add approval step

bcgov · Dec 16, 2024 · f3adbbd · f3adbbd
1 parent 261718b
commit f3adbbd
Show file tree

Hide file tree

Showing 2 changed files with 121 additions and 74 deletions.
diff --git a/.github/workflows/prod-ci.yaml b/.github/workflows/prod-ci.yaml
@@ -13,9 +13,37 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
+
+  install-oc:
+    runs-on: ubuntu-latest
+    outputs:
+      cache-hit: ${{ steps.cache.outputs.cache-hit }}
+    steps:
+      - name: Check out repository
+        uses: actions/[email protected]
+
+      - name: Set up cache for OpenShift CLI
+        id: cache
+        uses: actions/[email protected]
+        with:
+          path: /usr/local/bin/oc  # Path where the `oc` binary will be installed
+          key: oc-cli-${{ runner.os }}
+
+      - name: Install OpenShift CLI (if not cached)
+        if: steps.cache.outputs.cache-hit != 'true'
+        run: |
+          curl -LO https://mirror.openshift.com/pub/openshift-v4/clients/ocp/stable/openshift-client-linux.tar.gz
+          tar -xvf openshift-client-linux.tar.gz
+          sudo mv oc /usr/local/bin/
+          oc version --client
+
+      - name: Confirm OpenShift CLI is Available
+        run: oc version --client
+
   get-build-suffix:
     name: Find Test deployment build suffix 
     runs-on: ubuntu-latest
+    needs: [install-oc]
 
     outputs:
       BUILD_SUFFIX: ${{ steps.get-build-suffix.outputs.BUILD_SUFFIX }}
@@ -41,33 +69,33 @@ jobs:
             exit 1
           fi
 
-  # deploy:
-  #   name: Deploy on Prod
-  #   runs-on: ubuntu-latest
-  #   timeout-minutes: 60
-  #   needs: [get-build-suffix]
-
-  #   env:
-  #     BUILD_SUFFIX: ${{ needs.get-build-suffix.outputs.BUILD_SUFFIX }}
-
-  #   steps:
-  #     - name: Checkout Manifest repository
-  #       uses: actions/[email protected]
-  #       with:
-  #         repository: bcgov-c/tenant-gitops-0ab226
-  #         ref: main
-  #         ssh-key: ${{ secrets.MANIFEST_REPO_DEPLOY_KEY }}
-
-  #     - name: Update tags
-  #       uses: mikefarah/[email protected]
-  #       with:
-  #         cmd: |
-  #           yq -i '.image.tag = "${{ env.BUILD_SUFFIX }}"' tfrs/charts/backend/values-prod.yaml
-  #           yq -i '.image.tag = "${{ env.BUILD_SUFFIX }}"' tfrs/charts/frontend/values-prod.yaml
-  #           yq -i '.image.tag = "${{ env.BUILD_SUFFIX }}"' tfrs/charts/notification-server/values-prod.yaml
-  #           yq -i '.image.tag = "${{ env.BUILD_SUFFIX }}"' tfrs/charts/celery/values-prod.yaml
-  #           yq -i '.image.tag = "${{ env.BUILD_SUFFIX }}"' tfrs/charts/scan-coordinator/values-prod.yaml
-  #           yq -i '.image.tag = "${{ env.BUILD_SUFFIX }}"' tfrs/charts/scan-handler/values-prod.yaml
+  deploy:
+    name: Deploy on Prod
+    runs-on: ubuntu-latest
+    timeout-minutes: 60
+    needs: [get-build-suffix]
+
+    env:
+      BUILD_SUFFIX: ${{ needs.get-build-suffix.outputs.BUILD_SUFFIX }}
+
+    steps:
+      - name: Checkout Manifest repository
+        uses: actions/[email protected]
+        with:
+          repository: bcgov-c/tenant-gitops-0ab226
+          ref: main
+          ssh-key: ${{ secrets.MANIFEST_REPO_DEPLOY_KEY }}
+
+      - name: Update tags
+        uses: mikefarah/[email protected]
+        with:
+          cmd: |
+            yq -i '.image.tag = "${{ env.BUILD_SUFFIX }}"' tfrs/charts/backend/values-prod.yaml
+            yq -i '.image.tag = "${{ env.BUILD_SUFFIX }}"' tfrs/charts/frontend/values-prod.yaml
+            yq -i '.image.tag = "${{ env.BUILD_SUFFIX }}"' tfrs/charts/notification-server/values-prod.yaml
+            yq -i '.image.tag = "${{ env.BUILD_SUFFIX }}"' tfrs/charts/celery/values-prod.yaml
+            yq -i '.image.tag = "${{ env.BUILD_SUFFIX }}"' tfrs/charts/scan-coordinator/values-prod.yaml
+            yq -i '.image.tag = "${{ env.BUILD_SUFFIX }}"' tfrs/charts/scan-handler/values-prod.yaml
 
   #     - name: GitHub Commit & Push
   #       shell: bash {0}
@@ -78,23 +106,42 @@ jobs:
   #         git commit -m "Update the image tag to ${{ env.BUILD_SUFFIX }} on Prod"
   #         git push
 
-  #     - name: Log in to Openshift
-  #       uses: redhat-actions/[email protected]
-  #       with:
-  #         openshift_server_url: ${{ secrets.OPENSHIFT_SERVER }}
-  #         openshift_token: ${{ secrets.OPENSHIFT_TOKEN }}
-  #         insecure_skip_tls_verify: true
-  #         namespace: ${{ env.TEST_NAMESPACE }}
+      - name: Restore oc command from Cache
+        uses: actions/[email protected]
+        with:
+          path: /usr/local/bin/oc
+          key: oc-cli-${{ runner.os }}
 
-  #     - name: Tag and deploy to Prod
-  #       run: |
-  #         helm -n ${{ env.PROD_NAMESPACE }} list
+      - name: Log in to Openshift
+        uses: redhat-actions/[email protected]
+        with:
+          openshift_server_url: ${{ secrets.OPENSHIFT_SERVER }}
+          openshift_token: ${{ secrets.OPENSHIFT_TOKEN }}
+          insecure_skip_tls_verify: true
+          namespace: ${{ env.TEST_NAMESPACE }}
+
+      - name: Tag and deploy to Prod
+        run: |
+          helm -n ${{ env.PROD_NAMESPACE }} list
   #         oc tag ${{ env.TEST_NAMESPACE }}/tfrs-backend:${{ env.BUILD_SUFFIX }} ${{ env.PROD_NAMESPACE }}/tfrs-backend:${{ env.BUILD_SUFFIX }}
   #         oc tag ${{ env.TEST_NAMESPACE }}/tfrs-frontend:${{ env.BUILD_SUFFIX }} ${{ env.PROD_NAMESPACE }}/tfrs-frontend:${{ env.BUILD_SUFFIX }}
   #         oc tag ${{ env.TEST_NAMESPACE }}/tfrs-celery:${{ env.BUILD_SUFFIX }} ${{ env.PROD_NAMESPACE }}/tfrs-celery:${{ env.BUILD_SUFFIX }}
   #         oc tag ${{ env.TEST_NAMESPACE }}/tfrs-scan-coordinator:${{ env.BUILD_SUFFIX }} ${{ env.PROD_NAMESPACE }}/tfrs-scan-coordinator:${{ env.BUILD_SUFFIX }}
   #         oc tag ${{ env.TEST_NAMESPACE }}/tfrs-scan-handler:${{ env.BUILD_SUFFIX }} ${{ env.PROD_NAMESPACE }}/tfrs-scan-handler:${{ env.BUILD_SUFFIX }}
   #         oc tag ${{ env.TEST_NAMESPACE }}/tfrs-notification-server:${{ env.BUILD_SUFFIX }} ${{ env.PROD_NAMESPACE }}/tfrs-notification-server:${{ env.BUILD_SUFFIX }}
+
+      - id: get-current-time
+        run: |
+          TZ="America/Vancouver"
+          echo "CURRENT_TIME=$(date '+%Y-%m-%d %H:%M:%S %Z')" >> $GITHUB_OUTPUT
+
+      - name: Ask for approval for TFRS Prod deployment
+        uses: trstringer/[email protected]
+        with:
+          secret: ${{ github.TOKEN }}
+          approvers: AlexZorkin,kuanfandevops,prv-proton,JulianForeman,kevin-hashimoto,dhaselhan
+          minimum-approvals: 1
+          issue-title: "TFRS ${{ env.GIT_REF }} Prod Deployment at ${{ steps.get-current-time.outputs.CURRENT_TIME }}" 
 
   #     - name: Helm Deployment
   #       run: |

diff --git a/.github/workflows/test-ci.yaml b/.github/workflows/test-ci.yaml
@@ -106,14 +106,14 @@ jobs:
             yq -i '.image.tag = "${{ env.BUILD_SUFFIX }}"' tfrs/charts/scan-coordinator/values-test.yaml
             yq -i '.image.tag = "${{ env.BUILD_SUFFIX }}"' tfrs/charts/scan-handler/values-test.yaml
 
-      # - name: GitHub Commit & Push
-      #   shell: bash {0}
-      #   run: |
-      #     git config --global user.email "[email protected]"
-      #     git config --global user.name "GitHub Actions"
-      #     git add -A
-      #     git commit -m "Update the image tag to ${{ env.BUILD_SUFFIX }} on Test"
-      #     git push
+      - name: GitHub Commit & Push
+        shell: bash {0}
+        run: |
+          git config --global user.email "[email protected]"
+          git config --global user.name "GitHub Actions"
+          git add -A
+          git commit -m "Update the image tag to ${{ env.BUILD_SUFFIX }} on Test"
+          git push
 
       - name: Restore oc command from Cache
         uses: actions/[email protected]
@@ -129,15 +129,15 @@ jobs:
           insecure_skip_tls_verify: true
           namespace: ${{ env.TOOLS_NAMESPACE }}
 
-      # - name: Tag and deploy to Test
-      #   run: |
-      #     helm -n ${{ env.TEST_NAMESPACE }} list
-      #     oc tag ${{ env.DEV_NAMESPACE }}/tfrs-backend:${{ env.BUILD_SUFFIX }} ${{ env.TEST_NAMESPACE }}/tfrs-backend:${{ env.BUILD_SUFFIX }}
-      #     oc tag ${{ env.DEV_NAMESPACE }}/tfrs-frontend:${{ env.BUILD_SUFFIX }} ${{ env.TEST_NAMESPACE }}/tfrs-frontend:${{ env.BUILD_SUFFIX }}
-      #     oc tag ${{ env.DEV_NAMESPACE }}/tfrs-celery:${{ env.BUILD_SUFFIX }} ${{ env.TEST_NAMESPACE }}/tfrs-celery:${{ env.BUILD_SUFFIX }}
-      #     oc tag ${{ env.DEV_NAMESPACE }}/tfrs-scan-coordinator:${{ env.BUILD_SUFFIX }} ${{ env.TEST_NAMESPACE }}/tfrs-scan-coordinator:${{ env.BUILD_SUFFIX }}
-      #     oc tag ${{ env.DEV_NAMESPACE }}/tfrs-scan-handler:${{ env.BUILD_SUFFIX }} ${{ env.TEST_NAMESPACE }}/tfrs-scan-handler:${{ env.BUILD_SUFFIX }}
-      #     oc tag ${{ env.DEV_NAMESPACE }}/tfrs-notification-server:${{ env.BUILD_SUFFIX }} ${{ env.TEST_NAMESPACE }}/tfrs-notification-server:${{ env.BUILD_SUFFIX }}
+      - name: Tag and deploy to Test
+        run: |
+          helm -n ${{ env.TEST_NAMESPACE }} list
+          oc tag ${{ env.DEV_NAMESPACE }}/tfrs-backend:${{ env.BUILD_SUFFIX }} ${{ env.TEST_NAMESPACE }}/tfrs-backend:${{ env.BUILD_SUFFIX }}
+          oc tag ${{ env.DEV_NAMESPACE }}/tfrs-frontend:${{ env.BUILD_SUFFIX }} ${{ env.TEST_NAMESPACE }}/tfrs-frontend:${{ env.BUILD_SUFFIX }}
+          oc tag ${{ env.DEV_NAMESPACE }}/tfrs-celery:${{ env.BUILD_SUFFIX }} ${{ env.TEST_NAMESPACE }}/tfrs-celery:${{ env.BUILD_SUFFIX }}
+          oc tag ${{ env.DEV_NAMESPACE }}/tfrs-scan-coordinator:${{ env.BUILD_SUFFIX }} ${{ env.TEST_NAMESPACE }}/tfrs-scan-coordinator:${{ env.BUILD_SUFFIX }}
+          oc tag ${{ env.DEV_NAMESPACE }}/tfrs-scan-handler:${{ env.BUILD_SUFFIX }} ${{ env.TEST_NAMESPACE }}/tfrs-scan-handler:${{ env.BUILD_SUFFIX }}
+          oc tag ${{ env.DEV_NAMESPACE }}/tfrs-notification-server:${{ env.BUILD_SUFFIX }} ${{ env.TEST_NAMESPACE }}/tfrs-notification-server:${{ env.BUILD_SUFFIX }}
       
       - id: get-current-time
         run: |
@@ -152,23 +152,23 @@ jobs:
           minimum-approvals: 1
           issue-title: "TFRS ${{ env.GIT_REF }} Test Deployment at ${{ steps.get-current-time.outputs.CURRENT_TIME }}" 
 
-  #     - name: Helm Deployment
-  #       run: |
-  #         cd tfrs/charts/backend
-  #         helm -n ${{ env.TEST_NAMESPACE }} -f ./values-test.yaml upgrade --install tfrs-backend-test . \
-  #           --set podAnnotations.rolloutTriggered="A$(date +%s)E"
-  #         cd ../frontend
-  #         helm -n ${{ env.TEST_NAMESPACE }} -f ./values-test.yaml upgrade --install tfrs-frontend-test . \
-  #           --set podAnnotations.rolloutTriggered="A$(date +%s)E"
-  #         cd ../notification-server
-  #         helm -n ${{ env.TEST_NAMESPACE }} -f ./values-test.yaml upgrade --install tfrs-notification-server-test . \
-  #           --set podAnnotations.rolloutTriggered="A$(date +%s)E"
-  #         cd ../celery
-  #         helm -n ${{ env.TEST_NAMESPACE }} -f ./values-test.yaml upgrade --install tfrs-celery-test . \
-  #           --set podAnnotations.rolloutTriggered="A$(date +%s)E"
-  #         cd ../scan-coordinator
-  #         helm -n ${{ env.TEST_NAMESPACE }} -f ./values-test.yaml upgrade --install tfrs-scan-coordinator-test . \
-  #           --set podAnnotations.rolloutTriggered="A$(date +%s)E"
-  #         cd ../scan-handler
-  #         helm -n ${{ env.TEST_NAMESPACE }} -f ./values-test.yaml upgrade --install tfrs-scan-handler-test . \
-  #           --set podAnnotations.rolloutTriggered="A$(date +%s)E"
+      - name: Helm Deployment
+        run: |
+          cd tfrs/charts/backend
+          helm -n ${{ env.TEST_NAMESPACE }} -f ./values-test.yaml upgrade --install tfrs-backend-test . \
+            --set podAnnotations.rolloutTriggered="A$(date +%s)E"
+          cd ../frontend
+          helm -n ${{ env.TEST_NAMESPACE }} -f ./values-test.yaml upgrade --install tfrs-frontend-test . \
+            --set podAnnotations.rolloutTriggered="A$(date +%s)E"
+          cd ../notification-server
+          helm -n ${{ env.TEST_NAMESPACE }} -f ./values-test.yaml upgrade --install tfrs-notification-server-test . \
+            --set podAnnotations.rolloutTriggered="A$(date +%s)E"
+          cd ../celery
+          helm -n ${{ env.TEST_NAMESPACE }} -f ./values-test.yaml upgrade --install tfrs-celery-test . \
+            --set podAnnotations.rolloutTriggered="A$(date +%s)E"
+          cd ../scan-coordinator
+          helm -n ${{ env.TEST_NAMESPACE }} -f ./values-test.yaml upgrade --install tfrs-scan-coordinator-test . \
+            --set podAnnotations.rolloutTriggered="A$(date +%s)E"
+          cd ../scan-handler
+          helm -n ${{ env.TEST_NAMESPACE }} -f ./values-test.yaml upgrade --install tfrs-scan-handler-test . \
+            --set podAnnotations.rolloutTriggered="A$(date +%s)E"