AEA-3486 put audit logging in place for s3 (#165) #80

Workflow file for this run

.github/workflows/release.yml at f263c77

	name: release workflow

	on:
	push:
	branches: [main]
	tags: [v**]

	env:
	BRANCH_NAME: ${{ github.event.ref.BRANCH_NAME }}

	jobs:
	quality_checks:
	uses: ./.github/workflows/quality_checks.yml
	secrets:
	SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

	get_commit_id:
	runs-on: ubuntu-latest
	outputs:
	commit_id: ${{ steps.commit_id.outputs.commit_id }}
	steps:
	- name: Get Commit ID
	id: commit_id
	run: \|
	echo "commit_id=${{ github.sha }}" >> "$GITHUB_OUTPUT"

	tag_release:
	needs: quality_checks
	runs-on: ubuntu-latest
	outputs:
	spec_version: ${{steps.output_spec_version.outputs.SPEC_VERSION}}
	steps:
	- name: Checkout code
	uses: actions/checkout@v4
	with:
	ref: ${{ env.BRANCH_NAME }}
	fetch-depth: 0

	# using git commit sha for version of action to ensure we have stable version
	- name: Install asdf
	uses: asdf-vm/actions/setup@6a442392015fbbdd8b48696d41e0051b2698b2e4
	with:
	asdf_branch: v0.11.3

	- name: Cache asdf
	uses: actions/cache@v3
	with:
	path: \|
	~/.asdf
	key: ${{ runner.os }}-asdf-${{ hashFiles('**/.tool-versions') }}
	restore-keys: \|
	${{ runner.os }}-asdf-

	- name: Install asdf dependencies in .tool-versions
	uses: asdf-vm/actions/install@6a442392015fbbdd8b48696d41e0051b2698b2e4
	with:
	asdf_branch: v0.11.3
	env:
	PYTHON_CONFIGURE_OPTS: --enable-shared

	- name: Install python packages
	run: \|
	export PATH="/home/runner/.asdf/installs/poetry/1.3.1/bin:$PATH"
	poetry install

	- name: Set SPEC_VERSION env var for merges to main
	run: echo "SPEC_VERSION=$(poetry run python scripts/calculate_version.py)" >> $GITHUB_ENV
	if: github.ref == 'refs/heads/main'

	- name: Set SPEC_VERSION env var for tags
	run: echo "SPEC_VERSION=${{ github.ref_name }}" >> $GITHUB_ENV
	if: github.ref != 'refs/heads/main'

	- name: Create github release
	uses: actions/create-release@v1
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	with:
	tag_name: ${{ env.SPEC_VERSION }}
	release_name: ${{ env.SPEC_VERSION }}
	body: \|
	## Commit message
	${{ github.event.head_commit.message }}
	## Info
	[See code diff](${{ github.event.compare }})
	[Release workflow run](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }})

	It was initialized by [${{ github.event.sender.login }}](${{ github.event.sender.html_url }})

	- name: output SPEC_VERSION
	id: output_spec_version
	run: echo SPEC_VERSION=${{ env.SPEC_VERSION }} >> $GITHUB_OUTPUT

	package_code:
	needs: tag_release
	uses: ./.github/workflows/sam_package_code.yml

	release_dev:
	needs: [tag_release, package_code, get_commit_id]
	uses: ./.github/workflows/sam_release_code.yml
	with:
	ARTIFACT_BUCKET_PREFIX: ${{needs.tag_release.outputs.spec_version}}
	STACK_NAME: dev-ci
	TARGET_ENVIRONMENT: dev
	ENABLE_MUTUAL_TLS: true
	DEPLOY_SANDBOX: false
	BUILD_ARTIFACT: packaged_code
	TRUSTSTORE_FILE: truststore.pem
	VERSION_NUMBER: ${{needs.tag_release.outputs.spec_version}}
	COMMIT_ID: ${{needs.get_commit_id.outputs.commit_id}}
	LOG_LEVEL: DEBUG
	secrets:
	CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_DEPLOY_ROLE }}
	SPLUNK_HEC_TOKEN: ${{ secrets.DEV_SPLUNK_HEC_TOKEN }}
	TARGET_SPINE_SERVER: ${{ secrets.DEV_TARGET_SPINE_SERVER }}

	release_dev_sandbox:
	needs: [tag_release, package_code, get_commit_id]
	uses: ./.github/workflows/sam_release_code.yml
	with:
	ARTIFACT_BUCKET_PREFIX: ${{needs.tag_release.outputs.spec_version}}
	STACK_NAME: dev-sandbox
	TARGET_ENVIRONMENT: dev
	ENABLE_MUTUAL_TLS: true
	DEPLOY_SANDBOX: true
	BUILD_ARTIFACT: packaged_sandbox_code
	TRUSTSTORE_FILE: sandbox-truststore.pem
	VERSION_NUMBER: ${{needs.tag_release.outputs.spec_version}}
	COMMIT_ID: ${{needs.get_commit_id.outputs.commit_id}}
	LOG_LEVEL: DEBUG
	secrets:
	CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_DEPLOY_ROLE }}
	SPLUNK_HEC_TOKEN: ${{ secrets.DEV_SPLUNK_HEC_TOKEN }}
	TARGET_SPINE_SERVER: sandbox

	release_ref:
	needs: [tag_release, release_dev, release_dev_sandbox, package_code, get_commit_id]
	uses: ./.github/workflows/sam_release_code.yml
	with:
	ARTIFACT_BUCKET_PREFIX: ${{needs.tag_release.outputs.spec_version}}
	STACK_NAME: ref-ci
	TARGET_ENVIRONMENT: ref
	ENABLE_MUTUAL_TLS: true
	DEPLOY_SANDBOX: false
	BUILD_ARTIFACT: packaged_code
	TRUSTSTORE_FILE: truststore.pem
	VERSION_NUMBER: ${{needs.tag_release.outputs.spec_version}}
	COMMIT_ID: ${{needs.get_commit_id.outputs.commit_id}}
	LOG_LEVEL: DEBUG
	secrets:
	CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.REF_CLOUD_FORMATION_DEPLOY_ROLE }}
	SPLUNK_HEC_TOKEN: ${{ secrets.REF_SPLUNK_HEC_TOKEN }}
	TARGET_SPINE_SERVER: ${{ secrets.REF_TARGET_SPINE_SERVER }}

	release_qa:
	needs: [tag_release, release_dev, release_dev_sandbox, package_code, get_commit_id]
	uses: ./.github/workflows/sam_release_code.yml
	with:
	ARTIFACT_BUCKET_PREFIX: ${{needs.tag_release.outputs.spec_version}}
	STACK_NAME: qa-ci
	TARGET_ENVIRONMENT: qa
	ENABLE_MUTUAL_TLS: true
	DEPLOY_SANDBOX: false
	BUILD_ARTIFACT: packaged_code
	TRUSTSTORE_FILE: truststore.pem
	VERSION_NUMBER: ${{needs.tag_release.outputs.spec_version}}
	COMMIT_ID: ${{needs.get_commit_id.outputs.commit_id}}
	LOG_LEVEL: DEBUG
	secrets:
	CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.QA_CLOUD_FORMATION_DEPLOY_ROLE }}
	SPLUNK_HEC_TOKEN: ${{ secrets.QA_SPLUNK_HEC_TOKEN }}
	TARGET_SPINE_SERVER: ${{ secrets.QA_TARGET_SPINE_SERVER }}

	release_int:
	needs: [tag_release, release_qa, package_code, get_commit_id]
	uses: ./.github/workflows/sam_release_code.yml
	with:
	ARTIFACT_BUCKET_PREFIX: ${{needs.tag_release.outputs.spec_version}}
	STACK_NAME: int-ci
	TARGET_ENVIRONMENT: int
	ENABLE_MUTUAL_TLS: true
	DEPLOY_SANDBOX: false
	BUILD_ARTIFACT: packaged_code
	TRUSTSTORE_FILE: truststore.pem
	VERSION_NUMBER: ${{needs.tag_release.outputs.spec_version}}
	COMMIT_ID: ${{needs.get_commit_id.outputs.commit_id}}
	LOG_LEVEL: DEBUG
	secrets:
	CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.INT_CLOUD_FORMATION_DEPLOY_ROLE }}
	SPLUNK_HEC_TOKEN: ${{ secrets.INT_SPLUNK_HEC_TOKEN }}
	TARGET_SPINE_SERVER: ${{ secrets.INT_TARGET_SPINE_SERVER }}

	release_sandbox:
	needs: [tag_release, release_qa, package_code, get_commit_id]
	uses: ./.github/workflows/sam_release_code.yml
	with:
	ARTIFACT_BUCKET_PREFIX: ${{needs.tag_release.outputs.spec_version}}
	STACK_NAME: int-sandox
	TARGET_ENVIRONMENT: int
	ENABLE_MUTUAL_TLS: true
	DEPLOY_SANDBOX: true
	BUILD_ARTIFACT: packaged_sandbox_code
	TRUSTSTORE_FILE: sandbox-truststore.pem
	VERSION_NUMBER: ${{needs.tag_release.outputs.spec_version}}
	COMMIT_ID: ${{needs.get_commit_id.outputs.commit_id}}
	LOG_LEVEL: DEBUG
	secrets:
	CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.INT_CLOUD_FORMATION_DEPLOY_ROLE }}
	SPLUNK_HEC_TOKEN: ${{ secrets.INT_SPLUNK_HEC_TOKEN }}
	TARGET_SPINE_SERVER: sandbox

	release_prod:
	needs: [tag_release, release_int, release_sandbox, package_code, get_commit_id]
	uses: ./.github/workflows/sam_release_code.yml
	with:
	ARTIFACT_BUCKET_PREFIX: ${{needs.tag_release.outputs.spec_version}}
	STACK_NAME: prod-ci
	TARGET_ENVIRONMENT: prod
	ENABLE_MUTUAL_TLS: true
	DEPLOY_SANDBOX: false
	BUILD_ARTIFACT: packaged_code
	TRUSTSTORE_FILE: truststore.pem
	VERSION_NUMBER: ${{needs.tag_release.outputs.spec_version}}
	COMMIT_ID: ${{needs.get_commit_id.outputs.commit_id}}
	LOG_LEVEL: INFO
	secrets:
	CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.PROD_CLOUD_FORMATION_DEPLOY_ROLE }}
	SPLUNK_HEC_TOKEN: ${{ secrets.PROD_SPLUNK_HEC_TOKEN }}
	TARGET_SPINE_SERVER: ${{ secrets.PROD_TARGET_SPINE_SERVER }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

AEA-3486 put audit logging in place for s3 (#165) #80

Workflow file

AEA-3486 put audit logging in place for s3 (#165) #80

Jobs

Run details

Workflow file for this run