "qa" | |
token: ${{ secrets.GITHUB_TOKEN }} | |
- name: Promote to the prod Tag | |
shell: bash | |
run: | | |
git fetch --tags | |
git tag prod-previous prod --force | |
git tag prod --force | |
git push origin prod prod-previous --force | |
build-packages: | |
# Sync the agent binary in s3 /download with the prod promotion in the update-prod job | |
runs-on: ubuntu-latest | |
needs: ["run-qa-dev"] | |
steps: | |
- name: Checkout the qa Tag | |
uses: actions/checkout@v4 | |
with: | |
ref: "qa" | |
- name: Setup Go | |
uses: ./.github/actions/setup-go-env | |
- name: Build nexodus packages | |
id: build | |
shell: bash | |
run: | | |
NEXODUS_BUILD_PROFILE=prod make -j dist/packages | |
- name: Upload nexodus zip packages | |
uses: actions/upload-artifact@v4 | |
with: | |
name: nexodus-zip-packages | |
if-no-files-found: error | |
path: | | |
dist/packages/*.zip | |
- name: Upload nexodus tar.gz packages | |
uses: actions/upload-artifact@v4 | |
with: | |
name: nexodus-tar-packages | |
if-no-files-found: error | |
path: | | |
dist/packages/*.tar.gz | |
upload-s3-packages: | |
needs: ["build-packages"] | |
permissions: | |
id-token: write | |
contents: read | |
runs-on: ubuntu-latest | |
environment: image-repositories | |
steps: | |
- name: Download nexodus zip packages | |
uses: actions/download-artifact@v4 | |
with: | |
name: nexodus-zip-packages | |
path: dist/packages | |
- name: Download nexodus tar.gz packages | |
uses: actions/download-artifact@v4 | |
with: | |
name: nexodus-tar-packages | |
path: dist/packages | |
- name: Display structure of downloaded files | |
run: ls -lah -R | |
working-directory: dist/packages | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
role-to-assume: ${{ secrets.AWS_ROLE }} | |
role-session-name: nexodus-ci-deploy | |
aws-region: us-east-1 | |
- name: Copy binaries to S3 | |
run: | | |
aws s3 sync dist/packages s3://nexodus-io/download |