Added deploy.to.openshift.dev.and.test.yml

Author: cditcher

.github/workflows/deploy.to.openshift.dev.and.test.yml

@@ -0,0 +1,255 @@
+name: Build & Deploy to DEV and TEST
+env:
+
+  OPENSHIFT_SERVER: ${{ vars.OPENSHIFT_SERVER }}
+  OPENSHIFT_TOKEN: ${{ secrets.OPENSHIFT_TOKEN }}
+  COMMON_NAMESPACE: ${{ vars.COMMON_NAMESPACE }}
+  GRAD_NAMESPACE: ${{ vars.GRAD_NAMESPACE }}
+  BUSINESS_NAMESPACE: ${{ vars.GRAD_BUSINESS_NAMESPACE }}
+  IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }}
+  IMAGE_REGISTRY_USER: ${{ github.actor }}
+  IMAGE_REGISTRY_PASSWORD: ${{ github.token }}
+  SPRING_BOOT_IMAGE_NAME: educ-grad-data-conversion-api
+  REPO_NAME: "educ-grad-data-conversion-api"
+  APP_DOMAIN: ${{ vars.APP_DOMAIN }}
+  TAG: "latest"
+
+on:
+  # https://docs.github.com/en/actions/reference/events-that-trigger-workflows
+  # Runs on workflow dispatch. Running from another branch manually will use the branch 
+  # reference for everything in the script. Update configmaps, etc. all run from that reference branch.
+  workflow_dispatch:
+  push:
+    branches:
+      - main
+    paths:
+      - 'api/**'
+      - 'tools/**'
+
+jobs:
+  build-and-deploy-dev:
+    name: Build and deploy to OpenShift DEV
+    runs-on: ubuntu-22.04
+    environment: dev
+    env:
+      OPENSHIFT_NAMESPACE: ${{ vars.GRAD_NAMESPACE }}-dev
+      TARGET_ENV: dev
+      KEYCLOAK_URL: ${{ secrets.KEYCLOAK_URL }}
+      KEYCLOAK_REALM: ${{ secrets.KEYCLOAK_REALM }}
+      MIN_CPU: "50m"
+      MAX_CPU: "500m"
+      MIN_MEM: "1Gi"
+      MAX_MEM: "2Gi"
+      MIN_REPLICAS: "2"
+      MAX_REPLICAS: "3"
+
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.ref }}
+
+      - name: Determine image tags
+        if: env.TAG == ''
+        run: |
+          echo "TAG=latest ${GITHUB_SHA::12}" | tee -a $GITHUB_ENV
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ vars.DOCKER_ARTIFACTORY_REPO }}
+          username: ${{ vars.DOCKER_ARTIFACTORY_USERNAME }}
+          password: ${{ secrets.DOCKER_ARTIFACTORY_ACCESS_TOKEN }}
+
+      # https://github.com/redhat-actions/buildah-build#readme
+      - name: Build from Dockerfile
+        id: build-image
+        uses: redhat-actions/buildah-build@v2
+        with:
+          image: ${{ env.REPO_NAME }}
+          tags: ${{ env.TAG }}
+          dockerfiles: |
+            ./Dockerfile
+
+      # https://github.com/redhat-actions/push-to-registry#readme
+      - name: Push to registry
+        id: push-image
+        uses: redhat-actions/push-to-registry@v2
+        with:
+          image: ${{ steps.build-image.outputs.image }}
+          tags: ${{ steps.build-image.outputs.tags }}
+          registry: ${{ env.IMAGE_REGISTRY }}
+          username: ${{ env.IMAGE_REGISTRY_USER }}
+          password: ${{ env.IMAGE_REGISTRY_PASSWORD }}
+
+#      - name: Setup Node.js
+#        uses: actions/setup-node@v3
+#        with:
+#          node-version: '20'
+
+#      - name: Install dependencies
+#        run: npm install axios
+
+#      - name: Create/Update clients
+#        run: node ./tools/config/clients-and-scopes.js
+
+#      - name: Create/Update secrets
+#        run: node ./tools/openshift/fetch-and-create-secrets.js
+
+      # The path the image was pushed to is now stored in ${{ steps.push-image.outputs.registry-path }}
+      - name: Install oc
+        uses: redhat-actions/openshift-tools-installer@v1
+        with:
+          oc: 4
+
+        # https://github.com/redhat-actions/oc-login#readme
+      - name: Deploy
+        run: |
+          set -eux
+          # Login to OpenShift and select project
+          oc login --token=${{ env.OPENSHIFT_TOKEN }} --server=${{ env.OPENSHIFT_SERVER }}
+          oc project ${{ env.OPENSHIFT_NAMESPACE }}
+          # Cancel any rollouts in progress
+          oc rollout cancel deployment/${{ env.SPRING_BOOT_IMAGE_NAME }} 2> /dev/null \
+          || true && echo "No rollout in progress"
+          # tag image stream
+          oc -n ${{ env.OPENSHIFT_NAMESPACE }} tag ${{ steps.push-image.outputs.registry-path }} ${{ env.REPO_NAME }}:${{ env.TAG }}
+
+          # Process and apply deployment template
+          oc process -f tools/openshift/api.dc.yaml \
+          -p IS_NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} \
+          -p REPO_NAME=${{ env.REPO_NAME }} \
+          -p TAG_NAME=${{ env.TAG }} \
+          -p HOST_ROUTE=${{ env.REPO_NAME }}-${{ env.OPENSHIFT_NAMESPACE }}.${{ env.APP_DOMAIN }} \
+          -p MIN_REPLICAS=${{ env.MIN_REPLICAS }} \
+          -p MAX_REPLICAS=${{ env.MAX_REPLICAS }} \
+          -p MIN_CPU=${{ env.MIN_CPU }} \
+          -p MAX_CPU=${{ env.MAX_CPU }} \
+          -p MIN_MEM=${{ env.MIN_MEM }} \
+          -p MAX_MEM=${{ env.MAX_MEM }} | oc apply -f -
+          
+          # UPDATE Configmaps
+          curl -s https://raw.githubusercontent.com/bcgov/${{ env.REPO_NAME }}/${{ github.ref }}/tools/config/update-configmap.sh \
+          | bash /dev/stdin \
+          dev \
+          ${{ env.REPO_NAME }} \
+          ${{ env.GRAD_NAMESPACE }} \
+          ${{ env.COMMON_NAMESPACE }} \
+          ${{ env.BUSINESS_NAMESPACE }} \
+          ${{ secrets.SPLUNK_TOKEN }} \
+          ${{ vars.APP_LOG_LEVEL }}
+          
+          # OVERRIDE Configmaps
+          curl -s https://raw.githubusercontent.com/bcgov/${{ env.REPO_NAME }}/${{ github.ref }}/tools/config/override-configmap-dev.sh \
+          | bash /dev/stdin \
+          dev \
+          ${{ env.REPO_NAME }} \
+          ${{ env.GRAD_NAMESPACE }} \
+          ${{ env.COMMON_NAMESPACE }} \
+          ${{ env.BUSINESS_NAMESPACE }} \
+          ${{ secrets.SPLUNK_TOKEN }} \
+          ${{ vars.APP_LOG_LEVEL }}
+
+          # Start rollout (if necessary) and follow it
+          oc rollout restart deployment/${{ env.SPRING_BOOT_IMAGE_NAME }}
+          
+          # Get status, returns 0 if rollout is successful
+          oc rollout status deployment/${{ env.SPRING_BOOT_IMAGE_NAME }}
+
+  deploy-test:
+    name: Build and deploy to OpenShift TEST
+    needs: build-and-deploy-dev
+    runs-on: ubuntu-22.04
+    environment: test
+    env:
+      OPENSHIFT_NAMESPACE: ${{ vars.GRAD_NAMESPACE }}-test
+      TARGET_ENV: test
+      KEYCLOAK_URL: ${{ secrets.KEYCLOAK_URL }}
+      KEYCLOAK_REALM: ${{ secrets.KEYCLOAK_REALM }}
+      MIN_CPU: "50m"
+      MAX_CPU: "500m"
+      MIN_MEM: "1Gi"
+      MAX_MEM: "2Gi"
+      MIN_REPLICAS: "3"
+      MAX_REPLICAS: "4"
+
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.ref }}
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v3
+        with:
+          node-version: '20'
+
+      - name: Install dependencies
+        run: npm install axios
+
+      - name: Create/Update clients
+        run: node ./tools/config/clients-and-scopes.js
+
+      - name: Create/Update secrets
+        run: node ./tools/openshift/fetch-and-create-secrets.js
+
+      - name: Install oc
+        uses: redhat-actions/openshift-tools-installer@v1
+        with:
+          oc: 4
+
+        # https://github.com/redhat-actions/oc-login#readme
+      - name: Deploy
+        run: |
+          set -eux
+          # Login to OpenShift and select project
+          oc login --token=${{ env.OPENSHIFT_TOKEN }} --server=${{ env.OPENSHIFT_SERVER }}
+          oc project ${{ env.OPENSHIFT_NAMESPACE }}
+          # Cancel any rollouts in progress
+          oc rollout cancel deployment/${{ env.SPRING_BOOT_IMAGE_NAME }} 2> /dev/null \
+          || true && echo "No rollout in progress"
+          
+          oc tag ${{ env.OPENSHIFT_NAMESPACE }}/${{ env.REPO_NAME }}:${{ env.TAG }} \
+          ${{ env.OPENSHIFT_NAMESPACE }}/${{ env.REPO_NAME }}:${{ env.TAG }}
+          
+          # Process and apply deployment template
+          oc process -f tools/openshift/api.dc.yaml \
+          -p IS_NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} \
+          -p REPO_NAME=${{ env.REPO_NAME }} \
+          -p TAG_NAME=${{ env.TAG }} \
+          -p HOST_ROUTE=${{ env.REPO_NAME }}-${{ env.OPENSHIFT_NAMESPACE }}.${{ env.APP_DOMAIN }} \
+          -p MIN_REPLICAS=${{ env.MIN_REPLICAS }} \
+          -p MAX_REPLICAS=${{ env.MAX_REPLICAS }} \
+          -p MIN_CPU=${{ env.MIN_CPU }} \
+          -p MAX_CPU=${{ env.MAX_CPU }} \
+          -p MIN_MEM=${{ env.MIN_MEM }} \
+          -p MAX_MEM=${{ env.MAX_MEM }} | oc apply -f -
+          
+          # UPDATE Configmaps
+          curl -s https://raw.githubusercontent.com/bcgov/${{ env.REPO_NAME }}/${{ github.ref }}/tools/config/update-configmap.sh \
+          | bash /dev/stdin \
+          test \
+          ${{ env.REPO_NAME }} \
+          ${{ env.GRAD_NAMESPACE }} \
+          ${{ env.COMMON_NAMESPACE }} \
+          ${{ env.BUSINESS_NAMESPACE }} \
+          ${{ secrets.SPLUNK_TOKEN }} \
+          ${{ vars.APP_LOG_LEVEL }}
+
+          # Start rollout (if necessary) and follow it
+          oc rollout restart deployment/${{ env.SPRING_BOOT_IMAGE_NAME }}
+          
+          # Get status, returns 0 if rollout is successful
+          oc rollout status deployment/${{ env.SPRING_BOOT_IMAGE_NAME }}
+
+  zap-scan:
+    name: Zap Scan
+    needs: build-and-deploy-dev
+    runs-on: ubuntu-22.04
+    env:
+      OPENSHIFT_NAMESPACE: ${{ vars.GRAD_NAMESPACE }}-dev
+    steps:
+      - name: ZAP Scan
+        uses: zaproxy/action-api-scan@v0.9.0
+        with:
+          target: 'https://${{ env.REPO_NAME }}-${{ env.OPENSHIFT_NAMESPACE }}.apps.silver.devops.gov.bc.ca/api/v1/api-docs'