deploy #363

Workflow file for this run

.github/workflows/deploy_feature.yaml at 30fbdec

	name: deploy

	on:
	workflow_call:
	secrets:
	OPENSHIFT_SERVER: { required: true }
	OPENSHIFT_TOKEN: { required: true }
	OPENSHIFT_APP_NAMESPACE: { required: true }
	OPENSHIFT_METABASE_NAMESPACE: { required: true }
	OPENSHIFT_METABASE_PROD_NAMESPACE: { required: true }
	NEXT_PUBLIC_GROWTHBOOK_API_KEY: { required: true }
	CLIENT_SECRET: { required: true }
	OPENSHIFT_SECURE_ROUTE: { required: true }
	AWS_S3_BUCKET: { required: true }
	AWS_S3_REGION: { required: true }
	AWS_S3_KEY: { required: true }
	AWS_S3_SECRET_KEY: { required: true }
	AWS_CLAM_S3_BUCKET: { required: true }
	AWS_ROLE_ARN: { required: true }
	METABASE_SITE_URL: { required: true }
	METABASE_EMBED_SECRET: { required: true }
	SP_SA_USER: { required: true }
	SP_SA_PASSWORD: { required: true }
	SP_DOC_LIBRARY: { required: true }
	SP_SITE: { required: true }
	SP_MS_FILE_NAME: { required: true }
	SA_CLIENT_SECRET: { required: true }
	SA_CLIENT_ID: { required: true }
	KEYCLOAK_HOST: { required: true }
	SP_LIST_NAME: { required: true }
	RENOVATE_GITHUB_TOKEN: { required: false }
	RENOVATE_PRIVATE_KEY: { required: false }
	CHES_API_URL: { required: true }
	CHES_CLIENT: { required: true }
	CHES_CLIENT_SECRET: { required: true }
	CHES_TO_EMAIL: { required: true }
	CHES_KEYCLOAK_HOST: { required: true }
	TEST_PG_PASSWORD: { required: true }
	JIRA_AUTH: { required: true }
	AWS_S3_FEAT_BUCKET: { required: true }
	AWS_S3_FEAT_CLAM_BUCKET: { required: true }
	AWS_FEAT_ARN: { required: true }
	pull_request:
	branches: [main]
	types: [ready_for_review]
	pull_request_review:
	types: [submitted]

	env:
	TAG: sha-${{ github.sha }}
	FEATURE_NAME: ${{ github.event.pull_request.head.ref }}

	jobs:
	setup-feature-database:
	runs-on: ubuntu-latest
	environment:
	name: development
	steps:
	- name: Checkout
	uses: actions/checkout@v4
	- name: Authenticate with OpenShift
	uses: redhat-actions/oc-login@v1
	with:
	openshift_server_url: ${{ secrets.OPENSHIFT_SERVER }}
	openshift_token: ${{ secrets.OPENSHIFT_TOKEN }}
	- name: Setup database
	run: \|
	FEATURE_NAME_LOWER=$(echo $FEATURE_NAME \| tr '[:upper:]' '[:lower:]' \| sed 's/-*$//')
	FEATURE_NAME_LOWER_SHORT=$(echo $FEATURE_NAME_LOWER \| cut -c -30 \| sed 's/-*$//')
	chmod +x ./lib/feature_envs/create_feature_db.sh
	./lib/feature_envs/create_feature_db.sh ccbc "$FEATURE_NAME_LOWER_SHORT" ${{ secrets.OPENSHIFT_APP_NAMESPACE }}
	deploy-feature-to-openshift-development:
	needs: [setup-feature-database]
	runs-on: ubuntu-latest
	environment:
	name: development
	steps:
	- name: Checkout
	uses: actions/checkout@v4
	- name: Deploy
	uses: ./.github/actions/feature
	with:
	openshift_server_url: ${{ secrets.OPENSHIFT_SERVER }}
	openshift_token: ${{ secrets.OPENSHIFT_TOKEN }}
	openshift_app_namespace: ${{ secrets.OPENSHIFT_APP_NAMESPACE }}
	openshift_metabase_namespace: ${{ secrets.OPENSHIFT_METABASE_NAMESPACE }}
	openshift_metabase_prod_namespace: ${{ secrets.OPENSHIFT_METABASE_PROD_NAMESPACE }}
	next_public_growthbook_api_key: ${{ secrets.NEXT_PUBLIC_GROWTHBOOK_API_KEY }}
	tag: ${{ env.TAG }}
	client_secret: ${{ secrets.CLIENT_SECRET }}
	secure_route: ${{ env.FEATURE_NAME }}-ccbc.apps.silver.devops.gov.bc.ca
	aws_s3_bucket: ${{ secrets.AWS_S3_FEAT_BUCKET }}
	aws_s3_region: ${{ secrets.AWS_S3_REGION }}
	aws_s3_key: ${{ secrets.AWS_S3_KEY }}
	aws_s3_secret_key: ${{ secrets.AWS_S3_SECRET_KEY }}
	aws_clam_s3_bucket: ${{ secrets.AWS_S3_FEAT_CLAM_BUCKET }}
	aws_role_arn: ${{ secrets.AWS_FEAT_ARN }}
	certbot_email: ${{ secrets.CERTBOT_EMAIL }}
	certbot_server: ${{ secrets.CERTBOT_SERVER }}
	metabase_site_url: ${{ secrets.METABASE_SITE_URL }}
	metabase_embed_secret: ${{ secrets.METABASE_EMBED_SECRET }}
	sp_sa_user: ${{ secrets.SP_SA_USER }}
	sp_sa_password: ${{ secrets.SP_SA_PASSWORD }}
	sp_doc_library: ${{ secrets.SP_DOC_LIBRARY }}
	sp_site: ${{ secrets.SP_SITE }}
	sp_ms_file_name: ${{ secrets.SP_MS_FILE_NAME }}
	keycloak_host: ${{ secrets.KEYCLOAK_HOST }}
	sa_client_secret: ${{ secrets.SA_CLIENT_SECRET }}
	sa_client_id: ${{ secrets.SA_CLIENT_ID }}
	sp_list_name: ${{ secrets.SP_LIST_NAME }}
	feature_name: ${{ env.FEATURE_NAME }}
	ches_url: ${{ secrets.CHES_API_URL }}
	ches_client: ${{ secrets.CHES_CLIENT }}
	ches_client_secret: ${{ secrets.CHES_CLIENT_SECRET }}
	ches_to: ${{ secrets.CHES_TO_EMAIL }}
	ches_keycloak_host: ${{ secrets.CHES_KEYCLOAK_HOST }}
	test_pg_password: ${{ secrets.TEST_PG_PASSWORD }}
	environment: dev
	update-jira-issue:
	runs-on: ubuntu-latest
	environment:
	name: development
	needs: [deploy-feature-to-openshift-development]
	steps:
	- name: Checkout code
	uses: actions/checkout@v4
	- name: Get JIRA Issue Key
	id: extract_jira_key
	run: \|
	echo "JIRA_KEY=$(echo "$FEATURE_NAME" \| grep -oE 'NDT-[0-9]+')" >> $GITHUB_ENV
	- name: Update JIRA Issue
	# JIRA_AUTH must be passed pre encoded
	run: \|
	FEATURE_NAME_LOWER=$(echo $FEATURE_NAME \| tr '[:upper:]' '[:lower:]' \| sed 's/-*$//')
	FEATURE_NAME_LOWER_SHORT=$(echo $FEATURE_NAME_LOWER \| cut -c -30 \| sed 's/-*$//')
	curl -X POST \
	-H "Authorization: Basic ${{ secrets.JIRA_AUTH }}" \
	-H "Content-Type: application/json" \
	-d '{
	"body": {
	"type": "doc",
	"version": 1,
	"content": [
	{
	"type": "paragraph",
	"content": [
	{
	"text": "AUTOMATIC COMMENT: ",
	"type": "text",
	"marks": [
	{
	"type": "strong"
	}
	]
	},
	{
	"text": "Feature deployed! URL: ",
	"type": "text"
	},
	{
	"text": "https://'$FEATURE_NAME_LOWER_SHORT'-ccbc.apps.silver.devops.gov.bc.ca",
	"type": "text",
	"marks": [
	{
	"type": "link",
	"attrs": {
	"href": "https://'$FEATURE_NAME_LOWER_SHORT'-ccbc.apps.silver.devops.gov.bc.ca",
	"title": "https://'$FEATURE_NAME_LOWER_SHORT'-ccbc.apps.silver.devops.gov.bc.ca"
	}
	}
	]
	}
	]
	}
	]
	}
	}' \
	"https://connectivitydivision.atlassian.net/rest/api/3/issue/$JIRA_KEY/comment"
	- name: Check PR Approval
	id: pr_approval
	uses: actions/github-script@v7
	with:
	github-token: ${{ secrets.GITHUB_TOKEN }}
	script: \|
	const { data: reviews } = await github.rest.pulls.listReviews({
	owner: context.repo.owner,
	repo: context.repo.repo,
	pull_number: context.payload.pull_request.number
	});

	const approved = reviews.some(review => review.state === 'APPROVED');
	console.log(`PR has been ${approved ? 'approved' : 'not approved'}`);
	return approved;
	- name: Get Issue Status
	id: get_status
	run: \|
	response=$(curl -s -X GET \
	-H "Authorization: Basic ${{ secrets.JIRA_AUTH }}" \
	-H "Content-Type: application/json" \
	"https://connectivitydivision.atlassian.net/rest/api/3/issue/$JIRA_KEY")

	status=$(echo "$response" \| jq -r '.fields.status.name')
	echo "Issue status: $status"

	echo "::set-output name=status::$status"
	- name: Transition Issue
	if: steps.pr_approval.outputs.result == 'true' && steps.get_status.outputs.status != 'SPRINT Done' && steps.get_status.outputs.status != 'Closed'
	run: \|
	curl -X POST \
	-H "Authorization: Basic ${{ secrets.JIRA_AUTH }}" \
	-H "Content-Type: application/json" \
	-d '{
	"transition": {
	"id": "10"
	}
	}' \
	"https://connectivitydivision.atlassian.net/rest/api/3/issue/$JIRA_KEY/transitions"

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

deploy #363

Workflow file

deploy #363

Jobs

Run details

Workflow file for this run