Add initial workflow

.github/workflows/deploy-to-openshift-dev.yml

@@ -1,32 +1,164 @@
-# This is a basic workflow that is manually triggered
-
+# OFM Dynamnics 365 DEV workflow
 name: 1 DEV - Deploy Dynamics API
 
-# Controls when the action will run. Workflow runs when manually triggered using the UI
-# or API.
+env:
+  # 🖊️ EDIT your repository secrets to log into your OpenShift cluster and set up the context.
+  # See https://github.com/redhat-actions/oc-login#readme for how to retrieve these values.
+  # To get a permanent token, refer to https://github.com/redhat-actions/oc-login/wiki/Using-a-Service-Account-for-GitHub-Actions
+  OPENSHIFT_SERVER: ${{ secrets.OPENSHIFT_SERVER }}
+  OPENSHIFT_TOKEN: ${{ secrets.OPENSHIFT_TOKEN }}
+  # 🖊️ EDIT to set the kube context's namespace after login. Leave blank to use your user's default namespace.
+  OPENSHIFT_NAMESPACE: ${{ secrets.OFM_NAMESPACE_NO_ENV }}-dev
+
+  # SPLUNK_TOKEN: ${{ secrets.SPLUNK_TOKEN }}
+
+  # 🖊️ EDIT to change the image registry settings.
+  # Registries such as GHCR, Quay.io, and Docker Hub are supported.
+  IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }}
+  IMAGE_REGISTRY_USER: ${{ github.actor }}
+  IMAGE_REGISTRY_PASSWORD: ${{ github.token }}
+
+  DOCKER_ARTIFACTORY_REPO: artifacts.developer.gov.bc.ca/docker-remote
+  ARTIFACTORY_REPO: artifacts.developer.gov.bc.ca
+
+  APP_NAME: 'ofm'
+  REPO_NAME: 'ecc-ofm-d365'
+  BRANCH: ${{ github.ref_name }}
+  IMAGE_NAME: 'ecc-ofm-d365api'
+  APP_NAME_BACKEND: 'd365api'
+
+  NAMESPACE: ${{ secrets.OFM_NAMESPACE_NO_ENV }}
+  #NAMESPACE_TOOLS: ${{ secrets.OFM_NAMESPACE_NO_ENV }}-tools
+  #COMMON_NAMESPACE: ${{ secrets.COMMON_NAMESPACE_NO_ENV }}
+  TAG: 'latest'
+
+  MIN_REPLICAS: '1'
+  MAX_REPLICAS: '1'
+  MIN_CPU: '50m'
+  MAX_CPU: '100m'
+  MIN_MEM: '200Mi'
+  MAX_MEM: '250Mi'
+
 on:
   workflow_dispatch:
-    # Inputs the workflow accepts.
-    inputs:
-      name:
-        # Friendly description to be shown in the UI instead of 'name'
-        description: 'Person to greet'
-        # Default value if no value is explicitly provided
-        default: 'World'
-        # Input has to be provided for the workflow to run
-        required: true
-        # The data type of the input
-        type: string
-
-# A workflow run is made up of one or more jobs that can run sequentially or in parallel
+
 jobs:
-  # This workflow contains a single job called "greet"
-  greet:
-    # The type of runner that the job will run on
-    runs-on: ubuntu-latest
+  openshift-ci-cd:
+    name: Build and deploy Backend to DEV
+    runs-on: ubuntu-20.04
+    environment: dev
+
+    outputs:
+      ROUTE: ${{ steps.deploy-and-expose.outputs.route }}
+      SELECTOR: ${{ steps.deploy-and-expose.outputs.selector }}
 
-    # Steps represent a sequence of tasks that will be executed as part of the job
     steps:
-    # Runs a single command using the runners shell
-    - name: Send greeting
-      run: echo "Hello ${{ inputs.name }}"
+      - name: Check for required secrets
+        uses: actions/github-script@v4
+        with:
+          script: |
+            const secrets = {
+              OPENSHIFT_SERVER: `${{ secrets.OPENSHIFT_SERVER }}`,
+              OPENSHIFT_TOKEN: `${{ secrets.OPENSHIFT_TOKEN }}`,
+              DOCKER_HUB_USERNAME: `${{ secrets.DOCKER_HUB_USERNAME }}`,
+              DOCKER_HUB_ACCESS_TOKEN: `${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}`,
+            };
+
+            const GHCR = "ghcr.io";
+            if (`${{ env.IMAGE_REGISTRY }}`.startsWith(GHCR)) {
+              core.info(`Image registry is ${GHCR} - no registry password required`);
+            }
+            else {
+              core.info("A registry password is required");
+              secrets["IMAGE_REGISTRY_PASSWORD"] = `${{ secrets.IMAGE_REGISTRY_PASSWORD }}`;
+            }
+
+            const missingSecrets = Object.entries(secrets).filter(([ name, value ]) => {
+              if (value.length === 0) {
+                core.error(`Secret "${name}" is not set`);
+                return true;
+              }
+              core.info(`✔️ Secret "${name}" is set`);
+              return false;
+            });
+
+            if (missingSecrets.length > 0) {
+              core.setFailed(`❌ At least one required secret is not set in the repository. \n` +
+                "You can add it using:\n" +
+                "GitHub UI: https://docs.github.com/en/actions/reference/encrypted-secrets#creating-encrypted-secrets-for-a-repository \n" +
+                "GitHub CLI: https://cli.github.com/manual/gh_secret_set \n" +
+                "Also, refer to https://github.com/redhat-actions/oc-login#getting-started-with-the-action-or-see-example");
+            }
+            else {
+              core.info(`✅ All the required secrets are set`);
+            }
+
+      - name: Check out repository
+        uses: actions/checkout@v2
+        with:
+          ref: ${{ env.BRANCH }}
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v1
+        with:
+          registry: ${{ env.DOCKER_ARTIFACTORY_REPO }}
+          username: ${{ secrets.DOCKER_HUB_USERNAME }}
+          password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
+
+      - name: Build Dynamics from Dockerfile
+        id: build-image-backend
+        uses: redhat-actions/buildah-build@v2
+        with:
+          image: ${{ env.IMAGE_NAME }}
+          tags: 'latest'
+
+          # If you don't have a Dockerfile/Containerfile, refer to https://github.com/redhat-actions/buildah-build#scratch-build-inputs
+          # Or, perform a source-to-image build using https://github.com/redhat-actions/s2i-build
+          # Otherwise, point this to your Dockerfile/Containerfile relative to the repository root.
+          dockerfiles: |
+            ./Dockerfile
+          context: ./
+
+        # https://github.com/redhat-actions/push-to-registry#readme
+      - name: Push Dynamics API to registry
+        id: push-image-backend
+        uses: redhat-actions/push-to-registry@v2
+        with:
+          image: ${{ steps.build-image-backend.outputs.image }}
+          tags: ${{ steps.build-image-backend.outputs.tags }}
+          registry: ${{ env.IMAGE_REGISTRY }}
+          username: ${{ env.IMAGE_REGISTRY_USER }}
+          password: ${{ env.IMAGE_REGISTRY_PASSWORD }}
+
+      - name: Install oc
+        uses: redhat-actions/openshift-tools-installer@v1
+        with:
+          oc: 4
+
+        # https://github.com/redhat-actions/oc-login#readme
+      #    - uses: actions/checkout@v2
+      - name: Deploy
+        run: |
+          set -eux
+          # Login to OpenShift and select project
+          oc login --token=${{ env.OPENSHIFT_TOKEN }} --server=${{ env.OPENSHIFT_SERVER }}
+          oc project ${{ env.OPENSHIFT_NAMESPACE }}
+          # Cancel any rollouts in progress
+          oc rollout cancel dc/${{ env.APP_NAME }}-${{ env.APP_NAME_BACKEND }}-${{ env.BRANCH }} 2> /dev/null \
+          || true && echo "No rollout in progress"
+
+          # Create the image stream if it doesn't exist
+          oc create imagestream ${{ env.REPO_NAME }}-${{ env.APP_NAME_BACKEND }}-${{ env.BRANCH }} 2> /dev/null || true && echo "Backend image stream in place"
+
+          oc tag ${{ steps.push-image-backend.outputs.registry-path }} ${{ env.REPO_NAME }}-${{ env.APP_NAME_BACKEND }}-${{ env.BRANCH }}:${{ env.TAG }}
+
+          # Process and apply deployment template
+          oc process -f tools/openshift/d365api.dc.yaml -p APP_NAME=${{ env.APP_NAME }} -p REPO_NAME=${{ env.REPO_NAME }} -p BRANCH=${{ env.BRANCH }} -p NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} -p TAG=${{ env.TAG }} -p MIN_REPLICAS=${{ env.MIN_REPLICAS }} -p MAX_REPLICAS=${{ env.MAX_REPLICAS }} -p MIN_CPU=${{ env.MIN_CPU }} -p MAX_CPU=${{ env.MAX_CPU }} -p MIN_MEM=${{ env.MIN_MEM }} -p MAX_MEM=${{ env.MAX_MEM }}\
+          | oc apply -f -
+
+          # Start rollout (if necessary) and follow it
+          oc rollout latest dc/${{ env.APP_NAME }}-${{ env.APP_NAME_BACKEND }} 2> /dev/null \
+          || true && echo "Rollout in progress"
+
+          # Get status, returns 0 if rollout is successful
+          oc rollout status dc/${{ env.APP_NAME }}-${{ env.APP_NAME_BACKEND }}

Dockerfile

@@ -0,0 +1,28 @@
+FROM mcr.microsoft.com/dotnet/aspnet:8.0 AS base
+WORKDIR /app
+EXPOSE 5091
+EXPOSE 5092
+
+ENV ASPNETCORE_URLS=http://+:5091
+ENV ASPNETCORE_ENVIRONMENT=Development
+
+# Creates a non-root user with an explicit UID and adds permission to access the /app folder
+# For more info, please refer to https://aka.ms/vscode-docker-dotnet-configure-containers
+RUN adduser -u 5678 --disabled-password --gecos "" appuser && chown -R appuser /app
+USER appuser
+
+FROM mcr.microsoft.com/dotnet/sdk:8.0 AS build
+WORKDIR /
+COPY ["OFM.Infrastructure.WebAPI/OFM.Infrastructure.WebAPI.csproj", "OFM.Infrastructure.WebAPI/"]
+RUN dotnet restore "OFM.Infrastructure.WebAPI/OFM.Infrastructure.WebAPI.csproj"
+COPY . .
+WORKDIR "/OFM.Infrastructure.WebAPI"
+RUN dotnet build "OFM.Infrastructure.WebAPI.csproj" -c Release -o /app/build
+
+FROM build AS publish
+RUN dotnet publish "OFM.Infrastructure.WebAPI.csproj" -c Release -o /app/publish /p:UseAppHost=false
+
+FROM base AS final
+WORKDIR /app
+COPY --from=publish /app/publish .
+ENTRYPOINT ["dotnet", "OFM.Infrastructure.WebAPI.dll"]

OFM.Infrastructure.WebAPI/Program.cs

@@ -76,10 +76,10 @@
 {
     return TypedResults.Ok("I am healthy!");
 
-}).WithTags("Environment").Produces(200).ProducesProblem(404);
+}).WithTags("Environment").Produces(200).ProducesProblem(404).AllowAnonymous();
 
 app.MapHealthChecks("/api/health");
 
 #endregion
 
-app.Run();
+app.Run();