Skip to content
0 [on_dispatch/CD] Create hotfix release

Create a hotfix release from refs/heads/maint/v379 #391

Sign in to view logs

Create a hotfix release from refs/heads/maint/v379

Create a hotfix release from refs/heads/maint/v379 #391

Workflow file for this run

.github/workflows/dev_on_dispatch_release_build_hotfix.yml at da1368b
name: "0 [on_dispatch/CD] Create hotfix release"
run-name: "Create a hotfix release from ${{ github.ref }}"
on:
workflow_dispatch
permissions: write-all
jobs:
check-worflow-ref:
name: "Check worflow ref"
runs-on: ubuntu-22.04
steps:
- name: Check worflow ref
run: |
if ! [[ ${{ github.ref }} == refs/heads/maint/v* ]]; then
echo "This workflow can only be triggered from a maintenance branch (starting with 'maint/v')"
exit 1
fi
find-hotfix-tag-number:
# Find the next hotfix version available
# Example: given branch maint/v200 and existing tags v200.0.0, v200.0.1 then output == 200.0.2
name: "Find hotfix tag number"
needs: check-worflow-ref
runs-on: ubuntu-22.04
outputs:
hotfixTagNumber: ${{ steps.find-hotfix-tag-number.outputs.hotfixTagNumber }}
steps:
- name: "Checkout 🛎️"
uses: actions/checkout@v6
with:
persist-credentials: false
fetch-depth: 0 # Fetch all history to get all tags
- name: "Find hotfix tag number"
id: "find-hotfix-tag-number"
run: |
GITHUB_REF=${{ github.ref }}
MAJOR_NUMBER=(${GITHUB_REF//refs\/heads\/maint\/v/ })
CURRENT_PATCH_NUMBER=$(git tag -l "v${MAJOR_NUMBER}.0.*" | sort -V | tail -n 1 | cut -d. -f3)
NEXT_PATCH_NUMBER=$((CURRENT_PATCH_NUMBER + 1))
echo "hotfixTagNumber=${MAJOR_NUMBER}.0.${NEXT_PATCH_NUMBER}" | tee -a $GITHUB_OUTPUT
build-and-tag-version:
name: "Build and tag version"
needs: find-hotfix-tag-number
uses: ./.github/workflows/dev_on_workflow_build_and_tag.yml
secrets:
GCP_EHP_SERVICE_ACCOUNT: ${{ secrets.GCP_EHP_SERVICE_ACCOUNT }}
GCP_EHP_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.GCP_EHP_WORKLOAD_IDENTITY_PROVIDER }}
with:
base_ref: ${{ github.ref }}
tag_number: ${{ needs.find-hotfix-tag-number.outputs.hotfixTagNumber }}
base_ref_is_a_branch: true
create-pro-staging-release:
name: "Pro staging"
needs: [build-and-tag-version, find-hotfix-tag-number]
uses: ./.github/workflows/dev_on_workflow_deploy_pro_pr_version_generic.yml
secrets:
GCP_EHP_SERVICE_ACCOUNT: ${{ secrets.GCP_EHP_SERVICE_ACCOUNT }}
GCP_EHP_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.GCP_EHP_WORKLOAD_IDENTITY_PROVIDER }}
with:
ENV: "staging"
CHANNEL: "${{ needs.find-hotfix-tag-number.outputs.hotfixTagNumber }}"
EXPIRES: "30d"
PUSH_RELEASE_TO_SENTRY: true
REF: v${{ needs.find-hotfix-tag-number.outputs.hotfixTagNumber }}
CACHE_BUCKET_NAME: "passculture-infra-prod-github-runner-cache"
create-pro-integration-release:
name: "Pro integration"
needs: [build-and-tag-version, find-hotfix-tag-number]
uses: ./.github/workflows/dev_on_workflow_deploy_pro_pr_version_generic.yml
secrets:
GCP_EHP_SERVICE_ACCOUNT: ${{ secrets.GCP_EHP_SERVICE_ACCOUNT }}
GCP_EHP_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.GCP_EHP_WORKLOAD_IDENTITY_PROVIDER }}
with:
ENV: "integration"
CHANNEL: "${{ needs.find-hotfix-tag-number.outputs.hotfixTagNumber }}"
EXPIRES: "30d"
REF: v${{ needs.find-hotfix-tag-number.outputs.hotfixTagNumber }}
CACHE_BUCKET_NAME: "passculture-infra-prod-github-runner-cache"
create-pro-production-release:
name: "Pro production"
needs: [build-and-tag-version, find-hotfix-tag-number]
uses: ./.github/workflows/dev_on_workflow_deploy_pro_pr_version_generic.yml
secrets:
GCP_EHP_SERVICE_ACCOUNT: ${{ secrets.GCP_EHP_SERVICE_ACCOUNT }}
GCP_EHP_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.GCP_EHP_WORKLOAD_IDENTITY_PROVIDER }}
with:
ENV: "production"
CHANNEL: "${{ needs.find-hotfix-tag-number.outputs.hotfixTagNumber }}"
EXPIRES: "30d"
PUSH_RELEASE_TO_SENTRY: true
REF: v${{ needs.find-hotfix-tag-number.outputs.hotfixTagNumber }}
CACHE_BUCKET_NAME: "passculture-infra-prod-github-runner-cache"
slack-notification:
runs-on: ubuntu-22.04
needs:
- find-hotfix-tag-number
- build-and-tag-version
- create-pro-staging-release
- create-pro-integration-release
- create-pro-production-release
if: always()
env:
TAG_NAME: v${{ needs.find-hotfix-tag-number.outputs.hotfixTagNumber }}
steps:
- uses: technote-space/workflow-conclusion-action@v3
- name: "Authentification to Google"
uses: 'google-github-actions/auth@v3'
with:
workload_identity_provider: ${{ secrets.GCP_EHP_WORKLOAD_IDENTITY_PROVIDER }}
service_account: ${{ secrets.GCP_EHP_SERVICE_ACCOUNT }}
- name: "Get Secret"
id: 'secrets'
uses: 'google-github-actions/get-secretmanager-secrets@v3'
with:
secrets: |-
SLACK_BOT_TOKEN:passculture-metier-ehp/passculture-ci-slack-bot-token
- name: "Slack output"
id: "slack-text"
run: |
if [ "${{ env.WORKFLOW_CONCLUSION }}" == "success" ]; then
echo text="La pose du tag *${{ env.TAG_NAME }}* a réussi. Vous pouvez maintenant le <https://github.com/pass-culture/pass-culture-main/actions/workflows/dev_on_dispatch_release_deploy.yml|déployer> :rocket:" | tee -a $GITHUB_OUTPUT
elif [ "${{ env.WORKFLOW_CONCLUSION }}" == "cancelled" ]; then
echo text="La pose du tag a été annulée. Détails sur <${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|Github>" | tee -a $GITHUB_OUTPUT
else
echo text="La pose du tag *${{ env.TAG_NAME }}* a échoué :x: Détails sur <${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|Github>" | tee -a $GITHUB_OUTPUT
fi
- name: "Post on #shérif"
if: always()
uses: slackapi/[email protected]
with:
method: chat.postMessage
token: ${{ steps.secrets.outputs.SLACK_BOT_TOKEN }}
payload: |
channel: ${{ vars.SLACK_SHERIF_CHANNEL_ID }}
attachments:
- color: "${{ fromJSON('["#36a64f", "#A30002"]')[env.WORKFLOW_CONCLUSION == 'failure'] }}"
blocks:
- type: "context"
elements:
- type: "image"
image_url: "https://github.com/${{github.actor}}.png"
alt_text: "image de profil Github de ${{github.actor}}"
- type: "mrkdwn"
text: "*${{github.actor}}*"
- type: "section"
text:
type: "mrkdwn"
text: "${{ steps.slack-text.outputs.text }}"