introduce keycloak to dev test ci/cd pipelines as the action appears … #1096
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI-CD PIMS Development | ||
| env: | ||
| OPENSHIFT_SERVER: ${{ secrets.OPENSHIFT_SERVER }} | ||
| # service account: gitaction | ||
| OPENSHIFT_TOKEN: ${{ secrets.OPENSHIFT_TOKEN }} | ||
| OPENSHIFT_TOOLS_NAMESPACE: "3cd915-tools" | ||
| MS_TEAMS_WEBHOOK_BUILD_CHANNEL: ${{ secrets.MS_TEAMS_WEBHOOK_URI_BUILD_CHANNEL }} | ||
| AUTH__KEYCLOAK__SECRET: ${{ secrets.KEYCLOAK_SECRET }} | ||
| AUTH__KEYCLOAK__SERVICEACCOUNT__SECRET: ${{ secrets.KEYCLOAK_SERVICEACCOUNT_SECRET }} | ||
| sync-directory: ./tools/keycloak/sync | ||
| ASPNETCORE_ENVIRONMENT: "Development" | ||
| ## variables for scripts under git\openshift\4.0\scripts\oc-*.sh | ||
| APP_PORT: 8080 | ||
| DESTINATION: "dev" | ||
| OC_JOB_NAME: "dev" | ||
| GIT_URL: "${{github.server_url}}/${{github.repository}}" | ||
| GIT_BRANCH: "${{github.ref}}" | ||
| APP_NAME: "pims" | ||
| PROJ_PREFIX: "3cd915" | ||
| PROJ_TOOLS: "3cd915-tools" | ||
| PROJ_DEV: "dev" | ||
| PROJ_TEST: "test" | ||
| PROJ_PROD: "prod" | ||
| TAG_DEV: "dev" | ||
| TAG_TEST: "test" | ||
| TAG_PROD: "prod" | ||
| on: | ||
| pull_request_target: | ||
| branches: [dev] | ||
| types: [closed] | ||
| jobs: | ||
| ci-cd-start-notification: | ||
| if: github.event.pull_request.merged == true | ||
| name: CI-CD Start Notification to Teams Channel | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Start notification to Teams Channel | ||
| uses: dragos-cojocari/[email protected] | ||
| with: | ||
| github-token: ${{ github.token }} | ||
| ms-teams-webhook-uri: ${{ env.MS_TEAMS_WEBHOOK_BUILD_CHANNEL }} | ||
| notification-summary: PIMS CI-CD GitHub Action STARTED in DEV | ||
| notification-color: 17a2b8 | ||
| timezone: America/Los_Angeles | ||
| build-frontend: | ||
| name: Build frontend | ||
| needs: ci-cd-start-notification | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Checkout Source Code | ||
| uses: actions/checkout@v3 | ||
| - name: Login to OpenShift | ||
| uses: redhat-actions/oc-login@v1 | ||
| with: | ||
| openshift_server_url: ${{ env.OPENSHIFT_SERVER }} | ||
| openshift_token: ${{ env.OPENSHIFT_TOKEN }} | ||
| insecure_skip_tls_verify: true | ||
| namespace: ${{ env.OPENSHIFT_TOOLS_NAMESPACE }} | ||
| - name: Call script to build frontend (pims-app and pims-app-base) | ||
| run: | | ||
| ./openshift/4.0/player.sh build app-base -apply | ||
| ./openshift/4.0/player.sh build app -apply | ||
| build-api: | ||
| name: Build api | ||
| needs: ci-cd-start-notification | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Checkout Source Code | ||
| uses: actions/checkout@v3 | ||
| - name: Login to OpenShift | ||
| uses: redhat-actions/oc-login@v1 | ||
| with: | ||
| openshift_server_url: ${{ env.OPENSHIFT_SERVER }} | ||
| openshift_token: ${{ env.OPENSHIFT_TOKEN }} | ||
| insecure_skip_tls_verify: true | ||
| namespace: ${{ env.OPENSHIFT_TOOLS_NAMESPACE }} | ||
| - name: Call script to build backend (pims-api) | ||
| run: | | ||
| ./openshift/4.0/player.sh build api -apply | ||
| deploy: | ||
| name: Deploy frontend and api to OpenShift | ||
| needs: [build-frontend, build-api] | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Checkout Source Code | ||
| uses: actions/checkout@v3 | ||
| - name: Login to OpenShift | ||
| uses: redhat-actions/oc-login@v1 | ||
| with: | ||
| openshift_server_url: ${{ env.OPENSHIFT_SERVER }} | ||
| openshift_token: ${{ env.OPENSHIFT_TOKEN }} | ||
| insecure_skip_tls_verify: true | ||
| namespace: ${{ env.OPENSHIFT_TOOLS_NAMESPACE }} | ||
| - name: call scripts to deploy api and frontend | ||
| run: | | ||
| ./openshift/4.0/player.sh deploy api $DESTINATION -apply | ||
| ./openshift/4.0/player.sh deploy app $DESTINATION -apply | ||
| sync-keycloak: | ||
| name: Sync Keycloak | ||
| needs: deploy | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Setup .NET 6 | ||
| uses: actions/setup-dotnet@v1 | ||
| with: | ||
| dotnet-version: "6.0.x" | ||
| - name: Install dependencies for keycloak sync | ||
| run: dotnet restore | ||
| working-directory: ${{env.sync-directory}} | ||
| - name: Build keycloak sync | ||
| run: dotnet build | ||
| working-directory: ${{env.sync-directory}} | ||
| - name: Start keycloak sync | ||
| run: dotnet run | ||
| working-directory: ${{env.sync-directory}} | ||
| deploy: | ||
| name: Upgrade database | ||
| needs: [deploy] | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Checkout Source Code | ||
| uses: actions/checkout@v3 | ||
| - name: Login to OpenShift | ||
| uses: redhat-actions/oc-login@v1 | ||
| with: | ||
| openshift_server_url: ${{ env.OPENSHIFT_SERVER }} | ||
| openshift_token: ${{ env.OPENSHIFT_TOKEN }} | ||
| insecure_skip_tls_verify: true | ||
| namespace: 3cd915-dev | ||
| - name: call scripts to upgrade database | ||
| run: | | ||
| oc process -f ./openshift/4.0/templates/jobs/deploy.yaml -p SERVER_NAME=sqldevtst.th.gov.bc.ca -p DB_NAME=PIMS_DEV -p NAMESPACE=3cd915-dev | oc create -f - | ||
| ci-cd-end-notification: | ||
| name: CI-CD End Notification to Teams Channel | ||
| runs-on: ubuntu-latest | ||
| needs: deploy | ||
| if: ${{ always() && github.event.pull_request.merged == true }} | ||
| steps: | ||
| - name: check workflow status | ||
| uses: martialonline/workflow-status@v4 | ||
| id: check | ||
| - name: End notification to Teams Channel | ||
| uses: dragos-cojocari/[email protected] | ||
| with: | ||
| github-token: ${{ github.token }} | ||
| ms-teams-webhook-uri: ${{ env.MS_TEAMS_WEBHOOK_BUILD_CHANNEL }} | ||
| notification-summary: PIMS CI-CD GitHub Action COMPLETED in DEV environment with status ${{ steps.check.outputs.status }} | ||
| notification-color: 17a2b8 | ||
| timezone: America/Los_Angeles | ||
