Skip to content

Commit 407641d

Browse files
jlangyjlangy
authored
chore: prod deploy (#478)
* chore: prod deploy add prod deployment pipeline for otp server Signed-off-by: jonathan langlois <jonathan.langlois@gov.bc.ca> * chore: semver add input to tag images * chore: typo update typo oath -> oauth --------- Signed-off-by: jonathan langlois <jonathan.langlois@gov.bc.ca>
1 parent cb98beb commit 407641d

File tree

3 files changed

+51
-8
lines changed

3 files changed

+51
-8
lines changed

.github/workflows/publish-otp-provider-image.yml

Lines changed: 49 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,20 @@
11
name: Create and publish Otp Provider Docker image
22

33
on:
4+
workflow_dispatch:
5+
inputs:
6+
environment:
7+
description: 'Choose environment'
8+
required: true
9+
default: 'development'
10+
type: choice
11+
options:
12+
- development
13+
- production
14+
version:
15+
description: 'Image tag (e.g. v1.2.3)'
16+
required: true
17+
default: 'latest'
418
push:
519
branches:
620
- 'dev'
@@ -16,7 +30,7 @@ jobs:
1630

1731
steps:
1832
- name: Set env to development
19-
if: (github.ref == 'refs/heads/dev' && github.event_name == 'push')
33+
if: (github.ref == 'refs/heads/dev' && github.event_name == 'push') || (github.event_name == 'workflow_dispatch' && github.event.inputs.environment == 'development')
2034
run: |
2135
cat >> $GITHUB_ENV <<EOF
2236
APP_ENV=development
@@ -30,21 +44,49 @@ jobs:
3044
HASH_SALT=${{ secrets.DEV_HASH_SALT }}
3145
3246
GRAFANA_OAUTH_CLIENT_SECRET=${{secrets.DEV_GRAFANA_OAUTH_CLIENT_SECRET}}
33-
GRAFANA_OATH_CLIENT_ID=${{secrets.DEV_GRAFANA_OATH_CLIENT_ID}}
47+
GRAFANA_OAUTH_CLIENT_ID=${{secrets.DEV_GRAFANA_OAUTH_CLIENT_ID}}
3448
KEYCLOAK_BASE_URL=${{secrets.DEV_KEYCLOAK_BASE_URL}}
3549
50+
EOF
51+
52+
- name: Set env to production
53+
if: (github.event_name == 'workflow_dispatch' && github.event.inputs.environment == 'production')
54+
run: |
55+
cat >> $GITHUB_ENV <<EOF
56+
APP_ENV=production
57+
APP_URL=https://otp.loginproxy.gov.bc.ca
58+
TF_STATE_BUCKET=xgr00q-prod-sso-otp-provider
59+
TF_STATE_BUCKET_KEY=sso-otp-provider.tfstate
60+
TF_STATE_DYNAMODB_TABLE=xgr00q-prod-otp-state-locking
61+
CUSTOM_DOMAIN_NAME=otp.loginproxy.gov.bc.ca
62+
CORS_ORIGINS=https://dev.loginproxy.gov.bc.ca,https://test.loginproxy.gov.bc.ca,https://loginproxy.gov.bc.ca,https://sso-playground.apps.gold.devops.gov.bc.ca
63+
NODE_ENV=production
64+
HASH_SALT=${{ secrets.PROD_HASH_SALT }}
65+
66+
GRAFANA_OAUTH_CLIENT_SECRET=${{secrets.PROD_GRAFANA_OAUTH_CLIENT_SECRET}}
67+
GRAFANA_OAUTH_CLIENT_ID=${{secrets.PROD_GRAFANA_OAUTH_CLIENT_ID}}
68+
KEYCLOAK_BASE_URL=${{secrets.PROD_KEYCLOAK_BASE_URL}}
69+
3670
EOF
3771
- name: Checkout repository
3872
uses: actions/checkout@v3
3973

4074
- uses: hashicorp/setup-terraform@v3
4175

42-
- name: Configure AWS Credentials
76+
- name: Configure AWS Dev Credentials
77+
if: (github.ref == 'refs/heads/dev' && github.event_name == 'push') || (github.event_name == 'workflow_dispatch' && github.event.inputs.environment == 'development')
4378
uses: aws-actions/configure-aws-credentials@v4
4479
with:
4580
role-to-assume: ${{ secrets.DEV_OTP_TF_DEPLOY_ROLE_ARN }}
4681
aws-region: ca-central-1
4782

83+
- name: Configure AWS Prod Credentials
84+
if: (github.event_name == 'workflow_dispatch' && github.event.inputs.environment == 'production')
85+
uses: aws-actions/configure-aws-credentials@v4
86+
with:
87+
role-to-assume: ${{ secrets.PROD_OTP_TF_DEPLOY_ROLE_ARN }}
88+
aws-region: ca-central-1
89+
4890
- name: Login to Amazon ECR
4991
id: login-ecr
5092
uses: aws-actions/amazon-ecr-login@v2
@@ -53,7 +95,7 @@ jobs:
5395
env:
5496
REGISTRY: ${{ steps.login-ecr.outputs.registry }}
5597
REPOSITORY: ${{ env.IMAGE_NAME }}
56-
IMAGE_TAG: latest
98+
IMAGE_TAG: ${{ github.event.inputs.version || 'latest' }}
5799
run: |
58100
echo "Building and pushing Docker image to ECR..."
59101
docker build -t $REGISTRY/$REPOSITORY:$IMAGE_TAG .
@@ -86,12 +128,13 @@ jobs:
86128
otp_validity_minutes="5"
87129
otp_attempts_allowed="5"
88130
otp_resends_allowed_per_day="4"
89-
otp_resend_interval_minutes="[1,2,5,60]"
131+
otp_resend_interval_minutes="[1,2,5,25]"
90132
grafana_admin_password="${{env.GRAFANA_ADMIN_PASS}}"
91133
enable_grafana=true
92134
grafana_oauth_client_secret="${{env.GRAFANA_OAUTH_CLIENT_SECRET}}"
93-
grafana_oath_client_id="${{env.GRAFANA_OATH_CLIENT_ID}}"
135+
grafana_oauth_client_id="${{env.GRAFANA_OAUTH_CLIENT_ID}}"
94136
keycloak_base_url="${{env.KEYCLOAK_BASE_URL}}"
137+
image_tag="${{ github.event.inputs.version || 'latest' }}"
95138
96139
EOF
97140

docker/otp-provider/terraform/ecs.tf

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -377,7 +377,7 @@ resource "aws_ecs_task_definition" "grafana" {
377377
},
378378
{
379379
name = "GF_AUTH_GENERIC_OAUTH_CLIENT_ID",
380-
value = var.grafana_oath_client_id
380+
value = var.grafana_oauth_client_id
381381
},
382382
{
383383
name = "GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET",

docker/otp-provider/terraform/variables.tf

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -191,7 +191,7 @@ variable "grafana_oauth_client_secret" {
191191
type = string
192192
}
193193

194-
variable "grafana_oath_client_id" {
194+
variable "grafana_oauth_client_id" {
195195
type = string
196196
}
197197

0 commit comments

Comments
 (0)