feat: adding backend el build deploy for openshift

bcgov · Jan 27, 2025 · f18c253 · f18c253
1 parent d8de089
commit f18c253
Show file tree

Hide file tree

Showing 7 changed files with 285 additions and 0 deletions.
diff --git a/.github/workflows/build-deploy-el-openshift.yml b/.github/workflows/build-deploy-el-openshift.yml
@@ -0,0 +1,66 @@
+name: Build & Deploy Spring Boot EL API to OpenShift
+on:
+  workflow_dispatch:
+    inputs:
+      environment:
+        description: 'Environment to deploy to OpenShift'
+        required: true
+        default: 'dev'
+        type: choice
+        options:
+          - dev
+          - test
+          - prod
+
+jobs:
+  build:
+    name: Build
+    runs-on: ubuntu-24.04
+    strategy:
+      matrix:
+        package: ['backend-el','backend-el-init']
+        include:
+          - package: backend-el
+            build_file: Dockerfile
+            build_context: .
+          - package: backend-el-init
+            build_file: Dockerfile.certs
+            build_context: .
+    timeout-minutes: 10
+    steps:
+      - uses: bcgov/[email protected]
+        with:
+          package: ${{ matrix.package }}
+          tag: ${{ github.sha }}
+          build_file: ${{ matrix.build_file }}
+          build_context: ${{ matrix.build_context }}
+  deploy:
+    name: Deploy Helm Chart
+    needs: build
+    environment: ${{ github.event.inputs.environment }}
+    runs-on: ubuntu-24.04
+    steps:
+      - name: Helm Deploy
+        id: deploy
+        uses: bcgov/[email protected]
+        with:
+          oc_namespace: ${{ secrets.oc_namespace }}
+          oc_token: ${{ secrets.oc_token }}
+          oc_server: ${{ vars.oc_server }}
+          commands: |
+            # Deploy
+            cd charts/backend-el
+            helm package -u . --app-version="${{ github.sha }}" --version=1.0.0
+             # Helm upgrade/rollout, the db secrets are related to ORACLE DB, the cert secret can be a random one.
+            helm upgrade \
+              --set-string image.tag=${{ github.sha }} \
+              --set-string secrets.dbHost=${{ secrets.dbHost }} \
+              --set-string secrets.certSecret=${{ secrets.certSecret }} \
+              --set-string secrets.awsAccessKey=${{ secrets.awsAccessKey }} \
+              --set-string secrets.awsSecretKey=${{ secrets.awsSecretKey }} \
+              --set-string secrets.dbName=${{ secrets.dbName }} \
+              --set-string secrets.dbPassword=${{ secrets.dbPassword }} \
+              --set-string secrets.dbUser=${{ secrets.dbUser }} \
+              --install --wait 
+              --values values.yaml \
+              ./backend-el-1.0.0.tgz
diff --git a/charts/backend-el/Chart.yaml b/charts/backend-el/Chart.yaml
@@ -0,0 +1,27 @@
+apiVersion: v2
+name: backend-el
+description:
+  A Helm chart for Kubernetes deployment to Extract and load data from Oracle to
+  S3.
+icon: https://www.nicepng.com/png/detail/521-5211827_bc-icon-british-columbia-government-logo.png
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "1.16.0"
diff --git a/charts/backend-el/templates/_helpers.tpl b/charts/backend-el/templates/_helpers.tpl
@@ -0,0 +1,46 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s" .Release.Name  | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "name.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "labels" -}}
+helm.sh/chart: {{ include "name.chart" . }}
+{{ include "selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "selectorLabels" -}}
+app.kubernetes.io/name: {{ include "fullname" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
diff --git a/charts/backend-el/templates/cronjob.yaml b/charts/backend-el/templates/cronjob.yaml
@@ -0,0 +1,67 @@
+---
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: {{ .Release.Name }}
+  labels:
+    {{- include "labels" . | nindent 4 }}
+spec:
+  schedule: {{.Values.schedule | quote}}
+  concurrencyPolicy: "Replace"
+  successfulJobsHistoryLimit: {{.Values.successHistoryLimit }}
+  failedJobsHistoryLimit: {{.Values.failedHistoryLimit }}
+  jobTemplate:
+    metadata:
+      labels:
+        {{- include "labels" . | nindent 8 }}
+
+    spec:
+      backoffLimit: {{.Values.backoffLimit}}
+      activeDeadlineSeconds: 3600
+      template:
+        metadata:
+          labels:
+            {{- include "labels" . | nindent 12 }}
+        spec:
+          volumes:
+            - name: {{ .Release.Name }}-certs
+              persistentVolumeClaim:
+                claimName: {{ .Release.Name }}-certs
+            - name: {{ .Release.Name }}-csv
+              persistentVolumeClaim:
+                claimName: {{ .Release.Name }}-csv
+          initContainers:
+            - name: {{ .Chart.Name }}-init
+              image: "artifacts.developer.gov.bc.ca/github-docker-remote/bcgov/nr-rec-resources/backend-el-init:{{ .Values.image.tag | default .Chart.AppVersion }}"
+              imagePullPolicy: Always
+              resources:
+                {{- toYaml .Values.initContainerResources | nindent 12 }}
+              envFrom:
+                - secretRef:
+                    name: {{ .Release.Name }}-backend-el-init
+              volumeMounts:
+                - name: {{ .Release.Name }}-certs
+                  mountPath: /app/cert
+          containers:
+            - name: {{ .Chart.Name }}
+              image: "artifacts.developer.gov.bc.ca/github-docker-remote/bcgov/nr-rec-resources/backend-el:{{ .Values.image.tag | default .Chart.AppVersion }}"
+              imagePullPolicy: Always
+
+              resources:
+                {{- toYaml .Values.resources | nindent 12 }}
+              envFrom:
+                - secretRef:
+                    name: {{ .Release.Name }}-backend-el
+              env:
+                - name: DB_PORT
+                  value: '1543'
+                - name: FILE_BASE_PATH
+                  value: "/uploads"
+                - name: SPRING_JPA_SHOW_SQL
+                  value: "false"
+              volumeMounts:
+                - name: {{ .Release.Name }}-certs
+                  mountPath: /app/cert
+                - name: {{ .Release.Name }}-csv
+                  mountPath: /uploads
+          restartPolicy: OnFailure
diff --git a/charts/backend-el/templates/pvc.yaml b/charts/backend-el/templates/pvc.yaml
@@ -0,0 +1,27 @@
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: {{ .Release.Name }}-certs
+   labels: {{- include "labels" . | nindent 4 }}
+spec:
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: "25Mi"
+  storageClassName: netapp-file-standard
+
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: {{ .Release.Name }}-csv
+   labels: {{- include "labels" . | nindent 4 }}
+spec:
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: "500Mi"
+  storageClassName: netapp-file-standard
diff --git a/charts/backend-el/templates/secret.yaml b/charts/backend-el/templates/secret.yaml
@@ -0,0 +1,30 @@
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Release.Name }}-backend-el-init
+  labels: {{- include "labels" . | nindent 4 }}
+  annotations:
+    helm.sh/resource-policy: keep
+
+data:
+  DB_HOST: {{ .Values.secrets.dbHost | b64enc | quote }}
+  CERT_SECRET: {{ .Values.secrets.certSecret | b64enc | quote }}
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Release.Name }}-backend-el
+  labels: {{- include "labels" . | nindent 4 }}
+  annotations:
+    helm.sh/resource-policy: keep
+
+data:
+  DB_HOST: {{ .Values.secrets.dbHost | b64enc | quote }}
+  CERT_SECRET: {{ .Values.secrets.certSecret | b64enc | quote }}
+  AWS_ACCESS_KEY: {{ .Values.secrets.awsAccessKey | b64enc | quote }}
+  AWS_SECRET_KEY: {{ .Values.secrets.awsSecretKey | b64enc | quote }}
+  DB_NAME: {{ .Values.secrets.dbName | b64enc | quote }}
+  DB_PASSWORD: {{ .Values.secrets.dbPassword | b64enc | quote }}
+  DB_USER: {{ .Values.secrets.dbUser | b64enc | quote }}
diff --git a/charts/backend-el/values.yaml b/charts/backend-el/values.yaml
@@ -0,0 +1,22 @@
+secrets:
+  dbHost: ~
+  certSecret: ~
+  awsAccessKey: ~
+  awsSecretKey: ~
+  dbName: ~
+  dbPassword: ~
+  dbUser: ~
+image:
+  tag: ~
+resources:
+  requests:
+    cpu: 400m
+    memory: 1500Mi
+initContainerResources:
+  requests:
+    cpu: 400m
+    memory: 256Mi
+schedule: "0 8 * * *" # Daily at midnight PST
+backoffLimit: 3 # retry 3 times before giving up
+successHistoryLimit: 7
+failedHistoryLimit: 7