diff --git a/.github/workflows/build-on-release.yml b/.github/workflows/build-on-release.yml new file mode 100644 index 000000000000..20922edc6129 --- /dev/null +++ b/.github/workflows/build-on-release.yml @@ -0,0 +1,22 @@ +name: Build on Release +run-name: "Build ${{ github.event.release.tag_name }}" + +on: + release: + types: [published] + +permissions: + contents: write + packages: write + actions: read + pull-requests: write + id-token: write + +jobs: + build-production: + name: Build Production Image + uses: THG-Fulfil/shared-workflows/.github/workflows/release-build.yml@rowan-changes + with: + build_type: java + java_version: '8|11' + secrets: inherit diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 000000000000..d1725483fa56 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,168 @@ +name: Deploy Release +run-name: "Deploy ${{ inputs.version }}" + +on: + workflow_dispatch: + inputs: + version: + description: 'Release version to deploy (e.g., v1.2.3)' + required: true + type: string + change_request_id: + description: 'Change Request ID (optional, long URL number, e.g. "...?CHANGEID=12345")' + required: false + type: string + deploy_stable: + description: 'Deploy to Stable environment' + required: false + type: boolean + default: false + deploy_live: + description: 'Deploy to LIVE environment' + required: false + type: boolean + default: false + +permissions: + contents: write + packages: write + actions: read + id-token: write + pull-requests: write + +jobs: + deploy-live-druid-broker: + name: 'Live: Deploy' + if: inputs.deploy_live == true + uses: THG-Fulfil/shared-workflows/.github/workflows/release-deploy-unity.yml@rowan-changes + with: + version: ${{ inputs.version }} + change_request_id: ${{ inputs.change_request_id }} + environment_name: live + deploy_runner: stock-gcp-runner + unity_cluster: euw2-li-beunity + unity_namespace: sadruid + unity_deployment_name: druid-broker-gcp-live + unity_chart_repo: THG-Stock-Availability/druid-helm-template + unity_helm_values_file: namspace/gcp/values-live.yaml + unity_helm_base_values_file: namespace/values.yaml + should_update_release_notes: true + secrets: + TEAMS_WEBHOOK_URI_PROD: ${{ secrets.TEAMS_WEBHOOK_URI_PROD }} + UNITY_CLUSTER_CA: ${{ secrets.GCP_LI_CLUSTER_CA }} + UNITY_CLUSTER_SERVER: ${{ secrets.GKE_LI_CLUSTER_SERVER }} + UNITY_DEPLOY_TOKEN: ${{ secrets.GCP_LI_DEPLOY_TOKEN }} + UNITY_CHART_TOKEN: ${{ secrets.GRGIT_PASS }} + + deploy-live-druid-coordinator: + name: 'Live: Deploy' + if: inputs.deploy_live == true + uses: THG-Fulfil/shared-workflows/.github/workflows/release-deploy-unity.yml@rowan-changes + with: + version: ${{ inputs.version }} + change_request_id: ${{ inputs.change_request_id }} + environment_name: live + deploy_runner: stock-gcp-runner + unity_cluster: euw2-li-beunity + unity_namespace: sadruid + unity_deployment_name: druid-coordinator-gcp-live + unity_chart_repo: THG-Stock-Availability/druid-helm-template + unity_helm_values_file: namspace/gcp/values-live.yaml + unity_helm_base_values_file: namespace/values.yaml + should_update_release_notes: true + secrets: + TEAMS_WEBHOOK_URI_PROD: ${{ secrets.TEAMS_WEBHOOK_URI_PROD }} + UNITY_CLUSTER_CA: ${{ secrets.GCP_LI_CLUSTER_CA }} + UNITY_CLUSTER_SERVER: ${{ secrets.GKE_LI_CLUSTER_SERVER }} + UNITY_DEPLOY_TOKEN: ${{ secrets.GCP_LI_DEPLOY_TOKEN }} + UNITY_CHART_TOKEN: ${{ secrets.GRGIT_PASS }} + + deploy-live-druid-router: + name: 'Live: Deploy' + if: inputs.deploy_live == true + uses: THG-Fulfil/shared-workflows/.github/workflows/release-deploy-unity.yml@rowan-changes + with: + version: ${{ inputs.version }} + change_request_id: ${{ inputs.change_request_id }} + environment_name: live + deploy_runner: stock-gcp-runner + unity_cluster: euw2-li-beunity + unity_namespace: sadruid + unity_deployment_name: druid-router-gcp-live + unity_chart_repo: THG-Stock-Availability/druid-helm-template + unity_helm_values_file: namspace/gcp/values-live.yaml + unity_helm_base_values_file: namespace/values.yaml + should_update_release_notes: true + secrets: + TEAMS_WEBHOOK_URI_PROD: ${{ secrets.TEAMS_WEBHOOK_URI_PROD }} + UNITY_CLUSTER_CA: ${{ secrets.GCP_LI_CLUSTER_CA }} + UNITY_CLUSTER_SERVER: ${{ secrets.GKE_LI_CLUSTER_SERVER }} + UNITY_DEPLOY_TOKEN: ${{ secrets.GCP_LI_DEPLOY_TOKEN }} + UNITY_CHART_TOKEN: ${{ secrets.GRGIT_PASS }} + + deploy-gb1-live-druid-broker: + name: 'GB1 Live: Deploy' + if: inputs.deploy_live == true + uses: THG-Fulfil/shared-workflows/.github/workflows/release-deploy-unity.yml@rowan-changes + with: + version: ${{ inputs.version }} + change_request_id: ${{ inputs.change_request_id }} + environment_name: gb1-live + deploy_runner: stock-gcp-runner + unity_cluster: gb1-li-beunityv3 + unity_namespace: sadruid + unity_deployment_name: druid-broker-gb1 + unity_chart_repo: THG-Stock-Availability/druid-helm-template + unity_helm_values_file: namespace/gb1/values-live.yaml + unity_helm_base_values_file: namespace/values.yaml + secrets: + TEAMS_WEBHOOK_URI_PROD: ${{ secrets.TEAMS_WEBHOOK_URI_PROD }} + UNITY_CLUSTER_CA: TBC + UNITY_CLUSTER_SERVER: TBC + UNITY_DEPLOY_TOKEN: TBC + UNITY_CHART_TOKEN: ${{ secrets.GRGIT_PASS }} + + deploy-gb1-live-druid-coordinator: + name: 'GB1 Live: Deploy' + if: inputs.deploy_live == true + uses: THG-Fulfil/shared-workflows/.github/workflows/release-deploy-unity.yml@rowan-changes + with: + version: ${{ inputs.version }} + change_request_id: ${{ inputs.change_request_id }} + environment_name: gb1-live + deploy_runner: stock-gcp-runner + unity_cluster: gb1-li-beunityv3 + unity_namespace: sadruid + unity_deployment_name: druid-coordinator-gb1 + unity_chart_repo: THG-Stock-Availability/druid-helm-template + unity_helm_values_file: namespace/gb1/values-live.yaml + unity_helm_base_values_file: namespace/values.yaml + secrets: + TEAMS_WEBHOOK_URI_PROD: ${{ secrets.TEAMS_WEBHOOK_URI_PROD }} + UNITY_CLUSTER_CA: TBC + UNITY_CLUSTER_SERVER: TBC + UNITY_DEPLOY_TOKEN: TBC + UNITY_CHART_TOKEN: ${{ secrets.GRGIT_PASS }} + + + deploy-gb1-live-druid-router: + name: 'GB1 Live: Deploy' + if: inputs.deploy_live == true + uses: THG-Fulfil/shared-workflows/.github/workflows/release-deploy-unity.yml@rowan-changes + with: + version: ${{ inputs.version }} + change_request_id: ${{ inputs.change_request_id }} + environment_name: gb1-live + deploy_runner: stock-gcp-runner + unity_cluster: gb1-li-beunityv3 + unity_namespace: sadruid + unity_deployment_name: druid-router-gb1 + unity_chart_repo: THG-Stock-Availability/druid-helm-template + unity_helm_values_file: namespace/gb1/values-live.yaml + unity_helm_base_values_file: namespace/values.yaml + secrets: + TEAMS_WEBHOOK_URI_PROD: ${{ secrets.TEAMS_WEBHOOK_URI_PROD }} + UNITY_CLUSTER_CA: TBC + UNITY_CLUSTER_SERVER: TBC + UNITY_DEPLOY_TOKEN: TBC + UNITY_CHART_TOKEN: ${{ secrets.GRGIT_PASS }} diff --git a/.github/workflows/scheduled-maintenance.yml b/.github/workflows/scheduled-maintenance.yml new file mode 100644 index 000000000000..aacf0f633f8e --- /dev/null +++ b/.github/workflows/scheduled-maintenance.yml @@ -0,0 +1,27 @@ +name: Scheduled Maintenance + +on: + schedule: + - cron: '0 */1 * * *' + workflow_dispatch: + inputs: + max_wait_minutes: + type: number + description: 'Cancel runs waiting for approval longer than this (minutes)' + required: false + default: 120 + dry_run: + type: boolean + description: 'Dry Run - show what would be cancelled without actually cancelling' + required: false + default: false + +permissions: + actions: write + +jobs: + maintenance: + uses: THG-Fulfil/shared-workflows/.github/workflows/scheduled-maintenance.yml@rowan-changes + with: + max_wait_minutes: ${{ inputs.max_wait_minutes || 120 }} + dry_run: ${{ inputs.dry_run || false }}