feat: add test & prod pipelines

bcgov · Nov 8, 2023 · 4396a85 · 4396a85
1 parent 3fe5069
commit 4396a85
Show file tree

Hide file tree

Showing 16 changed files with 244 additions and 0 deletions.
diff --git a/.github/workflows/apply-silver-prod.yml b/.github/workflows/apply-silver-prod.yml
@@ -0,0 +1,33 @@
+name: Apply Network Policies on Silver Prod
+
+on:
+  push:
+    branches:
+    - main
+    paths:
+    - .github/workflows/apply-silver-prod.yml
+    - network-policies/silver/prod/**
+
+env:
+  NAMESPACE: b5395d-prod
+
+jobs:
+  apply:
+    runs-on: ubuntu-22.04
+    timeout-minutes: 5
+    permissions:
+      contents: read
+    environment:
+      name: silver-prod
+
+    steps:
+    - uses: hmarr/debug-action@a701ed95a46e6f2fb0df25e1a558c16356fae35a
+    - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
+
+    - name: Apply Terraform
+      uses: ./.github/actions/apply-terraform
+      with:
+        context: network-policies/silver/prod
+        namespace: ${{ env.NAMESPACE }}
+        openshift-server-url: ${{ secrets.OPENSHIFT_SERVER }}
+        openshift-token: ${{ secrets.OPENSHIFT_TOKEN }}
diff --git a/.github/workflows/apply-silver-test.yml b/.github/workflows/apply-silver-test.yml
@@ -0,0 +1,33 @@
+name: Apply Network Policies on Silver Test
+
+on:
+  push:
+    branches:
+    - main
+    paths:
+    - .github/workflows/apply-silver-test.yml
+    - network-policies/silver/test/**
+
+env:
+  NAMESPACE: b5395d-test
+
+jobs:
+  apply:
+    runs-on: ubuntu-22.04
+    timeout-minutes: 5
+    permissions:
+      contents: read
+    environment:
+      name: silver-test
+
+    steps:
+    - uses: hmarr/debug-action@a701ed95a46e6f2fb0df25e1a558c16356fae35a
+    - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
+
+    - name: Apply Terraform
+      uses: ./.github/actions/apply-terraform
+      with:
+        context: network-policies/silver/test
+        namespace: ${{ env.NAMESPACE }}
+        openshift-server-url: ${{ secrets.OPENSHIFT_SERVER }}
+        openshift-token: ${{ secrets.OPENSHIFT_TOKEN }}
diff --git a/network-policies/silver/prod/.terraform.lock.hcl b/network-policies/silver/prod/.terraform.lock.hcl
diff --git a/network-policies/silver/prod/_main.tf b/network-policies/silver/prod/_main.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_version = ">= 1.6.2"
+
+  backend "kubernetes" {
+    namespace     = "b5395d-prod"
+    secret_suffix = "network-policies" # pragma: allowlist secret
+    config_path   = "~/.kube/config"
+  }
+
+  required_providers {
+    kubernetes = {
+      source  = "hashicorp/kubernetes"
+      version = "=2.23.0"
+    }
+  }
+}
+
+provider "kubernetes" {
+  config_path = "~/.kube/config"
+}
diff --git a/network-policies/silver/prod/fdf5df.tf b/network-policies/silver/prod/fdf5df.tf
@@ -0,0 +1,4 @@
+module "fdf5df" {
+  source        = "./network-policy"
+  license_plate = "fdf5df"
+}
diff --git a/network-policies/silver/prod/network-policy/.terraform.lock.hcl b/network-policies/silver/prod/network-policy/.terraform.lock.hcl
diff --git a/network-policies/silver/prod/network-policy/config.tf b/network-policies/silver/prod/network-policy/config.tf
@@ -0,0 +1,10 @@
+terraform {
+  required_version = ">= 1.6.2"
+
+  required_providers {
+    kubernetes = {
+      source  = "hashicorp/kubernetes"
+      version = "=2.23.0"
+    }
+  }
+}
diff --git a/network-policies/silver/prod/network-policy/main.tf b/network-policies/silver/prod/network-policy/main.tf
@@ -0,0 +1,7 @@
+module "network_policy" {
+  source = "../../../_modules/network-policy"
+
+  license_plate        = "b5395d"
+  environment          = "prod"
+  target_license_plate = var.license_plate
+}
diff --git a/network-policies/silver/prod/network-policy/variables.tf b/network-policies/silver/prod/network-policy/variables.tf
@@ -0,0 +1,4 @@
+variable "license_plate" {
+  description = "The namespace's license plate that has access to ClamAV instances"
+  type        = string
+}
diff --git a/network-policies/silver/test/.terraform.lock.hcl b/network-policies/silver/test/.terraform.lock.hcl
diff --git a/network-policies/silver/test/_main.tf b/network-policies/silver/test/_main.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_version = ">= 1.6.2"
+
+  backend "kubernetes" {
+    namespace     = "b5395d-test"
+    secret_suffix = "network-policies" # pragma: allowlist secret
+    config_path   = "~/.kube/config"
+  }
+
+  required_providers {
+    kubernetes = {
+      source  = "hashicorp/kubernetes"
+      version = "=2.23.0"
+    }
+  }
+}
+
+provider "kubernetes" {
+  config_path = "~/.kube/config"
+}
diff --git a/network-policies/silver/test/fdf5df.tf b/network-policies/silver/test/fdf5df.tf
@@ -0,0 +1,4 @@
+module "fdf5df" {
+  source        = "./network-policy"
+  license_plate = "fdf5df"
+}
diff --git a/network-policies/silver/test/network-policy/.terraform.lock.hcl b/network-policies/silver/test/network-policy/.terraform.lock.hcl
diff --git a/network-policies/silver/test/network-policy/config.tf b/network-policies/silver/test/network-policy/config.tf
@@ -0,0 +1,10 @@
+terraform {
+  required_version = ">= 1.6.2"
+
+  required_providers {
+    kubernetes = {
+      source  = "hashicorp/kubernetes"
+      version = "=2.23.0"
+    }
+  }
+}
diff --git a/network-policies/silver/test/network-policy/main.tf b/network-policies/silver/test/network-policy/main.tf
@@ -0,0 +1,7 @@
+module "network_policy" {
+  source = "../../../_modules/network-policy"
+
+  license_plate        = "b5395d"
+  environment          = "test"
+  target_license_plate = var.license_plate
+}
diff --git a/network-policies/silver/test/network-policy/variables.tf b/network-policies/silver/test/network-policy/variables.tf
@@ -0,0 +1,4 @@
+variable "license_plate" {
+  description = "The namespace's license plate that has access to ClamAV instances"
+  type        = string
+}