From 8615a06a270a27dff2e62b74f7141717347132c4 Mon Sep 17 00:00:00 2001 From: Kamal Mohammed Date: Thu, 23 Nov 2023 17:13:21 -0700 Subject: [PATCH] Create build.from.developer.branch.deploy.to.dev.yml --- ...ld.from.developer.branch.deploy.to.dev.yml | 132 ++++++++++++++++++ 1 file changed, 132 insertions(+) create mode 100644 .github/workflows/build.from.developer.branch.deploy.to.dev.yml diff --git a/.github/workflows/build.from.developer.branch.deploy.to.dev.yml b/.github/workflows/build.from.developer.branch.deploy.to.dev.yml new file mode 100644 index 0000000..e25f942 --- /dev/null +++ b/.github/workflows/build.from.developer.branch.deploy.to.dev.yml @@ -0,0 +1,132 @@ +name: Build & Deploy to DEV from Developer Branch + +env: + # 🖊️ EDIT your repository secrets to log into your OpenShift cluster and set up the context. + # See https://github.com/redhat-actions/oc-login#readme for how to retrieve these values. + # To get a permanent token, refer to https://github.com/redhat-actions/oc-login/wiki/Using-a-Service-Account-for-GitHub-Actions + OPENSHIFT_SERVER: ${{ secrets.OPENSHIFT_SERVER }} + OPENSHIFT_TOKEN: ${{ secrets.OPENSHIFT_TOKEN }} + OPENSHIFT_NAMESPACE: ${{ secrets.GRAD_NAMESPACE }}-dev + + # 🖊️ EDIT to change the image registry settings. + # Registries such as GHCR, Quay.io, and Docker Hub are supported. + IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }} + IMAGE_REGISTRY_USER: ${{ github.actor }} + IMAGE_REGISTRY_PASSWORD: ${{ github.token }} + + SPRING_BOOT_IMAGE_NAME: educ-grad-business-api-dc + DOCKER_ARTIFACTORY_REPO: artifacts.developer.gov.bc.ca/docker-remote + + REPO_NAME: "educ-grad-business-api" + APP_DOMAIN: ${{ secrets.APP_DOMAIN }} + TAG: "latest" + #GRAD2-1947 Resource optimization + MIN_CPU: "20m" + MAX_CPU: "100m" + MIN_MEM: "256Mi" + MAX_MEM: "700Mi" + MIN_REPLICAS: "3" + MAX_REPLICAS: "5" + +on: + # https://docs.github.com/en/actions/reference/events-that-trigger-workflows + workflow_dispatch: + inputs: + choice: + type: choice + description: Choose branch to build from + options: + - develop/alex + - develop/chris + - develop/jinil + - develop/km + +jobs: + openshift-ci-cd: + name: Build and deploy to OpenShift DEV from Developer branch + # ubuntu-20.04 can also be used. + runs-on: ubuntu-20.04 + environment: dev + + outputs: + ROUTE: ${{ steps.deploy-and-expose.outputs.route }} + SELECTOR: ${{ steps.deploy-and-expose.outputs.selector }} + + steps: + - name: Check out repository + uses: actions/checkout@v3 + with: + ref: ${{ github.event.inputs.choice }} + + - name: Determine image tags + if: env.TAG == '' + run: | + echo "TAG=latest ${GITHUB_SHA::12}" | tee -a $GITHUB_ENV + + - name: Login to Docker Hub + uses: docker/login-action@v2 + with: + registry: ${{ env.DOCKER_ARTIFACTORY_REPO }} + username: ${{ secrets.DOCKER_ARTIFACTORY_USERNAME }} + password: ${{ secrets.DOCKER_ARTIFACTORY_ACCESS_TOKEN }} + + # https://github.com/redhat-actions/buildah-build#readme + - name: Build from Dockerfile + id: build-image + uses: redhat-actions/buildah-build@v2 + with: + image: ${{ env.REPO_NAME }} + tags: ${{ env.TAG }} + + # If you don't have a Dockerfile/Containerfile, refer to https://github.com/redhat-actions/buildah-build#scratch-build-inputs + # Or, perform a source-to-image build using https://github.com/redhat-actions/s2i-build + # Otherwise, point this to your Dockerfile/Containerfile relative to the repository root. + dockerfiles: | + ./Dockerfile + + # https://github.com/redhat-actions/push-to-registry#readme + - name: Push to registry + id: push-image + uses: redhat-actions/push-to-registry@v2 + with: + image: ${{ steps.build-image.outputs.image }} + tags: ${{ steps.build-image.outputs.tags }} + registry: ${{ env.IMAGE_REGISTRY }} + username: ${{ env.IMAGE_REGISTRY_USER }} + password: ${{ env.IMAGE_REGISTRY_PASSWORD }} + + # The path the image was pushed to is now stored in ${{ steps.push-image.outputs.registry-path }} + - name: Install oc + uses: redhat-actions/openshift-tools-installer@v1 + with: + oc: 4 + + # https://github.com/redhat-actions/oc-login#readme + - name: Deploy + run: | + set -eux + # Login to OpenShift and select project + oc login --token=${{ env.OPENSHIFT_TOKEN }} --server=${{ env.OPENSHIFT_SERVER }} + oc project ${{ env.OPENSHIFT_NAMESPACE }} + # Cancel any rollouts in progress + oc rollout cancel dc/${{ env.SPRING_BOOT_IMAGE_NAME }} 2> /dev/null \ + || true && echo "No rollout in progress" + # tag image stream + oc -n ${{ env.OPENSHIFT_NAMESPACE }} tag ${{ steps.push-image.outputs.registry-path }} ${{ env.REPO_NAME }}:${{ env.TAG }} + + # Process and apply deployment template + oc process -f tools/openshift/api.dc.yaml -p IS_NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} -p REPO_NAME=${{ env.REPO_NAME }} -p TAG_NAME=${{ env.TAG }} -p HOST_ROUTE=${{ env.REPO_NAME }}-${{ env.OPENSHIFT_NAMESPACE }}.${{ env.APP_DOMAIN }} -p MIN_REPLICAS=${{ env.MIN_REPLICAS }} -p MAX_REPLICAS=${{ env.MAX_REPLICAS }} -p MIN_CPU=${{ env.MIN_CPU }} -p MAX_CPU=${{ env.MAX_CPU }} -p MIN_MEM=${{ env.MIN_MEM }} -p MAX_MEM=${{ env.MAX_MEM }} \ + | oc apply -f - + + # Start rollout (if necessary) and follow it + oc rollout latest dc/${{ env.SPRING_BOOT_IMAGE_NAME }} 2> /dev/null \ + || true && echo "Rollout in progress" + oc logs -f dc/${{ env.SPRING_BOOT_IMAGE_NAME }} + # Get status, returns 0 if rollout is successful + oc rollout status dc/${{ env.SPRING_BOOT_IMAGE_NAME }} + + # now hit it with a zap scan + - name: ZAP Scan + uses: zaproxy/action-api-scan@v0.1.0 + with: + target: 'https://${{ env.REPO_NAME }}-${{ env.OPENSHIFT_NAMESPACE }}-dev.apps.silver.devops.gov.bc.ca/api/v1/api-docs'