-
Notifications
You must be signed in to change notification settings - Fork 2
155 lines (123 loc) · 4.38 KB
/
deploy-test.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
name: Deploy Test Environment
on:
push:
tags:
- v*.*.*
jobs:
docker-build-backend:
runs-on: ubuntu-22.04
timeout-minutes: 10
permissions:
contents: read
packages: write
steps:
- uses: actions/checkout@v4
- name: Setup Tools
uses: ./.github/actions/setup-tools
- name: Build Docker image
run: cd server && docker build -t strdss-backend -f Dockerfile .
- name: Tag Docker image
run: |
vtag=${{ github.ref_name }}
docker tag strdss-backend artifacts.developer.gov.bc.ca/sf4a-strdss/strdss-backend:${vtag//v}
- name: Push Docker image to Artifactory
run: |
vtag=${{ github.ref_name }}
docker login artifacts.developer.gov.bc.ca -u ${{ secrets.JFROG_USERNAME }} -p ${{ secrets.JFROG_PASSWORD }}
docker push artifacts.developer.gov.bc.ca/sf4a-strdss/strdss-backend:${vtag//v}
docker-build-hangfire:
runs-on: ubuntu-22.04
timeout-minutes: 10
permissions:
contents: read
packages: write
steps:
- uses: actions/checkout@v4
- name: Setup Tools
uses: ./.github/actions/setup-tools
- name: Build Docker image
run: cd server && docker build -t strdss-hangfire -f Dockerfile.hangfire .
- name: Tag Docker image
run: |
vtag=${{ github.ref_name }}
docker tag strdss-hangfire artifacts.developer.gov.bc.ca/sf4a-strdss/strdss-hangfire:${vtag//v}
- name: Push Docker image to Artifactory
run: |
vtag=${{ github.ref_name }}
docker login artifacts.developer.gov.bc.ca -u ${{ secrets.JFROG_USERNAME }} -p ${{ secrets.JFROG_PASSWORD }}
docker push artifacts.developer.gov.bc.ca/sf4a-strdss/strdss-hangfire:${vtag//v}
docker-build-frontend:
runs-on: ubuntu-22.04
timeout-minutes: 10
permissions:
contents: read
packages: write
steps:
- uses: actions/checkout@v4
- name: Setup Tools
uses: ./.github/actions/setup-tools
- name: Build Docker image
run: cd frontend && docker build -t strdss-frontend -f Dockerfile .
- name: Tag Docker image
run: |
vtag=${{ github.ref_name }}
docker tag strdss-frontend artifacts.developer.gov.bc.ca/sf4a-strdss/strdss-frontend:${vtag//v}
- name: Push Docker image to Artifactory
run: |
vtag=${{ github.ref_name }}
docker login artifacts.developer.gov.bc.ca -u ${{ secrets.JFROG_USERNAME }} -p ${{ secrets.JFROG_PASSWORD }}
docker push artifacts.developer.gov.bc.ca/sf4a-strdss/strdss-frontend:${vtag//v}
deploy-emerald:
needs: [docker-build-frontend, docker-build-backend, docker-build-hangfire]
runs-on: ubuntu-22.04
timeout-minutes: 10
steps:
- name: Checkout ArgoCD Repo
id: gitops
uses: actions/checkout@v4
with:
repository: bcgov-c/tenant-gitops-b0471a
ref: test
token: ${{ secrets.GITOPS }} # `GITOPS` is a secret that contains your PAT
- name: Update Helm Values and Commit
id: helm
run: |
pwd
# Get current date and time
datetime=$(date +'%Y-%m-%d %H:%M:%S')
vtag=${{ github.ref_name }}
echo "Image Tag:"
echo ${vtag//v}
# set image tag
sed -i "s/tag: .*/tag: ${vtag//v} # Image Updated on $datetime/" deploy/test_values.yaml
# Commit and push the changes
git config --global user.email "[email protected]"
git config --global user.name "Young-Jin Chung"
git add deploy/test_values.yaml
pwd
# Repackage Helm Chart
cd charts/gitops/charts
helm package ../../frontend/
helm package ../../backend/
helm package ../../hangfire/
git add .
git commit -m "Update image tag to ${vtag//v} on $datetime"
git push origin test
zap-scan:
needs: [deploy-emerald]
runs-on: ubuntu-22.04
timeout-minutes: 10
permissions:
contents: read
issues: write
steps:
- uses: hmarr/debug-action@a701ed95a46e6f2fb0df25e1a558c16356fae35a
- uses: actions/checkout@96f53100ba2a5449eb71d2e6604bbcd94b9449b5
with:
ref: main
- name: ZAP Scan
uses: zaproxy/action-full-scan@c8994d4f913cf872ec9964ac2d998c9bec369060
with:
token: ${{ secrets.GITHUB_TOKEN }}
target: https://dev.strdata.gov.bc.ca/
rules_file_name: '.zap/rules.tsv'