Add reusable .NET CI/CD workflow and onboard content-service (#2572)

Veerendrakak · Veerendra96-k · web-flow · commit feaa57eae0bd · 2026-03-27T12:49:26.000-07:00
* Add reusable .NET CI/CD workflow and onboard content-service

* fix: passing OPENSHIFT_TOKEN explicitly in reusable workflow callers

* Revert: restore folder-collection and api-services workflows from folder-collection branch

* fix: add continue-on-error to deployment report and remove redundant || true in reusable workflow

---------

Co-authored-by: Veerendra96-k &lt;kveerendra6896@gmail.com&gt;
diff --git a/.github/workflows/_reusable-dotnet-cicd.yml b/.github/workflows/_reusable-dotnet-cicd.yml
@@ -0,0 +1,258 @@
+name: Reusable .NET CI/CD
+
+on:
+  workflow_call:
+    inputs:
+      image_name:
+        required: true
+        type: string
+      csproj_path:
+        required: true
+        type: string
+      dockerfile:
+        required: true
+        type: string
+      component:
+        required: true
+        type: string
+      deployment_name:
+        required: true
+        type: string
+      kustomize_dev_path:
+        required: true
+        type: string
+      kustomize_test_path:
+        required: true
+        type: string
+      dev_branch:
+        required: false
+        type: string
+        default: ''
+      rollout_timeout:
+        required: false
+        type: string
+        default: '180s'
+      continue_on_error_verify:
+        required: false
+        type: boolean
+        default: false
+      health_check_method:
+        required: false
+        type: string
+        default: 'exec_curl'
+    secrets:
+      OPENSHIFT_TOKEN:
+        required: true
+
+permissions:
+  contents: read
+
+env:
+  OPENSHIFT_SERVER: https://api.silver.devops.gov.bc.ca:6443
+  OPENSHIFT_TOOLS_NAMESPACE: 9b301c-tools
+
+jobs:
+  ci:
+    name: CI — Validate (.NET 9)
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Setup .NET 9
+        uses: actions/setup-dotnet@v5
+        with:
+          dotnet-version: 9.x
+
+      - name: Restore
+        run: dotnet restore "${{ inputs.csproj_path }}"
+
+      - name: Check vulnerable packages
+        run: dotnet list "${{ inputs.csproj_path }}" package --vulnerable --include-transitive
+
+      - name: Lint
+        run: dotnet format "${{ inputs.csproj_path }}" --verify-no-changes --verbosity diagnostic
+
+      - name: Build
+        run: dotnet build "${{ inputs.csproj_path }}" --configuration Release --no-restore
+
+  cd-dev:
+    name: CD — Deploy to Dev
+    runs-on: ubuntu-latest
+    needs: ci
+    if: (github.event_name == 'push' || github.event_name == 'workflow_dispatch') && (github.ref == 'refs/heads/dev' || (inputs.dev_branch != '' && github.ref == format('refs/heads/{0}', inputs.dev_branch))) && github.repository == 'bcgov/tno'
+    environment: dev
+    env:
+      IMAGE_TAG: dev
+      OPENSHIFT_NAMESPACE: 9b301c-dev
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Build Docker Image
+        run: |
+          docker build \
+            -f ${{ inputs.dockerfile }} \
+            -t ${{ inputs.image_name }}:${{ github.sha }} \
+            .
+
+      - name: Login to OpenShift Image Registry
+        run: |
+          echo "${{ secrets.OPENSHIFT_TOKEN }}" | docker login \
+            image-registry.apps.silver.devops.gov.bc.ca \
+            -u serviceaccount \
+            --password-stdin
+
+      - name: Push Image to OpenShift Registry
+        run: |
+          docker tag \
+            ${{ inputs.image_name }}:${{ github.sha }} \
+            image-registry.apps.silver.devops.gov.bc.ca/${{ env.OPENSHIFT_TOOLS_NAMESPACE }}/${{ inputs.image_name }}:${{ env.IMAGE_TAG }}
+          docker push \
+            image-registry.apps.silver.devops.gov.bc.ca/${{ env.OPENSHIFT_TOOLS_NAMESPACE }}/${{ inputs.image_name }}:${{ env.IMAGE_TAG }}
+          docker tag \
+            ${{ inputs.image_name }}:${{ github.sha }} \
+            image-registry.apps.silver.devops.gov.bc.ca/${{ env.OPENSHIFT_TOOLS_NAMESPACE }}/${{ inputs.image_name }}:${{ github.sha }}
+          docker push \
+            image-registry.apps.silver.devops.gov.bc.ca/${{ env.OPENSHIFT_TOOLS_NAMESPACE }}/${{ inputs.image_name }}:${{ github.sha }}
+
+      - name: Install oc CLI
+        uses: redhat-actions/openshift-tools-installer@v1
+        with:
+          oc: latest
+
+      - name: Login to OpenShift
+        run: |
+          oc login \
+            --token=${{ secrets.OPENSHIFT_TOKEN }} \
+            --server=${{ env.OPENSHIFT_SERVER }}
+
+      - name: Deploy via Kustomize
+        run: oc apply -k ${{ inputs.kustomize_dev_path }} -n ${{ env.OPENSHIFT_NAMESPACE }}
+
+      - name: Rollout Restart
+        run: |
+          oc rollout restart deployment/${{ inputs.deployment_name }} \
+            -n ${{ env.OPENSHIFT_NAMESPACE }}
+
+      - name: Verify Deployment
+        continue-on-error: ${{ inputs.continue_on_error_verify }}
+        run: |
+          oc rollout status deployment/${{ inputs.deployment_name }} \
+            -n ${{ env.OPENSHIFT_NAMESPACE }} \
+            --timeout=${{ inputs.rollout_timeout }}
+
+      - name: Deployment Report
+        if: always()
+        continue-on-error: true
+        env:
+          HEALTH_CHECK_METHOD: ${{ inputs.health_check_method }}
+        run: |
+          echo "--- pod status ---"
+          oc get pods -l component=${{ inputs.component }} -n ${{ env.OPENSHIFT_NAMESPACE }}
+          echo "--- health check ---"
+          POD=$(oc get pod -l component=${{ inputs.component }} \
+            -n ${{ env.OPENSHIFT_NAMESPACE }} \
+            --sort-by=.metadata.creationTimestamp \
+            -o jsonpath='{.items[-1].metadata.name}')
+          if [ "$HEALTH_CHECK_METHOD" = "port_forward" ]; then
+            oc port-forward $POD 8080:8080 -n ${{ env.OPENSHIFT_NAMESPACE }} &
+            sleep 10
+            curl -sf http://localhost:8080/health
+            kill %1
+          else
+            oc exec $POD -n ${{ env.OPENSHIFT_NAMESPACE }} -- \
+              curl -sf http://localhost:8080/health
+          fi
+          echo "--- recent logs ---"
+          sleep 60
+          oc logs $POD -n ${{ env.OPENSHIFT_NAMESPACE }} --tail=20
+
+  cd-test:
+    name: CD — Deploy to Test
+    runs-on: ubuntu-latest
+    needs: ci
+    if: (github.event_name == 'push' || github.event_name == 'workflow_dispatch') && github.ref == 'refs/heads/master' && github.repository == 'bcgov/tno'
+    environment: test
+    env:
+      IMAGE_TAG: test
+      OPENSHIFT_NAMESPACE: 9b301c-test
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Build Docker Image
+        run: |
+          docker build \
+            -f ${{ inputs.dockerfile }} \
+            -t ${{ inputs.image_name }}:${{ github.sha }} \
+            .
+
+      - name: Login to OpenShift Image Registry
+        run: |
+          echo "${{ secrets.OPENSHIFT_TOKEN }}" | docker login \
+            image-registry.apps.silver.devops.gov.bc.ca \
+            -u serviceaccount \
+            --password-stdin
+
+      - name: Push Image to OpenShift Registry
+        run: |
+          docker tag \
+            ${{ inputs.image_name }}:${{ github.sha }} \
+            image-registry.apps.silver.devops.gov.bc.ca/${{ env.OPENSHIFT_TOOLS_NAMESPACE }}/${{ inputs.image_name }}:${{ env.IMAGE_TAG }}
+          docker push \
+            image-registry.apps.silver.devops.gov.bc.ca/${{ env.OPENSHIFT_TOOLS_NAMESPACE }}/${{ inputs.image_name }}:${{ env.IMAGE_TAG }}
+          docker tag \
+            ${{ inputs.image_name }}:${{ github.sha }} \
+            image-registry.apps.silver.devops.gov.bc.ca/${{ env.OPENSHIFT_TOOLS_NAMESPACE }}/${{ inputs.image_name }}:${{ github.sha }}
+          docker push \
+            image-registry.apps.silver.devops.gov.bc.ca/${{ env.OPENSHIFT_TOOLS_NAMESPACE }}/${{ inputs.image_name }}:${{ github.sha }}
+
+      - name: Install oc CLI
+        uses: redhat-actions/openshift-tools-installer@v1
+        with:
+          oc: latest
+
+      - name: Login to OpenShift
+        run: |
+          oc login \
+            --token=${{ secrets.OPENSHIFT_TOKEN }} \
+            --server=${{ env.OPENSHIFT_SERVER }}
+
+      - name: Deploy via Kustomize
+        run: oc apply -k ${{ inputs.kustomize_test_path }} -n ${{ env.OPENSHIFT_NAMESPACE }}
+
+      - name: Rollout Restart
+        run: |
+          oc rollout restart deployment/${{ inputs.deployment_name }} \
+            -n ${{ env.OPENSHIFT_NAMESPACE }}
+
+      - name: Verify Deployment
+        continue-on-error: ${{ inputs.continue_on_error_verify }}
+        run: |
+          oc rollout status deployment/${{ inputs.deployment_name }} \
+            -n ${{ env.OPENSHIFT_NAMESPACE }} \
+            --timeout=${{ inputs.rollout_timeout }}
+
+      - name: Deployment Report
+        if: always()
+        continue-on-error: true
+        env:
+          HEALTH_CHECK_METHOD: ${{ inputs.health_check_method }}
+        run: |
+          echo "--- pod status ---"
+          oc get pods -l component=${{ inputs.component }} -n ${{ env.OPENSHIFT_NAMESPACE }}
+          echo "--- health check ---"
+          POD=$(oc get pod -l component=${{ inputs.component }} \
+            -n ${{ env.OPENSHIFT_NAMESPACE }} \
+            --sort-by=.metadata.creationTimestamp \
+            -o jsonpath='{.items[-1].metadata.name}')
+          if [ "$HEALTH_CHECK_METHOD" = "port_forward" ]; then
+            oc port-forward $POD 8080:8080 -n ${{ env.OPENSHIFT_NAMESPACE }} &
+            sleep 10
+            curl -sf http://localhost:8080/health
+            kill %1
+          else
+            oc exec $POD -n ${{ env.OPENSHIFT_NAMESPACE }} -- \
+              curl -sf http://localhost:8080/health
+          fi
+          echo "--- recent logs ---"
+          sleep 60
+          oc logs $POD -n ${{ env.OPENSHIFT_NAMESPACE }} --tail=20
diff --git a/.github/workflows/content-service-cicd.yml b/.github/workflows/content-service-cicd.yml
@@ -0,0 +1,40 @@
+name: Content Service CI/CD
+
+on:
+  workflow_dispatch:
+  pull_request:
+    branches: [dev, master]
+    paths:
+      - services/net/content/**
+      - libs/net/**
+      - openshift/kustomize/services/content/**
+      - .github/workflows/content-service-cicd.yml
+  push:
+    branches: [dev, master, content-service]
+    paths:
+      - services/net/content/**
+      - libs/net/**
+      - openshift/kustomize/services/content/**
+      - .github/workflows/content-service-cicd.yml
+
+concurrency:
+  group: content-service-${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  pipeline:
+    uses: ./.github/workflows/_reusable-dotnet-cicd.yml
+    with:
+      image_name: content-service
+      csproj_path: services/net/content/TNO.Services.Content.csproj
+      dockerfile: services/net/content/Dockerfile
+      component: content-service
+      deployment_name: content-service
+      kustomize_dev_path: openshift/kustomize/services/content/overlays/dev
+      kustomize_test_path: openshift/kustomize/services/content/overlays/test
+      dev_branch: content-service
+      rollout_timeout: '180s'
+      continue_on_error_verify: false
+      health_check_method: exec_curl
+    secrets:
+      OPENSHIFT_TOKEN: ${{ secrets.OPENSHIFT_TOKEN }}
