Implement Github Actions Continuous Delivery pipeline

Signed-off-by: Jeremy Ho <[email protected]>
bcgov · Jan 8, 2024 · 2a60ce9 · 2a60ce9
1 parent a9cc0a3
commit 2a60ce9
Show file tree

Hide file tree

Showing 13 changed files with 244 additions and 131 deletions.
diff --git a/.github/actions/deploy-to-environment/action.yaml b/.github/actions/deploy-to-environment/action.yaml
@@ -40,20 +40,58 @@ runs:
         insecure_skip_tls_verify: true
         namespace: ${{ inputs.namespace_prefix }}-${{ inputs.namespace_environment }}
 
-    - name: Helm Deploy
+    - name: Deploy Patroni Secret
       shell: bash
       run: >-
-        helm upgrade --install --atomic ${{ inputs.job_name }} ${{ inputs.app_name }}
-        --namespace ${{ inputs.namespace_prefix }}-${{ inputs.namespace_environment }}
-        --repo https://bcgov.github.io/common-object-management-service
-        --values ./.github/environments/values.${{ inputs.environment }}.yaml
-        --set image.repository=ghcr.io/${{ github.repository_owner }}
-        --set image.tag=sha-$(git rev-parse --short HEAD)
-        --set route.host=${{ inputs.acronym }}-${{ inputs.namespace_environment }}-${{ inputs.job_name }}.apps.silver.devops.gov.bc.ca
-        --timeout 10m
-        --wait
-
-    - name: Wait on Deployment
+        oc get --namespace ${{ inputs.namespace_prefix }}-${{ inputs.namespace_environment }} secret patroni-${{ inputs.job_name }}-secret || oc process --namespace ${{ inputs.namespace_prefix }}-${{ inputs.namespace_environment }} -f openshift/patroni.secret.yaml -p APP_DB_NAME=${{ inputs.acronym }} -p INSTANCE=${{ inputs.job_name }} | oc create --namespace ${{ inputs.namespace_prefix }}-${{ inputs.namespace_environment }} -f -
+
+    - name: Deploy Patroni
+      shell: bash
+      run: |
+        if [[ "${{ inputs.job_name }}" == pr-* ]]; then
+          oc process --namespace ${{ inputs.namespace_prefix }}-${{ inputs.namespace_environment }} -f openshift/patroni-ephemeral.dc.yaml -p APP_NAME=${{ inputs.acronym }} -p INSTANCE=${{ inputs.job_name }} -p NAMESPACE=${{ inputs.namespace_prefix }}-${{ inputs.namespace_environment }} | oc apply --namespace ${{ inputs.namespace_prefix }}-${{ inputs.namespace_environment }} -f -
+        else
+          oc process --namespace ${{ inputs.namespace_prefix }}-${{ inputs.namespace_environment }} -f openshift/patroni.dc.yaml -p INSTANCE=${{ inputs.job_name }} -p NAMESPACE=${{ inputs.namespace_prefix }}-${{ inputs.namespace_environment }} | oc apply --namespace ${{ inputs.namespace_prefix }}-${{ inputs.namespace_environment }} -f -
+        fi
+
+    - name: Wait on Patroni
+      shell: bash
+      run: |
+        oc rollout --namespace ${{ inputs.namespace_prefix }}-${{ inputs.namespace_environment }} status statefulset/patroni-${{ inputs.job_name }} --watch=true
+
+    - name: Deploy Redis Secret
+      shell: bash
+      run: |
+        if [[ "${{ inputs.job_name }}" == pr-* ]]; then
+          oc get --namespace ${{ inputs.namespace_prefix }}-${{ inputs.namespace_environment }} secret redis-${{ inputs.job_name }}-secret || oc process --namespace ${{ inputs.namespace_prefix }}-${{ inputs.namespace_environment }} -f openshift/redis.secret.yaml -p CLUSTER_MODE=no -p INSTANCE=${{ inputs.job_name }} | oc create --namespace ${{ inputs.namespace_prefix }}-${{ inputs.namespace_environment }} -f -
+        else
+          oc get --namespace ${{ inputs.namespace_prefix }}-${{ inputs.namespace_environment }} secret redis-${{ inputs.job_name }}-secret || oc process --namespace ${{ inputs.namespace_prefix }}-${{ inputs.namespace_environment }} -f openshift/redis.secret.yaml -p CLUSTER_MODE=yes -p INSTANCE=${{ inputs.job_name }} | oc create --namespace ${{ inputs.namespace_prefix }}-${{ inputs.namespace_environment }} -f -
+        fi
+
+    - name: Deploy Redis
+      shell: bash
+      run: |
+        if [[ "${{ inputs.job_name }}" == pr-* ]]; then
+          oc process --namespace ${{ inputs.namespace_prefix }}-${{ inputs.namespace_environment }} -f openshift/redis-ephemeral.dc.yaml -p APP_NAME=${{ inputs.acronym }} -p INSTANCE=${{ inputs.job_name }} | oc apply --namespace ${{ inputs.namespace_prefix }}-${{ inputs.namespace_environment }} -f -
+        else
+          oc process --namespace ${{ inputs.namespace_prefix }}-${{ inputs.namespace_environment }} -f openshift/redis-cluster.dc.yaml -p APP_NAME=${{ inputs.acronym }} -p INSTANCE=${{ inputs.job_name }} | oc apply --namespace ${{ inputs.namespace_prefix }}-${{ inputs.namespace_environment }} -f -
+        fi
+
+    - name: Wait on Redis
+      shell: bash
+      run: |
+        if [[ "${{ inputs.job_name }}" == pr-* ]]; then
+          oc rollout --namespace ${{ inputs.namespace_prefix }}-${{ inputs.namespace_environment }} status dc/redis-${{ inputs.job_name }} --watch=true
+        else
+          oc rollout --namespace ${{ inputs.namespace_prefix }}-${{ inputs.namespace_environment }} status statefulset/redis-${{ inputs.job_name }} --watch=true
+        fi
+
+    - name: Deploy App
+      shell: bash
+      run: |
+        oc process --namespace ${{ inputs.namespace_prefix }}-${{ inputs.namespace_environment }} -f ./openshift/app.dc.yaml -p REPO_NAME=${{ inputs.app_name }} -p JOB_NAME=${{ inputs.job_name }} -p NAMESPACE=${{ inputs.namespace_prefix }}-${{ inputs.namespace_environment }} -p APP_NAME=${{ inputs.acronym }} -p IMAGE_TAG=sha-$(git rev-parse --short HEAD) -p HOST_ROUTE=${{ inputs.acronym }}-${{ inputs.namespace_environment }}-${{ inputs.job_name }}.apps.silver.devops.gov.bc.ca -p ROUTE_PATH=${{ inputs.route_path }} -o yaml | oc apply --namespace ${{ inputs.namespace_prefix }}-${{ inputs.namespace_environment }} -f -
+
+    - name: Wait on App
       shell: bash
       run: |
-        oc rollout --namespace ${{ inputs.namespace_prefix }}-${{ inputs.namespace_environment }} status dc/${{ inputs.app_name }}-${{ inputs.job_name }} --watch=true
+        oc rollout --namespace ${{ inputs.namespace_prefix }}-${{ inputs.namespace_environment }} status dc/${{ inputs.acronym }}-app-${{ inputs.job_name }} --watch=true
diff --git a/.github/workflows/on-pr-closed.yaml b/.github/workflows/on-pr-closed.yaml
@@ -0,0 +1,54 @@
+name: Pull Request Closed
+
+env:
+  ACRONYM: ches
+  APP_NAME: common-hosted-email-service
+  NAMESPACE_PREFIX: b160aa
+
+on:
+  pull_request:
+    branches:
+      - master
+    types:
+      - closed
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  remove-pr-dev:
+    name: Remove PR build from dev namespace
+    if: "! github.event.pull_request.head.repo.fork"
+    environment:
+      name: pr
+      url: https://${{ env.ACRONYM }}-dev-pr-${{ github.event.number }}.apps.silver.devops.gov.bc.ca
+    runs-on: ubuntu-latest
+    timeout-minutes: 12
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v3
+    - name: Login to OpenShift Cluster
+      uses: redhat-actions/oc-login@v1
+      with:
+        openshift_server_url: ${{ secrets.OPENSHIFT_SERVER }}
+        openshift_token: ${{ secrets.OPENSHIFT_TOKEN }}
+        insecure_skip_tls_verify: true
+        namespace: ${{ env.NAMESPACE_PREFIX }}-dev
+    - name: Remove PR Deployment
+      shell: bash
+      run: |
+        oc delete --namespace ${{ env.NAMESPACE_PREFIX }}-dev all,secret,pvc,networkpolicy,rolebinding --selector app=${{ env.ACRONYM }}-pr-${{ github.event.number }}
+        oc delete --namespace ${{ env.NAMESPACE_PREFIX }}-dev all,svc,cm,sa,role,secret --selector cluster-name=pr-${{ github.event.number }}
+        oc delete --namespace ${{ env.NAMESPACE_PREFIX }}-dev all --selector app=redis-pr-${{ github.event.number }}
+    - name: Remove Release Comment on PR
+      uses: marocchino/sticky-pull-request-comment@v2
+      with:
+        header: release
+        delete: true
+    - name: Remove Github Deployment Environment
+      uses: strumwolf/delete-deployment-environment@v2
+      with:
+        environment: pr
+        onlyRemoveDeployments: true
+        token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/on-pr-opened.yaml b/.github/workflows/on-pr-opened.yaml
@@ -34,3 +34,33 @@ jobs:
           image_name: ${{ env.APP_NAME }}
           github_username: ${{ github.repository_owner }}
           github_token: ${{ secrets.GITHUB_TOKEN }}
+
+  deploy-pr-dev:
+    name: Deploy Pull Request to Dev
+    environment:
+      name: pr
+      url: https://${{ env.ACRONYM }}-dev-pr-${{ github.event.number }}.apps.silver.devops.gov.bc.ca
+    runs-on: ubuntu-latest
+    needs: build
+    timeout-minutes: 12
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+      - name: Deploy to Dev
+        uses: ./.github/actions/deploy-to-environment
+        with:
+          app_name: ${{ env.APP_NAME }}
+          acronym: ${{ env.ACRONYM }}
+          environment: pr
+          job_name: pr-${{ github.event.number }}
+          namespace_prefix: ${{ env.NAMESPACE_PREFIX }}
+          namespace_environment: dev
+          openshift_server: ${{ secrets.OPENSHIFT_SERVER }}
+          openshift_token: ${{ secrets.OPENSHIFT_TOKEN }}
+      - name: Release Comment on PR
+        uses: marocchino/sticky-pull-request-comment@v2
+        if: success()
+        with:
+          header: release
+          message: |
+            Release ${{ github.sha }} deployed at <https://${{ env.ACRONYM }}-dev-pr-${{ github.event.number }}.apps.silver.devops.gov.bc.ca>
diff --git a/.github/workflows/on-push.yaml b/.github/workflows/on-push.yaml
@@ -33,3 +33,77 @@ jobs:
           github_token: ${{ secrets.GITHUB_TOKEN }}
           dockerhub_username: ${{ secrets.DOCKERHUB_USERNAME }}
           dockerhub_token: ${{ secrets.DOCKERHUB_TOKEN }}
+
+  deploy-dev:
+    name: Deploy to Dev
+    environment:
+      name: dev
+      url: https://${{ env.ACRONYM }}-dev-master.apps.silver.devops.gov.bc.ca
+    runs-on: ubuntu-latest
+    needs: build
+    timeout-minutes: 12
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+      - name: Deploy to Dev
+        uses: ./.github/actions/deploy-to-environment
+        with:
+          app_name: ${{ env.APP_NAME }}
+          acronym: ${{ env.ACRONYM }}
+          environment: dev
+          job_name: master
+          namespace_prefix: ${{ env.NAMESPACE_PREFIX }}
+          namespace_environment: dev
+          openshift_server: ${{ secrets.OPENSHIFT_SERVER }}
+          openshift_token: ${{ secrets.OPENSHIFT_TOKEN }}
+
+  deploy-test:
+    name: Deploy to Test
+    environment:
+      name: test
+      url: https://${{ env.ACRONYM }}-test-master.apps.silver.devops.gov.bc.ca
+    runs-on: ubuntu-latest
+    needs:
+      - build
+      - deploy-dev
+    timeout-minutes: 12
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+      - name: Deploy to Test
+        uses: ./.github/actions/deploy-to-environment
+        with:
+          app_name: ${{ env.APP_NAME }}
+          acronym: ${{ env.ACRONYM }}
+          environment: test
+          job_name: master
+          namespace_prefix: ${{ env.NAMESPACE_PREFIX }}
+          namespace_environment: test
+          openshift_server: ${{ secrets.OPENSHIFT_SERVER }}
+          openshift_token: ${{ secrets.OPENSHIFT_TOKEN }}
+
+  deploy-prod:
+    name: Deploy to Prod
+    environment:
+      name: prod
+      url: https://${{ env.ACRONYM }}-prod-master.apps.silver.devops.gov.bc.ca
+    runs-on: ubuntu-latest
+    needs:
+      - build
+      - deploy-dev
+      - deploy-test
+    timeout-minutes: 12
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+      - name: Deploy to Prod
+        uses: ./.github/actions/deploy-to-environment
+        with:
+          app_name: ${{ env.APP_NAME }}
+          acronym: ${{ env.ACRONYM }}
+          environment: prod
+          job_name: master
+          namespace_prefix: ${{ env.NAMESPACE_PREFIX }}
+          namespace_environment: prod
+          openshift_server: ${{ secrets.OPENSHIFT_SERVER }}
+          openshift_token: ${{ secrets.OPENSHIFT_TOKEN }}
diff --git a/openshift/app.bc.yaml b/openshift/app.bc.yaml