Skip to content

Commit

Permalink
ci: use runs-on: ubuntu-latest (#445)
Browse files Browse the repository at this point in the history
  • Loading branch information
DerekRoberts authored Nov 6, 2024
1 parent 290c1c0 commit 4b201e8
Show file tree
Hide file tree
Showing 5 changed files with 210 additions and 15 deletions.
195 changes: 195 additions & 0 deletions .github/workflows/.deploy.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,195 @@
name: .Deploys

on:
workflow_call:
inputs:
### Required
# Nothing! Only `secrets: inherit` is required

### Typical / recommended
environment:
description: GitHub/OpenShift environment; usually PR number, test or prod
default: ''
required: false
type: string
tag:
description: Container tag; usually PR number
default: ${{ github.event.number }}
required: false
type: string
target:
description: Deployment target; usually PR number, test or prod
default: ${{ github.event.number }}
required: false
type: string

outputs:
run_tests:
description: Run Cypress tests if the core apps have changed (excludes sync)
value: ${{ jobs.init.outputs.deploy_core }}

jobs:
init:
name: Deploy (init)
environment: ${{ inputs.environment }}
outputs:
fam-modded-zone: ${{ steps.fam-modded-zone.outputs.fam-modded-zone }}
deploy_core: ${{ steps.triggers.outputs.core }}
deploy_sync: ${{ steps.triggers.outputs.sync }}
runs-on: ubuntu-latest
steps:
# Check triggers (omitted or matched)
- name: Check core triggers
uses: bcgov-nr/[email protected]
id: check_core
with:
triggers: ('backend/' 'common/' 'database/' 'frontend/' 'oracle-api/')

- name: Check sync triggers
uses: bcgov-nr/[email protected]
id: check_sync
with:
triggers: ('common/' 'sync/')

# Simplify triggers
- name: Simplify triggers
id: triggers
run: |
echo "core=${{ github.event_name != 'pull_request' || steps.check_core.outputs.triggered == 'true' }}" >> $GITHUB_OUTPUT
echo "sync=${{ github.event_name != 'pull_request' || steps.check_sync.outputs.triggered == 'true' }}" >> $GITHUB_OUTPUT
- name: FAM routing
id: fam-modded-zone
if: steps.triggers.outputs.core == 'true'
run: |
if [ ${{ github.event_name }} == 'pull_request' ]; then
echo "fam-modded-zone=$(( ${{ inputs.target }} % 50 ))" >> $GITHUB_OUTPUT
else
echo "fam-modded-zone=${{ inputs.target }}" >> $GITHUB_OUTPUT
fi
- name: OpenShift Init
if: steps.triggers.outputs.core == 'true' || steps.triggers.outputs.sync == 'true'
uses: bcgov-nr/[email protected]
with:
oc_namespace: ${{ vars.OC_NAMESPACE }}
oc_server: ${{ vars.OC_SERVER }}
oc_token: ${{ secrets.OC_TOKEN }}
file: common/openshift.init.yml
overwrite: true
parameters:
-p ZONE=${{ inputs.target }}
-p DB_PASSWORD='${{ secrets.DB_PASSWORD }}'
-p FORESTCLIENTAPI_KEY='${{ secrets.FORESTCLIENTAPI_KEY }}'
-p ORACLE_PASSWORD='${{ secrets.ORACLE_PASSWORD }}'
-p ORACLE_SERVICE='${{ vars.ORACLE_SERVICE }}'
-p ORACLE_USER='${{ vars.ORACLE_USER }}'
-p ORACLE_SYNC_USER='${{ vars.ORACLE_SYNC_USER }}'
-p ORACLE_SYNC_PASSWORD='${{ secrets.ORACLE_SYNC_PASSWORD }}'
-p ORACLE_CERT_SECRET='${{ secrets.ORACLE_CERT_SECRET }}'
-p ORACLE_HOST='${{ vars.ORACLE_HOST }}'
-p VITE_USER_POOLS_WEB_CLIENT_ID=${{ secrets.VITE_USER_POOLS_WEB_CLIENT_ID }}

- name: Database
if: steps.triggers.outputs.core == 'true' || steps.triggers.outputs.sync == 'true'
uses: bcgov-nr/[email protected]
with:
oc_namespace: ${{ vars.OC_NAMESPACE }}
oc_server: ${{ vars.OC_SERVER }}
oc_token: ${{ secrets.OC_TOKEN }}
file: common/openshift.database.yml
overwrite: false
parameters:
-p ZONE=${{ inputs.target }}
${{ github.event_name == 'pull_request' && '-p DB_PVC_SIZE=192Mi' || '' }}
${{ github.event_name == 'pull_request' && '-p MEMORY_REQUEST=100Mi' || '' }}
${{ github.event_name == 'pull_request' && '-p MEMORY_LIMIT=200Mi' || '' }}

deploy:
name: Deploy
environment: ${{ inputs.environment }}
if: needs.init.outputs.deploy_core == 'true'
needs: [init]
runs-on: ubuntu-latest
timeout-minutes: 10
strategy:
matrix:
name: [backend, frontend, oracle-api]
include:
- name: backend
file: backend/openshift.deploy.yml
overwrite: true
parameters:
-p AWS_COGNITO_ISSUER_URI=https://cognito-idp.ca-central-1.amazonaws.com/${{ vars.VITE_USER_POOLS_ID }}
verification_path: "health"
- name: frontend
file: frontend/openshift.deploy.yml
overwrite: true
parameters:
-p FAM_MODDED_ZONE=${{ needs.init.outputs.fam-modded-zone }}
-p VITE_SPAR_BUILD_VERSION=snapshot-${{ inputs.target || github.event.number }}
-p VITE_USER_POOLS_ID=${{ vars.VITE_USER_POOLS_ID }}
- name: oracle-api
file: oracle-api/openshift.deploy.yml
overwrite: true
parameters:
-p AWS_COGNITO_ISSUER_URI=https://cognito-idp.ca-central-1.amazonaws.com/${{ vars.VITE_USER_POOLS_ID }}
${{ github.event_name == 'pull_request' && '-p CPU_LIMIT=100m' || '' }}
${{ inputs.target == 'prod' && '-p MIN_REPLICAS=3' || '' }}
${{ inputs.target == 'prod' && '-p MAX_REPLICAS=5' || '' }}
verification_path: "actuator/health"

steps:
- uses: bcgov-nr/[email protected]
id: deploys
with:
file: ${{ matrix.file }}
oc_namespace: ${{ vars.OC_NAMESPACE }}
oc_server: ${{ vars.OC_SERVER }}
oc_token: ${{ secrets.OC_TOKEN }}
overwrite: ${{ matrix.overwrite }}
parameters:
-p TAG=${{ inputs.tag }}
-p ZONE=${{ inputs.target }}
${{ github.event_name == 'pull_request' && '-p MIN_REPLICAS=1' || '' }}
${{ github.event_name == 'pull_request' && '-p MAX_REPLICAS=1' || '' }}
${{ matrix.parameters }}
verification_path: ${{ matrix.verification_path }}
verification_retry_attempts: 5
verification_retry_seconds: 20

# ETL testing will only run on Pull Requests if the sync/ directory is modified
sync:
name: Deploy (sync)
environment: ${{ inputs.environment }}
if: needs.init.outputs.deploy_sync == 'true'
needs: [init]
runs-on: ubuntu-latest
steps:
- name: Deploy (sync)
uses: bcgov-nr/[email protected]
with:
file: sync/openshift.deploy.yml
oc_namespace: ${{ vars.OC_NAMESPACE }}
oc_server: ${{ vars.OC_SERVER }}
oc_token: ${{ secrets.OC_TOKEN }}
overwrite: true
parameters:
-p TAG=${{ inputs.tag }}
-p ZONE=${{ inputs.target }}
${{ github.event_name == 'pull_request' && '-p TEST_MODE=true' || '' }}


- name: Override OpenShift version
if: github.event_name == 'pull_request'
env:
OC: https://mirror.openshift.com/pub/openshift-v4/clients/ocp/stable-4.13/openshift-client-linux.tar.gz
run: |
# Download and extract with retry, continuing on error
(wget ${{ env.OC }} -qcO - | tar -xzvf - oc)|| !! || true
oc version
working-directory: /usr/local/bin/

- name: Run sync ETL
if: github.event_name == 'pull_request'
run: ./sync/oc_run.sh ${{ inputs.tag }} ${{ secrets.oc_token }}
10 changes: 5 additions & 5 deletions .github/workflows/analysis.yml
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ jobs:
tests-backend:
name: Tests (Backend)
if: github.event_name != 'pull_request' || !github.event.pull_request.draft
runs-on: ubuntu-24.04
runs-on: ubuntu-latest
steps:
- uses: bcgov-nr/[email protected]
with:
Expand All @@ -37,7 +37,7 @@ jobs:
lint-frontend:
name: Lint (Frontend)
if: github.event_name != 'pull_request' || !github.event.pull_request.draft
runs-on: ubuntu-24.04
runs-on: ubuntu-latest
steps:
- uses: bcgov-nr/[email protected]
with:
Expand All @@ -52,7 +52,7 @@ jobs:
tests-frontend:
name: Tests (Frontend)
if: github.event_name != 'pull_request' || !github.event.pull_request.draft
runs-on: ubuntu-24.04
runs-on: ubuntu-latest
steps:
- uses: bcgov-nr/[email protected]
env:
Expand Down Expand Up @@ -83,7 +83,7 @@ jobs:
trivy:
name: Trivy Security Scan
if: github.event_name != 'pull_request' || !github.event.pull_request.draft
runs-on: ubuntu-24.04
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4

Expand All @@ -107,6 +107,6 @@ jobs:
name: Analysis Results
if: always() && (!failure()) && (!cancelled())
needs: [lint-frontend, tests-backend, tests-frontend] # Include trivy when/if it gets back to being reliable
runs-on: ubuntu-24.04
runs-on: ubuntu-latest
steps:
- run: echo "Workflow completed successfully!"
10 changes: 5 additions & 5 deletions .github/workflows/merge.yml
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ jobs:
init-test:
name: TEST Init
environment: test
runs-on: ubuntu-24.04
runs-on: ubuntu-latest
steps:
- name: OpenShift Init
uses: bcgov-nr/[email protected]
Expand All @@ -41,7 +41,7 @@ jobs:
name: TEST Deployments
needs: [init-test]
environment: test
runs-on: ubuntu-24.04
runs-on: ubuntu-latest
permissions:
issues: write
strategy:
Expand Down Expand Up @@ -87,7 +87,7 @@ jobs:
name: PROD Init
needs: [deploys-test]
environment: prod
runs-on: ubuntu-24.04
runs-on: ubuntu-latest
steps:
- name: OpenShift Init
uses: bcgov-nr/[email protected]
Expand All @@ -113,7 +113,7 @@ jobs:
image-promotions:
name: Promote images to PROD
needs: [deploys-test]
runs-on: ubuntu-24.04
runs-on: ubuntu-latest
permissions:
packages: write
strategy:
Expand All @@ -131,7 +131,7 @@ jobs:
name: PROD Deployments
needs: [init-prod, image-promotions]
environment: prod
runs-on: ubuntu-24.04
runs-on: ubuntu-latest
strategy:
matrix:
name: [database, backend, frontend, fluentbit]
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/pr-close.yml
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ jobs:
cleanup-openshift:
name: Cleanup OpenShift
if: '!github.event.pull_request.head.repo.fork'
runs-on: ubuntu-24.04
runs-on: ubuntu-latest
steps:
- uses: redhat-actions/openshift-tools-installer@v1
with:
Expand All @@ -32,7 +32,7 @@ jobs:
image-promotions:
name: Image Promotions
if: github.event.pull_request.merged == true && github.event.pull_request.base.ref == 'main'
runs-on: ubuntu-24.04
runs-on: ubuntu-latest
strategy:
matrix:
package: [database, backend, frontend]
Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/pr-open.yml
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ jobs:
if: "!github.event.pull_request.head.repo.fork"
outputs:
route: ${{ github.event.number }}
runs-on: ubuntu-24.04
runs-on: ubuntu-latest
permissions:
pull-requests: write
steps:
Expand Down Expand Up @@ -70,7 +70,7 @@ jobs:

builds:
name: Builds
runs-on: ubuntu-24.04
runs-on: ubuntu-latest
permissions:
packages: write
strategy:
Expand All @@ -96,7 +96,7 @@ jobs:
deploys:
name: Deploys
needs: [builds, init]
runs-on: ubuntu-24.04
runs-on: ubuntu-latest
strategy:
matrix:
name: [database, backend, frontend, fluentbit]
Expand Down

0 comments on commit 4b201e8

Please sign in to comment.