Skip to content

trigger DC replacement pipeline #2

trigger DC replacement pipeline

trigger DC replacement pipeline #2

name: TFRS replace DC with D on Prod 2.21.1
on:
push:
branches: [release-2.21.1]
# paths:
# - frontend/**
# - backend/**
# - security-scan/**
workflow_dispatch:
env:
GIT_URL: https://github.com/bcgov/tfrs.git
TOOLS_NAMESPACE: ${{ secrets.OPENSHIFT_NAMESPACE_PLATE }}-tools
PROD_NAMESPACE: ${{ secrets.OPENSHIFT_NAMESPACE_PLATE }}-prod
GIT_REF: "release-2.21.1"
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
get-version:
name: Get the version
runs-on: ubuntu-latest
outputs:
VERSION: ${{ steps.get-version.outputs.VERSION }}
steps:
- id: get-version
run: |
echo "VERSION=2.21.1" >> $GITHUB_OUTPUT
build-backend:
name: Build tfrs Backend
runs-on: ubuntu-latest
timeout-minutes: 60
needs: [get-version]
env:
BUILD_SUFFIX: ${{ needs.get-version.outputs.VERSION }}
steps:
- name: Check out repository
uses: actions/[email protected]
with:
ref: ${{ env.GIT_REF }}
- name: Log in to Openshift
uses: redhat-actions/[email protected]
with:
openshift_server_url: ${{ secrets.OPENSHIFT_SERVER }}
openshift_token: ${{ secrets.OPENSHIFT_TOKEN }}
insecure_skip_tls_verify: true
namespace: ${{ env.TOOLS_NAMESPACE }}
- name: Build tfrs Backend
run: |
cd openshift-v4/templates/backend
oc process -f ./backend-bc-docker.yaml NAME=tfrs SUFFIX=-${{ env.BUILD_SUFFIX }} VERSION=${{ env.BUILD_SUFFIX }} GIT_URL=${{ env.GIT_URL }} GIT_REF=${{ env.GIT_REF }} | oc apply --wait=true -f - -n ${{ env.TOOLS_NAMESPACE }}
sleep 2s
for build in $(oc -n ${{ env.TOOLS_NAMESPACE }} get builds -l buildconfig=tfrs-backend-${{ env.BUILD_SUFFIX }} -o jsonpath='{.items[?(@.status.phase=="Running")].metadata.name}'); do
echo "canceling $build"
oc -n ${{ env.TOOLS_NAMESPACE }} cancel-build $build
done
sleep 2s
oc -n ${{ env.TOOLS_NAMESPACE }} start-build tfrs-backend-${{ env.BUILD_SUFFIX }} --wait=true
build-frontend:
name: Build TFRS Frontend
runs-on: ubuntu-latest
timeout-minutes: 60
needs: [get-version]
env:
BUILD_SUFFIX: ${{ needs.get-version.outputs.VERSION }}
steps:
- name: Check out repository
uses: actions/[email protected]
with:
ref: ${{ env.GIT_REF }}
- name: Log in to Openshift
uses: redhat-actions/[email protected]
with:
openshift_server_url: ${{ secrets.OPENSHIFT_SERVER }}
openshift_token: ${{ secrets.OPENSHIFT_TOKEN }}
insecure_skip_tls_verify: true
namespace: ${{ env.TOOLS_NAMESPACE }}
- name: Build TFRS Frontend
run: |
cd openshift-v4/templates/frontend
oc process -f ./frontend-bc-docker.yaml NAME=tfrs SUFFIX=-${{ env.BUILD_SUFFIX }} VERSION=${{ env.BUILD_SUFFIX }} GIT_URL=${{ env.GIT_URL }} GIT_REF=${{ env.GIT_REF }} | oc apply --wait=true -f - -n ${{ env.TOOLS_NAMESPACE }}
sleep 2s
for build in $(oc -n ${{ env.TOOLS_NAMESPACE }} get builds -l buildconfig=tfrs-frontend-${{ env.BUILD_SUFFIX }} -o jsonpath='{.items[?(@.status.phase=="Running")].metadata.name}'); do
echo "canceling $build"
oc -n ${{ env.TOOLS_NAMESPACE }} cancel-build $build
done
sleep 2s
oc -n ${{ env.TOOLS_NAMESPACE }} start-build tfrs-frontend-${{ env.BUILD_SUFFIX }} --wait=true
build-scan-coordinator:
name: Build TFRS scan-coordinator
runs-on: ubuntu-latest
timeout-minutes: 60
needs: [get-version]
env:
BUILD_SUFFIX: ${{ needs.get-version.outputs.VERSION }}
steps:
- name: Check out repository
uses: actions/[email protected]
with:
ref: ${{ env.GIT_REF }}
- name: Log in to Openshift
uses: redhat-actions/[email protected]
with:
openshift_server_url: ${{ secrets.OPENSHIFT_SERVER }}
openshift_token: ${{ secrets.OPENSHIFT_TOKEN }}
insecure_skip_tls_verify: true
namespace: ${{ env.TOOLS_NAMESPACE }}
- name: Build TFRS scan-coordinator
run: |
cd openshift-v4/templates/scan-coordinator
oc process -f ./scan-coordinator-bc.yaml NAME=tfrs SUFFIX=-${{ env.BUILD_SUFFIX }} VERSION=${{ env.BUILD_SUFFIX }} GIT_URL=${{ env.GIT_URL }} GIT_REF=${{ env.GIT_REF }} | oc apply --wait=true -f - -n ${{ env.TOOLS_NAMESPACE }}
sleep 2s
for build in $(oc -n ${{ env.TOOLS_NAMESPACE }} get builds -l buildconfig=tfrs-scan-coordinator-${{ env.BUILD_SUFFIX }} -o jsonpath='{.items[?(@.status.phase=="Running")].metadata.name}'); do
echo "canceling $build"
oc -n ${{ env.TOOLS_NAMESPACE }} cancel-build $build
done
sleep 2s
oc -n ${{ env.TOOLS_NAMESPACE }} start-build tfrs-scan-coordinator-${{ env.BUILD_SUFFIX }} --wait=true
build-celery:
name: Build TFRS Celery
runs-on: ubuntu-latest
timeout-minutes: 60
needs: [get-version, build-backend, build-frontend, build-scan-coordinator]
env:
BUILD_SUFFIX: ${{ needs.get-version.outputs.VERSION }}
steps:
- name: Check out repository
uses: actions/[email protected]
with:
ref: ${{ env.GIT_REF }}
- name: Log in to Openshift
uses: redhat-actions/[email protected]
with:
openshift_server_url: ${{ secrets.OPENSHIFT_SERVER }}
openshift_token: ${{ secrets.OPENSHIFT_TOKEN }}
insecure_skip_tls_verify: true
namespace: ${{ env.TOOLS_NAMESPACE }}
- name: Build TFRS Celery
run: |
cd openshift-v4/templates/celery
oc process -f ./celery-bc-docker.yaml NAME=tfrs SUFFIX=-${{ env.BUILD_SUFFIX }} VERSION=${{ env.BUILD_SUFFIX }} GIT_URL=${{ env.GIT_URL }} GIT_REF=${{ env.GIT_REF }} | oc apply --wait=true -f - -n ${{ env.TOOLS_NAMESPACE }}
sleep 2s
for build in $(oc -n ${{ env.TOOLS_NAMESPACE }} get builds -l buildconfig=tfrs-celery-${{ env.BUILD_SUFFIX }} -o jsonpath='{.items[?(@.status.phase=="Running")].metadata.name}'); do
echo "canceling $build"
oc -n ${{ env.TOOLS_NAMESPACE }} cancel-build $build
done
sleep 2s
oc -n ${{ env.TOOLS_NAMESPACE }} start-build tfrs-celery-${{ env.BUILD_SUFFIX }} --wait=true
build-scan-handler:
name: Build TFRS scan-handler
runs-on: ubuntu-latest
timeout-minutes: 60
needs: [get-version, build-backend, build-frontend, build-scan-coordinator]
env:
BUILD_SUFFIX: ${{ needs.get-version.outputs.VERSION }}
steps:
- name: Check out repository
uses: actions/[email protected]
with:
ref: ${{ env.GIT_REF }}
- name: Log in to Openshift
uses: redhat-actions/[email protected]
with:
openshift_server_url: ${{ secrets.OPENSHIFT_SERVER }}
openshift_token: ${{ secrets.OPENSHIFT_TOKEN }}
insecure_skip_tls_verify: true
namespace: ${{ env.TOOLS_NAMESPACE }}
- name: Build TFRS scan-handler
run: |
cd openshift-v4/templates/scan-handler
oc process -f ./scan-handler-bc-docker.yaml NAME=tfrs SUFFIX=-${{ env.BUILD_SUFFIX }} VERSION=${{ env.BUILD_SUFFIX }} GIT_URL=${{ env.GIT_URL }} GIT_REF=${{ env.GIT_REF }} | oc apply --wait=true -f - -n ${{ env.TOOLS_NAMESPACE }}
sleep 2s
for build in $(oc -n ${{ env.TOOLS_NAMESPACE }} get builds -l buildconfig=tfrs-scan-handler-${{ env.BUILD_SUFFIX }} -o jsonpath='{.items[?(@.status.phase=="Running")].metadata.name}'); do
echo "canceling $build"
oc -n ${{ env.TOOLS_NAMESPACE }} cancel-build $build
done
sleep 2s
oc -n ${{ env.TOOLS_NAMESPACE }} start-build tfrs-scan-handler-${{ env.BUILD_SUFFIX }} --wait=true
build-notification-server:
name: Build TFRS Notification Server
runs-on: ubuntu-latest
timeout-minutes: 60
needs: [get-version, build-backend, build-frontend, build-scan-coordinator]
env:
BUILD_SUFFIX: ${{ needs.get-version.outputs.VERSION }}
steps:
- name: Check out repository
uses: actions/[email protected]
with:
ref: ${{ env.GIT_REF }}
- name: Log in to Openshift
uses: redhat-actions/[email protected]
with:
openshift_server_url: ${{ secrets.OPENSHIFT_SERVER }}
openshift_token: ${{ secrets.OPENSHIFT_TOKEN }}
insecure_skip_tls_verify: true
namespace: ${{ env.TOOLS_NAMESPACE }}
- name: Build TFRS Notification Server
run: |
cd openshift-v4/templates/notification
oc process -f ./notification-server-bc.yaml NAME=tfrs SUFFIX=-${{ env.BUILD_SUFFIX }} VERSION=${{ env.BUILD_SUFFIX }} GIT_URL=${{ env.GIT_URL }} GIT_REF=${{ env.GIT_REF }} | oc apply --wait=true -f - -n ${{ env.TOOLS_NAMESPACE }}
sleep 2s
for build in $(oc -n ${{ env.TOOLS_NAMESPACE }} get builds -l buildconfig=tfrs-notification-server-${{ env.BUILD_SUFFIX }} -o jsonpath='{.items[?(@.status.phase=="Running")].metadata.name}'); do
echo "canceling $build"
oc -n ${{ env.TOOLS_NAMESPACE }} cancel-build $build
done
sleep 2s
oc -n ${{ env.TOOLS_NAMESPACE }} start-build tfrs-notification-server-${{ env.BUILD_SUFFIX }} --wait=true
deploy:
name: Deploy on Prod
runs-on: ubuntu-latest
timeout-minutes: 60
# needs: [get-version]
needs:
[
get-version,
build-backend,
build-frontend,
build-celery,
build-scan-handler,
build-scan-coordinator,
build-notification-server,
]
env:
BUILD_SUFFIX: ${{ needs.get-version.outputs.VERSION }}
VERSION: ${{ needs.get-version.outputs.VERSION }}
steps:
- name: Ask for approval for TFRS Prod deployment
uses: trstringer/[email protected]
with:
secret: ${{ github.TOKEN }}
approvers: AlexZorkin,kuanfandevops,prv-proton,JulianForeman,kevin-hashimoto,dhaselhan
minimum-approvals: 1
issue-title: "TFRS ${{ env.GIT_REF }} Prod Deployment"
- name: Checkout Manifest repository
uses: actions/[email protected]
with:
repository: bcgov-c/tenant-gitops-0ab226
ref: main
ssh-key: ${{ secrets.MANIFEST_REPO_DEPLOY_KEY }}
- name: Update tags
uses: mikefarah/[email protected]
with:
cmd: |
yq -i '.image.tag = "${{ env.BUILD_SUFFIX }}"' tfrs/charts/backend/values-prod.yaml
yq -i '.image.tag = "${{ env.BUILD_SUFFIX }}"' tfrs/charts/frontend/values-prod.yaml
yq -i '.image.tag = "${{ env.BUILD_SUFFIX }}"' tfrs/charts/notification-server/values-prod.yaml
yq -i '.image.tag = "${{ env.BUILD_SUFFIX }}"' tfrs/charts/celery/values-prod.yaml
yq -i '.image.tag = "${{ env.BUILD_SUFFIX }}"' tfrs/charts/scan-coordinator/values-prod.yaml
yq -i '.image.tag = "${{ env.BUILD_SUFFIX }}"' tfrs/charts/scan-handler/values-prod.yaml
- name: GitHub Commit & Push
shell: bash {0}
run: |
git config --global user.email "[email protected]"
git config --global user.name "GitHub Actions"
git add -A
git commit -m "Update the image tag to ${{ env.BUILD_SUFFIX }} on Prod"
git push
- name: Log in to Openshift
uses: redhat-actions/[email protected]
with:
openshift_server_url: ${{ secrets.OPENSHIFT_SERVER }}
openshift_token: ${{ secrets.OPENSHIFT_TOKEN }}
insecure_skip_tls_verify: true
namespace: ${{ env.TOOLS_NAMESPACE }}
- name: Tag and deploy to Prod
run: |
helm -n ${{ env.PROD_NAMESPACE }} list
oc tag ${{ env.TOOLS_NAMESPACE }}/tfrs-backend:${{ env.BUILD_SUFFIX }} ${{ env.PROD_NAMESPACE }}/tfrs-backend:${{ env.BUILD_SUFFIX }}
oc tag ${{ env.TOOLS_NAMESPACE }}/tfrs-frontend:${{ env.BUILD_SUFFIX }} ${{ env.PROD_NAMESPACE }}/tfrs-frontend:${{ env.BUILD_SUFFIX }}
oc tag ${{ env.TOOLS_NAMESPACE }}/tfrs-celery:${{ env.BUILD_SUFFIX }} ${{ env.PROD_NAMESPACE }}/tfrs-celery:${{ env.BUILD_SUFFIX }}
oc tag ${{ env.TOOLS_NAMESPACE }}/tfrs-scan-coordinator:${{ env.BUILD_SUFFIX }} ${{ env.PROD_NAMESPACE }}/tfrs-scan-coordinator:${{ env.BUILD_SUFFIX }}
oc tag ${{ env.TOOLS_NAMESPACE }}/tfrs-scan-handler:${{ env.BUILD_SUFFIX }} ${{ env.PROD_NAMESPACE }}/tfrs-scan-handler:${{ env.BUILD_SUFFIX }}
oc tag ${{ env.TOOLS_NAMESPACE }}/tfrs-notification-server:${{ env.BUILD_SUFFIX }} ${{ env.PROD_NAMESPACE }}/tfrs-notification-server:${{ env.BUILD_SUFFIX }}
- name: Helm Deployment
run: |
cd tfrs/charts/backend
helm -n ${{ env.PROD_NAMESPACE }} -f ./values-prod.yaml upgrade --install tfrs-backend-prod . \
--set podAnnotations.rolloutTriggered="A$(date +%s)E"
cd ../frontend
helm -n ${{ env.PROD_NAMESPACE }} -f ./values-prod.yaml upgrade --install tfrs-frontend-prod . \
--set podAnnotations.rolloutTriggered="A$(date +%s)E"
cd ../notification-server
helm -n ${{ env.PROD_NAMESPACE }} -f ./values-prod.yaml upgrade --install tfrs-notification-server-prod . \
--set podAnnotations.rolloutTriggered="A$(date +%s)E"
cd ../celery
helm -n ${{ env.PROD_NAMESPACE }} -f ./values-prod.yaml upgrade --install tfrs-celery-prod . \
--set podAnnotations.rolloutTriggered="A$(date +%s)E"
cd ../scan-coordinator
helm -n ${{ env.PROD_NAMESPACE }} -f ./values-prod.yaml upgrade --install tfrs-scan-coordinator-prod . \
--set podAnnotations.rolloutTriggered="A$(date +%s)E"
cd ../scan-handler
helm -n ${{ env.PROD_NAMESPACE }} -f ./values-prod.yaml upgrade --install tfrs-scan-handler-prod . \
--set podAnnotations.rolloutTriggered="A$(date +%s)E"