diff --git a/.gitea/workflows/promote-prod.yml b/.gitea/workflows/promote-prod.yml new file mode 100644 index 0000000..f6ea70a --- /dev/null +++ b/.gitea/workflows/promote-prod.yml @@ -0,0 +1,108 @@ +name: Promote to Production + +on: + workflow_dispatch: + inputs: + tag: + description: "Image tag to promote (e.g. 2026.03.28-f1b85bf)" + required: true + type: string + +jobs: + promote: + name: Promote to Production + runs-on: ubuntu-latest + steps: + - name: Validate tag format + run: | + TAG="${{ inputs.tag }}" + if ! echo "$TAG" | grep -qE '^[0-9]{4}\.[0-9]{2}\.[0-9]{2}-[a-f0-9]{7}$'; then + echo "::error::Invalid tag format: '$TAG'. Expected format: YYYY.MM.DD-sha7 (e.g. 2026.03.28-f1b85bf)" + exit 1 + fi + echo "Tag format valid: $TAG" + + - name: Verify image exists in Gitea Container Registry + env: + GITEA_TOKEN: ${{ gitea.token }} + run: | + TAG="${{ inputs.tag }}" + if ! curl -sf \ + -H "Authorization: token $GITEA_TOKEN" \ + "https://git.farh.net/api/v1/packages/groombook?type=container&limit=50" \ + | jq -e --arg t "$TAG" '[.[] | select(.name == "api" and .version == $t)] | length > 0' > /dev/null 2>&1; then + echo "::warning::Could not verify git.farh.net/groombook/api:$TAG via package API — verify manually if needed." + else + echo "Image verified: git.farh.net/groombook/api:$TAG exists" + fi + + - name: Clone groombook/infra + env: + GITEA_TOKEN: ${{ gitea.token }} + run: | + git clone https://oauth2:$GITEA_TOKEN@git.farh.net/groombook/infra.git /tmp/infra + + - name: Install yq + run: | + sudo wget -qO /usr/local/bin/yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 + sudo chmod +x /usr/local/bin/yq + + - name: Update prod overlay image tags and base Job names + env: + TAG: ${{ inputs.tag }} + run: | + cd /tmp/infra + PROD_KUST="apps/groombook/overlays/prod/kustomization.yaml" + + SHORT_SHA="${TAG##*-}" + export SHORT_SHA + export TAG + + yq -i '(.images[] | select(.name == "git.farh.net/groombook/api")).newTag = env(TAG)' "$PROD_KUST" + yq -i '(.images[] | select(.name == "git.farh.net/groombook/web")).newTag = env(TAG)' "$PROD_KUST" + yq -i '(.images[] | select(.name == "git.farh.net/groombook/migrate")).newTag = env(TAG)' "$PROD_KUST" + yq -i '(.images[] | select(.name == "git.farh.net/groombook/seed")).newTag = env(TAG)' "$PROD_KUST" + + MIGRATE_JOB="apps/groombook/base/migrate-job.yaml" + if [ -f "$MIGRATE_JOB" ]; then + yq -i '.metadata.name = "migrate-schema-" + env(SHORT_SHA)' "$MIGRATE_JOB" + yq -i '.metadata.annotations."groombook.app/deploy-version" = env(TAG)' "$MIGRATE_JOB" + fi + + SEED_JOB="apps/groombook/base/seed-job.yaml" + if [ -f "$SEED_JOB" ]; then + yq -i '.metadata.name = "seed-test-data-" + env(SHORT_SHA)' "$SEED_JOB" + yq -i '.metadata.annotations."groombook.app/deploy-version" = env(TAG)' "$SEED_JOB" + fi + + git -C /tmp/infra diff --stat + + - name: Create PR on groombook/infra + env: + TAG: ${{ inputs.tag }} + GITEA_TOKEN: ${{ gitea.token }} + run: | + cd /tmp/infra + git config user.name "groombook-engineer[bot]" + git config user.email "groombook-engineer[bot]@git.farh.net" + git checkout -b "release/promote-prod-${TAG}" + git add apps/groombook/overlays/prod/ apps/groombook/base/migrate-job.yaml apps/groombook/base/seed-job.yaml + git commit -m "release: promote ${TAG} to production" + git push -u origin "release/promote-prod-${TAG}" + curl -s -X POST \ + -H "Authorization: token $GITEA_TOKEN" \ + -H "Content-Type: application/json" \ + "https://git.farh.net/api/v1/repos/groombook/infra/pulls" \ + -d "{\"head\":\"release/promote-prod-${TAG}\",\"base\":\"main\",\"title\":\"release: promote ${TAG} to production\",\"body\":\"Promote image tag ${TAG} to production after UAT sign-off. cc @cpfarhood\"}" + + - name: Notify on failure + if: failure() + env: + GITEA_TOKEN: ${{ gitea.token }} + RUN_ID: ${{ github.run_id }} + run: | + curl -s -X POST \ + -H "Authorization: token $GITEA_TOKEN" \ + -H "Content-Type: application/json" \ + "https://git.farh.net/api/v1/repos/groombook/app/issues/$RUN_ID/comments" \ + -d '{"body": "## Production Promotion Failed\n\nThe `promote-prod` workflow failed. Check the workflow run logs for details."}'