Reboot Batch #5
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Reboot Batch | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| products: | |
| description: JSON product array | |
| type: string | |
| required: true | |
| default: '["api", "bal", "lba", "monitoring", "tdb", "vpn", "contrat", "data"]' | |
| environments: | |
| description: JSON environment array | |
| type: string | |
| required: true | |
| default: '["production", "recette", "preview", "pentest", "preprod"]' | |
| jobs: | |
| setup: | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| product: ${{ fromJSON(inputs.products) }} | |
| environment: ${{ fromJSON(inputs.environments) }} | |
| name: Reboot ${{ matrix.product }}-${{ matrix.environment }} | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout project | |
| uses: actions/checkout@v4 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: 20 | |
| - name: Install SSH key | |
| uses: shimataro/ssh-key-action@v2 | |
| with: | |
| name: github_actions | |
| key: ${{ secrets.DEPLOY_SSH_PRIVATE_KEY }} | |
| known_hosts: ${{ vars[format('{0}_SSH_KNOWN_HOSTS', matrix.product)] }} | |
| config: | | |
| Host * | |
| IdentityFile ~/.ssh/github_actions | |
| - name: Create vault pwd file | |
| run: echo ${VAULT_PWD} > .infra/.vault_pwd.txt | |
| env: | |
| VAULT_PWD: ${{ secrets.VAULT_PWD }} | |
| - name: Run playbook | |
| run: ".bin/mna system:reboot ${{ matrix.product }} ${{ matrix.environment }}" | |
| env: | |
| ANSIBLE_VAULT_PASSWORD_FILE: .infra/.vault_pwd.txt | |
| ANSIBLE_REMOTE_USER: deploy | |
| ANSIBLE_BECOME_PASS: ${{ secrets.DEPLOY_PASS }} | |
| - name: Encrypt Error log on failure | |
| run: .bin/mna deploy:log:encrypt | |
| if: failure() | |
| env: | |
| ANSIBLE_VAULT_PASSWORD_FILE: .infra/.vault_pwd.txt | |
| - name: Upload failure artifacts on failure | |
| if: failure() | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: error-logs | |
| path: /tmp/deploy_error.log.gpg | |
| - name: Notify failure on Slack | |
| uses: ravsamhq/notify-slack-action@v2 | |
| if: always() | |
| with: | |
| status: ${{ job.status }} | |
| notification_title: "Reboot en ${{ matrix.product }}-${{ matrix.environment }} a échoué" | |
| message_format: "{emoji} *[${{ matrix.product }}-${{ matrix.environment }}]* *{workflow}* {status_message} in <{repo_url}|{branch}> on <{commit_url}|{commit_sha}>. You can get error logs using `.bin/mna deploy:log:decrypt ${{ github.run_id }}`" | |
| notify_when: "failure" | |
| mention_groups: "!channel" | |
| env: | |
| SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }} |