From bca1d4cc3f0ee3a5df41aba621c6a9b0fbd2d19b Mon Sep 17 00:00:00 2001 From: Derek Roberts Date: Wed, 20 Nov 2024 14:57:37 -0800 Subject: [PATCH 1/5] ci: use PR number in merge workflow --- .github/workflows/merge-main.yml | 30 ++++++++++++++++++------------ 1 file changed, 18 insertions(+), 12 deletions(-) diff --git a/.github/workflows/merge-main.yml b/.github/workflows/merge-main.yml index 26a968e..5e90ce6 100644 --- a/.github/workflows/merge-main.yml +++ b/.github/workflows/merge-main.yml @@ -1,9 +1,8 @@ -name: Merge to Main +name: Merge on: push: - branches: - - main + branches: [main] paths-ignore: - ".github/ISSUE_TEMPLATE/*" - "**.md" @@ -37,10 +36,19 @@ jobs: - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v3 + init: + name: Initialize + outputs: + pr: ${{ steps.pr.outputs.pr }} + runs-on: ubuntu-latest + steps: + # Get PR number for squash merges to main + - id: pr + uses: bcgov-nr/action-get-pr@v0.0.1 + deploys-test: name: TEST Deployments - needs: - - codeql + needs: [init] environment: test runs-on: ubuntu-24.04 strategy: @@ -59,7 +67,7 @@ jobs: oc_token: ${{ secrets.OC_TOKEN }} overwrite: ${{ matrix.overwrite }} parameters: - -p ZONE=test -p TAG=test + -p ZONE=test -p TAG=${{ needs.init.outputs.pr }} ${{ matrix.parameters }} -p IDIM_WEB_SERVICE_URL=${{ vars.IDIM_WEB_SERVICE_URL }} -p IDIM_WEB_SERVICE_ID=${{ secrets.IDIM_WEB_SERVICE_ID }} @@ -70,8 +78,7 @@ jobs: deploys-prod: name: PROD Deployments - needs: - - deploys-test + needs: [init, deploys-test] environment: prod runs-on: ubuntu-24.04 strategy: @@ -90,7 +97,7 @@ jobs: oc_token: ${{ secrets.OC_TOKEN }} overwrite: ${{ matrix.overwrite }} parameters: - -p ZONE=prod -p TAG=prod + -p ZONE=prod -p TAG=${{ needs.init.outputs.pr }} ${{ matrix.parameters }} -p IDIM_WEB_SERVICE_URL=${{ vars.IDIM_WEB_SERVICE_URL }} -p IDIM_WEB_SERVICE_ID=${{ secrets.IDIM_WEB_SERVICE_ID }} @@ -101,8 +108,7 @@ jobs: image-promotions: name: Promote images to PROD - needs: - - deploys-prod + needs: [init, deploys-prod] runs-on: ubuntu-24.04 permissions: packages: write @@ -114,5 +120,5 @@ jobs: with: registry: ghcr.io repository: ${{ github.repository }}/${{ matrix.component }} - target: test + target: ${{ needs.init.outputs.pr }} tags: prod From 5dd22ef5dc00d56d2bc02f4cbc638f786ba0d7c4 Mon Sep 17 00:00:00 2001 From: Derek Roberts Date: Wed, 20 Nov 2024 15:00:47 -0800 Subject: [PATCH 2/5] Tag accepted PR images as latest --- .github/workflows/pr-open.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pr-open.yml b/.github/workflows/pr-open.yml index 039d635..cdc12be 100644 --- a/.github/workflows/pr-open.yml +++ b/.github/workflows/pr-open.yml @@ -53,7 +53,7 @@ jobs: with: package: ${{ matrix.package }} tag: ${{ github.event.number }} - tag_fallback: test + tag_fallback: latest token: ${{ secrets.GITHUB_TOKEN }} triggers: ${{ matrix.triggers }} build_file: ${{ matrix.build_file }} From 08ea15488f2a11276ba075066f51a2d5c542d6b0 Mon Sep 17 00:00:00 2001 From: Derek Roberts Date: Wed, 20 Nov 2024 15:02:14 -0800 Subject: [PATCH 3/5] Use shared workflow for pr-close --- .github/workflows/pr-close.yml | 49 +++++++--------------------------- 1 file changed, 10 insertions(+), 39 deletions(-) diff --git a/.github/workflows/pr-close.yml b/.github/workflows/pr-close.yml index 2a08910..975675f 100644 --- a/.github/workflows/pr-close.yml +++ b/.github/workflows/pr-close.yml @@ -2,8 +2,7 @@ name: Pull Request Closed on: pull_request: - types: - - closed + types: [closed] concurrency: # PR open and close use the same group, allowing only one at a time @@ -11,40 +10,12 @@ concurrency: cancel-in-progress: true jobs: - # Clean up OpenShift when PR closed, no conditions - cleanup-openshift: - name: Cleanup OpenShift - runs-on: ubuntu-24.04 - steps: - - name: Install CLI tools from OpenShift Mirror - uses: redhat-actions/openshift-tools-installer@v1 - with: - oc: "4.14.37" - - - name: Remove OpenShift artifacts - run: | - # OC Login - OC_TEMP_TOKEN=$(curl -k -X POST https://api.silver.devops.gov.bc.ca:6443/api/v1/namespaces/${{ vars.OC_NAMESPACE }}/serviceaccounts/pipeline/token --header "Authorization: Bearer ${{ secrets.OC_TOKEN }}" -d '{"spec": {"expirationSeconds": 600}}' -H 'Content-Type: application/json; charset=utf-8' | jq -r '.status.token' ) - oc login --token=${OC_TEMP_TOKEN} --server=https://api.silver.devops.gov.bc.ca:6443 - oc project ${{ vars.OC_NAMESPACE }} # Safeguard! - - # Remove old build runs, build pods and deployment pods - oc delete all,pvc,secret -l app=${{ github.event.repository.name }}-${{ github.event.number }} - - # If merged into main, then handle any image promotions - image-promotions: - name: Image Promotions - if: github.event.pull_request.merged == true && github.event.pull_request.base.ref == 'main' - runs-on: ubuntu-24.04 - permissions: - packages: write - strategy: - matrix: - package: [backend] - steps: - - uses: shrink/actions-docker-registry-tag@v4 - with: - registry: ghcr.io - repository: ${{ github.repository }}/${{ matrix.package }} - target: ${{ github.event.number }} - tags: test + cleanup: + name: Cleanup and Images + uses: bcgov/quickstart-openshift-helpers/.github/workflows/.pr-close.yml@v0.8.3 + secrets: + oc_namespace: ${{ vars.OC_NAMESPACE }} + oc_token: ${{ secrets.OC_TOKEN }} + with: + cleanup: label + packages: backend From 2dc68de7ee09df320ee459e26d6e806428fc8c34 Mon Sep 17 00:00:00 2001 From: Derek Roberts Date: Wed, 20 Nov 2024 15:05:00 -0800 Subject: [PATCH 4/5] Use pr-validate with shared workflow --- .github/workflows/pr-open.yml | 28 +--------------------------- .github/workflows/pr-validate.yml | 25 +++++++++++++++++++++++++ 2 files changed, 26 insertions(+), 27 deletions(-) create mode 100644 .github/workflows/pr-validate.yml diff --git a/.github/workflows/pr-open.yml b/.github/workflows/pr-open.yml index cdc12be..04534fb 100644 --- a/.github/workflows/pr-open.yml +++ b/.github/workflows/pr-open.yml @@ -9,31 +9,6 @@ concurrency: cancel-in-progress: true jobs: - pr-greeting: - name: PR Greeting - if: github.event.action == 'opened' || github.event.action == 'reopened' - env: - DOMAIN: apps.silver.devops.gov.bc.ca - PREFIX: ${{ github.event.repository.name }}-${{ github.event.number }} - runs-on: ubuntu-24.04 - permissions: - pull-requests: write - steps: - - name: PR Greeting - uses: bcgov-nr/action-pr-description-add@v1.1.2 - with: - github_token: ${{ secrets.GITHUB_TOKEN }} - add_markdown: | - --- - - Thanks for the PR! - - Any successful deployments (not always required) will be available below. - [Backend](https://${{ env.PREFIX }}-backend.${{ env.DOMAIN }}/api) available - - Once merged, code will be promoted and handed off to following workflow run. - [Main Merge Workflow](https://github.com/${{ github.repository }}/actions/workflows/merge-main.yml) - builds: name: Builds runs-on: ubuntu-24.04 @@ -62,8 +37,7 @@ jobs: deploys: name: Deploys - needs: - - builds + needs: builds runs-on: ubuntu-24.04 strategy: matrix: diff --git a/.github/workflows/pr-validate.yml b/.github/workflows/pr-validate.yml new file mode 100644 index 0000000..e874235 --- /dev/null +++ b/.github/workflows/pr-validate.yml @@ -0,0 +1,25 @@ +name: PR Validate + +on: + pull_request: + types: [edited, opened, synchronize, reopened, ready_for_review] + +concurrency: + group: ${{ github.workflow }}-edit-${{ github.event.number }} + cancel-in-progress: true + +jobs: + validate: + name: Validate PR + uses: bcgov/quickstart-openshift-helpers/.github/workflows/.pr-validate.yml@v0.8.3 + with: + markdown_links: | + - [Backend](https://${{ github.event.repository.name }}-${{ github.event.number }}-backend.apps.silver.devops.gov.bc.ca/api) available + + results: + name: Validate Results + if: always() && (!failure()) && (!cancelled()) + needs: [validate] + runs-on: ubuntu-24.04 + steps: + - run: echo "Success!" From 961c9aaa751eadf9bc9f4eed060406f8228909b7 Mon Sep 17 00:00:00 2001 From: Derek Roberts Date: Wed, 20 Nov 2024 15:08:35 -0800 Subject: [PATCH 5/5] Switch to GH default CodeQL --- .github/workflows/merge-main.yml | 23 ----------------------- 1 file changed, 23 deletions(-) diff --git a/.github/workflows/merge-main.yml b/.github/workflows/merge-main.yml index 5e90ce6..1fea0ba 100644 --- a/.github/workflows/merge-main.yml +++ b/.github/workflows/merge-main.yml @@ -13,29 +13,6 @@ concurrency: cancel-in-progress: true jobs: - codeql: - name: Semantic Code Analysis - runs-on: ubuntu-24.04 - permissions: - actions: read - contents: read - security-events: write - steps: - - uses: actions/checkout@v4 - - - name: Initialize - uses: github/codeql-action/init@v3 - with: - languages: javascript - - # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). - # If this step fails, then you should remove it and run the build manually (see below) - - name: Autobuild - uses: github/codeql-action/autobuild@v3 - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v3 - init: name: Initialize outputs: