Skip to content
This repository has been archived by the owner on Jan 30, 2024. It is now read-only.

Bump swagger-ui-express from 4.5.0 to 4.6.3 in /apis/TypeScript/Nest #70

Bump swagger-ui-express from 4.5.0 to 4.6.3 in /apis/TypeScript/Nest

Bump swagger-ui-express from 4.5.0 to 4.6.3 in /apis/TypeScript/Nest #70

name: openshift-node-nest-api
env:
OPENSHIFT_SERVER: ${{ secrets.OPENSHIFT_SERVER }}
OPENSHIFT_TOKEN: ${{ secrets.OPENSHIFT_TOKEN }}
OPENSHIFT_NAMESPACE_NO_ENV: ${{ secrets.NAMESPACE_NO_ENV}}
IMAGE_REGISTRY: ghcr.io/${{ github.repository }}
IMAGE_REGISTRY_USER: ${{ github.actor }}
IMAGE_REGISTRY_PASSWORD: ${{ github.token }}
OIDC_AUTH_SERVER_URL: ${{ secrets.OIDC_AUTH_SERVER_URL }}
# 🖊️ EDIT to specify custom tags for the container image, or default tags will be generated below.
IMAGE_TAGS: ""
DOCKER_ARTIFACTORY_REPO: artifacts.developer.gov.bc.ca/docker-remote
ARTIFACTORY_REPO: artifacts.developer.gov.bc.ca
APP_NAME: 'nest-api'
REPO_NAME: "nr-arch-templates"
JOB_NAME: "main"
NAMESPACE: ${{ secrets.NAMESPACE_NO_ENV }}
TAG: "latest"
TARGET_ENV: "dev"
MIN_REPLICAS: "1"
MAX_REPLICAS: "1"
MIN_CPU: "50m"
MAX_CPU: "150m"
MIN_MEM: "50Mi"
MAX_MEM: "250Mi"
on:
workflow_dispatch:
pull_request:
branches:
- main
paths:
- 'apis/TypeScript/Nest/**'
jobs:
openshift-ci-cd:
name: Build and deploy to OpenShift
runs-on: ubuntu-22.04
environment: nest-dev
defaults:
run:
working-directory: apis/TypeScript/Nest
outputs:
ROUTE: ${{ steps.deploy-and-expose.outputs.route }}
SELECTOR: ${{ steps.deploy-and-expose.outputs.selector }}
steps:
- name: Check for required secrets
uses: actions/github-script@v4
with:
script: |
const secrets = {
OPENSHIFT_SERVER: `${{ secrets.OPENSHIFT_SERVER }}`,
OPENSHIFT_TOKEN: `${{ secrets.OPENSHIFT_TOKEN }}`,
OPENSHIFT_NAMESPACE_NO_ENV: ${{ secrets.NAMESPACE_NO_ENV}}
};
const GHCR = "ghcr.io";
if (`${{ env.IMAGE_REGISTRY }}`.startsWith(GHCR)) {
core.info(`Image registry is ${GHCR} - no registry password required`);
}
else {
core.info("A registry password is required");
secrets["IMAGE_REGISTRY_PASSWORD"] = `${{ secrets.IMAGE_REGISTRY_PASSWORD }}`;
}
const missingSecrets = Object.entries(secrets).filter(([ name, value ]) => {
if (value.length === 0) {
core.error(`Secret "${name}" is not set`);
return true;
}
core.info(`✔️ Secret "${name}" is set`);
return false;
});
if (missingSecrets.length > 0) {
core.setFailed(`❌ At least one required secret is not set in the repository. \n` +
"You can add it using:\n" +
"GitHub UI: https://docs.github.com/en/actions/reference/encrypted-secrets#creating-encrypted-secrets-for-a-repository \n" +
"GitHub CLI: https://cli.github.com/manual/gh_secret_set \n" +
"Also, refer to https://github.com/redhat-actions/oc-login#getting-started-with-the-action-or-see-example");
}
else {
core.info(`✅ All the required secrets are set`);
}
- name: Check out repository
uses: actions/checkout@v2
- name: Determine image tags
if: env.IMAGE_TAGS == ''
run: |
echo "IMAGE_TAGS=latest ${GITHUB_SHA::12}" | tee -a $GITHUB_ENV
- name: Login to Docker Hub
uses: docker/login-action@v1
with:
registry: ${{ env.DOCKER_ARTIFACTORY_REPO }}
username: ${{ secrets.DOCKER_HUB_USERNAME }}
password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
- name: Add Node.js
uses: actions/setup-node@v3
with:
node-version: '18.x'
- uses: actions/cache@v3
with:
path: ~/.npm
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-node-
- name: Install Dependencies
run: npm ci
- name: Run Unit Tests
run: npm run test
- name: Build Prod artifact
run: |
npm run build
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Cache Docker layers
uses: actions/cache@v3
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-buildx-${{ github.sha }}
restore-keys: |
${{ runner.os }}-buildx-
- name: Log in to the Container registry
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build and push Application image
uses: docker/[email protected]
with:
context: .
push: true
tags: |
"${{ env.IMAGE_REGISTRY }}/${{ env.APP_NAME }}:latest"
cache-from: type=gha
cache-to: type=gha,mode=max
file: |
./apis/TypeScript/Nest/Dockerfile-openshift
- name: Build and push Migration image
uses: docker/[email protected]
with:
context: .
push: true
tags: |
"${{ env.IMAGE_REGISTRY }}/${{ env.APP_NAME }}-migration:latest"
cache-from: type=gha
cache-to: type=gha,mode=max
file: |
./apis/TypeScript/Nest/Dockerfile-migrations-openshift
- uses: actions/checkout@v2
- name: Deploy
run: |
set +e -ux
# Login to OpenShift and select project
oc login --token=${{ env.OPENSHIFT_TOKEN }} --server=${{ env.OPENSHIFT_SERVER }}
oc tag -d ${{ env.APP_NAME }}:${{ env.TAG }}
oc tag -d ${{ env.APP_NAME }}-migration:${{ env.TAG }}
oc tag ${{ env.IMAGE_REGISTRY }}/${{ env.APP_NAME }}:latest ${{ env.APP_NAME }}:${{ env.TAG }}
oc tag ${{ env.IMAGE_REGISTRY }}/${{ env.APP_NAME }}-migration:latest ${{ env.APP_NAME }}-migration:${{ env.TAG }}
# Process and create postgres deployment template
oc process -f https://raw.githubusercontent.com/bcgov/nr-arch-templates/main/apis/TypeScript/Nest/.pipeline/openshift/openshift-postgres-deployment-config.yaml -p APP_NAME=${{ env.APP_NAME }} -p REPO_NAME=${{ env.REPO_NAME }} -p JOB_NAME=${{ env.JOB_NAME }} -p NAMESPACE=${{ env.OPENSHIFT_NAMESPACE_NO_ENV }}-${{env.TARGET_ENV}} \
| oc create -f -
#check the status
oc rollout status dc/${{ env.APP_NAME }}-postgres
# Process and apply deployment template
oc process -f https://raw.githubusercontent.com/bcgov/nr-arch-templates/main/apis/TypeScript/Nest/.pipeline/openshift/openshift-deployment-config.yml -p APP_NAME=${{ env.APP_NAME }} -p REPO_NAME=${{ env.REPO_NAME }} -p JOB_NAME=${{ env.JOB_NAME }} -p NAMESPACE=${{ env.OPENSHIFT_NAMESPACE_NO_ENV }}-${{env.TARGET_ENV}} -p TAG=${{ env.TAG }} -p MIN_REPLICAS=${{ env.MIN_REPLICAS }} -p MAX_REPLICAS=${{ env.MAX_REPLICAS }} -p MIN_CPU=${{ env.MIN_CPU }} -p MAX_CPU=${{ env.MAX_CPU }} -p MIN_MEM=${{ env.MIN_MEM }} -p MAX_MEM=${{ env.MAX_MEM }} \
| oc apply -f -
# Start rollout (if necessary) and follow it
oc rollout latest dc/${{ env.APP_NAME }} 2> /dev/null \
|| true && echo "Rollout in progress"
oc logs -f dc/${{ env.APP_NAME }}
# Get status, returns 0 if rollout is successful
oc rollout status dc/${{ env.APP_NAME }}