From 33631fd0743425b39e11733f3986c692d151f0de Mon Sep 17 00:00:00 2001 From: Marco Villeneuve Date: Fri, 24 Nov 2023 12:21:46 -0800 Subject: [PATCH] Changes to actions --- ...d-test.yml => deploy-to.openshift-dev.yml} | 91 +----------- .../workflows/deploy-to.openshift-test.yml | 131 ++++++++++++++++++ 2 files changed, 132 insertions(+), 90 deletions(-) rename .github/workflows/{deploy-to.openshift-dev-and-test.yml => deploy-to.openshift-dev.yml} (63%) create mode 100644 .github/workflows/deploy-to.openshift-test.yml diff --git a/.github/workflows/deploy-to.openshift-dev-and-test.yml b/.github/workflows/deploy-to.openshift-dev.yml similarity index 63% rename from .github/workflows/deploy-to.openshift-dev-and-test.yml rename to .github/workflows/deploy-to.openshift-dev.yml index ee97057..ae0f632 100644 --- a/.github/workflows/deploy-to.openshift-dev-and-test.yml +++ b/.github/workflows/deploy-to.openshift-dev.yml @@ -1,4 +1,4 @@ -name: Build & Deploy to DEV and TEST +name: Build & Deploy to DEV env: # See https://github.com/redhat-actions/oc-login#readme for how to retrieve these values. @@ -6,7 +6,6 @@ env: OPENSHIFT_SERVER: ${{ secrets.OPENSHIFT_SERVER }} OPENSHIFT_TOKEN: ${{ secrets.OPENSHIFT_TOKEN }} OPENSHIFT_NAMESPACE_DEV: ${{ secrets.APP_NAMESPACE_NO_ENV }}-dev - OPENSHIFT_NAMESPACE_TEST: ${{ secrets.APP_NAMESPACE_NO_ENV }}-test DB_JDBC_CONNECT_STRING: ${{ secrets.DB_JDBC_CONNECT_STRING }} DB_PWD: ${{ secrets.DB_PWD }} @@ -34,8 +33,6 @@ env: TAG: "latest" MIN_REPLICAS_DEV: "1" MAX_REPLICAS_DEV: "1" - MIN_REPLICAS_TEST: "2" - MAX_REPLICAS_TEST: "2" MIN_CPU: "50m" MAX_CPU: "150m" MIN_MEM: "400Mi" @@ -178,89 +175,3 @@ jobs: with: target: 'https://${{ env.APP_NAME }}-${{ env.OPENSHIFT_NAMESPACE_DEV }}-dev.apps.silver.devops.gov.bc.ca/v3/api-docs' - deploy-test: - name: Deploy to OpenShift TEST - needs: build-and-deploy-dev - runs-on: ubuntu-20.04 - environment: test - - outputs: - ROUTE: ${{ steps.deploy-and-expose.outputs.route }} - SELECTOR: ${{ steps.deploy-and-expose.outputs.selector }} - - steps: - - name: Check for required secrets - uses: actions/github-script@v4 - with: - script: | - const secrets = { - OPENSHIFT_SERVER: `${{ secrets.OPENSHIFT_SERVER }}`, - OPENSHIFT_TOKEN: `${{ secrets.OPENSHIFT_TOKEN }}`, - }; - - const GHCR = "ghcr.io"; - if (`${{ env.IMAGE_REGISTRY }}`.startsWith(GHCR)) { - core.info(`Image registry is ${GHCR} - no registry password required`); - } - else { - core.info("A registry password is required"); - secrets["IMAGE_REGISTRY_PASSWORD"] = `${{ secrets.IMAGE_REGISTRY_PASSWORD }}`; - } - - const missingSecrets = Object.entries(secrets).filter(([ name, value ]) => { - if (value.length === 0) { - core.error(`Secret "${name}" is not set`); - return true; - } - core.info(`✔️ Secret "${name}" is set`); - return false; - }); - - if (missingSecrets.length > 0) { - core.setFailed(`❌ At least one required secret is not set in the repository. \n` + - "You can add it using:\n" + - "GitHub UI: https://docs.github.com/en/actions/reference/encrypted-secrets#creating-encrypted-secrets-for-a-repository \n" + - "GitHub CLI: https://cli.github.com/manual/gh_secret_set \n" + - "Also, refer to https://github.com/redhat-actions/oc-login#getting-started-with-the-action-or-see-example"); - } - else { - core.info(`✅ All the required secrets are set`); - } - - - name: Check out repository - uses: actions/checkout@v2 - - - name: Install oc - uses: redhat-actions/openshift-tools-installer@v1 - with: - oc: 4 - - - name: Deploy API - run: | - set -eu - # Login to OpenShift and select project - oc login --token=${{ env.OPENSHIFT_TOKEN }} --server=${{ env.OPENSHIFT_SERVER }} - oc project ${{ env.OPENSHIFT_NAMESPACE_TEST }} - # Cancel any rollouts in progress - oc rollout cancel dc/${{ env.SPRING_BOOT_IMAGE_NAME }} 2> /dev/null \ - || true && echo "No rollout in progress" - - oc tag ${{ env.NAMESPACE }}-dev/${{ env.REPO_NAME }}-${{ env.BRANCH }}:${{ env.TAG }} ${{ env.NAMESPACE }}-test/${{ env.REPO_NAME }}-${{ env.BRANCH }}:${{ env.TAG }} - - # Process and apply deployment template - oc process -f tools/openshift/api.dc.yaml -p APP_NAME=${{ env.APP_NAME }} -p REPO_NAME=${{ env.REPO_NAME }} -p BRANCH=${{ env.BRANCH }} -p NAMESPACE=${{ env.OPENSHIFT_NAMESPACE_TEST }} -p TAG=${{ env.TAG }} -p MIN_REPLICAS=${{ env.MIN_REPLICAS_TEST }} -p MAX_REPLICAS=${{ env.MAX_REPLICAS_TEST }} -p MIN_CPU=${{ env.MIN_CPU }} -p MAX_CPU=${{ env.MAX_CPU }} -p MIN_MEM=${{ env.MIN_MEM }} -p MAX_MEM=${{ env.MAX_MEM }} \ - | oc apply -f - - - curl -s https://raw.githubusercontent.com/bcgov/${{ env.REPO_NAME }}/main/tools/config/update-configmap.sh | bash /dev/stdin test ${{ env.APP_NAME }} ${{ env.NAMESPACE }} ${{ env.COMMON_NAMESPACE }} ${{ env.DB_JDBC_CONNECT_STRING }} ${{ env.DB_PWD }} ${{ env.DB_USER }} ${{ env.SPLUNK_TOKEN }} - - # Start rollout (if necessary) and follow it - oc rollout latest dc/${{ env.SPRING_BOOT_IMAGE_NAME }} 2> /dev/null \ - || true && echo "Rollout in progress" - oc logs -f dc/${{ env.SPRING_BOOT_IMAGE_NAME }} - # Get status, returns 0 if rollout is successful - oc rollout status dc/${{ env.SPRING_BOOT_IMAGE_NAME }} - - - name: ZAP Scan - uses: zaproxy/action-api-scan@v0.1.0 - with: - target: 'https://${{ env.APP_NAME }}-${{ env.OPENSHIFT_NAMESPACE_TEST }}-dev.apps.silver.devops.gov.bc.ca/v3/api-docs' diff --git a/.github/workflows/deploy-to.openshift-test.yml b/.github/workflows/deploy-to.openshift-test.yml new file mode 100644 index 0000000..bd39531 --- /dev/null +++ b/.github/workflows/deploy-to.openshift-test.yml @@ -0,0 +1,131 @@ +name: Deploy to TEST + +env: + # 🖊️ EDIT your repository secrets to log into your OpenShift cluster and set up the context. + # See https://github.com/redhat-actions/oc-login#readme for how to retrieve these values. + # To get a permanent token, refer to https://github.com/redhat-actions/oc-login/wiki/Using-a-Service-Account-for-GitHub-Actions + # Added this comment + OPENSHIFT_SERVER: ${{ secrets.OPENSHIFT_SERVER }} + OPENSHIFT_TOKEN: ${{ secrets.OPENSHIFT_TOKEN }} + OPENSHIFT_NAMESPACE: ${{ secrets.PEN_NAMESPACE_NO_ENV }}-test + + DB_JDBC_CONNECT_STRING: ${{ secrets.DB_JDBC_CONNECT_STRING }} + DB_PWD: ${{ secrets.DB_PWD }} + DB_USER: ${{ secrets.DB_USER }} + SPLUNK_TOKEN: ${{ secrets.SPLUNK_TOKEN }} + + # 🖊️ EDIT to change the image registry settings. + # Registries such as GHCR, Quay.io, and Docker Hub are supported. + IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }} + IMAGE_REGISTRY_USER: ${{ github.actor }} + IMAGE_REGISTRY_PASSWORD: ${{ github.token }} + + SPRING_BOOT_IMAGE_NAME: pen-replication-api-main + + APP_NAME: "pen-replication-api" + REPO_NAME: "educ-pen-replication-api" + BRANCH: "main" + NAMESPACE: ${{ secrets.PEN_NAMESPACE_NO_ENV }} + COMMON_NAMESPACE: ${{ secrets.COMMON_NAMESPACE_NO_ENV }} + TAG: "latest" + TARGET_ENV: "test" + MIN_REPLICAS: "2" + MAX_REPLICAS: "2" + MIN_CPU: "50m" + MAX_CPU: "300m" + MIN_MEM: "500Mi" + MAX_MEM: "1000Mi" + +on: + # https://docs.github.com/en/actions/reference/events-that-trigger-workflows + workflow_dispatch: + +jobs: + openshift-ci-cd: + name: Deploy to OpenShift TEST + # ubuntu-20.04 can also be used. + runs-on: ubuntu-20.04 + environment: test + + outputs: + ROUTE: ${{ steps.deploy-and-expose.outputs.route }} + SELECTOR: ${{ steps.deploy-and-expose.outputs.selector }} + + steps: + - name: Check for required secrets + uses: actions/github-script@v6 + with: + script: | + const secrets = { + OPENSHIFT_SERVER: `${{ secrets.OPENSHIFT_SERVER }}`, + OPENSHIFT_TOKEN: `${{ secrets.OPENSHIFT_TOKEN }}`, + }; + + const GHCR = "ghcr.io"; + if (`${{ env.IMAGE_REGISTRY }}`.startsWith(GHCR)) { + core.info(`Image registry is ${GHCR} - no registry password required`); + } + else { + core.info("A registry password is required"); + secrets["IMAGE_REGISTRY_PASSWORD"] = `${{ secrets.IMAGE_REGISTRY_PASSWORD }}`; + } + + const missingSecrets = Object.entries(secrets).filter(([ name, value ]) => { + if (value.length === 0) { + core.error(`Secret "${name}" is not set`); + return true; + } + core.info(`✔️ Secret "${name}" is set`); + return false; + }); + + if (missingSecrets.length > 0) { + core.setFailed(`❌ At least one required secret is not set in the repository. \n` + + "You can add it using:\n" + + "GitHub UI: https://docs.github.com/en/actions/reference/encrypted-secrets#creating-encrypted-secrets-for-a-repository \n" + + "GitHub CLI: https://cli.github.com/manual/gh_secret_set \n" + + "Also, refer to https://github.com/redhat-actions/oc-login#getting-started-with-the-action-or-see-example"); + } + else { + core.info(`✅ All the required secrets are set`); + } + + - name: Check out repository + uses: actions/checkout@v3 + + - name: Get latest tag + uses: actions-ecosystem/action-get-latest-tag@v1 + id: get-latest-tag + + - name: Install oc + uses: redhat-actions/openshift-tools-installer@v1 + with: + oc: 4 + + # https://github.com/redhat-actions/oc-login#readme + - uses: actions/checkout@v3 + + - name: Deploy API + run: | + set -eux + # Login to OpenShift and select project + oc login --token=${{ env.OPENSHIFT_TOKEN }} --server=${{ env.OPENSHIFT_SERVER }} + oc project ${{ env.OPENSHIFT_NAMESPACE }} + # Cancel any rollouts in progress + oc rollout cancel dc/${{ env.SPRING_BOOT_IMAGE_NAME }} 2> /dev/null \ + || true && echo "No rollout in progress" + + oc tag ${{ env.NAMESPACE }}-dev/${{ env.REPO_NAME }}-${{ env.BRANCH }}:${{ steps.get-latest-tag.outputs.tag }} ${{ env.NAMESPACE }}-test/${{ env.REPO_NAME }}-${{ env.BRANCH }}:${{ steps.get-latest-tag.outputs.tag }} + + # Process and apply deployment template + oc process -f tools/openshift/api.dc.yaml -p APP_NAME=${{ env.APP_NAME }} -p REPO_NAME=${{ env.REPO_NAME }} -p BRANCH=${{ env.BRANCH }} -p NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} -p TAG=${{ steps.get-latest-tag.outputs.tag }} -p MIN_REPLICAS=${{ env.MIN_REPLICAS }} -p MAX_REPLICAS=${{ env.MAX_REPLICAS }} -p MIN_CPU=${{ env.MIN_CPU }} -p MAX_CPU=${{ env.MAX_CPU }} -p MIN_MEM=${{ env.MIN_MEM }} -p MAX_MEM=${{ env.MAX_MEM }} \ + | oc apply -f - + + curl -s https://raw.githubusercontent.com/bcgov/${{ env.REPO_NAME }}/${{ steps.get-latest-tag.outputs.tag }}/tools/config/update-configmap.sh | bash /dev/stdin ${{ env.TARGET_ENV }} ${{ env.APP_NAME }} ${{ env.NAMESPACE }} ${{ env.COMMON_NAMESPACE }} ${{ env.DB_JDBC_CONNECT_STRING }} ${{ env.DB_PWD }} ${{ env.DB_USER }} ${{ env.SPLUNK_TOKEN }} + + # Start rollout (if necessary) and follow it + oc rollout latest dc/${{ env.SPRING_BOOT_IMAGE_NAME }} 2> /dev/null \ + || true && echo "Rollout in progress" + oc logs -f dc/${{ env.SPRING_BOOT_IMAGE_NAME }} + # Get status, returns 0 if rollout is successful + oc rollout status dc/${{ env.SPRING_BOOT_IMAGE_NAME }}