-
Notifications
You must be signed in to change notification settings - Fork 2
106 lines (97 loc) · 3.42 KB
/
_reboot.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
name: Run Reboot
on:
workflow_call:
inputs:
product:
description: The product
type: string
required: true
environment:
description: The environment to setup
type: string
required: true
SSH_KNOWN_HOSTS:
description: The product SSH_KNOWN_HOSTS
type: string
required: true
secrets:
DEPLOY_SSH_PRIVATE_KEY:
description: SSH private key
required: true
DEPLOY_PASS:
description: SSH PWD TO DEPLOY
required: true
SLACK_WEBHOOK:
description: Slack webhook URL
required: true
VAULT_PWD:
description: Vault Password
required: true
HABILITATIONS:
description: Product habilitations
required: true
OVH_APP_TOKEN:
description: OVH Application token
required: true
OVH_APP_KEY:
description: OVH Application key
required: true
OVH_APP_SECRET:
description: OVH Application secret
required: true
jobs:
setup:
concurrency:
group: "${{ inputs.product }}-${{ inputs.environment }}-${{ github.workflow }}-${{ github.ref }}"
name: Setup ${{ inputs.product }} on ${{ inputs.environment }}
runs-on: ubuntu-latest
steps:
- name: Checkout project
uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: 20
- name: Install SSH key
uses: shimataro/ssh-key-action@v2
with:
name: github_actions
key: ${{ secrets.DEPLOY_SSH_PRIVATE_KEY }}
known_hosts: ${{ inputs.SSH_KNOWN_HOSTS }}
config: |
Host *
IdentityFile ~/.ssh/github_actions
- name: Create vault pwd file
run: echo ${VAULT_PWD} > .infra/.vault_pwd.txt
env:
VAULT_PWD: ${{ secrets.VAULT_PWD }}
- name: Run playbook
run: ".bin/infra system:reboot ${{ inputs.product }} ${{ inputs.environment }}"
env:
ANSIBLE_VAULT_PASSWORD_FILE: .infra/.vault_pwd.txt
ANSIBLE_REMOTE_USER: deploy
ANSIBLE_BECOME_PASS: ${{ secrets.DEPLOY_PASS }}
- name: Encrypt logs
run: .bin/infra deploy:log:encrypt
if: always()
env:
ANSIBLE_VAULT_PASSWORD_FILE: .infra/.vault_pwd.txt
- name: Upload logs artifacts
if: always()
uses: actions/upload-artifact@v4
with:
name: logs-${{ inputs.product }}-${{ inputs.environment }}
path: /tmp/deploy.log.gpg
- name: Add Job summary
if: always()
run: echo 'You can get logs using `.bin/infra deploy:log:decrypt ${{ github.run_id }} ${{ inputs.product }}-${{ inputs.environment }}`' >> $GITHUB_STEP_SUMMARY
- name: Notify failure on Slack
uses: ravsamhq/notify-slack-action@v2
if: always()
with:
status: ${{ job.status }}
notification_title: "Reboot en ${{ inputs.product }}-${{ inputs.environment }} a échoué"
message_format: "{emoji} *[${{ inputs.product }}-${{ inputs.environment }}]* *{workflow}* {status_message} in <{repo_url}|{branch}> on <{commit_url}|{commit_sha}>. You can get error logs using `.bin/infra deploy:log:decrypt ${{ github.run_id }} ${{ inputs.product }}-${{ inputs.environment }}`"
notify_when: "failure"
mention_groups: "!channel"
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }}