GitHub Actions: explicitly install oc first #729
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Pull Request Opened | |
env: | |
ACRONYM: coms | |
APP_NAME: common-object-management-service | |
NAMESPACE_PREFIX: bb17f9 | |
on: | |
pull_request: | |
branches: | |
- master | |
types: | |
- opened | |
- reopened | |
- synchronize | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} | |
cancel-in-progress: true | |
jobs: | |
build: | |
name: Build & Push | |
if: "! github.event.pull_request.head.repo.fork" | |
runs-on: ubuntu-latest | |
timeout-minutes: 10 | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Build & Push | |
uses: ./.github/actions/build-push-container | |
with: | |
context: . | |
image_name: ${{ env.APP_NAME }} | |
github_username: ${{ github.repository_owner }} | |
github_token: ${{ secrets.GITHUB_TOKEN }} | |
deploy-pr-dev: | |
name: Deploy Pull Request to Dev | |
environment: | |
name: pr | |
url: https://${{ env.ACRONYM }}-dev-pr-${{ github.event.number }}.apps.silver.devops.gov.bc.ca | |
runs-on: ubuntu-latest | |
needs: build | |
timeout-minutes: 12 # increase for crunchyDB ? | |
steps: | |
- name: Install CLI tools from OpenShift Mirror | |
uses: redhat-actions/openshift-tools-installer@v1 | |
with: | |
oc: "4" | |
- name: Login to OpenShift and select project | |
shell: bash | |
run: | | |
# OC Login | |
OC_TEMP_TOKEN=$(curl -k -X POST ${{ secrets.OPENSHIFT_SERVER }}/api/v1/namespaces/${{ env.NAMESPACE_PREFIX }}-dev/serviceaccounts/pipeline/token --header "Authorization: Bearer ${{ secrets.OPENSHIFT_TOKEN }}" -d '{"spec": {"expirationSeconds": 600}}' -H 'Content-Type: application/json; charset=utf-8' | jq -r '.status.token' ) | |
oc login --token=$OC_TEMP_TOKEN --server=${{ secrets.OPENSHIFT_SERVER }} | |
# move to project context | |
oc project ${{ env.NAMESPACE_PREFIX }}-dev | |
- name: Add PR specific user to Crunchy DB | |
shell: bash | |
run: | | |
echo 'Adding PR specific user to Crunchy DB' | |
NEW_USER='{"databases":["pr-${{ github.event.number }}"],"name":"pr-${{ github.event.number }}"}' | |
CURRENT_USERS=$(oc get PostgresCluster/postgres-master -o json | jq '.spec.users') | |
echo "${CURRENT_USERS}" | |
# check if current_users already contains the new_user | |
if echo "${CURRENT_USERS}" | jq -e ".[] | select(.name == \"pr-${{ github.event.number }}\")" > /dev/null; then | |
echo "User already exists" | |
exit 0 | |
fi | |
UPDATED_USERS=$(echo "${CURRENT_USERS}" | jq --argjson NEW_USER "${NEW_USER}" '. + [$NEW_USER]') | |
PATCH_JSON=$(jq -n --argjson users "${UPDATED_USERS}" '{"spec": {"users": $users}}') | |
oc patch PostgresCluster/postgres-master --type=merge -p "${PATCH_JSON}" | |
# wait for sometime as it takes time to create the user, query the secret and check if it is created, otherwise wait in a loop for 5 rounds | |
for i in {1..5}; do | |
if oc get secret postgres-master-pguser-pr-${{ github.event.number }} -o jsonpath='{.metadata.name}' > /dev/null; then | |
echo "Secret created" | |
break | |
else | |
echo "Secret not created, waiting for 60 seconds" | |
sleep 60 | |
fi | |
done | |
# when secret is created in previous step, postgres should be ready | |
# patch echo 'Make PR user owner of PR database' | |
CRUNCHY_PG_PRIMARY_POD_NAME=$(oc get pods -l postgres-operator.crunchydata.com/role=master -o json | jq -r '.items[0].metadata.name') | |
oc exec "${CRUNCHY_PG_PRIMARY_POD_NAME}" -- psql -c "ALTER DATABASE \"pr-${{ github.event.number }}\" OWNER TO \"pr-${{ github.event.number }}\"" | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Deploy to Dev | |
uses: ./.github/actions/deploy-to-environment | |
with: | |
app_name: ${{ env.APP_NAME }} | |
acronym: ${{ env.ACRONYM }} | |
environment: pr | |
deploy_postgres: false | |
job_name: pr-${{ github.event.number }} | |
namespace_prefix: ${{ env.NAMESPACE_PREFIX }} | |
namespace_environment: dev | |
openshift_server: ${{ secrets.OPENSHIFT_SERVER }} | |
openshift_token: ${{ secrets.OPENSHIFT_TOKEN }} | |
- name: Release Comment on PR | |
uses: marocchino/sticky-pull-request-comment@v2 | |
if: success() | |
with: | |
header: release | |
message: | | |
Release ${{ github.sha }} deployed at <https://${{ env.ACRONYM }}-dev-pr-${{ github.event.number }}.apps.silver.devops.gov.bc.ca> |