-
Notifications
You must be signed in to change notification settings - Fork 2
197 lines (162 loc) · 5.06 KB
/
deploy-dev.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
name: Deploy Dev Environment
on:
workflow_dispatch:
push:
branches:
- main
paths-ignore:
- database/**
- package.json
- package-lock.json
- CHANGELOG.md
- .conventional-changelog.mjs
- .release-it.json
- postman/**
- localdb/**
- postgres/**
- crunchydb/**
jobs:
build-backend:
runs-on: ubuntu-22.04
timeout-minutes: 10
steps:
- name: Checkout Repository
uses: actions/checkout@v4
- name: Setup .NET
uses: actions/setup-dotnet@v3
with:
dotnet-version: '7.0.400'
- uses: actions/cache@v3
with:
path: ~/.nuget/packages
key: ${{ runner.os }}-nuget-${{ hashFiles('**/packages.lock.json') }}
restore-keys: |
${{ runner.os }}-nuget
- name: Setup Tools
uses: ./.github/actions/setup-tools
- name: Build backend
run: |
pwd
dotnet build ./server/server.sln
- name: Test backend
run: dotnet test ./server/server.sln --no-build
build-frontend:
runs-on: ubuntu-22.04
timeout-minutes: 10
permissions:
contents: read
packages: write
steps:
- name: Checkout Repository
uses: actions/checkout@v4
- name: Setup Node.js
uses: actions/setup-node@v3
with:
node-version: '18'
- name: Install Angular CLI
run: |
cd ./frontend
npm install -g @angular/cli
- name: Install project dependencies
run: |
cd ./frontend
npm install
- name: Build frontend
run: |
cd ./frontend
ng build --configuration=production
- name: Run frontend tests
run: |
cd ./frontend
ng test --watch=false --progress=false --browsers=ChromeHeadless --code-coverage --source-map=false
continue-on-error: true
docker-build-backend:
needs: [build-backend]
runs-on: ubuntu-22.04
timeout-minutes: 10
permissions:
contents: read
packages: write
steps:
- uses: actions/checkout@v4
- name: Setup Tools
uses: ./.github/actions/setup-tools
- name: Build Docker image
run: cd server && docker build -t strdss-backend -f Dockerfile .
- name: Tag Docker image
run: docker tag strdss-backend artifacts.developer.gov.bc.ca/sf4a-strdss/strdss-backend:latest
- name: Push Docker image to Artifactory
run: |
docker login artifacts.developer.gov.bc.ca -u ${{ secrets.JFROG_USERNAME }} -p ${{ secrets.JFROG_PASSWORD }}
docker push artifacts.developer.gov.bc.ca/sf4a-strdss/strdss-backend:latest
docker-build-frontend:
needs: [build-frontend]
runs-on: ubuntu-22.04
timeout-minutes: 10
permissions:
contents: read
packages: write
steps:
- uses: actions/checkout@v4
- name: Setup Tools
uses: ./.github/actions/setup-tools
- name: Render style_nonce
id: render_style_nonce
run: echo "::set-output name=style_nonce::$(echo -n ${{ github.sha }} | base64)"
- name: Build Docker image
run: cd frontend && docker build -t strdss-frontend -f Dockerfile .
- name: Tag Docker image
run: docker tag strdss-frontend artifacts.developer.gov.bc.ca/sf4a-strdss/strdss-frontend:latest
- name: Push Docker image to Artifactory
run: |
docker login artifacts.developer.gov.bc.ca -u ${{ secrets.JFROG_USERNAME }} -p ${{ secrets.JFROG_PASSWORD }}
docker push artifacts.developer.gov.bc.ca/sf4a-strdss/strdss-frontend:latest
deploy:
needs: [docker-build-frontend, docker-build-backend]
runs-on: ubuntu-22.04
timeout-minutes: 5
permissions:
contents: read
environment:
name: dev
url: https://dev-strdata.apps.silver.devops.gov.bc.ca/
steps:
- uses: actions/checkout@v4
- name: Authenticate and set context
uses: redhat-actions/[email protected]
with:
openshift_server_url: ${{ secrets.OPENSHIFT_SERVER }}
openshift_token: ${{ secrets.OPENSHIFT_TOKEN }}
namespace: f4a30d-dev
insecure_skip_tls_verify: true
- name: Deploy apps with Helm chart
run: |
make upgrade \
NAMESPACE=f4a30d-dev \
NAME=strdss-dev \
ENV_NAME=dev \
IMAGE_TAG_FRONTEND=latest \
IMAGE_TAG_BACKEND=latest \
working-directory: ./helm/main
- name: Wait for deployment to be ready
run: |
oc rollout status deployment/strdss-dev-frontend -n f4a30d-dev
timeout-minutes: 5
zap-scan:
needs: [deploy]
runs-on: ubuntu-22.04
timeout-minutes: 10
permissions:
contents: read
issues: write
steps:
- uses: hmarr/debug-action@a701ed95a46e6f2fb0df25e1a558c16356fae35a
- uses: actions/checkout@96f53100ba2a5449eb71d2e6604bbcd94b9449b5
with:
ref: main
- name: ZAP Scan
uses: zaproxy/[email protected]
with:
token: ${{ secrets.GITHUB_TOKEN }}
target: https://dev-strdata.apps.silver.devops.gov.bc.ca/
rules_file_name: '.zap/rules.tsv'