Skip to content

Merge pull request #794 from bcgov/feature/update-completion #346

Merge pull request #794 from bcgov/feature/update-completion

Merge pull request #794 from bcgov/feature/update-completion #346

name: Build & Push Backend Image to Gold and GoldDR cluster
on:
push:
branches: [main]
paths:
- 'cccm-backend/**'
workflow_dispatch:
env:
# See https://github.com/goodwithtech/dockle/issues/188
DOCKLE_HOST: "unix:///var/run/docker.sock"
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Cluster Login Gold
uses: redhat-developer/openshift-actions@v1.1
with:
openshift_server_url: ${{ secrets.OPENSHIFT4_SERVER_URL }}
parameters: '{"apitoken": "${{ secrets.OPENSHIFT4_SA_PASSWORD }}"}'
cmd: |
'version'
- name: Login to Openshift Docker Registry Gold
uses: docker/login-action@v1
with:
registry: ${{ secrets.OPENSHIFT4_REGISTRY }}
username: ${{ secrets.OPENSHIFT4_SA_USERNAME }}
password: ${{ secrets.OPENSHIFT4_SA_PASSWORD }}
- name: Login to Openshift Docker Registry GoldDR
uses: docker/login-action@v1
with:
registry: ${{ secrets.OPENSHIFT4_REGISTRY_GOLDDR }}
username: ${{ secrets.OPENSHIFT4_SA_USERNAME }}
password: ${{ secrets.OPENSHIFT4_SA_PASSWORD_GOLDDR }}
- name: Docker Build Backend Image
run: |
docker-compose build backend
- name: Docker Tag Version Gold
run: |
docker tag cccm-api ${{ secrets.OPENSHIFT4_REGISTRY }}/${{ secrets.LICENSE_PLATE }}-tools/cccm-api:dev
- name: Vulnerability Scan Backend
uses: Azure/container-scan@v0
continue-on-error: true
with:
image-name: ${{ secrets.OPENSHIFT4_REGISTRY }}/${{ secrets.LICENSE_PLATE }}-tools/cccm-api:dev
- name: Docker Push Version to Gold and GoldDR
run: |
docker push ${{ secrets.OPENSHIFT4_REGISTRY }}/${{ secrets.LICENSE_PLATE }}-tools/cccm-api:dev
docker tag ${{ secrets.OPENSHIFT4_REGISTRY }}/${{ secrets.LICENSE_PLATE }}-tools/cccm-api:dev ${{ secrets.OPENSHIFT4_REGISTRY_GOLDDR }}/${{ secrets.LICENSE_PLATE }}-tools/cccm-api:dev
docker push ${{ secrets.OPENSHIFT4_REGISTRY_GOLDDR }}/${{ secrets.LICENSE_PLATE }}-tools/cccm-api:dev
- name: Set GitOps SSH Key
uses: webfactory/ssh-agent@v0.5.4
with:
ssh-private-key: ${{ secrets.GIT_OPS_SSH_KEY }}
# Getting the SHA from the latest image in the image stream and setting it to a variable to use
# at a later step
- name: Get and Store Current Image SHA
run: |
IMAGE_SHA=$(oc describe istag/cccm-api:dev -n abb712-tools | grep 'Image Name' | awk '{ print $3 }')
echo "::set-output name=IMAGE_SHA::$IMAGE_SHA"
id: image_sha
# Cloning the GitOps repo so that the kutomization file that holds the image tag information can be
# synced with what is live in openshift in gold and golddr
- name: Git Clone Repo
run: |
git config --global user.name "Github Action - CCCM Repo Backend Build/Push"
git config --global user.email "cccm-backend@githubaction.com"
git clone git@github.com:bcgov-c/tenant-gitops-abb712.git
cd tenant-gitops-abb712/cccm/overlays/gold/dev
kustomize edit set image cccm-api-image=image-registry.openshift-image-registry.svc:5000/abb712-tools/cccm-api@${{ steps.image_sha.outputs.IMAGE_SHA }}
git add kustomization.yaml
cd ../../golddr/dev
kustomize edit set image cccm-api-image=image-registry.openshift-image-registry.svc:5000/abb712-tools/cccm-api@${{ steps.image_sha.outputs.IMAGE_SHA }}
git add kustomization.yaml
git commit -m "Updated cccm-api image sha in Kustomization files from CCCM Github Action"
git push