From 4b48a2c2b338717758151c2377b5354165a0133d Mon Sep 17 00:00:00 2001 From: madhuri Date: Wed, 8 Apr 2026 13:12:01 +0100 Subject: [PATCH 1/5] Added deployment flows --- .github/workflows/build-on-release.yml | 21 +++ .github/workflows/release.yml | 167 ++++++++++++++++++++ .github/workflows/scheduled-maintenance.yml | 27 ++++ 3 files changed, 215 insertions(+) create mode 100644 .github/workflows/build-on-release.yml create mode 100644 .github/workflows/release.yml create mode 100644 .github/workflows/scheduled-maintenance.yml diff --git a/.github/workflows/build-on-release.yml b/.github/workflows/build-on-release.yml new file mode 100644 index 000000000000..1c84aae38199 --- /dev/null +++ b/.github/workflows/build-on-release.yml @@ -0,0 +1,21 @@ +name: Build on Release +run-name: "Build ${{ github.event.release.tag_name }}" + +on: + release: + types: [published] + +permissions: + contents: write + packages: write + actions: read + pull-requests: write + id-token: write + +jobs: + build-production: + name: Build Production Image + uses: THG-Fulfil/shared-workflows/.github/workflows/release-build.yml@rowan-changes + with: + build_type: java + secrets: inherit diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 000000000000..1655f909a2f4 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,167 @@ +name: Deploy Release +run-name: "Deploy ${{ inputs.version }}" + +on: + workflow_dispatch: + inputs: + version: + description: 'Release version to deploy (e.g., v1.2.3)' + required: true + type: string + change_request_id: + description: 'Change Request ID (optional, long URL number, e.g. "...?CHANGEID=12345")' + required: false + type: string + deploy_stable: + description: 'Deploy to Stable environment' + required: false + type: boolean + default: false + deploy_live: + description: 'Deploy to LIVE environment' + required: false + type: boolean + default: false + +permissions: + contents: write + packages: write + actions: read + id-token: write + pull-requests: write + +jobs: + deploy-live-druid-broker: + name: 'Live: Deploy' + if: inputs.deploy_live == true + uses: THG-Fulfil/shared-workflows/.github/workflows/release-deploy-unity.yml@rowan-changes + with: + version: ${{ inputs.version }} + change_request_id: ${{ inputs.change_request_id }} + environment_name: live + deploy_runner: stock-gcp-runner + unity_cluster: euw2-li-beunity + unity_namespace: sadruid + unity_deployment_name: druid-broker-gcp-live + unity_chart_repo: THG-Stock-Availability/druid-helm-template + unity_helm_values_file: namspace/gcp/values-live.yaml + unity_helm_base_values_file: namespace/values.yaml + should_update_release_notes: true + secrets: + TEAMS_WEBHOOK_URI_PROD: ${{ secrets.TEAMS_WEBHOOK_URI_PROD }} + UNITY_CLUSTER_CA: ${{ secrets.GCP_LI_CLUSTER_CA }} + UNITY_CLUSTER_SERVER: ${{ secrets.GKE_LI_CLUSTER_SERVER }} + UNITY_DEPLOY_TOKEN: ${{ secrets.GCP_LI_DEPLOY_TOKEN }} + UNITY_CHART_TOKEN: ${{ secrets.GRGIT_PASS }} + + deploy-live-druid-coordinator: + name: 'Live: Deploy' + if: inputs.deploy_live == true + uses: THG-Fulfil/shared-workflows/.github/workflows/release-deploy-unity.yml@rowan-changes + with: + version: ${{ inputs.version }} + change_request_id: ${{ inputs.change_request_id }} + environment_name: live + deploy_runner: stock-gcp-runner + unity_cluster: euw2-li-beunity + unity_namespace: sadruid + unity_deployment_name: druid-coordinator-gcp-live + unity_chart_repo: THG-Stock-Availability/druid-helm-template + unity_helm_values_file: namspace/gcp/values-live.yaml + unity_helm_base_values_file: namespace/values.yaml + should_update_release_notes: true + secrets: + TEAMS_WEBHOOK_URI_PROD: ${{ secrets.TEAMS_WEBHOOK_URI_PROD }} + UNITY_CLUSTER_CA: ${{ secrets.GCP_LI_CLUSTER_CA }} + UNITY_CLUSTER_SERVER: ${{ secrets.GKE_LI_CLUSTER_SERVER }} + UNITY_DEPLOY_TOKEN: ${{ secrets.GCP_LI_DEPLOY_TOKEN }} + UNITY_CHART_TOKEN: ${{ secrets.GRGIT_PASS }} + + deploy-live-druid-router: + name: 'Live: Deploy' + if: inputs.deploy_live == true + uses: THG-Fulfil/shared-workflows/.github/workflows/release-deploy-unity.yml@rowan-changes + with: + version: ${{ inputs.version }} + change_request_id: ${{ inputs.change_request_id }} + environment_name: live + deploy_runner: stock-gcp-runner + unity_cluster: euw2-li-beunity + unity_namespace: sadruid + unity_deployment_name: druid-router-gcp-live + unity_chart_repo: THG-Stock-Availability/druid-helm-template + unity_helm_values_file: namspace/gcp/values-live.yaml + unity_helm_base_values_file: namespace/values.yaml + should_update_release_notes: true + secrets: + TEAMS_WEBHOOK_URI_PROD: ${{ secrets.TEAMS_WEBHOOK_URI_PROD }} + UNITY_CLUSTER_CA: ${{ secrets.GCP_LI_CLUSTER_CA }} + UNITY_CLUSTER_SERVER: ${{ secrets.GKE_LI_CLUSTER_SERVER }} + UNITY_DEPLOY_TOKEN: ${{ secrets.GCP_LI_DEPLOY_TOKEN }} + UNITY_CHART_TOKEN: ${{ secrets.GRGIT_PASS }} + + deploy-gb1-live-druid-broker: + name: 'GB1 Live: Deploy' + if: inputs.deploy_live == true + uses: THG-Fulfil/shared-workflows/.github/workflows/release-deploy-unity.yml@rowan-changes + with: + version: ${{ inputs.version }} + change_request_id: ${{ inputs.change_request_id }} + environment_name: gb1-live + deploy_runner: stock-gcp-runner + unity_cluster: gb1-li-beunityv3 + unity_namespace: sadruid + unity_deployment_name: druid-broker-gb1 + unity_chart_repo: THG-Stock-Availability/druid-helm-template + unity_helm_values_file: namespace/gb1/values-live.yaml + unity_helm_base_values_file: namespace/values.yaml + secrets: + TEAMS_WEBHOOK_URI_PROD: ${{ secrets.TEAMS_WEBHOOK_URI_PROD }} + UNITY_CLUSTER_CA: TBC + UNITY_CLUSTER_SERVER: TBC + UNITY_DEPLOY_TOKEN: TBC + UNITY_CHART_TOKEN: ${{ secrets.GRGIT_PASS }} + + deploy-gb1-live-druid-coordinator: + name: 'GB1 Live: Deploy' + if: inputs.deploy_live == true + uses: THG-Fulfil/shared-workflows/.github/workflows/release-deploy-unity.yml@rowan-changes + with: + version: ${{ inputs.version }} + change_request_id: ${{ inputs.change_request_id }} + environment_name: gb1-live + deploy_runner: stock-gcp-runner + unity_cluster: gb1-li-beunityv3 + unity_namespace: sadruid + unity_deployment_name: druid-coordinator-gb1 + unity_chart_repo: THG-Stock-Availability/druid-helm-template + unity_helm_values_file: namespace/gb1/values-live.yaml + unity_helm_base_values_file: namespace/values.yaml + secrets: + TEAMS_WEBHOOK_URI_PROD: ${{ secrets.TEAMS_WEBHOOK_URI_PROD }} + UNITY_CLUSTER_CA: TBC + UNITY_CLUSTER_SERVER: TBC + UNITY_DEPLOY_TOKEN: TBC + UNITY_CHART_TOKEN: ${{ secrets.GRGIT_PASS }} + + deploy-gb1-live-druid-router: + name: 'GB1 Live: Deploy' + if: inputs.deploy_live == true + uses: THG-Fulfil/shared-workflows/.github/workflows/release-deploy-unity.yml@rowan-changes + with: + version: ${{ inputs.version }} + change_request_id: ${{ inputs.change_request_id }} + environment_name: gb1-live + deploy_runner: stock-gcp-runner + unity_cluster: gb1-li-beunityv3 + unity_namespace: sadruid + unity_deployment_name: druid-router-gb1 + unity_chart_repo: THG-Stock-Availability/druid-helm-template + unity_helm_values_file: namespace/gb1/values-live.yaml + unity_helm_base_values_file: namespace/values.yaml + secrets: + TEAMS_WEBHOOK_URI_PROD: ${{ secrets.TEAMS_WEBHOOK_URI_PROD }} + UNITY_CLUSTER_CA: TBC + UNITY_CLUSTER_SERVER: TBC + UNITY_DEPLOY_TOKEN: TBC + UNITY_CHART_TOKEN: ${{ secrets.GRGIT_PASS }} diff --git a/.github/workflows/scheduled-maintenance.yml b/.github/workflows/scheduled-maintenance.yml new file mode 100644 index 000000000000..aacf0f633f8e --- /dev/null +++ b/.github/workflows/scheduled-maintenance.yml @@ -0,0 +1,27 @@ +name: Scheduled Maintenance + +on: + schedule: + - cron: '0 */1 * * *' + workflow_dispatch: + inputs: + max_wait_minutes: + type: number + description: 'Cancel runs waiting for approval longer than this (minutes)' + required: false + default: 120 + dry_run: + type: boolean + description: 'Dry Run - show what would be cancelled without actually cancelling' + required: false + default: false + +permissions: + actions: write + +jobs: + maintenance: + uses: THG-Fulfil/shared-workflows/.github/workflows/scheduled-maintenance.yml@rowan-changes + with: + max_wait_minutes: ${{ inputs.max_wait_minutes || 120 }} + dry_run: ${{ inputs.dry_run || false }} From 00c3a41cb758f8be76196df6a7f23c8397c91e96 Mon Sep 17 00:00:00 2001 From: madhuri Date: Wed, 8 Apr 2026 14:54:45 +0100 Subject: [PATCH 2/5] Added deployment flows --- .github/workflows/release.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 1655f909a2f4..d1725483fa56 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -144,6 +144,7 @@ jobs: UNITY_DEPLOY_TOKEN: TBC UNITY_CHART_TOKEN: ${{ secrets.GRGIT_PASS }} + deploy-gb1-live-druid-router: name: 'GB1 Live: Deploy' if: inputs.deploy_live == true From ff14738703f7ef94aed6541adef303b0dac1d449 Mon Sep 17 00:00:00 2001 From: madhuri Date: Wed, 8 Apr 2026 16:57:01 +0100 Subject: [PATCH 3/5] Added java version --- .github/workflows/build-on-release.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/build-on-release.yml b/.github/workflows/build-on-release.yml index 1c84aae38199..20922edc6129 100644 --- a/.github/workflows/build-on-release.yml +++ b/.github/workflows/build-on-release.yml @@ -18,4 +18,5 @@ jobs: uses: THG-Fulfil/shared-workflows/.github/workflows/release-build.yml@rowan-changes with: build_type: java + java_version: '8|11' secrets: inherit From 5a7b41cfafacff9f6300ad36248d39f0960f20b3 Mon Sep 17 00:00:00 2001 From: madhuri Date: Thu, 9 Apr 2026 09:28:36 +0100 Subject: [PATCH 4/5] corrected format --- .github/workflows/build-on-release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-on-release.yml b/.github/workflows/build-on-release.yml index 20922edc6129..fb85df83e3b7 100644 --- a/.github/workflows/build-on-release.yml +++ b/.github/workflows/build-on-release.yml @@ -19,4 +19,4 @@ jobs: with: build_type: java java_version: '8|11' - secrets: inherit + secrets: inherit From 3526f3fdfd371566439f6e6ec43eedbdf41e94e3 Mon Sep 17 00:00:00 2001 From: madhuri Date: Thu, 9 Apr 2026 09:31:01 +0100 Subject: [PATCH 5/5] reverted the change --- .github/workflows/build-on-release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-on-release.yml b/.github/workflows/build-on-release.yml index fb85df83e3b7..20922edc6129 100644 --- a/.github/workflows/build-on-release.yml +++ b/.github/workflows/build-on-release.yml @@ -19,4 +19,4 @@ jobs: with: build_type: java java_version: '8|11' - secrets: inherit + secrets: inherit