From e74ec167336288a3d318c83806d2d219598a7525 Mon Sep 17 00:00:00 2001 From: Ivan Polchenko <2119240+i5okie@users.noreply.github.com> Date: Wed, 17 Jul 2024 09:33:41 -0700 Subject: [PATCH] Refactor workflow with configs repo workflow trigger Signed-off-by: Ivan Polchenko <2119240+i5okie@users.noreply.github.com> --- .github/workflows/on_push_main.yaml | 165 +++++++++++++++------------- 1 file changed, 86 insertions(+), 79 deletions(-) diff --git a/.github/workflows/on_push_main.yaml b/.github/workflows/on_push_main.yaml index 168e8eb30..92afc1081 100644 --- a/.github/workflows/on_push_main.yaml +++ b/.github/workflows/on_push_main.yaml @@ -69,18 +69,24 @@ jobs: image_tag: ${{ steps.builder.outputs.image_tag }} image_version: ${{ steps.builder.outputs.image_version }} - changed_files: + check_changed: runs-on: ubuntu-latest - name: Test changed files + name: Check for helm changes outputs: - any_changed: ${{ steps.chart-changes.outputs.any_changed }} + helm_changed: ${{ steps.list-changed.outputs.changed }} steps: - uses: actions/checkout@v4 - - name: Check for changes in the charts folder - id: chart-changes - uses: tj-actions/changed-files@v44 - with: - files: charts/traction/*.* + + - name: Set up chart-testing + uses: helm/chart-testing-action@v2.6.1 + + - name: Run chart-testing (list-changed) + id: list-changed + run: | + changed=$(ct list-changed --target-branch ${{ github.event.repository.default_branch }}) + if [[ -n "$changed" ]]; then + echo "changed=true" >> "$GITHUB_OUTPUT" + fi gitops_update: runs-on: ubuntu-latest @@ -89,56 +95,77 @@ jobs: - build_ui - build_acapy - build_proxy - - changed_files - if: needs.changed_files.outputs.any_changed != 'true' + - check_changed steps: - uses: actions/checkout@v4 - - name: Set up Git - run: | - git config --global user.name "github-actions[bot]" - git config --global user.email "github-actions[bot]@users.noreply.github.com" - - name: Add SSH key - env: - DITP_GITOPS_REPO_SECRET: ${{ secrets.DITP_GITOPS_REPO_SECRET }} - run: | - mkdir -p ~/.ssh - echo "$DITP_GITOPS_REPO_SECRET" > ~/.ssh/id_rsa - chmod 600 ~/.ssh/id_rsa - ssh-keyscan github.com >> ~/.ssh/known_hosts - - name: Clone gitops-repo - run: | - git clone git@github.com:bcgov-c/ministry-gitops-ditp.git - cd ministry-gitops-ditp - git config user.name "github-actions[bot]" - git config user.email "github-actions[bot]@users.noreply.github.com" - - name: Lookup latest chart + + - name: Setup SSH + uses: webfactory/ssh-agent@v0.9.0 + with: + ssh-private-key: ${{ secrets.DITP_GITOPS_REPO_SECRET }} + + - name: Add github.com to known hosts + run: ssh-keyscan github.com >> ~/.ssh/known_hosts + + - name: Checkout GitOps repo + uses: actions/checkout@v4 + with: + repository: bcgov/trust-over-ip-configurations + ssh-key: ${{ secrets.DITP_GITOPS_REPO_SECRET }} + sparse-checkout: | + services + path: trust-over-ip-configurations + + - name: Lookup chart version id: chart_version run: | helm repo add traction https://bcgov.github.io/traction helm repo update - echo "::set output name=APP_VERSION::$(helm search repo traction -ojson | jq '.[0].app_version')" - echo "::set output name=CHART_VERSION::$(helm search repo traction -ojson | jq '.[0].version')" - - name: Update values + echo "PUBLISHED_APP_VERSION=$(helm search repo traction -ojson | jq -r '.[0].app_version')" >> $GITHUB_OUTPUT + echo "PUBLISHED_CHART_VERSION=$(helm search repo traction -ojson | jq -r '.[0].version')" >> $GITHUB_OUTPUT + echo "LOCAL_APP_VERSION=$(yq e .appVersion charts/traction/Chart.yaml)" >> $GITHUB_OUTPUT + echo "LOCAL_CHART_VERSION=$(yq e .version charts/traction/Chart.yaml)" >> $GITHUB_OUTPUT + + - name: Update versions env: - APP_VERSION: ${{ steps.chart_version.outputs.APP_VERSION }} - CHART_VERSION: ${{ steps.chart_version.outputs.CHART_VERSION }} IMAGE_TAG: ${{ needs.build_acapy.outputs.image_version }} run: | - cd ministry-gitops-ditp + cd trust-over-ip-configurations + if [[ "${{ needs.check_changed.outputs.helm_changed }}" == "true" ]]; then + APP_VERSION="${{ steps.chart_version.outputs.LOCAL_APP_VERSION }}" + CHART_VERSION="${{ steps.chart_version.outputs.LOCAL_CHART_VERSION }}" + else + APP_VERSION="${{ steps.chart_version.outputs.PUBLISHED_APP_VERSION }}" + CHART_VERSION="${{ steps.chart_version.outputs.PUBLISHED_CHART_VERSION }}" + fi + yq e -i '.appVersion = $APP_VERSION' services/traction/charts/dev/Chart.yaml yq e -i '.version = $CHART_VERSION' services/traction/charts/dev/Chart.yaml yq e -i '.dependencies[0].version = $CHART_VERSION' services/traction/charts/dev/Chart.yaml yq e -i '.traction.acapy.image.tag = $IMAGE_TAG' services/traction/charts/dev/values.yaml yq e -i '.traction.tenant_proxy.image.tag = $IMAGE_TAG' services/traction/charts/dev/values.yaml yq e -i '.traction.ui.image.tag = $IMAGE_TAG' services/traction/charts/dev/values.yaml + - name: Commit and push changes run: | - cd ministry-gitops-ditp + cd trust-over-ip-configurations + git config user.name "github-actions[bot]" + git config user.email "github-actions[bot]@users.noreply.github.com" git add services/traction/charts/dev/values.yaml services/traction/charts/dev/Chart.yaml - git commit -m "Update chart version and image tags" + git commit -m "Update chart version and image tags" || echo "No changes to commit" git push origin main + + - uses: convictional/trigger-workflow-and-wait@v1.6.1 + id: workflow-trigger + with: + owner: bcgov + repo: trust-over-ip-configurations + github_token: ${{ secrets.DITP_CONFIGS_REPO_TOKEN }} + workflow_file_name: gitops_sync.yaml + - name: Sync Traction Dev uses: OpsVerseIO/argocd-sync@0.2.0 + if: needs.check_changed.outputs.helm_changed != 'true' && steps.workflow-trigger.outputs.conclusion == 'success' with: address: https://gitops-shared.apps.silver.devops.gov.bc.ca token: ${{ secrets.DITP_GITOPS_ARGO_SECRET}} @@ -153,49 +180,27 @@ jobs: - build_ui - build_acapy - build_proxy - - changed_files - if: ${{ needs.changed_files.outputs.any_changed == 'true' && contains(needs.*.result, 'success') && !(contains(needs.*.result, 'failure')) && (github.repository_owner == 'bcgov') }} + - check_changed + if: ${{ needs.check_changed.outputs.helm_changed == 'true' && contains(needs.*.result, 'success') && !(contains(needs.*.result, 'failure')) && (github.repository_owner == 'bcgov') }} steps: - uses: actions/checkout@v4 - - name: Set up Git - run: | - git config --global user.name "github-actions[bot]" - git config --global user.email "github-actions[bot]@users.noreply.github.com" - - name: Add SSH key - env: - DITP_GITOPS_REPO_SECRET: ${{ secrets.DITP_GITOPS_REPO_SECRET }} - run: | - mkdir -p ~/.ssh - echo "$DITP_GITOPS_REPO_SECRET" > ~/.ssh/id_rsa - chmod 600 ~/.ssh/id_rsa - ssh-keyscan github.com >> ~/.ssh/known_hosts - - name: Clone gitops-repo - run: | - git clone git@github.com:bcgov-c/ministry-gitops-ditp.git - cd ministry-gitops-ditp - git config user.name "github-actions[bot]" - git config user.email "github-actions[bot]@users.noreply.github.com" - - name: Lookup chart version - id: chart_version - run: | - echo "::set output name=APP_VERSION::$(yq e .appVersion charts/traction/Chart.yaml)" - echo "::set output name=CHART_VERSION::$(yq e .version charts/traction/Chart.yaml)" - - name: Update Values in GitOps repo - env: - APP_VERSION: ${{ steps.chart_version.outputs.APP_VERSION }} - CHART_VERSION: ${{ steps.chart_version.outputs.CHART_VERSION }} - IMAGE_TAG: ${{ needs.build_acapy.outputs.image_version }} - run: | - cd ministry-gitops-ditp - yq e -i '.appVersion = $APP_VERSION' services/traction/charts/dev/Chart.yaml - yq e -i '.version = $CHART_VERSION' services/traction/charts/dev/Chart.yaml - yq e -i '.dependencies[0].version = $CHART_VERSION' services/traction/charts/dev/Chart.yaml - yq e -i '.traction.acapy.image.tag = $IMAGE_TAG' services/traction/charts/dev/values.yaml - yq e -i '.traction.tenant_proxy.image.tag = $IMAGE_TAG' services/traction/charts/dev/values.yaml - yq e -i '.traction.ui.image.tag = $IMAGE_TAG' services/traction/charts/dev/values.yaml - git add services/traction/charts/dev/values.yaml services/traction/charts/dev/Chart.yaml - git commit -m "Update chart version and image tags" - git push origin main + + - name: Setup SSH + uses: webfactory/ssh-agent@v0.9.0 + with: + ssh-private-key: ${{ secrets.DITP_GITOPS_REPO_SECRET }} + + - name: Add github.com to known hosts + run: ssh-keyscan github.com >> ~/.ssh/known_hosts + + - name: Checkout GitOps repo + uses: actions/checkout@v4 + with: + repository: bcgov/trust-over-ip-configurations + ssh-key: ${{ secrets.DITP_GITOPS_REPO_SECRET }} + sparse-checkout: | + services + path: trust-over-ip-configurations - name: Authenticate and set context uses: redhat-actions/oc-login@v1 @@ -207,7 +212,9 @@ jobs: - name: Traction Dev Helm run: | - helm upgrade --install traction -f ./deploy/traction/values-development.yaml --set acapy.image.tag=${{ needs.build_acapy.outputs.image_version }} --set tenant_proxy.image.tag=${{ needs.build_acapy.outputs.image_version }} --set ui.image.tag=${{ needs.build_ui.outputs.image_version }} ./charts/traction --wait + cp trust-over-ip-configurations/services/traction/charts/dev/values.yaml ./dev-values.yaml + yq e -i 'del(.traction) | . *= load("trust-over-ip-configurations/services/traction/charts/dev/values.yaml").traction' ./dev-values.yaml + helm upgrade --install traction -f ./dev-values.yaml --set acapy.image.tag=${{ needs.build_acapy.outputs.image_version }} --set tenant_proxy.image.tag=${{ needs.build_acapy.outputs.image_version }} --set ui.image.tag=${{ needs.build_ui.outputs.image_version }} ./charts/traction --wait - name: Restart Deployments run: |