feat: workflow changes for tagging and deploying releases

bcgov · Feb 29, 2024 · 01ee435 · 01ee435
1 parent 5224de7
commit 01ee435
Show file tree

Hide file tree

Showing 7 changed files with 268 additions and 153 deletions.
diff --git a/generator-nr-maven-build/generators/app/index.js b/generator-nr-maven-build/generators/app/index.js
@@ -6,7 +6,7 @@ export default class extends Generator {
   prompting() {
     this.log(
       yosay(
-        'Welcome to the GitHub CI workflow and NR Broker intention file generator!'
+        'Welcome to the GitHub workflow and NR Broker intention file generator!'
       )
     );
 
@@ -65,13 +65,13 @@ export default class extends Generator {
     });
   }
 
-  // Generate GitHub workflow and NR Broker intention files
+  // Generate GitHub workflows and NR Broker intention files
   writing() {
     this.fs.copyTpl(
-      this.templatePath('ci.yaml'),
-      this.destinationPath('.github/workflows/ci.yaml'),
+      this.templatePath('build.yaml'),
+      this.destinationPath('.github/workflows/build.yaml'),
       { projectName: this.props.projectName, serviceName: this.props.serviceName, artifactoryProject: this.props.artifactoryProject,
-        pomRoot: this.props.pomRoot, unitTestsPath: this.props.unitTestsPath, gitHubPackages: this.props.gitHubPackages, deployOnPrem: this.props.deployOnPrem }
+        pomRoot: this.props.pomRoot, unitTestsPath: this.props.unitTestsPath, gitHubPackages: this.props.gitHubPackages }
     );
     this.fs.copyTpl(
       this.templatePath('build-intention.json'),
@@ -82,20 +82,24 @@ export default class extends Generator {
       this.templatePath('build-intention.sh'),
       this.destinationPath('.github/workflows/build-intention.sh')
     );
+    this.fs.copyTpl(
+      this.templatePath('release.yaml'),
+      this.destinationPath('.github/workflows/release.yaml'),
+      { projectName: this.props.projectName, serviceName: this.props.serviceName }
+    );
     if (this.props.deployOnPrem) {
+      this.fs.copyTpl(
+        this.templatePath('deploy.yaml'),
+        this.destinationPath('.github/workflows/deploy.yaml'),
+        { projectName: this.props.projectName, serviceName: this.props.serviceName }
+      );
       this.fs.copyTpl(
         this.templatePath('deployment-intention.json'),
         this.destinationPath('.jenkins/deployment-intention.json'),
         { projectName: this.props.projectName, serviceName: this.props.serviceName }
       );
     }
 
-    this.config.set('projectName', this.props.projectName);
-    this.config.set('serviceName', this.props.serviceName);
-    this.config.set('artifactoryProject', this.props.artifactoryProject);
-    this.config.set('pomRoot', this.props.pomRoot);
-    this.config.set('unitTestsPath', this.props.unitTestsPath);
-    this.config.set('gitHubPackages', this.props.gitHubPackages);
-    this.config.set('deployOnPrem', this.props.deployOnPrem);
+    this.config.save();
   }
 }
diff --git a/generator-nr-maven-build/generators/app/templates/build-intention.json b/generator-nr-maven-build/generators/app/templates/build-intention.json
@@ -16,7 +16,8 @@
       },
       "package": {
         "version": "",
-        "buildVersion": ""
+        "buildVersion": "",
+        "buildNumber": 0
       }
     }
   ],

diff --git a/generator-nr-maven-build/generators/app/templates/build-intention.sh b/generator-nr-maven-build/generators/app/templates/build-intention.sh
@@ -7,5 +7,6 @@ cat ./.github/workflows/build-intention.json | jq "\
     (.actions[] | select(.id == \"build\") .service.project) |= \"${SERVICE_PROJECT}\" | \
     (.actions[] | select(.id == \"build\") .service.name) |= \"${SERVICE_NAME}\" | \
     (.actions[] | select(.id == \"build\") .package.version) |= \"${PROJECT_VERSION}\" | \
-    (.actions[] | select(.id == \"build\") .package.buildVersion) |= \"${GIT_COMMIT}\" \
+    (.actions[] | select(.id == \"build\") .package.buildVersion) |= \"${GIT_COMMIT}\" | \
+    (.actions[] | select(.id == \"build\") .package.buildNumber) |= ${BUILD_NUMBER} \
     " > intention.json
diff --git a/...en-build/generators/app/templates/ci.yaml → ...build/generators/app/templates/build.yaml b/...en-build/generators/app/templates/ci.yaml → ...build/generators/app/templates/build.yaml
@@ -1,10 +1,21 @@
-name: Java CI
+name: Build
 
 on:
   pull_request:
-    branches: [main]
-  workflow_dispatch:
+    branches: main
   workflow_call:
+    outputs:
+      branch:
+        value: ${{ jobs.build.outputs.branch }}
+      project_version:
+        value: ${{ jobs.build.outputs.project_version }}
+      intention_id:
+        value: ${{ jobs.build.outputs.intention_id }}
+  workflow_dispatch:
+
+concurrency:
+  group: ci-${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
 
 env:
   BROKER_URL: https://nr-broker.apps.silver.devops.gov.bc.ca
@@ -18,56 +29,49 @@ jobs:
     name: Test
     uses: <%= unitTestsPath %>
 <% } -%>
-
-  publish:
-    name: Publish
+  build:
+    name: Build
     runs-on: ubuntu-latest
 <% if (unitTestsPath) { -%>
-    needs: [test]
-<% } -%>
+    needs: test
+<% } -%>    
     permissions:
       contents: read
       packages: write
-
     outputs:
+      branch: ${{ steps.set-branch.outputs.branch }}
       project_version: ${{ steps.set-build-output-parameters.outputs.project_version }}
       intention_id: ${{ steps.set-intention-id.outputs.intention_id }}
-      branch: ${{ steps.set-branch-dispatch.outputs.branch || steps.set-branch-pr.outputs.branch }}
-
     steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
-      - name: Set up Java for publishing to OpenShift Artifactory
-        uses: actions/setup-java@v3
+      - uses: actions/checkout@v4
+        with:
+            fetch-depth: 0
+            fetch-tags: true
+            ref: ${{ github.ref }}
+      - name: Set up Java
+        uses: actions/setup-java@v4
         with:
           java-version: '8'
           distribution: 'temurin'
           cache: maven
           server-id: artifactory
           server-username: ARTIFACTORY_USERNAME
           server-password: ARTIFACTORY_PASSWORD
-
-      # Get branch for manual runs
-      - name: Get branch
-        id: set-branch-dispatch
-        if: ${{ startsWith(github.ref, 'refs/heads/') }}
+      - name: Set branch
+        id: set-branch
         run: |
-          echo "branch=${{ github.ref_name }}" >> "$GITHUB_OUTPUT"
-
-      # Get branch for pull requests
-      - name: Get branch
-        id: set-branch-pr
-        if: ${{ startsWith(github.ref, 'refs/pull/') }}
-        run: |
-          echo "branch=${{ github.head_ref }}" >> "$GITHUB_OUTPUT"
-
+          if [[ ${{ startsWith(github.ref, 'refs/heads/') }} = true ]]; then
+            echo "branch=${{ github.ref_name }}" >> "$GITHUB_OUTPUT"
+          fi          
+          if [[ ${{ startsWith(github.ref, 'refs/pull/') }} = true ]]; then
+            echo "branch=${{ github.head_ref }}" >> "$GITHUB_OUTPUT"
+          fi      
       - name: Set build output parameters
         id: set-build-output-parameters
         run: |
-          echo "project_version=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout --file <%= pomRoot %>pom.xml)" >> $GITHUB_OUTPUT
-          echo "artifact_id=$(mvn help:evaluate -Dexpression=project.artifactId -q -DforceStdout --file <%= pomRoot %>pom.xml)" >> $GITHUB_OUTPUT
+          echo "project_version=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout --file ./pom.xml)" >> $GITHUB_OUTPUT
+          echo "artifact_id=$(mvn help:evaluate -Dexpression=project.artifactId -q -DforceStdout --file ./pom.xml)" >> $GITHUB_OUTPUT
           echo "git_commit=$(git rev-parse --verify HEAD)" >> $GITHUB_OUTPUT
-
       - name: Build intention
         run: sh ./.github/workflows/build-intention.sh
         env:
@@ -77,47 +81,39 @@ jobs:
           SERVICE_NAME: ${{ env.SERVICE_NAME }}
           PROJECT_VERSION: ${{ steps.set-build-output-parameters.outputs.project_version }}
           GIT_COMMIT: ${{ steps.set-build-output-parameters.outputs.git_commit }}
-
-      # https://github.com/bcgov-nr/action-broker-intention-open
+          BUILD_NUMBER: ${{ github.run_number }}
       - name: Open intention
         uses: bcgov-nr/action-broker-intention-open@v2
         with:
           broker_jwt: ${{ secrets.BROKER_JWT }}
           intention_path: intention.json
           quickstart: true
-
-      # https://github.com/bcgov-nr/action-broker-action-start
       - name: Start configure action
         uses: bcgov-nr/action-broker-action-start@v1
         with:
-          action_token: ${{ env.ACTION_TOKEN_CONFIGURE }}
-
-      # https://github.com/bcgov-nr/action-broker-vault-login
+          action_token: ${{ env.ACTION_TOKEN_CONFIGURE }}      
       - name: Vault login
         uses: bcgov-nr/action-broker-vault-login@v1
         with:
           action_token: ${{ env.ACTION_TOKEN_LOGIN }}
-
       - name: Set intention ID for deployment job
         id: set-intention-id
         run: |
           echo "intention_id=${INTENTION_ID}" >> $GITHUB_OUTPUT
         env:
           INTENTION_ID: ${{ env.INTENTION_ID }}
-
       - name: Publish to OpenShift Artifactory
-        run: mvn --batch-mode -Dmaven.test.skip=true -Partifactory deploy --file <%= pomRoot %>pom.xml
+        run: mvn --batch-mode -Dmaven.test.skip=true -Partifactory deploy --file ./pom.xml
         env:
           ARTIFACTORY_USERNAME: ${{ secrets.ARTIFACTORY_USERNAME }}
           ARTIFACTORY_PASSWORD: ${{ secrets.ARTIFACTORY_PASSWORD }}
           BUILD_NUMBER: ${{ github.run_number }}
           BUILD_URL: ${{ github.repositoryUrl }}
-
       - name: Set build info
         id: set-build-info
         run: |
           BUILD_INFO=$(curl -s -u ${{ secrets.ARTIFACTORY_USERNAME }}:${{ secrets.ARTIFACTORY_PASSWORD }} \
-              https://artifacts.developer.gov.bc.ca/artifactory/api/build/${{ env.ARTIFACT_ID }}/${{ github.run_number }}?project=<%= artifactoryProject %>)
+              https://artifacts.developer.gov.bc.ca/artifactory/api/build/${{ env.ARTIFACT_ID }}/${{ github.run_number }}?project=cc20)
           echo "vcs_revision=$(echo ${BUILD_INFO} | jq -r '.buildInfo.vcs[0].revision')" >> $GITHUB_OUTPUT
           echo "vcs_message=$(echo ${BUILD_INFO} | jq -r '.buildInfo.vcs[0].message')" >> $GITHUB_OUTPUT
           echo "vcs_branch=$(echo ${BUILD_INFO} | jq -r '.buildInfo.vcs[0].branch')" >> $GITHUB_OUTPUT
@@ -129,7 +125,6 @@ jobs:
           echo "artifact_name=$(echo ${BUILD_INFO} | jq -r '.buildInfo.modules[0].artifacts[0].name')" >> $GITHUB_OUTPUT
         env:
           ARTIFACT_ID: ${{ steps.set-build-output-parameters.outputs.artifact_id }}
-
       - name: Send build info
         run: |
           curl -s POST ${{ env.BROKER_URL }}/v1/intention/action/artifact \
@@ -141,13 +136,11 @@ jobs:
           ARTIFACT_NAME: ${{ steps.set-build-info.outputs.artifact_name }}
           ARTIFACT_TYPE: ${{ steps.set-build-info.outputs.artifact_type }}
           BUILD_TOKEN: ${{ env.ACTION_TOKEN_BUILD }}
-
-      # https://github.com/bcgov-nr/action-broker-intention-close
       - name: Close intention
         uses: bcgov-nr/action-broker-intention-close@v1
         with:
           intention_token: ${{ env.INTENTION_TOKEN }}
-<% if (gitHubPackages) { %>
+<% if (gitHubPackages) { -%>
   ghcr:
     name: GHCR
     runs-on: ubuntu-latest
@@ -166,34 +159,4 @@ jobs:
         run: mvn --batch-mode -Dmaven.test.skip=true -Pgithub deploy --file <%= pomRoot %>pom.xml
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-<% } -%>
-<% if (deployOnPrem) { %>
-  # https://www.jenkins.io/doc/book/using/remote-access-api/
-  # https://plugins.jenkins.io/build-token-root/
-  jenkins:
-    name: Jenkins Promote
-    needs: [publish]
-    runs-on: ubuntu-latest
-    steps:
-      - name: Submit a job to Jenkins
-        env:
-          job: buildByToken/buildWithParameters?job=<%= projectName %>/<%= serviceName %>
-          url: https://cd.io.nrs.gov.bc.ca
-          PROJECT_VERSION: ${{ needs.publish.outputs.project_version }}
-          INTENTION_ID: ${{ needs.publish.outputs.intention_id }}
-          BRANCH: ${{ needs.publish.outputs.branch }}
-        run: |
-          curl \
-          --data-urlencode "token=${{ secrets.JENKINS_TOKEN }}" \
-          --data-urlencode "githubToken=${{ secrets.GITHUB_TOKEN }}" \
-          --data-urlencode "artifactoryBuildNumber=${{ github.run_number }}" \
-          --data-urlencode "cdVersion=${{ env.PROJECT_VERSION }}" \
-          --data-urlencode "gitBranch=${{ env.BRANCH }}" \
-          --data-urlencode "intentionId=${{ env.INTENTION_ID }}" \
-          -H "Connection: close" \
-          ${{ env.url }}/${{ env.job }}
-      # The automatically generated GitHub token will expire when the workflow ends. We need to wait so the job has time to clone the repo.
-      - name: Sleep for 30 seconds
-        run: sleep 30s
-        shell: bash
-<% } -%>
+<% } %>
diff --git a/generator-nr-maven-build/generators/app/templates/deploy.yaml b/generator-nr-maven-build/generators/app/templates/deploy.yaml
@@ -0,0 +1,87 @@
+name: Deploy
+
+on:
+  workflow_dispatch:
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+env:
+  SERVICE_PROJECT: <%= projectName %>
+  SERVICE_NAME: <%= serviceName %>
+  JOB: buildByToken/buildWithParameters?job=<%= projectName %>/<%= serviceName %>
+  URL: https://cd.io.nrs.gov.bc.ca
+
+jobs:
+  call-build:
+    name: Build
+    if: ${{ ! startsWith(github.ref, 'refs/tags/') }}
+    uses: ./.github/workflows/build.yaml
+    secrets: inherit
+
+  deploy-build:
+    name: Deploy development version
+    if: ${{ ! startsWith(github.ref, 'refs/tags/') }}
+    needs: call-build
+    runs-on: ubuntu-latest
+    steps:
+      - name: Submit a job to Jenkins
+        run: |
+          curl \
+          --data-urlencode "token=${{ secrets.JENKINS_TOKEN }}" \
+          --data-urlencode "githubToken=${{ secrets.GITHUB_TOKEN }}" \
+          --data-urlencode "artifactoryBuildNumber=${{ github.run_number }}" \
+          --data-urlencode "cdVersion=${{ needs.call-build.outputs.project_version }}" \
+          --data-urlencode "gitBranch=${{ needs.call-build.outputs.branch }}" \
+          --data-urlencode "intentionId=${{ needs.call-build.outputs.intention_id }}" \
+          -H "Connection: close" \
+          ${{ env.URL }}/${{ env.JOB }}
+      # The automatically generated GitHub token will expire when the workflow ends. We need to wait so the job has time to clone the repo.
+      - name: Sleep for 30 seconds
+        run: sleep 30s
+        shell: bash
+
+  deploy-tag:
+    name: Deploy release version
+    if: ${{ startsWith(github.ref, 'refs/tags/') }}
+    runs-on: ubuntu-latest
+    steps:
+      - name: Set project version 
+        id: set-project-version
+        run: |
+          TAG=${{ github.ref_name }}
+          VERSION=${TAG#v}
+          echo "project_version=${VERSION}" >> $GITHUB_OUTPUT
+      - name: Set build number and build guid (intention)
+        id: set-build-guid-number
+        run: |
+          RESPONSE=$(curl -s -X 'POST' \
+            "${BROKER_URL}/v1/intention/search?where=%7B%22actions.action%22%3A%22package-build%22%2C%22actions.service.project%22%3A%22${SERVICE_PROJECT}%22%2C%22actions.service.name%22%3A%22${SERVICE_NAME}%22%2C%22actions.package.version%22%3A%22${PROJECT_VERSION}%22%7D&offset=0&limit=1" \
+            -H 'accept: application/json' \
+            -H 'Authorization: Bearer '"${BROKER_JWT}"'' \
+            -d '')
+          echo "build_number=$(echo ${RESPONSE} | jq -r '.data[].actions[].package.buildNumber')" >> $GITHUB_OUTPUT
+          echo "build_guid=$(echo ${RESPONSE} | jq -r '.data[].id')" >> $GITHUB_OUTPUT
+        env:
+          BROKER_URL: https://nr-broker.apps.silver.devops.gov.bc.ca
+          BROKER_JWT: ${{ secrets.BROKER_JWT }}
+          SERVICE_PROJECT: ${{ env.SERVICE_PROJECT }}
+          SERVICE_NAME: ${{ env.SERVICE_NAME }}
+          PROJECT_VERSION: ${{ steps.set-project-version.outputs.project_version }}  
+      - name: Submit a job to Jenkins
+        run: |
+          curl \
+          --data-urlencode "token=${{ secrets.JENKINS_TOKEN }}" \
+          --data-urlencode "githubToken=${{ secrets.GITHUB_TOKEN }}" \
+          --data-urlencode "artifactoryBuildNumber=${{ steps.set-build-guid-number.outputs.build_number }}" \
+          --data-urlencode "cdVersion=${{ steps.set-project-version.outputs.project_version }}" \
+          --data-urlencode "gitBranch=main" \
+          --data-urlencode "intentionId=${{ steps.set-build-guid-number.outputs.build_guid }}" \
+          --data-urlencode "gitTag=${{ github.ref_name }}" \
+          -H "Connection: close" \
+          ${{ env.URL }}/${{ env.JOB }}
+      # The automatically generated GitHub token will expire when the workflow ends. We need to wait so the job has time to clone the repo.
+      - name: Sleep for 30 seconds
+        run: sleep 30s
+        shell: bash