Merge pull request #856 from bcgov/yj #205
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Deploy Test Environment | |
on: | |
push: | |
tags: | |
- v*.*.* | |
jobs: | |
docker-build-backend: | |
runs-on: ubuntu-22.04 | |
timeout-minutes: 10 | |
permissions: | |
contents: read | |
packages: write | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Setup Tools | |
uses: ./.github/actions/setup-tools | |
- name: Build Docker image | |
run: cd server && docker build -t strdss-backend -f Dockerfile . | |
- name: Tag Docker image | |
run: | | |
vtag=${{ github.ref_name }} | |
docker tag strdss-backend artifacts.developer.gov.bc.ca/sf4a-strdss/strdss-backend:${vtag//v} | |
- name: Push Docker image to Artifactory | |
run: | | |
vtag=${{ github.ref_name }} | |
docker login artifacts.developer.gov.bc.ca -u ${{ secrets.JFROG_USERNAME }} -p ${{ secrets.JFROG_PASSWORD }} | |
docker push artifacts.developer.gov.bc.ca/sf4a-strdss/strdss-backend:${vtag//v} | |
docker-build-hangfire: | |
runs-on: ubuntu-22.04 | |
timeout-minutes: 10 | |
permissions: | |
contents: read | |
packages: write | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Setup Tools | |
uses: ./.github/actions/setup-tools | |
- name: Build Docker image | |
run: cd server && docker build -t strdss-hangfire -f Dockerfile.hangfire . | |
- name: Tag Docker image | |
run: | | |
vtag=${{ github.ref_name }} | |
docker tag strdss-hangfire artifacts.developer.gov.bc.ca/sf4a-strdss/strdss-hangfire:${vtag//v} | |
- name: Push Docker image to Artifactory | |
run: | | |
vtag=${{ github.ref_name }} | |
docker login artifacts.developer.gov.bc.ca -u ${{ secrets.JFROG_USERNAME }} -p ${{ secrets.JFROG_PASSWORD }} | |
docker push artifacts.developer.gov.bc.ca/sf4a-strdss/strdss-hangfire:${vtag//v} | |
docker-build-frontend: | |
runs-on: ubuntu-22.04 | |
timeout-minutes: 10 | |
permissions: | |
contents: read | |
packages: write | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Setup Tools | |
uses: ./.github/actions/setup-tools | |
- name: Build Docker image | |
run: cd frontend && docker build -t strdss-frontend -f Dockerfile . | |
- name: Tag Docker image | |
run: | | |
vtag=${{ github.ref_name }} | |
docker tag strdss-frontend artifacts.developer.gov.bc.ca/sf4a-strdss/strdss-frontend:${vtag//v} | |
- name: Push Docker image to Artifactory | |
run: | | |
vtag=${{ github.ref_name }} | |
docker login artifacts.developer.gov.bc.ca -u ${{ secrets.JFROG_USERNAME }} -p ${{ secrets.JFROG_PASSWORD }} | |
docker push artifacts.developer.gov.bc.ca/sf4a-strdss/strdss-frontend:${vtag//v} | |
deploy-emerald: | |
needs: [docker-build-frontend, docker-build-backend, docker-build-hangfire] | |
runs-on: ubuntu-22.04 | |
timeout-minutes: 10 | |
steps: | |
- name: Checkout ArgoCD Repo | |
id: gitops | |
uses: actions/checkout@v4 | |
with: | |
repository: bcgov-c/tenant-gitops-b0471a | |
ref: test | |
token: ${{ secrets.GITOPS }} # `GITOPS` is a secret that contains your PAT | |
- name: Update Helm Values and Commit | |
id: helm | |
run: | | |
pwd | |
# Get current date and time | |
datetime=$(date +'%Y-%m-%d %H:%M:%S') | |
vtag=${{ github.ref_name }} | |
echo "Image Tag:" | |
echo ${vtag//v} | |
# set image tag | |
sed -i "s/tag: .*/tag: ${vtag//v} # Image Updated on $datetime/" deploy/test_values.yaml | |
# Commit and push the changes | |
git config --global user.email "[email protected]" | |
git config --global user.name "Young-Jin Chung" | |
git add deploy/test_values.yaml | |
pwd | |
# Repackage Helm Chart | |
cd charts/gitops/charts | |
helm package ../../frontend/ | |
helm package ../../backend/ | |
helm package ../../hangfire/ | |
git add . | |
git commit -m "Update image tag to ${vtag//v} on $datetime" | |
git push origin test | |
zap-scan: | |
needs: [deploy-emerald] | |
runs-on: ubuntu-22.04 | |
timeout-minutes: 10 | |
permissions: | |
contents: read | |
issues: write | |
steps: | |
- uses: hmarr/debug-action@a701ed95a46e6f2fb0df25e1a558c16356fae35a | |
- uses: actions/checkout@96f53100ba2a5449eb71d2e6604bbcd94b9449b5 | |
with: | |
ref: main | |
- name: ZAP Scan | |
uses: zaproxy/action-full-scan@c8994d4f913cf872ec9964ac2d998c9bec369060 | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
target: https://dev.strdata.gov.bc.ca/ | |
rules_file_name: '.zap/rules.tsv' |