-
Notifications
You must be signed in to change notification settings - Fork 2
202 lines (166 loc) · 5.31 KB
/
deploy-dev.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
name: Deploy Dev Environment
on:
workflow_dispatch:
push:
branches:
- aldudinn
paths-ignore:
- database/**
- package.json
- package-lock.json
- CHANGELOG.md
- .conventional-changelog.mjs
- .release-it.json
jobs:
build-backend:
runs-on: ubuntu-22.04
timeout-minutes: 10
steps:
- name: Checkout Repository
uses: actions/checkout@v4
- name: Setup .NET
uses: actions/setup-dotnet@v3
with:
dotnet-version: '7.0.400'
- uses: actions/cache@v3
with:
path: ~/.nuget/packages
key: ${{ runner.os }}-nuget-${{ hashFiles('**/packages.lock.json') }}
restore-keys: |
${{ runner.os }}-nuget
- name: Setup Tools
uses: ./.github/actions/setup-tools
- name: Build backend
run: |
pwd
dotnet build ./server/server.sln
- name: Test backend
run: dotnet test ./server/server.sln --no-build
# # SonarQube integration for backend
# - name: SonarQube Scan Backend
# uses: sonarsource/sonarcloud-github-action@v2
# env:
# SONAR_HOST_URL: https://sonarcloud.io
# SONAR_TOKEN: ${{ secrets.SONAR_TOKEN_TEST }}
build-frontend:
runs-on: ubuntu-22.04
timeout-minutes: 10
permissions:
contents: read
packages: write
steps:
- name: Checkout Repository
uses: actions/checkout@v4
- name: Setup Node.js
uses: actions/setup-node@v3
with:
node-version: '18'
- name: Install Angular CLI
run: |
cd ./frontend
npm install -g @angular/cli
- name: Install project dependencies
run: |
cd ./frontend
npm install
- name: Build frontend
run: |
cd ./frontend
ng build --configuration=production
- name: Run frontend tests
run: |
cd ./frontend
ng test --watch=false --progress=false --browsers=ChromeHeadless --code-coverage --source-map=false
continue-on-error: true
docker-build-backend:
needs: [build-backend]
runs-on: ubuntu-22.04
timeout-minutes: 10
permissions:
contents: read
packages: write
steps:
- uses: actions/checkout@v4
- name: Setup Tools
uses: ./.github/actions/setup-tools
- name: Build Docker image
run: cd server && docker build -t strdss-backend -f Dockerfile .
- name: Tag Docker image
run: docker tag strdss-backend artifacts.developer.gov.bc.ca/sf4a-strdss/strdss-backend:latest
- name: Push Docker image to Artifactory
run: |
docker login artifacts.developer.gov.bc.ca -u ${{ secrets.JFROG_USERNAME }} -p ${{ secrets.JFROG_PASSWORD }}
docker push artifacts.developer.gov.bc.ca/sf4a-strdss/strdss-backend:latest
# SonarQube integration frontend
- name: SonarQube Scan
uses: sonarsource/[email protected]
env:
SONAR_HOST_URL: https://sonarcloud.io
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN_TEST }}
docker-build-frontend:
needs: [build-frontend]
runs-on: ubuntu-22.04
timeout-minutes: 10
permissions:
contents: read
packages: write
steps:
- uses: actions/checkout@v4
- name: Setup Tools
uses: ./.github/actions/setup-tools
- name: Render style_nonce
id: render_style_nonce
run: echo "::set-output name=style_nonce::$(echo -n ${{ github.sha }} | base64)"
- name: Build Docker image
run: cd frontend && docker build -t strdss-frontend -f Dockerfile .
- name: Tag Docker image
run: docker tag strdss-frontend artifacts.developer.gov.bc.ca/sf4a-strdss/strdss-frontend:latest
- name: Push Docker image to Artifactory
run: |
docker login artifacts.developer.gov.bc.ca -u ${{ secrets.JFROG_USERNAME }} -p ${{ secrets.JFROG_PASSWORD }}
docker push artifacts.developer.gov.bc.ca/sf4a-strdss/strdss-frontend:latest
deploy:
needs: [docker-build-frontend, docker-build-backend]
runs-on: ubuntu-22.04
timeout-minutes: 5
permissions:
contents: read
environment:
name: dev
url: https://dev-strdata.apps.silver.devops.gov.bc.ca/
steps:
- uses: actions/checkout@v4
- name: Authenticate and set context
uses: redhat-actions/[email protected]
with:
openshift_server_url: ${{ secrets.OPENSHIFT_SERVER }}
openshift_token: ${{ secrets.OPENSHIFT_TOKEN }}
namespace: f4a30d-dev
insecure_skip_tls_verify: true
- name: Deploy apps with Helm chart
run: |
make upgrade \
NAMESPACE=f4a30d-dev \
NAME=strdss-dev \
ENV_NAME=dev \
IMAGE_TAG_FRONTEND=latest \
IMAGE_TAG_BACKEND=latest \
working-directory: ./helm/main
scan:
needs: [docker-build-frontend, docker-build-backend]
runs-on: ubuntu-22.04
steps:
- name: Run ZAP Scan
uses: zaproxy/[email protected]
with:
target: 'https://dev-strdata.apps.advsol-ams.3j6z.p1.openshiftapps.com/'
env:
TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Fail build on any alerts
run: |
if grep -q "FAIL-NEW: 0" zap.out; then
echo "No new alerts found"
else
echo "New alerts found, failing build"
exit 1
fi