From 0c9343eea5c537d4a91e46dbfb195da38ad3b2e8 Mon Sep 17 00:00:00 2001 From: Kamal Mohammed Date: Tue, 23 Jan 2024 16:19:24 -0700 Subject: [PATCH] Update actions --- ...ld.from.developer.branch.deploy.to.dev.yml | 42 ++++++++----- .../build.from.main.branch.deploy.to.dev.yml | 43 ++++++++------ ...uild.from.release.branch.deploy.to.dev.yml | 41 ++++++++----- .github/workflows/create_tag.yml | 59 +++++++++---------- .github/workflows/deploy_prod.yml | 33 ++++++++--- .github/workflows/deploy_test.yml | 33 ++++++++--- .github/workflows/on.pr.yml | 8 +-- tools/config/update-configmap.sh | 12 +++- 8 files changed, 171 insertions(+), 100 deletions(-) diff --git a/.github/workflows/build.from.developer.branch.deploy.to.dev.yml b/.github/workflows/build.from.developer.branch.deploy.to.dev.yml index 5048d46..096cb3b 100644 --- a/.github/workflows/build.from.developer.branch.deploy.to.dev.yml +++ b/.github/workflows/build.from.developer.branch.deploy.to.dev.yml @@ -4,9 +4,12 @@ env: # 🖊️ EDIT your repository secrets to log into your OpenShift cluster and set up the context. # See https://github.com/redhat-actions/oc-login#readme for how to retrieve these values. # To get a permanent token, refer to https://github.com/redhat-actions/oc-login/wiki/Using-a-Service-Account-for-GitHub-Actions - OPENSHIFT_SERVER: ${{ secrets.OPENSHIFT_SERVER }} + OPENSHIFT_SERVER: ${{ vars.OPENSHIFT_SERVER }} OPENSHIFT_TOKEN: ${{ secrets.OPENSHIFT_TOKEN }} - OPENSHIFT_NAMESPACE: ${{ secrets.GRAD_NAMESPACE }}-dev + OPENSHIFT_NAMESPACE: ${{ vars.GRAD_NAMESPACE }}-dev + COMMON_NAMESPACE: ${{ vars.COMMON_NAMESPACE }} + GRAD_NAMESPACE: ${{ vars.GRAD_NAMESPACE }} + BUSINESS_NAMESPACE: ${{ vars.GRAD_BUSINESS_NAMESPACE }} # 🖊️ EDIT to change the image registry settings. # Registries such as GHCR, Quay.io, and Docker Hub are supported. @@ -15,12 +18,11 @@ env: IMAGE_REGISTRY_PASSWORD: ${{ github.token }} SPRING_BOOT_IMAGE_NAME: educ-grad-business-api-dc - DOCKER_ARTIFACTORY_REPO: artifacts.developer.gov.bc.ca/docker-remote REPO_NAME: "educ-grad-business-api" - APP_DOMAIN: ${{ secrets.APP_DOMAIN }} + APP_DOMAIN: ${{ vars.APP_DOMAIN }} + BRANCH: "grad-release" TAG: "latest" - #GRAD2-1947 Resource optimization MIN_CPU: "30m" MAX_CPU: "120m" MIN_MEM: "350Mi" @@ -41,18 +43,14 @@ on: - develop/chris - develop/jinil - develop/km + - grad-hotfix jobs: openshift-ci-cd: name: Build and deploy to OpenShift DEV from Developer branch - # ubuntu-20.04 can also be used. runs-on: ubuntu-20.04 environment: dev - outputs: - ROUTE: ${{ steps.deploy-and-expose.outputs.route }} - SELECTOR: ${{ steps.deploy-and-expose.outputs.selector }} - steps: - name: Check out repository uses: actions/checkout@v3 @@ -67,8 +65,8 @@ jobs: - name: Login to Docker Hub uses: docker/login-action@v2 with: - registry: ${{ env.DOCKER_ARTIFACTORY_REPO }} - username: ${{ secrets.DOCKER_ARTIFACTORY_USERNAME }} + registry: ${{ vars.DOCKER_ARTIFACTORY_REPO }} + username: ${{ vars.DOCKER_ARTIFACTORY_USERNAME }} password: ${{ secrets.DOCKER_ARTIFACTORY_ACCESS_TOKEN }} # https://github.com/redhat-actions/buildah-build#readme @@ -116,8 +114,22 @@ jobs: oc -n ${{ env.OPENSHIFT_NAMESPACE }} tag ${{ steps.push-image.outputs.registry-path }} ${{ env.REPO_NAME }}:${{ env.TAG }} # Process and apply deployment template - oc process -f tools/openshift/api.dc.yaml -p IS_NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} -p REPO_NAME=${{ env.REPO_NAME }} -p TAG_NAME=${{ env.TAG }} -p HOST_ROUTE=${{ env.REPO_NAME }}-${{ env.OPENSHIFT_NAMESPACE }}.${{ env.APP_DOMAIN }} -p MIN_REPLICAS=${{ env.MIN_REPLICAS }} -p MAX_REPLICAS=${{ env.MAX_REPLICAS }} -p MIN_CPU=${{ env.MIN_CPU }} -p MAX_CPU=${{ env.MAX_CPU }} -p MIN_MEM=${{ env.MIN_MEM }} -p MAX_MEM=${{ env.MAX_MEM }} -p STORAGE_LIMIT=${{ env.STORAGE_LIMIT }} \ - | oc apply -f - + oc process -f tools/openshift/api.dc.yaml -p IS_NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} -p REPO_NAME=${{ env.REPO_NAME }} \ + -p TAG_NAME=${{ env.TAG }} -p HOST_ROUTE=${{ env.REPO_NAME }}-${{ env.OPENSHIFT_NAMESPACE }}.${{ env.APP_DOMAIN }} \ + -p MIN_REPLICAS=${{ env.MIN_REPLICAS }} -p MAX_REPLICAS=${{ env.MAX_REPLICAS }} -p MIN_CPU=${{ env.MIN_CPU }} \ + -p MAX_CPU=${{ env.MAX_CPU }} -p MIN_MEM=${{ env.MIN_MEM }} -p MAX_MEM=${{ env.MAX_MEM }} \ + -p STORAGE_LIMIT=${{ env.STORAGE_LIMIT }}| oc apply -f - + + # UPDATE Configmaps + curl -s https://raw.githubusercontent.com/bcgov/${{ env.REPO_NAME }}/${{ github.event.inputs.choice }}/tools/config/update-configmap.sh \ + | bash /dev/stdin \ + dev \ + ${{ env.REPO_NAME }} \ + ${{ env.GRAD_NAMESPACE }} \ + ${{ env.COMMON_NAMESPACE }} \ + ${{ env.BUSINESS_NAMESPACE }} \ + ${{ secrets.SPLUNK_TOKEN }} \ + ${{ vars.APP_LOG_LEVEL }} # Start rollout (if necessary) and follow it oc rollout latest dc/${{ env.SPRING_BOOT_IMAGE_NAME }} 2> /dev/null \ @@ -130,4 +142,4 @@ jobs: - name: ZAP Scan uses: zaproxy/action-api-scan@v0.1.0 with: - target: 'https://${{ env.REPO_NAME }}-${{ env.OPENSHIFT_NAMESPACE }}-dev.apps.silver.devops.gov.bc.ca/api/v1/api-docs' + target: 'https://${{ env.REPO_NAME }}-${{ env.OPENSHIFT_NAMESPACE }}-dev.apps.silver.devops.gov.bc.ca/api/v1/api-docs' \ No newline at end of file diff --git a/.github/workflows/build.from.main.branch.deploy.to.dev.yml b/.github/workflows/build.from.main.branch.deploy.to.dev.yml index 6d2d656..0a760c8 100644 --- a/.github/workflows/build.from.main.branch.deploy.to.dev.yml +++ b/.github/workflows/build.from.main.branch.deploy.to.dev.yml @@ -1,13 +1,15 @@ name: Build & Deploy to DEV from main branch env: - # 🖊️ EDIT your repository secrets to log into your OpenShift cluster and set up the context. # See https://github.com/redhat-actions/oc-login#readme for how to retrieve these values. # To get a permanent token, refer to https://github.com/redhat-actions/oc-login/wiki/Using-a-Service-Account-for-GitHub-Actions - OPENSHIFT_SERVER: ${{ secrets.OPENSHIFT_SERVER }} + OPENSHIFT_SERVER: ${{ vars.OPENSHIFT_SERVER }} OPENSHIFT_TOKEN: ${{ secrets.OPENSHIFT_TOKEN }} - OPENSHIFT_NAMESPACE: ${{ secrets.GRAD_NAMESPACE }}-dev + OPENSHIFT_NAMESPACE: ${{ vars.GRAD_NAMESPACE }}-dev + COMMON_NAMESPACE: ${{ vars.COMMON_NAMESPACE }} + GRAD_NAMESPACE: ${{ vars.GRAD_NAMESPACE }} + BUSINESS_NAMESPACE: ${{ vars.GRAD_BUSINESS_NAMESPACE }} # 🖊️ EDIT to change the image registry settings. # Registries such as GHCR, Quay.io, and Docker Hub are supported. @@ -16,12 +18,11 @@ env: IMAGE_REGISTRY_PASSWORD: ${{ github.token }} SPRING_BOOT_IMAGE_NAME: educ-grad-business-api-dc - DOCKER_ARTIFACTORY_REPO: artifacts.developer.gov.bc.ca/docker-remote REPO_NAME: "educ-grad-business-api" - APP_DOMAIN: ${{ secrets.APP_DOMAIN }} + APP_DOMAIN: ${{ vars.APP_DOMAIN }} + BRANCH: "main" TAG: "latest" - #GRAD2-1947 Resource optimization MIN_CPU: "30m" MAX_CPU: "120m" MIN_MEM: "350Mi" @@ -31,20 +32,14 @@ env: STORAGE_LIMIT: 16Gi on: - # https://docs.github.com/en/actions/reference/events-that-trigger-workflows workflow_dispatch: jobs: openshift-ci-cd: name: Build and deploy to OpenShift DEV - # ubuntu-20.04 can also be used. runs-on: ubuntu-20.04 environment: dev - outputs: - ROUTE: ${{ steps.deploy-and-expose.outputs.route }} - SELECTOR: ${{ steps.deploy-and-expose.outputs.selector }} - steps: - name: Check out repository uses: actions/checkout@v3 @@ -57,8 +52,8 @@ jobs: - name: Login to Docker Hub uses: docker/login-action@v2 with: - registry: ${{ env.DOCKER_ARTIFACTORY_REPO }} - username: ${{ secrets.DOCKER_ARTIFACTORY_USERNAME }} + registry: ${{ vars.DOCKER_ARTIFACTORY_REPO }} + username: ${{ vars.DOCKER_ARTIFACTORY_USERNAME }} password: ${{ secrets.DOCKER_ARTIFACTORY_ACCESS_TOKEN }} # https://github.com/redhat-actions/buildah-build#readme @@ -106,8 +101,22 @@ jobs: oc -n ${{ env.OPENSHIFT_NAMESPACE }} tag ${{ steps.push-image.outputs.registry-path }} ${{ env.REPO_NAME }}:${{ env.TAG }} # Process and apply deployment template - oc process -f tools/openshift/api.dc.yaml -p IS_NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} -p REPO_NAME=${{ env.REPO_NAME }} -p TAG_NAME=${{ env.TAG }} -p HOST_ROUTE=${{ env.REPO_NAME }}-${{ env.OPENSHIFT_NAMESPACE }}.${{ env.APP_DOMAIN }} -p MIN_REPLICAS=${{ env.MIN_REPLICAS }} -p MAX_REPLICAS=${{ env.MAX_REPLICAS }} -p MIN_CPU=${{ env.MIN_CPU }} -p MAX_CPU=${{ env.MAX_CPU }} -p MIN_MEM=${{ env.MIN_MEM }} -p MAX_MEM=${{ env.MAX_MEM }} -p STORAGE_LIMIT=${{ env.STORAGE_LIMIT }} \ - | oc apply -f - + oc process -f tools/openshift/api.dc.yaml -p IS_NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} -p REPO_NAME=${{ env.REPO_NAME }} \ + -p TAG_NAME=${{ env.TAG }} -p HOST_ROUTE=${{ env.REPO_NAME }}-${{ env.OPENSHIFT_NAMESPACE }}.${{ env.APP_DOMAIN }} \ + -p MIN_REPLICAS=${{ env.MIN_REPLICAS }} -p MAX_REPLICAS=${{ env.MAX_REPLICAS }} -p MIN_CPU=${{ env.MIN_CPU }} \ + -p MAX_CPU=${{ env.MAX_CPU }} -p MIN_MEM=${{ env.MIN_MEM }} -p MAX_MEM=${{ env.MAX_MEM }} \ + -p STORAGE_LIMIT=${{ env.STORAGE_LIMIT }} | oc apply -f - + + # UPDATE Configmaps + curl -s https://raw.githubusercontent.com/bcgov/${{ env.REPO_NAME }}/${{ env.BRANCH }}/tools/config/update-configmap.sh \ + | bash /dev/stdin \ + dev \ + ${{ env.REPO_NAME }} \ + ${{ env.GRAD_NAMESPACE }} \ + ${{ env.COMMON_NAMESPACE }} \ + ${{ env.BUSINESS_NAMESPACE }} \ + ${{ secrets.SPLUNK_TOKEN }} \ + ${{ vars.APP_LOG_LEVEL }} # Start rollout (if necessary) and follow it oc rollout latest dc/${{ env.SPRING_BOOT_IMAGE_NAME }} 2> /dev/null \ @@ -120,4 +129,4 @@ jobs: - name: ZAP Scan uses: zaproxy/action-api-scan@v0.1.0 with: - target: 'https://${{ env.REPO_NAME }}-${{ env.OPENSHIFT_NAMESPACE }}-dev.apps.silver.devops.gov.bc.ca/api/v1/api-docs' + target: 'https://${{ env.REPO_NAME }}-${{ env.OPENSHIFT_NAMESPACE }}-dev.apps.silver.devops.gov.bc.ca/api/v1/api-docs' \ No newline at end of file diff --git a/.github/workflows/build.from.release.branch.deploy.to.dev.yml b/.github/workflows/build.from.release.branch.deploy.to.dev.yml index b87d2ef..a534d1d 100644 --- a/.github/workflows/build.from.release.branch.deploy.to.dev.yml +++ b/.github/workflows/build.from.release.branch.deploy.to.dev.yml @@ -4,9 +4,12 @@ env: # 🖊️ EDIT your repository secrets to log into your OpenShift cluster and set up the context. # See https://github.com/redhat-actions/oc-login#readme for how to retrieve these values. # To get a permanent token, refer to https://github.com/redhat-actions/oc-login/wiki/Using-a-Service-Account-for-GitHub-Actions - OPENSHIFT_SERVER: ${{ secrets.OPENSHIFT_SERVER }} + OPENSHIFT_SERVER: ${{ vars.OPENSHIFT_SERVER }} OPENSHIFT_TOKEN: ${{ secrets.OPENSHIFT_TOKEN }} - OPENSHIFT_NAMESPACE: ${{ secrets.GRAD_NAMESPACE }}-dev + OPENSHIFT_NAMESPACE: ${{ vars.GRAD_NAMESPACE }}-dev + COMMON_NAMESPACE: ${{ vars.COMMON_NAMESPACE }} + GRAD_NAMESPACE: ${{ vars.GRAD_NAMESPACE }} + BUSINESS_NAMESPACE: ${{ vars.GRAD_BUSINESS_NAMESPACE }} # 🖊️ EDIT to change the image registry settings. # Registries such as GHCR, Quay.io, and Docker Hub are supported. @@ -15,12 +18,11 @@ env: IMAGE_REGISTRY_PASSWORD: ${{ github.token }} SPRING_BOOT_IMAGE_NAME: educ-grad-business-api-dc - DOCKER_ARTIFACTORY_REPO: artifacts.developer.gov.bc.ca/docker-remote REPO_NAME: "educ-grad-business-api" - APP_DOMAIN: ${{ secrets.APP_DOMAIN }} + APP_DOMAIN: ${{ vars.APP_DOMAIN }} + BRANCH: "grad-release" TAG: "latest" - #GRAD2-1947 Resource optimization MIN_CPU: "30m" MAX_CPU: "120m" MIN_MEM: "350Mi" @@ -42,14 +44,9 @@ on: jobs: openshift-ci-cd: name: Build and deploy to OpenShift DEV from release branch - # ubuntu-20.04 can also be used. runs-on: ubuntu-20.04 environment: dev - outputs: - ROUTE: ${{ steps.deploy-and-expose.outputs.route }} - SELECTOR: ${{ steps.deploy-and-expose.outputs.selector }} - steps: - name: Check out repository uses: actions/checkout@v3 @@ -64,8 +61,8 @@ jobs: - name: Login to Docker Hub uses: docker/login-action@v2 with: - registry: ${{ env.DOCKER_ARTIFACTORY_REPO }} - username: ${{ secrets.DOCKER_ARTIFACTORY_USERNAME }} + registry: ${{ vars.DOCKER_ARTIFACTORY_REPO }} + username: ${{ vars.DOCKER_ARTIFACTORY_USERNAME }} password: ${{ secrets.DOCKER_ARTIFACTORY_ACCESS_TOKEN }} # https://github.com/redhat-actions/buildah-build#readme @@ -113,8 +110,22 @@ jobs: oc -n ${{ env.OPENSHIFT_NAMESPACE }} tag ${{ steps.push-image.outputs.registry-path }} ${{ env.REPO_NAME }}:${{ env.TAG }} # Process and apply deployment template - oc process -f tools/openshift/api.dc.yaml -p IS_NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} -p REPO_NAME=${{ env.REPO_NAME }} -p TAG_NAME=${{ env.TAG }} -p HOST_ROUTE=${{ env.REPO_NAME }}-${{ env.OPENSHIFT_NAMESPACE }}.${{ env.APP_DOMAIN }} -p MIN_REPLICAS=${{ env.MIN_REPLICAS }} -p MAX_REPLICAS=${{ env.MAX_REPLICAS }} -p MIN_CPU=${{ env.MIN_CPU }} -p MAX_CPU=${{ env.MAX_CPU }} -p MIN_MEM=${{ env.MIN_MEM }} -p MAX_MEM=${{ env.MAX_MEM }} -p STORAGE_LIMIT=${{ env.STORAGE_LIMIT }} \ - | oc apply -f - + oc process -f tools/openshift/api.dc.yaml -p IS_NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} -p REPO_NAME=${{ env.REPO_NAME }} \ + -p TAG_NAME=${{ env.TAG }} -p HOST_ROUTE=${{ env.REPO_NAME }}-${{ env.OPENSHIFT_NAMESPACE }}.${{ env.APP_DOMAIN }} \ + -p MIN_REPLICAS=${{ env.MIN_REPLICAS }} -p MAX_REPLICAS=${{ env.MAX_REPLICAS }} -p MIN_CPU=${{ env.MIN_CPU }} \ + -p MAX_CPU=${{ env.MAX_CPU }} -p MIN_MEM=${{ env.MIN_MEM }} -p MAX_MEM=${{ env.MAX_MEM }} \ + -p STORAGE_LIMIT=${{ env.STORAGE_LIMIT }} | oc apply -f - + + # UPDATE Configmaps + curl -s https://raw.githubusercontent.com/bcgov/${{ env.REPO_NAME }}/${{ env.BRANCH }}/tools/config/update-configmap.sh \ + | bash /dev/stdin \ + dev \ + ${{ env.REPO_NAME }} \ + ${{ env.GRAD_NAMESPACE }} \ + ${{ env.COMMON_NAMESPACE }} \ + ${{ env.BUSINESS_NAMESPACE }} \ + ${{ secrets.SPLUNK_TOKEN }} \ + ${{ vars.APP_LOG_LEVEL }} # Start rollout (if necessary) and follow it oc rollout latest dc/${{ env.SPRING_BOOT_IMAGE_NAME }} 2> /dev/null \ @@ -127,4 +138,4 @@ jobs: - name: ZAP Scan uses: zaproxy/action-api-scan@v0.1.0 with: - target: 'https://${{ env.REPO_NAME }}-${{ env.OPENSHIFT_NAMESPACE }}-dev.apps.silver.devops.gov.bc.ca/api/v1/api-docs' + target: 'https://${{ env.REPO_NAME }}-${{ env.OPENSHIFT_NAMESPACE }}-dev.apps.silver.devops.gov.bc.ca/api/v1/api-docs' \ No newline at end of file diff --git a/.github/workflows/create_tag.yml b/.github/workflows/create_tag.yml index e666431..17169c0 100644 --- a/.github/workflows/create_tag.yml +++ b/.github/workflows/create_tag.yml @@ -4,16 +4,16 @@ env: # 🖊️ EDIT your repository secrets to log into your OpenShift cluster and set up the context. # See https://github.com/redhat-actions/oc-login#readme for how to retrieve these values. # To get a permanent token, refer to https://github.com/redhat-actions/oc-login/wiki/Using-a-Service-Account-for-GitHub-Actions - OPENSHIFT_SERVER: ${{ secrets.OPENSHIFT_SERVER }} + OPENSHIFT_SERVER: ${{ vars.OPENSHIFT_SERVER }} OPENSHIFT_TOKEN: ${{ secrets.OPENSHIFT_TOKEN }} - OPENSHIFT_NAMESPACE: ${{ secrets.GRAD_NAMESPACE }}-dev + OPENSHIFT_NAMESPACE: ${{ vars.GRAD_BUSINESS_NAMESPACE }}-dev # 🖊️ EDIT to specify custom tags for the container image, or default tags will be generated below. IMAGE_TAGS: "" REPO_NAME: "educ-grad-business-api" BRANCH: "master" - NAMESPACE: ${{ secrets.GRAD_NAMESPACE }} + NAMESPACE: ${{ vars.GRAD_NAMESPACE }} on: # https://docs.github.com/en/actions/reference/events-that-trigger-workflows @@ -26,7 +26,6 @@ on: jobs: tag_image: name: Tag Image - # ubuntu-20.04 can also be used. runs-on: ubuntu-20.04 environment: dev @@ -35,32 +34,32 @@ jobs: SELECTOR: ${{ steps.deploy-and-expose.outputs.selector }} steps: - - name: Check out repository - uses: actions/checkout@v2 + - name: Check out repository + uses: actions/checkout@v2 - - name: Create tag - uses: actions/github-script@v5 - with: - script: | - github.rest.git.createRef({ - owner: context.repo.owner, - repo: context.repo.repo, - ref: 'refs/tags/${{ github.event.inputs.version }}', - sha: context.sha - }) + - name: Create tag + uses: actions/github-script@v5 + with: + script: | + github.rest.git.createRef({ + owner: context.repo.owner, + repo: context.repo.repo, + ref: 'refs/tags/${{ github.event.inputs.version }}', + sha: context.sha + }) - - name: Install oc - uses: redhat-actions/openshift-tools-installer@v1 - with: - oc: 4 + - name: Install oc + uses: redhat-actions/openshift-tools-installer@v1 + with: + oc: 4 - # https://github.com/redhat-actions/oc-login#readme - - uses: actions/checkout@v2 - - name: Tag in OpenShift - run: | - set -eux - # Login to OpenShift and select project - oc login --token=${{ env.OPENSHIFT_TOKEN }} --server=${{ env.OPENSHIFT_SERVER }} - oc project ${{ env.OPENSHIFT_NAMESPACE }} - - oc tag ${{ env.NAMESPACE }}-dev/${{ env.REPO_NAME }}:latest ${{ env.NAMESPACE }}-dev/${{ env.REPO_NAME }}:${{ github.event.inputs.version }} \ No newline at end of file + # https://github.com/redhat-actions/oc-login#readme + - uses: actions/checkout@v2 + - name: Tag in OpenShift + run: | + set -eux + # Login to OpenShift and select project + oc login --token=${{ env.OPENSHIFT_TOKEN }} --server=${{ env.OPENSHIFT_SERVER }} + oc project ${{ env.OPENSHIFT_NAMESPACE }} + + oc tag ${{ env.NAMESPACE }}-dev/${{ env.REPO_NAME }}:latest ${{ env.NAMESPACE }}-dev/${{ env.REPO_NAME }}:${{ github.event.inputs.version }} \ No newline at end of file diff --git a/.github/workflows/deploy_prod.yml b/.github/workflows/deploy_prod.yml index 73b9e47..2ae8942 100644 --- a/.github/workflows/deploy_prod.yml +++ b/.github/workflows/deploy_prod.yml @@ -4,18 +4,20 @@ env: # 🖊️ EDIT your repository secrets to log into your OpenShift cluster and set up the context. # See https://github.com/redhat-actions/oc-login#readme for how to retrieve these values. # To get a permanent token, refer to https://github.com/redhat-actions/oc-login/wiki/Using-a-Service-Account-for-GitHub-Actions - OPENSHIFT_SERVER: ${{ secrets.OPENSHIFT_SERVER }} + OPENSHIFT_SERVER: ${{ vars.OPENSHIFT_SERVER }} OPENSHIFT_TOKEN: ${{ secrets.OPENSHIFT_TOKEN }} - OPENSHIFT_NAMESPACE: ${{ secrets.GRAD_NAMESPACE }}-prod + OPENSHIFT_NAMESPACE: ${{ vars.GRAD_NAMESPACE }}-prod + GRAD_NAMESPACE: ${{ vars.GRAD_NAMESPACE }} + COMMON_NAMESPACE: ${{ vars.COMMON_NAMESPACE }} + BUSINESS_NAMESPACE: ${{ vars.GRAD_BUSINESS_NAMESPACE }} SPRING_BOOT_IMAGE_NAME: educ-grad-business-api-dc REPO_NAME: "educ-grad-business-api" - APP_DOMAIN: ${{ secrets.APP_DOMAIN }} - NAMESPACE: ${{ secrets.GRAD_NAMESPACE }} + APP_DOMAIN: ${{ vars.APP_DOMAIN }} TAG: "latest" + BRANCH: "main" - #GRAD2-1947 Resource optimization MIN_CPU: "30m" MAX_CPU: "120m" MIN_MEM: "350Mi" @@ -32,7 +34,6 @@ on: jobs: deploy-to-openshift-prod: name: Deploy to OpenShift PROD - # ubuntu-20.04 can also be used. runs-on: ubuntu-20.04 environment: prod @@ -65,11 +66,25 @@ jobs: oc rollout cancel dc/${{ env.SPRING_BOOT_IMAGE_NAME }} 2> /dev/null \ || true && echo "No rollout in progress" - oc tag ${{ env.NAMESPACE }}-test/${{ env.REPO_NAME }}:${{ steps.get-latest-tag.outputs.tag }} ${{ env.NAMESPACE }}-prod/${{ env.REPO_NAME }}:${{ steps.get-latest-tag.outputs.tag }} + oc tag ${{ env.GRAD_NAMESPACE }}-test/${{ env.REPO_NAME }}:${{ steps.get-latest-tag.outputs.tag }} \ + ${{ env.GRAD_NAMESPACE }}-prod/${{ env.REPO_NAME }}:${{ steps.get-latest-tag.outputs.tag }} # Process and apply deployment template - oc process -f tools/openshift/api.dc.yaml -p IS_NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} -p REPO_NAME=${{ env.REPO_NAME }} -p TAG_NAME=${{ steps.get-latest-tag.outputs.tag }} -p HOST_ROUTE=${{ env.REPO_NAME }}-${{ env.OPENSHIFT_NAMESPACE }}.${{ env.APP_DOMAIN }} -p MIN_REPLICAS=${{ env.MIN_REPLICAS }} -p MAX_REPLICAS=${{ env.MAX_REPLICAS }} -p MIN_CPU=${{ env.MIN_CPU }} -p MAX_CPU=${{ env.MAX_CPU }} -p MIN_MEM=${{ env.MIN_MEM }} -p MAX_MEM=${{ env.MAX_MEM }} -p STORAGE_LIMIT=${{ env.STORAGE_LIMIT }} \ - | oc apply -f - + oc process -f tools/openshift/api.dc.yaml -p IS_NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} -p REPO_NAME=${{ env.REPO_NAME }} \ + -p TAG_NAME=${{ steps.get-latest-tag.outputs.tag }} -p HOST_ROUTE=${{ env.REPO_NAME }}-${{ env.OPENSHIFT_NAMESPACE }}.${{ env.APP_DOMAIN }} \ + -p MIN_REPLICAS=${{ env.MIN_REPLICAS }} -p MAX_REPLICAS=${{ env.MAX_REPLICAS }} -p MIN_CPU=${{ env.MIN_CPU }} -p MAX_CPU=${{ env.MAX_CPU }} \ + -p MIN_MEM=${{ env.MIN_MEM }} -p MAX_MEM=${{ env.MAX_MEM }} | oc apply -f - + + # UPDATE Configmaps + curl -s https://raw.githubusercontent.com/bcgov/${{ env.REPO_NAME }}/${{ env.BRANCH }}/tools/config/update-configmap.sh \ + | bash /dev/stdin \ + prod \ + ${{ env.REPO_NAME }} \ + ${{ env.GRAD_NAMESPACE }} \ + ${{ env.COMMON_NAMESPACE }} \ + ${{ env.BUSINESS_NAMESPACE }} \ + ${{ secrets.SPLUNK_TOKEN }} \ + ${{ vars.APP_LOG_LEVEL }} # Start rollout (if necessary) and follow it oc rollout latest dc/${{ env.SPRING_BOOT_IMAGE_NAME }} 2> /dev/null \ diff --git a/.github/workflows/deploy_test.yml b/.github/workflows/deploy_test.yml index 1574b3b..f95ee8c 100644 --- a/.github/workflows/deploy_test.yml +++ b/.github/workflows/deploy_test.yml @@ -4,18 +4,20 @@ env: # 🖊️ EDIT your repository secrets to log into your OpenShift cluster and set up the context. # See https://github.com/redhat-actions/oc-login#readme for how to retrieve these values. # To get a permanent token, refer to https://github.com/redhat-actions/oc-login/wiki/Using-a-Service-Account-for-GitHub-Actions - OPENSHIFT_SERVER: ${{ secrets.OPENSHIFT_SERVER }} + OPENSHIFT_SERVER: ${{ vars.OPENSHIFT_SERVER }} OPENSHIFT_TOKEN: ${{ secrets.OPENSHIFT_TOKEN }} - OPENSHIFT_NAMESPACE: ${{ secrets.GRAD_NAMESPACE }}-test + OPENSHIFT_NAMESPACE: ${{ vars.GRAD_NAMESPACE }}-test + GRAD_NAMESPACE: ${{ vars.GRAD_NAMESPACE }} + COMMON_NAMESPACE: ${{ vars.COMMON_NAMESPACE }} + BUSINESS_NAMESPACE: ${{ vars.GRAD_BUSINESS_NAMESPACE }} SPRING_BOOT_IMAGE_NAME: educ-grad-business-api-dc REPO_NAME: "educ-grad-business-api" - APP_DOMAIN: ${{ secrets.APP_DOMAIN }} - NAMESPACE: ${{ secrets.GRAD_NAMESPACE }} + APP_DOMAIN: ${{ vars.APP_DOMAIN }} TAG: "latest" + BRANCH: "main" - #GRAD2-1947 Resource optimization MIN_CPU: "30m" MAX_CPU: "120m" MIN_MEM: "350Mi" @@ -32,7 +34,6 @@ on: jobs: deploy-to-openshift-test: name: Deploy to OpenShift TEST - # ubuntu-20.04 can also be used. runs-on: ubuntu-20.04 environment: test @@ -65,11 +66,25 @@ jobs: oc rollout cancel dc/${{ env.SPRING_BOOT_IMAGE_NAME }} 2> /dev/null \ || true && echo "No rollout in progress" - oc tag ${{ env.NAMESPACE }}-dev/${{ env.REPO_NAME }}:${{ steps.get-latest-tag.outputs.tag }} ${{ env.NAMESPACE }}-test/${{ env.REPO_NAME }}:${{ steps.get-latest-tag.outputs.tag }} + oc tag ${{ env.GRAD_NAMESPACE }}-dev/${{ env.REPO_NAME }}:${{ steps.get-latest-tag.outputs.tag }} \ + ${{ env.GRAD_NAMESPACE }}-test/${{ env.REPO_NAME }}:${{ steps.get-latest-tag.outputs.tag }} # Process and apply deployment template - oc process -f tools/openshift/api.dc.yaml -p IS_NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} -p REPO_NAME=${{ env.REPO_NAME }} -p TAG_NAME=${{ steps.get-latest-tag.outputs.tag }} -p HOST_ROUTE=${{ env.REPO_NAME }}-${{ env.OPENSHIFT_NAMESPACE }}.${{ env.APP_DOMAIN }} -p MIN_REPLICAS=${{ env.MIN_REPLICAS }} -p MAX_REPLICAS=${{ env.MAX_REPLICAS }} -p MIN_CPU=${{ env.MIN_CPU }} -p MAX_CPU=${{ env.MAX_CPU }} -p MIN_MEM=${{ env.MIN_MEM }} -p MAX_MEM=${{ env.MAX_MEM }} -p STORAGE_LIMIT=${{ env.STORAGE_LIMIT }} \ - | oc apply -f - + oc process -f tools/openshift/api.dc.yaml -p IS_NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} -p REPO_NAME=${{ env.REPO_NAME }} \ + -p TAG_NAME=${{ steps.get-latest-tag.outputs.tag }} -p HOST_ROUTE=${{ env.REPO_NAME }}-${{ env.OPENSHIFT_NAMESPACE }}.${{ env.APP_DOMAIN }} \ + -p MIN_REPLICAS=${{ env.MIN_REPLICAS }} -p MAX_REPLICAS=${{ env.MAX_REPLICAS }} -p MIN_CPU=${{ env.MIN_CPU }} -p MAX_CPU=${{ env.MAX_CPU }} \ + -p MIN_MEM=${{ env.MIN_MEM }} -p MAX_MEM=${{ env.MAX_MEM }} | oc apply -f - + + # UPDATE Configmaps + curl -s https://raw.githubusercontent.com/bcgov/${{ env.REPO_NAME }}/${{ env.BRANCH }}/tools/config/update-configmap.sh \ + | bash /dev/stdin \ + test \ + ${{ env.REPO_NAME }} \ + ${{ env.GRAD_NAMESPACE }} \ + ${{ env.COMMON_NAMESPACE }} \ + ${{ env.BUSINESS_NAMESPACE }} \ + ${{ secrets.SPLUNK_TOKEN }} \ + ${{ vars.APP_LOG_LEVEL }} # Start rollout (if necessary) and follow it oc rollout latest dc/${{ env.SPRING_BOOT_IMAGE_NAME }} 2> /dev/null \ diff --git a/.github/workflows/on.pr.yml b/.github/workflows/on.pr.yml index 6608dab..a6fc8ac 100644 --- a/.github/workflows/on.pr.yml +++ b/.github/workflows/on.pr.yml @@ -1,4 +1,4 @@ -name: API CI +name: API Build on: pull_request: @@ -53,8 +53,8 @@ jobs: - name: Run Sonar Analysis run: mvn sonar:sonar -Dsonar.login=${{ secrets.SONAR_TOKEN }} - -Dsonar.host.url=https://sonarcloud.io - -Dsonar.organization=bcgov-sonarcloud - -Dsonar.projectKey=${{ secrets.SONAR_PROJECT_KEY }} + -Dsonar.host.url=${{ vars.SONAR_HOST_URL }} + -Dsonar.organization=${{ vars.SONAR_ORG }} + -Dsonar.projectKey=${{ vars.SONAR_PROJECT_KEY }} env: GITHUB_TOKEN: ${{ github.token }} diff --git a/tools/config/update-configmap.sh b/tools/config/update-configmap.sh index eea35ee..2e61b97 100644 --- a/tools/config/update-configmap.sh +++ b/tools/config/update-configmap.sh @@ -7,6 +7,7 @@ GRAD_NAMESPACE=$3 COMMON_NAMESPACE=$4 BUSINESS_NAMESPACE=$5 SPLUNK_TOKEN=$6 +APP_LOG_LEVEL=$7 SPLUNK_URL="gww.splunk.educ.gov.bc.ca" FLB_CONFIG="[SERVICE] @@ -30,6 +31,15 @@ FLB_CONFIG="[SERVICE] Name stdout Match absolutely_nothing_bud Log_Level off +[OUTPUT] + Name splunk + Match * + Host $SPLUNK_URL + Port 443 + TLS On + TLS.Verify Off + Message_Key $APP_NAME + Splunk_Token $SPLUNK_TOKEN " PARSER_CONFIG=" [PARSER] @@ -43,7 +53,7 @@ echo Creating config map "$APP_NAME"-config-map oc create -n "$GRAD_NAMESPACE"-"$envValue" configmap "$APP_NAME"-config-map \ --from-literal=GRAD_REPORT_API="http://educ-grad-report-api.$GRAD_NAMESPACE-$envValue.svc.cluster.local:8080/" \ --from-literal=GRAD_STUDENT_API="http://educ-grad-student-api.$GRAD_NAMESPACE-$envValue.svc.cluster.local:8080/" \ - --from-literal=APP_LOG_LEVEL="ERROR" \ + --from-literal=APP_LOG_LEVEL="$APP_LOG_LEVEL" \ --from-literal=REPORT_API"http://educ-grad-report-api.$GRAD_NAMESPACE-$envValue.svc.cluster.local:8080/" \ --from-literal=GRAD_GRADUATION_REPORT_API="http://educ-grad-graduation-report-api.$GRAD_NAMESPACE-$envValue.svc.cluster.local:8080/" \ --from-literal=PEN_API="http://student-api-master.$COMMON_NAMESPACE-$envValue.svc.cluster.local:8080/" \