Skip to content

introduce keycloak to dev test ci/cd pipelines as the action appears … #1105

introduce keycloak to dev test ci/cd pipelines as the action appears …

introduce keycloak to dev test ci/cd pipelines as the action appears … #1105

name: CI-CD PIMS Development
env:
OPENSHIFT_SERVER: ${{ secrets.OPENSHIFT_SERVER }}
# service account: gitaction
OPENSHIFT_TOKEN: ${{ secrets.OPENSHIFT_TOKEN }}
OPENSHIFT_TOOLS_NAMESPACE: "3cd915-tools"
MS_TEAMS_WEBHOOK_BUILD_CHANNEL: ${{ secrets.MS_TEAMS_WEBHOOK_URI_BUILD_CHANNEL }}
AUTH__KEYCLOAK__SECRET: ${{ secrets.KEYCLOAK_SECRET }}
AUTH__KEYCLOAK__SERVICEACCOUNT__SECRET: ${{ secrets.KEYCLOAK_SERVICEACCOUNT_SECRET }}
sync-directory: ./tools/keycloak/sync
ASPNETCORE_ENVIRONMENT: "Development"
## variables for scripts under git\openshift\4.0\scripts\oc-*.sh
APP_PORT: 8080
DESTINATION: "dev"
OC_JOB_NAME: "dev"
GIT_URL: "${{github.server_url}}/${{github.repository}}"
GIT_BRANCH: "${{github.ref}}"
APP_NAME: "pims"
PROJ_PREFIX: "3cd915"
PROJ_TOOLS: "3cd915-tools"
PROJ_DEV: "dev"
PROJ_TEST: "test"
PROJ_PROD: "prod"
TAG_DEV: "dev"
TAG_TEST: "test"
TAG_PROD: "prod"
on:
pull_request_target:
branches: [dev]
types: [closed]
jobs:
ci-cd-start-notification:
if: github.event.pull_request.merged == true
name: CI-CD Start Notification to Teams Channel
runs-on: ubuntu-latest
steps:
- name: Start notification to Teams Channel
uses: dragos-cojocari/[email protected]
with:
github-token: ${{ github.token }}
ms-teams-webhook-uri: ${{ env.MS_TEAMS_WEBHOOK_BUILD_CHANNEL }}
notification-summary: PIMS CI-CD GitHub Action STARTED in DEV
notification-color: 17a2b8
timezone: America/Los_Angeles
build-frontend:
name: Build frontend
needs: ci-cd-start-notification
runs-on: ubuntu-latest
steps:
- name: Checkout Source Code
uses: actions/checkout@v3
- name: Login to OpenShift
uses: redhat-actions/oc-login@v1
with:
openshift_server_url: ${{ env.OPENSHIFT_SERVER }}
openshift_token: ${{ env.OPENSHIFT_TOKEN }}
insecure_skip_tls_verify: true
namespace: ${{ env.OPENSHIFT_TOOLS_NAMESPACE }}
- name: Call script to build frontend (pims-app and pims-app-base)
run: |
./openshift/4.0/player.sh build app-base -apply
./openshift/4.0/player.sh build app -apply
build-api:
name: Build api
needs: ci-cd-start-notification
runs-on: ubuntu-latest
steps:
- name: Checkout Source Code
uses: actions/checkout@v3
- name: Login to OpenShift
uses: redhat-actions/oc-login@v1
with:
openshift_server_url: ${{ env.OPENSHIFT_SERVER }}
openshift_token: ${{ env.OPENSHIFT_TOKEN }}
insecure_skip_tls_verify: true
namespace: ${{ env.OPENSHIFT_TOOLS_NAMESPACE }}
- name: Call script to build backend (pims-api)
run: |
./openshift/4.0/player.sh build api -apply
deploy:
name: Deploy frontend and api to OpenShift
needs: [build-frontend, build-api]
runs-on: ubuntu-latest
steps:
- name: Checkout Source Code
uses: actions/checkout@v3
- name: Login to OpenShift
uses: redhat-actions/oc-login@v1
with:
openshift_server_url: ${{ env.OPENSHIFT_SERVER }}
openshift_token: ${{ env.OPENSHIFT_TOKEN }}
insecure_skip_tls_verify: true
namespace: ${{ env.OPENSHIFT_TOOLS_NAMESPACE }}
- name: call scripts to deploy api and frontend
run: |
./openshift/4.0/player.sh deploy api $DESTINATION -apply
./openshift/4.0/player.sh deploy app $DESTINATION -apply
# the command:
# 1) creates an openshift job with generated name to avoid name conflict, substituting the variables in the template.
# 2) greps the generated name from the previous step.
# 3) waits for the job to complete using the generated name.
database-upgrade:
name: Upgrade database
needs: [deploy]
runs-on: ubuntu-latest
steps:
- name: Checkout Source Code
uses: actions/checkout@v3
- name: Login to OpenShift
uses: redhat-actions/oc-login@v1
with:
openshift_server_url: ${{ env.OPENSHIFT_SERVER }}
openshift_token: ${{ env.OPENSHIFT_TOKEN }}
insecure_skip_tls_verify: true
namespace: 3cd915-dev
- name: call scripts to upgrade database
shell: bash
run: |
oc process -f ./openshift/4.0/templates/jobs/db-deploy.yaml -p SERVER_NAME=sqldevtst.th.gov.bc.ca -p DB_NAME=PIMS_DEV -p NAMESPACE=3cd915-dev | oc create -f - | grep -oP "(?<=job\.batch/)[^\s]*" | (read JOB_NAME; oc wait --for=condition=complete job/$JOB_NAME --timeout=120s)
sync-keycloak:
name: Sync Keycloak
needs: database-upgrade
runs-on: ubuntu-latest
steps:
- name: Setup .NET 6
uses: actions/setup-dotnet@v1
with:
dotnet-version: "6.0.x"
- name: Install dependencies for keycloak sync
run: dotnet restore
working-directory: ${{env.sync-directory}}
- name: Build keycloak sync
run: dotnet build
working-directory: ${{env.sync-directory}}
- name: Start keycloak sync
run: dotnet run
working-directory: ${{env.sync-directory}}
ci-cd-end-notification:
name: CI-CD End Notification to Teams Channel
runs-on: ubuntu-latest
needs: sync-keycloak
if: ${{ always() && github.event.pull_request.merged == true }}
steps:
- name: check workflow status
uses: martialonline/workflow-status@v4
id: check
- name: End notification to Teams Channel
uses: dragos-cojocari/[email protected]
with:
github-token: ${{ github.token }}
ms-teams-webhook-uri: ${{ env.MS_TEAMS_WEBHOOK_BUILD_CHANNEL }}
notification-summary: PIMS CI-CD GitHub Action COMPLETED in DEV environment with status ${{ steps.check.outputs.status }}
notification-color: 17a2b8
timezone: America/Los_Angeles