generated from bcgov/quickstart-openshift
-
Notifications
You must be signed in to change notification settings - Fork 0
182 lines (169 loc) · 5.56 KB
/
merge-main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
name: Main Merge
on:
push:
branches:
- main
paths-ignore:
- ".github/ISSUE_TEMPLATE/*"
- "**.md"
workflow_dispatch:
concurrency:
group: ${{ github.workflow }}
cancel-in-progress: true
env:
REGISTRY: ghcr.io
NAME: nrog
jobs:
#TODO: check sonar for OG
tests-backend:
name: Backend Unit Tests
if: github.event_name != 'pull_request' || !github.event.pull_request.draft
runs-on: ubuntu-22.04
continue-on-error: true
steps:
- name: Run tests
uses: bcgov-nr/[email protected]
with:
commands: |
npm ci
npm run test:cov
dir: backend
node_version: 16
sonar_args: >
-Dsonar.exclusions=**/coverage/**,**/examples/**,**/pages/**
-Dsonar.organization=bcgov-sonarcloud
-Dsonar.projectKey=nr-old-growth
-Dsonar.tests=test
sonar_token: ${{ secrets.SONAR_TOKEN_BACKEND }}
- name: Report code coverage
uses: romeovs/[email protected]
with:
title: Backend coverage report
delete-old-comments: true
github-token: ${{ secrets.GHCR_TOKEN }}
lcov-file: ./backend/coverage/lcov.info
codeql:
name: Semantic Code Analysis
runs-on: ubuntu-22.04
needs:
- tests-backend
permissions:
actions: read
contents: read
security-events: write
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Initialize
uses: github/codeql-action/init@v2
with:
languages: javascript
- name: Build Backend
run: |
cd backend
npm ci
npm run build
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2
deploy-test-database:
name: Deploy Database on Test Env
needs:
- tests-backend
env:
ZONE: test
environment: test
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
- name: Deploys
uses: bcgov-nr/[email protected]
with:
file: .github/openshift/deploy.database.yml
oc_namespace: ${{ secrets.OC_NAMESPACE }}
oc_server: ${{ secrets.OC_SERVER }}
oc_token: ${{ secrets.OC_TOKEN }}
overwrite: false
penetration_test: false
parameters:
-p ZONE=${{ env.ZONE }} -p NAME=${{ github.event.repository.name }}
deploy-test-backend:
name: Deploy Backend on Test Env
needs:
- deploy-test-database
env:
ZONE: test
environment: test
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
- name: Deploys
uses: bcgov-nr/[email protected]
with:
file: .github/openshift/deploy.backend.yml
oc_namespace: ${{ secrets.OC_NAMESPACE }}
oc_server: ${{ secrets.OC_SERVER }}
oc_token: ${{ secrets.OC_TOKEN }}
overwrite: true
penetration_test: true
parameters:
-p ZONE=${{ env.ZONE }} -p NAME=${{ github.event.repository.name }}
-p PROMOTE=${{ github.repository }}/backend:${{ env.ZONE }}
-p CHES_CLIENT_ID=${{ secrets.CHES_CLIENT_ID }}
-p CHES_CLIENT_SECRET=${{ secrets.CHES_CLIENT_SECRET }}
-p CHES_TOKEN_URL='https://test.loginproxy.gov.bc.ca/auth/realms/comsvcauth/protocol/openid-connect/token'
-p CHES_API_URL='https://ches-test.api.gov.bc.ca/api/v1'
-p NODE_ENV='development'
-p BCEID_FORM_PASSWORD=${{ secrets.CHEFS_BCEID_FORM_PASSWORD}}
-p IDIR_FORM_PASSWORD=${{ secrets.CHEFS_IDIR_FORM_PASSWORD}}
deploy-prod-database:
name: Deploy Database on Prod Env
needs:
- deploy-test-backend
env:
PREV: test
ZONE: prod
environment: prod
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
- name: Deploys
uses: bcgov-nr/[email protected]
with:
file: .github/openshift/deploy.database.yml
oc_namespace: ${{ secrets.OC_NAMESPACE }}
oc_server: ${{ secrets.OC_SERVER }}
oc_token: ${{ secrets.OC_TOKEN }}
overwrite: false
penetration_test: false
parameters:
-p ZONE=${{ env.ZONE }} -p NAME=${{ github.event.repository.name }}
deploy-prod-backend:
name: Deploy Backend on Prod Env
needs:
- deploy-prod-database
env:
PREV: test
ZONE: prod
environment: prod
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
- name: Deploys
uses: bcgov-nr/[email protected]
with:
file: .github/openshift/deploy.backend.yml
oc_namespace: ${{ secrets.OC_NAMESPACE }}
oc_server: ${{ secrets.OC_SERVER }}
oc_token: ${{ secrets.OC_TOKEN }}
overwrite: true
penetration_test: true
parameters:
-p ZONE=${{ env.ZONE }} -p NAME=${{ github.event.repository.name }}
-p PROMOTE=${{ github.repository }}/backend:${{ env.PREV }}
-p CHES_CLIENT_ID=${{ secrets.CHES_CLIENT_ID }}
-p CHES_CLIENT_SECRET=${{ secrets.CHES_CLIENT_SECRET }}
-p CHES_TOKEN_URL='https://loginproxy.gov.bc.ca/auth/realms/comsvcauth/protocol/openid-connect/token'
-p CHES_API_URL='https://ches.api.gov.bc.ca/api/v1'
-p NODE_ENV='production'
-p BCEID_FORM_PASSWORD=${{ secrets.CHEFS_BCEID_FORM_PASSWORD}}
-p IDIR_FORM_PASSWORD=${{ secrets.CHEFS_IDIR_FORM_PASSWORD}}