From 9e5f7d800e6334f7bee443753cb60a39bc6f2c06 Mon Sep 17 00:00:00 2001 From: Trevor Richards Date: Tue, 10 Dec 2024 15:09:06 -0800 Subject: [PATCH 1/4] feat: ignore some vim/nix stuff --- .gitignore | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index 67398d8..bccfb09 100644 --- a/.gitignore +++ b/.gitignore @@ -12,6 +12,10 @@ target settings.xml application-dev.properties +# Vim +Session.vim +.vim + # Mobile Tools for Java (J2ME) .mtj.tmp/ @@ -37,4 +41,7 @@ hs_err_pid* .classpath .project .factorypath -.vscode \ No newline at end of file +.vscode +.direnv +.envrc +shell.nix From 8df36e723e26a25d919bbac22061e5815908e34f Mon Sep 17 00:00:00 2001 From: Trevor Richards Date: Tue, 10 Dec 2024 15:29:28 -0800 Subject: [PATCH 2/4] feat: script cleanup --- .github/workflows/deploy-to.openshift-dev.yml | 53 +++++++++++++------ .../workflows/deploy-to.openshift-prod.yml | 50 ++++++++++++----- .../workflows/deploy-to.openshift-test.yml | 51 +++++++++++++----- tools/config/update-configmap.sh | 44 ++++++++++++--- 4 files changed, 151 insertions(+), 47 deletions(-) diff --git a/.github/workflows/deploy-to.openshift-dev.yml b/.github/workflows/deploy-to.openshift-dev.yml index 192a053..d3c9677 100644 --- a/.github/workflows/deploy-to.openshift-dev.yml +++ b/.github/workflows/deploy-to.openshift-dev.yml @@ -1,7 +1,7 @@ name: Build & Deploy to DEV env: - # 🖊️ EDIT your repository secrets to log into your OpenShift cluster and set up the context. + # EDIT your repository secrets to log into your OpenShift cluster and set up the context. # See https://github.com/redhat-actions/oc-login#readme for how to retrieve these values. # To get a permanent token, refer to https://github.com/redhat-actions/oc-login/wiki/Using-a-Service-Account-for-GitHub-Actions OPENSHIFT_SERVER: ${{ secrets.OPENSHIFT_SERVER }} @@ -13,13 +13,13 @@ env: DB_USER: ${{ secrets.DB_USER }} SPLUNK_TOKEN: ${{ secrets.SPLUNK_TOKEN }} - # 🖊️ EDIT to change the image registry settings. + # EDIT to change the image registry settings. # Registries such as GHCR, Quay.io, and Docker Hub are supported. IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }} IMAGE_REGISTRY_USER: ${{ github.actor }} IMAGE_REGISTRY_PASSWORD: ${{ github.token }} - # 🖊️ EDIT to specify custom tags for the container image, or default tags will be generated below. + # EDIT to specify custom tags for the container image, or default tags will be generated below. IMAGE_TAGS: "" SPRING_BOOT_IMAGE_NAME: pen-request-api-master @@ -78,18 +78,18 @@ jobs: core.error(`Secret "${name}" is not set`); return true; } - core.info(`✔️ Secret "${name}" is set`); + core.info(`Secret "${name}" is set`); return false; }); if (missingSecrets.length > 0) { - core.setFailed(`❌ At least one required secret is not set in the repository. \n` + + core.setFailed(`At least one required secret is not set in the repository. \n` + "You can add it using:\n" + "GitHub UI: https://docs.github.com/en/actions/reference/encrypted-secrets#creating-encrypted-secrets-for-a-repository \n" + "GitHub CLI: https://cli.github.com/manual/gh_secret_set \n" + "Also, refer to https://github.com/redhat-actions/oc-login#getting-started-with-the-action-or-see-example"); } else { - core.info(`✅ All the required secrets are set`); + core.info(`All the required secrets are set`); } - name: Check out repository uses: actions/checkout@v4 @@ -142,25 +142,48 @@ jobs: - name: Deploy API run: | set -eu + # Login to OpenShift and select project oc login --token=${{ env.OPENSHIFT_TOKEN }} --server=${{ env.OPENSHIFT_SERVER }} oc project ${{ env.OPENSHIFT_NAMESPACE_DEV }} + # Cancel any rollouts in progress oc rollout cancel dc/${{ env.SPRING_BOOT_IMAGE_NAME }} 2> /dev/null \ - || true && echo "No rollout in progress" - + || true && echo "No rollout in progress" + oc tag ${{ steps.push-image.outputs.registry-path }} ${{ env.REPO_NAME }}-${{ env.BRANCH }}:${{ env.TAG }} - + # Process and apply deployment template - oc process -f tools/openshift/api.dc.yaml -p APP_NAME=${{ env.APP_NAME }} -p REPO_NAME=${{ env.REPO_NAME }} -p BRANCH=${{ env.BRANCH }} -p NAMESPACE=${{ env.OPENSHIFT_NAMESPACE_DEV }} -p TAG=${{ env.TAG }} -p MIN_REPLICAS=${{ env.MIN_REPLICAS_DEV }} -p MAX_REPLICAS=${{ env.MAX_REPLICAS_DEV }} -p MIN_CPU=${{ env.MIN_CPU }} -p MAX_CPU=${{ env.MAX_CPU }} -p MIN_MEM=${{ env.MIN_MEM }} -p MAX_MEM=${{ env.MAX_MEM }} \ - | oc apply -f - - - curl -s https://raw.githubusercontent.com/bcgov/${{ env.REPO_NAME }}/master/tools/config/update-configmap.sh | bash /dev/stdin dev ${{ env.APP_NAME }} ${{ env.NAMESPACE }} ${{ env.COMMON_NAMESPACE }} ${{ env.DB_JDBC_CONNECT_STRING }} ${{ env.DB_PWD }} ${{ env.DB_USER }} ${{ env.SPLUNK_TOKEN }} - + oc process -f tools/openshift/api.dc.yaml \ + -p APP_NAME=${{ env.APP_NAME }} \ + -p REPO_NAME=${{ env.REPO_NAME }} \ + -p BRANCH=${{ env.BRANCH }} \ + -p NAMESPACE=${{ env.OPENSHIFT_NAMESPACE_DEV }} \ + -p TAG=${{ env.TAG }} \ + -p MIN_REPLICAS=${{ env.MIN_REPLICAS_DEV }} \ + -p MAX_REPLICAS=${{ env.MAX_REPLICAS_DEV }} \ + -p MIN_CPU=${{ env.MIN_CPU }} \ + -p MAX_CPU=${{ env.MAX_CPU }} \ + -p MIN_MEM=${{ env.MIN_MEM }} \ + -p MAX_MEM=${{ env.MAX_MEM }} \ + | oc apply -f - + + curl -s https://raw.githubusercontent.com/bcgov/${{ env.REPO_NAME }}/master/tools/config/update-configmap.sh \ + | bash /dev/stdin dev \ + ${{ env.APP_NAME }} \ + ${{ env.NAMESPACE }} \ + ${{ env.COMMON_NAMESPACE }} \ + ${{ env.DB_JDBC_CONNECT_STRING }} \ + ${{ env.DB_PWD }} \ + ${{ env.DB_USER }} \ + ${{ env.SPLUNK_TOKEN }} + # Start rollout (if necessary) and follow it oc rollout latest dc/${{ env.SPRING_BOOT_IMAGE_NAME }} 2> /dev/null \ - || true && echo "Rollout in progress" + || true && echo "Rollout in progress" + oc logs -f dc/${{ env.SPRING_BOOT_IMAGE_NAME }} + # Get status, returns 0 if rollout is successful oc rollout status dc/${{ env.SPRING_BOOT_IMAGE_NAME }} - name: ZAP Scan diff --git a/.github/workflows/deploy-to.openshift-prod.yml b/.github/workflows/deploy-to.openshift-prod.yml index 9b10e4d..29a5dc5 100644 --- a/.github/workflows/deploy-to.openshift-prod.yml +++ b/.github/workflows/deploy-to.openshift-prod.yml @@ -1,7 +1,7 @@ name: Deploy to PROD env: - # 🖊️ EDIT your repository secrets to log into your OpenShift cluster and set up the context. + # EDIT your repository secrets to log into your OpenShift cluster and set up the context. # See https://github.com/redhat-actions/oc-login#readme for how to retrieve these values. # To get a permanent token, refer to https://github.com/redhat-actions/oc-login/wiki/Using-a-Service-Account-for-GitHub-Actions # Added this comment @@ -14,7 +14,7 @@ env: DB_USER: ${{ secrets.DB_USER }} SPLUNK_TOKEN: ${{ secrets.SPLUNK_TOKEN }} - # 🖊️ EDIT to change the image registry settings. + # EDIT to change the image registry settings. # Registries such as GHCR, Quay.io, and Docker Hub are supported. IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }} IMAGE_REGISTRY_USER: ${{ github.actor }} @@ -107,24 +107,50 @@ jobs: - name: Deploy run: | set -eux + # Login to OpenShift and select project oc login --token=${{ env.OPENSHIFT_TOKEN }} --server=${{ env.OPENSHIFT_SERVER }} oc project ${{ env.OPENSHIFT_NAMESPACE }} + # Cancel any rollouts in progress oc rollout cancel dc/${{ env.SPRING_BOOT_IMAGE_NAME }} 2> /dev/null \ - || true && echo "No rollout in progress" - - oc tag ${{ env.NAMESPACE }}-test/${{ env.REPO_NAME }}-${{ env.BRANCH }}:${{ steps.get-latest-tag.outputs.tag }} ${{ env.NAMESPACE }}-prod/${{ env.REPO_NAME }}-${{ env.BRANCH }}:${{ steps.get-latest-tag.outputs.tag }} - + || true && echo "No rollout in progress" + + oc tag \ + ${{ env.NAMESPACE }}-test/${{ env.REPO_NAME }}-${{ env.BRANCH }}:${{ steps.get-latest-tag.outputs.tag }} \ + ${{ env.NAMESPACE }}-prod/${{ env.REPO_NAME }}-${{ env.BRANCH }}:${{ steps.get-latest-tag.outputs.tag }} + # Process and apply deployment template - oc process -f tools/openshift/api.dc.yaml -p APP_NAME=${{ env.APP_NAME }} -p REPO_NAME=${{ env.REPO_NAME }} -p BRANCH=${{ env.BRANCH }} -p NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} -p TAG=${{ steps.get-latest-tag.outputs.tag }} -p MIN_REPLICAS=${{ env.MIN_REPLICAS }} -p MAX_REPLICAS=${{ env.MAX_REPLICAS }} -p MIN_CPU=${{ env.MIN_CPU }} -p MAX_CPU=${{ env.MAX_CPU }} -p MIN_MEM=${{ env.MIN_MEM }} -p MAX_MEM=${{ env.MAX_MEM }} \ - | oc apply -f - - - curl -s https://raw.githubusercontent.com/bcgov/${{ env.REPO_NAME }}/${{ steps.get-latest-tag.outputs.tag }}/tools/config/update-configmap.sh | bash /dev/stdin ${{ env.TARGET_ENV }} ${{ env.APP_NAME }} ${{ env.NAMESPACE }} ${{ env.COMMON_NAMESPACE }} ${{ env.DB_JDBC_CONNECT_STRING }} ${{ env.DB_PWD }} ${{ env.DB_USER }} ${{ env.SPLUNK_TOKEN }} - + oc process -f tools/openshift/api.dc.yaml \ + -p APP_NAME=${{ env.APP_NAME }} \ + -p REPO_NAME=${{ env.REPO_NAME }} \ + -p BRANCH=${{ env.BRANCH }} \ + -p NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} \ + -p TAG=${{ steps.get-latest-tag.outputs.tag }} \ + -p MIN_REPLICAS=${{ env.MIN_REPLICAS }} \ + -p MAX_REPLICAS=${{ env.MAX_REPLICAS }} \ + -p MIN_CPU=${{ env.MIN_CPU }} \ + -p MAX_CPU=${{ env.MAX_CPU }} \ + -p MIN_MEM=${{ env.MIN_MEM }} \ + -p MAX_MEM=${{ env.MAX_MEM }} \ + | oc apply -f - + + curl -s https://raw.githubusercontent.com/bcgov/${{ env.REPO_NAME }}/${{ steps.get-latest-tag.outputs.tag }}/tools/config/update-configmap.sh \ + | bash /dev/stdin \ + ${{ env.TARGET_ENV }} \ + ${{ env.APP_NAME }} \ + ${{ env.NAMESPACE }} \ + ${{ env.COMMON_NAMESPACE }} \ + ${{ env.DB_JDBC_CONNECT_STRING }} \ + ${{ env.DB_PWD }} \ + ${{ env.DB_USER }} \ + ${{ env.SPLUNK_TOKEN }} + # Start rollout (if necessary) and follow it oc rollout latest dc/${{ env.SPRING_BOOT_IMAGE_NAME }} 2> /dev/null \ - || true && echo "Rollout in progress" + || true && echo "Rollout in progress" + oc logs -f dc/${{ env.SPRING_BOOT_IMAGE_NAME }} + # Get status, returns 0 if rollout is successful oc rollout status dc/${{ env.SPRING_BOOT_IMAGE_NAME }} diff --git a/.github/workflows/deploy-to.openshift-test.yml b/.github/workflows/deploy-to.openshift-test.yml index a885a33..c7a417d 100644 --- a/.github/workflows/deploy-to.openshift-test.yml +++ b/.github/workflows/deploy-to.openshift-test.yml @@ -1,7 +1,7 @@ name: Build & Deploy to TEST env: - # 🖊️ EDIT your repository secrets to log into your OpenShift cluster and set up the context. + # EDIT your repository secrets to log into your OpenShift cluster and set up the context. # See https://github.com/redhat-actions/oc-login#readme for how to retrieve these values. # To get a permanent token, refer to https://github.com/redhat-actions/oc-login/wiki/Using-a-Service-Account-for-GitHub-Actions OPENSHIFT_SERVER: ${{ secrets.OPENSHIFT_SERVER }} @@ -13,13 +13,13 @@ env: DB_USER: ${{ secrets.DB_USER }} SPLUNK_TOKEN: ${{ secrets.SPLUNK_TOKEN }} - # 🖊️ EDIT to change the image registry settings. + # EDIT to change the image registry settings. # Registries such as GHCR, Quay.io, and Docker Hub are supported. IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }} IMAGE_REGISTRY_USER: ${{ github.actor }} IMAGE_REGISTRY_PASSWORD: ${{ github.token }} - # 🖊️ EDIT to specify custom tags for the container image, or default tags will be generated below. + # EDIT to specify custom tags for the container image, or default tags will be generated below. IMAGE_TAGS: "" SPRING_BOOT_IMAGE_NAME: pen-request-api-master @@ -84,19 +84,19 @@ jobs: core.error(`Secret "${name}" is not set`); return true; } - core.info(`✔️ Secret "${name}" is set`); + core.info(`Secret "${name}" is set`); return false; }); if (missingSecrets.length > 0) { - core.setFailed(`❌ At least one required secret is not set in the repository. \n` + + core.setFailed(`At least one required secret is not set in the repository. \n` + "You can add it using:\n" + "GitHub UI: https://docs.github.com/en/actions/reference/encrypted-secrets#creating-encrypted-secrets-for-a-repository \n" + "GitHub CLI: https://cli.github.com/manual/gh_secret_set \n" + "Also, refer to https://github.com/redhat-actions/oc-login#getting-started-with-the-action-or-see-example"); } else { - core.info(`✅ All the required secrets are set`); + core.info(`All the required secrets are set`); } - name: Check out repository @@ -110,25 +110,50 @@ jobs: - name: Deploy API run: | set -eu + # Login to OpenShift and select project oc login --token=${{ env.OPENSHIFT_TOKEN }} --server=${{ env.OPENSHIFT_SERVER }} oc project ${{ env.OPENSHIFT_NAMESPACE_TEST }} + # Cancel any rollouts in progress oc rollout cancel dc/${{ env.SPRING_BOOT_IMAGE_NAME }} 2> /dev/null \ - || true && echo "No rollout in progress" + || true && echo "No rollout in progress" - oc tag ${{ env.NAMESPACE }}-dev/${{ env.REPO_NAME }}-${{ env.BRANCH }}:${{ env.TAG }} ${{ env.NAMESPACE }}-test/${{ env.REPO_NAME }}-${{ env.BRANCH }}:${{ env.TAG }} + oc tag \ + ${{ env.NAMESPACE }}-dev/${{ env.REPO_NAME }}-${{ env.BRANCH }}:${{ env.TAG }} \ + ${{ env.NAMESPACE }}-test/${{ env.REPO_NAME }}-${{ env.BRANCH }}:${{ env.TAG }} # Process and apply deployment template - oc process -f tools/openshift/api.dc.yaml -p APP_NAME=${{ env.APP_NAME }} -p REPO_NAME=${{ env.REPO_NAME }} -p BRANCH=${{ env.BRANCH }} -p NAMESPACE=${{ env.OPENSHIFT_NAMESPACE_TEST }} -p TAG=${{ env.TAG }} -p MIN_REPLICAS=${{ env.MIN_REPLICAS_TEST }} -p MAX_REPLICAS=${{ env.MAX_REPLICAS_TEST }} -p MIN_CPU=${{ env.MIN_CPU }} -p MAX_CPU=${{ env.MAX_CPU }} -p MIN_MEM=${{ env.MIN_MEM }} -p MAX_MEM=${{ env.MAX_MEM }} \ - | oc apply -f - - - curl -s https://raw.githubusercontent.com/bcgov/${{ env.REPO_NAME }}/master/tools/config/update-configmap.sh | bash /dev/stdin test ${{ env.APP_NAME }} ${{ env.NAMESPACE }} ${{ env.COMMON_NAMESPACE }} ${{ env.DB_JDBC_CONNECT_STRING }} ${{ env.DB_PWD }} ${{ env.DB_USER }} ${{ env.SPLUNK_TOKEN }} + oc process -f tools/openshift/api.dc.yaml -p APP_NAME=\ + ${{ env.APP_NAME }} -p REPO_NAME=\ + ${{ env.REPO_NAME }} -p BRANCH=\ + ${{ env.BRANCH }} -p NAMESPACE=\ + ${{ env.OPENSHIFT_NAMESPACE_TEST }} -p TAG=\ + ${{ env.TAG }} -p MIN_REPLICAS=\ + ${{ env.MIN_REPLICAS_TEST }} -p MAX_REPLICAS=\ + ${{ env.MAX_REPLICAS_TEST }} -p MIN_CPU=\ + ${{ env.MIN_CPU }} -p MAX_CPU=\ + ${{ env.MAX_CPU }} -p MIN_MEM=\ + ${{ env.MIN_MEM }} -p MAX_MEM=\ + ${{ env.MAX_MEM }} \ + k oc apply -f - + + curl -s https://raw.githubusercontent.com/bcgov/${{ env.REPO_NAME }}/master/tools/config/update-configmap.sh \ + | bash /dev/stdin test \ + ${{ env.APP_NAME }} \ + ${{ env.NAMESPACE }} \ + ${{ env.COMMON_NAMESPACE }} \ + ${{ env.DB_JDBC_CONNECT_STRING }} \ + ${{ env.DB_PWD }} \ + ${{ env.DB_USER }} \ + ${{ env.SPLUNK_TOKEN }} # Start rollout (if necessary) and follow it oc rollout latest dc/${{ env.SPRING_BOOT_IMAGE_NAME }} 2> /dev/null \ - || true && echo "Rollout in progress" + || true && echo "Rollout in progress" + oc logs -f dc/${{ env.SPRING_BOOT_IMAGE_NAME }} + # Get status, returns 0 if rollout is successful oc rollout status dc/${{ env.SPRING_BOOT_IMAGE_NAME }} diff --git a/tools/config/update-configmap.sh b/tools/config/update-configmap.sh index 608a002..a493d70 100644 --- a/tools/config/update-configmap.sh +++ b/tools/config/update-configmap.sh @@ -151,15 +151,45 @@ PARSER_CONFIG=" Format json " echo -echo Creating config map "$APP_NAME"-config-map -oc create -n "$OPENSHIFT_NAMESPACE"-"$envValue" configmap "$APP_NAME"-config-map --from-literal=TZ=$TZVALUE --from-literal=TOKEN_ISSUER_URL="https://$SOAM_KC/auth/realms/$SOAM_KC_REALM_ID" --from-literal=NATS_URL="$NATS_URL" --from-literal=NATS_CLUSTER=$NATS_CLUSTER --from-literal=JDBC_URL="$DB_JDBC_CONNECT_STRING" --from-literal=ORACLE_USERNAME="$DB_USER" --from-literal=ORACLE_PASSWORD="$DB_PWD" --from-literal=SPRING_SECURITY_LOG_LEVEL=INFO --from-literal=SPRING_WEB_LOG_LEVEL=INFO --from-literal=APP_LOG_LEVEL=INFO --from-literal=HIBERNATE_STATISTICS=false --from-literal=SPRING_BOOT_AUTOCONFIG_LOG_LEVEL=INFO --from-literal=SPRING_SHOW_REQUEST_DETAILS=false --from-literal=FILE_EXTENSIONS="image/jpeg,image/png,application/pdf,.jpg,.jpeg,.jpe,.jfif,.jif,.jfi" --from-literal=FILE_MAXSIZE=10485760 --from-literal=FILE_MAX_ENCODED_SIZE=15485760 --from-literal=BCSC_AUTO_MATCH_OUTCOMES="RIGHTPEN,WRONGPEN,ZEROMATCHES,MANYMATCHES,ONEMATCH" --from-literal=REMOVE_BLOB_CONTENTS_DOCUMENT_AFTER_DAYS="365" --from-literal=SCHEDULED_JOBS_REMOVE_BLOB_CONTENTS_DOCUMENT_CRON="@midnight" --from-literal=NATS_MAX_RECONNECT=60 --from-literal=PURGE_RECORDS_EVENT_AFTER_DAYS=365 --from-literal=SCHEDULED_JOBS_PURGE_OLD_EVENT_RECORDS_CRON="@midnight" --dry-run -o yaml | oc apply -f - +echo Creating config map "$APP_NAME-config-map" +oc create -n "$OPENSHIFT_NAMESPACE-$envValue" configmap \ + "$APP_NAME-config-map" \ + --from-literal=TZ=$TZVALUE \ + --from-literal=TOKEN_ISSUER_URL="https://$SOAM_KC/auth/realms/$SOAM_KC_REALM_ID" \ + --from-literal=NATS_URL="$NATS_URL" \ + --from-literal=NATS_CLUSTER=$NATS_CLUSTER \ + --from-literal=JDBC_URL="$DB_JDBC_CONNECT_STRING" \ + --from-literal=ORACLE_USERNAME="$DB_USER" \ + --from-literal=ORACLE_PASSWORD="$DB_PWD" \ + --from-literal=SPRING_SECURITY_LOG_LEVEL=INFO \ + --from-literal=SPRING_WEB_LOG_LEVEL=INFO \ + --from-literal=APP_LOG_LEVEL=INFO \ + --from-literal=HIBERNATE_STATISTICS=false \ + --from-literal=SPRING_BOOT_AUTOCONFIG_LOG_LEVEL=INFO \ + --from-literal=SPRING_SHOW_REQUEST_DETAILS=false \ + --from-literal=FILE_EXTENSIONS="image/jpeg,image/png,application/pdf,.jpg,.jpeg,.jpe,.jfif,.jif,.jfi" \ + --from-literal=FILE_MAXSIZE=10485760 \ + --from-literal=FILE_MAX_ENCODED_SIZE=15485760 \ + --from-literal=BCSC_AUTO_MATCH_OUTCOMES="RIGHTPEN,WRONGPEN,ZEROMATCHES,MANYMATCHES,ONEMATCH" \ + --from-literal=REMOVE_BLOB_CONTENTS_DOCUMENT_AFTER_DAYS="365" \ + --from-literal=SCHEDULED_JOBS_REMOVE_BLOB_CONTENTS_DOCUMENT_CRON="@midnight" \ + --from-literal=NATS_MAX_RECONNECT=60 \ + --from-literal=PURGE_RECORDS_EVENT_AFTER_DAYS=365 \ + --from-literal=SCHEDULED_JOBS_PURGE_OLD_EVENT_RECORDS_CRON="@midnight" \ + --dry-run -o yaml | oc apply -f - echo -echo Setting environment variables for "$APP_NAME"-$SOAM_KC_REALM_ID application -oc -n "$OPENSHIFT_NAMESPACE"-"$envValue" set env --from=configmap/"$APP_NAME"-config-map dc/"$APP_NAME"-$SOAM_KC_REALM_ID +echo Setting environment variables for "$APP_NAME-$SOAM_KC_REALM_ID" application +oc -n "$OPENSHIFT_NAMESPACE-$envValue" set env \ + --from=configmap/"$APP_NAME-config-map" "dc/$APP_NAME-$SOAM_KC_REALM_ID" -echo Creating config map "$APP_NAME"-flb-sc-config-map -oc create -n "$OPENSHIFT_NAMESPACE"-"$envValue" configmap "$APP_NAME"-flb-sc-config-map --from-literal=fluent-bit.conf="$FLB_CONFIG" --from-literal=parsers.conf="$PARSER_CONFIG" --dry-run=client -o yaml | oc apply -f - +echo Creating config map "$APP_NAME-flb-sc-config-map" +oc create -n "$OPENSHIFT_NAMESPACE-$envValue" configmap \ + "$APP_NAME-flb-sc-config-map" \ + --from-literal=fluent-bit.conf="$FLB_CONFIG" \ + --from-literal=parsers.conf="$PARSER_CONFIG" \ + --dry-run=client -o yaml | oc apply -f - echo Removing un-needed config entries -oc -n "$OPENSHIFT_NAMESPACE"-"$envValue" set env dc/"$APP_NAME"-$SOAM_KC_REALM_ID KEYCLOAK_PUBLIC_KEY- +oc -n "$OPENSHIFT_NAMESPACE-$envValue" set env \ + dc/"$APP_NAME-$SOAM_KC_REALM_ID" KEYCLOAK_PUBLIC_KEY- From 6908f774de080eac8c1a6e604931e13a5013de25 Mon Sep 17 00:00:00 2001 From: Trevor Richards Date: Tue, 10 Dec 2024 15:37:39 -0800 Subject: [PATCH 3/4] feat: convert from dc to deployment --- .github/workflows/deploy-to.openshift-dev.yml | 13 +++++++------ .../workflows/deploy-to.openshift-prod.yml | 13 +++++++------ .../workflows/deploy-to.openshift-test.yml | 13 +++++++------ tools/config/update-configmap.sh | 11 ++++++----- .../{api.dc.yaml => api.deployment.yaml} | 19 +++++++++---------- 5 files changed, 36 insertions(+), 33 deletions(-) rename tools/openshift/{api.dc.yaml => api.deployment.yaml} (95%) diff --git a/.github/workflows/deploy-to.openshift-dev.yml b/.github/workflows/deploy-to.openshift-dev.yml index d3c9677..16d2e87 100644 --- a/.github/workflows/deploy-to.openshift-dev.yml +++ b/.github/workflows/deploy-to.openshift-dev.yml @@ -148,13 +148,13 @@ jobs: oc project ${{ env.OPENSHIFT_NAMESPACE_DEV }} # Cancel any rollouts in progress - oc rollout cancel dc/${{ env.SPRING_BOOT_IMAGE_NAME }} 2> /dev/null \ + oc rollout cancel deployment/${{ env.SPRING_BOOT_IMAGE_NAME }} 2> /dev/null \ || true && echo "No rollout in progress" oc tag ${{ steps.push-image.outputs.registry-path }} ${{ env.REPO_NAME }}-${{ env.BRANCH }}:${{ env.TAG }} # Process and apply deployment template - oc process -f tools/openshift/api.dc.yaml \ + oc process -f tools/openshift/api.deployment.yaml \ -p APP_NAME=${{ env.APP_NAME }} \ -p REPO_NAME=${{ env.REPO_NAME }} \ -p BRANCH=${{ env.BRANCH }} \ @@ -176,16 +176,17 @@ jobs: ${{ env.DB_JDBC_CONNECT_STRING }} \ ${{ env.DB_PWD }} \ ${{ env.DB_USER }} \ - ${{ env.SPLUNK_TOKEN }} + ${{ env.SPLUNK_TOKEN }} \ + ${{ env.BRANCH }} # Start rollout (if necessary) and follow it - oc rollout latest dc/${{ env.SPRING_BOOT_IMAGE_NAME }} 2> /dev/null \ + oc rollout latest deployment/${{ env.SPRING_BOOT_IMAGE_NAME }} 2> /dev/null \ || true && echo "Rollout in progress" - oc logs -f dc/${{ env.SPRING_BOOT_IMAGE_NAME }} + oc logs -f deployment/${{ env.SPRING_BOOT_IMAGE_NAME }} # Get status, returns 0 if rollout is successful - oc rollout status dc/${{ env.SPRING_BOOT_IMAGE_NAME }} + oc rollout status deployment/${{ env.SPRING_BOOT_IMAGE_NAME }} - name: ZAP Scan uses: zaproxy/action-api-scan@v0.8.0 with: diff --git a/.github/workflows/deploy-to.openshift-prod.yml b/.github/workflows/deploy-to.openshift-prod.yml index 29a5dc5..f75f372 100644 --- a/.github/workflows/deploy-to.openshift-prod.yml +++ b/.github/workflows/deploy-to.openshift-prod.yml @@ -113,7 +113,7 @@ jobs: oc project ${{ env.OPENSHIFT_NAMESPACE }} # Cancel any rollouts in progress - oc rollout cancel dc/${{ env.SPRING_BOOT_IMAGE_NAME }} 2> /dev/null \ + oc rollout cancel deployment/${{ env.SPRING_BOOT_IMAGE_NAME }} 2> /dev/null \ || true && echo "No rollout in progress" oc tag \ @@ -121,7 +121,7 @@ jobs: ${{ env.NAMESPACE }}-prod/${{ env.REPO_NAME }}-${{ env.BRANCH }}:${{ steps.get-latest-tag.outputs.tag }} # Process and apply deployment template - oc process -f tools/openshift/api.dc.yaml \ + oc process -f tools/openshift/api.deployment.yaml \ -p APP_NAME=${{ env.APP_NAME }} \ -p REPO_NAME=${{ env.REPO_NAME }} \ -p BRANCH=${{ env.BRANCH }} \ @@ -144,13 +144,14 @@ jobs: ${{ env.DB_JDBC_CONNECT_STRING }} \ ${{ env.DB_PWD }} \ ${{ env.DB_USER }} \ - ${{ env.SPLUNK_TOKEN }} + ${{ env.SPLUNK_TOKEN }} \ + ${{ env.BRANCH }} # Start rollout (if necessary) and follow it - oc rollout latest dc/${{ env.SPRING_BOOT_IMAGE_NAME }} 2> /dev/null \ + oc rollout latest deployment/${{ env.SPRING_BOOT_IMAGE_NAME }} 2> /dev/null \ || true && echo "Rollout in progress" - oc logs -f dc/${{ env.SPRING_BOOT_IMAGE_NAME }} + oc logs -f deployment/${{ env.SPRING_BOOT_IMAGE_NAME }} # Get status, returns 0 if rollout is successful - oc rollout status dc/${{ env.SPRING_BOOT_IMAGE_NAME }} + oc rollout status deployment/${{ env.SPRING_BOOT_IMAGE_NAME }} diff --git a/.github/workflows/deploy-to.openshift-test.yml b/.github/workflows/deploy-to.openshift-test.yml index c7a417d..defc4b3 100644 --- a/.github/workflows/deploy-to.openshift-test.yml +++ b/.github/workflows/deploy-to.openshift-test.yml @@ -116,7 +116,7 @@ jobs: oc project ${{ env.OPENSHIFT_NAMESPACE_TEST }} # Cancel any rollouts in progress - oc rollout cancel dc/${{ env.SPRING_BOOT_IMAGE_NAME }} 2> /dev/null \ + oc rollout cancel deployment/${{ env.SPRING_BOOT_IMAGE_NAME }} 2> /dev/null \ || true && echo "No rollout in progress" oc tag \ @@ -124,7 +124,7 @@ jobs: ${{ env.NAMESPACE }}-test/${{ env.REPO_NAME }}-${{ env.BRANCH }}:${{ env.TAG }} # Process and apply deployment template - oc process -f tools/openshift/api.dc.yaml -p APP_NAME=\ + oc process -f tools/openshift/api.deployment.yaml -p APP_NAME=\ ${{ env.APP_NAME }} -p REPO_NAME=\ ${{ env.REPO_NAME }} -p BRANCH=\ ${{ env.BRANCH }} -p NAMESPACE=\ @@ -146,16 +146,17 @@ jobs: ${{ env.DB_JDBC_CONNECT_STRING }} \ ${{ env.DB_PWD }} \ ${{ env.DB_USER }} \ - ${{ env.SPLUNK_TOKEN }} + ${{ env.SPLUNK_TOKEN }} \ + ${{ env.BRANCH }} # Start rollout (if necessary) and follow it - oc rollout latest dc/${{ env.SPRING_BOOT_IMAGE_NAME }} 2> /dev/null \ + oc rollout latest deployment/${{ env.SPRING_BOOT_IMAGE_NAME }} 2> /dev/null \ || true && echo "Rollout in progress" - oc logs -f dc/${{ env.SPRING_BOOT_IMAGE_NAME }} + oc logs -f deployment/${{ env.SPRING_BOOT_IMAGE_NAME }} # Get status, returns 0 if rollout is successful - oc rollout status dc/${{ env.SPRING_BOOT_IMAGE_NAME }} + oc rollout status deployment/${{ env.SPRING_BOOT_IMAGE_NAME }} - name: ZAP Scan uses: zaproxy/action-api-scan@v0.8.0 diff --git a/tools/config/update-configmap.sh b/tools/config/update-configmap.sh index a493d70..2d5ded9 100644 --- a/tools/config/update-configmap.sh +++ b/tools/config/update-configmap.sh @@ -5,6 +5,7 @@ DB_JDBC_CONNECT_STRING=$5 DB_PWD=$6 DB_USER=$7 SPLUNK_TOKEN=$8 +BRANCH=$8 TZVALUE="America/Vancouver" SOAM_KC_REALM_ID="master" @@ -176,20 +177,20 @@ oc create -n "$OPENSHIFT_NAMESPACE-$envValue" configmap \ --from-literal=NATS_MAX_RECONNECT=60 \ --from-literal=PURGE_RECORDS_EVENT_AFTER_DAYS=365 \ --from-literal=SCHEDULED_JOBS_PURGE_OLD_EVENT_RECORDS_CRON="@midnight" \ - --dry-run -o yaml | oc apply -f - + --dry-run=client -o yaml | oc apply -f - echo -echo Setting environment variables for "$APP_NAME-$SOAM_KC_REALM_ID" application +echo Setting environment variables for "$APP_NAME-$BRANCH" application oc -n "$OPENSHIFT_NAMESPACE-$envValue" set env \ - --from=configmap/"$APP_NAME-config-map" "dc/$APP_NAME-$SOAM_KC_REALM_ID" + --from="configmap/$APP_NAME-config-map" "deployment/$APP_NAME-$BRANCH" echo Creating config map "$APP_NAME-flb-sc-config-map" oc create -n "$OPENSHIFT_NAMESPACE-$envValue" configmap \ "$APP_NAME-flb-sc-config-map" \ --from-literal=fluent-bit.conf="$FLB_CONFIG" \ --from-literal=parsers.conf="$PARSER_CONFIG" \ - --dry-run=client -o yaml | oc apply -f - + --dry-run=client=client -o yaml | oc apply -f - echo Removing un-needed config entries oc -n "$OPENSHIFT_NAMESPACE-$envValue" set env \ - dc/"$APP_NAME-$SOAM_KC_REALM_ID" KEYCLOAK_PUBLIC_KEY- + "deployment/$APP_NAME-$BRANCH" KEYCLOAK_PUBLIC_KEY- diff --git a/tools/openshift/api.dc.yaml b/tools/openshift/api.deployment.yaml similarity index 95% rename from tools/openshift/api.dc.yaml rename to tools/openshift/api.deployment.yaml index fa52b0a..410443e 100644 --- a/tools/openshift/api.dc.yaml +++ b/tools/openshift/api.deployment.yaml @@ -4,10 +4,10 @@ kind: Template labels: template: "${REPO_NAME}-template" metadata: - name: "${REPO_NAME}-${BRANCH}-dc" + name: "${REPO_NAME}-${BRANCH}-deployment" objects: - - apiVersion: v1 - kind: DeploymentConfig + - apiVersion: apps/v1 + kind: Deployment metadata: labels: app: "${APP_NAME}-${BRANCH}" @@ -18,8 +18,10 @@ objects: app: "${APP_NAME}-${BRANCH}" deploymentConfig: "${APP_NAME}-${BRANCH}" strategy: - resources: {} - type: Rolling + type: RollingUpdate + rollingUpdate: + maxUnavailable: 25% + maxSurge: 25% template: metadata: annotations: @@ -116,8 +118,6 @@ objects: configMap: name: "${APP_NAME}-flb-sc-config-map" test: false - triggers: - - type: ConfigChange - apiVersion: v1 kind: Service metadata: @@ -133,15 +133,14 @@ objects: protocol: TCP selector: app: "${APP_NAME}-${BRANCH}" - deploymentconfig: "${APP_NAME}-${BRANCH}" - apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: name: "${APP_NAME}-${BRANCH}-cpu-autoscaler" spec: scaleTargetRef: - apiVersion: apps.openshift.io/v1 - kind: DeploymentConfig + apiVersion: apps/v1 + kind: Deployment name: "${APP_NAME}-${BRANCH}" subresource: scale minReplicas: ${{MIN_REPLICAS}} From 9c825a91b875d3d51a4debb2074acfd11928a6f8 Mon Sep 17 00:00:00 2001 From: Trevor Richards Date: Tue, 10 Dec 2024 15:51:45 -0800 Subject: [PATCH 4/4] feat: remove hard-coded branch --- .github/workflows/deploy-to.openshift-dev.yml | 4 ++-- .github/workflows/deploy-to.openshift-prod.yml | 2 +- .github/workflows/deploy-to.openshift-test.yml | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/deploy-to.openshift-dev.yml b/.github/workflows/deploy-to.openshift-dev.yml index 16d2e87..3351c59 100644 --- a/.github/workflows/deploy-to.openshift-dev.yml +++ b/.github/workflows/deploy-to.openshift-dev.yml @@ -28,7 +28,7 @@ env: APP_NAME: 'pen-request-api' REPO_NAME: "educ-pen-request-api" - BRANCH: "master" + BRANCH: ${{ github.ref_name }} APP_NAME_FULL: "pen-request-api-master" NAMESPACE: ${{ secrets.COMMON_NAMESPACE_NO_ENV }} COMMON_NAMESPACE: ${{ secrets.COMMON_NAMESPACE_NO_ENV }} @@ -168,7 +168,7 @@ jobs: -p MAX_MEM=${{ env.MAX_MEM }} \ | oc apply -f - - curl -s https://raw.githubusercontent.com/bcgov/${{ env.REPO_NAME }}/master/tools/config/update-configmap.sh \ + curl -s https://raw.githubusercontent.com/bcgov/${{ env.REPO_NAME }}/${{ env.BRANCH }}/tools/config/update-configmap.sh \ | bash /dev/stdin dev \ ${{ env.APP_NAME }} \ ${{ env.NAMESPACE }} \ diff --git a/.github/workflows/deploy-to.openshift-prod.yml b/.github/workflows/deploy-to.openshift-prod.yml index f75f372..4ac3862 100644 --- a/.github/workflows/deploy-to.openshift-prod.yml +++ b/.github/workflows/deploy-to.openshift-prod.yml @@ -24,7 +24,7 @@ env: APP_NAME: 'pen-request-api' REPO_NAME: "educ-pen-request-api" - BRANCH: "master" + BRANCH: ${{ github.ref_name }} NAMESPACE: ${{ secrets.COMMON_NAMESPACE_NO_ENV }} COMMON_NAMESPACE: ${{ secrets.COMMON_NAMESPACE_NO_ENV }} TAG: "latest" diff --git a/.github/workflows/deploy-to.openshift-test.yml b/.github/workflows/deploy-to.openshift-test.yml index defc4b3..35f047b 100644 --- a/.github/workflows/deploy-to.openshift-test.yml +++ b/.github/workflows/deploy-to.openshift-test.yml @@ -28,7 +28,7 @@ env: APP_NAME: 'pen-request-api' REPO_NAME: "educ-pen-request-api" - BRANCH: "master" + BRANCH: "${{ github.ref_name }}" APP_NAME_FULL: "pen-request-api-master" NAMESPACE: ${{ secrets.COMMON_NAMESPACE_NO_ENV }} COMMON_NAMESPACE: ${{ secrets.COMMON_NAMESPACE_NO_ENV }} @@ -138,7 +138,7 @@ jobs: ${{ env.MAX_MEM }} \ k oc apply -f - - curl -s https://raw.githubusercontent.com/bcgov/${{ env.REPO_NAME }}/master/tools/config/update-configmap.sh \ + curl -s https://raw.githubusercontent.com/bcgov/${{ env.REPO_NAME }}/${{ env.BRANCH }}/tools/config/update-configmap.sh \ | bash /dev/stdin test \ ${{ env.APP_NAME }} \ ${{ env.NAMESPACE }} \