5 PROD - Deploy Dynamics API #6

Workflow file for this run

.github/workflows/deploy-to-openshift-prod.yml at 9402864

	name: 5 PROD - Deploy Dynamics API

	env:
	# 🖊️ EDIT your repository secrets to log into your OpenShift cluster and set up the context.
	# See https://github.com/redhat-actions/oc-login#readme for how to retrieve these values.
	# To get a permanent token, refer to https://github.com/redhat-actions/oc-login/wiki/Using-a-Service-Account-for-GitHub-Actions
	OPENSHIFT_SERVER: ${{ secrets.OPENSHIFT_SERVER }}
	OPENSHIFT_TOKEN: ${{ secrets.OPENSHIFT_TOKEN }}
	# 🖊️ EDIT to set the kube context's namespace after login. Leave blank to use your user's default namespace.
	OPENSHIFT_NAMESPACE: ${{ secrets.OFM_NAMESPACE_NO_ENV }}-prod

	# SPLUNK_TOKEN: ${{ secrets.SPLUNK_TOKEN }}

	# 🖊️ EDIT to change the image registry settings.
	# Registries such as GHCR, Quay.io, and Docker Hub are supported.
	IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }}
	IMAGE_REGISTRY_USER: ${{ github.actor }}
	IMAGE_REGISTRY_PASSWORD: ${{ github.token }}

	APP_NAME: 'ofm'
	REPO_NAME: 'ecc-ofm-d365'
	#grabs the branch name from github dynamically
	BRANCH: ${{ github.ref_name }}
	IMAGE_NAME: 'ecc-ofm-d365api'
	APP_NAME_BACKEND: 'd365api'
	# We have multiple environments in each openshift namespace dev, test in DEV and uat, efx in TEST (prod is standalone). This setting will help name the deployment config and routes for each.
	APP_ENVIRONMENT: 'prod'

	NAMESPACE: ${{ secrets.OFM_NAMESPACE_NO_ENV }}

	MIN_REPLICAS: '3'
	MAX_REPLICAS: '5'
	MIN_CPU: '50m'
	MAX_CPU: '250m'
	MIN_MEM: '200Mi'
	MAX_MEM: '700Mi'
	# SITE_URL should have no scheme or port. It will be prepended with https://
	HOST_ROUTE: ${{ secrets.SITE_URL }}
	HAPROXY_IP_WHITELIST: ${{ secrets.HAPROXY_IP_WHITELIST }}

	on:
	workflow_dispatch:

	jobs:
	openshift-ci-cd:
	name: Deploy Backend to PROD
	runs-on: ubuntu-24.04
	environment: prod

	outputs:
	ROUTE: ${{ steps.deploy-and-expose.outputs.route }}
	SELECTOR: ${{ steps.deploy-and-expose.outputs.selector }}

	steps:
	- name: Check for required secrets
	uses: actions/github-script@v6
	with:
	script: \|
	const secrets = {
	OPENSHIFT_SERVER: `${{ secrets.OPENSHIFT_SERVER }}`,
	OPENSHIFT_TOKEN: `${{ secrets.OPENSHIFT_TOKEN }}`,
	};

	const GHCR = "ghcr.io";
	if (`${{ env.IMAGE_REGISTRY }}`.startsWith(GHCR)) {
	core.info(`Image registry is ${GHCR} - no registry password required`);
	}
	else {
	core.info("A registry password is required");
	secrets["IMAGE_REGISTRY_PASSWORD"] = `${{ secrets.IMAGE_REGISTRY_PASSWORD }}`;
	}

	const missingSecrets = Object.entries(secrets).filter(([ name, value ]) => {
	if (value.length === 0) {
	core.error(`Secret "${name}" is not set`);
	return true;
	}
	core.info(`✔️ Secret "${name}" is set`);
	return false;
	});

	if (missingSecrets.length > 0) {
	core.setFailed(`❌ At least one required secret is not set in the repository. \n` +
	"You can add it using:\n" +
	"GitHub UI: https://docs.github.com/en/actions/reference/encrypted-secrets#creating-encrypted-secrets-for-a-repository \n" +
	"GitHub CLI: https://cli.github.com/manual/gh_secret_set \n" +
	"Also, refer to https://github.com/redhat-actions/oc-login#getting-started-with-the-action-or-see-example");
	}
	else {
	core.info(`✅ All the required secrets are set`);
	}

	- name: Check out repository with branch [${{ env.BRANCH }}]
	uses: actions/checkout@v3
	with:
	ref: ${{ env.BRANCH }}

	- name: Get latest tag
	uses: actions-ecosystem/action-get-latest-tag@v1
	id: get-latest-tag

	- name: Install oc
	uses: redhat-actions/openshift-tools-installer@v1
	with:
	oc: 4.16

	- name: Deploy
	run: \|
	set -eux
	# Login to OpenShift and select project
	oc login --token=${{ env.OPENSHIFT_TOKEN }} --server=${{ env.OPENSHIFT_SERVER }}
	oc project ${{ env.OPENSHIFT_NAMESPACE }}
	# Cancel any rollouts in progress
	oc rollout cancel dc/${{ env.APP_NAME }}-${{ env.APP_NAME_BACKEND }}-${{ env.APP_ENVIRONMENT }} 2> /dev/null \
	\|\| true && echo "No rollout in progress"

	# Create the image stream if it doesn't exist
	oc create imagestream ${{ env.IMAGE_NAME }} 2> /dev/null \|\| true && echo "D365 API image stream in place"

	# Create tag for PROD env from DEV env image
	oc tag ${{ env.NAMESPACE }}-dev/${{ env.IMAGE_NAME }}:${{ steps.get-latest-tag.outputs.tag }} ${{ env.NAMESPACE }}-prod/${{ env.IMAGE_NAME }}:${{ steps.get-latest-tag.outputs.tag }}

	# Process and apply deployment template
	oc process \
	-f tools/openshift/d365api.dc.yaml \
	-p APP_NAME=${{ env.APP_NAME }} \
	-p REPO_NAME=${{ env.REPO_NAME }} \
	-p BRANCH=${{ env.BRANCH }} \
	-p NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} \
	-p TAG=${{ steps.get-latest-tag.outputs.tag }} \
	-p MIN_REPLICAS=${{ env.MIN_REPLICAS }} \
	-p MAX_REPLICAS=${{ env.MAX_REPLICAS }} \
	-p MIN_CPU=${{ env.MIN_CPU }} \
	-p MAX_CPU=${{ env.MAX_CPU }} \
	-p MIN_MEM=${{ env.MIN_MEM }} \
	-p MAX_MEM=${{ env.MAX_MEM }} \
	-p ENVIRONMENT=${{ env.APP_ENVIRONMENT }} \
	-p HAPROXY_IP_WHITELIST='${{ env.HAPROXY_IP_WHITELIST }}' \
	\| oc apply -f -

	# Process update-configmap
	cat << JSON > /tmp/key_scheme
	${{ secrets.D365_API_KEY_SCHEME }}
	JSON

	cat << JSON > /tmp/api_auth_settings
	${{ secrets.D365_API_AUTH_SETTINGS }}
	JSON

	cat << JSON > /tmp/recipients
	${{ secrets.D365_RECIPIENTS }}
	JSON

	cat << JSON > /tmp/bc_registry_api
	${{ secrets.D365_BC_REGISTRY_API }}
	JSON

	curl -s https://raw.githubusercontent.com/bcgov/${{ env.REPO_NAME }}/${{ env.BRANCH }}/tools/config/update-configmap.sh \
	\| bash /dev/stdin \
	${{ env.APP_ENVIRONMENT }} \
	${{ env.APP_NAME }} \
	${{ env.OPENSHIFT_NAMESPACE }} \
	/tmp/key_scheme \
	/tmp/api_auth_settings \
	${{ secrets.D365_DEFAULT_SENDER_ID }} \
	${{ secrets.D365_DEFAULT_CONTACT_ID }} \
	/tmp/recipients \
	/tmp/bc_registry_api \
	${{ secrets.D365_BCCAS_API_URL }} \
	${{ secrets.D365_CGI_BATCH_NUMBER }} \
	${{ secrets.D365_INVOICE_LINES_DISTRIBUTION_ACK }}

	# Start rollout (if necessary) and follow it
	oc rollout latest dc/${{ env.APP_NAME }}-${{ env.APP_NAME_BACKEND }}-${{ env.APP_ENVIRONMENT }} 2> /dev/null \
	\|\| true && echo "Rollout in progress"

	# Get status, returns 0 if rollout is successful
	oc rollout status dc/${{ env.APP_NAME }}-${{ env.APP_NAME_BACKEND }}-${{ env.APP_ENVIRONMENT }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

5 PROD - Deploy Dynamics API #6

Workflow file

5 PROD - Deploy Dynamics API #6

Jobs

Run details

Workflow file for this run