forked from cloud-custodian/cloud-custodian
-
Notifications
You must be signed in to change notification settings - Fork 4
141 lines (141 loc) · 5.91 KB
/
nightly-sync-to-prod.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
name: nightly-sync-to-prod
on:
schedule:
- cron: '0 7 * * *'
workflow_dispatch:
jobs:
nightly-sync-validate:
if: endsWith( github.repository, '-sandbox' )
runs-on: self-hosted
outputs:
status: ${{ steps.jenkins-job-apply.outputs.job_status }}
steps:
#- name: trigger jenkins validation job (destroy)
# id: jenkins-job-destroy
# uses: morganschoen/build-jenkins-job@master
# with:
# jenkins-url: "https://jenkins.ncttools.io"
# jenkins-token: ${{ secrets.JENKINS_API_TOKEN }}
# jenkins-user: ${{ secrets.JENKINS_API_USERNAME }}
# jenkins-job: ${{ github.event.repository.name }}
# jenkins-job-params: '{"action": "destroy", "bu": "nna", "account": "newstechnonprodinfeng"}'
# jenkins-wait-job: "wait"
# jenkins-ssl-verify: "true"
#- name: notify slack on failure (destroy)
# if: startsWith(steps.jenkins-job-destroy.outputs.job_status, 'FAIL')
# uses: tokorom/action-slack-incoming-webhook@main
# env:
# INCOMING_WEBHOOK_URL: ${{ secrets.NIGHTLY_SYNC_SLACK_WEBHOOK_URL }}
# with:
# text:
# attachments: |
# [
# {
# "color": "danger",
# "fields": [
# {
# "title": "${{github.event.repository.name}}: Nightly sandbox validation failed. ",
# "value": "Skipping sync to prod release branch. Please review errors in build # <https://jenkins.ncttools.io/view/AWS%20Landing%20Zone%20Sandbox/job/${{github.event.repository.name}}/${{steps.jenkins-job-destroy.outputs.job_build_number}}/console|${{steps.jenkins-job-destroy.outputs.job_build_number}}>"
# }
# ]
# }
# ]
- name: trigger jenkins validation job (plan)
# if: startsWith(steps.jenkins-job-destroy.outputs.job_status, 'SUCCESS')
id: jenkins-job-apply
uses: morganschoen/build-jenkins-job@master
with:
jenkins-url: "https://jenkins.ncttools.io"
jenkins-token: ${{ secrets.JENKINS_API_TOKEN }}
jenkins-user: ${{ secrets.JENKINS_API_USERNAME }}
jenkins-job: ${{ github.event.repository.name }}
jenkins-wait-job: "wait"
jenkins-ssl-verify: "true"
- name: notify slack on failure (plan)
if: startsWith(steps.jenkins-job-apply.outputs.job_status, 'FAIL')
uses: tokorom/action-slack-incoming-webhook@main
env:
INCOMING_WEBHOOK_URL: ${{ secrets.NIGHTLY_SYNC_SLACK_WEBHOOK_URL }}
with:
text:
attachments: |
[
{
"color": "danger",
"fields": [
{
"title": "${{github.event.repository.name}}: Nightly Jeeves sandbox validation failed. ",
"value": "Skipping sync to prod release branch. Please review errors in build # <https://jenkins.ncttools.io/view/AWS%20Landing%20Zone%20Sandbox/job/${{github.event.repository.name}}/${{steps.jenkins-job-apply.outputs.job_build_number}}/console|${{steps.jenkins-job-apply.outputs.job_build_number}}>"
}
]
}
]
nightly-sync:
if: startsWith(needs.nightly-sync-validate.outputs.status, 'SUCCESS')
needs: nightly-sync-validate
runs-on: ubuntu-latest
steps:
- name: checkout main
uses: actions/checkout@v3
with:
ref: master
fetch-depth: 0
- name: checkout target
uses: actions/checkout@v3
with:
repository: newscorp-ghfb/cloud-custodian
ssh-key: ${{ secrets.GIT_SYNC_DESTINATION_PRIVATE_KEY }}
path: nct-lz-aws-toolIAM
- name: create temp branch
id: temp-branch
uses: morganschoen/temporary-branch-action@main
with:
base: master
# - name: target specific customization
# run: |
# git switch ${{ steps.temp-branch.outputs.branch }}
# sed -i "s/@Library('nct-jenkins-shared-library-sandbox')_/@Library('nct-jenkins-shared-library')_/g" Jenkinsfile
# for dir in accounts/*; do
# [[ "$dir" == *"bu_roles"* || "$dir" == *"tests"* ]] && continue
# for dir2 in $dir/*; do
# [[ "$dir2" = *"bu_roles"* || "$dir2" == *"tests"* ]] && continue
# if [ -d $dir2 ]; then
# echo "del $dir2"
# rm -rf "$dir2"
# fi
# done
# done
# for dir in nct-lz-aws-toolIAM/accounts/*; do
# [[ "$dir" == *"bu_roles"* || "$dir" == *"tests"* ]] && continue
# for dir2 in $dir/*; do
# [[ "$dir2" = *"bu_roles"* || "$dir2" == *"tests"* ]] && continue
# if [ -d $dir2 ]; then
# target_dir2=$(sed 's/nct-lz-aws-toolIAM\///' <<< $dir2)
# target_dir=$(sed 's/nct-lz-aws-toolIAM\///' <<< $dir)
# echo "copy $dir2 $target_dir2"
# mkdir -p $target_dir && cp -r $dir2 $target_dir2
# fi
# done
# done
# rm -rf nct-lz-aws-toolIAM
# sudo chown -R "${USER:-$(id -un)}" .
# shell: bash
- name: commit changes to temp branch
uses: stefanzweifel/git-auto-commit-action@v4
with:
branch: ${{ steps.temp-branch.outputs.branch }}
commit_author: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
- name: sync temp branch to target release branch
uses: wei/git-sync@v3
with:
source_repo: git@github.com:newscorp-ghfb/cloud-custodian-sandbox.git
source_branch: ${{ steps.temp-branch.outputs.branch }}
source_ssh_private_key: ${{ secrets.GIT_SYNC_SOURCE_PRIVATE_KEY }}
destination_repo: git@github.com:newscorp-ghfb/nct-cloud-custodian.git
destination_branch: release
destination_ssh_private_key: ${{ secrets.GIT_SYNC_DESTINATION_PRIVATE_KEY }}
- name: delete temp branch
uses: dawidd6/action-delete-branch@v3
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
branches: ${{ steps.temp-branch.outputs.branch }}