From 15451bdfbf8d8fd33194b780a1f9011847dbfb3e Mon Sep 17 00:00:00 2001 From: Trevor Richards Date: Wed, 11 Dec 2024 09:58:09 -0800 Subject: [PATCH 1/2] feat: script cleanup squash: cleanup --- .github/workflows/deploy-to.openshift-dev.yml | 56 +++++++++++++------ .../workflows/deploy-to.openshift-prod.yml | 56 ++++++++++++++----- .../workflows/deploy-to.openshift-test.yml | 49 ++++++++++++---- tools/config/update-configmap.sh | 50 +++++++++++++---- 4 files changed, 157 insertions(+), 54 deletions(-) diff --git a/.github/workflows/deploy-to.openshift-dev.yml b/.github/workflows/deploy-to.openshift-dev.yml index 4d76ef0..849a186 100644 --- a/.github/workflows/deploy-to.openshift-dev.yml +++ b/.github/workflows/deploy-to.openshift-dev.yml @@ -1,7 +1,7 @@ name: Build & Deploy to DEV env: - # 🖊️ EDIT your repository secrets to log into your OpenShift cluster and set up the context. + # EDIT your repository secrets to log into your OpenShift cluster and set up the context. # See https://github.com/redhat-actions/oc-login#readme for how to retrieve these values. # To get a permanent token, refer to https://github.com/redhat-actions/oc-login/wiki/Using-a-Service-Account-for-GitHub-Actions OPENSHIFT_SERVER: ${{ secrets.OPENSHIFT_SERVER }} @@ -13,13 +13,13 @@ env: DB_USER: ${{ secrets.DB_USER }} SPLUNK_TOKEN: ${{ secrets.SPLUNK_TOKEN }} - # 🖊️ EDIT to change the image registry settings. + # EDIT to change the image registry settings. # Registries such as GHCR, Quay.io, and Docker Hub are supported. IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }} IMAGE_REGISTRY_USER: ${{ github.actor }} IMAGE_REGISTRY_PASSWORD: ${{ github.token }} - # 🖊️ EDIT to specify custom tags for the container image, or default tags will be generated below. + # EDIT to specify custom tags for the container image, or default tags will be generated below. IMAGE_TAGS: "" SPRING_BOOT_IMAGE_NAME: student-api-master @@ -80,18 +80,18 @@ jobs: core.error(`Secret "${name}" is not set`); return true; } - core.info(`✔️ Secret "${name}" is set`); + core.info(`Secret "${name}" is set`); return false; }); if (missingSecrets.length > 0) { - core.setFailed(`❌ At least one required secret is not set in the repository. \n` + + core.setFailed(`At least one required secret is not set in the repository. \n` + "You can add it using:\n" + "GitHub UI: https://docs.github.com/en/actions/reference/encrypted-secrets#creating-encrypted-secrets-for-a-repository \n" + "GitHub CLI: https://cli.github.com/manual/gh_secret_set \n" + "Also, refer to https://github.com/redhat-actions/oc-login#getting-started-with-the-action-or-see-example"); } else { - core.info(`✅ All the required secrets are set`); + core.info(`All the required secrets are set`); } - name: Check out repository uses: actions/checkout@v4 @@ -144,25 +144,49 @@ jobs: - name: Deploy API run: | set -eu + # Login to OpenShift and select project oc login --token=${{ env.OPENSHIFT_TOKEN }} --server=${{ env.OPENSHIFT_SERVER }} oc project ${{ env.OPENSHIFT_NAMESPACE_DEV }} + # Cancel any rollouts in progress oc rollout cancel dc/${{ env.SPRING_BOOT_IMAGE_NAME }} 2> /dev/null \ - || true && echo "No rollout in progress" - - oc tag ${{ steps.push-image.outputs.registry-path }} ${{ env.REPO_NAME }}-${{ env.BRANCH }}:${{ env.TAG }} - + || true && echo "No rollout in progress" + + oc tag ${{ steps.push-image.outputs.registry-path }} \ + ${{ env.REPO_NAME }}-${{ env.BRANCH }}:${{ env.TAG }} + # Process and apply deployment template - oc process -f tools/openshift/api.dc.yaml -p APP_NAME=${{ env.APP_NAME }} -p REPO_NAME=${{ env.REPO_NAME }} -p BRANCH=${{ env.BRANCH }} -p NAMESPACE=${{ env.OPENSHIFT_NAMESPACE_DEV }} -p TAG=${{ env.TAG }} -p MIN_REPLICAS=${{ env.MIN_REPLICAS_DEV }} -p MAX_REPLICAS=${{ env.MAX_REPLICAS_DEV }} -p MIN_CPU=${{ env.MIN_CPU }} -p MAX_CPU=${{ env.MAX_CPU }} -p MIN_MEM=${{ env.MIN_MEM }} -p MAX_MEM=${{ env.MAX_MEM }} \ - | oc apply -f - - - curl -s https://raw.githubusercontent.com/bcgov/${{ env.REPO_NAME }}/master/tools/config/update-configmap.sh | bash /dev/stdin dev ${{ env.APP_NAME }} ${{ env.NAMESPACE }} ${{ env.COMMON_NAMESPACE }} ${{ env.DB_JDBC_CONNECT_STRING }} ${{ env.DB_PWD }} ${{ env.DB_USER }} ${{ env.SPLUNK_TOKEN }} - + oc process -f tools/openshift/api.dc.yaml \ + -p APP_NAME=${{ env.APP_NAME }} \ + -p REPO_NAME=${{ env.REPO_NAME }} \ + -p BRANCH=${{ env.BRANCH }} \ + -p NAMESPACE=${{ env.OPENSHIFT_NAMESPACE_DEV }} \ + -p TAG=${{ env.TAG }} \ + -p MIN_REPLICAS=${{ env.MIN_REPLICAS_DEV }} \ + -p MAX_REPLICAS=${{ env.MAX_REPLICAS_DEV }} \ + -p MIN_CPU=${{ env.MIN_CPU }} \ + -p MAX_CPU=${{ env.MAX_CPU }} \ + -p MIN_MEM=${{ env.MIN_MEM }} \ + -p MAX_MEM=${{ env.MAX_MEM }} \ + | oc apply -f - + + curl -s https://raw.githubusercontent.com/bcgov/${{ env.REPO_NAME }}/master/tools/config/update-configmap.sh \ + | bash /dev/stdin dev \ + ${{ env.APP_NAME }} \ + ${{ env.NAMESPACE }} \ + ${{ env.COMMON_NAMESPACE }} \ + ${{ env.DB_JDBC_CONNECT_STRING }} \ + ${{ env.DB_PWD }} \ + ${{ env.DB_USER }} \ + ${{ env.SPLUNK_TOKEN }} + # Start rollout (if necessary) and follow it oc rollout latest dc/${{ env.SPRING_BOOT_IMAGE_NAME }} 2> /dev/null \ - || true && echo "Rollout in progress" + || true && echo "Rollout in progress" + oc logs -f dc/${{ env.SPRING_BOOT_IMAGE_NAME }} + # Get status, returns 0 if rollout is successful oc rollout status dc/${{ env.SPRING_BOOT_IMAGE_NAME }} - name: ZAP Scan diff --git a/.github/workflows/deploy-to.openshift-prod.yml b/.github/workflows/deploy-to.openshift-prod.yml index 8c9a272..3aeca36 100644 --- a/.github/workflows/deploy-to.openshift-prod.yml +++ b/.github/workflows/deploy-to.openshift-prod.yml @@ -1,7 +1,7 @@ name: Deploy to PROD env: - # 🖊️ EDIT your repository secrets to log into your OpenShift cluster and set up the context. + # EDIT your repository secrets to log into your OpenShift cluster and set up the context. # See https://github.com/redhat-actions/oc-login#readme for how to retrieve these values. # To get a permanent token, refer to https://github.com/redhat-actions/oc-login/wiki/Using-a-Service-Account-for-GitHub-Actions # Added this comment @@ -14,7 +14,7 @@ env: DB_USER: ${{ secrets.DB_USER }} SPLUNK_TOKEN: ${{ secrets.SPLUNK_TOKEN }} - # 🖊️ EDIT to change the image registry settings. + # EDIT to change the image registry settings. # Registries such as GHCR, Quay.io, and Docker Hub are supported. IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }} IMAGE_REGISTRY_USER: ${{ github.actor }} @@ -76,19 +76,19 @@ jobs: core.error(`Secret "${name}" is not set`); return true; } - core.info(`✔️ Secret "${name}" is set`); + core.info(`Secret "${name}" is set`); return false; }); if (missingSecrets.length > 0) { - core.setFailed(`❌ At least one required secret is not set in the repository. \n` + + core.setFailed(`At least one required secret is not set in the repository. \n` + "You can add it using:\n" + "GitHub UI: https://docs.github.com/en/actions/reference/encrypted-secrets#creating-encrypted-secrets-for-a-repository \n" + "GitHub CLI: https://cli.github.com/manual/gh_secret_set \n" + "Also, refer to https://github.com/redhat-actions/oc-login#getting-started-with-the-action-or-see-example"); } else { - core.info(`✅ All the required secrets are set`); + core.info(`All the required secrets are set`); } - name: Check out repository @@ -109,24 +109,50 @@ jobs: - name: Deploy run: | set -eux + # Login to OpenShift and select project oc login --token=${{ env.OPENSHIFT_TOKEN }} --server=${{ env.OPENSHIFT_SERVER }} oc project ${{ env.OPENSHIFT_NAMESPACE }} + # Cancel any rollouts in progress oc rollout cancel dc/${{ env.SPRING_BOOT_IMAGE_NAME }} 2> /dev/null \ - || true && echo "No rollout in progress" - - oc tag ${{ env.NAMESPACE }}-test/${{ env.REPO_NAME }}-${{ env.BRANCH }}:${{ steps.get-latest-tag.outputs.tag }} ${{ env.NAMESPACE }}-prod/${{ env.REPO_NAME }}-${{ env.BRANCH }}:${{ steps.get-latest-tag.outputs.tag }} - + || true && echo "No rollout in progress" + + oc tag \ + ${{ env.NAMESPACE }}-test/${{ env.REPO_NAME }}-${{ env.BRANCH }}:${{ steps.get-latest-tag.outputs.tag }} \ + ${{ env.NAMESPACE }}-prod/${{ env.REPO_NAME }}-${{ env.BRANCH }}:${{ steps.get-latest-tag.outputs.tag }} + # Process and apply deployment template - oc process -f tools/openshift/api.dc.yaml -p APP_NAME=${{ env.APP_NAME }} -p REPO_NAME=${{ env.REPO_NAME }} -p BRANCH=${{ env.BRANCH }} -p NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} -p TAG=${{ steps.get-latest-tag.outputs.tag }} -p MIN_REPLICAS=${{ env.MIN_REPLICAS }} -p MAX_REPLICAS=${{ env.MAX_REPLICAS }} -p MIN_CPU=${{ env.MIN_CPU }} -p MAX_CPU=${{ env.MAX_CPU }} -p MIN_MEM=${{ env.MIN_MEM }} -p MAX_MEM=${{ env.MAX_MEM }} \ - | oc apply -f - - - curl -s https://raw.githubusercontent.com/bcgov/${{ env.REPO_NAME }}/${{ steps.get-latest-tag.outputs.tag }}/tools/config/update-configmap.sh | bash /dev/stdin ${{ env.TARGET_ENV }} ${{ env.APP_NAME }} ${{ env.NAMESPACE }} ${{ env.COMMON_NAMESPACE }} ${{ env.DB_JDBC_CONNECT_STRING }} ${{ env.DB_PWD }} ${{ env.DB_USER }} ${{ env.SPLUNK_TOKEN }} - + oc process -f tools/openshift/api.dc.yaml \ + -p APP_NAME=${{ env.APP_NAME }} \ + -p REPO_NAME=${{ env.REPO_NAME }} \ + -p BRANCH=${{ env.BRANCH }} \ + -p NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} \ + -p TAG=${{ steps.get-latest-tag.outputs.tag }} \ + -p MIN_REPLICAS=${{ env.MIN_REPLICAS }} \ + -p MAX_REPLICAS=${{ env.MAX_REPLICAS }} \ + -p MIN_CPU=${{ env.MIN_CPU }} \ + -p MAX_CPU=${{ env.MAX_CPU }} \ + -p MIN_MEM=${{ env.MIN_MEM }} \ + -p MAX_MEM=${{ env.MAX_MEM }} \ + | oc apply -f - + + curl -s https://raw.githubusercontent.com/bcgov/${{ env.REPO_NAME }}/${{ steps.get-latest-tag.outputs.tag }}/tools/config/update-configmap.sh \ + | bash /dev/stdin \ + ${{ env.TARGET_ENV }} \ + ${{ env.APP_NAME }} \ + ${{ env.NAMESPACE }} \ + ${{ env.COMMON_NAMESPACE }} \ + ${{ env.DB_JDBC_CONNECT_STRING }} \ + ${{ env.DB_PWD }} \ + ${{ env.DB_USER }} \ + ${{ env.SPLUNK_TOKEN }} + # Start rollout (if necessary) and follow it oc rollout latest dc/${{ env.SPRING_BOOT_IMAGE_NAME }} 2> /dev/null \ - || true && echo "Rollout in progress" + || true && echo "Rollout in progress" + oc logs -f dc/${{ env.SPRING_BOOT_IMAGE_NAME }} + # Get status, returns 0 if rollout is successful oc rollout status dc/${{ env.SPRING_BOOT_IMAGE_NAME }} diff --git a/.github/workflows/deploy-to.openshift-test.yml b/.github/workflows/deploy-to.openshift-test.yml index a441db2..6f9655c 100644 --- a/.github/workflows/deploy-to.openshift-test.yml +++ b/.github/workflows/deploy-to.openshift-test.yml @@ -1,7 +1,7 @@ name: Build & Deploy to TEST env: - # 🖊️ EDIT your repository secrets to log into your OpenShift cluster and set up the context. + # EDIT your repository secrets to log into your OpenShift cluster and set up the context. # See https://github.com/redhat-actions/oc-login#readme for how to retrieve these values. # To get a permanent token, refer to https://github.com/redhat-actions/oc-login/wiki/Using-a-Service-Account-for-GitHub-Actions OPENSHIFT_SERVER: ${{ secrets.OPENSHIFT_SERVER }} @@ -13,13 +13,13 @@ env: DB_USER: ${{ secrets.DB_USER }} SPLUNK_TOKEN: ${{ secrets.SPLUNK_TOKEN }} - # 🖊️ EDIT to change the image registry settings. + # EDIT to change the image registry settings. # Registries such as GHCR, Quay.io, and Docker Hub are supported. IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }} IMAGE_REGISTRY_USER: ${{ github.actor }} IMAGE_REGISTRY_PASSWORD: ${{ github.token }} - # 🖊️ EDIT to specify custom tags for the container image, or default tags will be generated below. + # EDIT to specify custom tags for the container image, or default tags will be generated below. IMAGE_TAGS: "" SPRING_BOOT_IMAGE_NAME: student-api-master @@ -85,7 +85,7 @@ jobs: core.error(`Secret "${name}" is not set`); return true; } - core.info(`✔️ Secret "${name}" is set`); + core.info(`Secret "${name}" is set`); return false; }); @@ -97,7 +97,7 @@ jobs: "Also, refer to https://github.com/redhat-actions/oc-login#getting-started-with-the-action-or-see-example"); } else { - core.info(`✅ All the required secrets are set`); + core.info(`All the required secrets are set`); } - name: Check out repository @@ -111,25 +111,50 @@ jobs: - name: Deploy API run: | set -eu + # Login to OpenShift and select project oc login --token=${{ env.OPENSHIFT_TOKEN }} --server=${{ env.OPENSHIFT_SERVER }} oc project ${{ env.OPENSHIFT_NAMESPACE_TEST }} + # Cancel any rollouts in progress oc rollout cancel dc/${{ env.SPRING_BOOT_IMAGE_NAME }} 2> /dev/null \ - || true && echo "No rollout in progress" + || true && echo "No rollout in progress" - oc tag ${{ env.NAMESPACE }}-dev/${{ env.REPO_NAME }}-${{ env.BRANCH }}:${{ env.TAG }} ${{ env.NAMESPACE }}-test/${{ env.REPO_NAME }}-${{ env.BRANCH }}:${{ env.TAG }} + oc tag \ + ${{ env.NAMESPACE }}-dev/${{ env.REPO_NAME }}-${{ env.BRANCH }}:${{ env.TAG }} \ + ${{ env.NAMESPACE }}-test/${{ env.REPO_NAME }}-${{ env.BRANCH }}:${{ env.TAG }} # Process and apply deployment template - oc process -f tools/openshift/api.dc.yaml -p APP_NAME=${{ env.APP_NAME }} -p REPO_NAME=${{ env.REPO_NAME }} -p BRANCH=${{ env.BRANCH }} -p NAMESPACE=${{ env.OPENSHIFT_NAMESPACE_TEST }} -p TAG=${{ env.TAG }} -p MIN_REPLICAS=${{ env.MIN_REPLICAS_TEST }} -p MAX_REPLICAS=${{ env.MAX_REPLICAS_TEST }} -p MIN_CPU=${{ env.MIN_CPU }} -p MAX_CPU=${{ env.MAX_CPU }} -p MIN_MEM=${{ env.MIN_MEM }} -p MAX_MEM=${{ env.MAX_MEM }} \ - | oc apply -f - - - curl -s https://raw.githubusercontent.com/bcgov/${{ env.REPO_NAME }}/master/tools/config/update-configmap.sh | bash /dev/stdin test ${{ env.APP_NAME }} ${{ env.NAMESPACE }} ${{ env.COMMON_NAMESPACE }} ${{ env.DB_JDBC_CONNECT_STRING }} ${{ env.DB_PWD }} ${{ env.DB_USER }} ${{ env.SPLUNK_TOKEN }} + oc process -f tools/openshift/api.dc.yaml \ + -p APP_NAME=${{ env.APP_NAME }} \ + -p REPO_NAME=${{ env.REPO_NAME }} \ + -p BRANCH=${{ env.BRANCH }} \ + -p NAMESPACE=${{ env.OPENSHIFT_NAMESPACE_TEST }} \ + -p TAG=${{ env.TAG }} \ + -p MIN_REPLICAS=${{ env.MIN_REPLICAS_TEST }} \ + -p MAX_REPLICAS=${{ env.MAX_REPLICAS_TEST }} \ + -p MIN_CPU=${{ env.MIN_CPU }} \ + -p MAX_CPU=${{ env.MAX_CPU }} \ + -p MIN_MEM=${{ env.MIN_MEM }} \ + -p MAX_MEM=${{ env.MAX_MEM }} \ + | oc apply -f - + + curl -s https://raw.githubusercontent.com/bcgov/${{ env.REPO_NAME }}/master/tools/config/update-configmap.sh \ + | bash /dev/stdin test \ + ${{ env.APP_NAME }} \ + ${{ env.NAMESPACE }} \ + ${{ env.COMMON_NAMESPACE }} \ + ${{ env.DB_JDBC_CONNECT_STRING }} \ + ${{ env.DB_PWD }} \ + ${{ env.DB_USER }} \ + ${{ env.SPLUNK_TOKEN }} # Start rollout (if necessary) and follow it oc rollout latest dc/${{ env.SPRING_BOOT_IMAGE_NAME }} 2> /dev/null \ - || true && echo "Rollout in progress" + || true && echo "Rollout in progress" + oc logs -f dc/${{ env.SPRING_BOOT_IMAGE_NAME }} + # Get status, returns 0 if rollout is successful oc rollout status dc/${{ env.SPRING_BOOT_IMAGE_NAME }} diff --git a/tools/config/update-configmap.sh b/tools/config/update-configmap.sh index 3ad3714..9e6aed6 100644 --- a/tools/config/update-configmap.sh +++ b/tools/config/update-configmap.sh @@ -10,11 +10,10 @@ SPLUNK_TOKEN=$8 TZVALUE="America/Vancouver" SOAM_KC_REALM_ID="master" -SOAM_KC_LOAD_USER_ADMIN=$(oc -n "$COMMON_NAMESPACE"-"$envValue" -o json get secret sso-admin-${envValue} | sed -n 's/.*"username": "\(.*\)"/\1/p' | base64 --decode) -SOAM_KC_LOAD_USER_PASS=$(oc -n "$COMMON_NAMESPACE"-"$envValue" -o json get secret sso-admin-${envValue} | sed -n 's/.*"password": "\(.*\)",/\1/p' | base64 --decode) +SOAM_KC_LOAD_USER_ADMIN=$(oc -n "$COMMON_NAMESPACE"-"$envValue" -o json get secret "sso-admin-$envValue" | sed -n 's/.*"username": "\(.*\)"/\1/p' | base64 --decode) +SOAM_KC_LOAD_USER_PASS=$(oc -n "$COMMON_NAMESPACE"-"$envValue" -o json get secret "sso-admin-$envValue" | sed -n 's/.*"password": "\(.*\)",/\1/p' | base64 --decode) - -SOAM_KC=soam-$envValue.apps.silver.devops.gov.bc.ca +SOAM_KC="soam-$envValue.apps.silver.devops.gov.bc.ca" NATS_CLUSTER=educ_nats_cluster NATS_URL="nats://nats.${COMMON_NAMESPACE}-${envValue}.svc.cluster.local:4222" @@ -96,14 +95,43 @@ PARSER_CONFIG=" Format json " echo -echo Creating config map $APP_NAME-config-map -oc create -n $OPENSHIFT_NAMESPACE-$envValue configmap $APP_NAME-config-map --from-literal=TZ=$TZVALUE --from-literal=FLYWAY_ENABLED=true --from-literal=NATS_URL=$NATS_URL --from-literal=NATS_CLUSTER=$NATS_CLUSTER --from-literal=JDBC_URL=$DB_JDBC_CONNECT_STRING --from-literal=ORACLE_USERNAME="$DB_USER" --from-literal=ORACLE_PASSWORD="$DB_PWD" --from-literal=SPRING_SECURITY_LOG_LEVEL=INFO --from-literal=SPRING_WEB_LOG_LEVEL=INFO --from-literal=APP_LOG_LEVEL=INFO --from-literal=SPRING_BOOT_AUTOCONFIG_LOG_LEVEL=INFO --from-literal=SPRING_SHOW_REQUEST_DETAILS=false --from-literal=SPRING_JPA_SHOW_SQL=false --from-literal=SCHEDULED_JOBS_POLL_EVENTS="0/1 * * * * *" --from-literal=SCHEDULED_JOBS_POLL_EVENTS_LOCK_AT_LEAST_FOR="800ms" --from-literal=SCHEDULED_JOBS_POLL_EVENTS_LOCK_AT_MOST_FOR="900ms" --from-literal=NATS_STREAMING_PUBSUB_ENABLED=true --from-literal=TOKEN_ISSUER_URL="https://$SOAM_KC/auth/realms/$SOAM_KC_REALM_ID" --from-literal=NATS_MAX_RECONNECT=60 --from-literal=PURGE_RECORDS_EVENT_AFTER_DAYS=365 --from-literal=SCHEDULED_JOBS_PURGE_OLD_EVENT_RECORDS_CRON="@midnight" --dry-run -o yaml | oc apply -f - +echo Creating config map "$APP_NAME-config-map" +oc create -n "$OPENSHIFT_NAMESPACE-$envValue" configmap "$APP_NAME-config-map" \ + --from-literal=TZ="$TZVALUE" \ + --from-literal=FLYWAY_ENABLED=true \ + --from-literal=NATS_URL="$NATS_URL" \ + --from-literal=NATS_CLUSTER="$NATS_CLUSTER" \ + --from-literal=JDBC_URL="$DB_JDBC_CONNECT_STRING" \ + --from-literal=ORACLE_USERNAME="$DB_USER" \ + --from-literal=ORACLE_PASSWORD="$DB_PWD" \ + --from-literal=SPRING_SECURITY_LOG_LEVEL=INFO \ + --from-literal=SPRING_WEB_LOG_LEVEL=INFO \ + --from-literal=APP_LOG_LEVEL=INFO \ + --from-literal=SPRING_BOOT_AUTOCONFIG_LOG_LEVEL=INFO \ + --from-literal=SPRING_SHOW_REQUEST_DETAILS=false \ + --from-literal=SPRING_JPA_SHOW_SQL=false \ + --from-literal=SCHEDULED_JOBS_POLL_EVENTS="0/1 * * * * *" \ + --from-literal=SCHEDULED_JOBS_POLL_EVENTS_LOCK_AT_LEAST_FOR="800ms" \ + --from-literal=SCHEDULED_JOBS_POLL_EVENTS_LOCK_AT_MOST_FOR="900ms" \ + --from-literal=NATS_STREAMING_PUBSUB_ENABLED=true \ + --from-literal=TOKEN_ISSUER_URL="https://$SOAM_KC/auth/realms/$SOAM_KC_REALM_ID" \ + --from-literal=NATS_MAX_RECONNECT=60 \ + --from-literal=PURGE_RECORDS_EVENT_AFTER_DAYS=365 \ + --from-literal=SCHEDULED_JOBS_PURGE_OLD_EVENT_RECORDS_CRON="@midnight" \ + --dry-run -o yaml | oc apply -f - echo -echo Setting environment variables for $APP_NAME-$SOAM_KC_REALM_ID application -oc -n "$OPENSHIFT_NAMESPACE"-"$envValue" set env --from=configmap/$APP_NAME-config-map dc/$APP_NAME-$SOAM_KC_REALM_ID -echo Creating config map "$APP_NAME"-flb-sc-config-map -oc create -n "$OPENSHIFT_NAMESPACE"-"$envValue" configmap "$APP_NAME"-flb-sc-config-map --from-literal=fluent-bit.conf="$FLB_CONFIG" --from-literal=parsers.conf="$PARSER_CONFIG" --dry-run -o yaml | oc apply -f - +echo Setting environment variables for "$APP_NAME-$SOAM_KC_REALM_ID" application +oc -n "$OPENSHIFT_NAMESPACE-$envValue" set env \ + --from="configmap/$APP_NAME-config-map" "dc/$APP_NAME-$SOAM_KC_REALM_ID" + +echo Creating config map "$APP_NAME-flb-sc-config-map" +oc create -n "$OPENSHIFT_NAMESPACE-$envValue" configmap \ + "$APP_NAME"-flb-sc-config-map \ + --from-literal=fluent-bit.conf="$FLB_CONFIG" \ + --from-literal=parsers.conf="$PARSER_CONFIG" \ + --dry-run -o yaml | oc apply -f - echo Removing un-needed config entries -oc -n "$OPENSHIFT_NAMESPACE"-"$envValue" set env dc/"$APP_NAME"-$SOAM_KC_REALM_ID KEYCLOAK_PUBLIC_KEY- +oc -n "$OPENSHIFT_NAMESPACE"-"$envValue" set env \ + dc/"$APP_NAME-$SOAM_KC_REALM_ID" KEYCLOAK_PUBLIC_KEY- From 269b820fca8b336624c1da759de2db40c5020b22 Mon Sep 17 00:00:00 2001 From: Trevor Richards Date: Wed, 11 Dec 2024 10:22:29 -0800 Subject: [PATCH 2/2] feat: convert dc to deployment * use selected branch for configmaps --- .github/workflows/deploy-to.openshift-dev.yml | 17 ++++++++------- .../workflows/deploy-to.openshift-prod.yml | 15 ++++++------- .../workflows/deploy-to.openshift-test.yml | 17 ++++++++------- tools/config/update-configmap.sh | 7 ++++--- .../{api.dc.yaml => api.deployment.yaml} | 21 ++++++++----------- 5 files changed, 39 insertions(+), 38 deletions(-) rename tools/openshift/{api.dc.yaml => api.deployment.yaml} (93%) diff --git a/.github/workflows/deploy-to.openshift-dev.yml b/.github/workflows/deploy-to.openshift-dev.yml index 849a186..052fb6c 100644 --- a/.github/workflows/deploy-to.openshift-dev.yml +++ b/.github/workflows/deploy-to.openshift-dev.yml @@ -29,7 +29,7 @@ env: APP_NAME: 'student-api' DB_NAME: 'student_api' REPO_NAME: "educ-student-api" - BRANCH: "master" + BRANCH: ${{ github.ref_name }} APP_NAME_FULL: "student-api-master" NAMESPACE: ${{ secrets.COMMON_NAMESPACE_NO_ENV }} COMMON_NAMESPACE: ${{ secrets.COMMON_NAMESPACE_NO_ENV }} @@ -150,14 +150,14 @@ jobs: oc project ${{ env.OPENSHIFT_NAMESPACE_DEV }} # Cancel any rollouts in progress - oc rollout cancel dc/${{ env.SPRING_BOOT_IMAGE_NAME }} 2> /dev/null \ + oc rollout cancel deployment/${{ env.SPRING_BOOT_IMAGE_NAME }} 2> /dev/null \ || true && echo "No rollout in progress" oc tag ${{ steps.push-image.outputs.registry-path }} \ ${{ env.REPO_NAME }}-${{ env.BRANCH }}:${{ env.TAG }} # Process and apply deployment template - oc process -f tools/openshift/api.dc.yaml \ + oc process -f tools/openshift/api.deployment.yaml \ -p APP_NAME=${{ env.APP_NAME }} \ -p REPO_NAME=${{ env.REPO_NAME }} \ -p BRANCH=${{ env.BRANCH }} \ @@ -171,7 +171,7 @@ jobs: -p MAX_MEM=${{ env.MAX_MEM }} \ | oc apply -f - - curl -s https://raw.githubusercontent.com/bcgov/${{ env.REPO_NAME }}/master/tools/config/update-configmap.sh \ + curl -s https://raw.githubusercontent.com/bcgov/${{ env.REPO_NAME }}/${{ env.BRANCH }}/tools/config/update-configmap.sh \ | bash /dev/stdin dev \ ${{ env.APP_NAME }} \ ${{ env.NAMESPACE }} \ @@ -179,16 +179,17 @@ jobs: ${{ env.DB_JDBC_CONNECT_STRING }} \ ${{ env.DB_PWD }} \ ${{ env.DB_USER }} \ - ${{ env.SPLUNK_TOKEN }} + ${{ env.SPLUNK_TOKEN }} \ + ${{ env.BRANCH }} # Start rollout (if necessary) and follow it - oc rollout latest dc/${{ env.SPRING_BOOT_IMAGE_NAME }} 2> /dev/null \ + oc rollout restart deployment/${{ env.SPRING_BOOT_IMAGE_NAME }} 2> /dev/null \ || true && echo "Rollout in progress" - oc logs -f dc/${{ env.SPRING_BOOT_IMAGE_NAME }} + oc logs -f deployment/${{ env.SPRING_BOOT_IMAGE_NAME }} # Get status, returns 0 if rollout is successful - oc rollout status dc/${{ env.SPRING_BOOT_IMAGE_NAME }} + oc rollout status deployment/${{ env.SPRING_BOOT_IMAGE_NAME }} - name: ZAP Scan uses: zaproxy/action-api-scan@v0.8.0 with: diff --git a/.github/workflows/deploy-to.openshift-prod.yml b/.github/workflows/deploy-to.openshift-prod.yml index 3aeca36..c362ab0 100644 --- a/.github/workflows/deploy-to.openshift-prod.yml +++ b/.github/workflows/deploy-to.openshift-prod.yml @@ -25,7 +25,7 @@ env: APP_NAME: 'student-api' DB_NAME: 'student_api' REPO_NAME: "educ-student-api" - BRANCH: "master" + BRANCH: ${{ github.ref_name }} NAMESPACE: ${{ secrets.COMMON_NAMESPACE_NO_ENV }} COMMON_NAMESPACE: ${{ secrets.COMMON_NAMESPACE_NO_ENV }} TAG: "latest" @@ -115,7 +115,7 @@ jobs: oc project ${{ env.OPENSHIFT_NAMESPACE }} # Cancel any rollouts in progress - oc rollout cancel dc/${{ env.SPRING_BOOT_IMAGE_NAME }} 2> /dev/null \ + oc rollout cancel deployment/${{ env.SPRING_BOOT_IMAGE_NAME }} 2> /dev/null \ || true && echo "No rollout in progress" oc tag \ @@ -123,7 +123,7 @@ jobs: ${{ env.NAMESPACE }}-prod/${{ env.REPO_NAME }}-${{ env.BRANCH }}:${{ steps.get-latest-tag.outputs.tag }} # Process and apply deployment template - oc process -f tools/openshift/api.dc.yaml \ + oc process -f tools/openshift/api.deployment.yaml \ -p APP_NAME=${{ env.APP_NAME }} \ -p REPO_NAME=${{ env.REPO_NAME }} \ -p BRANCH=${{ env.BRANCH }} \ @@ -146,13 +146,14 @@ jobs: ${{ env.DB_JDBC_CONNECT_STRING }} \ ${{ env.DB_PWD }} \ ${{ env.DB_USER }} \ - ${{ env.SPLUNK_TOKEN }} + ${{ env.SPLUNK_TOKEN }} \ + ${{ env.BRANCH }} # Start rollout (if necessary) and follow it - oc rollout latest dc/${{ env.SPRING_BOOT_IMAGE_NAME }} 2> /dev/null \ + oc rollout restart deployment/${{ env.SPRING_BOOT_IMAGE_NAME }} 2> /dev/null \ || true && echo "Rollout in progress" - oc logs -f dc/${{ env.SPRING_BOOT_IMAGE_NAME }} + oc logs -f deployment/${{ env.SPRING_BOOT_IMAGE_NAME }} # Get status, returns 0 if rollout is successful - oc rollout status dc/${{ env.SPRING_BOOT_IMAGE_NAME }} + oc rollout status deployment/${{ env.SPRING_BOOT_IMAGE_NAME }} diff --git a/.github/workflows/deploy-to.openshift-test.yml b/.github/workflows/deploy-to.openshift-test.yml index 6f9655c..1fe2656 100644 --- a/.github/workflows/deploy-to.openshift-test.yml +++ b/.github/workflows/deploy-to.openshift-test.yml @@ -29,7 +29,7 @@ env: APP_NAME: 'student-api' DB_NAME: 'student_api' REPO_NAME: "educ-student-api" - BRANCH: "master" + BRANCH: ${{ github.ref_name }} APP_NAME_FULL: "student-api-master" NAMESPACE: ${{ secrets.COMMON_NAMESPACE_NO_ENV }} COMMON_NAMESPACE: ${{ secrets.COMMON_NAMESPACE_NO_ENV }} @@ -117,7 +117,7 @@ jobs: oc project ${{ env.OPENSHIFT_NAMESPACE_TEST }} # Cancel any rollouts in progress - oc rollout cancel dc/${{ env.SPRING_BOOT_IMAGE_NAME }} 2> /dev/null \ + oc rollout cancel deployment/${{ env.SPRING_BOOT_IMAGE_NAME }} 2> /dev/null \ || true && echo "No rollout in progress" oc tag \ @@ -125,7 +125,7 @@ jobs: ${{ env.NAMESPACE }}-test/${{ env.REPO_NAME }}-${{ env.BRANCH }}:${{ env.TAG }} # Process and apply deployment template - oc process -f tools/openshift/api.dc.yaml \ + oc process -f tools/openshift/api.deployment.yaml \ -p APP_NAME=${{ env.APP_NAME }} \ -p REPO_NAME=${{ env.REPO_NAME }} \ -p BRANCH=${{ env.BRANCH }} \ @@ -139,7 +139,7 @@ jobs: -p MAX_MEM=${{ env.MAX_MEM }} \ | oc apply -f - - curl -s https://raw.githubusercontent.com/bcgov/${{ env.REPO_NAME }}/master/tools/config/update-configmap.sh \ + curl -s https://raw.githubusercontent.com/bcgov/${{ env.REPO_NAME }}/${{ env.BRANCH }}/tools/config/update-configmap.sh \ | bash /dev/stdin test \ ${{ env.APP_NAME }} \ ${{ env.NAMESPACE }} \ @@ -147,16 +147,17 @@ jobs: ${{ env.DB_JDBC_CONNECT_STRING }} \ ${{ env.DB_PWD }} \ ${{ env.DB_USER }} \ - ${{ env.SPLUNK_TOKEN }} + ${{ env.SPLUNK_TOKEN }} \ + ${{ env.BRANCH }} # Start rollout (if necessary) and follow it - oc rollout latest dc/${{ env.SPRING_BOOT_IMAGE_NAME }} 2> /dev/null \ + oc rollout restart deployment/${{ env.SPRING_BOOT_IMAGE_NAME }} 2> /dev/null \ || true && echo "Rollout in progress" - oc logs -f dc/${{ env.SPRING_BOOT_IMAGE_NAME }} + oc logs -f deployment/${{ env.SPRING_BOOT_IMAGE_NAME }} # Get status, returns 0 if rollout is successful - oc rollout status dc/${{ env.SPRING_BOOT_IMAGE_NAME }} + oc rollout status deployment/${{ env.SPRING_BOOT_IMAGE_NAME }} - name: ZAP Scan uses: zaproxy/action-api-scan@v0.8.0 diff --git a/tools/config/update-configmap.sh b/tools/config/update-configmap.sh index 9e6aed6..785b22d 100644 --- a/tools/config/update-configmap.sh +++ b/tools/config/update-configmap.sh @@ -6,6 +6,7 @@ DB_JDBC_CONNECT_STRING=$5 DB_PWD=$6 DB_USER=$7 SPLUNK_TOKEN=$8 +BRANCH=$9 TZVALUE="America/Vancouver" SOAM_KC_REALM_ID="master" @@ -121,9 +122,9 @@ oc create -n "$OPENSHIFT_NAMESPACE-$envValue" configmap "$APP_NAME-config-map" \ --dry-run -o yaml | oc apply -f - echo -echo Setting environment variables for "$APP_NAME-$SOAM_KC_REALM_ID" application +echo Setting environment variables for "$APP_NAME-$BRANCH" application oc -n "$OPENSHIFT_NAMESPACE-$envValue" set env \ - --from="configmap/$APP_NAME-config-map" "dc/$APP_NAME-$SOAM_KC_REALM_ID" + --from="configmap/$APP_NAME-config-map" "deployment/$APP_NAME-$BRANCH" echo Creating config map "$APP_NAME-flb-sc-config-map" oc create -n "$OPENSHIFT_NAMESPACE-$envValue" configmap \ @@ -134,4 +135,4 @@ oc create -n "$OPENSHIFT_NAMESPACE-$envValue" configmap \ echo Removing un-needed config entries oc -n "$OPENSHIFT_NAMESPACE"-"$envValue" set env \ - dc/"$APP_NAME-$SOAM_KC_REALM_ID" KEYCLOAK_PUBLIC_KEY- + deployment/"$APP_NAME-$BRANCH" KEYCLOAK_PUBLIC_KEY- diff --git a/tools/openshift/api.dc.yaml b/tools/openshift/api.deployment.yaml similarity index 93% rename from tools/openshift/api.dc.yaml rename to tools/openshift/api.deployment.yaml index 5476903..ce40fb8 100644 --- a/tools/openshift/api.dc.yaml +++ b/tools/openshift/api.deployment.yaml @@ -4,10 +4,10 @@ kind: Template labels: template: "${REPO_NAME}-template" metadata: - name: "${REPO_NAME}-${BRANCH}-dc" + name: "${REPO_NAME}-${BRANCH}-deployment" objects: - - apiVersion: v1 - kind: DeploymentConfig + - apiVersion: apps/v1 + kind: Deployment metadata: labels: app: "${APP_NAME}-${BRANCH}" @@ -16,10 +16,11 @@ objects: replicas: ${{MIN_REPLICAS}} selector: app: "${APP_NAME}-${BRANCH}" - deploymentConfig: "${APP_NAME}-${BRANCH}" strategy: - resources: {} - type: Rolling + type: RollingUpdate + rollingUpdate: + maxUnavailable: 25% + maxSurge: 25% template: metadata: annotations: @@ -29,7 +30,6 @@ objects: prometheus.io/scrape: 'true' labels: app: "${APP_NAME}-${BRANCH}" - deploymentConfig: "${APP_NAME}-${BRANCH}" spec: containers: - image: image-registry.openshift-image-registry.svc:5000/${NAMESPACE}/${REPO_NAME}-${BRANCH}:${TAG} @@ -116,8 +116,6 @@ objects: configMap: name: "${APP_NAME}-flb-sc-config-map" test: false - triggers: - - type: ConfigChange - apiVersion: v1 kind: Service metadata: @@ -133,15 +131,14 @@ objects: protocol: TCP selector: app: "${APP_NAME}-${BRANCH}" - deploymentconfig: "${APP_NAME}-${BRANCH}" - apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: name: "${APP_NAME}-${BRANCH}-cpu-autoscaler" spec: scaleTargetRef: - apiVersion: apps.openshift.io/v1 - kind: DeploymentConfig + apiVersion: apps/v1 + kind: Deployment name: "${APP_NAME}-${BRANCH}" subresource: scale minReplicas: ${{MIN_REPLICAS}}