added new workflows

shaunlumbcgov · shaunlumbcgov · commit 17726f7d7036 · 2023-11-29T11:28:33.000-08:00
diff --git a/.github/workflows/build-n-deploy-backend-to-ocp-dev-vue3.yml b/.github/workflows/build-n-deploy-backend-to-ocp-dev-vue3.yml
@@ -0,0 +1,174 @@
+name: VUE3 Build & Deploy Backend-DEV
+
+env:
+  # 🖊️ EDIT your repository secrets to log into your OpenShift cluster and set up the context.
+  # See https://github.com/redhat-actions/oc-login#readme for how to retrieve these values.
+  # To get a permanent token, refer to https://github.com/redhat-actions/oc-login/wiki/Using-a-Service-Account-for-GitHub-Actions
+  OPENSHIFT_SERVER: ${{ secrets.OPENSHIFT_SERVER }}
+  OPENSHIFT_TOKEN: ${{ secrets.OPENSHIFT_TOKEN }}
+  # 🖊️ EDIT to set the kube context's namespace after login. Leave blank to use your user's default namespace.
+  OPENSHIFT_NAMESPACE: ${{GRAD_NAMESPACE_NO_ENV}}-dev
+
+  # 🖊️ EDIT to change the image registry settings.
+  # Registries such as GHCR, Quay.io, and Docker Hub are supported.
+  IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }}
+  IMAGE_REGISTRY_USER: ${{ github.actor }}
+  IMAGE_REGISTRY_PASSWORD: ${{ github.token }}
+
+  IMAGE_NAME: educ-grad-admin-backend
+  DOCKER_ARTIFACTORY_REPO: artifacts.developer.gov.bc.ca/docker-remote
+  ARTIFACTORY_REPO: artifacts.developer.gov.bc.ca
+
+  APP_NAME: "educ-grad-admin"
+  REPO_NAME: "educ-grad-admin"
+  BRANCH: "vue3"
+  APP_NAME_BACKEND: "educ-grad-admin-backend"
+  NAMESPACE: ${{secrets.GRAD_NAMESPACE_NO_ENV}}
+  NAMESPACE_TOOLS: ${{secrets.GRAD_NAMESPACE_NO_ENV}}-tools
+  COMMON_NAMESPACE: ${{secrets.COMMON_NAMESPACE_NO_ENV}}
+  TAG: "latest-vue3"
+  TARGET_ENV: "dev"
+
+  MIN_CPU: "50m"
+  MAX_CPU: "100m"
+  MIN_MEM: "200Mi"
+  MAX_MEM: "250Mi"
+  MIN_REPLICAS: "1"
+  MAX_REPLICAS: "1"
+
+  # SITE_URL should have no scheme or port. It will be prepended with https://
+  HOST_ROUTE: ${{ secrets.SITE_URL }}
+
+on:
+  workflow_dispatch:
+
+jobs:
+  openshift-ci-cd:
+    name: VUE3 Build & Deploy Backend to DEV
+    # ubuntu-latest can also be used.
+    runs-on: ubuntu-20.04
+    environment: vue3-dev
+
+    outputs:
+      ROUTE: ${{ steps.deploy-and-expose.outputs.route }}
+      SELECTOR: ${{ steps.deploy-and-expose.outputs.selector }}
+
+    steps:
+      - name: Check for required secrets
+        uses: actions/github-script@v4
+        with:
+          script: |
+            const secrets = {
+              OPENSHIFT_SERVER: `${{ secrets.OPENSHIFT_SERVER }}`,
+              OPENSHIFT_TOKEN: `${{ secrets.OPENSHIFT_TOKEN }}`,
+            };
+
+            const GHCR = "ghcr.io";
+            if (`${{ env.IMAGE_REGISTRY }}`.startsWith(GHCR)) {
+              core.info(`Image registry is ${GHCR} - no registry password required`);
+            }
+            else {
+              core.info("A registry password is required");
+              secrets["IMAGE_REGISTRY_PASSWORD"] = `${{ secrets.IMAGE_REGISTRY_PASSWORD }}`;
+            }
+
+            const missingSecrets = Object.entries(secrets).filter(([ name, value ]) => {
+              if (value.length === 0) {
+                core.error(`Secret "${name}" is not set`);
+                return true;
+              }
+              core.info(`✔️ Secret "${name}" is set`);
+              return false;
+            });
+
+            if (missingSecrets.length > 0) {
+              core.setFailed(`❌ At least one required secret is not set in the repository. \n` +
+                "You can add it using:\n" +
+                "GitHub UI: https://docs.github.com/en/actions/reference/encrypted-secrets#creating-encrypted-secrets-for-a-repository \n" +
+                "GitHub CLI: https://cli.github.com/manual/gh_secret_set \n" +
+                "Also, refer to https://github.com/redhat-actions/oc-login#getting-started-with-the-action-or-see-example");
+            }
+            else {
+              core.info(`✅ All the required secrets are set`);
+            }
+
+      - name: Check out repository
+        uses: actions/checkout@v2
+
+      - name: Determine app name
+        if: env.APP_NAME_BACKEND == ''
+        run: |
+          echo "APP_NAME_BACKEND=$(basename $PWD)" | tee -a $GITHUB_ENV
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v2
+        with:
+          registry: ${{ env.DOCKER_ARTIFACTORY_REPO }}
+          username: ${{ secrets.DOCKER_ARTIFACTORY_USERNAME }}
+          password: ${{ secrets.DOCKER_ARTIFACTORY_ACCESS_TOKEN }}
+
+      # https://github.com/redhat-actions/buildah-build#readme
+      - name: Build backend from Dockerfile
+        id: build-image-backend
+        uses: redhat-actions/buildah-build@v2
+        with:
+          image: ${{ env.APP_NAME_BACKEND }}
+          tags: "latest-vue3"
+
+          # If you don't have a Dockerfile/Containerfile, refer to https://github.com/redhat-actions/buildah-build#scratch-build-inputs
+          # Or, perform a source-to-image build using https://github.com/redhat-actions/s2i-build
+          # Otherwise, point this to your Dockerfile/Containerfile relative to the repository root.
+          dockerfiles: |
+            ./backend/Dockerfile
+          context: ./backend
+
+        # https://github.com/redhat-actions/push-to-registry#readme
+      - name: Push backend to registry
+        id: push-image-backend
+        uses: redhat-actions/push-to-registry@v2
+        with:
+          image: ${{ steps.build-image-backend.outputs.image }}
+          tags: ${{ steps.build-image-backend.outputs.tags }}
+          registry: ${{ env.IMAGE_REGISTRY }}
+          username: ${{ env.IMAGE_REGISTRY_USER }}
+          password: ${{ env.IMAGE_REGISTRY_PASSWORD }}
+
+      - name: Install oc
+        uses: redhat-actions/openshift-tools-installer@v1
+        with:
+          oc: 4
+
+        # https://github.com/redhat-actions/oc-login#readme
+      - uses: actions/checkout@v2
+      - name: Deploy
+        run: |
+          set -eux
+          # Login to OpenShift and select project
+          oc login --token=${{ env.OPENSHIFT_TOKEN }} --server=${{ env.OPENSHIFT_SERVER }}
+          oc project ${{ env.OPENSHIFT_NAMESPACE }}
+          # Cancel any rollouts in progress
+          oc rollout cancel dc/${{ env.IMAGE_NAME }}-dc 2> /dev/null \
+          || true && echo "No rollout in progress"
+
+          oc project ${{ env.OPENSHIFT_NAMESPACE }}
+
+          # Create the image stream if it doesn't exist
+          oc create imagestream ${{ env.REPO_NAME }}-backend 2> /dev/null || true && echo "Backend image stream in place"
+
+          oc tag ${{ steps.push-image-backend.outputs.registry-path }} ${{ env.REPO_NAME }}-backend:${{ env.TAG }}
+
+          # Process and apply deployment template
+          oc process -f tools/openshift/backend-dc.yaml -p IS_NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} -p REPO_NAME=educ-grad-admin -p HOST_ROUTE=educ-grad-admin-${{secrets.GRAD_NAMESPACE_NO_ENV}}-dev.apps.silver.devops.gov.bc.ca  -p MIN_REPLICAS=${{ env.MIN_REPLICAS }} -p MAX_REPLICAS=${{ env.MAX_REPLICAS }} -p MIN_CPU=${{ env.MIN_CPU }} -p MAX_CPU=${{ env.MAX_CPU }} -p MIN_MEM=${{ env.MIN_MEM }} -p MAX_MEM=${{ env.MAX_MEM }} | oc apply -n ${{secrets.GRAD_NAMESPACE_NO_ENV}}-dev -f -
+
+          # Start rollout (if necessary) and follow it
+          oc rollout latest-vue3 dc/${{ env.IMAGE_NAME }}-dc 2> /dev/null \
+          || true && echo "Rollout in progress"
+
+          oc logs -f dc/${{ env.IMAGE_NAME }}-dc
+          # Get status, returns 0 if rollout is successful
+          oc rollout status dc/${{ env.IMAGE_NAME }}-dc
+
+      - name: ZAP Scan
+        uses: zaproxy/action-full-scan@v0.3.0
+        with:
+          target: "https://educ-grad-admin-${{secrets.GRAD_NAMESPACE_NO_ENV}}-dev.apps.silver.devops.gov.bc.ca"
diff --git a/.github/workflows/build-n-deploy-frontend-to-ocp-dev-vue3.yml b/.github/workflows/build-n-deploy-frontend-to-ocp-dev-vue3.yml
@@ -0,0 +1,176 @@
+name: VUE3 Build & Deploy Frontend-DEV
+
+env:
+  # 🖊️ EDIT your repository secrets to log into your OpenShift cluster and set up the context.
+  # See https://github.com/redhat-actions/oc-login#readme for how to retrieve these values.
+  # To get a permanent token, refer to https://github.com/redhat-actions/oc-login/wiki/Using-a-Service-Account-for-GitHub-Actions
+  OPENSHIFT_SERVER: ${{ secrets.OPENSHIFT_SERVER }}
+  OPENSHIFT_TOKEN: ${{ secrets.OPENSHIFT_TOKEN }}
+  # 🖊️ EDIT to set the kube context's namespace after login. Leave blank to use your user's default namespace.
+  OPENSHIFT_NAMESPACE: ${{secrets.GRAD_NAMESPACE_NO_ENV}}-dev
+
+  # 🖊️ EDIT to change the image registry settings.
+  # Registries such as GHCR, Quay.io, and Docker Hub are supported.
+  IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }}
+  IMAGE_REGISTRY_USER: ${{ github.actor }}
+  IMAGE_REGISTRY_PASSWORD: ${{ github.token }}
+
+  IMAGE_NAME: educ-grad-admin-frontend
+  DOCKER_ARTIFACTORY_REPO: artifacts.developer.gov.bc.ca/docker-remote
+  ARTIFACTORY_REPO: artifacts.developer.gov.bc.ca
+
+  APP_NAME: "educ-grad-admin"
+  REPO_NAME: "educ-grad-admin"
+  BRANCH: "main"
+  APP_NAME_FRONTEND: "educ-grad-admin-frontend"
+  NAMESPACE: ${{secrets.GRAD_NAMESPACE_NO_ENV}}
+  NAMESPACE_TOOLS: ${{secrets.GRAD_NAMESPACE_NO_ENV}}-tools
+  COMMON_NAMESPACE: 75e61b
+  TAG: "latest-vue3"
+  TARGET_ENV: "dev"
+
+  # SITE_URL should have no scheme or port. It will be prepended with https://
+  HOST_ROUTE: ${{ secrets.SITE_URL }}
+
+on:
+  workflow_dispatch:
+
+jobs:
+  openshift-ci-cd:
+    name: Build & Deploy Frontend to DEV
+    # ubuntu-latest can also be used.
+    runs-on: ubuntu-20.04
+    environment: dev
+
+    outputs:
+      ROUTE: ${{ steps.deploy-and-expose.outputs.route }}
+      SELECTOR: ${{ steps.deploy-and-expose.outputs.selector }}
+
+    steps:
+      - name: Check for required secrets
+        uses: actions/github-script@v4
+        with:
+          script: |
+            const secrets = {
+              OPENSHIFT_SERVER: `${{ secrets.OPENSHIFT_SERVER }}`,
+              OPENSHIFT_TOKEN: `${{ secrets.OPENSHIFT_TOKEN }}`,
+            };
+
+            const GHCR = "ghcr.io";
+            if (`${{ env.IMAGE_REGISTRY }}`.startsWith(GHCR)) {
+              core.info(`Image registry is ${GHCR} - no registry password required`);
+            }
+            else {
+              core.info("A registry password is required");
+              secrets["IMAGE_REGISTRY_PASSWORD"] = `${{ secrets.IMAGE_REGISTRY_PASSWORD }}`;
+            }
+
+            const missingSecrets = Object.entries(secrets).filter(([ name, value ]) => {
+              if (value.length === 0) {
+                core.error(`Secret "${name}" is not set`);
+                return true;
+              }
+              core.info(`✔️ Secret "${name}" is set`);
+              return false;
+            });
+
+            if (missingSecrets.length > 0) {
+              core.setFailed(`❌ At least one required secret is not set in the repository. \n` +
+                "You can add it using:\n" +
+                "GitHub UI: https://docs.github.com/en/actions/reference/encrypted-secrets#creating-encrypted-secrets-for-a-repository \n" +
+                "GitHub CLI: https://cli.github.com/manual/gh_secret_set \n" +
+                "Also, refer to https://github.com/redhat-actions/oc-login#getting-started-with-the-action-or-see-example");
+            }
+            else {
+              core.info(`✅ All the required secrets are set`);
+            }
+
+      - name: Check out repository
+        uses: actions/checkout@v2
+
+      - name: Determine app name
+        if: env.APP_NAME_FRONTEND == ''
+        run: |
+          echo "APP_NAME_FRONTEND=$(basename $PWD)" | tee -a $GITHUB_ENV
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v2
+        with:
+          registry: ${{ env.DOCKER_ARTIFACTORY_REPO }}
+          username: ${{ secrets.DOCKER_ARTIFACTORY_USERNAME }}
+          password: ${{ secrets.DOCKER_ARTIFACTORY_ACCESS_TOKEN }}
+
+      # https://github.com/redhat-actions/buildah-build#readme
+      - name: Build frontend from Dockerfile
+        id: build-image-frontend
+        uses: redhat-actions/buildah-build@v2
+        with:
+          image: ${{ env.APP_NAME_FRONTEND }}
+          tags: "latest-vue3"
+
+          # If you don't have a Dockerfile/Containerfile, refer to https://github.com/redhat-actions/buildah-build#scratch-build-inputs
+          # Or, perform a source-to-image build using https://github.com/redhat-actions/s2i-build
+          # Otherwise, point this to your Dockerfile/Containerfile relative to the repository root.
+          dockerfiles: |
+            ./frontend/Dockerfile
+          context: ./frontend
+
+        # https://github.com/redhat-actions/push-to-registry#readme
+      - name: Push frontend to registry
+        id: push-image-frontend
+        uses: redhat-actions/push-to-registry@v2
+        with:
+          image: ${{ steps.build-image-frontend.outputs.image }}
+          tags: ${{ steps.build-image-frontend.outputs.tags }}
+          registry: ${{ env.IMAGE_REGISTRY }}
+          username: ${{ env.IMAGE_REGISTRY_USER }}
+          password: ${{ env.IMAGE_REGISTRY_PASSWORD }}
+
+      - name: Install oc
+        uses: redhat-actions/openshift-tools-installer@v1
+        with:
+          oc: 4
+
+        # https://github.com/redhat-actions/oc-login#readme
+      - uses: actions/checkout@v2
+      - name: Build frontend static
+        id: build-image-frontend-static
+        run: |
+          set -eux
+          # Login to OpenShift and select project
+          oc login --token=${{ env.OPENSHIFT_TOKEN }} --server=${{ env.OPENSHIFT_SERVER }}
+          oc project ${{ env.OPENSHIFT_NAMESPACE }}
+
+          # Create the image stream if it doesn't exist
+          oc create imagestream ${{ env.REPO_NAME }}-frontend 2> /dev/null || true && echo "Frontend image stream in place"
+          oc tag ${{ steps.push-image-frontend.outputs.registry-path }} ${{ env.REPO_NAME }}-frontend:${{ env.TAG }}
+
+        # https://github.com/redhat-actions/oc-login#readme
+      - uses: actions/checkout@v2
+      - name: Deploy
+        run: |
+          set -eux
+          # Login to OpenShift and select project
+          oc login --token=${{ env.OPENSHIFT_TOKEN }} --server=${{ env.OPENSHIFT_SERVER }}
+          oc project ${{ env.OPENSHIFT_NAMESPACE }}
+
+          # Cancel any rollouts in progress
+          oc rollout cancel dc/${{ env.IMAGE_NAME }}-dc 2> /dev/null \
+          || true && echo "No rollout in progress"
+
+          # Process and apply deployment template
+          oc process -f tools/openshift/frontend-dc.yaml -p REPO_NAME=educ-grad-admin \
+          -p HOST_ROUTE=educ-grad-admin-${{secrets.GRAD_NAMESPACE_NO_ENV}}-dev.apps.silver.devops.gov.bc.ca -p NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} \
+          -p APP_NAME=educ-grad-admin -p TAG=latest-vue3 -p MIN_REPLICAS=2 -p MAX_REPLICAS=3 -p MIN_CPU=50m -p MAX_CPU=100m \
+          -p MIN_MEM=200Mi -p MAX_MEM=250Mi | oc apply -n ${{secrets.GRAD_NAMESPACE_NO_ENV}}-dev -f -
+
+          # Start rollout (if necessary) and follow it
+          oc rollout latest-vue3 dc/${{ env.IMAGE_NAME }}-dc 2> /dev/null \
+          || true && echo "Rollout in progress"
+          oc logs -f dc/${{ env.IMAGE_NAME }}-dc
+          # Get status, returns 0 if rollout is successful
+          oc rollout status dc/${{ env.IMAGE_NAME }}-dc
+      - name: ZAP Scan
+        uses: zaproxy/action-full-scan@v0.3.0
+        with:
+          target: "https://educ-grad-admin-${{secrets.GRAD_NAMESPACE_NO_ENV}}-dev.apps.silver.devops.gov.bc.ca"
