Deploy application using private image #595
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy application using private image | |
| on: | |
| push: | |
| workflow_dispatch: | |
| schedule: | |
| - cron: '0 0 * * *' # every day at midnight | |
| env: | |
| IMAGE_PATH: quay.io/redhat-github-actions/petclinic-private:latest | |
| APP_NAME: petclinic | |
| APP_PORT: 8080 | |
| PULL_SECRET_NAME: registry-pull-secret | |
| REGISTRY_USERNAME: redhat-github-actions+redhat_actions_ci_puller | |
| concurrency: | |
| group: example-private-workflow | |
| cancel-in-progress: false | |
| jobs: | |
| using-auth-file: | |
| name: Create secret using auth file | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| auth-type: [ "docker", "podman" ] | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: OpenShift login | |
| uses: redhat-actions/oc-login@v1 | |
| with: | |
| openshift_server_url: ${{ secrets.OPENSHIFT_SERVER }} | |
| openshift_token: ${{ secrets.OPENSHIFT_TOKEN }} | |
| insecure_skip_tls_verify: true | |
| namespace: ${{ secrets.OPENSHIFT_NAMESPACE }} | |
| - name: Docker login | |
| if: ${{ matrix.auth-type == 'docker' }} | |
| run: | | |
| echo "${{ secrets.REGISTRY_PASSWORD }}" | docker login quay.io -u "${{ env.REGISTRY_USERNAME }}" --password-stdin | |
| - name: Podman login | |
| if: ${{ matrix.auth-type == 'podman' }} | |
| uses: redhat-actions/podman-login@v1 | |
| with: | |
| registry: quay.io | |
| username: ${{ env.REGISTRY_USERNAME }} | |
| password: ${{ secrets.REGISTRY_PASSWORD }} | |
| # This step will create a deployment, service, and route to run your app and expose it to the internet. | |
| - name: Create and expose app | |
| id: oc-new-app | |
| # uses: redhat-actions/oc-new-app@v1 | |
| # Test the checked-out version of this action - a user would need the above 'uses'. | |
| uses: ./ | |
| with: | |
| app_name: ${{ env.APP_NAME }}-${{ matrix.auth-type }} | |
| image: ${{ env.IMAGE_PATH }} | |
| namespace: ${{ secrets.OPENSHIFT_NAMESPACE }} | |
| port: ${{ env.APP_PORT }} | |
| create_pull_secret_from: ${{ matrix.auth-type }} | |
| - name: Echo outputs | |
| run: | | |
| echo "${{ toJSON(steps.oc-new-app.outputs) }}" | |
| # Perform a (very) basic integration test. | |
| # This step is retried since the time to pull the image and start the pod can vary. | |
| - name: Test project is running | |
| id: test-project | |
| uses: nick-invision/[email protected] | |
| with: | |
| timeout_seconds: 3 | |
| retry_wait_seconds: 10 | |
| max_attempts: 30 | |
| warning_on_retry: false | |
| # Just check that the root endpoint returns a success status (-f flag). | |
| command: curl -sSfLi ${{ steps.oc-new-app.outputs.route }} | |
| - name: Tear down | |
| if: always() | |
| run: | |
| oc delete all,secret --selector=${{ steps.oc-new-app.outputs.selector }} -n ${{ secrets.OPENSHIFT_NAMESPACE }} | |
| using-registry-creds: | |
| name: Create secret using registry creds | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: OpenShift login | |
| uses: redhat-actions/oc-login@v1 | |
| with: | |
| openshift_server_url: ${{ secrets.OPENSHIFT_SERVER }} | |
| openshift_token: ${{ secrets.OPENSHIFT_TOKEN }} | |
| insecure_skip_tls_verify: true | |
| namespace: ${{ secrets.OPENSHIFT_NAMESPACE }} | |
| # This step will create a deployment, service, and route to run your app and expose it to the internet. | |
| - name: Create and expose app | |
| id: oc-new-app | |
| # uses: redhat-actions/oc-new-app@v1 | |
| # Test the checked-out version of this action - a user would need the above 'uses'. | |
| uses: ./ | |
| with: | |
| app_name: ${{ env.APP_NAME }}-creds | |
| image: ${{ env.IMAGE_PATH }} | |
| namespace: ${{ secrets.OPENSHIFT_NAMESPACE }} | |
| port: ${{ env.APP_PORT }} | |
| registry_hostname: quay.io | |
| registry_username: ${{ env.REGISTRY_USERNAME }} | |
| registry_password: ${{ secrets.REGISTRY_PASSWORD }} | |
| - name: Echo outputs | |
| run: | | |
| echo "${{ toJSON(steps.oc-new-app.outputs) }}" | |
| # Perform a (very) basic integration test. | |
| # This step is retried since the time to pull the image and start the pod can vary. | |
| - name: Test project is running | |
| id: test-project | |
| uses: nick-invision/[email protected] | |
| with: | |
| timeout_seconds: 3 | |
| retry_wait_seconds: 10 | |
| max_attempts: 30 | |
| warning_on_retry: false | |
| # Just check that the root endpoint returns a success status (-f flag). | |
| command: curl -sSfLi ${{ steps.oc-new-app.outputs.route }} | |
| - name: Tear down | |
| if: always() | |
| run: | |
| oc delete all,secret --selector=${{ steps.oc-new-app.outputs.selector }} -n ${{ secrets.OPENSHIFT_NAMESPACE }} | |
| using-existing-pull-secret: | |
| name: Use existing pull secret | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: OpenShift login | |
| uses: redhat-actions/oc-login@v1 | |
| with: | |
| openshift_server_url: ${{ secrets.OPENSHIFT_SERVER }} | |
| openshift_token: ${{ secrets.OPENSHIFT_TOKEN }} | |
| insecure_skip_tls_verify: true | |
| namespace: ${{ secrets.OPENSHIFT_NAMESPACE }} | |
| # This step will create a deployment, service, and route to run your app and expose it to the internet. | |
| - name: Create and expose app | |
| id: oc-new-app | |
| # uses: redhat-actions/oc-new-app@v1 | |
| # Test the checked-out version of this action - a user would need the above 'uses'. | |
| uses: ./ | |
| with: | |
| app_name: ${{ env.APP_NAME }}-secret | |
| image: ${{ env.IMAGE_PATH }} | |
| namespace: ${{ secrets.OPENSHIFT_NAMESPACE }} | |
| port: ${{ env.APP_PORT }} | |
| image_pull_secret_name: ${{ env.PULL_SECRET_NAME }} | |
| - name: Echo outputs | |
| run: | | |
| echo "${{ toJSON(steps.oc-new-app.outputs) }}" | |
| # Perform a (very) basic integration test. | |
| # This step is retried since the time to pull the image and start the pod can vary. | |
| - name: Test project is running | |
| id: test-project | |
| uses: nick-invision/[email protected] | |
| with: | |
| timeout_seconds: 3 | |
| retry_wait_seconds: 10 | |
| max_attempts: 30 | |
| warning_on_retry: false | |
| # Just check that the root endpoint returns a success status (-f flag). | |
| command: curl -sSfLi ${{ steps.oc-new-app.outputs.route }} | |
| - name: Tear down | |
| if: always() | |
| run: | |
| oc delete all,secret --selector=${{ steps.oc-new-app.outputs.selector }} -n ${{ secrets.OPENSHIFT_NAMESPACE }} |