This repository has been archived by the owner on Feb 22, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 50
122 lines (112 loc) · 4.3 KB
/
api-rollback.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
### !!!
# This file is automatically generated using Terraform.
# Do not update it manually. If changes need to be made,
# please request help from a maintainer to generate the
# updated version.
### !!!
name: openverse/api-rollback
on:
workflow_dispatch:
inputs:
environment:
required: true
description: The environment to roll back. `staging` or `production`.
tag:
required: true
description: The GHCR image tag to which the environment should be rolled back
# Only allow a single rollback to happen at a time
# If you need to stop an in-progress rollback to force
# another for the same environment, you'll need to manually cancel it
concurrency: ${{ github.workflow }}-${{ inputs.environment }}
jobs:
rollback:
name: Perform Rollback
runs-on: ubuntu-latest
steps:
- uses: actions/github-script@v6
with:
github-token: ${{ secrets.ACCESS_TOKEN }}
script: |
const { data: members } = await github.rest.teams.listMembersInOrg({
org: 'WordPress',
team_slug: 'openverse-maintainers',
});
const isAllowed = members.some(m => m.login === "${{ github.actor }}")
if (!isAllowed) {
throw new Error(
"Only GitHub users in the @WordPress/openverse-maintainers "
+ "team are allowed to run this workflow. If you need to run "
+ "this workflow, please reach out to that group for help."
)
}
- uses: actions/checkout@v3
- name: Validate `tag` input for nginx
uses: actions/github-script@v6
with:
script: |
let exists = undefined,
page = 0
while (!exists) {
page += 1
const { data: versions } =
await github.rest.packages.getAllPackageVersionsForPackageOwnedByOrg({
package_type: 'container',
package_name: 'openverse-api-nginx',
org: 'WordPress',
page,
// max of `per_page`
per_page: 100,
})
if (!versions.length) {
break
}
exists = versions.some((v) => v.metadata.container.tags.includes('${{ inputs.tag }}'))
}
if (!exists) {
throw new Error(
'`${{ inputs.tag }}` does not appear to be a valid tag for the ghcr.io/wordpress/openverse-api-nginx image.'
)
}
- name: Validate `tag` input for django
uses: actions/github-script@v6
with:
script: |
let exists = undefined,
page = 0
while (!exists) {
page += 1
const { data: versions } =
await github.rest.packages.getAllPackageVersionsForPackageOwnedByOrg({
package_type: 'container',
package_name: 'openverse-api',
org: 'WordPress',
page,
// max of `per_page`
per_page: 100,
})
if (!versions.length) {
break
}
exists = versions.some((v) => v.metadata.container.tags.includes('${{ inputs.tag }}'))
}
if (!exists) {
throw new Error(
'`${{ inputs.tag }}` does not appear to be a valid tag for the ghcr.io/wordpress/openverse-api image.'
)
}
- uses: ./.github/actions/production-deploy
if: inputs.environment == 'production'
with:
tag: ${{ inputs.tag }}
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
slack-webhook: ${{ secrets.SLACK_WEBHOOK_URL }}
gh-slack-username-map: ${{ secrets.GH_SLACK_USERNAME_MAP }}
- uses: ./.github/actions/staging-deploy
if: inputs.environment == 'staging'
with:
tag: ${{ inputs.tag }}
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
slack-webhook: ${{ secrets.SLACK_WEBHOOK_URL }}
gh-slack-username-map: ${{ secrets.GH_SLACK_USERNAME_MAP }}