From f2ec9388ebac8580b82c9514f464e372f26c484e Mon Sep 17 00:00:00 2001 From: Derek Roberts Date: Wed, 20 Nov 2024 05:03:04 -0800 Subject: [PATCH] ci: common deployer workflow (#488) --- .github/workflows/.deploy.yml | 151 ++++---------- .github/workflows/analysis.yml | 14 +- .github/workflows/merge.yml | 190 ++++-------------- .github/workflows/pr-close.yml | 44 +--- .github/workflows/pr-open.yml | 111 ++-------- .github/workflows/pr-validate.yml | 16 +- .../openshift.database.yml | 2 +- database/Dockerfile | 10 - 8 files changed, 129 insertions(+), 409 deletions(-) rename database/openshift.deploy.yml => common/openshift.database.yml (98%) delete mode 100644 database/Dockerfile diff --git a/.github/workflows/.deploy.yml b/.github/workflows/.deploy.yml index a5b5f2b1a..246060b44 100644 --- a/.github/workflows/.deploy.yml +++ b/.github/workflows/.deploy.yml @@ -33,43 +33,19 @@ jobs: name: Deploy (init) environment: ${{ inputs.environment }} outputs: - fam-modded-zone: ${{ steps.fam-modded-zone.outputs.fam-modded-zone }} - deploy_core: ${{ steps.triggers.outputs.core }} - deploy_sync: ${{ steps.triggers.outputs.sync }} + route: ${{ steps.route.outputs.route }} runs-on: ubuntu-latest steps: - # Check triggers (omitted or matched) - - name: Check core triggers - uses: bcgov-nr/action-diff-triggers@v0.2.0 - id: check_core - with: - triggers: ('backend/' 'common/' 'database/' 'frontend/' 'oracle-api/') - - - name: Check sync triggers - uses: bcgov-nr/action-diff-triggers@v0.2.0 - id: check_sync - with: - triggers: ('common/' 'sync/') - - # Simplify triggers - - name: Simplify triggers - id: triggers - run: | - echo "core=${{ github.event_name != 'pull_request' || steps.check_core.outputs.triggered == 'true' }}" >> $GITHUB_OUTPUT - echo "sync=${{ github.event_name != 'pull_request' || steps.check_sync.outputs.triggered == 'true' }}" >> $GITHUB_OUTPUT - - name: FAM routing - id: fam-modded-zone - if: steps.triggers.outputs.core == 'true' + id: route run: | if [ ${{ github.event_name }} == 'pull_request' ]; then - echo "fam-modded-zone=$(( ${{ inputs.target }} % 50 ))" >> $GITHUB_OUTPUT + echo "route=$(( ${{ inputs.target }} % 50 ))" >> $GITHUB_OUTPUT else - echo "fam-modded-zone=${{ inputs.target }}" >> $GITHUB_OUTPUT + echo "route=${{ inputs.target }}" >> $GITHUB_OUTPUT fi - name: OpenShift Init - if: steps.triggers.outputs.core == 'true' || steps.triggers.outputs.sync == 'true' uses: bcgov-nr/action-deployer-openshift@v3.0.1 with: oc_namespace: ${{ vars.OC_NAMESPACE }} @@ -79,66 +55,54 @@ jobs: overwrite: true parameters: -p ZONE=${{ inputs.target }} - -p DB_PASSWORD='${{ secrets.DB_PASSWORD }}' + -p AWS_KINESIS_STREAM='${{ secrets.AWS_KINESIS_STREAM }}' + -p AWS_KINESIS_ROLE_ARN='${{ secrets.AWS_KINESIS_ROLE_ARN }}' + -p AWS_ACCESS_KEY_ID=${{ secrets.AWS_ACCESS_KEY_ID }} + -p AWS_ACCESS_KEY_SECRET='${{ secrets.AWS_ACCESS_KEY_SECRET }}' + -p ORACLE_DB_USER=${{ secrets.DB_USER }} + -p ORACLE_DB_PASSWORD='${{ secrets.ORACLE_DB_PASSWORD }}' + -p ORACLE_DB_HOST='${{ secrets.ORACLE_DB_HOST }}' + -p ORACLE_DB_SERVICE='${{ secrets.ORACLE_DB_SERVICE }}' + -p POSTGRES_DB_PASSWORD='${{ secrets.POSTGRES_DB_PASSWORD }}' -p FORESTCLIENTAPI_KEY='${{ secrets.FORESTCLIENTAPI_KEY }}' - -p ORACLE_PASSWORD='${{ secrets.ORACLE_PASSWORD }}' - -p ORACLE_SERVICE='${{ vars.ORACLE_SERVICE }}' - -p ORACLE_USER='${{ vars.ORACLE_USER }}' - -p ORACLE_SYNC_USER='${{ vars.ORACLE_SYNC_USER }}' - -p ORACLE_SYNC_PASSWORD='${{ secrets.ORACLE_SYNC_PASSWORD }}' - -p ORACLE_CERT_SECRET='${{ secrets.ORACLE_CERT_SECRET }}' - -p ORACLE_HOST='${{ vars.ORACLE_HOST }}' - -p VITE_USER_POOLS_WEB_CLIENT_ID=${{ secrets.VITE_USER_POOLS_WEB_CLIENT_ID }} - - - name: Database - if: steps.triggers.outputs.core == 'true' || steps.triggers.outputs.sync == 'true' - uses: bcgov-nr/action-deployer-openshift@v3.0.1 - with: - oc_namespace: ${{ vars.OC_NAMESPACE }} - oc_server: ${{ vars.OC_SERVER }} - oc_token: ${{ secrets.OC_TOKEN }} - file: common/openshift.database.yml - overwrite: false - parameters: - -p ZONE=${{ inputs.target }} - ${{ github.event_name == 'pull_request' && '-p DB_PVC_SIZE=192Mi' || '' }} - ${{ github.event_name == 'pull_request' && '-p MEMORY_REQUEST=100Mi' || '' }} - ${{ github.event_name == 'pull_request' && '-p MEMORY_LIMIT=200Mi' || '' }} + -p VITE_USER_POOLS_WEB_CLIENT_ID=${{ vars.VITE_USER_POOLS_WEB_CLIENT_ID }} + -p VITE_USER_POOLS_ID=${{ vars.VITE_USER_POOLS_ID }} + triggers: ('backend' 'common/' 'frontend/') deploy: name: Deploy environment: ${{ inputs.environment }} - if: needs.init.outputs.deploy_core == 'true' needs: [init] runs-on: ubuntu-latest - timeout-minutes: 10 + timeout-minutes: 15 strategy: matrix: - name: [backend, frontend, oracle-api] + name: [database, backend, frontend, fluentbit] include: + - name: database + file: common/openshift.database.yml + parameters: + -p DB_PVC_SIZE=128Mi + overwrite: false - name: backend file: backend/openshift.deploy.yml - overwrite: true parameters: - -p AWS_COGNITO_ISSUER_URI=https://cognito-idp.ca-central-1.amazonaws.com/${{ vars.VITE_USER_POOLS_ID }} - verification_path: "health" + -p MAX_REPLICAS=1 + -p MIN_REPLICAS=1 + -p DB_POOL_MAX_SIZE=1 + -p AWS_COGNITO_ISSUER_URI=https://cognito-idp.${{ vars.AWS_REGION }}.amazonaws.com/${{ vars.VITE_USER_POOLS_ID }} + -p DASHBOARD_JOB_IDIR_USERS=${{ vars.DASHBOARD_JOB_IDIR_USERS }} + -p WMS_LAYERS_WHITELIST_USERS=${{ vars.WMS_LAYERS_WHITELIST_USERS }} + -p ALLOWED_ORIGINS=https://${{ github.event.repository.name }}-${{ needs.init.outputs.route }}-frontend.apps.silver.devops.gov.bc.ca + verification_path: /actuator/health - name: frontend file: frontend/openshift.deploy.yml - overwrite: true - parameters: - -p FAM_MODDED_ZONE=${{ needs.init.outputs.fam-modded-zone }} - -p VITE_SPAR_BUILD_VERSION=snapshot-${{ inputs.target || github.event.number }} - -p VITE_USER_POOLS_ID=${{ vars.VITE_USER_POOLS_ID }} - - name: oracle-api - file: oracle-api/openshift.deploy.yml - overwrite: true parameters: - -p AWS_COGNITO_ISSUER_URI=https://cognito-idp.ca-central-1.amazonaws.com/${{ vars.VITE_USER_POOLS_ID }} - ${{ github.event_name == 'pull_request' && '-p CPU_LIMIT=100m' || '' }} - ${{ inputs.target == 'prod' && '-p MIN_REPLICAS=3' || '' }} - ${{ inputs.target == 'prod' && '-p MAX_REPLICAS=5' || '' }} - verification_path: "actuator/health" - + -p MIN_REPLICAS=1 + -p MAX_REPLICAS=1 + -p FAM_ROUTE=${{ needs.init.outputs.route }} + - name: fluentbit + file: common/openshift.fluentbit.yml steps: - uses: bcgov-nr/action-deployer-openshift@v3.0.1 id: deploys @@ -149,47 +113,10 @@ jobs: oc_token: ${{ secrets.OC_TOKEN }} overwrite: ${{ matrix.overwrite }} parameters: - -p TAG=${{ inputs.tag }} - -p ZONE=${{ inputs.target }} - ${{ github.event_name == 'pull_request' && '-p MIN_REPLICAS=1' || '' }} - ${{ github.event_name == 'pull_request' && '-p MAX_REPLICAS=1' || '' }} + -p ZONE=${{ inputs.target }} -p TAG=${{ inputs.tag }} ${{ matrix.parameters }} + timeout: 15m + triggers: ('backend' 'common/' 'frontend/') verification_path: ${{ matrix.verification_path }} verification_retry_attempts: 5 verification_retry_seconds: 20 - - # ETL testing will only run on Pull Requests if the sync/ directory is modified - sync: - name: Deploy (sync) - environment: ${{ inputs.environment }} - if: needs.init.outputs.deploy_sync == 'true' - needs: [init] - runs-on: ubuntu-latest - steps: - - name: Deploy (sync) - uses: bcgov-nr/action-deployer-openshift@v3.0.1 - with: - file: sync/openshift.deploy.yml - oc_namespace: ${{ vars.OC_NAMESPACE }} - oc_server: ${{ vars.OC_SERVER }} - oc_token: ${{ secrets.OC_TOKEN }} - overwrite: true - parameters: - -p TAG=${{ inputs.tag }} - -p ZONE=${{ inputs.target }} - ${{ github.event_name == 'pull_request' && '-p TEST_MODE=true' || '' }} - - - - name: Override OpenShift version - if: github.event_name == 'pull_request' - env: - OC: https://mirror.openshift.com/pub/openshift-v4/clients/ocp/stable-4.13/openshift-client-linux.tar.gz - run: | - # Download and extract with retry, continuing on error - (wget ${{ env.OC }} -qcO - | tar -xzvf - oc)|| !! || true - oc version - working-directory: /usr/local/bin/ - - - name: Run sync ETL - if: github.event_name == 'pull_request' - run: ./sync/oc_run.sh ${{ inputs.tag }} ${{ secrets.oc_token }} diff --git a/.github/workflows/analysis.yml b/.github/workflows/analysis.yml index 92f6d86b9..803462a87 100644 --- a/.github/workflows/analysis.yml +++ b/.github/workflows/analysis.yml @@ -102,11 +102,19 @@ jobs: with: sarif_file: "trivy-results.sarif" - results: name: Analysis Results - if: always() && (!failure()) && (!cancelled()) + if: always() + # Include all needs that could have failures! needs: [lint-frontend, tests-backend, tests-frontend] # Include trivy when/if it gets back to being reliable runs-on: ubuntu-latest steps: - - run: echo "Workflow completed successfully!" + - run: | + # View results + echo "needs.*.result: ${{ toJson(needs.*.result) }}" + + - if: contains(needs.*.result, 'failure') + run: | + # Job failure found + echo "At least one job has failed" + exit 1 diff --git a/.github/workflows/merge.yml b/.github/workflows/merge.yml index 4ee951bc5..628b83088 100644 --- a/.github/workflows/merge.yml +++ b/.github/workflows/merge.yml @@ -1,9 +1,12 @@ name: Merge on: - workflow_run: - workflows: [PR Closed] - types: [completed] + push: + branches: [main] + paths-ignore: + - '*.md' + - '.github/**' + - '!.github/workflows/**' workflow_dispatch: concurrency: @@ -11,168 +14,47 @@ concurrency: cancel-in-progress: true jobs: - init-test: - name: TEST Init - environment: test + init: + name: Initialize + outputs: + pr: ${{ steps.pr.outputs.pr }} runs-on: ubuntu-latest steps: - - name: OpenShift Init - uses: bcgov-nr/action-deployer-openshift@v3.0.1 - with: - oc_namespace: ${{ vars.OC_NAMESPACE }} - oc_server: ${{ vars.OC_SERVER }} - oc_token: ${{ secrets.OC_TOKEN }} - file: common/openshift.init.yml - overwrite: true - parameters: - -p AWS_KINESIS_STREAM='${{ secrets.AWS_KINESIS_STREAM }}' - -p AWS_KINESIS_ROLE_ARN='${{ secrets.AWS_KINESIS_ROLE_ARN }}' - -p AWS_ACCESS_KEY_ID=${{ secrets.AWS_ACCESS_KEY_ID }} - -p AWS_ACCESS_KEY_SECRET='${{ secrets.AWS_ACCESS_KEY_SECRET }}' - -p ORACLE_DB_USER=${{ secrets.DB_USER }} - -p ORACLE_DB_PASSWORD='${{ secrets.ORACLE_DB_PASSWORD }}' - -p ORACLE_DB_HOST='${{ secrets.ORACLE_DB_HOST }}' - -p ORACLE_DB_SERVICE='${{ secrets.ORACLE_DB_SERVICE }}' - -p POSTGRES_DB_PASSWORD='${{ secrets.POSTGRES_DB_PASSWORD }}' - -p FORESTCLIENTAPI_KEY='${{ secrets.FORESTCLIENTAPI_KEY }}' - -p VITE_USER_POOLS_WEB_CLIENT_ID=${{ vars.VITE_USER_POOLS_WEB_CLIENT_ID }} - -p VITE_USER_POOLS_ID=${{ vars.VITE_USER_POOLS_ID }} - -p ZONE=test + # Get PR number for squash merges to main + - id: pr + uses: bcgov-nr/action-get-pr@v0.0.1 deploys-test: - name: TEST Deployments - needs: [init-test] - environment: test - runs-on: ubuntu-latest - permissions: - issues: write - strategy: - matrix: - name: [database, backend, frontend, fluentbit] - include: - - name: database - overwrite: false - file: database/openshift.deploy.yml - - name: backend - verification_path: actuator/health - file: backend/openshift.deploy.yml - overwrite: true - timeout: 15m - parameters: - -p RESULTS_ENV_OPENSEARCH=test - -p AWS_COGNITO_ISSUER_URI=https://cognito-idp.${{ vars.AWS_REGION }}.amazonaws.com/${{ vars.VITE_USER_POOLS_ID }} - -p DASHBOARD_JOB_IDIR_USERS=${{ vars.DASHBOARD_JOB_IDIR_USERS }} - -p WMS_LAYERS_WHITELIST_USERS=${{ vars.WMS_LAYERS_WHITELIST_USERS }} - -p ALLOWED_ORIGINS=https://silva-test.nrs.gov.bc.ca/ - - name: frontend - file: frontend/openshift.deploy.yml - overwrite: true - parameters: - -p FAM_ROUTE=test - - name: fluentbit - file: common/openshift.fluentbit.yml - overwrite: true - steps: - - uses: bcgov-nr/action-deployer-openshift@v3.0.1 - with: - file: ${{ matrix.file }} - oc_namespace: ${{ vars.OC_NAMESPACE }} - oc_server: ${{ vars.OC_SERVER }} - oc_token: ${{ secrets.OC_TOKEN }} - overwrite: ${{ matrix.overwrite }} - parameters: - -p ZONE=test -p TAG=test - ${{ matrix.parameters }} - timeout: ${{ matrix.timeout || '10m' }} - verification_path: ${{ matrix.verification_path }} + name: Deploys (${{ github.event.number }}) + needs: [init] + secrets: inherit + uses: ./.github/workflows/.deploy.yml + with: + environment: test + tag: ${{ needs.init.outputs.pr }} + target: test - init-prod: - name: PROD Init - needs: [deploys-test] - environment: prod - runs-on: ubuntu-latest - steps: - - name: OpenShift Init - uses: bcgov-nr/action-deployer-openshift@v3.0.1 - with: - oc_namespace: ${{ vars.OC_NAMESPACE }} - oc_server: ${{ vars.OC_SERVER }} - oc_token: ${{ secrets.OC_TOKEN }} - file: common/openshift.init.yml - overwrite: true - parameters: - -p AWS_KINESIS_STREAM='${{ secrets.AWS_KINESIS_STREAM }}' - -p AWS_KINESIS_ROLE_ARN='${{ secrets.AWS_KINESIS_ROLE_ARN }}' - -p AWS_ACCESS_KEY_ID=${{ secrets.AWS_ACCESS_KEY_ID }} - -p AWS_ACCESS_KEY_SECRET='${{ secrets.AWS_ACCESS_KEY_SECRET }}' - -p ORACLE_DB_USER=${{ secrets.DB_USER }} - -p ORACLE_DB_PASSWORD='${{ secrets.ORACLE_DB_PASSWORD }}' - -p ORACLE_DB_HOST='${{ secrets.ORACLE_DB_HOST }}' - -p ORACLE_DB_SERVICE='${{ secrets.ORACLE_DB_SERVICE }}' - -p POSTGRES_DB_PASSWORD='${{ secrets.POSTGRES_DB_PASSWORD }}' - -p FORESTCLIENTAPI_KEY='${{ secrets.FORESTCLIENTAPI_KEY }}' - -p VITE_USER_POOLS_WEB_CLIENT_ID=${{ vars.VITE_USER_POOLS_WEB_CLIENT_ID }} - -p VITE_USER_POOLS_ID=${{ vars.VITE_USER_POOLS_ID }} - -p ZONE=prod + deploys-prod: + name: PROD Deploys (${{ needs.init.outputs.pr }}) + needs: [init, deploys-test] + secrets: inherit + uses: ./.github/workflows/.deploy.yml + with: + environment: prod + tag: ${{ needs.init.outputs.pr }} + target: prod - image-promotions: - name: Promote images to PROD - needs: [deploys-test] + promote: + name: Promote Images + needs: [init, deploys-prod] runs-on: ubuntu-latest - permissions: - packages: write strategy: matrix: - component: [database, backend, frontend] + package: [backend, frontend, oracle-api, sync] steps: - uses: shrink/actions-docker-registry-tag@v4 with: registry: ghcr.io - repository: ${{ github.repository }}/${{ matrix.component }} - target: test + repository: ${{ github.repository }}/${{ matrix.package }} + target: ${{ needs.init.outputs.pr }} tags: prod - - deploys-prod: - name: PROD Deployments - needs: [init-prod, image-promotions] - environment: prod - runs-on: ubuntu-latest - strategy: - matrix: - name: [database, backend, frontend, fluentbit] - include: - - name: database - overwrite: false - file: database/openshift.deploy.yml - - name: backend - verification_path: actuator/health - file: backend/openshift.deploy.yml - overwrite: true - timeout: 15m - parameters: - -p RESULTS_ENV_OPENSEARCH=production - -p AWS_COGNITO_ISSUER_URI=https://cognito-idp.${{ vars.AWS_REGION }}.amazonaws.com/${{ vars.VITE_USER_POOLS_ID }} - -p DASHBOARD_JOB_IDIR_USERS=${{ vars.DASHBOARD_JOB_IDIR_USERS }} - -p WMS_LAYERS_WHITELIST_USERS=${{ vars.WMS_LAYERS_WHITELIST_USERS }} - -p ALLOWED_ORIGINS=https://silva.nrs.gov.bc.ca/ - - name: frontend - file: frontend/openshift.deploy.yml - overwrite: true - parameters: - -p FAM_ROUTE=prod - - name: fluentbit - file: common/openshift.fluentbit.yml - overwrite: true - steps: - - uses: bcgov-nr/action-deployer-openshift@v3.0.1 - with: - file: ${{ matrix.file }} - oc_namespace: ${{ vars.OC_NAMESPACE }} - oc_server: ${{ vars.OC_SERVER }} - oc_token: ${{ secrets.OC_TOKEN }} - overwrite: ${{ matrix.overwrite }} - parameters: - -p ZONE=prod -p TAG=prod - ${{ matrix.parameters }} - timeout: ${{ matrix.timeout || '10m' }} - verification_path: ${{ matrix.verification_path }} diff --git a/.github/workflows/pr-close.yml b/.github/workflows/pr-close.yml index 3ad1673f9..f0fcdadf7 100644 --- a/.github/workflows/pr-close.yml +++ b/.github/workflows/pr-close.yml @@ -2,7 +2,6 @@ name: PR Closed on: pull_request: - branches: [main] types: [closed] concurrency: @@ -11,37 +10,12 @@ concurrency: cancel-in-progress: true jobs: - # Clean up OpenShift when PR closed, no conditions - cleanup-openshift: - name: Cleanup OpenShift - if: '!github.event.pull_request.head.repo.fork' - runs-on: ubuntu-latest - steps: - - uses: redhat-actions/openshift-tools-installer@v1 - with: - oc: "4" - - name: Remove OpenShift artifacts - run: | - oc login --token=${{ secrets.OC_TOKEN }} --server=${{ vars.OC_SERVER }} - oc project ${{ vars.OC_NAMESPACE }} # Safeguard! - - # Remove old build runs, build pods and deployment pods - oc delete all,pvc,secret,cm -l app=${{ github.event.repository.name }}-${{ github.event.number }} - - # If merged into main, then handle any image promotions - image-promotions: - name: Image Promotions - if: github.event.pull_request.merged == true && github.event.pull_request.base.ref == 'main' - runs-on: ubuntu-latest - strategy: - matrix: - package: [database, backend, frontend] - permissions: - packages: write - steps: - - uses: shrink/actions-docker-registry-tag@v4 - with: - registry: ghcr.io - repository: ${{ github.repository }}/${{ matrix.package }} - target: ${{ github.event.number }} - tags: test + cleanup: + name: Cleanup and Images + uses: bcgov/quickstart-openshift-helpers/.github/workflows/.pr-close.yml@v0.8.3 + secrets: + oc_namespace: ${{ vars.OC_NAMESPACE }} + oc_token: ${{ secrets.OC_TOKEN }} + with: + cleanup: label + packages: backend database frontend diff --git a/.github/workflows/pr-open.yml b/.github/workflows/pr-open.yml index 7d87b0bb8..2ab909d60 100644 --- a/.github/workflows/pr-open.yml +++ b/.github/workflows/pr-open.yml @@ -2,54 +2,13 @@ name: PR on: pull_request: - branches: [main] - workflow_dispatch: concurrency: # PR open and close use the same group, allowing only one at a time group: pr-${{ github.workflow }}-${{ github.event.number }} cancel-in-progress: true - jobs: - init: - name: Initialize - if: "!github.event.pull_request.head.repo.fork" - outputs: - route: ${{ steps.route.outputs.route }} - runs-on: ubuntu-latest - permissions: - pull-requests: write - steps: - - name: Get FAM Route - id: route - run: | - echo "route=$(( ${{ github.event.number }} % 50 ))" >> $GITHUB_OUTPUT - - - name: OpenShift Init - uses: bcgov-nr/action-deployer-openshift@v3.0.1 - with: - oc_namespace: ${{ vars.OC_NAMESPACE }} - oc_server: ${{ vars.OC_SERVER }} - oc_token: ${{ secrets.OC_TOKEN }} - file: common/openshift.init.yml - overwrite: true - parameters: - -p ZONE=${{ github.event.number }} - -p AWS_KINESIS_STREAM='${{ secrets.AWS_KINESIS_STREAM }}' - -p AWS_KINESIS_ROLE_ARN='${{ secrets.AWS_KINESIS_ROLE_ARN }}' - -p AWS_ACCESS_KEY_ID=${{ secrets.AWS_ACCESS_KEY_ID }} - -p AWS_ACCESS_KEY_SECRET='${{ secrets.AWS_ACCESS_KEY_SECRET }}' - -p ORACLE_DB_USER=${{ secrets.DB_USER }} - -p ORACLE_DB_PASSWORD='${{ secrets.ORACLE_DB_PASSWORD }}' - -p ORACLE_DB_HOST='${{ secrets.ORACLE_DB_HOST }}' - -p ORACLE_DB_SERVICE='${{ secrets.ORACLE_DB_SERVICE }}' - -p POSTGRES_DB_PASSWORD='${{ secrets.POSTGRES_DB_PASSWORD }}' - -p FORESTCLIENTAPI_KEY='${{ secrets.FORESTCLIENTAPI_KEY }}' - -p VITE_USER_POOLS_WEB_CLIENT_ID=${{ vars.VITE_USER_POOLS_WEB_CLIENT_ID }} - -p VITE_USER_POOLS_ID=${{ vars.VITE_USER_POOLS_ID }} - triggers: ('common/' 'backend/' 'frontend/') - builds: name: Builds runs-on: ubuntu-latest @@ -57,10 +16,8 @@ jobs: packages: write strategy: matrix: - name: [database, backend, frontend] + name: [backend, frontend] include: - - package: database - triggers: ('database/') - name: backend triggers: ('backend/') - name: frontend @@ -71,55 +28,29 @@ jobs: with: package: ${{ matrix.name }} tag: ${{ github.event.number }} - tag_fallback: test + tag_fallback: latest token: ${{ secrets.GITHUB_TOKEN }} triggers: ${{ matrix.triggers }} deploys: - name: Deploys - needs: [builds, init] + name: Deploys (${{ github.event.number }}) + needs: [builds] + secrets: inherit + uses: ./.github/workflows/.deploy.yml + + results: + name: PR Results + if: always() + # Include all needs that could have failures! + needs: [builds, deploys] runs-on: ubuntu-latest - strategy: - matrix: - name: [database, backend, frontend, fluentbit] - include: - - name: database - file: database/openshift.deploy.yml - parameters: - -p DB_PVC_SIZE=128Mi - - name: backend - file: backend/openshift.deploy.yml - timeout: 15m - verification_path: /actuator/health - parameters: - -p MAX_REPLICAS=1 - -p MIN_REPLICAS=1 - -p DB_POOL_MAX_SIZE=1 - -p AWS_COGNITO_ISSUER_URI=https://cognito-idp.${{ vars.AWS_REGION }}.amazonaws.com/${{ vars.VITE_USER_POOLS_ID }} - -p DASHBOARD_JOB_IDIR_USERS=${{ vars.DASHBOARD_JOB_IDIR_USERS }} - -p WMS_LAYERS_WHITELIST_USERS=${{ vars.WMS_LAYERS_WHITELIST_USERS }} - -p ALLOWED_ORIGINS=https://${{ github.event.repository.name }}-${{ needs.init.outputs.route }}-frontend.apps.silver.devops.gov.bc.ca - - name: frontend - file: frontend/openshift.deploy.yml - parameters: - -p MIN_REPLICAS=1 - -p MAX_REPLICAS=1 - -p FAM_ROUTE="$(( ${{ github.event.number }} % 50 ))" - - name: fluentbit - file: common/openshift.fluentbit.yml steps: - - uses: bcgov-nr/action-deployer-openshift@v3.0.1 - with: - file: ${{ matrix.file }} - oc_namespace: ${{ vars.OC_NAMESPACE }} - oc_server: ${{ vars.OC_SERVER }} - oc_token: ${{ secrets.OC_TOKEN }} - overwrite: true - parameters: - -p ZONE=${{ github.event.number }} -p TAG=${{ github.event.number }} - ${{ matrix.parameters }} - timeout: ${{ matrix.timeout }} - triggers: ('common/' 'backend/' 'frontend/') - verification_path: ${{ matrix.verification_path }} - verification_retry_attempts: 5 - verification_retry_seconds: 15 + - run: | + # View results + echo "needs.*.result: ${{ toJson(needs.*.result) }}" + + - if: contains(needs.*.result, 'failure') + run: | + # Job failure found + echo "At least one job has failed" + exit 1 diff --git a/.github/workflows/pr-validate.yml b/.github/workflows/pr-validate.yml index 6110d8fc2..d46eb165e 100644 --- a/.github/workflows/pr-validate.yml +++ b/.github/workflows/pr-validate.yml @@ -13,7 +13,7 @@ jobs: name: Initialize outputs: mod-tag: ${{ steps.mod-tag.outputs.mod-tag }} - runs-on: ubuntu-24.04 + runs-on: ubuntu-latest steps: - name: Get PR Number Mod 50 id: mod-tag @@ -30,8 +30,16 @@ jobs: results: name: Validate Results - if: always() && (!failure()) && (!cancelled()) + if: always() needs: [validate] - runs-on: ubuntu-24.04 + runs-on: ubuntu-latest steps: - - run: echo "Success!" + - run: | + # View results + echo "needs.*.result: ${{ toJson(needs.*.result) }}" + + - if: contains(needs.*.result, 'failure') + run: | + # Job failure found + echo "At least one job has failed" + exit 1 diff --git a/database/openshift.deploy.yml b/common/openshift.database.yml similarity index 98% rename from database/openshift.deploy.yml rename to common/openshift.database.yml index 58e4a34f3..6668bc599 100644 --- a/database/openshift.deploy.yml +++ b/common/openshift.database.yml @@ -87,7 +87,7 @@ objects: claimName: ${NAME}-${ZONE}-${COMPONENT} containers: - name: ${NAME}-${ZONE} - image: ${REGISTRY}/${ORG}/${NAME}/${COMPONENT}:${TAG} + image: postgis/postgis:15-master ports: - containerPort: 5432 protocol: TCP diff --git a/database/Dockerfile b/database/Dockerfile deleted file mode 100644 index 4c219eb12..000000000 --- a/database/Dockerfile +++ /dev/null @@ -1,10 +0,0 @@ -FROM postgis/postgis:15-master - -# Enable pgcrypto extension on startup -RUN sed -i '/EXISTS postgis_tiger_geocoder;*/a CREATE EXTENSION IF NOT EXISTS pgcrypto;' \ - /docker-entrypoint-initdb.d/10_postgis.sh - -# User, port and Healthcheck -USER postgres -EXPOSE 5432 -HEALTHCHECK --interval=5s --timeout=5s --retries=5 CMD [ "pg_isready", "-U", "postgres"]