From f3adbbd821bc137fd457311d249e8e0e03b2d4f4 Mon Sep 17 00:00:00 2001 From: Kuan Fan Date: Mon, 16 Dec 2024 15:12:39 -0800 Subject: [PATCH] add approval step --- .github/workflows/prod-ci.yaml | 121 +++++++++++++++++++++++---------- .github/workflows/test-ci.yaml | 74 ++++++++++---------- 2 files changed, 121 insertions(+), 74 deletions(-) diff --git a/.github/workflows/prod-ci.yaml b/.github/workflows/prod-ci.yaml index b3f58d98d..9035ab961 100644 --- a/.github/workflows/prod-ci.yaml +++ b/.github/workflows/prod-ci.yaml @@ -13,9 +13,37 @@ concurrency: cancel-in-progress: true jobs: + + install-oc: + runs-on: ubuntu-latest + outputs: + cache-hit: ${{ steps.cache.outputs.cache-hit }} + steps: + - name: Check out repository + uses: actions/checkout@v4.1.1 + + - name: Set up cache for OpenShift CLI + id: cache + uses: actions/cache@v4.2.0 + with: + path: /usr/local/bin/oc # Path where the `oc` binary will be installed + key: oc-cli-${{ runner.os }} + + - name: Install OpenShift CLI (if not cached) + if: steps.cache.outputs.cache-hit != 'true' + run: | + curl -LO https://mirror.openshift.com/pub/openshift-v4/clients/ocp/stable/openshift-client-linux.tar.gz + tar -xvf openshift-client-linux.tar.gz + sudo mv oc /usr/local/bin/ + oc version --client + + - name: Confirm OpenShift CLI is Available + run: oc version --client + get-build-suffix: name: Find Test deployment build suffix runs-on: ubuntu-latest + needs: [install-oc] outputs: BUILD_SUFFIX: ${{ steps.get-build-suffix.outputs.BUILD_SUFFIX }} @@ -41,33 +69,33 @@ jobs: exit 1 fi - # deploy: - # name: Deploy on Prod - # runs-on: ubuntu-latest - # timeout-minutes: 60 - # needs: [get-build-suffix] - - # env: - # BUILD_SUFFIX: ${{ needs.get-build-suffix.outputs.BUILD_SUFFIX }} - - # steps: - # - name: Checkout Manifest repository - # uses: actions/checkout@v4.1.1 - # with: - # repository: bcgov-c/tenant-gitops-0ab226 - # ref: main - # ssh-key: ${{ secrets.MANIFEST_REPO_DEPLOY_KEY }} - - # - name: Update tags - # uses: mikefarah/yq@v4.40.5 - # with: - # cmd: | - # yq -i '.image.tag = "${{ env.BUILD_SUFFIX }}"' tfrs/charts/backend/values-prod.yaml - # yq -i '.image.tag = "${{ env.BUILD_SUFFIX }}"' tfrs/charts/frontend/values-prod.yaml - # yq -i '.image.tag = "${{ env.BUILD_SUFFIX }}"' tfrs/charts/notification-server/values-prod.yaml - # yq -i '.image.tag = "${{ env.BUILD_SUFFIX }}"' tfrs/charts/celery/values-prod.yaml - # yq -i '.image.tag = "${{ env.BUILD_SUFFIX }}"' tfrs/charts/scan-coordinator/values-prod.yaml - # yq -i '.image.tag = "${{ env.BUILD_SUFFIX }}"' tfrs/charts/scan-handler/values-prod.yaml + deploy: + name: Deploy on Prod + runs-on: ubuntu-latest + timeout-minutes: 60 + needs: [get-build-suffix] + + env: + BUILD_SUFFIX: ${{ needs.get-build-suffix.outputs.BUILD_SUFFIX }} + + steps: + - name: Checkout Manifest repository + uses: actions/checkout@v4.1.1 + with: + repository: bcgov-c/tenant-gitops-0ab226 + ref: main + ssh-key: ${{ secrets.MANIFEST_REPO_DEPLOY_KEY }} + + - name: Update tags + uses: mikefarah/yq@v4.40.5 + with: + cmd: | + yq -i '.image.tag = "${{ env.BUILD_SUFFIX }}"' tfrs/charts/backend/values-prod.yaml + yq -i '.image.tag = "${{ env.BUILD_SUFFIX }}"' tfrs/charts/frontend/values-prod.yaml + yq -i '.image.tag = "${{ env.BUILD_SUFFIX }}"' tfrs/charts/notification-server/values-prod.yaml + yq -i '.image.tag = "${{ env.BUILD_SUFFIX }}"' tfrs/charts/celery/values-prod.yaml + yq -i '.image.tag = "${{ env.BUILD_SUFFIX }}"' tfrs/charts/scan-coordinator/values-prod.yaml + yq -i '.image.tag = "${{ env.BUILD_SUFFIX }}"' tfrs/charts/scan-handler/values-prod.yaml # - name: GitHub Commit & Push # shell: bash {0} @@ -78,23 +106,42 @@ jobs: # git commit -m "Update the image tag to ${{ env.BUILD_SUFFIX }} on Prod" # git push - # - name: Log in to Openshift - # uses: redhat-actions/oc-login@v1.3 - # with: - # openshift_server_url: ${{ secrets.OPENSHIFT_SERVER }} - # openshift_token: ${{ secrets.OPENSHIFT_TOKEN }} - # insecure_skip_tls_verify: true - # namespace: ${{ env.TEST_NAMESPACE }} + - name: Restore oc command from Cache + uses: actions/cache@v4.2.0 + with: + path: /usr/local/bin/oc + key: oc-cli-${{ runner.os }} - # - name: Tag and deploy to Prod - # run: | - # helm -n ${{ env.PROD_NAMESPACE }} list + - name: Log in to Openshift + uses: redhat-actions/oc-login@v1.3 + with: + openshift_server_url: ${{ secrets.OPENSHIFT_SERVER }} + openshift_token: ${{ secrets.OPENSHIFT_TOKEN }} + insecure_skip_tls_verify: true + namespace: ${{ env.TEST_NAMESPACE }} + + - name: Tag and deploy to Prod + run: | + helm -n ${{ env.PROD_NAMESPACE }} list # oc tag ${{ env.TEST_NAMESPACE }}/tfrs-backend:${{ env.BUILD_SUFFIX }} ${{ env.PROD_NAMESPACE }}/tfrs-backend:${{ env.BUILD_SUFFIX }} # oc tag ${{ env.TEST_NAMESPACE }}/tfrs-frontend:${{ env.BUILD_SUFFIX }} ${{ env.PROD_NAMESPACE }}/tfrs-frontend:${{ env.BUILD_SUFFIX }} # oc tag ${{ env.TEST_NAMESPACE }}/tfrs-celery:${{ env.BUILD_SUFFIX }} ${{ env.PROD_NAMESPACE }}/tfrs-celery:${{ env.BUILD_SUFFIX }} # oc tag ${{ env.TEST_NAMESPACE }}/tfrs-scan-coordinator:${{ env.BUILD_SUFFIX }} ${{ env.PROD_NAMESPACE }}/tfrs-scan-coordinator:${{ env.BUILD_SUFFIX }} # oc tag ${{ env.TEST_NAMESPACE }}/tfrs-scan-handler:${{ env.BUILD_SUFFIX }} ${{ env.PROD_NAMESPACE }}/tfrs-scan-handler:${{ env.BUILD_SUFFIX }} # oc tag ${{ env.TEST_NAMESPACE }}/tfrs-notification-server:${{ env.BUILD_SUFFIX }} ${{ env.PROD_NAMESPACE }}/tfrs-notification-server:${{ env.BUILD_SUFFIX }} + + - id: get-current-time + run: | + TZ="America/Vancouver" + echo "CURRENT_TIME=$(date '+%Y-%m-%d %H:%M:%S %Z')" >> $GITHUB_OUTPUT + + - name: Ask for approval for TFRS Prod deployment + uses: trstringer/manual-approval@v1.6.0 + with: + secret: ${{ github.TOKEN }} + approvers: AlexZorkin,kuanfandevops,prv-proton,JulianForeman,kevin-hashimoto,dhaselhan + minimum-approvals: 1 + issue-title: "TFRS ${{ env.GIT_REF }} Prod Deployment at ${{ steps.get-current-time.outputs.CURRENT_TIME }}" # - name: Helm Deployment # run: | diff --git a/.github/workflows/test-ci.yaml b/.github/workflows/test-ci.yaml index 717cee1e4..4beeb5131 100644 --- a/.github/workflows/test-ci.yaml +++ b/.github/workflows/test-ci.yaml @@ -106,14 +106,14 @@ jobs: yq -i '.image.tag = "${{ env.BUILD_SUFFIX }}"' tfrs/charts/scan-coordinator/values-test.yaml yq -i '.image.tag = "${{ env.BUILD_SUFFIX }}"' tfrs/charts/scan-handler/values-test.yaml - # - name: GitHub Commit & Push - # shell: bash {0} - # run: | - # git config --global user.email "actions@github.com" - # git config --global user.name "GitHub Actions" - # git add -A - # git commit -m "Update the image tag to ${{ env.BUILD_SUFFIX }} on Test" - # git push + - name: GitHub Commit & Push + shell: bash {0} + run: | + git config --global user.email "actions@github.com" + git config --global user.name "GitHub Actions" + git add -A + git commit -m "Update the image tag to ${{ env.BUILD_SUFFIX }} on Test" + git push - name: Restore oc command from Cache uses: actions/cache@v4.2.0 @@ -129,15 +129,15 @@ jobs: insecure_skip_tls_verify: true namespace: ${{ env.TOOLS_NAMESPACE }} - # - name: Tag and deploy to Test - # run: | - # helm -n ${{ env.TEST_NAMESPACE }} list - # oc tag ${{ env.DEV_NAMESPACE }}/tfrs-backend:${{ env.BUILD_SUFFIX }} ${{ env.TEST_NAMESPACE }}/tfrs-backend:${{ env.BUILD_SUFFIX }} - # oc tag ${{ env.DEV_NAMESPACE }}/tfrs-frontend:${{ env.BUILD_SUFFIX }} ${{ env.TEST_NAMESPACE }}/tfrs-frontend:${{ env.BUILD_SUFFIX }} - # oc tag ${{ env.DEV_NAMESPACE }}/tfrs-celery:${{ env.BUILD_SUFFIX }} ${{ env.TEST_NAMESPACE }}/tfrs-celery:${{ env.BUILD_SUFFIX }} - # oc tag ${{ env.DEV_NAMESPACE }}/tfrs-scan-coordinator:${{ env.BUILD_SUFFIX }} ${{ env.TEST_NAMESPACE }}/tfrs-scan-coordinator:${{ env.BUILD_SUFFIX }} - # oc tag ${{ env.DEV_NAMESPACE }}/tfrs-scan-handler:${{ env.BUILD_SUFFIX }} ${{ env.TEST_NAMESPACE }}/tfrs-scan-handler:${{ env.BUILD_SUFFIX }} - # oc tag ${{ env.DEV_NAMESPACE }}/tfrs-notification-server:${{ env.BUILD_SUFFIX }} ${{ env.TEST_NAMESPACE }}/tfrs-notification-server:${{ env.BUILD_SUFFIX }} + - name: Tag and deploy to Test + run: | + helm -n ${{ env.TEST_NAMESPACE }} list + oc tag ${{ env.DEV_NAMESPACE }}/tfrs-backend:${{ env.BUILD_SUFFIX }} ${{ env.TEST_NAMESPACE }}/tfrs-backend:${{ env.BUILD_SUFFIX }} + oc tag ${{ env.DEV_NAMESPACE }}/tfrs-frontend:${{ env.BUILD_SUFFIX }} ${{ env.TEST_NAMESPACE }}/tfrs-frontend:${{ env.BUILD_SUFFIX }} + oc tag ${{ env.DEV_NAMESPACE }}/tfrs-celery:${{ env.BUILD_SUFFIX }} ${{ env.TEST_NAMESPACE }}/tfrs-celery:${{ env.BUILD_SUFFIX }} + oc tag ${{ env.DEV_NAMESPACE }}/tfrs-scan-coordinator:${{ env.BUILD_SUFFIX }} ${{ env.TEST_NAMESPACE }}/tfrs-scan-coordinator:${{ env.BUILD_SUFFIX }} + oc tag ${{ env.DEV_NAMESPACE }}/tfrs-scan-handler:${{ env.BUILD_SUFFIX }} ${{ env.TEST_NAMESPACE }}/tfrs-scan-handler:${{ env.BUILD_SUFFIX }} + oc tag ${{ env.DEV_NAMESPACE }}/tfrs-notification-server:${{ env.BUILD_SUFFIX }} ${{ env.TEST_NAMESPACE }}/tfrs-notification-server:${{ env.BUILD_SUFFIX }} - id: get-current-time run: | @@ -152,23 +152,23 @@ jobs: minimum-approvals: 1 issue-title: "TFRS ${{ env.GIT_REF }} Test Deployment at ${{ steps.get-current-time.outputs.CURRENT_TIME }}" - # - name: Helm Deployment - # run: | - # cd tfrs/charts/backend - # helm -n ${{ env.TEST_NAMESPACE }} -f ./values-test.yaml upgrade --install tfrs-backend-test . \ - # --set podAnnotations.rolloutTriggered="A$(date +%s)E" - # cd ../frontend - # helm -n ${{ env.TEST_NAMESPACE }} -f ./values-test.yaml upgrade --install tfrs-frontend-test . \ - # --set podAnnotations.rolloutTriggered="A$(date +%s)E" - # cd ../notification-server - # helm -n ${{ env.TEST_NAMESPACE }} -f ./values-test.yaml upgrade --install tfrs-notification-server-test . \ - # --set podAnnotations.rolloutTriggered="A$(date +%s)E" - # cd ../celery - # helm -n ${{ env.TEST_NAMESPACE }} -f ./values-test.yaml upgrade --install tfrs-celery-test . \ - # --set podAnnotations.rolloutTriggered="A$(date +%s)E" - # cd ../scan-coordinator - # helm -n ${{ env.TEST_NAMESPACE }} -f ./values-test.yaml upgrade --install tfrs-scan-coordinator-test . \ - # --set podAnnotations.rolloutTriggered="A$(date +%s)E" - # cd ../scan-handler - # helm -n ${{ env.TEST_NAMESPACE }} -f ./values-test.yaml upgrade --install tfrs-scan-handler-test . \ - # --set podAnnotations.rolloutTriggered="A$(date +%s)E" + - name: Helm Deployment + run: | + cd tfrs/charts/backend + helm -n ${{ env.TEST_NAMESPACE }} -f ./values-test.yaml upgrade --install tfrs-backend-test . \ + --set podAnnotations.rolloutTriggered="A$(date +%s)E" + cd ../frontend + helm -n ${{ env.TEST_NAMESPACE }} -f ./values-test.yaml upgrade --install tfrs-frontend-test . \ + --set podAnnotations.rolloutTriggered="A$(date +%s)E" + cd ../notification-server + helm -n ${{ env.TEST_NAMESPACE }} -f ./values-test.yaml upgrade --install tfrs-notification-server-test . \ + --set podAnnotations.rolloutTriggered="A$(date +%s)E" + cd ../celery + helm -n ${{ env.TEST_NAMESPACE }} -f ./values-test.yaml upgrade --install tfrs-celery-test . \ + --set podAnnotations.rolloutTriggered="A$(date +%s)E" + cd ../scan-coordinator + helm -n ${{ env.TEST_NAMESPACE }} -f ./values-test.yaml upgrade --install tfrs-scan-coordinator-test . \ + --set podAnnotations.rolloutTriggered="A$(date +%s)E" + cd ../scan-handler + helm -n ${{ env.TEST_NAMESPACE }} -f ./values-test.yaml upgrade --install tfrs-scan-handler-test . \ + --set podAnnotations.rolloutTriggered="A$(date +%s)E"