feat: add reusable GHA workflows

Create reusable workflows
department-of-veterans-affairs · Feb 8, 2022 · 8bdfaa7 · 8bdfaa7
2 parents ad6a636 + 81d8f75
commit 8bdfaa7
Show file tree

Hide file tree

Showing 4 changed files with 160 additions and 124 deletions.
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -1,99 +1,9 @@
-name: Release and Update Manifests
-
-on:
-  push:
-    branches:
-      - master
-  workflow_dispatch:
-    inputs:
-      environments:
-        description: "Cluster environments you would like to update wrapped in single quotes.
-		              Avalable options -> dev, staging, sandbox, utility, prod sandbox"
-        required: true
-
-env:
-  autoDeployEnvs: 'utility'
-
-jobs:
-  prepare-values:
-    runs-on: ubuntu-20.04
-    outputs:
-      environments: ${{ steps.set-environments.outputs.environments }}
-    steps:
-      - name: Set to auto deploy environments when not run via workflow dispatch
-        if: github.event.inputs.environments == ''
-        run: |
-         echo "triggered via schedule"
-         echo "environments=${{ env.autoDeployEnvs }}" >> $GITHUB_ENV
-      - name: Set to environments specified in input when run via workflow dispatch
-        if: github.event.inputs.environments != ''
-        run: |
-          echo "triggered via workflow dispatch"
-          echo "environments=${{ github.event.inputs.environments }}" >> $GITHUB_ENV
-      - name: Set output
-        id: set-environments
-        run: |
-          echo "::set-output name=environments::${{ env.environments }}"
-  release:
-    needs: [prepare-values]
-    if: github.ref == 'refs/heads/master'
-    runs-on: ubuntu-20.04
-    steps:
-      - uses: actions/checkout@v2
-      - name: Configure AWS Credentials
-        uses: aws-actions/configure-aws-credentials@v1
-        with:
-          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-          aws-region: "us-gov-west-1"
-      - name: Log into ECR
-        id: login-ecr
-        uses: aws-actions/amazon-ecr-login@v1
-      - name: Get bot token from Parameter Store
-        uses: marvinpinto/action-inject-ssm-secrets@latest
-        with:
-          ssm_parameter: /devops/VA_VSP_BOT_GITHUB_TOKEN
-          env_variable_name: VA_VSP_BOT_GITHUB_TOKEN
-      - name: Semantic Release
-        uses: cycjimmy/semantic-release-action@v2
-        id: semantic
-        env:
-          GITHUB_TOKEN: ${{ env.VA_VSP_BOT_GITHUB_TOKEN }}
-      - name: Install yq if needed
-        if: steps.semantic.outputs.new_release_published == 'true' || github.event.inputs.environments != ''
-        run: |
-          sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys CC86BB64
-          sudo add-apt-repository ppa:rmescandon/yq
-          sudo apt update
-          sudo apt install yq -y
-      - name: Check out Manifest Repo
-        uses: actions/checkout@v2
-        with:
-          repository: department-of-veterans-affairs/vsp-infra-application-manifests
-          token: ${{ env.VA_VSP_BOT_GITHUB_TOKEN }}
-          fetch-depth: 1
-          path: vsp-infra-application-manifests
-      - name: Update image name in Manifest repo
-        if: steps.semantic.outputs.new_release_published == 'true' || github.event.inputs.environments != ''
-        env:
-          ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
-          ECR_REPOSITORY: dsva/platform-console
-        run: |
-          cd vsp-infra-application-manifests/apps/vsp-tools-backend/platform-console-api
-          # Update platform-console image
-          envs=( ${{ needs.prepare-values.outputs.environments }} )
-          for env in ${envs[*]};
-          do
-            yq e -i '.spec.template.spec.containers.[0].image = "008577686731.dkr.ecr.us-gov-west-1.amazonaws.com/dsva/platform-console:platform-console-${{ github.sha }}"' $env/deployment.yml
-          done
-          git diff
-      - name: Add and Commit file
-        if: steps.semantic.outputs.new_release_published == 'true' || github.event.inputs.environments != ''
-        uses: EndBug/add-and-commit@v7
-        with:
-          branch: main
-          add: '*'
-          cwd: vsp-infra-application-manifests/apps/vsp-tools-backend/platform-console-api
-          author_name: va-vsp-bot
-          author_email: devops@va.gov
-          message: 'Release ${{ needs.prepare-values.outputs.environments }} for platform-console.'
+deploy:
+  uses: department-of-veterans-affairs/platform-console-api/.github/workflows/templates/deploy-template.yml@master
+  with:
+    ecr_repository: 'platform-console'
+    manifests_directory: 'vsp-tools-backend/platform-console-api'
+    auto_deploy_envs: 'utility'
+  secrets:
+    aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+    aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
diff --git a/.github/workflows/push-images.yml b/.github/workflows/push-images.yml
@@ -1,25 +1,7 @@
-name: Push image to ECR when changes are pushed to master
-
-on:
- push:
-   branches:
-     - master
- workflow_dispatch:
-
-jobs:
-  push-image:
-    runs-on: ubuntu-20.04
-    name: Push image to ECR
-    steps:
-      - uses: actions/checkout@v2
-      - name: Build and push argo images to ECR
-        uses: kciter/aws-ecr-action@v4
-        with:
-          access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-          account_id: '008577686731'
-          repo: dsva/platform-console
-          region: us-gov-west-1
-          tags: "platform-console-${{ github.sha }}"
-          dockerfile: Dockerfile
-          extra_build_args: "--build-arg RAILS_ENV=production"
+push-images:
+  uses: department-of-veterans-affairs/platform-console-api/.github/workflows/templates/push-images-template.yml@master
+  with:
+    ecr_repository: 'platform-console'
+  secrets:
+    aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+    aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
diff --git a/.github/workflows/templates/deploy-template.yml b/.github/workflows/templates/deploy-template.yml
@@ -0,0 +1,109 @@
+name: Release and Update Manifests
+
+on:
+  push:
+    branches:
+      - master
+
+  workflow_call:
+    inputs:
+      ecr_repository:
+        required: true #platform-console
+        type: string
+      manifests_directory:
+        required: true #vsp-tools-backend/platform-console-api
+        type: string
+      auto_deploy_envs:
+       required: true # utility
+       type: string
+    secrets:
+      aws_access_key_id: #${{ secrets.AWS_ACCESS_KEY_ID }}
+        required: true
+      aws_secret_access_key: #${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        required: true
+
+jobs:
+  prepare-values:
+    runs-on: ubuntu-20.04
+    outputs:
+      environments: ${{ steps.set-environments.outputs.environments }}
+    steps:
+      - name: Set to auto deploy environments on push to master
+        run: |
+         echo "triggered via schedule"
+         echo "environments=${{inputs.auto_deploy_envs}}" >> $GITHUB_ENV
+      - name: Set output
+        id: set-environments
+        run: |
+          echo "::set-output name=environments::${{ env.environments }}"
+  release:
+    needs: [prepare-values]
+    if: github.ref == 'refs/heads/master'
+    runs-on: ubuntu-20.04
+    steps:
+      - uses: actions/checkout@v2
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v1
+        with:
+          aws-access-key-id: ${{ secrets.aws_access_key_id }}
+          aws-secret-access-key: ${{ secrets.aws_secret_access_key }}
+          aws-region: "us-gov-west-1"
+
+      - name: Log into ECR
+        id: login-ecr
+        uses: aws-actions/amazon-ecr-login@v1
+
+      - name: Get bot token from Parameter Store
+        uses: marvinpinto/action-inject-ssm-secrets@latest
+        with:
+          ssm_parameter: /devops/VA_VSP_BOT_GITHUB_TOKEN
+          env_variable_name: VA_VSP_BOT_GITHUB_TOKEN
+
+      - name: Semantic Release
+        uses: cycjimmy/semantic-release-action@v2
+        id: semantic
+        env:
+          GITHUB_TOKEN: ${{ env.VA_VSP_BOT_GITHUB_TOKEN }}
+
+      - name: Install yq if needed
+        if: steps.semantic.outputs.new_release_published == 'true'
+        run: |
+          sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys CC86BB64
+          sudo add-apt-repository ppa:rmescandon/yq
+          sudo apt update
+          sudo apt install yq -y
+
+      - name: Check out Manifest Repo
+        uses: actions/checkout@v2
+        with:
+          repository: department-of-veterans-affairs/vsp-infra-application-manifests
+          token: ${{ env.VA_VSP_BOT_GITHUB_TOKEN }}
+          fetch-depth: 1
+          path: vsp-infra-application-manifests
+
+      - name: Update image name in Manifest repo
+        if: steps.semantic.outputs.new_release_published == 'true'
+        env:
+          ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
+          ECR_REPOSITORY: dsva/${{inputs.ecr_repository}}
+        run: |
+          cd vsp-infra-application-manifests/apps/${{inputs.manifests_directory}}
+          # Update ecr image
+          envs=( ${{ needs.prepare-values.outputs.environments }} )
+          for env in ${envs[*]};
+          do
+
+            yq e -i '.spec.template.spec.containers.[0].image = "008577686731.dkr.ecr.us-gov-west-1.amazonaws.com/dsva/${{inputs.ecr_repository}}:${{inputs.ecr_repository}}-${{ github.sha }}"' $env/deployment.yml
+          done
+          git diff
+
+      - name: Add and Commit file
+        if: steps.semantic.outputs.new_release_published == 'true'
+        uses: EndBug/add-and-commit@v7
+        with:
+          branch: main
+          add: '*'
+          cwd: vsp-infra-application-manifests/apps/${{inputs.manifests_directory}}
+          author_name: va-vsp-bot
+          author_email: devops@va.gov
+          message: 'Release ${{ needs.prepare-values.outputs.environments }} for ${{inputs.ecr_repository}}.'
diff --git a/.github/workflows/templates/push-image-template.yml b/.github/workflows/templates/push-image-template.yml
@@ -0,0 +1,35 @@
+name: Push image to ECR when changes are pushed to master
+
+on:
+ push:
+   branches:
+     - master
+
+ workflow_call:
+   inputs:
+     repository:
+       required: true #platform-console
+       type: string
+    secrets:
+      aws_access_key_id: #${{ secrets.AWS_ACCESS_KEY_ID }}
+        required: true
+      aws_secret_access_key: #${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        required: true
+
+jobs:
+  push-image:
+    runs-on: ubuntu-20.04
+    name: Push image to ECR
+    steps:
+      - uses: actions/checkout@v2
+      - name: Build and push argo images to ECR
+        uses: kciter/aws-ecr-action@v4
+        with:
+          access_key_id: ${{ secrets.aws_access_key_id }}
+          secret_access_key: ${{ secrets.aws_secret_access_key }}
+          account_id: '008577686731'
+          repo: dsva/${{inputs.ecr_repository}}
+          region: us-gov-west-1
+          tags: "${{inputs.ecr_repository}}-${{ github.sha }}"
+          dockerfile: Dockerfile
+          extra_build_args: "--build-arg RAILS_ENV=production"