fix: update package vulnerabilities (#2232) #862
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This action is to orchestrate the non-serverless stuffs deployment | |
# to make sure playwright e2e test is run post-deployments. | |
# The reason we need to do this hack is because there's currently no way | |
# to use "workflow_run" trigger with requirement being all depdency workflows' | |
# complete. More here: https://github.com/community/community/discussions/16059 | |
# Side note: we need to follow .github/workflows convention https://docs.github.com/en/actions/using-workflows/reusing-workflows | |
name: Deploy and E2E test non-serverless stuffs | |
on: | |
push: | |
branches: | |
- staging | |
- master | |
env: | |
SLACK_CHANNEL_ID: C04H0FTGS5P # postman-deploys | |
concurrency: deploy-non-serverless-${{ github.ref }} | |
jobs: | |
slack-prepare: | |
name: Escape commit message to send in slack | |
runs-on: ubuntu-latest | |
outputs: | |
commit_message: ${{ steps.extract-message.outputs.commit_message }} | |
steps: | |
- id: extract-message | |
run: | | |
message=$MESSAGE | |
# taking only the first line and removing double quotes and backslashes from string value | |
message="$(echo $message | sed -z 's/\\n.*//g; s/"//g; s/\\//g')" | |
echo $message | |
echo "commit_message=$message" >> $GITHUB_OUTPUT | |
env: | |
MESSAGE: ${{ toJSON(github.event.head_commit.message) }} | |
slack-started: | |
name: Send slack message when deployment starts | |
runs-on: ubuntu-latest | |
outputs: | |
message_id: ${{ steps.slack.outputs.ts }} | |
needs: | |
- slack-prepare | |
steps: | |
- uses: slackapi/[email protected] | |
id: slack | |
with: | |
channel-id: ${{ env.SLACK_CHANNEL_ID }} | |
payload: | | |
{ | |
"attachments": [ | |
{ | |
"color": "warning", | |
"fields": [ | |
{ | |
"title": "Deployment", | |
"value": "Non serverless stuffs", | |
"short": true | |
}, | |
{ | |
"title": "Status", | |
"value": "STARTED", | |
"short": true | |
}, | |
{ | |
"title": "Workflow Run", | |
"value": "<https://github.com/opengovsg/postmangovsg/actions/runs/${{ github.run_id }} | ${{ needs.slack-prepare.outputs.commit_message }}>", | |
"short": true | |
}, | |
{ | |
"title": "Environment", | |
"value": "${{ github.ref == 'refs/heads/master' && 'production' || 'staging' }}", | |
"short": true | |
} | |
], | |
"footer_icon": "https://github.githubassets.com/favicon.ico", | |
"footer": "<https://github.com/opengovsg/postmangovsg | opengovsg/postmangovsg>" | |
} | |
] | |
} | |
env: | |
SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }} | |
deploy-backend: | |
name: Deploy backend to AWS Elastic Beanstalk | |
uses: ./.github/workflows/deploy-eb.yml | |
secrets: inherit | |
deploy-worker: | |
name: Deploy worker to AWS Elastic Container Service | |
uses: ./.github/workflows/deploy-worker.yml | |
secrets: inherit | |
deploy-frontend: | |
name: Deploy frontend to AWS Amplify | |
uses: ./.github/workflows/deploy-frontend.yml | |
secrets: inherit | |
e2e-test: | |
needs: | |
- deploy-backend | |
- deploy-frontend | |
- deploy-worker | |
name: End-to-end Test | |
uses: ./.github/workflows/e2e.yml | |
secrets: inherit | |
revert-on-e2e-failure: | |
runs-on: ubuntu-latest | |
needs: | |
- deploy-backend | |
- deploy-frontend | |
- deploy-worker | |
- e2e-test | |
if: always() | |
steps: | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v2 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: ap-southeast-1 | |
- run: | | |
if [ "${{ needs.e2e-test.outputs.e2e_result }}" = "failure" ] && [ "${{ github.ref }}" = "refs/heads/master" ]; then | |
${{ needs.deploy-worker.outputs.sending_revert_command }} | |
${{ needs.deploy-worker.outputs.logging_revert_command }} | |
${{ needs.deploy-frontend.outputs.revert_command }} | |
${{ needs.deploy-backend.outputs.revert_command_backend }} | |
${{ needs.deploy-backend.outputs.revert_command_callback }} | |
fi | |
slack-success: | |
needs: | |
- slack-prepare | |
- slack-started | |
- e2e-test | |
if: success() | |
name: Send Slack message about successful build | |
runs-on: ubuntu-latest | |
steps: | |
- uses: slackapi/[email protected] | |
with: | |
channel-id: ${{ env.SLACK_CHANNEL_ID }} | |
update-ts: ${{ needs.slack-started.outputs.message_id }} | |
payload: | | |
{ | |
"attachments": [ | |
{ | |
"color": "good", | |
"fields": [ | |
{ | |
"title": "Deployment", | |
"value": "Non serverless stuffs", | |
"short": true | |
}, | |
{ | |
"title": "Status", | |
"value": "SUCCESSFUL", | |
"short": true | |
}, | |
{ | |
"title": "Workflow Run", | |
"value": "<https://github.com/opengovsg/postmangovsg/actions/runs/${{ github.run_id }} | ${{ needs.slack-prepare.outputs.commit_message }}>", | |
"short": true | |
}, | |
{ | |
"title": "Environment", | |
"value": "${{ github.ref == 'refs/heads/master' && 'production' || 'staging' }}", | |
"short": true | |
} | |
], | |
"footer_icon": "https://github.githubassets.com/favicon.ico", | |
"footer": "<https://github.com/opengovsg/postmangovsg | opengovsg/postmangovsg>" | |
} | |
] | |
} | |
env: | |
SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }} | |
slack-failure: | |
needs: | |
- slack-prepare | |
- slack-started | |
# we include the deploy jobs here as we want to update the message to FAILED | |
# as well when the deploy jobs fail. We didn't need to include for succes | |
# because e2e-test has a pre-requisite of deploy jobs to have succeeded | |
- deploy-backend | |
- deploy-frontend | |
- deploy-worker | |
- e2e-test | |
if: failure() | |
name: Send Slack message about failed build and tag engineers if it's prod | |
runs-on: ubuntu-latest | |
steps: | |
- uses: slackapi/[email protected] | |
env: | |
SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }} | |
DEPLOY_ENV: ${{ github.ref == 'refs/heads/master' && 'production' || 'staging' }} | |
with: | |
channel-id: ${{ env.SLACK_CHANNEL_ID }} | |
update-ts: ${{ needs.slack-started.outputs.message_id }} | |
payload: | | |
{ | |
"text": "${{ env.DEPLOY_ENV == 'production' && '<!subteam^S03JWLMTBTK|postmangineers>' || '' }}", | |
"attachments": [ | |
{ | |
"color": "danger", | |
"fields": [ | |
{ | |
"title": "Deployment", | |
"value": "Non serverless stuffs", | |
"short": true | |
}, | |
{ | |
"title": "Status", | |
"value": "FAILED", | |
"short": true | |
}, | |
{ | |
"title": "Workflow Run", | |
"value": "<https://github.com/opengovsg/postmangovsg/actions/runs/${{ github.run_id }} | ${{ needs.slack-prepare.outputs.commit_message }}>", | |
"short": true | |
}, | |
{ | |
"title": "Environment", | |
"value": "${{ env.DEPLOY_ENV }}", | |
"short": true | |
} | |
], | |
"footer_icon": "https://github.githubassets.com/favicon.ico", | |
"footer": "<https://github.com/opengovsg/postmangovsg | opengovsg/postmangovsg>" | |
} | |
] | |
} |