Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

GRAD2-3119 #694

Merged
merged 50 commits into from
Dec 17, 2024
Merged
Show file tree
Hide file tree
Changes from 46 commits
Commits
Show all changes
50 commits
Select commit Hold shift + click to select a range
bad8513
Adding certificate and url endpoints
cditcher Nov 28, 2024
63db672
Updated certs with quotes
cditcher Nov 28, 2024
409f60d
Updated frontend to deployment
cditcher Nov 29, 2024
c85b0d9
Updated backend to Deployment
cditcher Nov 29, 2024
84f037f
Updated vue 3 actions
cditcher Nov 29, 2024
4977049
Updated backend deployment script to support deployment
cditcher Nov 29, 2024
e101a72
Updated gha for frontend vue3
cditcher Nov 29, 2024
cd702c6
Added envFrom
cditcher Nov 29, 2024
f1f0c27
updated envFrom
cditcher Nov 29, 2024
34cf723
Updated indentations in yaml
cditcher Nov 29, 2024
c7bde44
Minor change
cditcher Nov 29, 2024
0c5b656
Updated dev actions to use deployment
cditcher Nov 29, 2024
addd305
Updated frontend to use IAC for configmap
cditcher Dec 2, 2024
11a42c2
Minor syntax fix
cditcher Dec 2, 2024
9fdcda1
Removing volume mounts and configmap refs from frontend
cditcher Dec 2, 2024
3cb1393
Removed configmap update from deployment
cditcher Dec 2, 2024
aa6bc59
Added a backend configmap
cditcher Dec 2, 2024
81b342c
Removed frontend configmap
cditcher Dec 2, 2024
1ae64df
Revert "Removing volume mounts and configmap refs from frontend"
cditcher Dec 2, 2024
669a10b
Revert "Revert "Removing volume mounts and configmap refs from fronte…
cditcher Dec 2, 2024
3ae08ae
Cleanup
cditcher Dec 2, 2024
85f6fee
Syncing with dev deployment
cditcher Dec 2, 2024
7f07f39
Moved backend route to backend-dc.yaml
cditcher Dec 2, 2024
e6638c1
Testing changes to backend-dc.yaml
cditcher Dec 2, 2024
68ec281
Fixing syntax
cditcher Dec 2, 2024
10fee53
Updated backend GH Actions deployments
cditcher Dec 2, 2024
fadc8b4
Removed redundant variables for frontend dev
cditcher Dec 2, 2024
598051a
Removed redundant variables for frontend dev
cditcher Dec 2, 2024
26cf181
Updated HPA
cditcher Dec 2, 2024
4b4369f
Updated test and prod frontend deployments
cditcher Dec 2, 2024
4bcab35
Target env prod
cditcher Dec 2, 2024
30ba72e
Target env prod
cditcher Dec 2, 2024
9378429
grad.gov.bc.ca
cditcher Dec 2, 2024
c3cdb31
Cleaning up backend dc and vue 3 deploy
cditcher Dec 2, 2024
9c60763
Removing vars not used
cditcher Dec 2, 2024
9a7a1f2
Final cleanup for backend actions
cditcher Dec 3, 2024
f53d176
Added config map
cditcher Dec 3, 2024
0c7e749
Updated quotes
cditcher Dec 3, 2024
c5ce536
Updated update-configmap-backend.sh
cditcher Dec 3, 2024
89cccfc
Adding more automation to script
cditcher Dec 4, 2024
60e2877
Think she's working now
cditcher Dec 4, 2024
6b50109
Final cleanup
cditcher Dec 4, 2024
a416e87
Addressing conflicts
cditcher Dec 4, 2024
74ae79e
Merge branch 'main' into GRAD2-3119
cditcher Dec 4, 2024
bae6ef0
Sanitizing namespaces
cditcher Dec 4, 2024
693c07f
Removed debug code
cditcher Dec 4, 2024
4f472ef
More namespace sanitizing
cditcher Dec 4, 2024
dab39d7
added v2 trax to branch (#696)
michaeltangbcgov Dec 9, 2024
d247884
Updated env on deployment script to be env.TARGET_ENV
cditcher Dec 12, 2024
3668645
Merge branch 'main' into GRAD2-3119
cditcher Dec 17, 2024
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
65 changes: 39 additions & 26 deletions .github/workflows/build-n-deploy-backend-to-ocp-dev-vue3.yml
Original file line number Diff line number Diff line change
Expand Up @@ -15,19 +15,14 @@ env:
IMAGE_REGISTRY_USER: ${{ github.actor }}
IMAGE_REGISTRY_PASSWORD: ${{ github.token }}

IMAGE_NAME: educ-grad-admin-backend
DOCKER_ARTIFACTORY_REPO: artifacts.developer.gov.bc.ca/docker-remote
ARTIFACTORY_REPO: artifacts.developer.gov.bc.ca

APP_NAME: "educ-grad-admin"
REPO_NAME: "educ-grad-admin"
BRANCH: "vue3"
APP_NAME_BACKEND: "educ-grad-admin-backend"
NAMESPACE: ${{secrets.GRAD_NAMESPACE_NO_ENV}}
NAMESPACE_TOOLS: ${{secrets.GRAD_NAMESPACE_NO_ENV}}-tools
COMMON_NAMESPACE: ${{secrets.COMMON_NAMESPACE_NO_ENV}}
TAG: "latest"
TARGET_ENV: "dev"
BRANCH: "GRAD2-3119"

MIN_CPU: "50m"
MAX_CPU: "100m"
Expand All @@ -37,7 +32,7 @@ env:
MAX_REPLICAS: "1"

# SITE_URL should have no scheme or port. It will be prepended with https://
HOST_ROUTE: ${{ secrets.SITE_URL }}
HOST_ROUTE: "educ-grad-admin-${{secrets.GRAD_NAMESPACE_NO_ENV}}-dev.apps.silver.devops.gov.bc.ca"

on:
workflow_dispatch:
Expand All @@ -49,10 +44,6 @@ jobs:
runs-on: ubuntu-22.04
environment: dev-vue3

outputs:
ROUTE: ${{ steps.deploy-and-expose.outputs.route }}
SELECTOR: ${{ steps.deploy-and-expose.outputs.selector }}

steps:
- name: Check for required secrets
uses: actions/github-script@v4
Expand Down Expand Up @@ -147,28 +138,50 @@ jobs:
oc login --token=${{ env.OPENSHIFT_TOKEN }} --server=${{ env.OPENSHIFT_SERVER }}
oc project ${{ env.OPENSHIFT_NAMESPACE }}
# Cancel any rollouts in progress
oc rollout cancel dc/${{ env.IMAGE_NAME }}-dc 2> /dev/null \
oc rollout cancel deployment/${{ env.APP_NAME_BACKEND }} 2> /dev/null \
|| true && echo "No rollout in progress"

oc project ${{ env.OPENSHIFT_NAMESPACE }}

# Create the image stream if it doesn't exist
oc create imagestream ${{ env.REPO_NAME }}-backend 2> /dev/null || true && echo "Backend image stream in place"

oc tag ${{ steps.push-image-backend.outputs.registry-path }} ${{ env.REPO_NAME }}-backend:${{ env.TAG }}

# Process and apply deployment template
oc process -f tools/openshift/backend-dc.yaml -p IS_NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} -p REPO_NAME=educ-grad-admin -p HOST_ROUTE=educ-grad-admin-${{secrets.GRAD_NAMESPACE_NO_ENV}}-dev.apps.silver.devops.gov.bc.ca -p MIN_REPLICAS=${{ env.MIN_REPLICAS }} -p MAX_REPLICAS=${{ env.MAX_REPLICAS }} -p MIN_CPU=${{ env.MIN_CPU }} -p MAX_CPU=${{ env.MAX_CPU }} -p MIN_MEM=${{ env.MIN_MEM }} -p MAX_MEM=${{ env.MAX_MEM }} | oc apply -n ${{secrets.GRAD_NAMESPACE_NO_ENV}}-dev -f -

oc create imagestream ${{ env.APP_NAME_BACKEND}} 2> /dev/null || true && echo "Backend image stream in place"

oc tag ${{ steps.push-image-backend.outputs.registry-path }} ${{ env.APP_NAME_BACKEND }}:${{ env.TAG }}

# Process template
oc process -f tools/openshift/backend-dc.yaml \
-p IS_NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} \
-p APP_NAME=${{ env.APP_NAME }} \
-p HOST_ROUTE=${{ env.HOST_ROUTE }} \
-p MIN_REPLICAS=${{ env.MIN_REPLICAS }} \
-p MAX_REPLICAS=${{ env.MAX_REPLICAS }} \
-p MIN_CPU=${{ env.MIN_CPU }} \
-p MAX_CPU=${{ env.MAX_CPU }} \
-p MIN_MEM=${{ env.MIN_MEM }} \
-p MAX_MEM=${{ env.MAX_MEM }} \
-p BASE_URL=${{ env.TARGET_ENV }}.grad.gov.bc.ca \
-p ENVIRONMENT=${{ env.TARGET_ENV }} \
-p CERTIFICATE="${{ secrets.CERTIFICATE }}" \
-p CA_CERT="${{ secrets.CA_CERT }}" \
-p PRIVATE_KEY="${{ secrets.PRIVATE_KEY }}" \
| oc apply -n ${{ env.OPENSHIFT_NAMESPACE }} -f -

# update configmap
curl -s https://raw.githubusercontent.com/bcgov/${{ env.APP_NAME }}/refs/heads/${{ env.BRANCH }}/tools/openshift/update-configmap-backend.sh | bash /dev/stdin \
dev \
${{ env.APP_NAME }} \
${{ env.OPENSHIFT_NAMESPACE }} \
${{ env.TARGET_ENV }}.grad.gov.bc.ca \
${{ secrets.SOAM_CLIENT_SECRET }} \
${{ secrets.REDIS_PASSWORD }} \
${{ secrets.SPLUNK_TOKEN }} \
${{ secrets.COMMON_NAMESPACE }}

# Start rollout (if necessary) and follow it
oc rollout latest dc/${{ env.IMAGE_NAME }}-dc 2> /dev/null \
|| true && echo "Rollout in progress"
oc rollout restart deployment/${{ env.APP_NAME_BACKEND }}

oc logs -f dc/${{ env.IMAGE_NAME }}-dc
# Get status, returns 0 if rollout is successful
oc rollout status dc/${{ env.IMAGE_NAME }}-dc
oc rollout status deployment/${{ env.APP_NAME_BACKEND }}

- name: ZAP Scan
uses: zaproxy/[email protected]
with:
target: "https://educ-grad-admin-${{secrets.GRAD_NAMESPACE_NO_ENV}}-dev.apps.silver.devops.gov.bc.ca"
target: 'https://educ-grad-admin-${{ env.OPENSHIFT_NAMESPACE }}.apps.silver.devops.gov.bc.ca'
64 changes: 39 additions & 25 deletions .github/workflows/build-n-deploy-backend-to-ocp-dev.yml
Original file line number Diff line number Diff line change
Expand Up @@ -15,17 +15,11 @@ env:
IMAGE_REGISTRY_USER: ${{ github.actor }}
IMAGE_REGISTRY_PASSWORD: ${{ github.token }}

IMAGE_NAME: educ-grad-admin-backend
DOCKER_ARTIFACTORY_REPO: artifacts.developer.gov.bc.ca/docker-remote
ARTIFACTORY_REPO: artifacts.developer.gov.bc.ca

APP_NAME: 'educ-grad-admin'
REPO_NAME: "educ-grad-admin"
BRANCH: "main"
APP_NAME: "educ-grad-admin"
APP_NAME_BACKEND: "educ-grad-admin-backend"
NAMESPACE: bbe4c3
NAMESPACE_TOOLS: bbe4c3-tools
COMMON_NAMESPACE: 75e61b
TAG: "latest"
TARGET_ENV: "dev"

Expand All @@ -37,7 +31,7 @@ env:
MAX_REPLICAS: "2"

# SITE_URL should have no scheme or port. It will be prepended with https://
HOST_ROUTE: ${{ secrets.SITE_URL }}
HOST_ROUTE: "educ-grad-admin-bbe4c3-dev.apps.silver.devops.gov.bc.ca"

on:
workflow_dispatch:
Expand All @@ -49,10 +43,6 @@ jobs:
runs-on: ubuntu-22.04
environment: dev

outputs:
ROUTE: ${{ steps.deploy-and-expose.outputs.route }}
SELECTOR: ${{ steps.deploy-and-expose.outputs.selector }}

steps:
- name: Check for required secrets
uses: actions/github-script@v4
Expand Down Expand Up @@ -147,28 +137,52 @@ jobs:
oc login --token=${{ env.OPENSHIFT_TOKEN }} --server=${{ env.OPENSHIFT_SERVER }}
oc project ${{ env.OPENSHIFT_NAMESPACE }}
# Cancel any rollouts in progress
oc rollout cancel dc/${{ env.IMAGE_NAME }}-dc 2> /dev/null \
oc rollout cancel deployment/${{ env.APP_NAME_BACKEND }} 2> /dev/null \
|| true && echo "No rollout in progress"

oc project ${{ env.OPENSHIFT_NAMESPACE }}

# Create the image stream if it doesn't exist
oc create imagestream ${{ env.REPO_NAME }}-backend 2> /dev/null || true && echo "Backend image stream in place"

oc tag ${{ steps.push-image-backend.outputs.registry-path }} ${{ env.REPO_NAME }}-backend:${{ env.TAG }}
oc create imagestream ${{ env.APP_NAME_BACKEND}} 2> /dev/null || true && echo "Backend image stream in place"

oc tag ${{ steps.push-image-backend.outputs.registry-path }} ${{ env.APP_NAME_BACKEND }}:${{ env.TAG }}

# Process template
oc process -f tools/openshift/backend-dc.yaml \
-p IS_NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} \
-p APP_NAME=${{ env.APP_NAME }} \
-p HOST_ROUTE=${{ env.HOST_ROUTE }} \
-p MIN_REPLICAS=${{ env.MIN_REPLICAS }} \
-p MAX_REPLICAS=${{ env.MAX_REPLICAS }} \
-p MIN_CPU=${{ env.MIN_CPU }} \
-p MAX_CPU=${{ env.MAX_CPU }} \
-p MIN_MEM=${{ env.MIN_MEM }} \
-p MAX_MEM=${{ env.MAX_MEM }} \
-p BASE_URL=${{ env.TARGET_ENV }}.grad.gov.bc.ca \
-p ENVIRONMENT=${{ env.TARGET_ENV }} \
-p CERTIFICATE="${{ secrets.CERTIFICATE }}" \
-p CA_CERT="${{ secrets.CA_CERT }}" \
-p PRIVATE_KEY="${{ secrets.PRIVATE_KEY }}" \
| oc apply -n ${{ env.OPENSHIFT_NAMESPACE }} -f -

# update configmap
curl -s https://raw.githubusercontent.com/bcgov/${{ env.APP_NAME }}/refs/heads/main/tools/openshift/update-configmap-backend.sh | bash /dev/stdin \
dev \
${{ env.APP_NAME }} \
${{ env.OPENSHIFT_NAMESPACE }} \
${{ env.TARGET_ENV }}.grad.gov.bc.ca \
${{ secrets.SOAM_CLIENT_SECRET }} \
${{ secrets.REDIS_PASSWORD }} \
${{ secrets.SPLUNK_TOKEN }} \
${{ secrets.COMMON_NAMESPACE }}

# Process and apply deployment template
oc process -f tools/openshift/backend-dc.yaml -p IS_NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} -p REPO_NAME=educ-grad-admin -p HOST_ROUTE=educ-grad-admin-bbe4c3-dev.apps.silver.devops.gov.bc.ca -p MIN_REPLICAS=${{ env.MIN_REPLICAS }} -p MAX_REPLICAS=${{ env.MAX_REPLICAS }} -p MIN_CPU=${{ env.MIN_CPU }} -p MAX_CPU=${{ env.MAX_CPU }} -p MIN_MEM=${{ env.MIN_MEM }} -p MAX_MEM=${{ env.MAX_MEM }} | oc apply -n bbe4c3-dev -f -

# Start rollout (if necessary) and follow it
oc rollout latest dc/${{ env.IMAGE_NAME }}-dc 2> /dev/null \
|| true && echo "Rollout in progress"
oc rollout restart deployment/${{ env.APP_NAME_BACKEND }}

oc logs -f dc/${{ env.IMAGE_NAME }}-dc
# Get status, returns 0 if rollout is successful
oc rollout status dc/${{ env.IMAGE_NAME }}-dc
oc rollout status deployment/${{ env.APP_NAME_BACKEND }}

- name: ZAP Scan
uses: zaproxy/[email protected]
with:
target: 'https://educ-grad-admin-bbe4c3-dev.apps.silver.devops.gov.bc.ca'
target: 'https://educ-grad-admin-${{ env.OPENSHIFT_NAMESPACE }}.apps.silver.devops.gov.bc.ca'
60 changes: 37 additions & 23 deletions .github/workflows/build-n-deploy-frontend-to-ocp-dev-vue3.yml
Original file line number Diff line number Diff line change
Expand Up @@ -15,22 +15,26 @@ env:
IMAGE_REGISTRY_USER: ${{ github.actor }}
IMAGE_REGISTRY_PASSWORD: ${{ github.token }}

IMAGE_NAME: educ-grad-admin-frontend
DOCKER_ARTIFACTORY_REPO: artifacts.developer.gov.bc.ca/docker-remote
ARTIFACTORY_REPO: artifacts.developer.gov.bc.ca

APP_NAME: "educ-grad-admin"
REPO_NAME: "educ-grad-admin"
BRANCH: "main"
APP_NAME_FRONTEND: "educ-grad-admin-frontend"
NAMESPACE: ${{secrets.GRAD_NAMESPACE_NO_ENV}}
NAMESPACE_TOOLS: ${{secrets.GRAD_NAMESPACE_NO_ENV}}-tools
COMMON_NAMESPACE: ${{secrets.COMMON_NAMESPACE_NO_ENV}}
TAG: "latest"
TARGET_ENV: "dev"

MIN_CPU: "50m"
MAX_CPU: "100m"
MIN_MEM: "200Mi"
MAX_MEM: "250Mi"
MIN_REPLICAS: "1"
MAX_REPLICAS: "2"

# SITE_URL should have no scheme or port. It will be prepended with https://
HOST_ROUTE: ${{ secrets.SITE_URL }}
HOST_ROUTE: "educ-grad-admin-${{secrets.GRAD_NAMESPACE_NO_ENV}}-dev.apps.silver.devops.gov.bc.ca"

on:
workflow_dispatch:
Expand All @@ -42,10 +46,6 @@ jobs:
runs-on: ubuntu-22.04
environment: dev-vue3

outputs:
ROUTE: ${{ steps.deploy-and-expose.outputs.route }}
SELECTOR: ${{ steps.deploy-and-expose.outputs.selector }}

steps:
- name: Check for required secrets
uses: actions/github-script@v4
Expand Down Expand Up @@ -142,8 +142,8 @@ jobs:
oc project ${{ env.OPENSHIFT_NAMESPACE }}

# Create the image stream if it doesn't exist
oc create imagestream ${{ env.REPO_NAME }}-frontend 2> /dev/null || true && echo "Frontend image stream in place"
oc tag ${{ steps.push-image-frontend.outputs.registry-path }} ${{ env.REPO_NAME }}-frontend:${{ env.TAG }}
oc create imagestream ${{ env.APP_NAME }}-frontend 2> /dev/null || true && echo "Frontend image stream in place"
oc tag ${{ steps.push-image-frontend.outputs.registry-path }} ${{ env.APP_NAME }}-frontend:${{ env.TAG }}

# https://github.com/redhat-actions/oc-login#readme
- uses: actions/checkout@v2
Expand All @@ -153,24 +153,38 @@ jobs:
# Login to OpenShift and select project
oc login --token=${{ env.OPENSHIFT_TOKEN }} --server=${{ env.OPENSHIFT_SERVER }}
oc project ${{ env.OPENSHIFT_NAMESPACE }}

# Cancel any rollouts in progress
oc rollout cancel dc/${{ env.IMAGE_NAME }}-dc 2> /dev/null \
oc rollout cancel deployment/${{ env.APP_NAME_FRONTEND }} 2> /dev/null \
|| true && echo "No rollout in progress"

# Process and apply deployment template
oc process -f tools/openshift/frontend-dc.yaml -p REPO_NAME=educ-grad-admin \
-p HOST_ROUTE=educ-grad-admin-${{secrets.GRAD_NAMESPACE_NO_ENV}}-dev.apps.silver.devops.gov.bc.ca -p NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} \
-p APP_NAME=educ-grad-admin -p TAG=latest -p MIN_REPLICAS=2 -p MAX_REPLICAS=3 -p MIN_CPU=50m -p MAX_CPU=100m \
-p MIN_MEM=200Mi -p MAX_MEM=250Mi | oc apply -n ${{secrets.GRAD_NAMESPACE_NO_ENV}}-dev -f -

# Process template
oc process -f tools/openshift/frontend-dc.yaml \
-p HOST_ROUTE=${{ env.HOST_ROUTE }} \
-p NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} \
-p APP_NAME=${{ env.APP_NAME }} \
-p TAG=${{ env.TAG }} \
-p MIN_REPLICAS=${{ env.MIN_REPLICAS }} \
-p MAX_REPLICAS=${{ env.MAX_REPLICAS }} \
-p MIN_CPU=${{ env.MIN_CPU }} \
-p MAX_CPU=${{ env.MAX_CPU }} \
-p BASE_URL=${{ env.TARGET_ENV }}.grad.gov.bc.ca \
-p ENVIRONMENT=${{ env.TARGET_ENV }} \
-p CERTIFICATE="${{ secrets.CERTIFICATE }}" \
-p CA_CERT="${{ secrets.CA_CERT }}" \
-p PRIVATE_KEY="${{ secrets.PRIVATE_KEY }}" \
-p MIN_MEM=${{ env.MIN_MEM }} \
-p MAX_MEM=${{ env.MAX_MEM }} \
| oc apply -n ${{ env.OPENSHIFT_NAMESPACE }} -f -

# Start rollout (if necessary) and follow it
oc rollout latest dc/${{ env.IMAGE_NAME }}-dc 2> /dev/null \
|| true && echo "Rollout in progress"
oc logs -f dc/${{ env.IMAGE_NAME }}-dc
oc rollout restart deployment/${{ env.APP_NAME_FRONTEND }}

# Get status, returns 0 if rollout is successful
oc rollout status dc/${{ env.IMAGE_NAME }}-dc
oc rollout status deployment/${{ env.APP_NAME_FRONTEND }}

- name: ZAP Scan
uses: zaproxy/[email protected]
with:
target: "https://educ-grad-admin-${{secrets.GRAD_NAMESPACE_NO_ENV}}-dev.apps.silver.devops.gov.bc.ca"
target: 'https://educ-grad-admin-${{ env.OPENSHIFT_NAMESPACE }}.apps.silver.devops.gov.bc.ca'

Loading
Loading