Merge branch 'main' into feat/sha_audit

bcgov · Nov 18, 2024 · 8f3be60 · 8f3be60
2 parents 83c9d60 + bc5fd5c
commit 8f3be60
Show file tree

Hide file tree

Showing 308 changed files with 14,965 additions and 7,083 deletions.
diff --git a/.github/workflows/demo.yml b/.github/workflows/demo.yml
@@ -3,42 +3,32 @@ name: Deploy Demo
 on:
   workflow_dispatch:
     inputs:
-      environment:
-        description: "Deployment environment - test --> vault secrets"
-        required: true
-        type: choice
-        options: ["test","tools"]
-        default: "test"
+      tag:
+        description: "Image tag to deploy"
+        required: false
+        type: string
+        default: "uat"
+  workflow_call:
+    inputs:
+      tag:
+        description: "Image tag to deploy"
+        required: false
+        type: string
+        default: "uat"
 
-
-concurrency:
-  group: ${{ github.workflow }}
-  cancel-in-progress: true
-
 jobs:
-  uninstall-demo:
-    name: Uninstall (demo)
-    environment: ${{inputs.environment}}
-    runs-on: ubuntu-22.04
-    steps:
-      - name: uninstall
-        run: |
-          oc login --token=${{ secrets.oc_token }} --server=${{ secrets.oc_server }}
-          oc project ${{ secrets.OC_NAMESPACE }} # Safeguard!
-          helm uninstall onroutebc-demo || true
   deploy-demo:
-    name: Deploys (demo)
+    name: Deploys (DEMO)
     uses: ./.github/workflows/deploy.yml
-    needs: uninstall-demo
     secrets: inherit
     with:
       autoscaling: false
-      environment: ${{inputs.environment}}
-      tag: "test"
+      environment: demo
+      tag: ${{inputs.tag}}
       release: "demo"
       params: |
         --set-string global.license='c28f0c' \
         --set-string global.zone='test' \
         --set-string global.vault.role='nonprod' \
-        --set-string global.vault.zone='staging' \
-        --set-string global.pr_num='${{ needs.vars.outputs.pr }}' \
+        --set-string global.vault.zone='demo' \
+        --set-string global.pr_num='${{ inputs.tag }}' \
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -148,6 +148,11 @@ jobs:
           # If here skip deployment
           echo "No triggers have fired, deployment skipped"
 
+      - uses: redhat-actions/openshift-tools-installer@v1
+        if: ${{ steps.triggers.outputs.triggered == 'true' }}
+        with:
+          oc: "4"
+
       - name: Deploy if Triggers Fired
         if: ${{ steps.triggers.outputs.triggered == 'true' }}
         working-directory: ${{ inputs.directory }}

diff --git a/.github/workflows/dev.yml b/.github/workflows/dev.yml
@@ -0,0 +1,40 @@
+---
+name: Deploy Dev
+
+on:
+  workflow_dispatch:
+    inputs:
+      tag:
+        description: "Image tag to deploy"
+        required: false
+        type: string
+        default: "latest"
+  workflow_call:
+    inputs:
+      tag:
+        description: "Image tag to deploy"
+        required: false
+        type: string
+        default: "latest"
+jobs:
+  deploy-dev:
+    name: Deploys (DEV)
+    uses: ./.github/workflows/deploy.yml
+    secrets: inherit
+    with:
+      autoscaling: false
+      environment: dev
+      release: ${{inputs.tag}}
+      tag: ${{ inputs.tag }}
+      triggers: '' #omit=always;
+      params: |
+        --set-string global.license='c28f0c' \
+        --set-string global.zone='dev' \
+        --set-string global.vault.role='nonprod' \
+        --set-string global.vault.zone='dev' \
+        --set-string global.pr_num='${{ inputs.tag }}' \
+        --set-json dops.containers[0].resources='{"limits": {"cpu": "1000m", "memory": "2000Mi"}, "requests": {"cpu": "25m", "memory": "50Mi"}}' \
+        --set-json frontend.containers[0].resources='{"limits": {"cpu": "75m", "memory": "150Mi"}, "requests": {"cpu": "25m", "memory": "50Mi"}}' \
+        --set-json scheduler.containers[0].resources='{"limits": {"cpu": "75m", "memory": "150Mi"}, "requests": {"cpu": "25m", "memory": "50Mi"}}' \
+        --set-json policy.containers[0].resources='{"limits": {"cpu": "75m", "memory": "150Mi"}, "requests": {"cpu": "25m", "memory": "50Mi"}}' \
+        --set-json vehicles.containers[0].resources='{"limits": {"cpu": "300m", "memory": "500Mi"}, "requests": {"cpu": "200m", "memory": "400Mi"}}' \
diff --git a/.github/workflows/merge.yml b/.github/workflows/merge.yml
@@ -5,16 +5,14 @@ on:
     branches: [main]
     paths-ignore:
       - '*.md'
-      - '.github/**'
       - 'common/graphics/**'
-      - '!.github/workflows/deploy.yml'
-      - '!.github/workflows/merge.yml'
   workflow_dispatch:
     inputs:
-      pr_no:
-        description: "PR-numbered container set to deploy"
-        type: number
-        required: true
+      pr:
+        description: "PR num of image to deploy"
+        required: false
+        type: string
+
 
 concurrency:
   group: ${{ github.workflow }}
@@ -29,27 +27,21 @@ jobs:
     timeout-minutes: 1
     steps:
       # Get PR number for squash merges to main
+      - name: Get PR Number From Event
+        if: ${{ github.event_name == 'push' }}
+        id: pr_no
+        uses: bcgov-nr/[email protected]
       - name: PR Number
         id: pr
-        uses: bcgov-nr/[email protected]
+        run: echo pr=${{ steps.pr_no.outputs.pr || inputs.pr}} >> $GITHUB_OUTPUT
 
   deploys-test:
-    name: Deploys (test)
+    name: Deploys (Test)
     needs: [vars]
-    uses: ./.github/workflows/deploy.yml
+    uses: ./.github/workflows/test.yml
     secrets: inherit
     with:
-      autoscaling: true
-      environment: test
-      release: test
       tag: ${{ needs.vars.outputs.pr }}
-      params: |
-        --set-string global.license='c28f0c' \
-        --set-string global.zone='test' \
-        --set-string global.vault.role='nonprod' \
-        --set-string global.vault.zone='test' \
-        --set-string global.pr_num='${{ needs.vars.outputs.pr }}' \
-
 
   promote-images-test:
     name: Promote Images - Test
@@ -68,58 +60,3 @@ jobs:
           repository: ${{ github.repository }}/${{ matrix.package }}
           target: ${{ needs.vars.outputs.pr }}
           tags: test  #Promote images AFTER successful deploy
-
-  deploys-prod:
-    name: Deploys (prod)
-    needs: [promote-images-test, vars]
-    uses: ./.github/workflows/deploy.yml
-    secrets: inherit
-    with:
-      autoscaling: true
-      environment: prod
-      tag: ${{ needs.vars.outputs.pr }}
-      release: prod
-      params: |
-        --set-string global.license='c28f0c' \
-        --set-string global.zone='prod' \
-        --set-string global.vault.role='prod' \
-        --set-string global.vault.zone='prod' \
-        --set-string global.pr_num='${{ needs.vars.outputs.pr }}' \
-
-  promote-images-prod:
-    name: Promote Images - Prod
-    needs: [deploys-prod, vars]
-    runs-on: ubuntu-22.04
-    permissions:
-      packages: write
-    strategy:
-      matrix:
-        package: [dops, vehicles, frontend, scheduler, policy]
-    timeout-minutes: 2
-    steps:
-      - uses: shrink/actions-docker-registry-tag@v4
-        with:
-          registry: ghcr.io
-          repository: ${{ github.repository }}/${{ matrix.package }}
-          target: ${{ needs.vars.outputs.pr }}
-          tags: prod  #Promote images AFTER successful deploy
-
-  create-release:
-    name: Create release
-    runs-on: ubuntu-22.04
-    needs: [deploys-prod, vars]
-    env:
-      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-    steps:
-      - name: Generate release tag
-        id: generate_release_tag
-        shell: bash
-        run: |  
-          echo next_release_tag=$(expr $(echo $(curl https://api.github.com/repos/bcgov/onroutebc/releases/latest | grep tag_name | cut -d '-' -f3 - | cut -d '"' -f1 -) + 1)) >> $GITHUB_OUTPUT
-            
-      - name: Create Release
-        run: |
-          gh release create "${{ github.event.repository.name }}-release-${{ steps.generate_release_tag.outputs.next_release_tag }}" \
-          --repo=${{ github.repository }} \
-          --title="${{ github.event.repository.name }}-release-${{ steps.generate_release_tag.outputs.next_release_tag }}" \
-          --generate-notes
diff --git a/.github/workflows/pr-close.yml b/.github/workflows/pr-close.yml
@@ -12,7 +12,7 @@ concurrency:
 jobs:
   cleanup:
     name: Cleanup OpenShift and/or Promote Images
-    uses: bcgov/quickstart-openshift-helpers/.github/workflows/.pr-close.yml@v0.6.1
+    uses: bcgov/quickstart-openshift-helpers/.github/workflows/.pr-close.yml@v0.7.1
     secrets:
       oc_namespace: ${{ vars.OC_NAMESPACE }}
       oc_token: ${{ secrets.OC_TOKEN }}

diff --git a/.github/workflows/pr-open.yml b/.github/workflows/pr-open.yml
@@ -74,26 +74,10 @@ jobs:
           triggers: '${{ matrix.package }}/' #omit to build everything
 
   # https://github.com/bcgov-nr/action-deployer-openshift
-  deploys:
-    name: Deploys
+  deploys-dev:
+    name: Deploys (Dev)
     needs: [builds, vars]
-    uses: ./.github/workflows/deploy.yml
+    uses: ./.github/workflows/dev.yml
     secrets: inherit
     with:
-      autoscaling: false
-      repository: ${{ github.event.repository.name }}
-      environment: dev
-      release: ${{ needs.vars.outputs.pr }}
       tag: ${{ needs.vars.outputs.pr }}
-      triggers: '' #omit=always;
-      params: |
-        --set-string global.license='c28f0c' \
-        --set-string global.zone='dev' \
-        --set-string global.vault.role='nonprod' \
-        --set-string global.vault.zone='dev' \
-        --set-string global.pr_num='${{ needs.vars.outputs.pr }}' \
-        --set-json dops.containers[0].resources='{"limits": {"cpu": "1000m", "memory": "2000Mi"}, "requests": {"cpu": "25m", "memory": "50Mi"}}' \
-        --set-json frontend.containers[0].resources='{"limits": {"cpu": "75m", "memory": "150Mi"}, "requests": {"cpu": "25m", "memory": "50Mi"}}' \
-        --set-json scheduler.containers[0].resources='{"limits": {"cpu": "75m", "memory": "150Mi"}, "requests": {"cpu": "25m", "memory": "50Mi"}}' \
-        --set-json policy.containers[0].resources='{"limits": {"cpu": "75m", "memory": "150Mi"}, "requests": {"cpu": "25m", "memory": "50Mi"}}' \
-        --set-json vehicles.containers[0].resources='{"limits": {"cpu": "300m", "memory": "500Mi"}, "requests": {"cpu": "200m", "memory": "400Mi"}}' \
diff --git a/.github/workflows/prod.yml b/.github/workflows/prod.yml
@@ -0,0 +1,34 @@
+name: Deploy Prod
+
+on:
+  workflow_dispatch:
+    inputs:
+      tag:
+        description: "Image tag to deploy"
+        required: false
+        type: string
+        default: "prod"
+  workflow_call:
+    inputs:
+      tag:
+        description: "Image tag to deploy"
+        required: false
+        type: string
+        default: "prod"
+
+jobs:
+  deploys-prod:
+    name: Deploys (PROD)
+    uses: ./.github/workflows/deploy.yml
+    secrets: inherit
+    with:
+      autoscaling: true
+      environment: prod
+      tag: ${{ inputs.tag }}
+      release: prod
+      params: |
+        --set-string global.license='c28f0c' \
+        --set-string global.zone='prod' \
+        --set-string global.vault.role='prod' \
+        --set-string global.vault.zone='prod' \
+        --set-string global.pr_num='${{ inputs.tag }}' \