Skip to content

deploy

deploy #315

name: deploy
on:
workflow_call:
secrets:
OPENSHIFT_SERVER: { required: true }
OPENSHIFT_TOKEN: { required: true }
OPENSHIFT_APP_NAMESPACE: { required: true }
OPENSHIFT_METABASE_NAMESPACE: { required: true }
OPENSHIFT_METABASE_PROD_NAMESPACE: { required: true }
NEXT_PUBLIC_GROWTHBOOK_API_KEY: { required: true }
CLIENT_SECRET: { required: true }
OPENSHIFT_SECURE_ROUTE: { required: true }
AWS_S3_BUCKET: { required: true }
AWS_S3_REGION: { required: true }
AWS_S3_KEY: { required: true }
AWS_S3_SECRET_KEY: { required: true }
AWS_CLAM_S3_BUCKET: { required: true }
AWS_ROLE_ARN: { required: true }
METABASE_SITE_URL: { required: true }
METABASE_EMBED_SECRET: { required: true }
SP_SA_USER: { required: true }
SP_SA_PASSWORD: { required: true }
SP_DOC_LIBRARY: { required: true }
SP_SITE: { required: true }
SP_MS_FILE_NAME: { required: true }
SA_CLIENT_SECRET: { required: true }
SA_CLIENT_ID: { required: true }
KEYCLOAK_HOST: { required: true }
SP_LIST_NAME: { required: true }
RENOVATE_GITHUB_TOKEN: { required: false }
RENOVATE_PRIVATE_KEY: { required: false }
CHES_API_URL: { required: true }
CHES_CLIENT: { required: true }
CHES_CLIENT_SECRET: { required: true }
CHES_TO_EMAIL: { required: true }
CHES_KEYCLOAK_HOST: { required: true }
TEST_PG_PASSWORD: { required: true }
JIRA_AUTH: { required: true }
AWS_S3_FEAT_BUCKET: { required: true }
AWS_S3_FEAT_CLAM_BUCKET: { required: true }
AWS_FEAT_ARN: { required: true }
pull_request:
branches: [main]
types: [ready_for_review]
pull_request_review:
types: [submitted]
env:
TAG: sha-${{ github.sha }}
FEATURE_NAME: ${{ github.event.pull_request.head.ref }}
jobs:
setup-feature-database:
runs-on: ubuntu-latest
environment:
name: development
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Authenticate with OpenShift
uses: redhat-actions/oc-login@v1
with:
openshift_server_url: ${{ secrets.OPENSHIFT_SERVER }}
openshift_token: ${{ secrets.OPENSHIFT_TOKEN }}
- name: Setup database
run: |
FEATURE_NAME_LOWER=$(echo $FEATURE_NAME | tr '[:upper:]' '[:lower:]' | sed 's/-*$//')
FEATURE_NAME_LOWER_SHORT=$(echo $FEATURE_NAME_LOWER | cut -c -30 | sed 's/-*$//')
chmod +x ./lib/feature_envs/create_feature_db.sh
./lib/feature_envs/create_feature_db.sh ccbc "$FEATURE_NAME_LOWER_SHORT" ${{ secrets.OPENSHIFT_APP_NAMESPACE }}
deploy-feature-to-openshift-development:
needs: [setup-feature-database]
runs-on: ubuntu-latest
environment:
name: development
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Deploy
uses: ./.github/actions/feature
with:
openshift_server_url: ${{ secrets.OPENSHIFT_SERVER }}
openshift_token: ${{ secrets.OPENSHIFT_TOKEN }}
openshift_app_namespace: ${{ secrets.OPENSHIFT_APP_NAMESPACE }}
openshift_metabase_namespace: ${{ secrets.OPENSHIFT_METABASE_NAMESPACE }}
openshift_metabase_prod_namespace: ${{ secrets.OPENSHIFT_METABASE_PROD_NAMESPACE }}
next_public_growthbook_api_key: ${{ secrets.NEXT_PUBLIC_GROWTHBOOK_API_KEY }}
tag: ${{ env.TAG }}
client_secret: ${{ secrets.CLIENT_SECRET }}
secure_route: ${{ env.FEATURE_NAME }}-ccbc.apps.silver.devops.gov.bc.ca
aws_s3_bucket: ${{ secrets.AWS_S3_FEAT_BUCKET }}
aws_s3_region: ${{ secrets.AWS_S3_REGION }}
aws_s3_key: ${{ secrets.AWS_S3_KEY }}
aws_s3_secret_key: ${{ secrets.AWS_S3_SECRET_KEY }}
aws_clam_s3_bucket: ${{ secrets.AWS_S3_FEAT_CLAM_BUCKET }}
aws_role_arn: ${{ secrets.AWS_FEAT_ARN }}
certbot_email: ${{ secrets.CERTBOT_EMAIL }}
certbot_server: ${{ secrets.CERTBOT_SERVER }}
metabase_site_url: ${{ secrets.METABASE_SITE_URL }}
metabase_embed_secret: ${{ secrets.METABASE_EMBED_SECRET }}
sp_sa_user: ${{ secrets.SP_SA_USER }}
sp_sa_password: ${{ secrets.SP_SA_PASSWORD }}
sp_doc_library: ${{ secrets.SP_DOC_LIBRARY }}
sp_site: ${{ secrets.SP_SITE }}
sp_ms_file_name: ${{ secrets.SP_MS_FILE_NAME }}
keycloak_host: ${{ secrets.KEYCLOAK_HOST }}
sa_client_secret: ${{ secrets.SA_CLIENT_SECRET }}
sa_client_id: ${{ secrets.SA_CLIENT_ID }}
sp_list_name: ${{ secrets.SP_LIST_NAME }}
feature_name: ${{ env.FEATURE_NAME }}
ches_url: ${{ secrets.CHES_API_URL }}
ches_client: ${{ secrets.CHES_CLIENT }}
ches_client_secret: ${{ secrets.CHES_CLIENT_SECRET }}
ches_to: ${{ secrets.CHES_TO_EMAIL }}
ches_keycloak_host: ${{ secrets.CHES_KEYCLOAK_HOST }}
test_pg_password: ${{ secrets.TEST_PG_PASSWORD }}
environment: dev
update-jira-issue:
runs-on: ubuntu-latest
environment:
name: development
needs: [deploy-feature-to-openshift-development]
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Get JIRA Issue Key
id: extract_jira_key
run: |
echo "JIRA_KEY=$(echo "$FEATURE_NAME" | grep -oE 'NDT-[0-9]+')" >> $GITHUB_ENV
- name: Update JIRA Issue
# JIRA_AUTH must be passed pre encoded
run: |
FEATURE_NAME_LOWER=$(echo $FEATURE_NAME | tr '[:upper:]' '[:lower:]' | sed 's/-*$//')
FEATURE_NAME_LOWER_SHORT=$(echo $FEATURE_NAME_LOWER | cut -c -30 | sed 's/-*$//')
curl -X POST \
-H "Authorization: Basic ${{ secrets.JIRA_AUTH }}" \
-H "Content-Type: application/json" \
-d '{
"body": {
"type": "doc",
"version": 1,
"content": [
{
"type": "paragraph",
"content": [
{
"text": "AUTOMATIC COMMENT: ",
"type": "text",
"marks": [
{
"type": "strong"
}
]
},
{
"text": "Feature deployed! URL: ",
"type": "text"
},
{
"text": "https://'$FEATURE_NAME_LOWER_SHORT'-ccbc.apps.silver.devops.gov.bc.ca",
"type": "text",
"marks": [
{
"type": "link",
"attrs": {
"href": "https://'$FEATURE_NAME_LOWER_SHORT'-ccbc.apps.silver.devops.gov.bc.ca",
"title": "https://'$FEATURE_NAME_LOWER_SHORT'-ccbc.apps.silver.devops.gov.bc.ca"
}
}
]
}
]
}
]
}
}' \
"https://connectivitydivision.atlassian.net/rest/api/3/issue/$JIRA_KEY/comment"
- name: Check PR Approval
id: pr_approval
uses: actions/github-script@v7
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
const { data: reviews } = await github.rest.pulls.listReviews({
owner: context.repo.owner,
repo: context.repo.repo,
pull_number: context.payload.pull_request.number
});
const approved = reviews.some(review => review.state === 'APPROVED');
console.log(`PR has been ${approved ? 'approved' : 'not approved'}`);
return approved;
- name: Get Issue Status
id: get_status
run: |
response=$(curl -s -X GET \
-H "Authorization: Basic ${{ secrets.JIRA_AUTH }}" \
-H "Content-Type: application/json" \
"https://connectivitydivision.atlassian.net/rest/api/3/issue/$JIRA_KEY")
status=$(echo "$response" | jq -r '.fields.status.name')
echo "Issue status: $status"
echo "::set-output name=status::$status"
- name: Transition Issue
if: steps.pr_approval.outputs.result == 'true' && steps.get_status.outputs.status != 'SPRINT Done' && steps.get_status.outputs.status != 'Closed'
run: |
curl -X POST \
-H "Authorization: Basic ${{ secrets.JIRA_AUTH }}" \
-H "Content-Type: application/json" \
-d '{
"transition": {
"id": "10"
}
}' \
"https://connectivitydivision.atlassian.net/rest/api/3/issue/$JIRA_KEY/transitions"