diff --git a/.github/workflows/pr-close.yml b/.github/workflows/pr-close.yml index eeb9d1e870..67f0531e5e 100644 --- a/.github/workflows/pr-close.yml +++ b/.github/workflows/pr-close.yml @@ -4,15 +4,10 @@ on: pull_request: types: - closed - # paths-ignore: - # - ".**" - # - "**.md" - # - "**.yml" - # - "**.yaml" env: REGISTRY: ghcr.io - NAME: nrfc + NAME: ${{ github.event.repository.name }} concurrency: group: ${{ github.workflow }}-${{ github.ref }} diff --git a/.github/workflows/pr-open.yml b/.github/workflows/pr-open.yml index daf3db7057..780319b7e0 100644 --- a/.github/workflows/pr-open.yml +++ b/.github/workflows/pr-open.yml @@ -3,283 +3,117 @@ name: Pull Request Open on: pull_request: -env: - REGISTRY: ghcr.io - NAME: nrfc - concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true jobs: - check-backend: - name: Check Backend - outputs: - build: ${{ steps.check.outputs.build }} - env: - TRIGGERS: ('backend/') - COMPONENT: backend - PREV: prod - ZONE: ${{ github.event.number }} + builds: + name: Builds runs-on: ubuntu-22.04 + permissions: + packages: write + strategy: + matrix: + package: [backend, frontend] + include: + - package: backend + triggers: ('backend/') + - package: frontend + triggers: ('frontend/') steps: - - name: Checkout repository - uses: actions/checkout@v2 - - - name: Check and process modified files - id: check - run: | - # Fetch main to diff against - git fetch origin main:refs/remotes/origin/master - # Trigger build if diff matches any triggers - TRIGGERS=${{ env.TRIGGERS }} - while read -r check - do - for t in "${TRIGGERS[@]}"; do - if [[ "${check}" =~ "${t}" ]] - then - # Output build=true for next steps - echo "::set-output name=build::true" - echo -e "${t}\n --> ${check}\n" - exit 0 - fi - done - done < <(git diff origin/main --name-only) - echo "Container build not required" - - - name: Recycle/retag Previous Images - if: steps.check.outputs.build != 'true' - uses: shrink/actions-docker-registry-tag@v2 + - uses: actions/checkout@v3 + - uses: bcgov-nr/action-builder-ghcr@v0.0.2 with: - registry: ${{ env.REGISTRY }} - repository: ${{ github.repository }} - token: ${{ secrets.GHCR_TOKEN }} - target: ${{ env.PREV }}-${{ env.COMPONENT }} - tags: | - ${{ env.ZONE }}-${{ env.COMPONENT }} - - check-frontend: - name: Check Frontend - outputs: - build: ${{ steps.check.outputs.build }} - env: - TRIGGERS: ('frontend/') - COMPONENT: frontend - PREV: prod - ZONE: ${{ github.event.number }} - runs-on: ubuntu-22.04 + package: ${{ matrix.package }} + tag: ${{ github.event.number }} + tag_fallback: test + token: ${{ secrets.GITHUB_TOKEN }} + triggers: ${{ matrix.triggers }} + + deploy-database: + name: Deploy Database + needs: + - builds + environment: dev + runs-on: ubuntu-latest steps: - - name: Checkout repository - uses: actions/checkout@v2 - - - name: Check and process modified files - id: check - run: | - # Fetch main to diff against - git fetch origin main:refs/remotes/origin/master - # Trigger build if diff matches any triggers - TRIGGERS=${{ env.TRIGGERS }} - while read -r check - do - for t in "${TRIGGERS[@]}"; do - if [[ "${check}" =~ "${t}" ]] - then - # Output build=true for next steps - echo "::set-output name=build::true" - echo -e "${t}\n --> ${check}\n" - exit 0 - fi - done - done < <(git diff origin/main --name-only) - echo "Container build not required" - - - name: Recycle/retag Previous Images - if: steps.check.outputs.build != 'true' - uses: shrink/actions-docker-registry-tag@v2 + - uses: actions/checkout@v3 + - name: Deploys + uses: bcgov-nr/action-deployer-openshift@v0.1.0 with: - registry: ${{ env.REGISTRY }} - repository: ${{ github.repository }} - token: ${{ secrets.GHCR_TOKEN }} - target: ${{ env.PREV }}-${{ env.COMPONENT }} - tags: | - ${{ env.ZONE }}-${{ env.COMPONENT }} - - build-backend: - name: Backend Image Build - env: - COMPONENT: backend - ZONE: ${{ github.event.number }} - environment: - name: dev - runs-on: ubuntu-latest + file: database/openshift.deploy.yml + oc_namespace: ${{ secrets.OC_NAMESPACE }} + oc_server: ${{ secrets.OC_SERVER }} + oc_token: ${{ secrets.OC_TOKEN }} + overwrite: true + penetration_test: false + parameters: -p ZONE=${{ github.event.number }} -p NAME=${{ github.event.repository.name }} + + deploy-backend: + name: Deploy Backend needs: - - check-backend - if: needs.check-backend.outputs.build == 'true' - permissions: - contents: read - packages: write + - builds + environment: dev + runs-on: ubuntu-latest steps: - - name: Checkout repository - uses: actions/checkout@v2 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v1 - - - name: Cache Docker layers - uses: actions/cache@v3 - with: - path: /tmp/.buildx-cache - key: ${{ runner.os }}-buildx-${{ github.sha }} - restore-keys: | - ${{ runner.os }}-buildx- - - - name: Log in to the Container registry - uses: docker/login-action@v1 - with: - registry: ${{ env.REGISTRY }} - username: ${{ github.actor }} - password: ${{ secrets.GHCR_TOKEN }} - - # need docker/build-push-action to have version at least v3 in order to have github token works - - name: Build and push Backend Docker image - uses: docker/build-push-action@v3.1.1 + - uses: actions/checkout@v3 + - name: Deploys + uses: bcgov-nr/action-deployer-openshift@v0.1.0 with: - context: ./backend/ - push: true - tags: ${{ env.REGISTRY }}/${{ github.repository }}:${{ env.ZONE }}-${{ env.COMPONENT }} - cache-from: type=gha - cache-to: type=gha,mode=max - - - name: Clear any previous OpenShift image - run: | - # Login to OpenShift and select project - oc login --token=${{ secrets.OC_TOKEN }} --server=${{ secrets.OC_SERVER }} - oc project ${{ secrets.OC_NAMESPACE }} - # Clean previous image - oc delete is ${{ env.NAME }}-${{ env.ZONE }}-${{ env.COMPONENT }} || true - - build-frontend: - name: Frontend Image Build - env: - COMPONENT: frontend - ZONE: ${{ github.event.number }} - environment: - name: dev - runs-on: ubuntu-latest + file: backend/openshift.deploy.yml + oc_namespace: ${{ secrets.OC_NAMESPACE }} + oc_server: ${{ secrets.OC_SERVER }} + oc_token: ${{ secrets.OC_TOKEN }} + overwrite: true + penetration_test: false + parameters: + -p ZONE=${{ github.event.number }} -p NAME=${{ github.event.repository.name }} + -p PROMOTE=${{ github.repository }}/backend:${{ github.event.number }} + -p NODE_ENV='development' + -p API_URL='https://nrfc-api-test.api.gov.bc.ca' + -p X_API_KEY=${{ secrets.GWA_X_API_KEY }} + -p CHES_CLIENT_ID=${{ secrets.CHES_CLIENT_ID }} + -p CHES_CLIENT_SECRET=${{ secrets.CHES_CLIENT_SECRET }} + -p CHES_TOKEN_URL='https://dev.loginproxy.gov.bc.ca/auth/realms/comsvcauth/protocol/openid-connect/token' + -p CHES_API_URL='https://ches-dev.api.gov.bc.ca/api/v1' + -p ORACLEDB_USER=${{ secrets.ORACLEDB_USER }} + -p ORACLEDB_PASSWORD=${{ secrets.ORACLEDB_PASSWORD }} + -p ORACLEDB_DATABASE=${{ secrets.ORACLEDB_DATABASE }} + -p ORACLEDB_HOST=${{ secrets.ORACLEDB_HOST }} + -p ORACLEDB_SERVICENAME=${{ secrets.ORACLEDB_SERVICENAME }} + + deploy-frontend: + name: Deploy Frontend needs: - - check-frontend - if: needs.check-frontend.outputs.build == 'true' - permissions: - contents: read - packages: write + - builds + environment: dev + runs-on: ubuntu-latest steps: - - name: Checkout repository - uses: actions/checkout@v2 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v1 - - - name: Cache Docker layers - uses: actions/cache@v3 - with: - path: /tmp/.buildx-cache - key: ${{ runner.os }}-buildx-${{ github.sha }} - restore-keys: | - ${{ runner.os }}-buildx- - - - name: Log in to the Container registry - uses: docker/login-action@v1 + - uses: actions/checkout@v3 + - name: Deploys + uses: bcgov-nr/action-deployer-openshift@v0.1.0 with: - registry: ${{ env.REGISTRY }} - username: ${{ github.actor }} - password: ${{ secrets.GHCR_TOKEN }} - - - name: Build and push Backend Docker image - uses: docker/build-push-action@v3.1.1 - with: - context: ./frontend/ - push: true - tags: ${{ env.REGISTRY }}/${{ github.repository }}:${{ env.ZONE }}-${{ env.COMPONENT }} - cache-from: type=gha - cache-to: type=gha,mode=max - - - name: Clear any previous OpenShift image - run: | - # Login to OpenShift and select project - oc login --token=${{ secrets.OC_TOKEN }} --server=${{ secrets.OC_SERVER }} - oc project ${{ secrets.OC_NAMESPACE }} - # Clean previous image - oc delete is ${{ env.NAME }}-${{ env.ZONE }}-${{ env.COMPONENT }} || true - - deploy-dev: - name: DEV Deployment + file: frontend/openshift.deploy.yml + oc_namespace: ${{ secrets.OC_NAMESPACE }} + oc_server: ${{ secrets.OC_SERVER }} + oc_token: ${{ secrets.OC_TOKEN }} + overwrite: true + penetration_test: false + parameters: + -p ZONE=${{ github.event.number }} -p NAME=${{ github.event.repository.name }} + -p PROMOTE=${{ github.repository }}/frontend:${{ github.event.number }} + + deploy-update: + name: Deployment update needs: - - build-backend - - build-frontend - if: always() && (needs.build-backend.result == 'success' || needs.build-frontend.result == 'success') - runs-on: ubuntu-22.04 - timeout-minutes: 15 - environment: - name: dev + - deploy-database + - deploy-backend + - deploy-frontend env: DOMAIN: apps.silver.devops.gov.bc.ca - ZONE: ${{ github.event.number }} + runs-on: ubuntu-22.04 steps: - - uses: actions/checkout@v2 - - name: Deploy - run: | - # Login to OpenShift and select project - oc login --token=${{ secrets.OC_TOKEN }} --server=${{ secrets.OC_SERVER }} - oc project ${{ secrets.OC_NAMESPACE }} - - # Create frontend config (Remove the old one if exists) - oc delete configmap ${{ env.NAME }}-${{ env.ZONE }}-frontend 2> /dev/null \ - || true && echo "No existing frontend config" - oc create configmap ${{ env.NAME }}-${{ env.ZONE }}-frontend \ - --from-literal=config.js="window.localStorage.setItem('VITE_BACKEND_URL', 'https://${{ env.NAME }}-${{ env.ZONE }}-backend.apps.silver.devops.gov.bc.ca'); window.localStorage.setItem('VITE_NODE_ENV', 'openshift-dev');" - - # Process and apply template - oc process -f .github/openshift/deploy.database.yml -p ZONE=${{ env.ZONE }} | oc apply -f - - oc process -f .github/openshift/deploy.backend.yml -p ZONE=${{ env.ZONE }} \ - -p PROMOTE=${{ github.repository }}:${{ env.ZONE }}-backend \ - -p NODE_ENV='development' \ - -p API_URL='https://nrfc-api-test.api.gov.bc.ca' \ - -p X_API_KEY=${{ secrets.GWA_X_API_KEY }} \ - -p CHES_CLIENT_ID=${{ secrets.CHES_CLIENT_ID }} \ - -p CHES_CLIENT_SECRET=${{ secrets.CHES_CLIENT_SECRET }} \ - -p CHES_TOKEN_URL='https://dev.loginproxy.gov.bc.ca/auth/realms/comsvcauth/protocol/openid-connect/token' \ - -p CHES_API_URL='https://ches-dev.api.gov.bc.ca/api/v1' \ - -p ORACLEDB_USER=${{ secrets.ORACLEDB_USER }} \ - -p ORACLEDB_PASSWORD=${{ secrets.ORACLEDB_PASSWORD }} \ - -p ORACLEDB_DATABASE=${{ secrets.ORACLEDB_DATABASE }} \ - -p ORACLEDB_HOST=${{ secrets.ORACLEDB_HOST }} \ - -p ORACLEDB_SERVICENAME=${{ secrets.ORACLEDB_SERVICENAME }} | oc apply -f - - oc process -f .github/openshift/deploy.frontend.yml -p ZONE=${{ env.ZONE }} \ - -p PROMOTE=${{ github.repository }}:${{ env.ZONE }}-frontend | oc apply -f - - - # Follow any active rollouts (see deploymentconfigs) - oc rollout status dc/${{ env.NAME }}-${{ env.ZONE }}-database -w - oc exec dc/${{ env.NAME }}-${{ env.ZONE }}-database -- psql -d ${{ env.NAME }} -U ${{ env.NAME }} -c "$(cat backend/src/main/resources/databasescripts/databasescripts.sql)" - oc rollout status dc/${{ env.NAME }}-${{ env.ZONE }}-backend -w - oc rollout status dc/${{ env.NAME }}-${{ env.ZONE }}-frontend -w - - - name: Deployment Verification - env: - LINKS: ( - 'https://${{ env.NAME }}-${{ github.event.number }}-backend.${{ env.DOMAIN }}' - 'https://${{ env.NAME }}-${{ github.event.number }}-frontend.${{ env.DOMAIN }}' - ) - run: | - LINKS=${{ env.LINKS }} - for l in "${LINKS[@]}"; do - if [ $(curl -L -s -o /dev/null -w "%{http_code}" "${l}") -ne 200 ] - then - echo "Status != 200 for ${l}" - exit 1 - fi - done - echo "Deployment verification successful" - - name: DEV Deployment update uses: mshick/add-pr-comment@v1 env: @@ -288,5 +122,5 @@ jobs: allow-repeats: false message: | DEV deployments have completed successfully! - [Backend](https://${{ env.NAME }}-${{ github.event.number }}-backend.${{ env.DOMAIN }}/) available - [Frontend](https://${{ env.NAME }}-${{ github.event.number }}-frontend.${{ env.DOMAIN }}/) available + [Backend](https://${{ github.event.repository.name }}-${{ github.event.number }}-backend.${{ env.DOMAIN }}/) available + [Frontend](https://${{ github.event.repository.name }}-${{ github.event.number }}-frontend.${{ env.DOMAIN }}/) available diff --git a/.github/openshift/deploy.backend.yml b/backend/openshift.deploy.yml similarity index 96% rename from .github/openshift/deploy.backend.yml rename to backend/openshift.deploy.yml index 700fd11b10..b9326e6fc4 100644 --- a/.github/openshift/deploy.backend.yml +++ b/backend/openshift.deploy.yml @@ -222,21 +222,13 @@ objects: cpu: ${CPU_REQUEST} memory: ${MEMORY_REQUEST} readinessProbe: - httpGet: - path: / - port: 3000 - scheme: HTTP - initialDelaySeconds: 420 - periodSeconds: 15 - timeoutSeconds: 5 - livenessProbe: successThreshold: 1 - failureThreshold: 3 + failureThreshold: 5 httpGet: path: / port: 3000 scheme: HTTP - initialDelaySeconds: 420 + initialDelaySeconds: 300 periodSeconds: 30 timeoutSeconds: 5 - apiVersion: v1 diff --git a/.github/openshift/deploy.database.yml b/database/openshift.deploy.yml similarity index 100% rename from .github/openshift/deploy.database.yml rename to database/openshift.deploy.yml diff --git a/.github/openshift/deploy.frontend.yml b/frontend/openshift.deploy.yml similarity index 92% rename from .github/openshift/deploy.frontend.yml rename to frontend/openshift.deploy.yml index 83250e764a..e969c1e94e 100644 --- a/.github/openshift/deploy.frontend.yml +++ b/frontend/openshift.deploy.yml @@ -55,6 +55,16 @@ objects: name: ${REGISTRY}/${PROMOTE} referencePolicy: type: Local + - apiVersion: v1 + kind: ConfigMap + metadata: + labels: + app: ${NAME}-${ZONE} + name: ${NAME}-${ZONE}-${COMPONENT} + data: + config.js: + window.localStorage.setItem('VITE_BACKEND_URL', 'https://${NAME}-${ZONE}-backend.${DOMAIN}'); + window.localStorage.setItem('VITE_NODE_ENV', 'openshift-dev'); - apiVersion: v1 kind: DeploymentConfig metadata: