add automatic db deployment to test, uat. add keycloak sync to uat. update action definitions to allow for env specific secrets for keycloak sync. #1176

Workflow file for this run

.github/workflows/ci-cd-pims-dev.yml at 119849f

	name: CI-CD PIMS Development
	env:
	OPENSHIFT_SERVER: ${{ secrets.OPENSHIFT_SERVER }}
	# service account: gitaction
	OPENSHIFT_TOKEN: ${{ secrets.OPENSHIFT_TOKEN }}
	OPENSHIFT_TOOLS_NAMESPACE: "3cd915-tools"
	MS_TEAMS_WEBHOOK_BUILD_CHANNEL: ${{ secrets.MS_TEAMS_WEBHOOK_URI_BUILD_CHANNEL }}
	AUTH__KEYCLOAK__SECRET: ${{ secrets.KEYCLOAK_SECRET }}
	AUTH__KEYCLOAK__SERVICEACCOUNT__SECRET: ${{ secrets.KEYCLOAK_SERVICEACCOUNT_SECRET }}
	sync-directory: ./tools/keycloak/sync
	ASPNETCORE_ENVIRONMENT: "Development"

	## variables for scripts under git\openshift\4.0\scripts\oc-*.sh
	APP_PORT: 8080
	DESTINATION: "dev"
	OC_JOB_NAME: "dev"
	GIT_URL: "${{github.server_url}}/${{github.repository}}"
	GIT_BRANCH: "${{github.ref}}"
	APP_NAME: "pims"
	PROJ_PREFIX: "3cd915"
	PROJ_TOOLS: "3cd915-tools"
	PROJ_DEV: "dev"
	PROJ_TEST: "test"
	PROJ_PROD: "prod"
	TAG_DEV: "dev"
	TAG_TEST: "test"
	TAG_PROD: "prod"

	on:
	pull_request_target:
	branches: [dev]
	types: [closed]

	jobs:
	ci-cd-start-notification:
	if: github.event.pull_request.merged == true
	name: CI-CD Start Notification to Teams Channel
	runs-on: ubuntu-latest
	steps:
	- name: Start notification to Teams Channel
	uses: dragos-cojocari/[email protected]
	with:
	github-token: ${{ github.token }}
	ms-teams-webhook-uri: ${{ env.MS_TEAMS_WEBHOOK_BUILD_CHANNEL }}
	notification-summary: PIMS CI-CD GitHub Action STARTED in DEV
	notification-color: 17a2b8
	timezone: America/Los_Angeles

	build-frontend:
	name: Build frontend
	needs: ci-cd-start-notification
	runs-on: ubuntu-latest
	steps:
	- name: Checkout Source Code
	uses: actions/checkout@v3
	- name: Login to OpenShift
	uses: redhat-actions/oc-login@v1
	with:
	openshift_server_url: ${{ env.OPENSHIFT_SERVER }}
	openshift_token: ${{ env.OPENSHIFT_TOKEN }}
	insecure_skip_tls_verify: true
	namespace: ${{ env.OPENSHIFT_TOOLS_NAMESPACE }}
	- name: Call script to build frontend (pims-app and pims-app-base)
	run: \|
	./openshift/4.0/player.sh build app-base -apply
	./openshift/4.0/player.sh build app -apply

	build-api:
	name: Build api
	needs: ci-cd-start-notification
	runs-on: ubuntu-latest
	steps:
	- name: Checkout Source Code
	uses: actions/checkout@v3
	- name: Login to OpenShift
	uses: redhat-actions/oc-login@v1
	with:
	openshift_server_url: ${{ env.OPENSHIFT_SERVER }}
	openshift_token: ${{ env.OPENSHIFT_TOKEN }}
	insecure_skip_tls_verify: true
	namespace: ${{ env.OPENSHIFT_TOOLS_NAMESPACE }}
	- name: Call script to build backend (pims-api)
	run: \|
	./openshift/4.0/player.sh build api -apply

	deploy:
	name: Deploy frontend and api to OpenShift
	needs: [build-frontend, build-api]
	runs-on: ubuntu-latest
	steps:
	- name: Checkout Source Code
	uses: actions/checkout@v3
	- name: Login to OpenShift
	uses: redhat-actions/oc-login@v1
	with:
	openshift_server_url: ${{ env.OPENSHIFT_SERVER }}
	openshift_token: ${{ env.OPENSHIFT_TOKEN }}
	insecure_skip_tls_verify: true
	namespace: ${{ env.OPENSHIFT_TOOLS_NAMESPACE }}
	- name: call scripts to deploy api and frontend
	run: \|
	./openshift/4.0/player.sh deploy api $DESTINATION -apply
	./openshift/4.0/player.sh deploy app $DESTINATION -apply

	# the command:
	# 1) creates an openshift job with generated name to avoid name conflict, substituting the variables in the template.
	# 2) greps the generated name from the previous step.
	# 3) waits for the job to complete using the generated name.
	database-upgrade:
	name: Upgrade database
	needs: [deploy]
	runs-on: ubuntu-latest
	steps:
	- name: Checkout Source Code
	uses: actions/checkout@v3
	- name: Login to OpenShift
	uses: redhat-actions/oc-login@v1
	with:
	openshift_server_url: ${{ env.OPENSHIFT_SERVER }}
	openshift_token: ${{ env.OPENSHIFT_TOKEN }}
	insecure_skip_tls_verify: true
	namespace: 3cd915-dev
	- name: call scripts to upgrade database
	shell: bash
	run: \|
	oc process -f ./openshift/4.0/templates/jobs/db-deploy.yaml -p DB_SECRET_NAME=pims-database -p GIT_BRANCH=dev -p SERVER_NAME=sqldevtst.th.gov.bc.ca -p DB_NAME=PIMS_DEV -p NAMESPACE=3cd915-dev \| oc create -f - \| grep -oP "(?<=job\.batch/)[^\s]*" \| (read JOB_NAME; oc wait --for=condition=complete job/$JOB_NAME --timeout=120s)

	sync-keycloak:
	name: Sync Keycloak
	needs: database-upgrade
	runs-on: ubuntu-latest
	steps:
	- name: Checkout Source Code
	uses: actions/checkout@v3

	- name: Setup .NET 6
	uses: actions/setup-dotnet@v2
	with:
	dotnet-version: "6.0.x"

	- name: Install dependencies for keycloak sync
	run: dotnet restore
	working-directory: ${{env.sync-directory}}

	- name: Build keycloak sync
	run: dotnet build
	working-directory: ${{env.sync-directory}}

	- name: Start keycloak sync
	run: dotnet run
	working-directory: ${{env.sync-directory}}

	ci-cd-end-notification:
	name: CI-CD End Notification to Teams Channel
	runs-on: ubuntu-latest
	needs: sync-keycloak
	if: ${{ always() && github.event.pull_request.merged == true }}
	steps:
	- name: check workflow status
	uses: martialonline/workflow-status@v4
	id: check
	- name: End notification to Teams Channel
	uses: dragos-cojocari/[email protected]
	with:
	github-token: ${{ github.token }}
	ms-teams-webhook-uri: ${{ env.MS_TEAMS_WEBHOOK_BUILD_CHANNEL }}
	notification-summary: PIMS CI-CD GitHub Action COMPLETED in DEV environment with status ${{ steps.check.outputs.status }}
	notification-color: 17a2b8
	timezone: America/Los_Angeles

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

add automatic db deployment to test, uat. add keycloak sync to uat. update action definitions to allow for env specific secrets for keycloak sync. #1176

Workflow file

add automatic db deployment to test, uat. add keycloak sync to uat. update action definitions to allow for env specific secrets for keycloak sync. #1176

Jobs

Run details

Workflow file for this run