Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Implement IaC for Configmaps #546

Merged
merged 17 commits into from
Oct 24, 2024
Merged

Implement IaC for Configmaps #546

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
17 commits
Select commit Hold shift + click to select a range
14e7132
feat: add dev configmaps for portal
trev-dev Oct 17, 2024
774a0fd
Merge branch 'main' into ccof-3672-iac-configmaps
trev-dev Oct 17, 2024
e489856
feat: generate our own jwt keys
trev-dev Oct 22, 2024
8f6a87a
Merge branch 'main' into ccof-3672-iac-configmaps
trev-dev Oct 22, 2024
8844742
fix: script input order
trev-dev Oct 22, 2024
e079171
fix: unbound variable
trev-dev Oct 22, 2024
baa6d3a
fix: namespace env vars
trev-dev Oct 22, 2024
8988a39
fix: D365_API_PREFIX
trev-dev Oct 22, 2024
c00f29d
fix: missing SITE_MINDER_LOGOUT_URL
trev-dev Oct 22, 2024
0402ff1
fix: fluentbit deploy namespace
trev-dev Oct 22, 2024
5837885
update: nodejs version for frontend
trev-dev Oct 22, 2024
d683c18
feat: add envs to the other workflows
trev-dev Oct 23, 2024
964a0a3
fix: incorrect frontend configmap data
trev-dev Oct 23, 2024
fdbf48c
fix: missing https protocol
trev-dev Oct 23, 2024
c9ccd78
fix: url not string wrapped
trev-dev Oct 23, 2024
2ae74bc
fix: empty values for frontend
trev-dev Oct 23, 2024
ceb4a49
fix: server frontend
trev-dev Oct 23, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
36 changes: 19 additions & 17 deletions .github/workflows/deploy-to-openshift-backend-dev.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,18 +1,15 @@
name: 1 DEV - Deploy Backend

env:
# 🖊️ EDIT your repository secrets to log into your OpenShift cluster and set up the context.
# EDIT your repository secrets to log into your OpenShift cluster and set up the context.
# See https://github.com/redhat-actions/oc-login#readme for how to retrieve these values.
# To get a permanent token, refer to https://github.com/redhat-actions/oc-login/wiki/Using-a-Service-Account-for-GitHub-Actions
OPENSHIFT_SERVER: ${{ secrets.OPENSHIFT_SERVER }}
OPENSHIFT_TOKEN: ${{ secrets.OPENSHIFT_TOKEN }}
# 🖊️ EDIT to set the kube context's namespace after login. Leave blank to use your user's default namespace.
# EDIT to set the kube context's namespace after login. Leave blank to use your user's default namespace.
OPENSHIFT_NAMESPACE: ${{ secrets.CCOF_NAMESPACE_NO_ENV }}-dev

SPLUNK_TOKEN:
${{ secrets.SPLUNK_TOKEN }}

# 🖊️ EDIT to change the image registry settings.
# EDIT to change the image registry setting
# Registries such as GHCR, Quay.io, and Docker Hub are supported.
IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }}
IMAGE_REGISTRY_USER: ${{ github.actor }}
Expand All @@ -23,14 +20,12 @@ env:

APP_NAME: "ccof"
REPO_NAME: "educ-ccof"
#grabs the branch name from github dynamically
# grabs the branch name from github dynamically
BRANCH: ${{ github.ref_name }}
IMAGE_NAME: "backend"
APP_ENVIRONMENT: "dev"
APP_FOLDER: "backend"
NAMESPACE: ${{ secrets.CCOF_NAMESPACE_NO_ENV }}
NAMESPACE_TOOLS: ${{ secrets.CCOF_NAMESPACE_NO_ENV }}-tools
COMMON_NAMESPACE: ${{ secrets.COMMON_NAMESPACE_NO_ENV }}
TAG: "latest"

MIN_REPLICAS: "1"
Expand Down Expand Up @@ -79,19 +74,19 @@ jobs:
core.error(`Secret "${name}" is not set`);
return true;
}
core.info(`✔️ Secret "${name}" is set`);
core.info(`Secret "${name}" is set`);
return false;
});

if (missingSecrets.length > 0) {
core.setFailed(`At least one required secret is not set in the repository. \n` +
core.setFailed(`At least one required secret is not set in the repository. \n` +
"You can add it using:\n" +
"GitHub UI: https://docs.github.com/en/actions/reference/encrypted-secrets#creating-encrypted-secrets-for-a-repository \n" +
"GitHub CLI: https://cli.github.com/manual/gh_secret_set \n" +
"Also, refer to https://github.com/redhat-actions/oc-login#getting-started-with-the-action-or-see-example");
}
else {
core.info(`All the required secrets are set`);
core.info(`All the required secrets are set`);
}

- name: Check out repository with branch [${{ env.BRANCH }}]
Expand Down Expand Up @@ -175,11 +170,18 @@ jobs:

# Process update-configmap
curl -s https://raw.githubusercontent.com/bcgov/${{ env.REPO_NAME }}/${{ env.BRANCH }}/tools/config/update-configmap.sh \
| bash /dev/stdin \
dev \
${{ env.APP_NAME }} \
${{ env.NAMESPACE }} \
${{ env.SPLUNK_TOKEN }}
| bash /dev/stdin \
${{ env.APP_ENVIRONMENT }} \
${{ env.APP_NAME }} \
${{ secrets.CCOF_NAMESPACE_NO_ENV }} \
${{ secrets.COMMON_NAMESPACE_NO_ENV }} \
${{ secrets.SOAM_CLIENT_ID }} \
${{ secrets.SOAM_CLIENT_ID_IDIR }} \
${{ secrets.SOAM_CLIENT_SECRET }} \
${{ secrets.SOAM_CLIENT_SECRET_IDIR }} \
${{ secrets.SPLUNK_TOKEN }} \
${{ secrets.REDIS_PASSWORD }} \
${{ secrets.D365_API_PREFIX }}

# Start rollout (if necessary) and follow it
oc rollout latest dc/${{ env.APP_NAME }}-${{ env.IMAGE_NAME }}-${{ env.APP_ENVIRONMENT }} 2> /dev/null \
Expand Down
35 changes: 18 additions & 17 deletions .github/workflows/deploy-to-openshift-backend-prod.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,17 +1,17 @@
name: 4 PROD - Deploy Backend

env:
# 🖊️ EDIT your repository secrets to log into your OpenShift cluster and set up the context.
# EDIT your repository secrets to log into your OpenShift cluster and set up the context.
# See https://github.com/redhat-actions/oc-login#readme for how to retrieve these values.
# To get a permanent token, refer to https://github.com/redhat-actions/oc-login/wiki/Using-a-Service-Account-for-GitHub-Actions
OPENSHIFT_SERVER: ${{ secrets.OPENSHIFT_SERVER }}
OPENSHIFT_TOKEN: ${{ secrets.OPENSHIFT_TOKEN }}
# 🖊️ EDIT to set the kube context's namespace after login. Leave blank to use your user's default namespace.
# EDIT to set the kube context's namespace after login. Leave blank to use your user's default namespace.
OPENSHIFT_NAMESPACE: ${{ secrets.CCOF_NAMESPACE_NO_ENV }}-prod

SPLUNK_TOKEN: ${{ secrets.SPLUNK_TOKEN }}

# 🖊️ EDIT to change the image registry settings.
# EDIT to change the image registry settings.
# Registries such as GHCR, Quay.io, and Docker Hub are supported.
IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }}
IMAGE_REGISTRY_USER: ${{ github.actor }}
Expand All @@ -27,11 +27,8 @@ env:
IMAGE_NAME: "backend"
APP_ENVIRONMENT: "prod"


NAMESPACE: ${{ secrets.CCOF_NAMESPACE_NO_ENV }}



MIN_REPLICAS: "3"
MAX_REPLICAS: "5"
MIN_CPU: "50m"
Expand All @@ -40,9 +37,6 @@ env:
MAX_MEM: "700Mi"
# SITE_URL should have no scheme or port. It will be prepended with https://
HOST_ROUTE: ${{ secrets.SITE_URL }}
CA_CERT: ${{ secrets.CA_CERT }}
CERTIFICATE: ${{ secrets.CERTIFICATE }}
PRIVATE_KEY: ${{ secrets.PRIVATE_KEY }}

on:
workflow_dispatch:
Expand Down Expand Up @@ -81,19 +75,19 @@ jobs:
core.error(`Secret "${name}" is not set`);
return true;
}
core.info(`✔️ Secret "${name}" is set`);
core.info(`Secret "${name}" is set`);
return false;
});

if (missingSecrets.length > 0) {
core.setFailed(`At least one required secret is not set in the repository. \n` +
core.setFailed(`At least one required secret is not set in the repository. \n` +
"You can add it using:\n" +
"GitHub UI: https://docs.github.com/en/actions/reference/encrypted-secrets#creating-encrypted-secrets-for-a-repository \n" +
"GitHub CLI: https://cli.github.com/manual/gh_secret_set \n" +
"Also, refer to https://github.com/redhat-actions/oc-login#getting-started-with-the-action-or-see-example");
}
else {
core.info(`All the required secrets are set`);
core.info(`All the required secrets are set`);
}

- name: Check out repository
Expand Down Expand Up @@ -145,11 +139,18 @@ jobs:

# Process update-configmap
curl -s https://raw.githubusercontent.com/bcgov/${{ env.REPO_NAME }}/${{ env.BRANCH }}/tools/config/update-configmap.sh \
| bash /dev/stdin \
prod \
${{ env.APP_NAME }} \
${{ env.NAMESPACE }} \
${{ env.SPLUNK_TOKEN }}
| bash /dev/stdin \
${{ env.APP_ENVIRONMENT }} \
${{ env.APP_NAME }} \
${{ secrets.CCOF_NAMESPACE_NO_ENV }} \
${{ secrets.COMMON_NAMESPACE_NO_ENV }} \
${{ secrets.SOAM_CLIENT_ID }} \
${{ secrets.SOAM_CLIENT_ID_IDIR }} \
${{ secrets.SOAM_CLIENT_SECRET }} \
${{ secrets.SOAM_CLIENT_SECRET_IDIR }} \
${{ secrets.SPLUNK_TOKEN }} \
${{ secrets.REDIS_PASSWORD }} \
${{ secrets.D365_API_PREFIX }}

# Start rollout (if necessary) and follow it
oc rollout latest dc/${{ env.APP_NAME }}-${{ env.IMAGE_NAME }}-${{ env.APP_ENVIRONMENT }} 2> /dev/null \
Expand Down
25 changes: 15 additions & 10 deletions .github/workflows/deploy-to-openshift-backend-qa.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,17 +1,17 @@
name: 2 QA - Deploy Backend

env:
# 🖊️ EDIT your repository secrets to log into your OpenShift cluster and set up the context.
# EDIT your repository secrets to log into your OpenShift cluster and set up the context.
# See https://github.com/redhat-actions/oc-login#readme for how to retrieve these values.
# To get a permanent token, refer to https://github.com/redhat-actions/oc-login/wiki/Using-a-Service-Account-for-GitHub-Actions
OPENSHIFT_SERVER: ${{ secrets.OPENSHIFT_SERVER }}
OPENSHIFT_TOKEN: ${{ secrets.OPENSHIFT_TOKEN }}
# 🖊️ EDIT to set the kube context's namespace after login. Leave blank to use your user's default namespace.
# EDIT to set the kube context's namespace after login. Leave blank to use your user's default namespace.
OPENSHIFT_NAMESPACE: ${{ secrets.CCOF_NAMESPACE_NO_ENV }}-dev

SPLUNK_TOKEN: ${{ secrets.SPLUNK_TOKEN }}

# 🖊️ EDIT to change the image registry settings.
# EDIT to change the image registry settings.
# Registries such as GHCR, Quay.io, and Docker Hub are supported.
IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }}
IMAGE_REGISTRY_USER: ${{ github.actor }}
Expand All @@ -37,9 +37,6 @@ env:
MAX_MEM: "700Mi"
# SITE_URL should have no scheme or port. It will be prepended with https://
HOST_ROUTE: ${{ secrets.SITE_URL }}
CA_CERT: ${{ secrets.CA_CERT }}
CERTIFICATE: ${{ secrets.CERTIFICATE }}
PRIVATE_KEY: ${{ secrets.PRIVATE_KEY }}

on:
workflow_dispatch:
Expand Down Expand Up @@ -137,10 +134,18 @@ jobs:

# Process update-configmap
curl -s https://raw.githubusercontent.com/bcgov/${{ env.REPO_NAME }}/${{ env.BRANCH }}/tools/config/update-configmap.sh \
| bash /dev/stdin \
qa ${{ env.APP_NAME }} \
${{ env.NAMESPACE }} \
${{ env.SPLUNK_TOKEN }}
| bash /dev/stdin \
${{ env.APP_ENVIRONMENT }} \
${{ env.APP_NAME }} \
${{ secrets.CCOF_NAMESPACE_NO_ENV }} \
${{ secrets.COMMON_NAMESPACE_NO_ENV }} \
${{ secrets.SOAM_CLIENT_ID }} \
${{ secrets.SOAM_CLIENT_ID_IDIR }} \
${{ secrets.SOAM_CLIENT_SECRET }} \
${{ secrets.SOAM_CLIENT_SECRET_IDIR }} \
${{ secrets.SPLUNK_TOKEN }} \
${{ secrets.REDIS_PASSWORD }} \
${{ secrets.D365_API_PREFIX }}

# Start rollout (if necessary) and follow it
oc rollout latest dc/${{ env.APP_NAME }}-${{ env.IMAGE_NAME }}-${{ env.APP_ENVIRONMENT }} 2> /dev/null \
Expand Down
32 changes: 18 additions & 14 deletions .github/workflows/deploy-to-openshift-backend-uat.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,17 +1,17 @@
name: 3 UAT - Deploy Backend

env:
# 🖊️ EDIT your repository secrets to log into your OpenShift cluster and set up the context.
# EDIT your repository secrets to log into your OpenShift cluster and set up the context.
# See https://github.com/redhat-actions/oc-login#readme for how to retrieve these values.
# To get a permanent token, refer to https://github.com/redhat-actions/oc-login/wiki/Using-a-Service-Account-for-GitHub-Actions
OPENSHIFT_SERVER: ${{ secrets.OPENSHIFT_SERVER }}
OPENSHIFT_TOKEN: ${{ secrets.OPENSHIFT_TOKEN }}
# 🖊️ EDIT to set the kube context's namespace after login. Leave blank to use your user's default namespace.
# EDIT to set the kube context's namespace after login. Leave blank to use your user's default namespace.
OPENSHIFT_NAMESPACE: ${{ secrets.CCOF_NAMESPACE_NO_ENV }}-test

SPLUNK_TOKEN: ${{ secrets.SPLUNK_TOKEN }}

# 🖊️ EDIT to change the image registry settings.
# EDIT to change the image registry settings.
# Registries such as GHCR, Quay.io, and Docker Hub are supported.
IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }}
IMAGE_REGISTRY_USER: ${{ github.actor }}
Expand All @@ -37,9 +37,6 @@ env:
MAX_MEM: "700Mi"
# SITE_URL should have no scheme or port. It will be prepended with https://
HOST_ROUTE: ${{ secrets.SITE_URL }}
CA_CERT: ${{ secrets.CA_CERT }}
CERTIFICATE: ${{ secrets.CERTIFICATE }}
PRIVATE_KEY: ${{ secrets.PRIVATE_KEY }}

on:
workflow_dispatch:
Expand Down Expand Up @@ -78,19 +75,19 @@ jobs:
core.error(`Secret "${name}" is not set`);
return true;
}
core.info(`✔️ Secret "${name}" is set`);
core.info(`Secret "${name}" is set`);
return false;
});

if (missingSecrets.length > 0) {
core.setFailed(`At least one required secret is not set in the repository. \n` +
core.setFailed(`At least one required secret is not set in the repository. \n` +
"You can add it using:\n" +
"GitHub UI: https://docs.github.com/en/actions/reference/encrypted-secrets#creating-encrypted-secrets-for-a-repository \n" +
"GitHub CLI: https://cli.github.com/manual/gh_secret_set \n" +
"Also, refer to https://github.com/redhat-actions/oc-login#getting-started-with-the-action-or-see-example");
}
else {
core.info(`All the required secrets are set`);
core.info(`All the required secrets are set`);
}

- name: Check out repository
Expand Down Expand Up @@ -142,11 +139,18 @@ jobs:

# Process update-configmap
curl -s https://raw.githubusercontent.com/bcgov/${{ env.REPO_NAME }}/${{ env.BRANCH }}/tools/config/update-configmap.sh \
| bash /dev/stdin \
uat \
${{ env.APP_NAME }} \
${{ env.NAMESPACE }} \
${{ env.SPLUNK_TOKEN }}
| bash /dev/stdin \
${{ env.APP_ENVIRONMENT }} \
${{ env.APP_NAME }} \
${{ secrets.CCOF_NAMESPACE_NO_ENV }} \
${{ secrets.COMMON_NAMESPACE_NO_ENV }} \
${{ secrets.SOAM_CLIENT_ID }} \
${{ secrets.SOAM_CLIENT_ID_IDIR }} \
${{ secrets.SOAM_CLIENT_SECRET }} \
${{ secrets.SOAM_CLIENT_SECRET_IDIR }} \
${{ secrets.SPLUNK_TOKEN }} \
${{ secrets.REDIS_PASSWORD }} \
${{ secrets.D365_API_PREFIX }}

# Start rollout (if necessary) and follow it
oc rollout latest dc/${{ env.APP_NAME }}-${{ env.IMAGE_NAME }}-${{ env.APP_ENVIRONMENT }}} 2> /dev/null \
Expand Down
39 changes: 21 additions & 18 deletions .github/workflows/deploy-to-openshift-frontend-dev.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -160,24 +160,27 @@ jobs:

# Process and apply deployment template
oc process \
-f tools/openshift/frontend.dc.yaml \
-p APP_NAME=${{ env.APP_NAME }} \
-p REPO_NAME=${{ env.REPO_NAME }} \
-p BRANCH=${{ env.BRANCH }} \
-p CA_CERT="${{ env.CA_CERT }}" \
-p CERTIFICATE="${{ env.CERTIFICATE }}" \
-p PRIVATE_KEY="${{ env.PRIVATE_KEY }}" \
-p NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} \
-p TAG=${{ env.TAG }} \
-p MIN_REPLICAS=${{ env.MIN_REPLICAS }} \
-p MAX_REPLICAS=${{ env.MAX_REPLICAS }} \
-p MIN_CPU=${{ env.MIN_CPU }} \
-p MAX_CPU=${{ env.MAX_CPU }} \
-p MIN_MEM=${{ env.MIN_MEM }} \
-p MAX_MEM=${{ env.MAX_MEM }} \
-p HOST_ROUTE=${{ env.HOST_ROUTE }} \
-p APP_ENVIRONMENT=${{ env.APP_ENVIRONMENT }} \
| oc apply -f -
-f tools/openshift/frontend.dc.yaml \
-p APP_NAME=${{ env.APP_NAME }} \
-p REPO_NAME=${{ env.REPO_NAME }} \
-p BRANCH=${{ env.BRANCH }} \
-p CA_CERT="${{ env.CA_CERT }}" \
-p CERTIFICATE="${{ env.CERTIFICATE }}" \
-p PRIVATE_KEY="${{ env.PRIVATE_KEY }}" \
-p NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} \
-p TAG=${{ env.TAG }} \
-p MIN_REPLICAS=${{ env.MIN_REPLICAS }} \
-p MAX_REPLICAS=${{ env.MAX_REPLICAS }} \
-p MIN_CPU=${{ env.MIN_CPU }} \
-p MAX_CPU=${{ env.MAX_CPU }} \
-p MIN_MEM=${{ env.MIN_MEM }} \
-p MAX_MEM=${{ env.MAX_MEM }} \
-p HOST_ROUTE=${{ env.HOST_ROUTE }} \
-p APP_ENVIRONMENT=${{ env.APP_ENVIRONMENT }} \
-p BANNER_COLOR=${{ vars.BANNER_COLOR }} \
-p BANNER_ENVIRONMENT=${{ vars.BANNER_ENVIRONMENT }} \
-p VUE_APP_BCEID_REG_URL='${{ secrets.VUE_APP_BCEID_REG_URL }}' \
| oc apply -f -

# Start rollout (if necessary) and follow it
oc rollout latest dc/${{ env.APP_NAME }}-${{ env.IMAGE_NAME }}-${{ env.APP_ENVIRONMENT }} 2> /dev/null \
Expand Down
Loading
Loading