Update CICD flow.

bcgov · Apr 15, 2021 · 49d293d · 49d293d
1 parent 94d91bf
commit 49d293d
Show file tree

Hide file tree

Showing 4 changed files with 84 additions and 15 deletions.
diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml
@@ -20,26 +20,32 @@ jobs:
       - name: Set env by input
         run: |
           echo "TAG_NAME=${{ github.event.inputs.environement }}" >> $GITHUB_ENV
-
       - name: Set env by main branch
         if: env.TAG_NAME == '' && github.ref == 'refs/heads/main'
         run: |
           echo "TAG_NAME=dev" >> $GITHUB_ENV
 
-      - uses: pwei1018/bcrs-cd-action@versioning
-        with:
-          WORKING_DIRECTORY: "."
-          APP_NAME: "business-create"
-          VAULTS: ""
-          SKIP_OP: "true"
-          DEPLOYMENT: "true"
-          OP_PARAMETERS: ""
-          OPENSHIFT_LOGIN_REGISTRY: ${{ secrets.OPENSHIFT4_LOGIN_REGISTRY }}
+      - name: Login Openshift
+        shell: bash
+        run: |
+          oc login --server=${{ secrets.OPENSHIFT4_LOGIN_REGISTRY }} --token=${{ secrets.OPENSHIFT4_SA_TOKEN }}
+
+      - name: CD Flow (build/update env/push/tag)
+        shell: bash
+        env:
+          OPS_REPOSITORY: ${{ secrets.OPS_REPOSITORY }}
           OPENSHIFT_DOCKER_REGISTRY: ${{ secrets.OPENSHIFT4_DOCKER_REGISTRY }}
           OPENSHIFT_SA_NAME: ${{ secrets.OPENSHIFT4_SA_NAME }}
           OPENSHIFT_SA_TOKEN: ${{ secrets.OPENSHIFT4_SA_TOKEN }}
           OPENSHIFT_REPOSITORY: ${{ secrets.OPENSHIFT4_REPOSITORY }}
-          OPENSHIFT_REPOSITORY_DEPLOYMENT: ${{ secrets.OPENSHIFT4_REPOSITORY }}
+          TAG_NAME: ${{ env.TAG_NAME }}
+        run: |
+          make cd
+
+      - name: Watch new rollout (trigger by image change in Openshift)
+        shell: bash
+        run: |
+          oc rollout status dc/${{ env.APP_NAME }}-${{ env.TAG_NAME }} -n ${{ secrets.OPENSHIFT4_REPOSITORY }}-${{ env.TAG_NAME }} -w
 
       - name: Rocket.Chat Notification
         uses: RocketChat/Rocket.Chat.GitHub.Action.Notification@master

diff --git a/Dockerfile b/Dockerfile
@@ -6,6 +6,16 @@ COPY ./ .
 RUN npm run build
 
 FROM nginx:1.18.0 as production-stage
+
+ARG VCS_REF="missing"
+ARG BUILD_DATE="missing"
+
+ENV VCS_REF=${VCS_REF}
+ENV BUILD_DATE=${BUILD_DATE}
+
+LABEL org.label-schema.vcs-ref=${VCS_REF} \
+    org.label-schema.build-date=${BUILD_DATE}
+
 COPY nginx.conf /etc/nginx/nginx.conf
 RUN mkdir /app
 COPY --from=build-stage /app/dist /app

diff --git a/Makefile b/Makefile
@@ -2,6 +2,7 @@
 .PHONY: ci cd
 
 PROJECT_NAME=business-create
+DOCKER_NAME=business-create
 
 #################################################################################
 # COMMANDS -- Setup                                                             #
@@ -21,18 +22,47 @@ test:  ## Unit testing
 	npm run test:unit
 
 #################################################################################
-# COMMANDS - CD                                                                 #
+# COMMANDS - CD
+# expects the terminal to be openshift login
+# expects export OPENSHIFT_DOCKER_REGISTRY=""
+# expects export OPENSHIFT_SA_NAME="$(oc whoami)"
+# expects export OPENSHIFT_SA_TOKEN="$(oc whoami -t)"
+# expects export OPENSHIFT_REPOSITORY=""
+# expects export TAG_NAME="dev/test"
+# expects export OPS_REPOSITORY=""                                                        #
 #################################################################################
-cd: build
+cd: build update-env tag ## CD flow
 
 local-build: ## NPM build
 	npm run build
 
 build: ## Build the docker container
-	docker build -t $(PROJECT_NAME) .
+	docker build . -t $(DOCKER_NAME) \
+		--build-arg VCS_REF=$(shell git rev-parse --short HEAD) \
+		--build-arg BUILD_DATE=$(shell date -u +"%Y-%m-%dT%H:%M:%SZ") \
 
 build-nc: ## Build the docker container without caching
-	docker build --no-cache -t $(PROJECT_NAME) .
+	docker build --no-cache -t $(DOCKER_NAME) .
+
+REGISTRY_IMAGE=$(OPENSHIFT_DOCKER_REGISTRY)/$(OPENSHIFT_REPOSITORY)-tools/$(DOCKER_NAME)
+push: #build ## Push the docker container to the registry & tag latest
+	@echo "$(OPENSHIFT_SA_TOKEN)" | docker login $(OPENSHIFT_DOCKER_REGISTRY) -u $(OPENSHIFT_SA_NAME) --password-stdin ;\
+    docker tag $(DOCKER_NAME) $(REGISTRY_IMAGE):latest ;\
+    docker push $(REGISTRY_IMAGE):latest
+
+VAULTS=`cat devops/vaults.json`
+update-env: ## Update env from 1pass
+	oc -n "$(OPS_REPOSITORY)-tools" exec dc/bcros-cli -- ./scripts/1pass.sh \
+		-m "secret" \
+		-e "$(TAG_NAME)" \
+		-a "$(DOCKER_NAME)-$(TAG_NAME)" \
+		-n "$(OPENSHIFT_REPOSITORY)-$(TAG_NAME)" \
+		-v "$(VAULTS)" \
+		-r "true" \
+		-f "true"
+
+tag: push ## tag image
+	oc -n "$(OPENSHIFT_REPOSITORY)-tools" tag $(DOCKER_NAME):latest $(DOCKER_NAME):$(TAG_NAME)
 
 #################################################################################
 # Self Documenting Commands                                                     #

diff --git a/devops/vaults.json b/devops/vaults.json
@@ -0,0 +1,23 @@
+[
+    {
+        "vault": "keycloak",
+        "application": [
+            "base",
+            "web-base",
+            "entity-web"
+        ]
+    },
+    {
+        "vault": "shared",
+        "application": [
+            "address-key"
+        ]
+    },
+    {
+        "vault": "entity",
+        "application": [
+            "business-ui-base",
+            "business-create-ui"
+        ]
+    }
+]