Skip to content

chore(deps): update aquasecurity/trivy-action action to v0.29.0 #616

chore(deps): update aquasecurity/trivy-action action to v0.29.0

chore(deps): update aquasecurity/trivy-action action to v0.29.0 #616

Workflow file for this run

name: Pull Request
on:
pull_request:
merge_group:
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
pr-greeting:
name: PR Greeting
env:
DOMAIN: apps.silver.devops.gov.bc.ca
PREFIX: ${{ github.event.repository.name }}-${{ github.event.number }}
runs-on: ubuntu-24.04
permissions:
pull-requests: write
steps:
- name: PR Greeting
uses: bcgov-nr/[email protected]
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
add_markdown: |
---
Thanks for the PR!
Any successful deployments (not always required) will be available below.
[API](https://${{ env.PREFIX }}-api.${{ env.DOMAIN }}/) available
[Frontend](https://${{ env.PREFIX }}.${{ env.DOMAIN }}/) available
Once merged, code will be promoted and handed off to following workflow run.
[Main Merge Workflow](https://github.com/${{ github.repository }}/actions/workflows/merge-main.yml)
builds:
name: Builds
runs-on: ubuntu-24.04
permissions:
packages: write
strategy:
matrix:
package: [api, frontend, database]
steps:
- uses: actions/checkout@v4
- uses: bcgov-nr/[email protected]
with:
package: ${{ matrix.package }}
tag: ${{ github.sha }}
tag_fallback: test
token: ${{ secrets.GITHUB_TOKEN }}
triggers: ('${{ matrix.package }}/')
- uses: shrink/actions-docker-registry-tag@v4
with:
registry: ghcr.io
repository: ${{ github.repository }}/${{ matrix.package }}
target: ${{ github.sha }}
tags: ${{ github.event.number }}
deploys:
name: Deploys
needs: [builds]
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v4
- uses: redhat-actions/openshift-tools-installer@v1
with:
oc: "4"
- name: Deploy to OpenShift
shell: bash
run: |
# Expand for deployment steps
set +o pipefail
oc login --token=${{ secrets.oc_token }} --server=${{ vars.oc_server }}
oc project ${{ vars.oc_namespace }} # Safeguard!
# Deploy Helm Chart
cd charts/pubcode
helm dependency update
helm upgrade --install --wait --atomic pubcode-${{ github.event.number }} \
--set-string global.repository=${{ github.repository }} \
--set-string api.containers[0].tag="${{ github.sha }}" \
--set-string api.containers[0].resources.limits.cpu="250m" \
--set-string api.containers[0].resources.limits.memory="250Mi" \
--set-string api.containers[0].resources.requests.cpu="100m" \
--set-string api.containers[0].resources.requests.memory="150Mi" \
--set api.autoscaling.minReplicas=1 \
--set api.autoscaling.maxReplicas=1 \
--set frontend.autoscaling.minReplicas=1 \
--set frontend.autoscaling.maxReplicas=1 \
--set-string frontend.containers[0].tag="${{ github.sha }}" \
--set-string frontend.containers[0].resources.limits.cpu="200m" \
--set-string frontend.containers[0].resources.limits.memory="150Mi" \
--set-string frontend.containers[0].resources.requests.cpu="100m" \
--set-string frontend.containers[0].resources.requests.memory="50Mi" \
--set-string database.containers[0].resources.limits.cpu="500m" \
--set-string database.containers[0].resources.limits.memory="450Mi" \
--set-string database.containers[0].resources.requests.cpu="100m" \
--set-string database.containers[0].resources.requests.memory="150Mi" \
--set-string database.initContainers[0].resources.limits.cpu="500m" \
--set-string database.initContainers[0].resources.limits.memory="450Mi" \
--set-string database.initContainers[0].resources.requests.cpu="100m" \
--set-string database.initContainers[0].resources.requests.memory="150Mi" \
--set-string database.pvc.size="350Mi" \
--set-string global.secrets.emailRecipients="${{ secrets.EMAIL_RECIPIENTS }}" \
--set-string global.secrets.chesTokenURL="${{ secrets.CHES_TOKEN_URL }}" \
--set-string global.secrets.chesClientID="${{ secrets.CHES_CLIENT_ID }}" \
--set-string global.secrets.chesClientSecret="${{ secrets.CHES_CLIENT_SECRET }}" \
--set-string global.secrets.chesAPIURL="${{ secrets.CHES_API_URL }}" \
--set-string global.secrets.databaseAdminPassword="${{ secrets.DB_PWD }}" \
--set-string global.env.VITE_SCHEMA_BRANCH=${{ github.event.pull_request.head.ref }} \
--set-string namespace="${{ vars.oc_namespace }}" -f values.yaml --timeout 5m .
tests:
name: Tests
needs: [deploys]
uses: ./.github/workflows/.tests.yml
with:
target: ${{ github.event.number }}