Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: helm deployment pipeline #732

Closed
wants to merge 26 commits into from
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
26 commits
Select commit Hold shift + click to select a range
52c3295
Helm charts for deployment
cberg-aot Aug 17, 2023
d756aae
Adding chart-releaser action
cberg-aot Aug 17, 2023
0dda4cc
removed chart.lock
cberg-aot Aug 17, 2023
4695c52
only update on changes to main
cberg-aot Aug 17, 2023
aa365f4
initial working values commit
cberg-aot Oct 26, 2023
b4c3d38
merged with main
cberg-aot Oct 26, 2023
0a31912
Merge branch 'main' into feature/helm
cberg-aot Oct 31, 2023
246a970
modified values to define command
cberg-aot Oct 31, 2023
97ae586
Merge remote-tracking branch 'origin/main' into feature/helm
cberg-aot Oct 31, 2023
679ff56
First working commit and deploy of helm install
cberg-aot Oct 31, 2023
b12b1ce
Merge branch 'main' of github.com:bcgov/onroutebc into feature/helm
cberg-aot Nov 3, 2023
6d9f54e
Merge remote-tracking branch 'origin/main' into feature/helm_deployme…
cberg-aot Nov 10, 2023
988e26b
Implimenting Changes via Nr-Quickstart-Openshift
cberg-aot Nov 10, 2023
228ea09
Implimenting Changes via Nr-Quickstart-Openshift
cberg-aot Nov 10, 2023
afe1d5c
Implimenting Changes via Nr-Quickstart-Openshift
cberg-aot Nov 10, 2023
ef834bf
feat: Implimenting Changes via Nr-Quickstart-Openshift
cberg-aot Nov 10, 2023
3d13d84
feat: Implimenting Changes via Nr-Quickstart-Openshift
cberg-aot Nov 10, 2023
b78fcbc
Moved values.yaml into dev/test/prod versions
cberg-aot Nov 14, 2023
fc47895
Moved values.yaml into dev/test/prod versions
cberg-aot Nov 14, 2023
eae6a6b
Trying to get updates to work
cberg-aot Nov 15, 2023
0ef5d8d
Added values to inputs
cberg-aot Nov 15, 2023
5a5ecbc
trying full pipe deploy
cberg-aot Nov 15, 2023
14b7001
trying full pipe deploy
cberg-aot Nov 15, 2023
28d7dbb
trying full pipe deploy
cberg-aot Nov 15, 2023
0cf1c36
trying full pipe deploy
cberg-aot Nov 15, 2023
a15e9a9
Merge branch 'main' into feat/helm_deployment_pipeline
cberg-aot Nov 15, 2023
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions .github/CODEOWNERS
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
# Default codeowners:
* @john-fletcher-aot @gchauhan-aot @praju-aot @krishnan-aot @zgong-gov
* @john-fletcher-aot @gchauhan-aot @praju-aot @krishnan-aot

# Frontend:
/frontend/** @krishnan-aot @erikataot @zgong-gov
/frontend/** @krishnan-aot

# Backend:
/backend/** @gchauhan-aot @praju-aot
Expand Down
95 changes: 95 additions & 0 deletions .github/workflows/.deploy.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,95 @@
name: Deploy Workflow

on:
workflow_call:
inputs:
### Required
target:
description: 'PR number, test or prod.'
required: true
type: string

### Typical / recommended
autoscaling:
description: 'Autoscaling enabled or not for the deployments'
required: false
type: boolean
default: true
tag:
description: 'Docker tag; e.g. PR number, tag, test or prod'
required: false
type: string
default: ${{ github.event.number }}
license:
description: 'BC Gov LICENSE_PLATE of deployment env'
required: true
type: string
default: "DEFINE_ME"
vault_role:
description: "nonprod/prod"
required: true
type: string
default: "nonprod"
zone:
description: "Deployment zone - dev/test/prod"
required: true
type: string
default: "dev"

### Usually a bad idea / not recommended
directory:
description: 'Chart directory.'
default: 'charts/${{ github.event.repository.name }}'
required: false
type: string
timeout-minutes:
description: 'Timeout minutes'
default: 10
required: false
type: number
values:
description: 'Values file.'
default: 'values.yaml'
required: false
type: string

jobs:
# https://github.com/bcgov-nr/action-deployer-openshift
deploys:
name: Helm
environment: ${{ github.event.number || github.event.release.tag_name }}
runs-on: ubuntu-22.04
timeout-minutes: ${{ inputs.timeout-minutes }}
steps:
- uses: actions/checkout@v4
- name: Deploy
working-directory: ${{ inputs.directory }}
shell: bash
run: |
# Login to OpenShift (NOTE: project command is a safeguard)
oc login --token=${{ secrets.oc_token }} --server=${{ vars.oc_server }}
oc project ${{ vars.oc_namespace }}

# Interrupt any previous jobs (status = pending-upgrade)
PREVIOUS=$(helm status ${{ github.event.repository.name }}-${{ inputs.target }} -o json | jq .info.status || true)
if [[ ${PREVIOUS} =~ pending ]]; then
echo "Rollback triggered"
helm rollback ${{ github.event.repository.name }}-${{ inputs.target }} || \
helm uninstall ${{ github.event.repository.name }}-${{ inputs.target }}
fi

# Deploy Helm Chart
helm dependency update
helm upgrade \
--set global.autoscaling=${{ inputs.autoscaling }} \
--set-string global.repository=${{ github.repository }} \
--set-string global.tag=${{ inputs.target }} \
--set-string global.license=${{inputs.license}} \
--set-string global.zone=${{inputs.zone}} \
--set-string global.vault.role=${{inputs.vault_role}} \
--install --wait --atomic ${{ github.event.repository.name }}-${{ inputs.target }} \
--timeout ${{ inputs.timeout-minutes }}m \
--values ${{ inputs.values }} .

# Remove old build runs, build pods and deployment pods
oc delete po --field-selector=status.phase==Succeeded
74 changes: 74 additions & 0 deletions .github/workflows/.tests.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,74 @@
name: Test Workflow

on:
workflow_call:
inputs:
### Required
target:
description: 'PR number, test or prod.'
required: true
type: string

jobs:
integration-tests:
name: Integration Tests
runs-on: ubuntu-22.04
timeout-minutes: 1
steps:
- uses: actions/checkout@v4
- id: cache-npm
uses: actions/cache@v3
with:
path: ~/.npm
key: ${{ runner.os }}-build-cache-node-modules-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-build-cache-node-modules-
${{ runner.os }}-build-
${{ runner.os }}-

- name: Integration tests
env:
API_NAME: nest
BASE_URL: https://${{ github.event.repository.name }}-${{ inputs.target }}-frontend.apps.silver.devops.gov.bc.ca
run: |
cd integration-tests
npm ci
node src/main.js

cypress-e2e:
name: E2E Tests
runs-on: ubuntu-22.04
defaults:
run:
working-directory: frontend
strategy:
matrix:
browser: [chrome, firefox, edge]
timeout-minutes: 5
steps:
- uses: actions/checkout@v4
- id: cache-npm
uses: actions/cache@v3
with:
path: ~/.npm
key: ${{ runner.os }}-build-cache-node-modules-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-build-cache-node-modules-
${{ runner.os }}-build-
${{ runner.os }}-

- uses: cypress-io/github-action@v6
name: Cypress run
env:
CYPRESS_baseUrl: https://${{ github.event.repository.name }}-${{ inputs.target }}-frontend.apps.silver.devops.gov.bc.ca/
with:
config: pageLoadTimeout=10000
working-directory: ./frontend
browser: ${{ matrix.browser }}

- uses: actions/upload-artifact@v3
if: failure()
with:
name: cypress-screenshots
path: ./cypress/screenshots
if-no-files-found: ignore # 'warn' or 'error' are also available, defaults to `warn`
69 changes: 42 additions & 27 deletions .github/workflows/analysis.yml
Original file line number Diff line number Diff line change
@@ -1,15 +1,12 @@
name: Analysis

on:
pull_request:
types:
- opened
- reopened
- synchronize
- ready_for_review
push:
branches:
- main
branches: [main]
pull_request:
types: [opened, reopened, synchronize, ready_for_review]
schedule:
- cron: "0 11 * * 0" # 3 AM PST = 12 PM UDT, runs sundays
workflow_dispatch:

concurrency:
Expand All @@ -21,27 +18,28 @@ jobs:
name: CodeQL
if: github.event_name != 'pull_request' || !github.event.pull_request.draft
runs-on: ubuntu-22.04
timeout-minutes: 5
steps:
- uses: actions/checkout@v4
- uses: github/codeql-action/init@v2
with:
languages: javascript

- name: Autobuild
uses: github/codeql-action/autobuild@v2

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2
with:
category: "/language:javascript"

# https://github.com/marketplace/actions/aqua-security-trivy
trivy:
name: Security Scan
name: Trivy Security Scan
if: github.event_name != 'pull_request' || !github.event.pull_request.draft
runs-on: ubuntu-22.04
timeout-minutes: 1
steps:
- uses: actions/checkout@v4

- name: Run Trivy vulnerability scanner in repo mode
uses: aquasecurity/trivy-action@0.12.0
uses: aquasecurity/trivy-action@0.14.0
with:
format: "sarif"
output: "trivy-results.sarif"
Expand All @@ -56,33 +54,50 @@ jobs:
sarif_file: "trivy-results.sarif"

tests:
name: Unit Tests
name: Tests
if: github.event_name != 'pull_request' || !github.event.pull_request.draft
runs-on: ubuntu-22.04
timeout-minutes: 5
services:
postgres:
image: postgres
env:
POSTGRES_DB: postgres
POSTGRES_USER: postgres
POSTGRES_PASSWORD: postgres
options: >-
--health-cmd pg_isready
--health-interval 10s
--health-timeout 5s
--health-retries 5
ports:
- 5432:5432
strategy:
matrix:
#dir: [backend/vehicles, frontend]
dir: [backend/vehicles, backend/dops, frontend]
dir: [backend, frontend]
include:
- dir: backend/vehicles
sonar_projectKey: bcgov_onroutebc_backend
token: SONAR_TOKEN_BACKEND
- dir: backend/dops
sonar_projectKey: bcgov_onroutebc_backend
- dir: backend
sonar_projectKey: quickstart-openshift_backend
token: SONAR_TOKEN_BACKEND
triggers: ('backend/')
- dir: frontend
sonar_projectKey: bcgov_onroutebc_frontend
sonar_projectKey: quickstart-openshift_frontend
token: SONAR_TOKEN_FRONTEND
triggers: ('frontend/')
steps:
- uses: bcgov-nr/action-test-and-analyse@v0.0.1
- uses: bcgov-nr/action-test-and-analyse@v1.1.0
with:
commands: |
npm ci
npm run test:cov
dir: ${{ matrix.dir }}
node_version: "20"
sonar_args: >
-Dsonar.exclusions=**/coverage/**,**/node_modules/**
-Dsonar.exclusions=**/coverage/**,**/node_modules/**,**/*spec.ts
-Dsonar.organization=bcgov-sonarcloud
-Dsonar.project.monorepo.enabled=true
-Dsonar.projectKey=${{ matrix.sonar_projectKey }}
sonar_project_token: ${{ secrets[matrix.token] }}
-Dsonar.sources=src
-Dsonar.tests.inclusions=**/*spec.ts
-Dsonar.javascript.lcov.reportPaths=./coverage/lcov.info
sonar_token: ${{ secrets[matrix.token] }}
triggers: ${{ matrix.triggers }}
27 changes: 0 additions & 27 deletions .github/workflows/charts-release.yaml

This file was deleted.

Loading