Skip to content

Update Actions

Update Actions #96

name: Build & Deploy to DEV from Release Branch
env:
# 🖊️ EDIT your repository secrets to log into your OpenShift cluster and set up the context.
# See https://github.com/redhat-actions/oc-login#readme for how to retrieve these values.
# To get a permanent token, refer to https://github.com/redhat-actions/oc-login/wiki/Using-a-Service-Account-for-GitHub-Actions
OPENSHIFT_SERVER: ${{ vars.OPENSHIFT_SERVER }}
OPENSHIFT_TOKEN: ${{ secrets.OPENSHIFT_TOKEN }}
OPENSHIFT_NAMESPACE: ${{ vars.GRAD_NAMESPACE }}-dev
COMMON_NAMESPACE: ${{ vars.COMMON_NAMESPACE }}
GRAD_NAMESPACE: ${{ vars.GRAD_NAMESPACE }}
BUSINESS_NAMESPACE: ${{ vars.GRAD_BUSINESS_NAMESPACE }}
# 🖊️ EDIT to change the image registry settings.
# Registries such as GHCR, Quay.io, and Docker Hub are supported.
IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }}
IMAGE_REGISTRY_USER: ${{ github.actor }}
IMAGE_REGISTRY_PASSWORD: ${{ github.token }}
SPRING_BOOT_IMAGE_NAME: educ-grad-student-graduation-api-dc
REPO_NAME: "educ-grad-student-graduation-api"
APP_DOMAIN: ${{ vars.APP_DOMAIN }}
BRANCH: "grad-release"
TAG: "latest"
MIN_CPU: "20m"
MAX_CPU: "250m"
MIN_MEM: "100Mi"
MAX_MEM: "600Mi"
MIN_REPLICAS: "3"
MAX_REPLICAS: "5"
on:
# https://docs.github.com/en/actions/reference/events-that-trigger-workflows
workflow_dispatch:
push:
branches:
- grad-release
paths:
- 'api/**'
- 'tools/**'
jobs:
openshift-ci-cd:
name: Build and deploy to OpenShift DEV from release branch
runs-on: ubuntu-20.04
environment: dev
steps:
- name: Check out repository
uses: actions/checkout@v3
with:
ref: grad-release
- name: Determine image tags
if: env.TAG == ''
run: |
echo "TAG=latest ${GITHUB_SHA::12}" | tee -a $GITHUB_ENV
- name: Login to Docker Hub
uses: docker/login-action@v2
with:
registry: ${{ vars.DOCKER_ARTIFACTORY_REPO }}
username: ${{ vars.DOCKER_ARTIFACTORY_USERNAME }}
password: ${{ secrets.DOCKER_ARTIFACTORY_ACCESS_TOKEN }}
# https://github.com/redhat-actions/buildah-build#readme
- name: Build from Dockerfile
id: build-image
uses: redhat-actions/buildah-build@v2
with:
image: ${{ env.REPO_NAME }}
tags: ${{ env.TAG }}
# If you don't have a Dockerfile/Containerfile, refer to https://github.com/redhat-actions/buildah-build#scratch-build-inputs
# Or, perform a source-to-image build using https://github.com/redhat-actions/s2i-build
# Otherwise, point this to your Dockerfile/Containerfile relative to the repository root.
dockerfiles: |
./Dockerfile
# https://github.com/redhat-actions/push-to-registry#readme
- name: Push to registry
id: push-image
uses: redhat-actions/push-to-registry@v2
with:
image: ${{ steps.build-image.outputs.image }}
tags: ${{ steps.build-image.outputs.tags }}
registry: ${{ env.IMAGE_REGISTRY }}
username: ${{ env.IMAGE_REGISTRY_USER }}
password: ${{ env.IMAGE_REGISTRY_PASSWORD }}
# The path the image was pushed to is now stored in ${{ steps.push-image.outputs.registry-path }}
- name: Install oc
uses: redhat-actions/openshift-tools-installer@v1
with:
oc: 4
# https://github.com/redhat-actions/oc-login#readme
- name: Deploy
run: |
set -eux
# Login to OpenShift and select project
oc login --token=${{ env.OPENSHIFT_TOKEN }} --server=${{ env.OPENSHIFT_SERVER }}
oc project ${{ env.OPENSHIFT_NAMESPACE }}
# Cancel any rollouts in progress
oc rollout cancel dc/${{ env.SPRING_BOOT_IMAGE_NAME }} 2> /dev/null \
|| true && echo "No rollout in progress"
# tag image stream
oc -n ${{ env.OPENSHIFT_NAMESPACE }} tag ${{ steps.push-image.outputs.registry-path }} ${{ env.REPO_NAME }}:${{ env.TAG }}
# Process and apply deployment template
oc process -f tools/openshift/api.dc.yaml -p IS_NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} -p REPO_NAME=${{ env.REPO_NAME }} \
-p TAG_NAME=${{ env.TAG }} -p HOST_ROUTE=${{ env.REPO_NAME }}-${{ env.OPENSHIFT_NAMESPACE }}.${{ env.APP_DOMAIN }} \
-p MIN_REPLICAS=${{ env.MIN_REPLICAS }} -p MAX_REPLICAS=${{ env.MAX_REPLICAS }} -p MIN_CPU=${{ env.MIN_CPU }} \
-p MAX_CPU=${{ env.MAX_CPU }} -p MIN_MEM=${{ env.MIN_MEM }} -p MAX_MEM=${{ env.MAX_MEM }} | oc apply -f -
# UPDATE Configmaps
curl -s https://raw.githubusercontent.com/bcgov/${{ env.REPO_NAME }}/${{ env.BRANCH }}/tools/config/update-configmap.sh \
| bash /dev/stdin \
dev \
${{ env.REPO_NAME }} \
${{ env.GRAD_NAMESPACE }} \
${{ env.COMMON_NAMESPACE }} \
${{ env.BUSINESS_NAMESPACE }} \
${{ secrets.SPLUNK_TOKEN }} \
${{ vars.APP_LOG_LEVEL }}
# Start rollout (if necessary) and follow it
oc rollout latest dc/${{ env.SPRING_BOOT_IMAGE_NAME }} 2> /dev/null \
|| true && echo "Rollout in progress"
oc logs -f dc/${{ env.SPRING_BOOT_IMAGE_NAME }}
# Get status, returns 0 if rollout is successful
oc rollout status dc/${{ env.SPRING_BOOT_IMAGE_NAME }}
# now hit it with a zap scan
- name: ZAP Scan
uses: zaproxy/[email protected]
with:
target: 'https://${{ env.REPO_NAME }}-${{ env.OPENSHIFT_NAMESPACE }}-dev.apps.silver.devops.gov.bc.ca/api/v1/api-docs'