From 49ea967ee809622d5a95c4a05e7babe41b622e77 Mon Sep 17 00:00:00 2001 From: Warren Christian <70002196+warrenchristian1telus@users.noreply.github.com> Date: Thu, 29 Feb 2024 12:26:43 -0800 Subject: [PATCH] Update build workflow and add secrets inheritance --- .github/workflows/build.yml | 18 ++++-- .github/workflows/cron.yml | 42 ++++++------- .github/workflows/db.yml | 45 ++++++++------ .github/workflows/deploy.yml | 8 +++ .github/workflows/moodle.yml | 44 ++++++------- .github/workflows/php.yml | 50 ++++++++------- .github/workflows/web.yml | 117 +++++++++++++++++++++++++++++++++++ 7 files changed, 236 insertions(+), 88 deletions(-) create mode 100644 .github/workflows/web.yml diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 973de01..4cb72a2 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -1,4 +1,4 @@ -name: ๐Ÿ”จ Build on OpenShift +name: ๐Ÿš€ Deploy to OpenShift concurrency: group: ${{ github.workflow }}-github.ref }} @@ -31,8 +31,8 @@ on: push: branches: - dev - - test - - prod + # - test + # - prod paths: - '**.Dockerfile' - '**.conf' @@ -42,6 +42,7 @@ on: - '**.yml' - '**.json' - '**.sh' + - '**.txt' pull_request: branches: - dev @@ -50,10 +51,13 @@ on: paths: - '**.Dockerfile' - '**.conf' + - '**.env' - '**.ini' - '**.php' - '**.yml' - - 'php-fpm-healthcheck.sh' + - '**.json' + - '**.sh' + - '**.txt' jobs: #Print variables for logging and debugging purposes @@ -74,25 +78,30 @@ jobs: name: ๐Ÿ”จ Build DB image needs: [checkEnv] uses: ./.github/workflows/db.yml + secrets: inherit # pass all secrets php: name: ๐Ÿ”จ Build PHP image needs: [checkEnv] uses: ./.github/workflows/php.yml + secrets: inherit # pass all secrets cron: name: ๐Ÿ”จ Build CRON image needs: [checkEnv] uses: ./.github/workflows/cron.yml + secrets: inherit # pass all secrets moodle: name: ๐Ÿ”จ Build Moodle image needs: [checkEnv] uses: ./.github/workflows/moodle.yml + secrets: inherit # pass all secrets call-cleanup-workflow: name: ๐Ÿงน๏ธ Clean Build ( ${{ env.CLEAN_BUILDS }} ) uses: ./.github/workflows/cleanup.yml + secrets: inherit # pass all secrets needs: [checkEnv, db, php, cron, moodle] if: success() && ${{ env == 'YES' }} secrets: inherit @@ -111,6 +120,7 @@ jobs: call-deploy-workflow: name: ๐Ÿš€ Deploy to OpenShift uses: ./.github/workflows/deploy.yml + secrets: inherit # pass all secrets needs: [checkEnv, db, php, cron, moodle, call-cleanup-workflow] if: needs.build-jfrog-images.result == 'success' || needs.build-jfrog-images.result == 'skipped' || needs.checkEnv.outputs.SKIP_BUILDS == 'FALSE' secrets: inherit diff --git a/.github/workflows/cron.yml b/.github/workflows/cron.yml index e824ecb..43e2255 100644 --- a/.github/workflows/cron.yml +++ b/.github/workflows/cron.yml @@ -10,27 +10,27 @@ env: on: workflow_call: - push: - branches: - - dev - #- test - #- prod - paths: - - 'CRON.Dockerfile' - - '**/config/cron/**' - - '**/workflows/**' - - '**/**.env' - pull_request: - branches: - - dev - #- test - #- prod - paths: - - 'CRON.Dockerfile' - - '**/config/cron/**' - #- '**/workflows/build-push-cron-image.yml' - - '**/workflows/**' - - '**/**.env' + # push: + # branches: + # - dev + # #- test + # #- prod + # paths: + # - 'CRON.Dockerfile' + # - '**/config/cron/**' + # - '**/workflows/**' + # - '**/**.env' + # pull_request: + # branches: + # - dev + # #- test + # #- prod + # paths: + # - 'CRON.Dockerfile' + # - '**/config/cron/**' + # #- '**/workflows/build-push-cron-image.yml' + # - '**/workflows/**' + # - '**/**.env' jobs: #Print variables for logging and debugging purposes checkEnv: diff --git a/.github/workflows/db.yml b/.github/workflows/db.yml index d85546b..8e425ad 100644 --- a/.github/workflows/db.yml +++ b/.github/workflows/db.yml @@ -5,25 +5,32 @@ concurrency: cancel-in-progress: false on: - push: - branches: - - dev - #- test - #- prod - paths: - - '**/config/mariadb/**' - - '**/workflows/**' - - '**/**.env' - pull_request: - branches: - - dev - #- test - #- prod - paths: - - '**/config/mariadb/**' - #- '**/workflows/build-push-db-image.yml' - - '**/workflows/**' - - '**/**.env' + workflow_call: + inputs: + SKIP_BUILDS: + type: string + description: 'Skip builds if set to YES' + required: false + default: 'NO' + # push: + # branches: + # - dev + # #- test + # #- prod + # paths: + # - '**/config/mariadb/**' + # - '**/workflows/**' + # - '**/**.env' + # pull_request: + # branches: + # - dev + # #- test + # #- prod + # paths: + # - '**/config/mariadb/**' + # #- '**/workflows/build-push-db-image.yml' + # - '**/workflows/**' + # - '**/**.env' jobs: # Build DB Image diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 3fa6d6b..8a54e10 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -130,6 +130,14 @@ jobs: log-variables: true keys-case: upper + - name: Setup Versions Env Vars + id: dotenv_versions + uses: falti/dotenv-action@v1 + with: + path: example.versions.env + export-variables: true + keys-case: upper + # Log in to OpenShift. # Note: The secrets needed to log in are NOT available if the PR comes from a FORK. # PR's must originate from a branch off the original repo or else all openshift `oc` commands will fail. diff --git a/.github/workflows/moodle.yml b/.github/workflows/moodle.yml index 0fe2382..26e5851 100644 --- a/.github/workflows/moodle.yml +++ b/.github/workflows/moodle.yml @@ -10,28 +10,28 @@ env: on: workflow_call: - push: - branches: - - dev - #- test - #- prod - paths: - - 'Moodle.Dockerfile' - - '**/config/moodle/**' - #- '**/workflows/build-push-moodle-image.yml' - - '**/workflows/**' - - '**/**.env' - pull_request: - branches: - - dev - #- test - #- prod - paths: - - 'Moodle.Dockerfile' - - '**/config/moodle/**' - #- '**/workflows/build-push-moodle-image.yml' - - '**/workflows/**' - - '**/**.env' + # push: + # branches: + # - dev + # #- test + # #- prod + # paths: + # - 'Moodle.Dockerfile' + # - '**/config/moodle/**' + # #- '**/workflows/build-push-moodle-image.yml' + # - '**/workflows/**' + # - '**/**.env' + # pull_request: + # branches: + # - dev + # #- test + # #- prod + # paths: + # - 'Moodle.Dockerfile' + # - '**/config/moodle/**' + # #- '**/workflows/build-push-moodle-image.yml' + # - '**/workflows/**' + # - '**/**.env' jobs: #Print variables for logging and debugging purposes checkEnv: diff --git a/.github/workflows/php.yml b/.github/workflows/php.yml index a767dba..8f38258 100644 --- a/.github/workflows/php.yml +++ b/.github/workflows/php.yml @@ -10,28 +10,34 @@ env: on: workflow_call: - push: - branches: - - dev - #- test - #- prod - paths: - - 'PHP.Dockerfile' - - '**/config/**' - #- '**/workflows/php.yml' - - '**/workflows/**' - - '**/**.env' - pull_request: - branches: - - dev - #- test - #- prod - paths: - - '**.Dockerfile' - - '**/config/**' - #- '**/workflows/build-moodle-jfrog.yml' - - '**/workflows/**' - - '**/**.env' + inputs: + SKIP_BUILDS: + type: string + description: 'Skip builds if set to YES' + required: false + default: 'NO' + # push: + # branches: + # - dev + # #- test + # #- prod + # paths: + # - 'PHP.Dockerfile' + # - '**/config/**' + # #- '**/workflows/php.yml' + # - '**/workflows/**' + # - '**/**.env' + # pull_request: + # branches: + # - dev + # #- test + # #- prod + # paths: + # - '**.Dockerfile' + # - '**/config/**' + # #- '**/workflows/build-moodle-jfrog.yml' + # - '**/workflows/**' + # - '**/**.env' jobs: #Print variables for logging and debugging purposes checkEnv: diff --git a/.github/workflows/web.yml b/.github/workflows/web.yml new file mode 100644 index 0000000..38839bc --- /dev/null +++ b/.github/workflows/web.yml @@ -0,0 +1,117 @@ +name: ๐Ÿ”จ Push Web Image to Artifactory and Deploy to OpenShift + +concurrency: + group: ${{ github.workflow }}-github.ref }} + cancel-in-progress: false + +env: + APP: web + USER: ${{ github.actor }} + +on: + workflow_call: + push: + branches: + - dev + #- test + #- prod + paths: + - 'PHP.Dockerfile' + - '**/config/nginx/**' + - '**/workflows/web.yml' + - '**/**.env' + pull_request: + branches: + - dev + #- test + #- prod + paths: + - 'PHP.Dockerfile' + - '**/config/nginx/**' + - '**/workflows/web.yml' + - '**/**.env' +jobs: + #Print variables for logging and debugging purposes + checkEnv: + name: ๐Ÿ“‹ Environment Check + runs-on: ubuntu-latest + steps: + - name: Check Env Vars + run: | + echo Building ${{ env.WEB_DEPLOYMENT_NAME }}:${{ env.OPENSHIFT_DEPLOY_PROJECT }}-${{ github.ref_name }} + + # Build Images + + build-images: + name: '๐Ÿ”จ Build Moodle and PHP images' + needs: [checkEnv] + runs-on: ubuntu-latest + if: ${{ needs.checkEnv.SKIP_BUILDS != 'YES' }} && (github.ref_name == 'dev' || github.ref_name == 'test' || github.ref_name == 'prod') + steps: + # Checkout the PR branch + - name: ๐Ÿ“ค Checkout Target Branch + uses: actions/checkout@v2 + + # Login to Artifactory + - name: ๐Ÿ”‘ Login to Artifactory + uses: docker/login-action@v3 + with: + registry: ${{ secrets.ARTIFACTORY_URL }} + username: ${{ secrets.ARTIFACTORY_USER }} + password: ${{ secrets.ARTIFACTORY_PASSWORD }} + + - name: Setup Env Vars + id: dotenv + uses: falti/dotenv-action@v1 + with: + path: example.env + export-variables: true + keys-case: upper + + - name: Setup Versions Env Vars + id: dotenv_versions + uses: falti/dotenv-action@v1 + with: + path: example.versions.env + export-variables: true + keys-case: upper + + # Pull latest WEB image and push to Artifactory + - name: ๐Ÿ› ๏ธ Pull WEB base image and push to Artifactory + run: | + docker pull ${{ env.WEB_IMAGE }} + docker tag ${{ env.WEB_IMAGE }} ${{ secrets.ARTIFACTORY_URL }}/${{ env.WEB_IMAGE }} + docker push ${{ secrets.ARTIFACTORY_URL }}/${{ env.WEB_IMAGE }} + + # Log in to OpenShift. + # Note: The secrets needed to log in are NOT available if the PR comes from a FORK. + # PR's must originate from a branch off the original repo or else all openshift `oc` commands will fail. + - name: ๐Ÿ”‘ Log in to OpenShift ( ${{ github.ref_name }} ) + run: | + server=https://api.silver.devops.gov.bc.ca:6443 + if [[ ${{ github.ref_name == 'test' }} ]]; then + oc login --token=${{ secrets.AUTH_TOKEN_DEV }} --server=$server + elif [[ ${{ github.ref_name == 'test' }} ]]; then + oc login --token=${{ secrets.AUTH_TOKEN_TEST }} --server=$server + elif [[ ${{ github.ref_name == 'prod' }} ]]; then + oc login --token=${{ secrets.AUTH_TOKEN_PROD }} --server=$server + else + echo "No AUTH_TOKEN found for ${{ github.ref_name }} branch" + fi + + + # For a graceful termination, set the replica count of the Pods in the mariadb-galera StatefulSet to 0: + # oc scale dc ${{ env.WEB_DEPLOYMENT_NAME }} --replicas=0 + # To uninstall/delete the my-release release: + # helm delete --purge ${{ env.WEB_DEPLOYMENT_NAME }} + - name: ๐Ÿš€ Deploy ${{ env.WEB_DEPLOYMENT_NAME }} to ${{ env.OPENSHIFT_DEPLOY_PROJECT }}-${{ github.ref_name }} + if: success() + run: | + if [[ `oc describe dc ${{ env.WEB_DEPLOYMENT_NAME }} 2>&1` =~ "NotFound" ]]; then + echo "${{ env.WEB_DEPLOYMENT_NAME }} NOT FOUND: Beginning deployment..." + oc create configmap ${{ env.WEB_DEPLOYMENT_NAME }}-config --from-file=./config/nginx/default.conf -n ${{ env.OPENSHIFT_DEPLOY_PROJECT }}-${{ github.ref_name }} + else + echo "${{ env.WEB_DEPLOYMENT_NAME }} Installation FOUND...UPDATING..." + oc annotate --overwrite dc/${{ env.WEB_DEPLOYMENT_NAME }} kubectl.kubernetes.io/restartedAt=`date +%FT%T` -n ${{ env.OPENSHIFT_DEPLOY_PROJECT }}-${{ github.ref_name }} + oc rollout restart dc/${{ env.WEB_DEPLOYMENT_NAME }} + fi \ No newline at end of file