Skip to content

Commit

Permalink
Merge pull request #546 from bcgov/ccof-3672-iac-configmaps
Browse files Browse the repository at this point in the history 
Implement IaC for Configmaps
  • Loading branch information
@trev-dev
trev-dev authored Oct 24, 2024
2 parents edcdd8d + ceb4a49 commit 8b1dd58
Show file tree
Hide file tree
Showing 10 changed files with 318 additions and 153 deletions.
36 changes: 19 additions & 17 deletions .github/workflows/deploy-to-openshift-backend-dev.yml
View file
Original file line number Diff line number Diff line change
@@ -1,18 +1,15 @@
name: 1 DEV - Deploy Backend

env:
# 🖊️ EDIT your repository secrets to log into your OpenShift cluster and set up the context.
# EDIT your repository secrets to log into your OpenShift cluster and set up the context.
# See https://github.com/redhat-actions/oc-login#readme for how to retrieve these values.
# To get a permanent token, refer to https://github.com/redhat-actions/oc-login/wiki/Using-a-Service-Account-for-GitHub-Actions
OPENSHIFT_SERVER: ${{ secrets.OPENSHIFT_SERVER }}
OPENSHIFT_TOKEN: ${{ secrets.OPENSHIFT_TOKEN }}
# 🖊️ EDIT to set the kube context's namespace after login. Leave blank to use your user's default namespace.
# EDIT to set the kube context's namespace after login. Leave blank to use your user's default namespace.
OPENSHIFT_NAMESPACE: ${{ secrets.CCOF_NAMESPACE_NO_ENV }}-dev

SPLUNK_TOKEN:
${{ secrets.SPLUNK_TOKEN }}

# 🖊️ EDIT to change the image registry settings.
# EDIT to change the image registry setting
# Registries such as GHCR, Quay.io, and Docker Hub are supported.
IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }}
IMAGE_REGISTRY_USER: ${{ github.actor }}
Expand All @@ -23,14 +20,12 @@ env:

APP_NAME: "ccof"
REPO_NAME: "educ-ccof"
#grabs the branch name from github dynamically
# grabs the branch name from github dynamically
BRANCH: ${{ github.ref_name }}
IMAGE_NAME: "backend"
APP_ENVIRONMENT: "dev"
APP_FOLDER: "backend"
NAMESPACE: ${{ secrets.CCOF_NAMESPACE_NO_ENV }}
NAMESPACE_TOOLS: ${{ secrets.CCOF_NAMESPACE_NO_ENV }}-tools
COMMON_NAMESPACE: ${{ secrets.COMMON_NAMESPACE_NO_ENV }}
TAG: "latest"

MIN_REPLICAS: "1"
Expand Down Expand Up @@ -79,19 +74,19 @@ jobs:
core.error(`Secret "${name}" is not set`);
return true;
}
core.info(`✔️ Secret "${name}" is set`);
core.info(`Secret "${name}" is set`);
return false;
});
if (missingSecrets.length > 0) {
core.setFailed(`At least one required secret is not set in the repository. \n` +
core.setFailed(`At least one required secret is not set in the repository. \n` +
"You can add it using:\n" +
"GitHub UI: https://docs.github.com/en/actions/reference/encrypted-secrets#creating-encrypted-secrets-for-a-repository \n" +
"GitHub CLI: https://cli.github.com/manual/gh_secret_set \n" +
"Also, refer to https://github.com/redhat-actions/oc-login#getting-started-with-the-action-or-see-example");
}
else {
core.info(`All the required secrets are set`);
core.info(`All the required secrets are set`);
}
- name: Check out repository with branch [${{ env.BRANCH }}]
Expand Down Expand Up @@ -175,11 +170,18 @@ jobs:
# Process update-configmap
curl -s https://raw.githubusercontent.com/bcgov/${{ env.REPO_NAME }}/${{ env.BRANCH }}/tools/config/update-configmap.sh \
| bash /dev/stdin \
dev \
${{ env.APP_NAME }} \
${{ env.NAMESPACE }} \
${{ env.SPLUNK_TOKEN }}
| bash /dev/stdin \
${{ env.APP_ENVIRONMENT }} \
${{ env.APP_NAME }} \
${{ secrets.CCOF_NAMESPACE_NO_ENV }} \
${{ secrets.COMMON_NAMESPACE_NO_ENV }} \
${{ secrets.SOAM_CLIENT_ID }} \
${{ secrets.SOAM_CLIENT_ID_IDIR }} \
${{ secrets.SOAM_CLIENT_SECRET }} \
${{ secrets.SOAM_CLIENT_SECRET_IDIR }} \
${{ secrets.SPLUNK_TOKEN }} \
${{ secrets.REDIS_PASSWORD }} \
${{ secrets.D365_API_PREFIX }}
# Start rollout (if necessary) and follow it
oc rollout latest dc/${{ env.APP_NAME }}-${{ env.IMAGE_NAME }}-${{ env.APP_ENVIRONMENT }} 2> /dev/null \
Expand Down
35 changes: 18 additions & 17 deletions .github/workflows/deploy-to-openshift-backend-prod.yml
View file
Original file line number Diff line number Diff line change
@@ -1,17 +1,17 @@
name: 4 PROD - Deploy Backend

env:
# 🖊️ EDIT your repository secrets to log into your OpenShift cluster and set up the context.
# EDIT your repository secrets to log into your OpenShift cluster and set up the context.
# See https://github.com/redhat-actions/oc-login#readme for how to retrieve these values.
# To get a permanent token, refer to https://github.com/redhat-actions/oc-login/wiki/Using-a-Service-Account-for-GitHub-Actions
OPENSHIFT_SERVER: ${{ secrets.OPENSHIFT_SERVER }}
OPENSHIFT_TOKEN: ${{ secrets.OPENSHIFT_TOKEN }}
# 🖊️ EDIT to set the kube context's namespace after login. Leave blank to use your user's default namespace.
# EDIT to set the kube context's namespace after login. Leave blank to use your user's default namespace.
OPENSHIFT_NAMESPACE: ${{ secrets.CCOF_NAMESPACE_NO_ENV }}-prod

SPLUNK_TOKEN: ${{ secrets.SPLUNK_TOKEN }}

# 🖊️ EDIT to change the image registry settings.
# EDIT to change the image registry settings.
# Registries such as GHCR, Quay.io, and Docker Hub are supported.
IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }}
IMAGE_REGISTRY_USER: ${{ github.actor }}
Expand All @@ -27,11 +27,8 @@ env:
IMAGE_NAME: "backend"
APP_ENVIRONMENT: "prod"


NAMESPACE: ${{ secrets.CCOF_NAMESPACE_NO_ENV }}



MIN_REPLICAS: "3"
MAX_REPLICAS: "5"
MIN_CPU: "50m"
Expand All @@ -40,9 +37,6 @@ env:
MAX_MEM: "700Mi"
# SITE_URL should have no scheme or port. It will be prepended with https://
HOST_ROUTE: ${{ secrets.SITE_URL }}
CA_CERT: ${{ secrets.CA_CERT }}
CERTIFICATE: ${{ secrets.CERTIFICATE }}
PRIVATE_KEY: ${{ secrets.PRIVATE_KEY }}

on:
workflow_dispatch:
Expand Down Expand Up @@ -81,19 +75,19 @@ jobs:
core.error(`Secret "${name}" is not set`);
return true;
}
core.info(`✔️ Secret "${name}" is set`);
core.info(`Secret "${name}" is set`);
return false;
});
if (missingSecrets.length > 0) {
core.setFailed(`At least one required secret is not set in the repository. \n` +
core.setFailed(`At least one required secret is not set in the repository. \n` +
"You can add it using:\n" +
"GitHub UI: https://docs.github.com/en/actions/reference/encrypted-secrets#creating-encrypted-secrets-for-a-repository \n" +
"GitHub CLI: https://cli.github.com/manual/gh_secret_set \n" +
"Also, refer to https://github.com/redhat-actions/oc-login#getting-started-with-the-action-or-see-example");
}
else {
core.info(`All the required secrets are set`);
core.info(`All the required secrets are set`);
}
- name: Check out repository
Expand Down Expand Up @@ -145,11 +139,18 @@ jobs:
# Process update-configmap
curl -s https://raw.githubusercontent.com/bcgov/${{ env.REPO_NAME }}/${{ env.BRANCH }}/tools/config/update-configmap.sh \
| bash /dev/stdin \
prod \
${{ env.APP_NAME }} \
${{ env.NAMESPACE }} \
${{ env.SPLUNK_TOKEN }}
| bash /dev/stdin \
${{ env.APP_ENVIRONMENT }} \
${{ env.APP_NAME }} \
${{ secrets.CCOF_NAMESPACE_NO_ENV }} \
${{ secrets.COMMON_NAMESPACE_NO_ENV }} \
${{ secrets.SOAM_CLIENT_ID }} \
${{ secrets.SOAM_CLIENT_ID_IDIR }} \
${{ secrets.SOAM_CLIENT_SECRET }} \
${{ secrets.SOAM_CLIENT_SECRET_IDIR }} \
${{ secrets.SPLUNK_TOKEN }} \
${{ secrets.REDIS_PASSWORD }} \
${{ secrets.D365_API_PREFIX }}
# Start rollout (if necessary) and follow it
oc rollout latest dc/${{ env.APP_NAME }}-${{ env.IMAGE_NAME }}-${{ env.APP_ENVIRONMENT }} 2> /dev/null \
Expand Down
25 changes: 15 additions & 10 deletions .github/workflows/deploy-to-openshift-backend-qa.yml
View file
Original file line number Diff line number Diff line change
@@ -1,17 +1,17 @@
name: 2 QA - Deploy Backend

env:
# 🖊️ EDIT your repository secrets to log into your OpenShift cluster and set up the context.
# EDIT your repository secrets to log into your OpenShift cluster and set up the context.
# See https://github.com/redhat-actions/oc-login#readme for how to retrieve these values.
# To get a permanent token, refer to https://github.com/redhat-actions/oc-login/wiki/Using-a-Service-Account-for-GitHub-Actions
OPENSHIFT_SERVER: ${{ secrets.OPENSHIFT_SERVER }}
OPENSHIFT_TOKEN: ${{ secrets.OPENSHIFT_TOKEN }}
# 🖊️ EDIT to set the kube context's namespace after login. Leave blank to use your user's default namespace.
# EDIT to set the kube context's namespace after login. Leave blank to use your user's default namespace.
OPENSHIFT_NAMESPACE: ${{ secrets.CCOF_NAMESPACE_NO_ENV }}-dev

SPLUNK_TOKEN: ${{ secrets.SPLUNK_TOKEN }}

# 🖊️ EDIT to change the image registry settings.
# EDIT to change the image registry settings.
# Registries such as GHCR, Quay.io, and Docker Hub are supported.
IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }}
IMAGE_REGISTRY_USER: ${{ github.actor }}
Expand All @@ -37,9 +37,6 @@ env:
MAX_MEM: "700Mi"
# SITE_URL should have no scheme or port. It will be prepended with https://
HOST_ROUTE: ${{ secrets.SITE_URL }}
CA_CERT: ${{ secrets.CA_CERT }}
CERTIFICATE: ${{ secrets.CERTIFICATE }}
PRIVATE_KEY: ${{ secrets.PRIVATE_KEY }}

on:
workflow_dispatch:
Expand Down Expand Up @@ -137,10 +134,18 @@ jobs:
# Process update-configmap
curl -s https://raw.githubusercontent.com/bcgov/${{ env.REPO_NAME }}/${{ env.BRANCH }}/tools/config/update-configmap.sh \
| bash /dev/stdin \
qa ${{ env.APP_NAME }} \
${{ env.NAMESPACE }} \
${{ env.SPLUNK_TOKEN }}
| bash /dev/stdin \
${{ env.APP_ENVIRONMENT }} \
${{ env.APP_NAME }} \
${{ secrets.CCOF_NAMESPACE_NO_ENV }} \
${{ secrets.COMMON_NAMESPACE_NO_ENV }} \
${{ secrets.SOAM_CLIENT_ID }} \
${{ secrets.SOAM_CLIENT_ID_IDIR }} \
${{ secrets.SOAM_CLIENT_SECRET }} \
${{ secrets.SOAM_CLIENT_SECRET_IDIR }} \
${{ secrets.SPLUNK_TOKEN }} \
${{ secrets.REDIS_PASSWORD }} \
${{ secrets.D365_API_PREFIX }}
# Start rollout (if necessary) and follow it
oc rollout latest dc/${{ env.APP_NAME }}-${{ env.IMAGE_NAME }}-${{ env.APP_ENVIRONMENT }} 2> /dev/null \
Expand Down
32 changes: 18 additions & 14 deletions .github/workflows/deploy-to-openshift-backend-uat.yml
View file
Original file line number Diff line number Diff line change
@@ -1,17 +1,17 @@
name: 3 UAT - Deploy Backend

env:
# 🖊️ EDIT your repository secrets to log into your OpenShift cluster and set up the context.
# EDIT your repository secrets to log into your OpenShift cluster and set up the context.
# See https://github.com/redhat-actions/oc-login#readme for how to retrieve these values.
# To get a permanent token, refer to https://github.com/redhat-actions/oc-login/wiki/Using-a-Service-Account-for-GitHub-Actions
OPENSHIFT_SERVER: ${{ secrets.OPENSHIFT_SERVER }}
OPENSHIFT_TOKEN: ${{ secrets.OPENSHIFT_TOKEN }}
# 🖊️ EDIT to set the kube context's namespace after login. Leave blank to use your user's default namespace.
# EDIT to set the kube context's namespace after login. Leave blank to use your user's default namespace.
OPENSHIFT_NAMESPACE: ${{ secrets.CCOF_NAMESPACE_NO_ENV }}-test

SPLUNK_TOKEN: ${{ secrets.SPLUNK_TOKEN }}

# 🖊️ EDIT to change the image registry settings.
# EDIT to change the image registry settings.
# Registries such as GHCR, Quay.io, and Docker Hub are supported.
IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }}
IMAGE_REGISTRY_USER: ${{ github.actor }}
Expand All @@ -37,9 +37,6 @@ env:
MAX_MEM: "700Mi"
# SITE_URL should have no scheme or port. It will be prepended with https://
HOST_ROUTE: ${{ secrets.SITE_URL }}
CA_CERT: ${{ secrets.CA_CERT }}
CERTIFICATE: ${{ secrets.CERTIFICATE }}
PRIVATE_KEY: ${{ secrets.PRIVATE_KEY }}

on:
workflow_dispatch:
Expand Down Expand Up @@ -78,19 +75,19 @@ jobs:
core.error(`Secret "${name}" is not set`);
return true;
}
core.info(`✔️ Secret "${name}" is set`);
core.info(`Secret "${name}" is set`);
return false;
});
if (missingSecrets.length > 0) {
core.setFailed(`At least one required secret is not set in the repository. \n` +
core.setFailed(`At least one required secret is not set in the repository. \n` +
"You can add it using:\n" +
"GitHub UI: https://docs.github.com/en/actions/reference/encrypted-secrets#creating-encrypted-secrets-for-a-repository \n" +
"GitHub CLI: https://cli.github.com/manual/gh_secret_set \n" +
"Also, refer to https://github.com/redhat-actions/oc-login#getting-started-with-the-action-or-see-example");
}
else {
core.info(`All the required secrets are set`);
core.info(`All the required secrets are set`);
}
- name: Check out repository
Expand Down Expand Up @@ -142,11 +139,18 @@ jobs:
# Process update-configmap
curl -s https://raw.githubusercontent.com/bcgov/${{ env.REPO_NAME }}/${{ env.BRANCH }}/tools/config/update-configmap.sh \
| bash /dev/stdin \
uat \
${{ env.APP_NAME }} \
${{ env.NAMESPACE }} \
${{ env.SPLUNK_TOKEN }}
| bash /dev/stdin \
${{ env.APP_ENVIRONMENT }} \
${{ env.APP_NAME }} \
${{ secrets.CCOF_NAMESPACE_NO_ENV }} \
${{ secrets.COMMON_NAMESPACE_NO_ENV }} \
${{ secrets.SOAM_CLIENT_ID }} \
${{ secrets.SOAM_CLIENT_ID_IDIR }} \
${{ secrets.SOAM_CLIENT_SECRET }} \
${{ secrets.SOAM_CLIENT_SECRET_IDIR }} \
${{ secrets.SPLUNK_TOKEN }} \
${{ secrets.REDIS_PASSWORD }} \
${{ secrets.D365_API_PREFIX }}
# Start rollout (if necessary) and follow it
oc rollout latest dc/${{ env.APP_NAME }}-${{ env.IMAGE_NAME }}-${{ env.APP_ENVIRONMENT }}} 2> /dev/null \
Expand Down
39 changes: 21 additions & 18 deletions .github/workflows/deploy-to-openshift-frontend-dev.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -160,24 +160,27 @@ jobs:
# Process and apply deployment template
oc process \
-f tools/openshift/frontend.dc.yaml \
-p APP_NAME=${{ env.APP_NAME }} \
-p REPO_NAME=${{ env.REPO_NAME }} \
-p BRANCH=${{ env.BRANCH }} \
-p CA_CERT="${{ env.CA_CERT }}" \
-p CERTIFICATE="${{ env.CERTIFICATE }}" \
-p PRIVATE_KEY="${{ env.PRIVATE_KEY }}" \
-p NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} \
-p TAG=${{ env.TAG }} \
-p MIN_REPLICAS=${{ env.MIN_REPLICAS }} \
-p MAX_REPLICAS=${{ env.MAX_REPLICAS }} \
-p MIN_CPU=${{ env.MIN_CPU }} \
-p MAX_CPU=${{ env.MAX_CPU }} \
-p MIN_MEM=${{ env.MIN_MEM }} \
-p MAX_MEM=${{ env.MAX_MEM }} \
-p HOST_ROUTE=${{ env.HOST_ROUTE }} \
-p APP_ENVIRONMENT=${{ env.APP_ENVIRONMENT }} \
| oc apply -f -
-f tools/openshift/frontend.dc.yaml \
-p APP_NAME=${{ env.APP_NAME }} \
-p REPO_NAME=${{ env.REPO_NAME }} \
-p BRANCH=${{ env.BRANCH }} \
-p CA_CERT="${{ env.CA_CERT }}" \
-p CERTIFICATE="${{ env.CERTIFICATE }}" \
-p PRIVATE_KEY="${{ env.PRIVATE_KEY }}" \
-p NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} \
-p TAG=${{ env.TAG }} \
-p MIN_REPLICAS=${{ env.MIN_REPLICAS }} \
-p MAX_REPLICAS=${{ env.MAX_REPLICAS }} \
-p MIN_CPU=${{ env.MIN_CPU }} \
-p MAX_CPU=${{ env.MAX_CPU }} \
-p MIN_MEM=${{ env.MIN_MEM }} \
-p MAX_MEM=${{ env.MAX_MEM }} \
-p HOST_ROUTE=${{ env.HOST_ROUTE }} \
-p APP_ENVIRONMENT=${{ env.APP_ENVIRONMENT }} \
-p BANNER_COLOR=${{ vars.BANNER_COLOR }} \
-p BANNER_ENVIRONMENT=${{ vars.BANNER_ENVIRONMENT }} \
-p VUE_APP_BCEID_REG_URL='${{ secrets.VUE_APP_BCEID_REG_URL }}' \
| oc apply -f -
# Start rollout (if necessary) and follow it
oc rollout latest dc/${{ env.APP_NAME }}-${{ env.IMAGE_NAME }}-${{ env.APP_ENVIRONMENT }} 2> /dev/null \
Expand Down
Loading

0 comments on commit 8b1dd58

Please sign in to comment.