3. Create Tag & Build/Deploy to UAT #75
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: 3. Create Tag & Build/Deploy to UAT | |
# This workflow can be triggered manually or by creating a tag starting with 'r' | |
env: | |
IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }} | |
REGISTRY_USER: ${{ github.actor }} | |
REGISTRY_PASSWORD: ${{ github.token }} | |
permissions: | |
packages: write | |
on: | |
push: | |
tags: | |
- 'r*' # Trigger this workflow only for tags starting with "r" | |
workflow_dispatch: | |
inputs: | |
tag_name: | |
description: 'Create a tag starting with r0.0.0 (Using Semver)' | |
required: true | |
jobs: | |
tag: | |
runs-on: ubuntu-latest | |
name: Create Tag and set Variable | |
permissions: | |
contents: write | |
outputs: | |
tag: ${{ steps.set_tag_name.outputs.tag }} | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
- name: Create Tag (if manually triggered) | |
if: github.event_name == 'workflow_dispatch' | |
run: | | |
git config --global user.name "${{ github.actor }}" | |
git config --global user.email "${{ github.actor }}@users.noreply.github.com" | |
git tag ${{ github.event.inputs.tag_name }} | |
git push origin ${{ github.event.inputs.tag_name }} | |
- name: Set Tag Name | |
id: set_tag_name | |
run: | | |
if [ "${{ github.event_name }}" == 'workflow_dispatch' ]; then | |
echo "tag=${{ github.event.inputs.tag_name }}" >> $GITHUB_OUTPUT | |
else | |
echo "tag=${{ github.ref_name }}" >> $GITHUB_OUTPUT | |
fi | |
- name: Display Tag Name | |
run: | | |
echo "Tag Name: ${{ steps.set_tag_name.outputs.tag }}" | |
build-static: | |
needs: [tag] | |
runs-on: ubuntu-latest | |
name: Build & Push Static Image | |
environment: uat | |
steps: | |
- name: Checkout Code | |
uses: actions/checkout@v4 | |
with: | |
ref: ${{ needs.tag.outputs.tag }} | |
- name: Build Static | |
id: build_image | |
uses: redhat-actions/buildah-build@v2 | |
with: | |
context: . | |
layers: true | |
image: drivebc-static | |
tags: latest latest-uat ${{ github.sha }} ${{ needs.tag.outputs.tag }} | |
labels: | | |
app=drivebc | |
containerfiles: ./compose/frontend/StaticBuild | |
build-args: | | |
FONTAWESOME_PACKAGE_TOKEN=${{ secrets.FONTAWESOME_PACKAGE_TOKEN }} | |
DEBUG_BUILD=false | |
- name: Push to Github Packages | |
uses: redhat-actions/push-to-registry@v2 | |
with: | |
image: ${{ steps.build_image.outputs.image }} | |
tags: ${{ steps.build_image.outputs.tags }} | |
registry: ${{ env.IMAGE_REGISTRY }} | |
username: ${{ env.REGISTRY_USER }} | |
password: ${{ env.REGISTRY_PASSWORD }} | |
# Backup to handle scenarios where Github packages is down. Confluence has documentation on switching the source. | |
- name: Push to OpenShift ImageStream | |
uses: redhat-actions/push-to-registry@v2 | |
with: | |
image: ${{ steps.build_image.outputs.image }} | |
tags: latest latest-uat ${{ needs.tag.outputs.tag }} | |
registry: ${{ vars.OPENSHIFT_IMAGESTREAM_URL }} | |
username: ${{ secrets.OPENSHIFT_IMAGESTREAM_USERNAME }} | |
password: ${{ secrets.OPENSHIFT_IMAGESTREAM_TOKEN }} | |
build-backend: | |
needs: [tag] | |
runs-on: ubuntu-latest | |
name: Build & Push Backend Image | |
environment: uat | |
steps: | |
- name: Checkout Code | |
uses: actions/checkout@v4 | |
with: | |
ref: ${{ needs.tag.outputs.tag }} | |
- name: Build Backend | |
id: build_image | |
uses: redhat-actions/buildah-build@v2 | |
with: | |
image: drivebc-django | |
tags: latest latest-uat ${{ github.sha }} ${{ needs.tag.outputs.tag }} | |
labels: | | |
app=drivebc | |
containerfiles: ./compose/backend/Dockerfile | |
build-args: | |
DEBUG_BUILD=true | |
- name: Push to Github Packages | |
uses: redhat-actions/push-to-registry@v2 | |
with: | |
image: ${{ steps.build_image.outputs.image }} | |
tags: ${{ steps.build_image.outputs.tags }} | |
registry: ${{ env.IMAGE_REGISTRY }} | |
username: ${{ env.REGISTRY_USER }} | |
password: ${{ env.REGISTRY_PASSWORD }} | |
# Backup to handle scenarios where Github packages is down. Confluence has documentation on switching the source. | |
- name: Push to OpenShift ImageStream | |
uses: redhat-actions/push-to-registry@v2 | |
with: | |
image: ${{ steps.build_image.outputs.image }} | |
tags: latest latest-uat ${{ needs.tag.outputs.tag }} | |
registry: ${{ vars.OPENSHIFT_IMAGESTREAM_URL }} | |
username: ${{ secrets.OPENSHIFT_IMAGESTREAM_USERNAME }} | |
password: ${{ secrets.OPENSHIFT_IMAGESTREAM_TOKEN }} | |
build-redis: | |
needs: [tag] | |
runs-on: ubuntu-latest | |
name: Build & Push Redis Image | |
environment: uat | |
steps: | |
- name: Checkout Code | |
uses: actions/checkout@v4 | |
with: | |
ref: ${{ needs.tag.outputs.tag }} | |
- name: Build Redis | |
id: build_image | |
uses: redhat-actions/buildah-build@v2 | |
with: | |
image: drivebc-redis | |
tags: latest latest-uat ${{ github.sha }} ${{ needs.tag.outputs.tag }} | |
labels: | | |
app=drivebc | |
containerfiles: ./compose/redis/Dockerfile | |
- name: Push to Github Packages | |
uses: redhat-actions/push-to-registry@v2 | |
with: | |
image: ${{ steps.build_image.outputs.image }} | |
tags: ${{ steps.build_image.outputs.tags }} | |
registry: ${{ env.IMAGE_REGISTRY }} | |
username: ${{ env.REGISTRY_USER }} | |
password: ${{ env.REGISTRY_PASSWORD }} | |
# Backup to handle scenarios where Github packages is down. Confluence has documentation on switching the source. | |
- name: Push to OpenShift ImageStream | |
uses: redhat-actions/push-to-registry@v2 | |
with: | |
image: ${{ steps.build_image.outputs.image }} | |
tags: latest latest-uat ${{ needs.tag.outputs.tag }} | |
registry: ${{ vars.OPENSHIFT_IMAGESTREAM_URL }} | |
username: ${{ secrets.OPENSHIFT_IMAGESTREAM_USERNAME }} | |
password: ${{ secrets.OPENSHIFT_IMAGESTREAM_TOKEN }} | |
build-openshiftjobs: | |
needs: [tag] | |
runs-on: ubuntu-latest | |
name: Build & Push OpenShift Jobs Image | |
environment: uat | |
steps: | |
- name: Checkout Code | |
uses: actions/checkout@v4 | |
with: | |
ref: ${{ needs.tag.outputs.tag }} | |
- name: Build OpenShift Jobs | |
id: build_image | |
uses: redhat-actions/buildah-build@v2 | |
with: | |
image: drivebc-openshiftjobs | |
tags: latest latest-uat ${{ github.sha }} ${{ needs.tag.outputs.tag }} | |
labels: | | |
app=drivebc | |
containerfiles: ./compose/openshiftjobs/DockerFile | |
- name: Push to Github Packages | |
uses: redhat-actions/push-to-registry@v2 | |
with: | |
image: ${{ steps.build_image.outputs.image }} | |
tags: ${{ steps.build_image.outputs.tags }} | |
registry: ${{ env.IMAGE_REGISTRY }} | |
username: ${{ env.REGISTRY_USER }} | |
password: ${{ env.REGISTRY_PASSWORD }} | |
# Backup to handle scenarios where Github packages is down. Confluence has documentation on switching the source. | |
- name: Push to OpenShift ImageStream | |
uses: redhat-actions/push-to-registry@v2 | |
with: | |
image: ${{ steps.build_image.outputs.image }} | |
tags: latest latest-uat ${{ needs.tag.outputs.tag }} | |
registry: ${{ vars.OPENSHIFT_IMAGESTREAM_URL }} | |
username: ${{ secrets.OPENSHIFT_IMAGESTREAM_USERNAME }} | |
password: ${{ secrets.OPENSHIFT_IMAGESTREAM_TOKEN }} | |
versionUpdate: | |
needs: [tag, build-static, build-backend, build-redis, build-openshiftjobs] | |
runs-on: ubuntu-latest | |
name: Deploy Latest Images | |
environment: | |
name: uat | |
url: https://uat-drivebc.apps.gold.devops.gov.bc.ca | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Authenticate and set context | |
uses: redhat-actions/oc-login@v1 | |
with: | |
openshift_server_url: ${{ secrets.OPENSHIFT_SERVER }} | |
openshift_token: ${{ secrets.OPENSHIFT_TOKEN }} | |
namespace: ${{ vars.OPENSHIFT_NAMESPACE }} | |
insecure_skip_tls_verify: true | |
- name: Helm upgrade on OpenShift Environment | |
run: | | |
helm dependency update ./infrastructure/main | |
helm upgrade uat-drivebc -f ./infrastructure/main/values-uat.yaml ./infrastructure/main --set django.image.tag="${{ needs.tag.outputs.tag }}" --set redis.image.tag="${{ needs.tag.outputs.tag }}" --set static.image.tag="${{ needs.tag.outputs.tag }}" --set tasks.image.tag="${{ needs.tag.outputs.tag }}" --set openshiftjobs.image.tag="${{ needs.tag.outputs.tag }}" |