Merge pull request #231 from ZeroGachis/feature/pla-2076

fix(dns-resolution): replace retry step with check dns resolution before starting
ZeroGachis · Feb 19, 2025 · 67be954 · 67be954
2 parents bc66a59 + f18ebba
commit 67be954
Show file tree

Hide file tree

Showing 9 changed files with 300 additions and 138 deletions.
diff --git a/.github/workflows/create-apk-artifact.yml b/.github/workflows/create-apk-artifact.yml
@@ -97,31 +97,51 @@ jobs:
           tags: tag:ci
           version: ${{ vars.TAILSCALE_VERSION }}
 
+      - name: Check DNS Resolution for Vault
+        run: |
+          extract_domain() {
+            echo "$1" | awk -F[/:] '{print $4}'
+          }
+
+          VAULT_DOMAIN=$(extract_domain "${{ env.VAULT_ADDR }}")
+
+          for i in {1..100}; do
+            if nslookup $VAULT_DOMAIN; then
+              echo "DNS resolution successful"
+              break
+            else
+              echo "DNS resolution failed, retrying in 10 seconds..."
+              sleep 15
+            fi
+          done
+          # Exit with error if DNS resolution fails after retries
+          if ! nslookup $VAULT_DOMAIN; then
+            echo "DNS resolution failed after multiple attempts"
+            exit 1
+          fi
+        shell: bash
+
       - name: Import Secrets
-        uses: Wandalen/wretry.action@v3
         id: secrets
+        uses: hashicorp/vault-action@v3
         with:
-          action: hashicorp/vault-action@v3
-          attempt_limit: 15
-          attempt_delay: 500
-          with: |
-            url: ${{ env.VAULT_ADDR }}
-            role: ${{ env.VAULT_GITHUB_ACTIONS_ROLE }}
-            method: jwt
-            path: "github-actions"
-            exportToken: true
-            secrets: |
-              secret/data/smartapp/keystore KEYSTORE_PASSWORD | SMARTWAY_KEYSTORE_PASSWORD ;
-              secret/data/smartapp/keystore KEYSTORE_PASSWORD | SMARTWAY_KEY_PASSWORD ;
-              secret/data/smartapp/keystore KEY_ALIAS | SMARTWAY_KEY_ALIAS ;
-              secret/data/smartapp/datadog DATADOG_CLIENT_TOKEN | DATADOG_CLIENT_TOKEN ;
-              secret/data/smartapp/datadog DATADOG_APPLICATION_ID | DATADOG_APPLICATION_ID ;
-              secret/data/smartapp/datadog DATADOG_API_REVERSEPROXY | DATADOG_API_REVERSEPROXY ;
-              secret/data/${{ inputs.vault-path }} CODE_PUSH_KEY | CODE_PUSH_KEY ;
-              secret/data/${{ inputs.vault-path }} CODE_PUSH_SERVER_URL | CODE_PUSH_SERVER_URL ;
-              secret/data/${{ inputs.vault-path }} QA_CODE_PUSH_KEY | QA_CODE_PUSH_KEY ;
-              secret/data/${{ inputs.vault-path }} S3_APP_BUCKET | S3_APP_BUCKET ;
-              secret/data/smartapp/keystore S3_BUCKET | KEYSTORE_BUCKET_S3
+          url: ${{ env.VAULT_ADDR }}
+          role: ${{ env.VAULT_GITHUB_ACTIONS_ROLE }}
+          method: jwt
+          path: "github-actions"
+          exportToken: true
+          secrets: |
+            secret/data/smartapp/keystore KEYSTORE_PASSWORD | SMARTWAY_KEYSTORE_PASSWORD ;
+            secret/data/smartapp/keystore KEYSTORE_PASSWORD | SMARTWAY_KEY_PASSWORD ;
+            secret/data/smartapp/keystore KEY_ALIAS | SMARTWAY_KEY_ALIAS ;
+            secret/data/smartapp/datadog DATADOG_CLIENT_TOKEN | DATADOG_CLIENT_TOKEN ;
+            secret/data/smartapp/datadog DATADOG_APPLICATION_ID | DATADOG_APPLICATION_ID ;
+            secret/data/smartapp/datadog DATADOG_API_REVERSEPROXY | DATADOG_API_REVERSEPROXY ;
+            secret/data/${{ inputs.vault-path }} CODE_PUSH_KEY | CODE_PUSH_KEY ;
+            secret/data/${{ inputs.vault-path }} CODE_PUSH_SERVER_URL | CODE_PUSH_SERVER_URL ;
+            secret/data/${{ inputs.vault-path }} QA_CODE_PUSH_KEY | QA_CODE_PUSH_KEY ;
+            secret/data/${{ inputs.vault-path }} S3_APP_BUCKET | S3_APP_BUCKET ;
+            secret/data/smartapp/keystore S3_BUCKET | KEYSTORE_BUCKET_S3
 
       - name: Configure AWS Credentials
         uses: aws-actions/configure-aws-credentials@v4
@@ -138,7 +158,7 @@ jobs:
         if: ${{ inputs.environment != 'pullrequest' }}
         id: get-existing-apk
         run: |
-          aws s3 cp s3://${{ fromJSON( steps.secrets.outputs.outputs ).S3_APP_BUCKET }}/${{ inputs.s3-path }}/${{ steps.get-apk-version.outputs.apk-version }}/${{ env.apk_name }} android/app/build/outputs/apk/${{ inputs.configuration }}/${{ env.apk_name }} && {
+          aws s3 cp s3://${{ steps.secrets.outputs.S3_APP_BUCKET }}/${{ inputs.s3-path }}/${{ steps.get-apk-version.outputs.apk-version }}/${{ env.apk_name }} android/app/build/outputs/apk/${{ inputs.configuration }}/${{ env.apk_name }} && {
             echo "Apk already exist for that version"
             echo "need-new-apk=false" >> $GITHUB_OUTPUT
           } || {
@@ -167,7 +187,7 @@ jobs:
 
       - name: Get Smartway APK keystore
         if: ${{steps.get-existing-apk.outputs.need-new-apk == 'true'}} or ${{ inputs.environment == 'pullrequest' }}
-        run: aws s3 cp s3://${{ fromJSON( steps.secrets.outputs.outputs ).KEYSTORE_BUCKET_S3 }}/github-actions/${{ env.smartway_keystore_name }} android/app/${{ env.smartway_keystore_name }}
+        run: aws s3 cp s3://${{ steps.secrets.outputs.KEYSTORE_BUCKET_S3 }}/github-actions/${{ env.smartway_keystore_name }} android/app/${{ env.smartway_keystore_name }}
 
       - name: Update android versions
         if: ${{steps.get-existing-apk.outputs.need-new-apk == 'true'}} or ${{ inputs.environment == 'pullrequest' }}
@@ -190,31 +210,31 @@ jobs:
         uses: mingjun97/file-regex-replace@v1
         with:
           regex: '<string moduleConfig="true" name="CodePushServerUrl">(.*)</string>'
-          replacement: '<string moduleConfig="true" name="CodePushServerUrl">${{ steps.vault.outputs.CODE_PUSH_SERVER_URL }}</string>'
+          replacement: '<string moduleConfig="true" name="CodePushServerUrl">${{ steps.secrets.outputs.CODE_PUSH_SERVER_URL }}</string>'
           include: "^android/app/src/main/res/values/strings.xml"
 
       - name: Set code push key in string.xml
         if: ${{ inputs.environment != 'pullrequest' }}
         uses: mingjun97/file-regex-replace@v1
         with:
           regex: '<string moduleConfig="true" name="CodePushDeploymentKey">(.*)</string>'
-          replacement: '<string moduleConfig="true" name="CodePushDeploymentKey">${{ fromJSON( steps.secrets.outputs.outputs ).CODE_PUSH_KEY }}</string>'
+          replacement: '<string moduleConfig="true" name="CodePushDeploymentKey">${{ steps.secrets.outputs.CODE_PUSH_KEY }}</string>'
           include: "^android/app/src/main/res/values/strings.xml"
 
       - name: Set code push key when sync manually
         if: ${{ inputs.environment != 'pullrequest' }}
         uses: mingjun97/file-regex-replace@v1
         with:
           regex: "'CODE_PUSH_KEY'"
-          replacement: "'${{ fromJSON( steps.secrets.outputs.outputs ).CODE_PUSH_KEY }}'"
+          replacement: "'${{ steps.secrets.outputs.CODE_PUSH_KEY }}'"
           include: "^src/"
 
       - name: Set code push key when sync manually for QA env
         if: ${{ inputs.environment != 'pullrequest' }}
         uses: mingjun97/file-regex-replace@v1
         with:
           regex: "'QA_CODE_PUSH_KEY'"
-          replacement: "'${{ fromJSON( steps.secrets.outputs.outputs ).QA_CODE_PUSH_KEY }}'"
+          replacement: "'${{ steps.secrets.outputs.QA_CODE_PUSH_KEY }}'"
           include: "^src/"
 
       - name: Install lib dependencies
@@ -231,9 +251,9 @@ jobs:
       - name: Inject environment in .env file
         if: ${{steps.get-existing-apk.outputs.need-new-apk == 'true'}} or ${{ inputs.environment == 'pullrequest' }}
         run: |
-          echo "DATADOG_CLIENT_TOKEN=${{ fromJSON( steps.secrets.outputs.outputs ).DATADOG_CLIENT_TOKEN }}" >> .env
-          echo "DATADOG_APPLICATION_ID=${{ fromJSON( steps.secrets.outputs.outputs ).DATADOG_APPLICATION_ID }}" >> .env
-          echo "DATADOG_API_REVERSEPROXY=${{ fromJSON( steps.secrets.outputs.outputs ).DATADOG_API_REVERSEPROXY }}" >> .env
+          echo "DATADOG_CLIENT_TOKEN=${{ steps.secrets.outputs.DATADOG_CLIENT_TOKEN }}" >> .env
+          echo "DATADOG_APPLICATION_ID=${{ steps.secrets.outputs.DATADOG_APPLICATION_ID }}" >> .env
+          echo "DATADOG_API_REVERSEPROXY=${{ steps.secrets.outputs.DATADOG_API_REVERSEPROXY }}" >> .env
           echo "ENVIRONMENT=${{ inputs.environment }}" >> .env
 
       - name: Cache Gradle Wrapper

diff --git a/.github/workflows/dotnet-publish.yml b/.github/workflows/dotnet-publish.yml
@@ -60,22 +60,43 @@ jobs:
           tags: tag:ci
           version: ${{ vars.TAILSCALE_VERSION }}
 
+      - name: Check DNS Resolution for Vault
+        if: inputs.publish_to_public_registry
+        shell: bash
+        run: |
+          extract_domain() {
+            echo "$1" | awk -F[/:] '{print $4}'
+          }
+
+          VAULT_DOMAIN=$(extract_domain "${{ env.VAULT_ADDR }}")
+
+          for i in {1..100}; do
+            if nslookup $VAULT_DOMAIN; then
+              echo "DNS resolution successful"
+              break
+            else
+              echo "DNS resolution failed, retrying in 10 seconds..."
+              sleep 15
+            fi
+          done
+          # Exit with error if DNS resolution fails after retries
+          if ! nslookup $VAULT_DOMAIN; then
+            echo "DNS resolution failed after multiple attempts"
+            exit 1
+          fi
+
       - name: Import Secrets
         if: inputs.publish_to_public_registry
-        uses: Wandalen/wretry.action@v3
         id: secrets
+        uses: hashicorp/vault-action@v3
         with:
-          action: hashicorp/vault-action@v3
-          attempt_limit: 15
-          attempt_delay: 500
-          with: |
-            url: ${{ env.VAULT_ADDR }}
-            role: ${{ env.VAULT_GITHUB_ACTIONS_ROLE }}
-            method: jwt
-            path: "github-actions"
-            exportToken: true
-            secrets: |
-              secret/data/github-actions-common/nuget-registry api-key | NUGET_PUBLIC_API_KEY;
+          url: ${{ env.VAULT_ADDR }}
+          role: ${{ env.VAULT_GITHUB_ACTIONS_ROLE }}
+          method: jwt
+          path: "github-actions"
+          exportToken: true
+          secrets: |
+            secret/data/github-actions-common/nuget-registry api-key | NUGET_PUBLIC_API_KEY;
 
       - name: Login to CodeArtifact
         run: "aws codeartifact login --tool dotnet --repository ${CODEARTIFACT_REPOSITORY} --domain ${CODEARTIFACT_DOMAIN} --domain-owner ${AWS_ACCOUNT_ID} --region ${AWS_REGION}"
@@ -100,5 +121,5 @@ jobs:
         run: >-
           dotnet nuget push ${{ inputs.package_to_publish }}.${{ inputs.package_version }}/${{ inputs.package_to_publish }}.${{ inputs.package_version }}.nupkg
           --source https://api.nuget.org/v3/index.json
-          --api-key ${{ fromJSON( steps.secrets.outputs.outputs ).NUGET_PUBLIC_API_KEY }}
+          --api-key ${{ steps.secrets.outputs.NUGET_PUBLIC_API_KEY }}
           --skip-duplicate
diff --git a/.github/workflows/publish-apk-s3.yml b/.github/workflows/publish-apk-s3.yml
@@ -62,24 +62,44 @@ jobs:
           tags: tag:ci
           version: ${{ vars.TAILSCALE_VERSION }}
 
+      - name: Check DNS Resolution for Vault
+        run: |
+          extract_domain() {
+            echo "$1" | awk -F[/:] '{print $4}'
+          }
+
+          VAULT_DOMAIN=$(extract_domain "${{ env.VAULT_ADDR }}")
+
+          for i in {1..100}; do
+            if nslookup $VAULT_DOMAIN; then
+              echo "DNS resolution successful"
+              break
+            else
+              echo "DNS resolution failed, retrying in 10 seconds..."
+              sleep 15
+            fi
+          done
+          # Exit with error if DNS resolution fails after retries
+          if ! nslookup $VAULT_DOMAIN; then
+            echo "DNS resolution failed after multiple attempts"
+            exit 1
+          fi
+        shell: bash
+
       - name: Import Secrets
-        uses: Wandalen/wretry.action@v3
         id: secrets
+        uses: hashicorp/vault-action@v3
         with:
-          action: hashicorp/vault-action@v3
-          attempt_limit: 15
-          attempt_delay: 500
-          with: |
-            url: ${{ env.VAULT_ADDR }}
-            role: ${{ env.VAULT_GITHUB_ACTIONS_ROLE }}
-            method: jwt
-            path: "github-actions"
-            exportToken: true
-            secrets: |
-              secret/data/smartapp/keystore KEYSTORE_PASSWORD | SMARTWAY_KEYSTORE_PASSWORD ;
-              secret/data/smartapp/keystore KEYSTORE_PASSWORD | SMARTWAY_KEY_PASSWORD ;
-              secret/data/smartapp/keystore KEY_ALIAS | SMARTWAY_KEY_ALIAS ;
-              secret/data/${{ inputs.vault-path }} S3_APP_BUCKET | S3_APP_BUCKET ;
+          url: ${{ env.VAULT_ADDR }}
+          role: ${{ env.VAULT_GITHUB_ACTIONS_ROLE }}
+          method: jwt
+          path: "github-actions"
+          exportToken: true
+          secrets: |
+            secret/data/smartapp/keystore KEYSTORE_PASSWORD | SMARTWAY_KEYSTORE_PASSWORD ;
+            secret/data/smartapp/keystore KEYSTORE_PASSWORD | SMARTWAY_KEY_PASSWORD ;
+            secret/data/smartapp/keystore KEY_ALIAS | SMARTWAY_KEY_ALIAS ;
+            secret/data/${{ inputs.vault-path }} S3_APP_BUCKET | S3_APP_BUCKET ;
 
       - name: Configure AWS Credentials
         uses: aws-actions/configure-aws-credentials@v4
@@ -95,4 +115,4 @@ jobs:
 
       - name: Push Apk to S3
         working-directory: "artifact"
-        run: aws s3 cp ${{ inputs.apk-name }} s3://${{fromJSON( steps.secrets.outputs.outputs ).S3_APP_BUCKET }}/${{ inputs.s3-path }}/${{ inputs.apk-version }}/${{ inputs.apk-name }}
+        run: aws s3 cp ${{ inputs.apk-name }} s3://${{ steps.secrets.outputs.S3_APP_BUCKET }}/${{ inputs.s3-path }}/${{ inputs.apk-version }}/${{ inputs.apk-name }}
diff --git a/.github/workflows/run-aws.yml b/.github/workflows/run-aws.yml
@@ -65,22 +65,43 @@ jobs:
           tags: tag:ci
           version: ${{ vars.TAILSCALE_VERSION }}
 
-      - name: Import Secrets
-        uses: Wandalen/wretry.action@v3
+      - name: Check DNS Resolution for Vault
         if: inputs.vault_enabled
+        run: |
+          extract_domain() {
+            echo "$1" | awk -F[/:] '{print $4}'
+          }
+
+          VAULT_DOMAIN=$(extract_domain "${{ env.VAULT_ADDR }}")
+
+          for i in {1..100}; do
+            if nslookup $VAULT_DOMAIN; then
+              echo "DNS resolution successful"
+              break
+            else
+              echo "DNS resolution failed, retrying in 10 seconds..."
+              sleep 15
+            fi
+          done
+          # Exit with error if DNS resolution fails after retries
+          if ! nslookup $VAULT_DOMAIN; then
+            echo "DNS resolution failed after multiple attempts"
+            exit 1
+          fi
+        shell: bash
+
+      - name: Import Secrets
         id: secrets
+        if: inputs.vault_enabled
+        uses: hashicorp/vault-action@v3
         with:
-          action: hashicorp/vault-action@v3
-          attempt_limit: 15
-          attempt_delay: 500
-          with: |
-            url: ${{ env.VAULT_ADDR }}
-            role: ${{ env.VAULT_GITHUB_ACTIONS_ROLE }}
-            method: jwt
-            path: "github-actions"
-            exportToken: true
-            secrets: |
-              ${{ inputs.vault_secrets }}
+          url: ${{ env.VAULT_ADDR }}
+          role: ${{ env.VAULT_GITHUB_ACTIONS_ROLE }}
+          method: jwt
+          path: "github-actions"
+          exportToken: true
+          secrets: |
+            ${{ inputs.vault_secrets }}
 
       - name: Configure AWS Credentials
         uses: aws-actions/configure-aws-credentials@v4

diff --git a/.github/workflows/run-docker-upload-artifact.yml b/.github/workflows/run-docker-upload-artifact.yml
@@ -92,22 +92,43 @@ jobs:
           tags: tag:ci
           version: ${{ vars.TAILSCALE_VERSION }}
 
-      - name: Import Secrets
-        uses: Wandalen/wretry.action@v3
+      - name: Check DNS Resolution for Vault
         if: inputs.vault_enabled
+        run: |
+          extract_domain() {
+            echo "$1" | awk -F[/:] '{print $4}'
+          }
+
+          VAULT_DOMAIN=$(extract_domain "${{ env.VAULT_ADDR }}")
+
+          for i in {1..100}; do
+            if nslookup $VAULT_DOMAIN; then
+              echo "DNS resolution successful"
+              break
+            else
+              echo "DNS resolution failed, retrying in 10 seconds..."
+              sleep 15
+            fi
+          done
+          # Exit with error if DNS resolution fails after retries
+          if ! nslookup $VAULT_DOMAIN; then
+            echo "DNS resolution failed after multiple attempts"
+            exit 1
+          fi
+        shell: bash
+
+      - name: Import Secrets
         id: secrets
+        if: inputs.vault_enabled
+        uses: hashicorp/vault-action@v3
         with:
-          action: hashicorp/vault-action@v3
-          attempt_limit: 15
-          attempt_delay: 500
-          with: |
-            url: ${{ env.VAULT_ADDR }}
-            role: ${{ env.VAULT_GITHUB_ACTIONS_ROLE }}
-            method: jwt
-            path: "github-actions"
-            exportToken: true
-            secrets: |
-              ${{ inputs.vault_secrets }}
+          url: ${{ env.VAULT_ADDR }}
+          role: ${{ env.VAULT_GITHUB_ACTIONS_ROLE }}
+          method: jwt
+          path: "github-actions"
+          exportToken: true
+          secrets: |
+            ${{ inputs.vault_secrets }}
 
       - name: Checkout
         if: ${{ inputs.checkout_enabled }}