Skip to content

Commit

Permalink
ci: common deployer workflow (#488)
Browse files Browse the repository at this point in the history
  • Loading branch information
DerekRoberts authored Nov 20, 2024
1 parent d8d4db5 commit f2ec938
Show file tree
Hide file tree
Showing 8 changed files with 129 additions and 409 deletions.
151 changes: 39 additions & 112 deletions .github/workflows/.deploy.yml
Original file line number Diff line number Diff line change
Expand Up @@ -33,43 +33,19 @@ jobs:
name: Deploy (init)
environment: ${{ inputs.environment }}
outputs:
fam-modded-zone: ${{ steps.fam-modded-zone.outputs.fam-modded-zone }}
deploy_core: ${{ steps.triggers.outputs.core }}
deploy_sync: ${{ steps.triggers.outputs.sync }}
route: ${{ steps.route.outputs.route }}
runs-on: ubuntu-latest
steps:
# Check triggers (omitted or matched)
- name: Check core triggers
uses: bcgov-nr/[email protected]
id: check_core
with:
triggers: ('backend/' 'common/' 'database/' 'frontend/' 'oracle-api/')

- name: Check sync triggers
uses: bcgov-nr/[email protected]
id: check_sync
with:
triggers: ('common/' 'sync/')

# Simplify triggers
- name: Simplify triggers
id: triggers
run: |
echo "core=${{ github.event_name != 'pull_request' || steps.check_core.outputs.triggered == 'true' }}" >> $GITHUB_OUTPUT
echo "sync=${{ github.event_name != 'pull_request' || steps.check_sync.outputs.triggered == 'true' }}" >> $GITHUB_OUTPUT
- name: FAM routing
id: fam-modded-zone
if: steps.triggers.outputs.core == 'true'
id: route
run: |
if [ ${{ github.event_name }} == 'pull_request' ]; then
echo "fam-modded-zone=$(( ${{ inputs.target }} % 50 ))" >> $GITHUB_OUTPUT
echo "route=$(( ${{ inputs.target }} % 50 ))" >> $GITHUB_OUTPUT
else
echo "fam-modded-zone=${{ inputs.target }}" >> $GITHUB_OUTPUT
echo "route=${{ inputs.target }}" >> $GITHUB_OUTPUT
fi
- name: OpenShift Init
if: steps.triggers.outputs.core == 'true' || steps.triggers.outputs.sync == 'true'
uses: bcgov-nr/[email protected]
with:
oc_namespace: ${{ vars.OC_NAMESPACE }}
Expand All @@ -79,66 +55,54 @@ jobs:
overwrite: true
parameters:
-p ZONE=${{ inputs.target }}
-p DB_PASSWORD='${{ secrets.DB_PASSWORD }}'
-p AWS_KINESIS_STREAM='${{ secrets.AWS_KINESIS_STREAM }}'
-p AWS_KINESIS_ROLE_ARN='${{ secrets.AWS_KINESIS_ROLE_ARN }}'
-p AWS_ACCESS_KEY_ID=${{ secrets.AWS_ACCESS_KEY_ID }}
-p AWS_ACCESS_KEY_SECRET='${{ secrets.AWS_ACCESS_KEY_SECRET }}'
-p ORACLE_DB_USER=${{ secrets.DB_USER }}
-p ORACLE_DB_PASSWORD='${{ secrets.ORACLE_DB_PASSWORD }}'
-p ORACLE_DB_HOST='${{ secrets.ORACLE_DB_HOST }}'
-p ORACLE_DB_SERVICE='${{ secrets.ORACLE_DB_SERVICE }}'
-p POSTGRES_DB_PASSWORD='${{ secrets.POSTGRES_DB_PASSWORD }}'
-p FORESTCLIENTAPI_KEY='${{ secrets.FORESTCLIENTAPI_KEY }}'
-p ORACLE_PASSWORD='${{ secrets.ORACLE_PASSWORD }}'
-p ORACLE_SERVICE='${{ vars.ORACLE_SERVICE }}'
-p ORACLE_USER='${{ vars.ORACLE_USER }}'
-p ORACLE_SYNC_USER='${{ vars.ORACLE_SYNC_USER }}'
-p ORACLE_SYNC_PASSWORD='${{ secrets.ORACLE_SYNC_PASSWORD }}'
-p ORACLE_CERT_SECRET='${{ secrets.ORACLE_CERT_SECRET }}'
-p ORACLE_HOST='${{ vars.ORACLE_HOST }}'
-p VITE_USER_POOLS_WEB_CLIENT_ID=${{ secrets.VITE_USER_POOLS_WEB_CLIENT_ID }}

- name: Database
if: steps.triggers.outputs.core == 'true' || steps.triggers.outputs.sync == 'true'
uses: bcgov-nr/[email protected]
with:
oc_namespace: ${{ vars.OC_NAMESPACE }}
oc_server: ${{ vars.OC_SERVER }}
oc_token: ${{ secrets.OC_TOKEN }}
file: common/openshift.database.yml
overwrite: false
parameters:
-p ZONE=${{ inputs.target }}
${{ github.event_name == 'pull_request' && '-p DB_PVC_SIZE=192Mi' || '' }}
${{ github.event_name == 'pull_request' && '-p MEMORY_REQUEST=100Mi' || '' }}
${{ github.event_name == 'pull_request' && '-p MEMORY_LIMIT=200Mi' || '' }}
-p VITE_USER_POOLS_WEB_CLIENT_ID=${{ vars.VITE_USER_POOLS_WEB_CLIENT_ID }}
-p VITE_USER_POOLS_ID=${{ vars.VITE_USER_POOLS_ID }}
triggers: ('backend' 'common/' 'frontend/')

deploy:
name: Deploy
environment: ${{ inputs.environment }}
if: needs.init.outputs.deploy_core == 'true'
needs: [init]
runs-on: ubuntu-latest
timeout-minutes: 10
timeout-minutes: 15
strategy:
matrix:
name: [backend, frontend, oracle-api]
name: [database, backend, frontend, fluentbit]
include:
- name: database
file: common/openshift.database.yml
parameters:
-p DB_PVC_SIZE=128Mi
overwrite: false
- name: backend
file: backend/openshift.deploy.yml
overwrite: true
parameters:
-p AWS_COGNITO_ISSUER_URI=https://cognito-idp.ca-central-1.amazonaws.com/${{ vars.VITE_USER_POOLS_ID }}
verification_path: "health"
-p MAX_REPLICAS=1
-p MIN_REPLICAS=1
-p DB_POOL_MAX_SIZE=1
-p AWS_COGNITO_ISSUER_URI=https://cognito-idp.${{ vars.AWS_REGION }}.amazonaws.com/${{ vars.VITE_USER_POOLS_ID }}
-p DASHBOARD_JOB_IDIR_USERS=${{ vars.DASHBOARD_JOB_IDIR_USERS }}
-p WMS_LAYERS_WHITELIST_USERS=${{ vars.WMS_LAYERS_WHITELIST_USERS }}
-p ALLOWED_ORIGINS=https://${{ github.event.repository.name }}-${{ needs.init.outputs.route }}-frontend.apps.silver.devops.gov.bc.ca
verification_path: /actuator/health
- name: frontend
file: frontend/openshift.deploy.yml
overwrite: true
parameters:
-p FAM_MODDED_ZONE=${{ needs.init.outputs.fam-modded-zone }}
-p VITE_SPAR_BUILD_VERSION=snapshot-${{ inputs.target || github.event.number }}
-p VITE_USER_POOLS_ID=${{ vars.VITE_USER_POOLS_ID }}
- name: oracle-api
file: oracle-api/openshift.deploy.yml
overwrite: true
parameters:
-p AWS_COGNITO_ISSUER_URI=https://cognito-idp.ca-central-1.amazonaws.com/${{ vars.VITE_USER_POOLS_ID }}
${{ github.event_name == 'pull_request' && '-p CPU_LIMIT=100m' || '' }}
${{ inputs.target == 'prod' && '-p MIN_REPLICAS=3' || '' }}
${{ inputs.target == 'prod' && '-p MAX_REPLICAS=5' || '' }}
verification_path: "actuator/health"

-p MIN_REPLICAS=1
-p MAX_REPLICAS=1
-p FAM_ROUTE=${{ needs.init.outputs.route }}
- name: fluentbit
file: common/openshift.fluentbit.yml
steps:
- uses: bcgov-nr/[email protected]
id: deploys
Expand All @@ -149,47 +113,10 @@ jobs:
oc_token: ${{ secrets.OC_TOKEN }}
overwrite: ${{ matrix.overwrite }}
parameters:
-p TAG=${{ inputs.tag }}
-p ZONE=${{ inputs.target }}
${{ github.event_name == 'pull_request' && '-p MIN_REPLICAS=1' || '' }}
${{ github.event_name == 'pull_request' && '-p MAX_REPLICAS=1' || '' }}
-p ZONE=${{ inputs.target }} -p TAG=${{ inputs.tag }}
${{ matrix.parameters }}
timeout: 15m
triggers: ('backend' 'common/' 'frontend/')
verification_path: ${{ matrix.verification_path }}
verification_retry_attempts: 5
verification_retry_seconds: 20

# ETL testing will only run on Pull Requests if the sync/ directory is modified
sync:
name: Deploy (sync)
environment: ${{ inputs.environment }}
if: needs.init.outputs.deploy_sync == 'true'
needs: [init]
runs-on: ubuntu-latest
steps:
- name: Deploy (sync)
uses: bcgov-nr/[email protected]
with:
file: sync/openshift.deploy.yml
oc_namespace: ${{ vars.OC_NAMESPACE }}
oc_server: ${{ vars.OC_SERVER }}
oc_token: ${{ secrets.OC_TOKEN }}
overwrite: true
parameters:
-p TAG=${{ inputs.tag }}
-p ZONE=${{ inputs.target }}
${{ github.event_name == 'pull_request' && '-p TEST_MODE=true' || '' }}


- name: Override OpenShift version
if: github.event_name == 'pull_request'
env:
OC: https://mirror.openshift.com/pub/openshift-v4/clients/ocp/stable-4.13/openshift-client-linux.tar.gz
run: |
# Download and extract with retry, continuing on error
(wget ${{ env.OC }} -qcO - | tar -xzvf - oc)|| !! || true
oc version
working-directory: /usr/local/bin/

- name: Run sync ETL
if: github.event_name == 'pull_request'
run: ./sync/oc_run.sh ${{ inputs.tag }} ${{ secrets.oc_token }}
14 changes: 11 additions & 3 deletions .github/workflows/analysis.yml
Original file line number Diff line number Diff line change
Expand Up @@ -102,11 +102,19 @@ jobs:
with:
sarif_file: "trivy-results.sarif"


results:
name: Analysis Results
if: always() && (!failure()) && (!cancelled())
if: always()
# Include all needs that could have failures!
needs: [lint-frontend, tests-backend, tests-frontend] # Include trivy when/if it gets back to being reliable
runs-on: ubuntu-latest
steps:
- run: echo "Workflow completed successfully!"
- run: |
# View results
echo "needs.*.result: ${{ toJson(needs.*.result) }}"
- if: contains(needs.*.result, 'failure')
run: |
# Job failure found
echo "At least one job has failed"
exit 1
Loading

0 comments on commit f2ec938

Please sign in to comment.