From 2ae6fbe2754f96e6e3ee19023ba96cd5839e32ef Mon Sep 17 00:00:00 2001
From: Alex Urbina <42731074+urbinaalex17@users.noreply.github.com>
Date: Mon, 25 Mar 2024 11:05:25 -0600
Subject: [PATCH] DEVOPS-1843 Fix US DEV Web Vault deploys one commit behind
 (#8458)

* DEVOPS-1843 REFACTOR: Trigger web vault deploy step to send the build-web run-id to deploy-web workflow

* DEVOPS-1843 ADD: build-web-run-id input to deploy-web workflow to download specific run_id artifact

* DEVOPS-1843 FIX: build-web-run-id input in build-web workflow

* DEVOPS-1843 REFACTOR: build-web-run-id parameter type to number

* DEVOPS-1843 ADD: build-web-run-id input to deploy-web workflow to workflow_dispatch

* DEVOPS-1843 FIX: build-web-run-id type in deploy-web.yml

* DEVOPS-1843 REFACTOR: web vault deploy action to use GitHub Run ID

* DEVOPS-1843 REFACTOR: cloud asset download steps in deploy-web.yml

* DEVOPS-1843 REFACTOR: description for build-web workflow Run ID

Co-authored-by: MtnBurrit0 <77340197+mimartin12@users.noreply.github.com>

---------

Co-authored-by: MtnBurrit0 <77340197+mimartin12@users.noreply.github.com>
---
 .github/workflows/build-web.yml  |  4 ++--
 .github/workflows/deploy-web.yml | 34 ++++++++++++++++++++++++++++++++
 2 files changed, 36 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/build-web.yml b/.github/workflows/build-web.yml
index abd2538773..8576fb6760 100644
--- a/.github/workflows/build-web.yml
+++ b/.github/workflows/build-web.yml
@@ -299,7 +299,7 @@ jobs:
           keyvault: "bitwarden-ci"
           secrets: "github-pat-bitwarden-devops-bot-repo-scope"
 
-      - name: Trigger web vault deploy
+      - name: Trigger web vault deploy using GitHub Run ID
         uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
         with:
           github-token: ${{ steps.retrieve-secret-pat.outputs.github-pat-bitwarden-devops-bot-repo-scope }}
@@ -311,7 +311,7 @@ jobs:
               ref: 'main',
               inputs: {
                 'environment': 'USDEV',
-                'branch-or-tag': 'main'
+                'build-web-run-id': '${{ github.run_id }}'
               }
             })
 
diff --git a/.github/workflows/deploy-web.yml b/.github/workflows/deploy-web.yml
index 2d784652a5..769e700588 100644
--- a/.github/workflows/deploy-web.yml
+++ b/.github/workflows/deploy-web.yml
@@ -27,6 +27,10 @@ on:
         description: "Debug mode"
         type: boolean
         default: true
+      build-web-run-id:
+        description: "Build-web workflow Run ID to use for artifact download"
+        type: string
+        required: false
 
   workflow_call:
     inputs:
@@ -46,6 +50,10 @@ on:
         description: "Debug mode"
         type: boolean
         default: true
+      build-web-run-id:
+        description: "Build-web workflow Run ID to use for artifact download"
+        type: string
+        required: false
 
 permissions:
   deployments: write
@@ -168,7 +176,20 @@ jobs:
     env:
       _ENVIRONMENT_ARTIFACT: ${{ needs.setup.outputs.environment-artifact }}
     steps:
+      - name: 'Download latest cloud asset using GitHub Run ID: ${{ inputs.build-web-run-id }}'
+        if: ${{ inputs.build-web-run-id }}
+        uses: bitwarden/gh-actions/download-artifacts@main
+        id: download-latest-artifacts
+        continue-on-error: true
+        with:
+          workflow: build-web.yml
+          path: apps/web
+          workflow_conclusion: success
+          run_id: ${{ inputs.build-web-run-id }}
+          artifacts: ${{ env._ENVIRONMENT_ARTIFACT }}
+
       - name: 'Download latest cloud asset from branch/tag: ${{ inputs.branch-or-tag }}'
+        if: ${{ !inputs.build-web-run-id }}
         uses: bitwarden/gh-actions/download-artifacts@main
         id: download-artifacts
         continue-on-error: true
@@ -249,7 +270,20 @@ jobs:
           keyvault: ${{ needs.setup.outputs.retrieve-secrets-keyvault }}
           secrets: "sa-bitwarden-web-vault-name,sp-bitwarden-web-vault-password,sp-bitwarden-web-vault-appid,sp-bitwarden-web-vault-tenant"
 
+      - name: 'Download latest cloud asset using GitHub Run ID: ${{ inputs.build-web-run-id }}'
+        if: ${{ inputs.build-web-run-id }}
+        uses: bitwarden/gh-actions/download-artifacts@main
+        id: download-latest-artifacts
+        continue-on-error: true
+        with:
+          workflow: build-web.yml
+          path: apps/web
+          workflow_conclusion: success
+          run_id: ${{ inputs.build-web-run-id }}
+          artifacts: ${{ env._ENVIRONMENT_ARTIFACT }}
+
       - name: 'Download cloud asset from branch/tag: ${{ inputs.branch-or-tag }}'
+        if: ${{ !inputs.build-web-run-id }}
         uses: bitwarden/gh-actions/download-artifacts@main
         with:
           workflow: build-web.yml