quickstart-aws-sql/.github/workflows/release.yml at main · bcgov/quickstart-aws-sql · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
name: PROD
on:
  release:
    types: [published]
  workflow_dispatch:
    inputs:
      containers_tag:
        description: 'The tag of the containers to deploy, if not provided, it will use the test tag'
        required: false
        default: 'test'
        type: string
concurrency:
  group: prod
  cancel-in-progress: false
# This concurrency group ensures that only one workflow runs at a time for the main branch.
permissions:
    id-token: write # This is required for requesting the JWT
    contents: write # This is required for actions/checkout
    packages: write
jobs:
  vars:
    name: Vars
    runs-on: ubuntu-24.04
    outputs:
      tag: ${{ steps.release.outputs.tag }}
      tags: ${{ steps.release.outputs.tags }}
      clean_changelog: ${{ steps.changelog.outputs.clean_changelog || '' }}
    steps:
      - uses: actions/checkout@v6
      - name: Conventional Changelog Update
        if: (github.event_name != 'release')
        uses: TriPSs/conventional-changelog-action@84dadaf2c367cb52af02737cd9c7e888807219e7 # v6
        id: changelog
        continue-on-error: true
        with:
          github-token: ${{ github.token }}
          output-file: "CHANGELOG.md"
          skip-version-file: "true"
          skip-on-empty: "false"
          skip-commit: "true"
          git-push: "true"
      - name: GitHub Release
        id: release
        shell: bash
        run: |
          # Determine the tag based on the event type
          tag=""
          version=""
          if [[ "${{ github.event_name }}" == "release" ]]; then
            echo "getting tag from release which was done manually in github"
            # remove all spaces and new lines from the tag name and make it lowercase.
            tag=$(echo "${{ github.event.release.tag_name }}" | tr -d ' \n\r\t' | tr '[:upper:]' '[:lower:]')
            version=$(echo "$tag" | sed 's/^v//') # Compute version as tag without the leading 'v'
          elif [[ "${{ github.event_name }}" == "workflow_dispatch" ]]; then
            echo "generating tag from workflow dispatch"
            # Generate tag from current timestamp or use a default
            tag=$(echo "${{ steps.changelog.outputs.tag}}" | tr -d ' \n\r\t' | tr '[:upper:]' '[:lower:]')
            version="${{ steps.changelog.outputs.version}}"
          else
            echo "unsupported event type: ${{ github.event_name }}"
            exit 1
          fi
          echo "tag=$tag" >> $GITHUB_OUTPUT
          echo "version=$version" >> $GITHUB_OUTPUT

          # Generate multiline tags output for retag-images step
          tags=$(printf "prod\n%s\n%s" "$version" "$tag")

          # Trim and set multiline outputs
          echo "tags<<EOF" >> $GITHUB_OUTPUT
          echo "$tags" | sed 's/^[[:space:]]*//;s/[[:space:]]*$//' >> $GITHUB_OUTPUT
          echo "EOF" >> $GITHUB_OUTPUT

  retag-images:
    name: Retag Images
    needs: [vars]
    runs-on: ubuntu-24.04
    strategy:
      matrix:
        package: [backend, migrations, frontend]
    steps:
      - name: retag
        uses: shrink/actions-docker-registry-tag@f04afd0559f66b288586792eb150f45136a927fa # v4
        with:
          registry: ghcr.io
          repository: ${{ github.repository }}/${{ matrix.package }}
          target:  ${{inputs.containers_tag || 'test'}} # this is the tag of the containers to deploy, defaults to test
          tags: |
            ${{ needs.vars.outputs.tags }}


  resume-resources:
    name: Resume Resources # This job resumes resources for the merged PR which is needed if the resources were paused.
    needs: [vars]
    uses: ./.github/workflows/resume-resources.yml
    with:
      app_env: prod
    secrets: inherit

  deploy:
    name: Deploy Stack
    needs: [vars, resume-resources, retag-images]
    uses: ./.github/workflows/.deploy_stack.yml
    secrets: inherit
    with:
      environment_name: prod
      command: apply
      tag: ${{ needs.vars.outputs.tag}} # this is the tag of the containers to deploy
      app_env: prod

  release:
    name: Github Release
    runs-on: ubuntu-24.04
    needs: [vars, deploy]
    if: (needs.vars.outputs.tag != '' && github.event_name != 'release')
    steps:
      - name: Create Release
        uses: softprops/action-gh-release@a06a81a03ee405af7f2048a818ed3f03bbf83c7b # v2
        if: ${{ needs.vars.outputs.tag != ''}}
        continue-on-error: true
        env:
          GITHUB_TOKEN: ${{ github.token }}
        with:
          token: ${{ github.token }}
          tag_name: ${{ needs.vars.outputs.tag }}
          name: ${{ needs.vars.outputs.tag }}
          body: ${{ needs.vars.outputs.clean_changelog }}

  pause-resources:
    name: Pause Resources # This job pauses resources for the merged PR which is needed if the resources were not paused, this is to save money, remove it after cloning.
    needs: [release]
    uses: ./.github/workflows/pause-resources.yml
    with:
      app_env: prod
    secrets: inherit