deploymate/.github/workflows/release.yml at develop · AlexGerlitz/deploymate · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
name: Release

on:
  workflow_dispatch:
    inputs:
      surface:
        description: "Remote release surface"
        required: true
        type: choice
        default: full
        options:
          - frontend
          - backend
          - full
      skip_smoke:
        description: "Skip post-deploy smoke"
        required: true
        type: boolean
        default: false
      runtime_smoke:
        description: "Enable runtime smoke"
        required: true
        type: boolean
        default: false

concurrency:
  group: production-release
  cancel-in-progress: false

permissions:
  contents: read

jobs:
  release:
    runs-on: ubuntu-latest
    environment: production

    steps:
      - name: Checkout
        uses: actions/checkout@v6

      - name: Setup Python
        uses: actions/setup-python@v6
        with:
          python-version: "3.12"

      - name: Run production contract gate
        run: bash scripts/production_contract_gate.sh
        env:
          BACKEND_PYTHON: python

      - name: Run remote release
        id: remote_release
        uses: ./.github/actions/remote-release
        with:
          surface: ${{ inputs.surface }}
          deploy_host: ${{ secrets.DEPLOY_HOST }}
          base_url: ${{ secrets.DEPLOYMATE_BASE_URL }}
          admin_username: ${{ secrets.DEPLOYMATE_ADMIN_USERNAME }}
          admin_password: ${{ secrets.DEPLOYMATE_ADMIN_PASSWORD }}
          deploy_ssh_private_key: ${{ secrets.DEPLOY_SSH_PRIVATE_KEY }}
          deploy_ssh_known_hosts: ${{ secrets.DEPLOY_SSH_KNOWN_HOSTS }}
          runtime_smoke_enabled: ${{ inputs.runtime_smoke && '1' || '0' }}
          skip_smoke: ${{ inputs.skip_smoke && '1' || '0' }}
          deploy_repo_dir: ${{ secrets.DEPLOY_REPO_DIR }}
          deploy_branch: ${{ secrets.DEPLOY_BRANCH }}
          deploy_ref: ${{ github.sha }}
          deploy_env_file: ${{ secrets.DEPLOY_ENV_FILE }}
          runtime_smoke_ssh_private_key: ${{ secrets.RUNTIME_SMOKE_SSH_PRIVATE_KEY }}
          runtime_smoke_server_id: ${{ secrets.RUNTIME_SMOKE_SERVER_ID }}
          runtime_smoke_server_name: ${{ secrets.RUNTIME_SMOKE_SERVER_NAME }}
          runtime_smoke_server_host: ${{ secrets.RUNTIME_SMOKE_SERVER_HOST }}
          runtime_smoke_server_port: ${{ secrets.RUNTIME_SMOKE_SERVER_PORT }}
          runtime_smoke_server_username: ${{ secrets.RUNTIME_SMOKE_SERVER_USERNAME }}
          runtime_smoke_image: ${{ secrets.RUNTIME_SMOKE_IMAGE }}
          runtime_smoke_internal_port: ${{ secrets.RUNTIME_SMOKE_INTERNAL_PORT }}
          runtime_smoke_external_port: ${{ secrets.RUNTIME_SMOKE_EXTERNAL_PORT }}
          runtime_smoke_start_port: ${{ secrets.RUNTIME_SMOKE_START_PORT }}
          runtime_smoke_health_timeout: ${{ secrets.RUNTIME_SMOKE_HEALTH_TIMEOUT }}

      - name: Write release summary
        if: always()
        shell: bash
        run: |
          {
            echo "## Production Release"
            echo
            echo "- Surface: \`${{ inputs.surface }}\`"
            echo "- Commit: \`${{ github.sha }}\`"
            echo "- Deployed SHA: \`${{ steps.remote_release.outputs.deployed_sha || 'unavailable' }}\`"
            echo "- Smoke mode: \`${{ steps.remote_release.outputs.smoke_mode || (inputs.skip_smoke && 'post-deploy skipped' || (inputs.runtime_smoke && 'runtime enabled' || 'runtime disabled')) }}\`"
            echo "- URL: ${{ steps.remote_release.outputs.target_url || secrets.DEPLOYMATE_BASE_URL }}"
            echo "- Actions run: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"
          } >> "$GITHUB_STEP_SUMMARY"

      - name: Notify release result
        if: always()
        continue-on-error: true
        shell: bash
        env:
          DEPLOY_NOTIFICATION_WEBHOOK: ${{ secrets.DEPLOY_NOTIFICATION_WEBHOOK }}
        run: |
          if [ -z "$DEPLOY_NOTIFICATION_WEBHOOK" ]; then
            echo "[notify] DEPLOY_NOTIFICATION_WEBHOOK is not configured"
            exit 0
          fi

          bash scripts/send_workflow_notification.sh \
            --webhook-url "$DEPLOY_NOTIFICATION_WEBHOOK" \
            --workflow "Production release" \
            --environment "production" \
            --status "${{ job.status }}" \
            --surface "${{ inputs.surface }}" \
            --smoke "${{ steps.remote_release.outputs.smoke_mode || (inputs.skip_smoke && 'post-deploy skipped' || (inputs.runtime_smoke && 'runtime enabled' || 'runtime disabled')) }}" \
            --commit "${{ github.sha }}" \
            --ref "${{ github.ref_name }}" \
            --run-url "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"