From 078f5628669b91d008e3a2e1f82d21bd8e1c5f6e Mon Sep 17 00:00:00 2001 From: devinleighsmith Date: Mon, 6 Nov 2023 10:53:09 -0800 Subject: [PATCH] add automatic db deployment to test. for testing purposes only, revert. typo. skip unecessary steps. temp. Revert "for testing purposes only, revert." This reverts commit 629967c17bcd64974bb78a2d1e0ca88fc65a7b8a. Revert "skip unecessary steps." This reverts commit bedc62732b44d43062acddddbe551d2501fa6d48. --- .github/workflows/ci-cd-pims-dev.yml | 2 +- .github/workflows/retag-dev-to-test.yml | 30 ++++++++++-- .github/workflows/retag-test-to-uat.yml | 54 ++++++++++++++++++++- openshift/4.0/templates/jobs/db-deploy.yaml | 14 ++++-- 4 files changed, 90 insertions(+), 10 deletions(-) diff --git a/.github/workflows/ci-cd-pims-dev.yml b/.github/workflows/ci-cd-pims-dev.yml index 1331cc9c83..05edb002ec 100644 --- a/.github/workflows/ci-cd-pims-dev.yml +++ b/.github/workflows/ci-cd-pims-dev.yml @@ -123,7 +123,7 @@ jobs: - name: call scripts to upgrade database shell: bash run: | - oc process -f ./openshift/4.0/templates/jobs/db-deploy.yaml -p SERVER_NAME=sqldevtst.th.gov.bc.ca -p DB_NAME=PIMS_DEV -p NAMESPACE=3cd915-dev | oc create -f - | grep -oP "(?<=job\.batch/)[^\s]*" | (read JOB_NAME; oc wait --for=condition=complete job/$JOB_NAME --timeout=120s) + oc process -f ./openshift/4.0/templates/jobs/db-deploy.yaml -p DB_SECRET_NAME=pims-database GIT_BRANCH=dev SERVER_NAME=sqldevtst.th.gov.bc.ca -p DB_NAME=PIMS_DEV -p NAMESPACE=3cd915-dev | oc create -f - | grep -oP "(?<=job\.batch/)[^\s]*" | (read JOB_NAME; oc wait --for=condition=complete job/$JOB_NAME --timeout=120s) sync-keycloak: name: Sync Keycloak diff --git a/.github/workflows/retag-dev-to-test.yml b/.github/workflows/retag-dev-to-test.yml index 4435350eb8..bfc83042db 100644 --- a/.github/workflows/retag-dev-to-test.yml +++ b/.github/workflows/retag-dev-to-test.yml @@ -5,7 +5,7 @@ env: OPENSHIFT_TOKEN: ${{ secrets.OPENSHIFT_TOKEN }} OPENSHIFT_TOOLS_NAMESPACE: "3cd915-tools" MS_TEAMS_WEBHOOK_BUILD_CHANNEL: ${{ secrets.MS_TEAMS_WEBHOOK_URI_BUILD_CHANNEL }} - AUTH__KEYCLOAK__SECRET: ${{ secrets.KEYCLOAK_SECRET }} + AUTH__KEYCLOAK__SECRET: ${{ secrets.KEYCLOAK_SECRET_TEST }} AUTH__KEYCLOAK__SERVICEACCOUNT__SECRET: ${{ secrets.KEYCLOAK_SERVICEACCOUNT_SECRET }} sync-directory: ./tools/keycloak/sync ASPNETCORE_ENVIRONMENT: "Test" @@ -64,9 +64,33 @@ jobs: ./openshift/4.0/player.sh deploy api $DESTINATION -apply ./openshift/4.0/player.sh deploy app $DESTINATION -apply + # the command: + # 1) creates an openshift job with generated name to avoid name conflict, substituting the variables in the template. + # 2) greps the generated name from the previous step. + # 3) waits for the job to complete using the generated name. + database-upgrade: + name: Upgrade database + needs: [deploy] + runs-on: ubuntu-latest + steps: + - name: Checkout Source Code + uses: actions/checkout@v3 + - name: Login to OpenShift + uses: redhat-actions/oc-login@v1 + with: + openshift_server_url: ${{ env.OPENSHIFT_SERVER }} + openshift_token: ${{ env.OPENSHIFT_TOKEN }} + insecure_skip_tls_verify: true + namespace: 3cd915-dev + - name: call scripts to upgrade database + shell: bash + run: | + oc process -f ./openshift/4.0/templates/jobs/db-deploy.yaml -p DB_SECRET_NAME=pims-database-test GIT_BRANCH=dev SERVER_NAME=sqldevtst.th.gov.bc.ca -p DB_NAME=PIMS_TST -p NAMESPACE=3cd915-dev | oc create -f - | grep -oP "(?<=job\.batch/)[^\s]*" | (read JOB_NAME; oc wait --for=condition=complete job/$JOB_NAME --timeout=120s) + + sync-keycloak: name: Sync Keycloak - needs: deploy + needs: database-upgrade runs-on: ubuntu-latest steps: - name: Checkout Source Code @@ -92,7 +116,7 @@ jobs: ci-cd-end-notification: name: CI-CD End Notification to Teams Channel runs-on: ubuntu-latest - needs: deploy + needs: sync-keycloak steps: - name: check workflow status uses: martialonline/workflow-status@v4 diff --git a/.github/workflows/retag-test-to-uat.yml b/.github/workflows/retag-test-to-uat.yml index 280511f7d4..ef6f24268a 100644 --- a/.github/workflows/retag-test-to-uat.yml +++ b/.github/workflows/retag-test-to-uat.yml @@ -5,6 +5,8 @@ env: OPENSHIFT_TOKEN: ${{ secrets.OPENSHIFT_TOKEN }} OPENSHIFT_TOOLS_NAMESPACE: "3cd915-tools" MS_TEAMS_WEBHOOK_BUILD_CHANNEL: ${{ secrets.MS_TEAMS_WEBHOOK_URI_BUILD_CHANNEL }} + AUTH__KEYCLOAK__SECRET: ${{ secrets.KEYCLOAK_SECRET_UAT }} + AUTH__KEYCLOAK__SERVICEACCOUNT__SECRET: ${{ secrets.KEYCLOAK_SERVICEACCOUNT_SECRET }} ## variables for scripts under git\openshift\4.0\scripts\oc-*.sh APP_PORT: 8080 @@ -59,11 +61,59 @@ jobs: run: | ./openshift/4.0/player.sh deploy api $DESTINATION -apply ./openshift/4.0/player.sh deploy app $DESTINATION -apply + + # the command: + # 1) creates an openshift job with generated name to avoid name conflict, substituting the variables in the template. + # 2) greps the generated name from the previous step. + # 3) waits for the job to complete using the generated name. + database-upgrade: + name: Upgrade database + needs: [deploy] + runs-on: ubuntu-latest + steps: + - name: Checkout Source Code + uses: actions/checkout@v3 + - name: Login to OpenShift + uses: redhat-actions/oc-login@v1 + with: + openshift_server_url: ${{ env.OPENSHIFT_SERVER }} + openshift_token: ${{ env.OPENSHIFT_TOKEN }} + insecure_skip_tls_verify: true + namespace: 3cd915-test + - name: call scripts to upgrade database + shell: bash + run: | + oc process -f ./openshift/4.0/templates/jobs/db-deploy.yaml -p DB_SECRET_NAME=pims-database GIT_BRANCH=test SERVER_NAME=sqlprd.th.gov.bc.ca -p DB_NAME=PIMS_UAT -p NAMESPACE=3cd915-test | oc create -f - | grep -oP "(?<=job\.batch/)[^\s]*" | (read JOB_NAME; oc wait --for=condition=complete job/$JOB_NAME --timeout=120s) + + sync-keycloak: + name: Sync Keycloak + needs: database-upgrade + runs-on: ubuntu-latest + steps: + - name: Checkout Source Code + uses: actions/checkout@v3 + + - name: Setup .NET 6 + uses: actions/setup-dotnet@v2 + with: + dotnet-version: "6.0.x" + + - name: Install dependencies for keycloak sync + run: dotnet restore + working-directory: ${{env.sync-directory}} + + - name: Build keycloak sync + run: dotnet build + working-directory: ${{env.sync-directory}} + + - name: Start keycloak sync + run: dotnet run + working-directory: ${{env.sync-directory}} ci-cd-end-notification: name: CI-CD End Notification to Teams Channel runs-on: ubuntu-latest - needs: deploy + needs: sync-keycloak steps: - name: check workflow status uses: martialonline/workflow-status@v4 @@ -73,6 +123,6 @@ jobs: with: github-token: ${{ github.token }} ms-teams-webhook-uri: ${{ env.MS_TEAMS_WEBHOOK_BUILD_CHANNEL }} - notification-summary: PIMS Release DEV to TEST COMPLETED with status ${{ steps.check.outputs.status }} + notification-summary: PIMS Release TEST to UAT COMPLETED with status ${{ steps.check.outputs.status }} notification-color: 17a2b8 timezone: America/Los_Angeles diff --git a/openshift/4.0/templates/jobs/db-deploy.yaml b/openshift/4.0/templates/jobs/db-deploy.yaml index 9734387026..86252df56e 100644 --- a/openshift/4.0/templates/jobs/db-deploy.yaml +++ b/openshift/4.0/templates/jobs/db-deploy.yaml @@ -30,8 +30,8 @@ objects: touch /usr/config/psp/source/database/mssql/.env; PATH="/opt/mssql-tools/bin:$PATH"; cd /usr/config/psp; - git fetch origin dev; - git reset --h origin/dev; + git fetch origin ${GIT_BRANCH}; + git reset --h origin/${GIT_BRANCH}; cd /usr/config/psp/source/database/mssql/scripts/dbscripts; chmod 777 db-upgrade.sh; ./db-upgrade.sh; @@ -43,12 +43,12 @@ objects: - name: DB_USER valueFrom: secretKeyRef: - name: pims-database + name: ${DB_SECRET_NAME} key: DB_USER - name: DB_PASSWORD valueFrom: secretKeyRef: - name: pims-database + name: ${DB_SECRET_NAME} key: DB_PASSWORD resources: {} terminationMessagePath: /dev/termination-log @@ -65,3 +65,9 @@ parameters: - name: NAMESPACE description: the openshift namespace to run this job in. required: true + - name: GIT_BRANCH + description: the git branch to pull the database scripts from. + required: true + - name: DB_SECRET_NAME + description: the git branch to pull the database scripts from. + required: true