-
Notifications
You must be signed in to change notification settings - Fork 47
133 lines (131 loc) · 5.13 KB
/
initiaterelease.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
name: InitiateRelease
on:
workflow_dispatch:
schedule:
- cron: 0 18 * * 1-5
jobs:
GenerateConfig:
runs-on: ubuntu-latest
outputs:
stage_exit_code: ${{ steps.stage.outputs.stage_exit_code }}
push_exit_code: ${{ steps.push.outputs.push_exit_code }}
pr_exit_code: ${{ steps.pr.outputs.pr_exit_code }}
permissions:
id-token: write
contents: write
pull-requests: write
env:
IAM_INSTANCE_PROFILE_ARN: ${{ secrets.IAM_INSTANCE_PROFILE_ARN }}
GH_TOKEN: ${{ github.token }}
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Create Release Branch
run: |
date=$(date '+%Y%m%d')
git checkout -b release-${date}
- name: Install xmllint
run: |
# generate-release-vars.sh depends on these packages
sudo apt-get update && sudo apt-get install libxml2-utils
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.AMI_GENERATE_CONFIG_ROLE }}
aws-region: us-west-2
- name: Configure Bot Alias
run: |
git config --global user.name "GenerateConfig Action"
git config --global user.email "[email protected]"
- name: Check AL1 Update
run: ./scripts/check-update.sh al1
- name: Check AL2 Update
run: ./scripts/check-update.sh al2
- name: Check AL2023 Update
run: ./scripts/check-update.sh al2023
- name: Check for changes
id: stage
run: |
# Git diff returns exit code of 1 when there is a change staged
# We need the set statements to prevent erroring out
set +e
git diff --cached --quiet
echo "stage_exit_code=$?" >> "$GITHUB_OUTPUT"
set -e
- name: Commit and Push Changes
id: push
if: ${{ steps.stage.outputs.stage_exit_code == 1 }}
run: |
date=$(date '+%Y%m%d')
git commit -m "Release ${date}"
git status
git push --set-upstream origin release-${date}
echo "push_exit_code=$?" >> "$GITHUB_OUTPUT"
- name: Open PR for Branch
id: pr
if: ${{ steps.stage.outputs.stage_exit_code == 1 && steps.push.outputs.push_exit_code == 0 }}
run: |
date=$(date '+%Y%m%d')
gh pr create --base main --head release-${date} --title "Release ${date}" --body "Enhanced ECS Optimized AMI Release changes"
echo "pr_exit_code=$?" >> "$GITHUB_OUTPUT"
PushToCodeCommit:
needs: GenerateConfig
if: ${{ needs.GenerateConfig.outputs.stage_exit_code == 1 && needs.GenerateConfig.outputs.push_exit_code == 0 && needs.GenerateConfig.outputs.pr_exit_code == 0 }}
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{secrets.AMI_MIRROR_ROLE}}
aws-region: us-west-2
- name: Delete shinkansen branch on codecommit repository
run: |
aws codecommit delete-branch --repository-name amazon-ecs-ami-mirror --branch-name shinkansen
- name: Sleeping for 30 seconds after CodeCommit branch deletion and before recreating it
run: |
sleep 30
- name: Configure prereqs
run: |
git config --global user.name "Github Action"
git config --global user.email "[email protected]"
pip install git-remote-codecommit
- name: Mirror to shinkansen branch on codecommit repository
run: |
date=$(date '+%Y%m%d')
git clone --single-branch --branch release-${date} https://github.com/aws/amazon-ecs-ami ecsAmiGithub
git clone codecommit::us-west-2://amazon-ecs-ami-mirror ecsAmiCodeCommit
cp ecsAmiCodeCommit/Config ecsAmiGithub/
cd ecsAmiGithub
git add Config
git commit -m "Release ${date}"
git remote add codecommit codecommit::us-west-2://amazon-ecs-ami-mirror
git push codecommit release-${date}:shinkansen
MetricPublish:
needs: [GenerateConfig, PushToCodeCommit]
if: ${{ always() }}
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{secrets.AMI_MIRROR_ROLE}}
aws-region: us-west-2
- name: Failure Scenario
if: ${{ needs.GenerateConfig.result == 'failure' || needs.PushToCodeCommit.result == 'failure' }}
run: aws cloudwatch put-metric-data --metric-name EcsAmiGithubActionStatus --namespace ECSAMIRelease --value "-1"
- name: Release Kickoff Scenario
if: ${{ needs.PushToCodeCommit.result == 'success'}}
run: aws cloudwatch put-metric-data --metric-name EcsAmiGithubActionStatus --namespace ECSAMIRelease --value 1
- name: No Release Scenario
if: ${{ needs.GenerateConfig.result == 'success' && needs.PushToCodeCommit.result == 'skipped' }}
run: aws cloudwatch put-metric-data --metric-name EcsAmiGithubActionStatus --namespace ECSAMIRelease --value 0