diff --git a/.github/workflows/.deploy.yml b/.github/workflows/.deploy.yml new file mode 100644 index 00000000..a5b5f2b1 --- /dev/null +++ b/.github/workflows/.deploy.yml @@ -0,0 +1,195 @@ +name: .Deploys + +on: + workflow_call: + inputs: + ### Required + # Nothing! Only `secrets: inherit` is required + + ### Typical / recommended + environment: + description: GitHub/OpenShift environment; usually PR number, test or prod + default: '' + required: false + type: string + tag: + description: Container tag; usually PR number + default: ${{ github.event.number }} + required: false + type: string + target: + description: Deployment target; usually PR number, test or prod + default: ${{ github.event.number }} + required: false + type: string + + outputs: + run_tests: + description: Run Cypress tests if the core apps have changed (excludes sync) + value: ${{ jobs.init.outputs.deploy_core }} + +jobs: + init: + name: Deploy (init) + environment: ${{ inputs.environment }} + outputs: + fam-modded-zone: ${{ steps.fam-modded-zone.outputs.fam-modded-zone }} + deploy_core: ${{ steps.triggers.outputs.core }} + deploy_sync: ${{ steps.triggers.outputs.sync }} + runs-on: ubuntu-latest + steps: + # Check triggers (omitted or matched) + - name: Check core triggers + uses: bcgov-nr/action-diff-triggers@v0.2.0 + id: check_core + with: + triggers: ('backend/' 'common/' 'database/' 'frontend/' 'oracle-api/') + + - name: Check sync triggers + uses: bcgov-nr/action-diff-triggers@v0.2.0 + id: check_sync + with: + triggers: ('common/' 'sync/') + + # Simplify triggers + - name: Simplify triggers + id: triggers + run: | + echo "core=${{ github.event_name != 'pull_request' || steps.check_core.outputs.triggered == 'true' }}" >> $GITHUB_OUTPUT + echo "sync=${{ github.event_name != 'pull_request' || steps.check_sync.outputs.triggered == 'true' }}" >> $GITHUB_OUTPUT + + - name: FAM routing + id: fam-modded-zone + if: steps.triggers.outputs.core == 'true' + run: | + if [ ${{ github.event_name }} == 'pull_request' ]; then + echo "fam-modded-zone=$(( ${{ inputs.target }} % 50 ))" >> $GITHUB_OUTPUT + else + echo "fam-modded-zone=${{ inputs.target }}" >> $GITHUB_OUTPUT + fi + + - name: OpenShift Init + if: steps.triggers.outputs.core == 'true' || steps.triggers.outputs.sync == 'true' + uses: bcgov-nr/action-deployer-openshift@v3.0.1 + with: + oc_namespace: ${{ vars.OC_NAMESPACE }} + oc_server: ${{ vars.OC_SERVER }} + oc_token: ${{ secrets.OC_TOKEN }} + file: common/openshift.init.yml + overwrite: true + parameters: + -p ZONE=${{ inputs.target }} + -p DB_PASSWORD='${{ secrets.DB_PASSWORD }}' + -p FORESTCLIENTAPI_KEY='${{ secrets.FORESTCLIENTAPI_KEY }}' + -p ORACLE_PASSWORD='${{ secrets.ORACLE_PASSWORD }}' + -p ORACLE_SERVICE='${{ vars.ORACLE_SERVICE }}' + -p ORACLE_USER='${{ vars.ORACLE_USER }}' + -p ORACLE_SYNC_USER='${{ vars.ORACLE_SYNC_USER }}' + -p ORACLE_SYNC_PASSWORD='${{ secrets.ORACLE_SYNC_PASSWORD }}' + -p ORACLE_CERT_SECRET='${{ secrets.ORACLE_CERT_SECRET }}' + -p ORACLE_HOST='${{ vars.ORACLE_HOST }}' + -p VITE_USER_POOLS_WEB_CLIENT_ID=${{ secrets.VITE_USER_POOLS_WEB_CLIENT_ID }} + + - name: Database + if: steps.triggers.outputs.core == 'true' || steps.triggers.outputs.sync == 'true' + uses: bcgov-nr/action-deployer-openshift@v3.0.1 + with: + oc_namespace: ${{ vars.OC_NAMESPACE }} + oc_server: ${{ vars.OC_SERVER }} + oc_token: ${{ secrets.OC_TOKEN }} + file: common/openshift.database.yml + overwrite: false + parameters: + -p ZONE=${{ inputs.target }} + ${{ github.event_name == 'pull_request' && '-p DB_PVC_SIZE=192Mi' || '' }} + ${{ github.event_name == 'pull_request' && '-p MEMORY_REQUEST=100Mi' || '' }} + ${{ github.event_name == 'pull_request' && '-p MEMORY_LIMIT=200Mi' || '' }} + + deploy: + name: Deploy + environment: ${{ inputs.environment }} + if: needs.init.outputs.deploy_core == 'true' + needs: [init] + runs-on: ubuntu-latest + timeout-minutes: 10 + strategy: + matrix: + name: [backend, frontend, oracle-api] + include: + - name: backend + file: backend/openshift.deploy.yml + overwrite: true + parameters: + -p AWS_COGNITO_ISSUER_URI=https://cognito-idp.ca-central-1.amazonaws.com/${{ vars.VITE_USER_POOLS_ID }} + verification_path: "health" + - name: frontend + file: frontend/openshift.deploy.yml + overwrite: true + parameters: + -p FAM_MODDED_ZONE=${{ needs.init.outputs.fam-modded-zone }} + -p VITE_SPAR_BUILD_VERSION=snapshot-${{ inputs.target || github.event.number }} + -p VITE_USER_POOLS_ID=${{ vars.VITE_USER_POOLS_ID }} + - name: oracle-api + file: oracle-api/openshift.deploy.yml + overwrite: true + parameters: + -p AWS_COGNITO_ISSUER_URI=https://cognito-idp.ca-central-1.amazonaws.com/${{ vars.VITE_USER_POOLS_ID }} + ${{ github.event_name == 'pull_request' && '-p CPU_LIMIT=100m' || '' }} + ${{ inputs.target == 'prod' && '-p MIN_REPLICAS=3' || '' }} + ${{ inputs.target == 'prod' && '-p MAX_REPLICAS=5' || '' }} + verification_path: "actuator/health" + + steps: + - uses: bcgov-nr/action-deployer-openshift@v3.0.1 + id: deploys + with: + file: ${{ matrix.file }} + oc_namespace: ${{ vars.OC_NAMESPACE }} + oc_server: ${{ vars.OC_SERVER }} + oc_token: ${{ secrets.OC_TOKEN }} + overwrite: ${{ matrix.overwrite }} + parameters: + -p TAG=${{ inputs.tag }} + -p ZONE=${{ inputs.target }} + ${{ github.event_name == 'pull_request' && '-p MIN_REPLICAS=1' || '' }} + ${{ github.event_name == 'pull_request' && '-p MAX_REPLICAS=1' || '' }} + ${{ matrix.parameters }} + verification_path: ${{ matrix.verification_path }} + verification_retry_attempts: 5 + verification_retry_seconds: 20 + + # ETL testing will only run on Pull Requests if the sync/ directory is modified + sync: + name: Deploy (sync) + environment: ${{ inputs.environment }} + if: needs.init.outputs.deploy_sync == 'true' + needs: [init] + runs-on: ubuntu-latest + steps: + - name: Deploy (sync) + uses: bcgov-nr/action-deployer-openshift@v3.0.1 + with: + file: sync/openshift.deploy.yml + oc_namespace: ${{ vars.OC_NAMESPACE }} + oc_server: ${{ vars.OC_SERVER }} + oc_token: ${{ secrets.OC_TOKEN }} + overwrite: true + parameters: + -p TAG=${{ inputs.tag }} + -p ZONE=${{ inputs.target }} + ${{ github.event_name == 'pull_request' && '-p TEST_MODE=true' || '' }} + + + - name: Override OpenShift version + if: github.event_name == 'pull_request' + env: + OC: https://mirror.openshift.com/pub/openshift-v4/clients/ocp/stable-4.13/openshift-client-linux.tar.gz + run: | + # Download and extract with retry, continuing on error + (wget ${{ env.OC }} -qcO - | tar -xzvf - oc)|| !! || true + oc version + working-directory: /usr/local/bin/ + + - name: Run sync ETL + if: github.event_name == 'pull_request' + run: ./sync/oc_run.sh ${{ inputs.tag }} ${{ secrets.oc_token }} diff --git a/.github/workflows/analysis.yml b/.github/workflows/analysis.yml index 0a79ef2c..4b00749f 100644 --- a/.github/workflows/analysis.yml +++ b/.github/workflows/analysis.yml @@ -15,7 +15,7 @@ jobs: tests-backend: name: Tests (Backend) if: github.event_name != 'pull_request' || !github.event.pull_request.draft - runs-on: ubuntu-24.04 + runs-on: ubuntu-latest steps: - uses: bcgov-nr/action-test-and-analyse-java@v1.0.2 with: @@ -37,7 +37,7 @@ jobs: lint-frontend: name: Lint (Frontend) if: github.event_name != 'pull_request' || !github.event.pull_request.draft - runs-on: ubuntu-24.04 + runs-on: ubuntu-latest steps: - uses: bcgov-nr/action-test-and-analyse@v1.2.1 with: @@ -52,7 +52,7 @@ jobs: tests-frontend: name: Tests (Frontend) if: github.event_name != 'pull_request' || !github.event.pull_request.draft - runs-on: ubuntu-24.04 + runs-on: ubuntu-latest steps: - uses: bcgov-nr/action-test-and-analyse@v1.2.1 env: @@ -83,7 +83,7 @@ jobs: trivy: name: Trivy Security Scan if: github.event_name != 'pull_request' || !github.event.pull_request.draft - runs-on: ubuntu-24.04 + runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 @@ -107,6 +107,6 @@ jobs: name: Analysis Results if: always() && (!failure()) && (!cancelled()) needs: [lint-frontend, tests-backend, tests-frontend] # Include trivy when/if it gets back to being reliable - runs-on: ubuntu-24.04 + runs-on: ubuntu-latest steps: - run: echo "Workflow completed successfully!" diff --git a/.github/workflows/merge.yml b/.github/workflows/merge.yml index b0f39c68..c6942fb3 100644 --- a/.github/workflows/merge.yml +++ b/.github/workflows/merge.yml @@ -14,7 +14,7 @@ jobs: init-test: name: TEST Init environment: test - runs-on: ubuntu-24.04 + runs-on: ubuntu-latest steps: - name: OpenShift Init uses: bcgov-nr/action-deployer-openshift@v3.0.1 @@ -41,7 +41,7 @@ jobs: name: TEST Deployments needs: [init-test] environment: test - runs-on: ubuntu-24.04 + runs-on: ubuntu-latest permissions: issues: write strategy: @@ -87,7 +87,7 @@ jobs: name: PROD Init needs: [deploys-test] environment: prod - runs-on: ubuntu-24.04 + runs-on: ubuntu-latest steps: - name: OpenShift Init uses: bcgov-nr/action-deployer-openshift@v3.0.1 @@ -113,7 +113,7 @@ jobs: image-promotions: name: Promote images to PROD needs: [deploys-test] - runs-on: ubuntu-24.04 + runs-on: ubuntu-latest permissions: packages: write strategy: @@ -131,7 +131,7 @@ jobs: name: PROD Deployments needs: [init-prod, image-promotions] environment: prod - runs-on: ubuntu-24.04 + runs-on: ubuntu-latest strategy: matrix: name: [database, backend, frontend, fluentbit] diff --git a/.github/workflows/pr-close.yml b/.github/workflows/pr-close.yml index d6695786..3ad1673f 100644 --- a/.github/workflows/pr-close.yml +++ b/.github/workflows/pr-close.yml @@ -15,7 +15,7 @@ jobs: cleanup-openshift: name: Cleanup OpenShift if: '!github.event.pull_request.head.repo.fork' - runs-on: ubuntu-24.04 + runs-on: ubuntu-latest steps: - uses: redhat-actions/openshift-tools-installer@v1 with: @@ -32,7 +32,7 @@ jobs: image-promotions: name: Image Promotions if: github.event.pull_request.merged == true && github.event.pull_request.base.ref == 'main' - runs-on: ubuntu-24.04 + runs-on: ubuntu-latest strategy: matrix: package: [database, backend, frontend] diff --git a/.github/workflows/pr-open.yml b/.github/workflows/pr-open.yml index b7ccb11d..7cea2962 100644 --- a/.github/workflows/pr-open.yml +++ b/.github/workflows/pr-open.yml @@ -17,7 +17,7 @@ jobs: if: "!github.event.pull_request.head.repo.fork" outputs: route: ${{ github.event.number }} - runs-on: ubuntu-24.04 + runs-on: ubuntu-latest permissions: pull-requests: write steps: @@ -70,7 +70,7 @@ jobs: builds: name: Builds - runs-on: ubuntu-24.04 + runs-on: ubuntu-latest permissions: packages: write strategy: @@ -96,7 +96,7 @@ jobs: deploys: name: Deploys needs: [builds, init] - runs-on: ubuntu-24.04 + runs-on: ubuntu-latest strategy: matrix: name: [database, backend, frontend, fluentbit]