diff --git a/.github/workflows/ci-cd-pims-dev.yml b/.github/workflows/ci-cd-pims-dev.yml index 1331cc9c83..05edb002ec 100644 --- a/.github/workflows/ci-cd-pims-dev.yml +++ b/.github/workflows/ci-cd-pims-dev.yml @@ -123,7 +123,7 @@ jobs: - name: call scripts to upgrade database shell: bash run: | - oc process -f ./openshift/4.0/templates/jobs/db-deploy.yaml -p SERVER_NAME=sqldevtst.th.gov.bc.ca -p DB_NAME=PIMS_DEV -p NAMESPACE=3cd915-dev | oc create -f - | grep -oP "(?<=job\.batch/)[^\s]*" | (read JOB_NAME; oc wait --for=condition=complete job/$JOB_NAME --timeout=120s) + oc process -f ./openshift/4.0/templates/jobs/db-deploy.yaml -p DB_SECRET_NAME=pims-database GIT_BRANCH=dev SERVER_NAME=sqldevtst.th.gov.bc.ca -p DB_NAME=PIMS_DEV -p NAMESPACE=3cd915-dev | oc create -f - | grep -oP "(?<=job\.batch/)[^\s]*" | (read JOB_NAME; oc wait --for=condition=complete job/$JOB_NAME --timeout=120s) sync-keycloak: name: Sync Keycloak diff --git a/.github/workflows/retag-dev-to-test.yml b/.github/workflows/retag-dev-to-test.yml index 4435350eb8..bfc83042db 100644 --- a/.github/workflows/retag-dev-to-test.yml +++ b/.github/workflows/retag-dev-to-test.yml @@ -5,7 +5,7 @@ env: OPENSHIFT_TOKEN: ${{ secrets.OPENSHIFT_TOKEN }} OPENSHIFT_TOOLS_NAMESPACE: "3cd915-tools" MS_TEAMS_WEBHOOK_BUILD_CHANNEL: ${{ secrets.MS_TEAMS_WEBHOOK_URI_BUILD_CHANNEL }} - AUTH__KEYCLOAK__SECRET: ${{ secrets.KEYCLOAK_SECRET }} + AUTH__KEYCLOAK__SECRET: ${{ secrets.KEYCLOAK_SECRET_TEST }} AUTH__KEYCLOAK__SERVICEACCOUNT__SECRET: ${{ secrets.KEYCLOAK_SERVICEACCOUNT_SECRET }} sync-directory: ./tools/keycloak/sync ASPNETCORE_ENVIRONMENT: "Test" @@ -64,9 +64,33 @@ jobs: ./openshift/4.0/player.sh deploy api $DESTINATION -apply ./openshift/4.0/player.sh deploy app $DESTINATION -apply + # the command: + # 1) creates an openshift job with generated name to avoid name conflict, substituting the variables in the template. + # 2) greps the generated name from the previous step. + # 3) waits for the job to complete using the generated name. + database-upgrade: + name: Upgrade database + needs: [deploy] + runs-on: ubuntu-latest + steps: + - name: Checkout Source Code + uses: actions/checkout@v3 + - name: Login to OpenShift + uses: redhat-actions/oc-login@v1 + with: + openshift_server_url: ${{ env.OPENSHIFT_SERVER }} + openshift_token: ${{ env.OPENSHIFT_TOKEN }} + insecure_skip_tls_verify: true + namespace: 3cd915-dev + - name: call scripts to upgrade database + shell: bash + run: | + oc process -f ./openshift/4.0/templates/jobs/db-deploy.yaml -p DB_SECRET_NAME=pims-database-test GIT_BRANCH=dev SERVER_NAME=sqldevtst.th.gov.bc.ca -p DB_NAME=PIMS_TST -p NAMESPACE=3cd915-dev | oc create -f - | grep -oP "(?<=job\.batch/)[^\s]*" | (read JOB_NAME; oc wait --for=condition=complete job/$JOB_NAME --timeout=120s) + + sync-keycloak: name: Sync Keycloak - needs: deploy + needs: database-upgrade runs-on: ubuntu-latest steps: - name: Checkout Source Code @@ -92,7 +116,7 @@ jobs: ci-cd-end-notification: name: CI-CD End Notification to Teams Channel runs-on: ubuntu-latest - needs: deploy + needs: sync-keycloak steps: - name: check workflow status uses: martialonline/workflow-status@v4 diff --git a/.github/workflows/retag-test-to-uat.yml b/.github/workflows/retag-test-to-uat.yml index 280511f7d4..ef6f24268a 100644 --- a/.github/workflows/retag-test-to-uat.yml +++ b/.github/workflows/retag-test-to-uat.yml @@ -5,6 +5,8 @@ env: OPENSHIFT_TOKEN: ${{ secrets.OPENSHIFT_TOKEN }} OPENSHIFT_TOOLS_NAMESPACE: "3cd915-tools" MS_TEAMS_WEBHOOK_BUILD_CHANNEL: ${{ secrets.MS_TEAMS_WEBHOOK_URI_BUILD_CHANNEL }} + AUTH__KEYCLOAK__SECRET: ${{ secrets.KEYCLOAK_SECRET_UAT }} + AUTH__KEYCLOAK__SERVICEACCOUNT__SECRET: ${{ secrets.KEYCLOAK_SERVICEACCOUNT_SECRET }} ## variables for scripts under git\openshift\4.0\scripts\oc-*.sh APP_PORT: 8080 @@ -59,11 +61,59 @@ jobs: run: | ./openshift/4.0/player.sh deploy api $DESTINATION -apply ./openshift/4.0/player.sh deploy app $DESTINATION -apply + + # the command: + # 1) creates an openshift job with generated name to avoid name conflict, substituting the variables in the template. + # 2) greps the generated name from the previous step. + # 3) waits for the job to complete using the generated name. + database-upgrade: + name: Upgrade database + needs: [deploy] + runs-on: ubuntu-latest + steps: + - name: Checkout Source Code + uses: actions/checkout@v3 + - name: Login to OpenShift + uses: redhat-actions/oc-login@v1 + with: + openshift_server_url: ${{ env.OPENSHIFT_SERVER }} + openshift_token: ${{ env.OPENSHIFT_TOKEN }} + insecure_skip_tls_verify: true + namespace: 3cd915-test + - name: call scripts to upgrade database + shell: bash + run: | + oc process -f ./openshift/4.0/templates/jobs/db-deploy.yaml -p DB_SECRET_NAME=pims-database GIT_BRANCH=test SERVER_NAME=sqlprd.th.gov.bc.ca -p DB_NAME=PIMS_UAT -p NAMESPACE=3cd915-test | oc create -f - | grep -oP "(?<=job\.batch/)[^\s]*" | (read JOB_NAME; oc wait --for=condition=complete job/$JOB_NAME --timeout=120s) + + sync-keycloak: + name: Sync Keycloak + needs: database-upgrade + runs-on: ubuntu-latest + steps: + - name: Checkout Source Code + uses: actions/checkout@v3 + + - name: Setup .NET 6 + uses: actions/setup-dotnet@v2 + with: + dotnet-version: "6.0.x" + + - name: Install dependencies for keycloak sync + run: dotnet restore + working-directory: ${{env.sync-directory}} + + - name: Build keycloak sync + run: dotnet build + working-directory: ${{env.sync-directory}} + + - name: Start keycloak sync + run: dotnet run + working-directory: ${{env.sync-directory}} ci-cd-end-notification: name: CI-CD End Notification to Teams Channel runs-on: ubuntu-latest - needs: deploy + needs: sync-keycloak steps: - name: check workflow status uses: martialonline/workflow-status@v4 @@ -73,6 +123,6 @@ jobs: with: github-token: ${{ github.token }} ms-teams-webhook-uri: ${{ env.MS_TEAMS_WEBHOOK_BUILD_CHANNEL }} - notification-summary: PIMS Release DEV to TEST COMPLETED with status ${{ steps.check.outputs.status }} + notification-summary: PIMS Release TEST to UAT COMPLETED with status ${{ steps.check.outputs.status }} notification-color: 17a2b8 timezone: America/Los_Angeles diff --git a/openshift/4.0/templates/jobs/db-deploy.yaml b/openshift/4.0/templates/jobs/db-deploy.yaml index 9734387026..86252df56e 100644 --- a/openshift/4.0/templates/jobs/db-deploy.yaml +++ b/openshift/4.0/templates/jobs/db-deploy.yaml @@ -30,8 +30,8 @@ objects: touch /usr/config/psp/source/database/mssql/.env; PATH="/opt/mssql-tools/bin:$PATH"; cd /usr/config/psp; - git fetch origin dev; - git reset --h origin/dev; + git fetch origin ${GIT_BRANCH}; + git reset --h origin/${GIT_BRANCH}; cd /usr/config/psp/source/database/mssql/scripts/dbscripts; chmod 777 db-upgrade.sh; ./db-upgrade.sh; @@ -43,12 +43,12 @@ objects: - name: DB_USER valueFrom: secretKeyRef: - name: pims-database + name: ${DB_SECRET_NAME} key: DB_USER - name: DB_PASSWORD valueFrom: secretKeyRef: - name: pims-database + name: ${DB_SECRET_NAME} key: DB_PASSWORD resources: {} terminationMessagePath: /dev/termination-log @@ -65,3 +65,9 @@ parameters: - name: NAMESPACE description: the openshift namespace to run this job in. required: true + - name: GIT_BRANCH + description: the git branch to pull the database scripts from. + required: true + - name: DB_SECRET_NAME + description: the git branch to pull the database scripts from. + required: true