Skip to content

5 PROD - Deploy Dynamics API #4

5 PROD - Deploy Dynamics API

5 PROD - Deploy Dynamics API #4

name: 5 PROD - Deploy Dynamics API
env:
# 🖊️ EDIT your repository secrets to log into your OpenShift cluster and set up the context.
# See https://github.com/redhat-actions/oc-login#readme for how to retrieve these values.
# To get a permanent token, refer to https://github.com/redhat-actions/oc-login/wiki/Using-a-Service-Account-for-GitHub-Actions
OPENSHIFT_SERVER: ${{ secrets.OPENSHIFT_SERVER }}
OPENSHIFT_TOKEN: ${{ secrets.OPENSHIFT_TOKEN }}
# 🖊️ EDIT to set the kube context's namespace after login. Leave blank to use your user's default namespace.
OPENSHIFT_NAMESPACE: ${{ secrets.OFM_NAMESPACE_NO_ENV }}-prod
# SPLUNK_TOKEN: ${{ secrets.SPLUNK_TOKEN }}
# 🖊️ EDIT to change the image registry settings.
# Registries such as GHCR, Quay.io, and Docker Hub are supported.
IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }}
IMAGE_REGISTRY_USER: ${{ github.actor }}
IMAGE_REGISTRY_PASSWORD: ${{ github.token }}
APP_NAME: 'ofm'
REPO_NAME: 'ecc-ofm-d365'
#grabs the branch name from github dynamically
BRANCH: ${{ github.ref_name }}
IMAGE_NAME: 'ecc-ofm-d365api'
APP_NAME_BACKEND: 'd365api'
# We have multiple environments in each openshift namespace dev, test in DEV and uat, efx in TEST (prod is standalone). This setting will help name the deployment config and routes for each.
APP_ENVIRONMENT: 'prod'
NAMESPACE: ${{ secrets.OFM_NAMESPACE_NO_ENV }}
MIN_REPLICAS: '3'
MAX_REPLICAS: '5'
MIN_CPU: '50m'
MAX_CPU: '250m'
MIN_MEM: '200Mi'
MAX_MEM: '700Mi'
# SITE_URL should have no scheme or port. It will be prepended with https://
HOST_ROUTE: ${{ secrets.SITE_URL }}
HAPROXY_IP_WHITELIST: ${{ secrets.HAPROXY_IP_WHITELIST }}
on:
workflow_dispatch:
jobs:
openshift-ci-cd:
name: Deploy Backend to PROD
runs-on: ubuntu-24.04
environment: prod
outputs:
ROUTE: ${{ steps.deploy-and-expose.outputs.route }}
SELECTOR: ${{ steps.deploy-and-expose.outputs.selector }}
steps:
- name: Check for required secrets
uses: actions/github-script@v6
with:
script: |
const secrets = {
OPENSHIFT_SERVER: `${{ secrets.OPENSHIFT_SERVER }}`,
OPENSHIFT_TOKEN: `${{ secrets.OPENSHIFT_TOKEN }}`,
};
const GHCR = "ghcr.io";
if (`${{ env.IMAGE_REGISTRY }}`.startsWith(GHCR)) {
core.info(`Image registry is ${GHCR} - no registry password required`);
}
else {
core.info("A registry password is required");
secrets["IMAGE_REGISTRY_PASSWORD"] = `${{ secrets.IMAGE_REGISTRY_PASSWORD }}`;
}
const missingSecrets = Object.entries(secrets).filter(([ name, value ]) => {
if (value.length === 0) {
core.error(`Secret "${name}" is not set`);
return true;
}
core.info(`✔️ Secret "${name}" is set`);
return false;
});
if (missingSecrets.length > 0) {
core.setFailed(`❌ At least one required secret is not set in the repository. \n` +
"You can add it using:\n" +
"GitHub UI: https://docs.github.com/en/actions/reference/encrypted-secrets#creating-encrypted-secrets-for-a-repository \n" +
"GitHub CLI: https://cli.github.com/manual/gh_secret_set \n" +
"Also, refer to https://github.com/redhat-actions/oc-login#getting-started-with-the-action-or-see-example");
}
else {
core.info(`✅ All the required secrets are set`);
}
- name: Check out repository with branch [${{ env.BRANCH }}]
uses: actions/checkout@v3
with:
ref: ${{ env.BRANCH }}
- name: Get latest tag
uses: actions-ecosystem/action-get-latest-tag@v1
id: get-latest-tag
- name: Install oc
uses: redhat-actions/openshift-tools-installer@v1
with:
oc: 4.16
- name: Deploy
run: |
set -eux
# Login to OpenShift and select project
oc login --token=${{ env.OPENSHIFT_TOKEN }} --server=${{ env.OPENSHIFT_SERVER }}
oc project ${{ env.OPENSHIFT_NAMESPACE }}
# Cancel any rollouts in progress
oc rollout cancel dc/${{ env.APP_NAME }}-${{ env.APP_NAME_BACKEND }}-${{ env.APP_ENVIRONMENT }} 2> /dev/null \
|| true && echo "No rollout in progress"
# Create the image stream if it doesn't exist
oc create imagestream ${{ env.IMAGE_NAME }} 2> /dev/null || true && echo "D365 API image stream in place"
# Create tag for PROD env from DEV env image
oc tag ${{ env.NAMESPACE }}-dev/${{ env.IMAGE_NAME }}:${{ steps.get-latest-tag.outputs.tag }} ${{ env.NAMESPACE }}-prod/${{ env.IMAGE_NAME }}:${{ steps.get-latest-tag.outputs.tag }}
# Process and apply deployment template
oc process \
-f tools/openshift/d365api.dc.yaml \
-p APP_NAME=${{ env.APP_NAME }} \
-p REPO_NAME=${{ env.REPO_NAME }} \
-p BRANCH=${{ env.BRANCH }} \
-p NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} \
-p TAG=${{ steps.get-latest-tag.outputs.tag }} \
-p MIN_REPLICAS=${{ env.MIN_REPLICAS }} \
-p MAX_REPLICAS=${{ env.MAX_REPLICAS }} \
-p MIN_CPU=${{ env.MIN_CPU }} \
-p MAX_CPU=${{ env.MAX_CPU }} \
-p MIN_MEM=${{ env.MIN_MEM }} \
-p MAX_MEM=${{ env.MAX_MEM }} \
-p ENVIRONMENT=${{ env.APP_ENVIRONMENT }} \
-p HAPROXY_IP_WHITELIST='${{ env.HAPROXY_IP_WHITELIST }}' \
| oc apply -f -
# Process update-configmap
cat << JSON > /tmp/key_scheme
${{ secrets.D365_API_KEY_SCHEME }}
JSON
cat << JSON > /tmp/api_auth_settings
${{ secrets.D365_API_AUTH_SETTINGS }}
JSON
cat << JSON > /tmp/recipients
${{ secrets.D365_RECIPIENTS }}
JSON
cat << JSON > /tmp/bc_registry_api
${{ secrets.D365_BC_REGISTRY_API }}
JSON
curl -s https://raw.githubusercontent.com/bcgov/${{ env.REPO_NAME }}/${{ env.BRANCH }}/tools/config/update-configmap.sh \
| bash /dev/stdin \
${{ env.APP_ENVIRONMENT }} \
${{ env.APP_NAME }} \
${{ env.OPENSHIFT_NAMESPACE }} \
/tmp/key_scheme \
/tmp/api_auth_settings \
${{ secrets.D365_DEFAULT_SENDER_ID }} \
${{ secrets.D365_DEFAULT_CONTACT_ID }} \
/tmp/recipients \
/tmp/bc_registry_api \
${{ secrets.D365_BCCAS_API_URL }} \
${{ secrets.D365_CGI_BATCH_NUMBER }}
# Start rollout (if necessary) and follow it
oc rollout latest dc/${{ env.APP_NAME }}-${{ env.APP_NAME_BACKEND }}-${{ env.APP_ENVIRONMENT }} 2> /dev/null \
|| true && echo "Rollout in progress"
# Get status, returns 0 if rollout is successful
oc rollout status dc/${{ env.APP_NAME }}-${{ env.APP_NAME_BACKEND }}-${{ env.APP_ENVIRONMENT }}