Small update for BCSC. #27

Workflow file for this run

.github/workflows/deploy-to.openshift-dev.yml at b7db9db

	name: Build & Deploy to DEV

	env:
	# 🖊️ EDIT your repository secrets to log into your OpenShift cluster and set up the context.
	# See https://github.com/redhat-actions/oc-login#readme for how to retrieve these values.
	# To get a permanent token, refer to https://github.com/redhat-actions/oc-login/wiki/Using-a-Service-Account-for-GitHub-Actions
	OPENSHIFT_SERVER: ${{ secrets.OPENSHIFT_SERVER }}
	OPENSHIFT_TOKEN: ${{ secrets.OPENSHIFT_TOKEN }}
	OPENSHIFT_NAMESPACE_DEV: ${{ secrets.COMMON_NAMESPACE_NO_ENV }}-dev

	SPLUNK_TOKEN: ${{ secrets.SPLUNK_TOKEN }}

	# 🖊️ EDIT to change the image registry settings.
	# Registries such as GHCR, Quay.io, and Docker Hub are supported.
	IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }}
	IMAGE_REGISTRY_USER: ${{ github.actor }}
	IMAGE_REGISTRY_PASSWORD: ${{ github.token }}

	# 🖊️ EDIT to specify custom tags for the container image, or default tags will be generated below.
	IMAGE_TAGS: ""

	SPRING_BOOT_IMAGE_NAME: soam-api-master
	DOCKER_ARTIFACTORY_REPO: artifacts.developer.gov.bc.ca/docker-remote
	ARTIFACTORY_REPO: artifacts.developer.gov.bc.ca

	APP_NAME: 'soam-api'
	REPO_NAME: "educ-soam-api"
	BRANCH: "master"
	APP_NAME_FULL: "soam-api-master"
	NAMESPACE: ${{ secrets.COMMON_NAMESPACE_NO_ENV }}
	PEN_NAMESPACE: ${{ secrets.PEN_NAMESPACE_NO_ENV }}
	TAG: "latest"
	TARGET_ENV: "dev"
	MIN_REPLICAS_DEV: "1"
	MAX_REPLICAS_DEV: "2"
	MIN_CPU: "10m"
	MAX_CPU: "300m"
	MIN_MEM: "650Mi"
	MAX_MEM: "750Mi"

	on:
	push:
	branches:
	- master
	workflow_dispatch:

	jobs:
	build-and-deploy-dev:
	name: Build and deploy to OpenShift DEV
	# ubuntu-20.04 can also be used.
	runs-on: ubuntu-20.04
	environment: dev

	outputs:
	ROUTE: ${{ steps.deploy-and-expose.outputs.route }}
	SELECTOR: ${{ steps.deploy-and-expose.outputs.selector }}

	steps:
	- name: Check for required secrets
	uses: actions/github-script@v6
	with:
	script: \|
	const secrets = {
	OPENSHIFT_SERVER: `${{ secrets.OPENSHIFT_SERVER }}`,
	OPENSHIFT_TOKEN: `${{ secrets.OPENSHIFT_TOKEN }}`,
	};
	const GHCR = "ghcr.io";
	if (`${{ env.IMAGE_REGISTRY }}`.startsWith(GHCR)) {
	core.info(`Image registry is ${GHCR} - no registry password required`);
	}
	else {
	core.info("A registry password is required");
	secrets["IMAGE_REGISTRY_PASSWORD"] = `${{ secrets.IMAGE_REGISTRY_PASSWORD }}`;
	}
	const missingSecrets = Object.entries(secrets).filter(([ name, value ]) => {
	if (value.length === 0) {
	core.error(`Secret "${name}" is not set`);
	return true;
	}
	core.info(`✔️ Secret "${name}" is set`);
	return false;
	});
	if (missingSecrets.length > 0) {
	core.setFailed(`❌ At least one required secret is not set in the repository. \n` +
	"You can add it using:\n" +
	"GitHub UI: https://docs.github.com/en/actions/reference/encrypted-secrets#creating-encrypted-secrets-for-a-repository \n" +
	"GitHub CLI: https://cli.github.com/manual/gh_secret_set \n" +
	"Also, refer to https://github.com/redhat-actions/oc-login#getting-started-with-the-action-or-see-example");
	}
	else {
	core.info(`✅ All the required secrets are set`);
	}
	- name: Check out repository
	uses: actions/checkout@v3

	- name: Determine image tags
	if: env.IMAGE_TAGS == ''
	run: \|
	echo "IMAGE_TAGS=latest ${GITHUB_SHA::12}" \| tee -a $GITHUB_ENV
	- name: Login to Docker Hub
	uses: docker/login-action@v2
	with:
	registry: ${{ env.DOCKER_ARTIFACTORY_REPO }}
	username: ${{ secrets.DOCKER_HUB_USERNAME }}
	password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}

	# https://github.com/redhat-actions/buildah-build#readme
	- name: Build from Dockerfile
	id: build-image
	uses: redhat-actions/buildah-build@v2
	with:
	image: ${{ env.APP_NAME_FULL }}
	tags: ${{ env.IMAGE_TAGS }}

	# If you don't have a Dockerfile/Containerfile, refer to https://github.com/redhat-actions/buildah-build#scratch-build-inputs
	# Or, perform a source-to-image build using https://github.com/redhat-actions/s2i-build
	# Otherwise, point this to your Dockerfile/Containerfile relative to the repository root.
	dockerfiles: \|
	./Dockerfile
	# https://github.com/redhat-actions/push-to-registry#readme
	- name: Push to registry
	id: push-image
	uses: redhat-actions/push-to-registry@v2
	with:
	image: ${{ steps.build-image.outputs.image }}
	tags: ${{ steps.build-image.outputs.tags }}
	registry: ${{ env.IMAGE_REGISTRY }}
	username: ${{ env.IMAGE_REGISTRY_USER }}
	password: ${{ env.IMAGE_REGISTRY_PASSWORD }}

	# The path the image was pushed to is now stored in ${{ steps.push-image.outputs.registry-path }}

	- name: Install oc
	uses: redhat-actions/openshift-tools-installer@v1
	with:
	oc: 4

	# https://github.com/redhat-actions/oc-login#readme
	- uses: actions/checkout@v3

	- name: Deploy API
	run: \|
	set -eu
	# Login to OpenShift and select project
	oc login --token=${{ env.OPENSHIFT_TOKEN }} --server=${{ env.OPENSHIFT_SERVER }}
	oc project ${{ env.OPENSHIFT_NAMESPACE_DEV }}
	# Cancel any rollouts in progress
	oc rollout cancel dc/${{ env.SPRING_BOOT_IMAGE_NAME }} 2> /dev/null \
	\|\| true && echo "No rollout in progress"

	oc tag ${{ steps.push-image.outputs.registry-path }} ${{ env.REPO_NAME }}-${{ env.BRANCH }}:${{ env.TAG }}

	# Process and apply deployment template
	oc process -f tools/openshift/api.dc.yaml -p APP_NAME=${{ env.APP_NAME }} -p REPO_NAME=${{ env.REPO_NAME }} -p BRANCH=${{ env.BRANCH }} -p NAMESPACE=${{ env.OPENSHIFT_NAMESPACE_DEV }} -p TAG=${{ env.TAG }} -p MIN_REPLICAS=${{ env.MIN_REPLICAS_DEV }} -p MAX_REPLICAS=${{ env.MAX_REPLICAS_DEV }} -p MIN_CPU=${{ env.MIN_CPU }} -p MAX_CPU=${{ env.MAX_CPU }} -p MIN_MEM=${{ env.MIN_MEM }} -p MAX_MEM=${{ env.MAX_MEM }} \
	\| oc apply -f -

	# curl -s https://raw.githubusercontent.com/bcgov/${{ env.REPO_NAME }}/master/tools/config/update-configmap.sh \| bash /dev/stdin ${{ env.TARGET_ENV }} ${{ env.APP_NAME }} ${{ env.NAMESPACE }} ${{ env.PEN_NAMESPACE }} ${{ env.SPLUNK_TOKEN }}

	# Start rollout (if necessary) and follow it
	oc rollout latest dc/${{ env.SPRING_BOOT_IMAGE_NAME }} 2> /dev/null \
	\|\| true && echo "Rollout in progress"
	oc logs -f dc/${{ env.SPRING_BOOT_IMAGE_NAME }}
	# Get status, returns 0 if rollout is successful
	oc rollout status dc/${{ env.SPRING_BOOT_IMAGE_NAME }}

	# temporary fix to rollout educ-keycloak-soam-api since the sso-config is created here. We can remove this after educ-keycloak-soam is upgraded
	# Cancel any rollouts in progress
	# oc rollout cancel dc/sso-${{env.TARGET_ENV}} 2> /dev/null \
	# \|\| true && echo "No rollout for sso-${{env.TARGET_ENV}} in progress"

	# Start rollout (if necessary) and follow it
	# oc rollout latest dc/sso-${{env.TARGET_ENV}} 2> /dev/null \
	# \|\| true && echo "Rollout in progress"
	# oc logs -f dc/sso-${{env.TARGET_ENV}}
	# Get status, returns 0 if rollout is successful
	# oc rollout status dc/sso-${{env.TARGET_ENV}}
	- name: ZAP Scan
	uses: zaproxy/action-api-scan@v0.2.0
	with:
	target: 'https://${{ env.APP_NAME }}-${{ env.OPENSHIFT_NAMESPACE_DEV }}.apps.silver.devops.gov.bc.ca/v3/api-docs'

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Small update for BCSC. #27

Workflow file

Small update for BCSC. #27

Jobs

Run details

Workflow file for this run