From 486e44682c07726ee6dd307fe0a996d2a936b19f Mon Sep 17 00:00:00 2001 From: Kamal Mohammed Date: Mon, 22 Jan 2024 11:16:11 -0700 Subject: [PATCH 1/5] Update Actions --- ...ld.from.developer.branch.deploy.to.dev.yml | 40 +++++++----- .../build.from.main.branch.deploy.to.dev.yml | 41 +++++++----- ...uild.from.release.branch.deploy.to.dev.yml | 40 +++++++----- .github/workflows/create_tag.yml | 59 +++++++++--------- .github/workflows/deploy_prod.yml | 32 +++++++--- .github/workflows/deploy_test.yml | 34 +++++++--- .github/workflows/on.pr.yml | 4 +- tools/config/update-configmap.sh | 62 +++++++++++++++++++ 8 files changed, 217 insertions(+), 95 deletions(-) create mode 100644 tools/config/update-configmap.sh diff --git a/.github/workflows/build.from.developer.branch.deploy.to.dev.yml b/.github/workflows/build.from.developer.branch.deploy.to.dev.yml index 712a6a95..c4a1cbc3 100644 --- a/.github/workflows/build.from.developer.branch.deploy.to.dev.yml +++ b/.github/workflows/build.from.developer.branch.deploy.to.dev.yml @@ -4,10 +4,12 @@ env: # 🖊️ EDIT your repository secrets to log into your OpenShift cluster and set up the context. # See https://github.com/redhat-actions/oc-login#readme for how to retrieve these values. # To get a permanent token, refer to https://github.com/redhat-actions/oc-login/wiki/Using-a-Service-Account-for-GitHub-Actions - OPENSHIFT_SERVER: ${{ secrets.OPENSHIFT_SERVER }} + OPENSHIFT_SERVER: ${{ vars.OPENSHIFT_SERVER }} OPENSHIFT_TOKEN: ${{ secrets.OPENSHIFT_TOKEN }} - # secrets.GRAD_BUSINESS_NAMESPACE to change in GH Secrets to the e8a*** namespace, currently 77c*** - OPENSHIFT_NAMESPACE: ${{ secrets.GRAD_BUSINESS_NAMESPACE }}-dev + OPENSHIFT_NAMESPACE: ${{ vars.GRAD_BUSINESS_NAMESPACE }}-dev + COMMON_NAMESPACE: ${{ vars.COMMON_NAMESPACE }} + GRAD_NAMESPACE: ${{ vars.GRAD_NAMESPACE }} + BUSINESS_NAMESPACE: ${{ vars.GRAD_BUSINESS_NAMESPACE }} # 🖊️ EDIT to change the image registry settings. # Registries such as GHCR, Quay.io, and Docker Hub are supported. @@ -16,10 +18,10 @@ env: IMAGE_REGISTRY_PASSWORD: ${{ github.token }} SPRING_BOOT_IMAGE_NAME: educ-rule-engine-api-dc - DOCKER_ARTIFACTORY_REPO: artifacts.developer.gov.bc.ca/docker-remote REPO_NAME: "educ-rule-engine-api" - APP_DOMAIN: ${{ secrets.APP_DOMAIN }} + APP_DOMAIN: ${{ vars.APP_DOMAIN }} + BRANCH: "grad-release" TAG: "latest" MIN_CPU: "20m" MAX_CPU: "100m" @@ -46,14 +48,9 @@ on: jobs: openshift-ci-cd: name: Build and deploy to OpenShift DEV from developer branch - # ubuntu-20.04 can also be used. runs-on: ubuntu-20.04 environment: dev - outputs: - ROUTE: ${{ steps.deploy-and-expose.outputs.route }} - SELECTOR: ${{ steps.deploy-and-expose.outputs.selector }} - steps: - name: Check out repository uses: actions/checkout@v3 @@ -68,8 +65,8 @@ jobs: - name: Login to Docker Hub uses: docker/login-action@v2 with: - registry: ${{ env.DOCKER_ARTIFACTORY_REPO }} - username: ${{ secrets.DOCKER_ARTIFACTORY_USERNAME }} + registry: ${{ vars..DOCKER_ARTIFACTORY_REPO }} + username: ${{ vars.DOCKER_ARTIFACTORY_USERNAME }} password: ${{ secrets.DOCKER_ARTIFACTORY_ACCESS_TOKEN }} # https://github.com/redhat-actions/buildah-build#readme @@ -117,8 +114,21 @@ jobs: oc -n ${{ env.OPENSHIFT_NAMESPACE }} tag ${{ steps.push-image.outputs.registry-path }} ${{ env.REPO_NAME }}:${{ env.TAG }} # Process and apply deployment template - oc process -f tools/openshift/api.dc.yaml -p IS_NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} -p REPO_NAME=${{ env.REPO_NAME }} -p TAG_NAME=${{ env.TAG }} -p HOST_ROUTE=${{ env.REPO_NAME }}-${{ env.OPENSHIFT_NAMESPACE }}.${{ env.APP_DOMAIN }} -p MIN_REPLICAS=${{ env.MIN_REPLICAS }} -p MAX_REPLICAS=${{ env.MAX_REPLICAS }} -p MIN_CPU=${{ env.MIN_CPU }} -p MAX_CPU=${{ env.MAX_CPU }} -p MIN_MEM=${{ env.MIN_MEM }} -p MAX_MEM=${{ env.MAX_MEM }} \ - | oc apply -f - + oc process -f tools/openshift/api.dc.yaml -p IS_NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} -p REPO_NAME=${{ env.REPO_NAME }} + -p TAG_NAME=${{ env.TAG }} -p HOST_ROUTE=${{ env.REPO_NAME }}-${{ env.OPENSHIFT_NAMESPACE }}.${{ env.APP_DOMAIN }} + -p MIN_REPLICAS=${{ env.MIN_REPLICAS }} -p MAX_REPLICAS=${{ env.MAX_REPLICAS }} -p MIN_CPU=${{ env.MIN_CPU }} + -p MAX_CPU=${{ env.MAX_CPU }} -p MIN_MEM=${{ env.MIN_MEM }} -p MAX_MEM=${{ env.MAX_MEM }} | oc apply -f - + + # UPDATE Configmaps + curl -s https://raw.githubusercontent.com/bcgov/${{ env.REPO_NAME }}/${{ github.event.inputs.choice }}/tools/config/update-configmap.sh \ + | bash /dev/stdin \ + dev \ + ${{ env.REPO_NAME }} \ + ${{ env.GRAD_NAMESPACE }} \ + ${{ env.COMMON_NAMESPACE }} \ + ${{ env.BUSINESS_NAMESPACE }} \ + ${{ secrets.SPLUNK_TOKEN }} \ + ${{ vars.APP_LOG_LEVEL }} # Start rollout (if necessary) and follow it oc rollout latest dc/${{ env.SPRING_BOOT_IMAGE_NAME }} 2> /dev/null \ @@ -131,4 +141,4 @@ jobs: - name: ZAP Scan uses: zaproxy/action-api-scan@v0.1.0 with: - target: 'https://${{ env.REPO_NAME }}-${{ env.OPENSHIFT_NAMESPACE }}-dev.apps.silver.devops.gov.bc.ca/api/v1/api-docs' + target: 'https://${{ env.REPO_NAME }}-${{ env.OPENSHIFT_NAMESPACE }}-dev.apps.silver.devops.gov.bc.ca/api/v1/api-docs' \ No newline at end of file diff --git a/.github/workflows/build.from.main.branch.deploy.to.dev.yml b/.github/workflows/build.from.main.branch.deploy.to.dev.yml index 2b42f704..0ea95c0f 100644 --- a/.github/workflows/build.from.main.branch.deploy.to.dev.yml +++ b/.github/workflows/build.from.main.branch.deploy.to.dev.yml @@ -4,10 +4,12 @@ env: # 🖊️ EDIT your repository secrets to log into your OpenShift cluster and set up the context. # See https://github.com/redhat-actions/oc-login#readme for how to retrieve these values. # To get a permanent token, refer to https://github.com/redhat-actions/oc-login/wiki/Using-a-Service-Account-for-GitHub-Actions - OPENSHIFT_SERVER: ${{ secrets.OPENSHIFT_SERVER }} + OPENSHIFT_SERVER: ${{ vars.OPENSHIFT_SERVER }} OPENSHIFT_TOKEN: ${{ secrets.OPENSHIFT_TOKEN }} - # secrets.GRAD_BUSINESS_NAMESPACE to change in GH Secrets to the e8a*** namespace, currently 77c*** - OPENSHIFT_NAMESPACE: ${{ secrets.GRAD_BUSINESS_NAMESPACE }}-dev + OPENSHIFT_NAMESPACE: ${{ vars.GRAD_BUSINESS_NAMESPACE }}-dev + COMMON_NAMESPACE: ${{ vars.COMMON_NAMESPACE }} + GRAD_NAMESPACE: ${{ vars.GRAD_NAMESPACE }} + BUSINESS_NAMESPACE: ${{ vars.GRAD_BUSINESS_NAMESPACE }} # 🖊️ EDIT to change the image registry settings. # Registries such as GHCR, Quay.io, and Docker Hub are supported. @@ -16,10 +18,10 @@ env: IMAGE_REGISTRY_PASSWORD: ${{ github.token }} SPRING_BOOT_IMAGE_NAME: educ-rule-engine-api-dc - DOCKER_ARTIFACTORY_REPO: artifacts.developer.gov.bc.ca/docker-remote REPO_NAME: "educ-rule-engine-api" - APP_DOMAIN: ${{ secrets.APP_DOMAIN }} + APP_DOMAIN: ${{ vars.APP_DOMAIN }} + BRANCH: "main" TAG: "latest" MIN_CPU: "20m" MAX_CPU: "100m" @@ -29,20 +31,14 @@ env: MAX_REPLICAS: "7" on: - # https://docs.github.com/en/actions/reference/events-that-trigger-workflows workflow_dispatch: jobs: openshift-ci-cd: name: Build and deploy to OpenShift DEV - # ubuntu-20.04 can also be used. runs-on: ubuntu-20.04 environment: dev - outputs: - ROUTE: ${{ steps.deploy-and-expose.outputs.route }} - SELECTOR: ${{ steps.deploy-and-expose.outputs.selector }} - steps: - name: Check out repository uses: actions/checkout@v3 @@ -55,8 +51,8 @@ jobs: - name: Login to Docker Hub uses: docker/login-action@v2 with: - registry: ${{ env.DOCKER_ARTIFACTORY_REPO }} - username: ${{ secrets.DOCKER_ARTIFACTORY_USERNAME }} + registry: ${{ vars.DOCKER_ARTIFACTORY_REPO }} + username: ${{ vars.DOCKER_ARTIFACTORY_USERNAME }} password: ${{ secrets.DOCKER_ARTIFACTORY_ACCESS_TOKEN }} # https://github.com/redhat-actions/buildah-build#readme @@ -104,8 +100,21 @@ jobs: oc -n ${{ env.OPENSHIFT_NAMESPACE }} tag ${{ steps.push-image.outputs.registry-path }} ${{ env.REPO_NAME }}:${{ env.TAG }} # Process and apply deployment template - oc process -f tools/openshift/api.dc.yaml -p IS_NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} -p REPO_NAME=${{ env.REPO_NAME }} -p TAG_NAME=${{ env.TAG }} -p HOST_ROUTE=${{ env.REPO_NAME }}-${{ env.OPENSHIFT_NAMESPACE }}.${{ env.APP_DOMAIN }} -p MIN_REPLICAS=${{ env.MIN_REPLICAS }} -p MAX_REPLICAS=${{ env.MAX_REPLICAS }} -p MIN_CPU=${{ env.MIN_CPU }} -p MAX_CPU=${{ env.MAX_CPU }} -p MIN_MEM=${{ env.MIN_MEM }} -p MAX_MEM=${{ env.MAX_MEM }} \ - | oc apply -f - + oc process -f tools/openshift/api.dc.yaml -p IS_NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} -p REPO_NAME=${{ env.REPO_NAME }} \ + -p TAG_NAME=${{ env.TAG }} -p HOST_ROUTE=${{ env.REPO_NAME }}-${{ env.OPENSHIFT_NAMESPACE }}.${{ env.APP_DOMAIN }} \ + -p MIN_REPLICAS=${{ env.MIN_REPLICAS }} -p MAX_REPLICAS=${{ env.MAX_REPLICAS }} -p MIN_CPU=${{ env.MIN_CPU }} \ + -p MAX_CPU=${{ env.MAX_CPU }} -p MIN_MEM=${{ env.MIN_MEM }} -p MAX_MEM=${{ env.MAX_MEM }} | oc apply -f - + + # UPDATE Configmaps + curl -s https://raw.githubusercontent.com/bcgov/${{ env.REPO_NAME }}/${{ env.BRANCH }}/tools/config/update-configmap.sh \ + | bash /dev/stdin \ + dev \ + ${{ env.REPO_NAME }} \ + ${{ env.GRAD_NAMESPACE }} \ + ${{ env.COMMON_NAMESPACE }} \ + ${{ env.BUSINESS_NAMESPACE }} \ + ${{ secrets.SPLUNK_TOKEN }} \ + ${{ vars.APP_LOG_LEVEL }} # Start rollout (if necessary) and follow it oc rollout latest dc/${{ env.SPRING_BOOT_IMAGE_NAME }} 2> /dev/null \ @@ -118,4 +127,4 @@ jobs: - name: ZAP Scan uses: zaproxy/action-api-scan@v0.1.0 with: - target: 'https://${{ env.REPO_NAME }}-${{ env.OPENSHIFT_NAMESPACE }}-dev.apps.silver.devops.gov.bc.ca/api/v1/api-docs' + target: 'https://${{ env.REPO_NAME }}-${{ env.OPENSHIFT_NAMESPACE }}-dev.apps.silver.devops.gov.bc.ca/api/v1/api-docs' \ No newline at end of file diff --git a/.github/workflows/build.from.release.branch.deploy.to.dev.yml b/.github/workflows/build.from.release.branch.deploy.to.dev.yml index 3f332cbc..d6b8c625 100644 --- a/.github/workflows/build.from.release.branch.deploy.to.dev.yml +++ b/.github/workflows/build.from.release.branch.deploy.to.dev.yml @@ -4,10 +4,12 @@ env: # 🖊️ EDIT your repository secrets to log into your OpenShift cluster and set up the context. # See https://github.com/redhat-actions/oc-login#readme for how to retrieve these values. # To get a permanent token, refer to https://github.com/redhat-actions/oc-login/wiki/Using-a-Service-Account-for-GitHub-Actions - OPENSHIFT_SERVER: ${{ secrets.OPENSHIFT_SERVER }} + OPENSHIFT_SERVER: ${{ vars.OPENSHIFT_SERVER }} OPENSHIFT_TOKEN: ${{ secrets.OPENSHIFT_TOKEN }} - # secrets.GRAD_BUSINESS_NAMESPACE to change in GH Secrets to the e8a*** namespace, currently 77c*** - OPENSHIFT_NAMESPACE: ${{ secrets.GRAD_BUSINESS_NAMESPACE }}-dev + OPENSHIFT_NAMESPACE: ${{ vars.GRAD_BUSINESS_NAMESPACE }}-dev + COMMON_NAMESPACE: ${{ vars.COMMON_NAMESPACE }} + GRAD_NAMESPACE: ${{ vars.GRAD_NAMESPACE }} + BUSINESS_NAMESPACE: ${{ vars.GRAD_BUSINESS_NAMESPACE }} # 🖊️ EDIT to change the image registry settings. # Registries such as GHCR, Quay.io, and Docker Hub are supported. @@ -16,10 +18,10 @@ env: IMAGE_REGISTRY_PASSWORD: ${{ github.token }} SPRING_BOOT_IMAGE_NAME: educ-rule-engine-api-dc - DOCKER_ARTIFACTORY_REPO: artifacts.developer.gov.bc.ca/docker-remote REPO_NAME: "educ-rule-engine-api" - APP_DOMAIN: ${{ secrets.APP_DOMAIN }} + APP_DOMAIN: ${{ vars.APP_DOMAIN }} + BRANCH: "grad-release" TAG: "latest" MIN_CPU: "20m" MAX_CPU: "100m" @@ -41,14 +43,9 @@ on: jobs: openshift-ci-cd: name: Build and deploy to OpenShift DEV from release branch - # ubuntu-20.04 can also be used. runs-on: ubuntu-20.04 environment: dev - outputs: - ROUTE: ${{ steps.deploy-and-expose.outputs.route }} - SELECTOR: ${{ steps.deploy-and-expose.outputs.selector }} - steps: - name: Check out repository uses: actions/checkout@v3 @@ -63,8 +60,8 @@ jobs: - name: Login to Docker Hub uses: docker/login-action@v2 with: - registry: ${{ env.DOCKER_ARTIFACTORY_REPO }} - username: ${{ secrets.DOCKER_ARTIFACTORY_USERNAME }} + registry: ${{ vars.DOCKER_ARTIFACTORY_REPO }} + username: ${{ vars.DOCKER_ARTIFACTORY_USERNAME }} password: ${{ secrets.DOCKER_ARTIFACTORY_ACCESS_TOKEN }} # https://github.com/redhat-actions/buildah-build#readme @@ -112,8 +109,21 @@ jobs: oc -n ${{ env.OPENSHIFT_NAMESPACE }} tag ${{ steps.push-image.outputs.registry-path }} ${{ env.REPO_NAME }}:${{ env.TAG }} # Process and apply deployment template - oc process -f tools/openshift/api.dc.yaml -p IS_NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} -p REPO_NAME=${{ env.REPO_NAME }} -p TAG_NAME=${{ env.TAG }} -p HOST_ROUTE=${{ env.REPO_NAME }}-${{ env.OPENSHIFT_NAMESPACE }}.${{ env.APP_DOMAIN }} -p MIN_REPLICAS=${{ env.MIN_REPLICAS }} -p MAX_REPLICAS=${{ env.MAX_REPLICAS }} -p MIN_CPU=${{ env.MIN_CPU }} -p MAX_CPU=${{ env.MAX_CPU }} -p MIN_MEM=${{ env.MIN_MEM }} -p MAX_MEM=${{ env.MAX_MEM }} \ - | oc apply -f - + oc process -f tools/openshift/api.dc.yaml -p IS_NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} -p REPO_NAME=${{ env.REPO_NAME }} \ + -p TAG_NAME=${{ env.TAG }} -p HOST_ROUTE=${{ env.REPO_NAME }}-${{ env.OPENSHIFT_NAMESPACE }}.${{ env.APP_DOMAIN }} \ + -p MIN_REPLICAS=${{ env.MIN_REPLICAS }} -p MAX_REPLICAS=${{ env.MAX_REPLICAS }} -p MIN_CPU=${{ env.MIN_CPU }} \ + -p MAX_CPU=${{ env.MAX_CPU }} -p MIN_MEM=${{ env.MIN_MEM }} -p MAX_MEM=${{ env.MAX_MEM }} | oc apply -f - + + # UPDATE Configmaps + curl -s https://raw.githubusercontent.com/bcgov/${{ env.REPO_NAME }}/${{ env.BRANCH }}/tools/config/update-configmap.sh \ + | bash /dev/stdin \ + dev \ + ${{ env.REPO_NAME }} \ + ${{ env.GRAD_NAMESPACE }} \ + ${{ env.COMMON_NAMESPACE }} \ + ${{ env.BUSINESS_NAMESPACE }} \ + ${{ secrets.SPLUNK_TOKEN }} \ + ${{ vars.APP_LOG_LEVEL }} # Start rollout (if necessary) and follow it oc rollout latest dc/${{ env.SPRING_BOOT_IMAGE_NAME }} 2> /dev/null \ @@ -126,4 +136,4 @@ jobs: - name: ZAP Scan uses: zaproxy/action-api-scan@v0.1.0 with: - target: 'https://${{ env.REPO_NAME }}-${{ env.OPENSHIFT_NAMESPACE }}-dev.apps.silver.devops.gov.bc.ca/api/v1/api-docs' + target: 'https://${{ env.REPO_NAME }}-${{ env.OPENSHIFT_NAMESPACE }}-dev.apps.silver.devops.gov.bc.ca/api/v1/api-docs' \ No newline at end of file diff --git a/.github/workflows/create_tag.yml b/.github/workflows/create_tag.yml index f3a9973d..28501b26 100644 --- a/.github/workflows/create_tag.yml +++ b/.github/workflows/create_tag.yml @@ -4,16 +4,16 @@ env: # 🖊️ EDIT your repository secrets to log into your OpenShift cluster and set up the context. # See https://github.com/redhat-actions/oc-login#readme for how to retrieve these values. # To get a permanent token, refer to https://github.com/redhat-actions/oc-login/wiki/Using-a-Service-Account-for-GitHub-Actions - OPENSHIFT_SERVER: ${{ secrets.OPENSHIFT_SERVER }} + OPENSHIFT_SERVER: ${{ vars.OPENSHIFT_SERVER }} OPENSHIFT_TOKEN: ${{ secrets.OPENSHIFT_TOKEN }} - OPENSHIFT_NAMESPACE: ${{ secrets.GRAD_BUSINESS_NAMESPACE }}-dev + OPENSHIFT_NAMESPACE: ${{ vars.GRAD_BUSINESS_NAMESPACE }}-dev # 🖊️ EDIT to specify custom tags for the container image, or default tags will be generated below. IMAGE_TAGS: "" REPO_NAME: "educ-rule-engine-api" BRANCH: "master" - NAMESPACE: ${{ secrets.GRAD_BUSINESS_NAMESPACE }} + NAMESPACE: ${{ vars.GRAD_BUSINESS_NAMESPACE }} on: # https://docs.github.com/en/actions/reference/events-that-trigger-workflows @@ -26,7 +26,6 @@ on: jobs: tag_image: name: Tag Image - # ubuntu-20.04 can also be used. runs-on: ubuntu-20.04 environment: dev @@ -35,32 +34,32 @@ jobs: SELECTOR: ${{ steps.deploy-and-expose.outputs.selector }} steps: - - name: Check out repository - uses: actions/checkout@v2 + - name: Check out repository + uses: actions/checkout@v2 - - name: Create tag - uses: actions/github-script@v5 - with: - script: | - github.rest.git.createRef({ - owner: context.repo.owner, - repo: context.repo.repo, - ref: 'refs/tags/${{ github.event.inputs.version }}', - sha: context.sha - }) + - name: Create tag + uses: actions/github-script@v5 + with: + script: | + github.rest.git.createRef({ + owner: context.repo.owner, + repo: context.repo.repo, + ref: 'refs/tags/${{ github.event.inputs.version }}', + sha: context.sha + }) - - name: Install oc - uses: redhat-actions/openshift-tools-installer@v1 - with: - oc: 4 + - name: Install oc + uses: redhat-actions/openshift-tools-installer@v1 + with: + oc: 4 - # https://github.com/redhat-actions/oc-login#readme - - uses: actions/checkout@v2 - - name: Tag in OpenShift - run: | - set -eux - # Login to OpenShift and select project - oc login --token=${{ env.OPENSHIFT_TOKEN }} --server=${{ env.OPENSHIFT_SERVER }} - oc project ${{ env.OPENSHIFT_NAMESPACE }} - - oc tag ${{ env.NAMESPACE }}-dev/${{ env.REPO_NAME }}:latest ${{ env.NAMESPACE }}-dev/${{ env.REPO_NAME }}:${{ github.event.inputs.version }} \ No newline at end of file + # https://github.com/redhat-actions/oc-login#readme + - uses: actions/checkout@v2 + - name: Tag in OpenShift + run: | + set -eux + # Login to OpenShift and select project + oc login --token=${{ env.OPENSHIFT_TOKEN }} --server=${{ env.OPENSHIFT_SERVER }} + oc project ${{ env.OPENSHIFT_NAMESPACE }} + + oc tag ${{ env.NAMESPACE }}-dev/${{ env.REPO_NAME }}:latest ${{ env.NAMESPACE }}-dev/${{ env.REPO_NAME }}:${{ github.event.inputs.version }} \ No newline at end of file diff --git a/.github/workflows/deploy_prod.yml b/.github/workflows/deploy_prod.yml index 795fc9eb..a40b6f19 100644 --- a/.github/workflows/deploy_prod.yml +++ b/.github/workflows/deploy_prod.yml @@ -4,16 +4,19 @@ env: # 🖊️ EDIT your repository secrets to log into your OpenShift cluster and set up the context. # See https://github.com/redhat-actions/oc-login#readme for how to retrieve these values. # To get a permanent token, refer to https://github.com/redhat-actions/oc-login/wiki/Using-a-Service-Account-for-GitHub-Actions - OPENSHIFT_SERVER: ${{ secrets.OPENSHIFT_SERVER }} + OPENSHIFT_SERVER: ${{ vars.OPENSHIFT_SERVER }} OPENSHIFT_TOKEN: ${{ secrets.OPENSHIFT_TOKEN }} - OPENSHIFT_NAMESPACE: ${{ secrets.GRAD_BUSINESS_NAMESPACE }}-prod + OPENSHIFT_NAMESPACE: ${{ vars.GRAD_BUSINESS_NAMESPACE }}-prod + GRAD_NAMESPACE: ${{ vars.GRAD_NAMESPACE }} + COMMON_NAMESPACE: ${{ vars.COMMON_NAMESPACE }} + BUSINESS_NAMESPACE: ${{ vars.GRAD_BUSINESS_NAMESPACE }} SPRING_BOOT_IMAGE_NAME: educ-rule-engine-api-dc REPO_NAME: "educ-rule-engine-api" - APP_DOMAIN: ${{ secrets.APP_DOMAIN }} - NAMESPACE: ${{ secrets.GRAD_BUSINESS_NAMESPACE }} + APP_DOMAIN: ${{ vars.APP_DOMAIN }} TAG: "latest" + BRANCH: "main" MIN_CPU: "20m" MAX_CPU: "100m" @@ -29,7 +32,6 @@ on: jobs: deploy-to-openshift-prod: name: Deploy to OpenShift PROD - # ubuntu-20.04 can also be used. runs-on: ubuntu-20.04 environment: prod @@ -62,11 +64,25 @@ jobs: oc rollout cancel dc/${{ env.SPRING_BOOT_IMAGE_NAME }} 2> /dev/null \ || true && echo "No rollout in progress" - oc tag ${{ env.NAMESPACE }}-test/${{ env.REPO_NAME }}:${{ steps.get-latest-tag.outputs.tag }} ${{ env.NAMESPACE }}-prod/${{ env.REPO_NAME }}:${{ steps.get-latest-tag.outputs.tag }} + oc tag ${{ env.BUSINESS_NAMESPACE }}-test/${{ env.REPO_NAME }}:${{ steps.get-latest-tag.outputs.tag }} \ + ${{ env.BUSINESS_NAMESPACE }}-prod/${{ env.REPO_NAME }}:${{ steps.get-latest-tag.outputs.tag }} # Process and apply deployment template - oc process -f tools/openshift/api.dc.yaml -p IS_NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} -p REPO_NAME=${{ env.REPO_NAME }} -p TAG_NAME=${{ steps.get-latest-tag.outputs.tag }} -p HOST_ROUTE=${{ env.REPO_NAME }}-${{ env.OPENSHIFT_NAMESPACE }}.${{ env.APP_DOMAIN }} -p MIN_REPLICAS=${{ env.MIN_REPLICAS }} -p MAX_REPLICAS=${{ env.MAX_REPLICAS }} -p MIN_CPU=${{ env.MIN_CPU }} -p MAX_CPU=${{ env.MAX_CPU }} -p MIN_MEM=${{ env.MIN_MEM }} -p MAX_MEM=${{ env.MAX_MEM }} \ - | oc apply -f - + oc process -f tools/openshift/api.dc.yaml -p IS_NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} -p REPO_NAME=${{ env.REPO_NAME }} \ + -p TAG_NAME=${{ steps.get-latest-tag.outputs.tag }} -p HOST_ROUTE=${{ env.REPO_NAME }}-${{ env.OPENSHIFT_NAMESPACE }}.${{ env.APP_DOMAIN }} \ + -p MIN_REPLICAS=${{ env.MIN_REPLICAS }} -p MAX_REPLICAS=${{ env.MAX_REPLICAS }} -p MIN_CPU=${{ env.MIN_CPU }} -p MAX_CPU=${{ env.MAX_CPU }} \ + -p MIN_MEM=${{ env.MIN_MEM }} -p MAX_MEM=${{ env.MAX_MEM }} | oc apply -f - + + # UPDATE Configmaps + curl -s https://raw.githubusercontent.com/bcgov/${{ env.REPO_NAME }}/${{ env.BRANCH }}/tools/config/update-configmap.sh \ + | bash /dev/stdin \ + prod \ + ${{ env.REPO_NAME }} \ + ${{ env.GRAD_NAMESPACE }} \ + ${{ env.COMMON_NAMESPACE }} \ + ${{ env.BUSINESS_NAMESPACE }} \ + ${{ secrets.SPLUNK_TOKEN }} \ + ${{ vars.APP_LOG_LEVEL }} # Start rollout (if necessary) and follow it oc rollout latest dc/${{ env.SPRING_BOOT_IMAGE_NAME }} 2> /dev/null \ diff --git a/.github/workflows/deploy_test.yml b/.github/workflows/deploy_test.yml index 1919b861..3ac67756 100644 --- a/.github/workflows/deploy_test.yml +++ b/.github/workflows/deploy_test.yml @@ -4,16 +4,19 @@ env: # 🖊️ EDIT your repository secrets to log into your OpenShift cluster and set up the context. # See https://github.com/redhat-actions/oc-login#readme for how to retrieve these values. # To get a permanent token, refer to https://github.com/redhat-actions/oc-login/wiki/Using-a-Service-Account-for-GitHub-Actions - OPENSHIFT_SERVER: ${{ secrets.OPENSHIFT_SERVER }} + OPENSHIFT_SERVER: ${{ vars.OPENSHIFT_SERVER }} OPENSHIFT_TOKEN: ${{ secrets.OPENSHIFT_TOKEN }} - OPENSHIFT_NAMESPACE: ${{ secrets.GRAD_BUSINESS_NAMESPACE }}-test + OPENSHIFT_NAMESPACE: ${{ vars.GRAD_BUSINESS_NAMESPACE }}-test + GRAD_NAMESPACE: ${{ vars.GRAD_NAMESPACE }} + COMMON_NAMESPACE: ${{ vars.COMMON_NAMESPACE }} + BUSINESS_NAMESPACE: ${{ vars.GRAD_BUSINESS_NAMESPACE }} - SPRING_BOOT_IMAGE_NAME: educ-rule-engine-api-dc + SPRING_BOOT_IMAGE_NAME: educ-grad-algorithm-api-dc REPO_NAME: "educ-rule-engine-api" - APP_DOMAIN: ${{ secrets.APP_DOMAIN }} - NAMESPACE: ${{ secrets.GRAD_BUSINESS_NAMESPACE }} + APP_DOMAIN: ${{ vars.APP_DOMAIN }} TAG: "latest" + BRANCH: "main" MIN_CPU: "20m" MAX_CPU: "100m" @@ -29,7 +32,6 @@ on: jobs: deploy-to-openshift-test: name: Deploy to OpenShift TEST - # ubuntu-20.04 can also be used. runs-on: ubuntu-20.04 environment: test @@ -62,11 +64,25 @@ jobs: oc rollout cancel dc/${{ env.SPRING_BOOT_IMAGE_NAME }} 2> /dev/null \ || true && echo "No rollout in progress" - oc tag ${{ env.NAMESPACE }}-dev/${{ env.REPO_NAME }}:${{ steps.get-latest-tag.outputs.tag }} ${{ env.NAMESPACE }}-test/${{ env.REPO_NAME }}:${{ steps.get-latest-tag.outputs.tag }} + oc tag ${{ env.BUSINESS_NAMESPACE }}-dev/${{ env.REPO_NAME }}:${{ steps.get-latest-tag.outputs.tag }} \ + ${{ env.BUSINESS_NAMESPACE }}-test/${{ env.REPO_NAME }}:${{ steps.get-latest-tag.outputs.tag }} # Process and apply deployment template - oc process -f tools/openshift/api.dc.yaml -p IS_NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} -p REPO_NAME=${{ env.REPO_NAME }} -p TAG_NAME=${{ steps.get-latest-tag.outputs.tag }} -p HOST_ROUTE=${{ env.REPO_NAME }}-${{ env.OPENSHIFT_NAMESPACE }}.${{ env.APP_DOMAIN }} -p MIN_REPLICAS=${{ env.MIN_REPLICAS }} -p MAX_REPLICAS=${{ env.MAX_REPLICAS }} -p MIN_CPU=${{ env.MIN_CPU }} -p MAX_CPU=${{ env.MAX_CPU }} -p MIN_MEM=${{ env.MIN_MEM }} -p MAX_MEM=${{ env.MAX_MEM }} \ - | oc apply -f - + oc process -f tools/openshift/api.dc.yaml -p IS_NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} -p REPO_NAME=${{ env.REPO_NAME }} \ + -p TAG_NAME=${{ steps.get-latest-tag.outputs.tag }} -p HOST_ROUTE=${{ env.REPO_NAME }}-${{ env.OPENSHIFT_NAMESPACE }}.${{ env.APP_DOMAIN }} \ + -p MIN_REPLICAS=${{ env.MIN_REPLICAS }} -p MAX_REPLICAS=${{ env.MAX_REPLICAS }} -p MIN_CPU=${{ env.MIN_CPU }} -p MAX_CPU=${{ env.MAX_CPU }} \ + -p MIN_MEM=${{ env.MIN_MEM }} -p MAX_MEM=${{ env.MAX_MEM }} | oc apply -f - + + # UPDATE Configmaps + curl -s https://raw.githubusercontent.com/bcgov/${{ env.REPO_NAME }}/${{ env.BRANCH }}/tools/config/update-configmap.sh \ + | bash /dev/stdin \ + test \ + ${{ env.REPO_NAME }} \ + ${{ env.GRAD_NAMESPACE }} \ + ${{ env.COMMON_NAMESPACE }} \ + ${{ env.BUSINESS_NAMESPACE }} \ + ${{ secrets.SPLUNK_TOKEN }} \ + ${{ vars.APP_LOG_LEVEL }} # Start rollout (if necessary) and follow it oc rollout latest dc/${{ env.SPRING_BOOT_IMAGE_NAME }} 2> /dev/null \ diff --git a/.github/workflows/on.pr.yml b/.github/workflows/on.pr.yml index 6608dab2..b3aad478 100644 --- a/.github/workflows/on.pr.yml +++ b/.github/workflows/on.pr.yml @@ -1,4 +1,4 @@ -name: API CI +name: API Build on: pull_request: @@ -55,6 +55,6 @@ jobs: -Dsonar.login=${{ secrets.SONAR_TOKEN }} -Dsonar.host.url=https://sonarcloud.io -Dsonar.organization=bcgov-sonarcloud - -Dsonar.projectKey=${{ secrets.SONAR_PROJECT_KEY }} + -Dsonar.projectKey=${{ vars.SONAR_PROJECT_KEY }} env: GITHUB_TOKEN: ${{ github.token }} diff --git a/tools/config/update-configmap.sh b/tools/config/update-configmap.sh new file mode 100644 index 00000000..47ff8f7c --- /dev/null +++ b/tools/config/update-configmap.sh @@ -0,0 +1,62 @@ +########################################################### +#ENV VARS +########################################################### +envValue=$1 +APP_NAME=$2 +OPENSHIFT_NAMESPACE=$3 +COMMON_NAMESPACE=$4 +BUSINESS_NAMESPACE=$5 +SPLUNK_TOKEN=$6 +APP_LOG_LEVEL=$7 + +SPLUNK_URL="gww.splunk.educ.gov.bc.ca" +FLB_CONFIG="[SERVICE] + Flush 1 + Daemon Off + Log_Level info + HTTP_Server On + HTTP_Listen 0.0.0.0 + Parsers_File parsers.conf +[INPUT] + Name tail + Path /mnt/log/* + Exclude_Path *.gz,*.zip + Parser docker + Mem_Buf_Limit 20MB +[FILTER] + Name record_modifier + Match * + Record hostname \${HOSTNAME} +[OUTPUT] + Name stdout + Match absolutely_nothing_bud + Log_Level off +[OUTPUT] + Name splunk + Match * + Host $SPLUNK_URL + Port 443 + TLS On + TLS.Verify Off + Message_Key $APP_NAME + Splunk_Token $SPLUNK_TOKEN +" +PARSER_CONFIG=" +[PARSER] + Name docker + Format json +" +########################################################### +#Setup for config-maps +########################################################### +echo Creating config map "$APP_NAME"-config-map +oc create -n "BUSINESS_NAMESPACE"-"$envValue" configmap "$APP_NAME"-config-map \ + --from-literal=APP_LOG_LEVEL="$APP_LOG_LEVEL" \ + --from-literal=ENABLE_SPLUNK_LOG_HELPER="true" \ + --dry-run=client -o yaml | oc apply -f - + +echo Creating config map "$APP_NAME"-flb-sc-config-map +oc create -n "BUSINESS_NAMESPACE"-"$envValue" configmap "$APP_NAME"-flb-sc-config-map \ + --from-literal=fluent-bit.conf="$FLB_CONFIG" \ + --from-literal=parsers.conf="$PARSER_CONFIG" \ + --dry-run=client -o yaml | oc apply -f - From 39a5bd156e5145dc49a1d59c1f71d67a4eb62a0b Mon Sep 17 00:00:00 2001 From: Kamal Mohammed Date: Mon, 22 Jan 2024 11:38:54 -0700 Subject: [PATCH 2/5] Update Actions --- tools/config/update-configmap.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tools/config/update-configmap.sh b/tools/config/update-configmap.sh index 47ff8f7c..63d28f99 100644 --- a/tools/config/update-configmap.sh +++ b/tools/config/update-configmap.sh @@ -50,13 +50,13 @@ PARSER_CONFIG=" #Setup for config-maps ########################################################### echo Creating config map "$APP_NAME"-config-map -oc create -n "BUSINESS_NAMESPACE"-"$envValue" configmap "$APP_NAME"-config-map \ +oc create -n "$BUSINESS_NAMESPACE"-"$envValue" configmap "$APP_NAME"-config-map \ --from-literal=APP_LOG_LEVEL="$APP_LOG_LEVEL" \ --from-literal=ENABLE_SPLUNK_LOG_HELPER="true" \ --dry-run=client -o yaml | oc apply -f - echo Creating config map "$APP_NAME"-flb-sc-config-map -oc create -n "BUSINESS_NAMESPACE"-"$envValue" configmap "$APP_NAME"-flb-sc-config-map \ +oc create -n "$BUSINESS_NAMESPACE"-"$envValue" configmap "$APP_NAME"-flb-sc-config-map \ --from-literal=fluent-bit.conf="$FLB_CONFIG" \ --from-literal=parsers.conf="$PARSER_CONFIG" \ --dry-run=client -o yaml | oc apply -f - From 9281a737c5a3f8cc31cc626506d750c3452421d9 Mon Sep 17 00:00:00 2001 From: Kamal Mohammed Date: Mon, 22 Jan 2024 12:27:52 -0700 Subject: [PATCH 3/5] Update Actions --- tools/config/update-configmap.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/config/update-configmap.sh b/tools/config/update-configmap.sh index 63d28f99..b1fdec19 100644 --- a/tools/config/update-configmap.sh +++ b/tools/config/update-configmap.sh @@ -3,7 +3,7 @@ ########################################################### envValue=$1 APP_NAME=$2 -OPENSHIFT_NAMESPACE=$3 +GRAD_NAMESPACE=$3 COMMON_NAMESPACE=$4 BUSINESS_NAMESPACE=$5 SPLUNK_TOKEN=$6 From cc37a325552688204b62620c3c4c6a5c480bf98c Mon Sep 17 00:00:00 2001 From: Kamal Mohammed Date: Mon, 22 Jan 2024 14:05:27 -0700 Subject: [PATCH 4/5] Update Actions --- .../workflows/build.from.developer.branch.deploy.to.dev.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build.from.developer.branch.deploy.to.dev.yml b/.github/workflows/build.from.developer.branch.deploy.to.dev.yml index c4a1cbc3..61c2c75a 100644 --- a/.github/workflows/build.from.developer.branch.deploy.to.dev.yml +++ b/.github/workflows/build.from.developer.branch.deploy.to.dev.yml @@ -114,9 +114,9 @@ jobs: oc -n ${{ env.OPENSHIFT_NAMESPACE }} tag ${{ steps.push-image.outputs.registry-path }} ${{ env.REPO_NAME }}:${{ env.TAG }} # Process and apply deployment template - oc process -f tools/openshift/api.dc.yaml -p IS_NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} -p REPO_NAME=${{ env.REPO_NAME }} - -p TAG_NAME=${{ env.TAG }} -p HOST_ROUTE=${{ env.REPO_NAME }}-${{ env.OPENSHIFT_NAMESPACE }}.${{ env.APP_DOMAIN }} - -p MIN_REPLICAS=${{ env.MIN_REPLICAS }} -p MAX_REPLICAS=${{ env.MAX_REPLICAS }} -p MIN_CPU=${{ env.MIN_CPU }} + oc process -f tools/openshift/api.dc.yaml -p IS_NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} -p REPO_NAME=${{ env.REPO_NAME }} \ + -p TAG_NAME=${{ env.TAG }} -p HOST_ROUTE=${{ env.REPO_NAME }}-${{ env.OPENSHIFT_NAMESPACE }}.${{ env.APP_DOMAIN }} \ + -p MIN_REPLICAS=${{ env.MIN_REPLICAS }} -p MAX_REPLICAS=${{ env.MAX_REPLICAS }} -p MIN_CPU=${{ env.MIN_CPU }} \ -p MAX_CPU=${{ env.MAX_CPU }} -p MIN_MEM=${{ env.MIN_MEM }} -p MAX_MEM=${{ env.MAX_MEM }} | oc apply -f - # UPDATE Configmaps From 5fc57734c5704f6c24e375e9852f9f77a561084b Mon Sep 17 00:00:00 2001 From: Kamal Mohammed Date: Tue, 23 Jan 2024 10:15:06 -0700 Subject: [PATCH 5/5] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 10ed2608..1181e180 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -[![img](https://img.shields.io/badge/Lifecycle-Experimental-339999)](https://github.com/bcgov/repomountie/blob/master/doc/lifecycle-badges.md)   +[![img](https://img.shields.io/badge/Lifecycle-Stable-97ca00)](https://github.com/bcgov/repomountie/blob/master/doc/lifecycle-badges.md)   [![Build](https://github.com/bcgov/EDUC-RULE-ENGINE-API/actions/workflows/on.pr.yml/badge.svg)](https://github.com/bcgov/EDUC-RULE-ENGINE-API/actions/workflows/on.pr.yml)   [![Bugs](https://sonarcloud.io/api/project_badges/measure?project=bcgov_EDUC-RULE-ENGINE-API&metric=bugs)](https://sonarcloud.io/summary/new_code?id=bcgov_EDUC-RULE-ENGINE-API)   [![Code Smells](https://sonarcloud.io/api/project_badges/measure?project=bcgov_EDUC-RULE-ENGINE-API&metric=code_smells)](https://sonarcloud.io/summary/new_code?id=bcgov_EDUC-RULE-ENGINE-API)