Merge pull request #765 from bcgov/feature/953-acute-clone-dup-answers #341
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build & Push Backend Image to Gold and GoldDR cluster | |
| on: | |
| push: | |
| branches: [main] | |
| paths: | |
| - 'cccm-backend/**' | |
| workflow_dispatch: | |
| env: | |
| # See https://github.com/goodwithtech/dockle/issues/188 | |
| DOCKLE_HOST: "unix:///var/run/docker.sock" | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v2 | |
| - name: Cluster Login Gold | |
| uses: redhat-developer/openshift-actions@v1.1 | |
| with: | |
| openshift_server_url: ${{ secrets.OPENSHIFT4_SERVER_URL }} | |
| parameters: '{"apitoken": "${{ secrets.OPENSHIFT4_SA_PASSWORD }}"}' | |
| cmd: | | |
| 'version' | |
| - name: Login to Openshift Docker Registry Gold | |
| uses: docker/login-action@v1 | |
| with: | |
| registry: ${{ secrets.OPENSHIFT4_REGISTRY }} | |
| username: ${{ secrets.OPENSHIFT4_SA_USERNAME }} | |
| password: ${{ secrets.OPENSHIFT4_SA_PASSWORD }} | |
| - name: Login to Openshift Docker Registry GoldDR | |
| uses: docker/login-action@v1 | |
| with: | |
| registry: ${{ secrets.OPENSHIFT4_REGISTRY_GOLDDR }} | |
| username: ${{ secrets.OPENSHIFT4_SA_USERNAME }} | |
| password: ${{ secrets.OPENSHIFT4_SA_PASSWORD_GOLDDR }} | |
| - name: Docker Build Backend Image | |
| run: | | |
| docker-compose build backend | |
| - name: Docker Tag Version Gold | |
| run: | | |
| docker tag cccm-api ${{ secrets.OPENSHIFT4_REGISTRY }}/${{ secrets.LICENSE_PLATE }}-tools/cccm-api:dev | |
| - name: Vulnerability Scan Backend | |
| uses: Azure/container-scan@v0 | |
| continue-on-error: true | |
| with: | |
| image-name: ${{ secrets.OPENSHIFT4_REGISTRY }}/${{ secrets.LICENSE_PLATE }}-tools/cccm-api:dev | |
| - name: Docker Push Version to Gold and GoldDR | |
| run: | | |
| docker push ${{ secrets.OPENSHIFT4_REGISTRY }}/${{ secrets.LICENSE_PLATE }}-tools/cccm-api:dev | |
| docker tag ${{ secrets.OPENSHIFT4_REGISTRY }}/${{ secrets.LICENSE_PLATE }}-tools/cccm-api:dev ${{ secrets.OPENSHIFT4_REGISTRY_GOLDDR }}/${{ secrets.LICENSE_PLATE }}-tools/cccm-api:dev | |
| docker push ${{ secrets.OPENSHIFT4_REGISTRY_GOLDDR }}/${{ secrets.LICENSE_PLATE }}-tools/cccm-api:dev | |
| - name: Set GitOps SSH Key | |
| uses: webfactory/ssh-agent@v0.5.4 | |
| with: | |
| ssh-private-key: ${{ secrets.GIT_OPS_SSH_KEY }} | |
| # Getting the SHA from the latest image in the image stream and setting it to a variable to use | |
| # at a later step | |
| - name: Get and Store Current Image SHA | |
| run: | | |
| IMAGE_SHA=$(oc describe istag/cccm-api:dev -n abb712-tools | grep 'Image Name' | awk '{ print $3 }') | |
| echo "::set-output name=IMAGE_SHA::$IMAGE_SHA" | |
| id: image_sha | |
| # Cloning the GitOps repo so that the kutomization file that holds the image tag information can be | |
| # synced with what is live in openshift in gold and golddr | |
| - name: Git Clone Repo | |
| run: | | |
| git config --global user.name "Github Action - CCCM Repo Backend Build/Push" | |
| git config --global user.email "cccm-backend@githubaction.com" | |
| git clone git@github.com:bcgov-c/tenant-gitops-abb712.git | |
| cd tenant-gitops-abb712/cccm/overlays/gold/dev | |
| kustomize edit set image cccm-api-image=image-registry.openshift-image-registry.svc:5000/abb712-tools/cccm-api@${{ steps.image_sha.outputs.IMAGE_SHA }} | |
| git add kustomization.yaml | |
| cd ../../golddr/dev | |
| kustomize edit set image cccm-api-image=image-registry.openshift-image-registry.svc:5000/abb712-tools/cccm-api@${{ steps.image_sha.outputs.IMAGE_SHA }} | |
| git add kustomization.yaml | |
| git commit -m "Updated cccm-api image sha in Kustomization files from CCCM Github Action" | |
| git push |