Update build workflow and add secrets inheritance

bcgov · Feb 29, 2024 · 49ea967 · 49ea967
1 parent 5bebcff
commit 49ea967
Show file tree

Hide file tree

Showing 7 changed files with 236 additions and 88 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -1,4 +1,4 @@
-name: 🔨 Build on OpenShift
+name: 🚀 Deploy to OpenShift
 
 concurrency:
   group: ${{ github.workflow }}-github.ref }}
@@ -31,8 +31,8 @@ on:
   push:
     branches:
       - dev
-      - test
-      - prod
+      # - test
+      # - prod
     paths:
       - '**.Dockerfile'
       - '**.conf'
@@ -42,6 +42,7 @@ on:
       - '**.yml'
       - '**.json'
       - '**.sh'
+      - '**.txt'
   pull_request:
     branches:
       - dev
@@ -50,10 +51,13 @@ on:
     paths:
       - '**.Dockerfile'
       - '**.conf'
+      - '**.env'
       - '**.ini'
       - '**.php'
       - '**.yml'
-      - 'php-fpm-healthcheck.sh'
+      - '**.json'
+      - '**.sh'
+      - '**.txt'
 
 jobs:
   #Print variables for logging and debugging purposes
@@ -74,25 +78,30 @@ jobs:
     name: 🔨 Build DB image
     needs: [checkEnv]
     uses: ./.github/workflows/db.yml
+    secrets: inherit # pass all secrets
 
   php:
     name: 🔨 Build PHP image
     needs: [checkEnv]
     uses: ./.github/workflows/php.yml
+    secrets: inherit # pass all secrets
 
   cron:
     name: 🔨 Build CRON image
     needs: [checkEnv]
     uses: ./.github/workflows/cron.yml
+    secrets: inherit # pass all secrets
 
   moodle:
     name: 🔨 Build Moodle image
     needs: [checkEnv]
     uses: ./.github/workflows/moodle.yml
+    secrets: inherit # pass all secrets
 
   call-cleanup-workflow:
     name: 🧹️ Clean Build ( ${{ env.CLEAN_BUILDS }} )
     uses: ./.github/workflows/cleanup.yml
+    secrets: inherit # pass all secrets
     needs: [checkEnv, db, php, cron, moodle]
     if: success() && ${{ env == 'YES' }}
     secrets: inherit
@@ -111,6 +120,7 @@ jobs:
   call-deploy-workflow:
     name: 🚀 Deploy to OpenShift
     uses: ./.github/workflows/deploy.yml
+    secrets: inherit # pass all secrets
     needs: [checkEnv, db, php, cron, moodle, call-cleanup-workflow]
     if: needs.build-jfrog-images.result == 'success' || needs.build-jfrog-images.result == 'skipped' || needs.checkEnv.outputs.SKIP_BUILDS == 'FALSE'
     secrets: inherit

diff --git a/.github/workflows/cron.yml b/.github/workflows/cron.yml
@@ -10,27 +10,27 @@ env:
 
 on:
   workflow_call:
-  push:
-    branches:
-      - dev
-      #- test
-      #- prod
-    paths:
-      - 'CRON.Dockerfile'
-      - '**/config/cron/**'
-      - '**/workflows/**'
-      - '**/**.env'
-  pull_request:
-    branches:
-      - dev
-      #- test
-      #- prod
-    paths:
-      - 'CRON.Dockerfile'
-      - '**/config/cron/**'
-      #- '**/workflows/build-push-cron-image.yml'
-      - '**/workflows/**'
-      - '**/**.env'
+  # push:
+  #   branches:
+  #     - dev
+  #     #- test
+  #     #- prod
+  #   paths:
+  #     - 'CRON.Dockerfile'
+  #     - '**/config/cron/**'
+  #     - '**/workflows/**'
+  #     - '**/**.env'
+  # pull_request:
+  #   branches:
+  #     - dev
+  #     #- test
+  #     #- prod
+  #   paths:
+  #     - 'CRON.Dockerfile'
+  #     - '**/config/cron/**'
+  #     #- '**/workflows/build-push-cron-image.yml'
+  #     - '**/workflows/**'
+  #     - '**/**.env'
 jobs:
   #Print variables for logging and debugging purposes
   checkEnv:

diff --git a/.github/workflows/db.yml b/.github/workflows/db.yml
@@ -5,25 +5,32 @@ concurrency:
   cancel-in-progress: false
 
 on:
-  push:
-    branches:
-      - dev
-      #- test
-      #- prod
-    paths:
-      - '**/config/mariadb/**'
-      - '**/workflows/**'
-      - '**/**.env'
-  pull_request:
-    branches:
-      - dev
-      #- test
-      #- prod
-    paths:
-      - '**/config/mariadb/**'
-      #- '**/workflows/build-push-db-image.yml'
-      - '**/workflows/**'
-      - '**/**.env'
+  workflow_call:
+    inputs:
+      SKIP_BUILDS:
+        type: string
+        description: 'Skip builds if set to YES'
+        required: false
+        default: 'NO'
+  # push:
+  #   branches:
+  #     - dev
+  #     #- test
+  #     #- prod
+  #   paths:
+  #     - '**/config/mariadb/**'
+  #     - '**/workflows/**'
+  #     - '**/**.env'
+  # pull_request:
+  #   branches:
+  #     - dev
+  #     #- test
+  #     #- prod
+  #   paths:
+  #     - '**/config/mariadb/**'
+  #     #- '**/workflows/build-push-db-image.yml'
+  #     - '**/workflows/**'
+  #     - '**/**.env'
 jobs:
 
   # Build DB Image

diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -130,6 +130,14 @@ jobs:
           log-variables: true
           keys-case: upper
 
+      - name: Setup Versions Env Vars
+        id: dotenv_versions
+        uses: falti/dotenv-action@v1
+        with:
+          path: example.versions.env
+          export-variables: true
+          keys-case: upper
+
       # Log in to OpenShift.
       # Note: The secrets needed to log in are NOT available if the PR comes from a FORK.
       # PR's must originate from a branch off the original repo or else all openshift `oc` commands will fail.

diff --git a/.github/workflows/moodle.yml b/.github/workflows/moodle.yml
@@ -10,28 +10,28 @@ env:
 
 on:
   workflow_call:
-  push:
-    branches:
-      - dev
-      #- test
-      #- prod
-    paths:
-      - 'Moodle.Dockerfile'
-      - '**/config/moodle/**'
-      #- '**/workflows/build-push-moodle-image.yml'
-      - '**/workflows/**'
-      - '**/**.env'
-  pull_request:
-    branches:
-      - dev
-      #- test
-      #- prod
-    paths:
-      - 'Moodle.Dockerfile'
-      - '**/config/moodle/**'
-      #- '**/workflows/build-push-moodle-image.yml'
-      - '**/workflows/**'
-      - '**/**.env'
+  # push:
+  #   branches:
+  #     - dev
+  #     #- test
+  #     #- prod
+  #   paths:
+  #     - 'Moodle.Dockerfile'
+  #     - '**/config/moodle/**'
+  #     #- '**/workflows/build-push-moodle-image.yml'
+  #     - '**/workflows/**'
+  #     - '**/**.env'
+  # pull_request:
+  #   branches:
+  #     - dev
+  #     #- test
+  #     #- prod
+  #   paths:
+  #     - 'Moodle.Dockerfile'
+  #     - '**/config/moodle/**'
+  #     #- '**/workflows/build-push-moodle-image.yml'
+  #     - '**/workflows/**'
+  #     - '**/**.env'
 jobs:
   #Print variables for logging and debugging purposes
   checkEnv:

diff --git a/.github/workflows/php.yml b/.github/workflows/php.yml
@@ -10,28 +10,34 @@ env:
 
 on:
   workflow_call:
-  push:
-    branches:
-      - dev
-      #- test
-      #- prod
-    paths:
-      - 'PHP.Dockerfile'
-      - '**/config/**'
-      #- '**/workflows/php.yml'
-      - '**/workflows/**'
-      - '**/**.env'
-  pull_request:
-    branches:
-      - dev
-      #- test
-      #- prod
-    paths:
-      - '**.Dockerfile'
-      - '**/config/**'
-      #- '**/workflows/build-moodle-jfrog.yml'
-      - '**/workflows/**'
-      - '**/**.env'
+    inputs:
+      SKIP_BUILDS:
+        type: string
+        description: 'Skip builds if set to YES'
+        required: false
+        default: 'NO'
+  # push:
+  #   branches:
+  #     - dev
+  #     #- test
+  #     #- prod
+  #   paths:
+  #     - 'PHP.Dockerfile'
+  #     - '**/config/**'
+  #     #- '**/workflows/php.yml'
+  #     - '**/workflows/**'
+  #     - '**/**.env'
+  # pull_request:
+  #   branches:
+  #     - dev
+  #     #- test
+  #     #- prod
+  #   paths:
+  #     - '**.Dockerfile'
+  #     - '**/config/**'
+  #     #- '**/workflows/build-moodle-jfrog.yml'
+  #     - '**/workflows/**'
+  #     - '**/**.env'
 jobs:
   #Print variables for logging and debugging purposes
   checkEnv: