Rename V1.0.95__DML-UPDATE_DATA-ALGORITHM_RULE_CODE.sql to V1.0.96__D… #8
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build & Deploy to DEV and TEST | |
| env: | |
| OPENSHIFT_SERVER: ${{ vars.OPENSHIFT_SERVER }} | |
| OPENSHIFT_TOKEN: ${{ secrets.OPENSHIFT_TOKEN }} | |
| COMMON_NAMESPACE: ${{ vars.COMMON_NAMESPACE }} | |
| GRAD_NAMESPACE: ${{ vars.GRAD_NAMESPACE }} | |
| BUSINESS_NAMESPACE: ${{ vars.GRAD_BUSINESS_NAMESPACE }} | |
| IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }} | |
| IMAGE_REGISTRY_USER: ${{ github.actor }} | |
| IMAGE_REGISTRY_PASSWORD: ${{ github.token }} | |
| SPRING_BOOT_IMAGE_NAME: educ-grad-student-graduation-api | |
| REPO_NAME: "educ-grad-student-graduation-api" | |
| APP_DOMAIN: ${{ vars.APP_DOMAIN }} | |
| TAG: "latest" | |
| on: | |
| # https://docs.github.com/en/actions/reference/events-that-trigger-workflows | |
| # Runs on workflow dispatch. Running from another branch manually will use the branch | |
| # reference for everything in the script. Update configmaps, etc. all run from that reference branch. | |
| workflow_dispatch: | |
| push: | |
| branches: | |
| - main | |
| paths: | |
| - 'api/**' | |
| - 'tools/**' | |
| jobs: | |
| build-and-deploy-dev: | |
| name: Build and deploy to OpenShift DEV | |
| runs-on: ubuntu-22.04 | |
| environment: dev | |
| env: | |
| OPENSHIFT_NAMESPACE: ${{ vars.GRAD_NAMESPACE }}-dev | |
| TARGET_ENV: dev | |
| KEYCLOAK_URL: ${{ secrets.KEYCLOAK_URL }} | |
| KEYCLOAK_REALM: ${{ secrets.KEYCLOAK_REALM }} | |
| MIN_CPU: "20m" | |
| MAX_CPU: "250m" | |
| MIN_MEM: "100Mi" | |
| MAX_MEM: "600Mi" | |
| MIN_REPLICAS: "3" | |
| MAX_REPLICAS: "5" | |
| steps: | |
| - name: Check out repository | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.ref }} | |
| - name: Determine image tags | |
| if: env.TAG == '' | |
| run: | | |
| echo "TAG=latest ${GITHUB_SHA::12}" | tee -a $GITHUB_ENV | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ vars.DOCKER_ARTIFACTORY_REPO }} | |
| username: ${{ vars.DOCKER_ARTIFACTORY_USERNAME }} | |
| password: ${{ secrets.DOCKER_ARTIFACTORY_ACCESS_TOKEN }} | |
| # https://github.com/redhat-actions/buildah-build#readme | |
| - name: Build from Dockerfile | |
| id: build-image | |
| uses: redhat-actions/buildah-build@v2 | |
| with: | |
| image: ${{ env.REPO_NAME }} | |
| tags: ${{ env.TAG }} | |
| dockerfiles: | | |
| ./Dockerfile | |
| # https://github.com/redhat-actions/push-to-registry#readme | |
| - name: Push to registry | |
| id: push-image | |
| uses: redhat-actions/push-to-registry@v2 | |
| with: | |
| image: ${{ steps.build-image.outputs.image }} | |
| tags: ${{ steps.build-image.outputs.tags }} | |
| registry: ${{ env.IMAGE_REGISTRY }} | |
| username: ${{ env.IMAGE_REGISTRY_USER }} | |
| password: ${{ env.IMAGE_REGISTRY_PASSWORD }} | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v3 | |
| with: | |
| node-version: '20' | |
| - name: Install dependencies | |
| run: npm install axios | |
| - name: Create/Update clients | |
| run: node ./tools/config/clients-and-scopes.js | |
| - name: Create/Update secrets | |
| run: node ./tools/openshift/fetch-and-create-secrets.js | |
| # The path the image was pushed to is now stored in ${{ steps.push-image.outputs.registry-path }} | |
| - name: Install oc | |
| uses: redhat-actions/openshift-tools-installer@v1 | |
| with: | |
| oc: 4 | |
| # https://github.com/redhat-actions/oc-login#readme | |
| - name: Deploy | |
| run: | | |
| set -eux | |
| # Login to OpenShift and select project | |
| oc login --token=${{ env.OPENSHIFT_TOKEN }} --server=${{ env.OPENSHIFT_SERVER }} | |
| oc project ${{ env.OPENSHIFT_NAMESPACE }} | |
| # Cancel any rollouts in progress | |
| oc rollout cancel deployment/${{ env.SPRING_BOOT_IMAGE_NAME }} 2> /dev/null \ | |
| || true && echo "No rollout in progress" | |
| # tag image stream | |
| oc -n ${{ env.OPENSHIFT_NAMESPACE }} tag ${{ steps.push-image.outputs.registry-path }} ${{ env.REPO_NAME }}:${{ env.TAG }} | |
| # Process and apply deployment template | |
| oc process -f tools/openshift/api.dc.yaml \ | |
| -p IS_NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} \ | |
| -p REPO_NAME=${{ env.REPO_NAME }} \ | |
| -p TAG_NAME=${{ env.TAG }} \ | |
| -p HOST_ROUTE=${{ env.REPO_NAME }}-${{ env.OPENSHIFT_NAMESPACE }}.${{ env.APP_DOMAIN }} \ | |
| -p MIN_REPLICAS=${{ env.MIN_REPLICAS }} \ | |
| -p MAX_REPLICAS=${{ env.MAX_REPLICAS }} \ | |
| -p MIN_CPU=${{ env.MIN_CPU }} \ | |
| -p MAX_CPU=${{ env.MAX_CPU }} \ | |
| -p MIN_MEM=${{ env.MIN_MEM }} \ | |
| -p MAX_MEM=${{ env.MAX_MEM }} | oc apply -f - | |
| # UPDATE Configmaps | |
| curl -s https://raw.githubusercontent.com/bcgov/${{ env.REPO_NAME }}/${{ github.ref }}/tools/config/update-configmap.sh \ | |
| | bash /dev/stdin \ | |
| dev \ | |
| ${{ env.REPO_NAME }} \ | |
| ${{ env.GRAD_NAMESPACE }} \ | |
| ${{ env.COMMON_NAMESPACE }} \ | |
| ${{ env.BUSINESS_NAMESPACE }} \ | |
| ${{ secrets.SPLUNK_TOKEN }} \ | |
| ${{ vars.APP_LOG_LEVEL }} | |
| # OVERRIDE Configmaps | |
| curl -s https://raw.githubusercontent.com/bcgov/${{ env.REPO_NAME }}/${{ github.ref }}/tools/config/override-configmap-dev.sh \ | |
| | bash /dev/stdin \ | |
| dev \ | |
| ${{ env.REPO_NAME }} \ | |
| ${{ env.GRAD_NAMESPACE }} \ | |
| ${{ env.COMMON_NAMESPACE }} \ | |
| ${{ env.BUSINESS_NAMESPACE }} \ | |
| ${{ secrets.SPLUNK_TOKEN }} \ | |
| ${{ vars.APP_LOG_LEVEL }} | |
| # Start rollout (if necessary) and follow it | |
| oc rollout restart deployment/${{ env.SPRING_BOOT_IMAGE_NAME }} | |
| # Get status, returns 0 if rollout is successful | |
| oc rollout status deployment/${{ env.SPRING_BOOT_IMAGE_NAME }} | |
| deploy-test: | |
| name: Build and deploy to OpenShift TEST | |
| needs: build-and-deploy-dev | |
| runs-on: ubuntu-22.04 | |
| environment: test | |
| env: | |
| OPENSHIFT_NAMESPACE: ${{ vars.GRAD_NAMESPACE }}-test | |
| TARGET_ENV: test | |
| KEYCLOAK_URL: ${{ secrets.KEYCLOAK_URL }} | |
| KEYCLOAK_REALM: ${{ secrets.KEYCLOAK_REALM }} | |
| MIN_CPU: "20m" | |
| MAX_CPU: "250m" | |
| MIN_MEM: "100Mi" | |
| MAX_MEM: "600Mi" | |
| MIN_REPLICAS: "3" | |
| MAX_REPLICAS: "5" | |
| steps: | |
| - name: Check out repository | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.ref }} | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v3 | |
| with: | |
| node-version: '20' | |
| - name: Install dependencies | |
| run: npm install axios | |
| - name: Create/Update clients | |
| run: node ./tools/config/clients-and-scopes.js | |
| - name: Create/Update secrets | |
| run: node ./tools/openshift/fetch-and-create-secrets.js | |
| - name: Install oc | |
| uses: redhat-actions/openshift-tools-installer@v1 | |
| with: | |
| oc: 4 | |
| # https://github.com/redhat-actions/oc-login#readme | |
| - name: Deploy | |
| run: | | |
| set -eux | |
| # Login to OpenShift and select project | |
| oc login --token=${{ env.OPENSHIFT_TOKEN }} --server=${{ env.OPENSHIFT_SERVER }} | |
| oc project ${{ env.OPENSHIFT_NAMESPACE }} | |
| # Cancel any rollouts in progress | |
| oc rollout cancel deployment/${{ env.SPRING_BOOT_IMAGE_NAME }} 2> /dev/null \ | |
| || true && echo "No rollout in progress" | |
| oc tag ${{ env.GRAD_NAMESPACE }}-dev/${{ env.REPO_NAME }}:${{ env.TAG }} \ | |
| ${{ env.GRAD_NAMESPACE }}-test/${{ env.REPO_NAME }}:${{ env.TAG }} | |
| # Process and apply deployment template | |
| oc process -f tools/openshift/api.dc.yaml \ | |
| -p IS_NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} \ | |
| -p REPO_NAME=${{ env.REPO_NAME }} \ | |
| -p TAG_NAME=${{ env.TAG }} \ | |
| -p HOST_ROUTE=${{ env.REPO_NAME }}-${{ env.OPENSHIFT_NAMESPACE }}.${{ env.APP_DOMAIN }} \ | |
| -p MIN_REPLICAS=${{ env.MIN_REPLICAS }} \ | |
| -p MAX_REPLICAS=${{ env.MAX_REPLICAS }} \ | |
| -p MIN_CPU=${{ env.MIN_CPU }} \ | |
| -p MAX_CPU=${{ env.MAX_CPU }} \ | |
| -p MIN_MEM=${{ env.MIN_MEM }} \ | |
| -p MAX_MEM=${{ env.MAX_MEM }} | oc apply -f - | |
| # UPDATE Configmaps | |
| curl -s https://raw.githubusercontent.com/bcgov/${{ env.REPO_NAME }}/${{ github.ref }}/tools/config/update-configmap.sh \ | |
| | bash /dev/stdin \ | |
| test \ | |
| ${{ env.REPO_NAME }} \ | |
| ${{ env.GRAD_NAMESPACE }} \ | |
| ${{ env.COMMON_NAMESPACE }} \ | |
| ${{ env.BUSINESS_NAMESPACE }} \ | |
| ${{ secrets.SPLUNK_TOKEN }} \ | |
| ${{ vars.APP_LOG_LEVEL }} | |
| # Start rollout (if necessary) and follow it | |
| oc rollout restart deployment/${{ env.SPRING_BOOT_IMAGE_NAME }} | |
| # Get status, returns 0 if rollout is successful | |
| oc rollout status deployment/${{ env.SPRING_BOOT_IMAGE_NAME }} | |
| zap-scan: | |
| name: Zap Scan | |
| needs: build-and-deploy-dev | |
| runs-on: ubuntu-22.04 | |
| env: | |
| OPENSHIFT_NAMESPACE: ${{ vars.GRAD_NAMESPACE }}-dev | |
| steps: | |
| - name: ZAP Scan | |
| uses: zaproxy/action-api-scan@v0.9.0 | |
| with: | |
| target: 'https://${{ env.REPO_NAME }}-${{ env.OPENSHIFT_NAMESPACE }}.apps.silver.devops.gov.bc.ca/api/v1/api-docs' |