Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

PSP-9561 Update release GHA to support deployments #4503

Merged
merged 2 commits into from
Nov 28, 2024
Merged

PSP-9561 Update release GHA to support deployments #4503

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
c6b2a89
PSP-9561 Update release GHA to support deployments
asanchezr Nov 27, 2024
5c73a71
CR feedback
asanchezr Nov 28, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
26 changes: 22 additions & 4 deletions .github/workflows/ci-cd-pims-dev.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,8 @@ env:
TAG_DEV: "dev"
TAG_TEST: "test"
TAG_PROD: "prod"
DEPLOYMENT_NAMESPACE: "3cd915-dev"

on:
pull_request_target:
branches: [dev]
Expand Down Expand Up @@ -83,7 +85,7 @@ jobs:
./openshift/4.0/player.sh build proxy -apply
deploy:
name: Deploy frontend and api to OpenShift
name: Deploy to OpenShift
needs: [build-frontend, build-api]
runs-on: ubuntu-latest
steps:
Expand All @@ -96,11 +98,27 @@ jobs:
openshift_token: ${{ env.OPENSHIFT_TOKEN }}
insecure_skip_tls_verify: true
namespace: ${{ env.OPENSHIFT_TOOLS_NAMESPACE }}
- name: call scripts to deploy api and frontend
- name: Deploy PIMS frontend
shell: bash
run: |
oc tag pims-app:latest-$DESTINATION pims-app:$DESTINATION
oc -n $DEPLOYMENT_NAMESPACE rollout restart deployment/pims-app-$DESTINATION
oc -n $DEPLOYMENT_NAMESPACE rollout status --timeout=600s deployment/pims-app-$DESTINATION
- name: Deploy PIMS api
shell: bash
run: |
oc tag pims-api:latest-$DESTINATION pims-api:$DESTINATION
oc -n $DEPLOYMENT_NAMESPACE rollout restart deployment/pims-api-$DESTINATION
oc -n $DEPLOYMENT_NAMESPACE rollout status --timeout=600s deployment/pims-api-$DESTINATION
- name: Deploy geoserver proxy microservice
shell: bash
run: |
./openshift/4.0/player.sh deploy api $DESTINATION -apply
./openshift/4.0/player.sh deploy app $DESTINATION -apply
oc tag pims-proxy:latest-$DESTINATION pims-proxy:$DESTINATION
oc -n $DEPLOYMENT_NAMESPACE rollout restart deployment/pims-proxy-$DESTINATION
oc -n $DEPLOYMENT_NAMESPACE rollout status --timeout=600s deployment/pims-proxy-$DESTINATION
- name: Deploy mayan
shell: bash
run: |
oc tag mayan-bcgov:latest-$DESTINATION mayan-bcgov:$DESTINATION
# the command:
Expand Down
157 changes: 157 additions & 0 deletions .github/workflows/deploy-prod-start-argo.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,157 @@
name: PIMS PROD Deployment (ArgoCD)
env:
OPENSHIFT_SERVER: ${{ secrets.OPENSHIFT_SERVER }}
# service account: gitaction
OPENSHIFT_TOKEN: ${{ secrets.OPENSHIFT_TOKEN }}
OPENSHIFT_TOOLS_NAMESPACE: "3cd915-tools"
MS_TEAMS_WEBHOOK_BUILD_CHANNEL: ${{ secrets.MS_TEAMS_WEBHOOK_URI_BUILD_CHANNEL }}
AUTH__KEYCLOAK__SECRET: ${{ secrets.KEYCLOAK_SECRET_PROD }}
AUTH__KEYCLOAK__SERVICEACCOUNT__SECRET: ${{ secrets.KEYCLOAK_SERVICEACCOUNT_SECRET }}
ASPNETCORE_ENVIRONMENT: "prod"

APP_PORT: 8080
DESTINATION: "prod"
OC_JOB_NAME: "master"
GIT_URL: "${{github.server_url}}/${{github.repository}}"
GIT_BRANCH: "master"
APP_NAME: "pims"
PROJ_PREFIX: "3cd915"
PROJ_TOOLS: "3cd915-tools"
PROJ_DEV: "dev"
PROJ_TEST: "test"
PROJ_PROD: "prod"
TAG_DEV: "dev"
TAG_TEST: "test"
TAG_PROD: "prod"
DEPLOYMENT_NAMESPACE: "3cd915-prod"

on:
workflow_dispatch:
inputs:
OVERRIDE_VERSION:
description: "Enter the version tag for this release in format v<major>.<minor>.<patch>-<IS>.<build> or enter nothing to use the most recently tagged version"
required: false

jobs:
ci-cd-start-notification:
name: CI-CD Start Notification to Teams Channel
runs-on: ubuntu-latest
steps:
- name: Start notification to Teams Channel
uses: dragos-cojocari/[email protected]
with:
github-token: ${{ github.token }}
ms-teams-webhook-uri: ${{ env.MS_TEAMS_WEBHOOK_BUILD_CHANNEL }}
notification-summary: PIMS Deployment to PRODUCTION started.
notification-color: 17a2b8
timezone: America/Los_Angeles

deploy:
name: Deploy frontend and api to OpenShift
runs-on: ubuntu-latest
needs: ci-cd-start-notification
steps:
- name: Checkout Source Code
uses: actions/checkout@v4
with:
ref: master
fetch-depth: 0
- name: "Get Previous tag"
id: previoustag
uses: "WyriHaximus/github-action-get-previous-tag@v1"
- name: Login to OpenShift
uses: redhat-actions/oc-login@v1
with:
openshift_server_url: ${{ env.OPENSHIFT_SERVER }}
openshift_token: ${{ env.OPENSHIFT_TOKEN }}
insecure_skip_tls_verify: true
namespace: ${{ env.OPENSHIFT_TOOLS_NAMESPACE }}
- name: Display the maintenance page instead of the app
run: |
./tools/cicd/maintenance/maintenance.sh prod on
- name: call scripts to deploy api and frontend
run: |
[[ -z ${{github.event.inputs.OVERRIDE_VERSION}} ]] && RELEASE_VERSION=${{steps.previoustag.outputs.tag}}-master || RELEASE_VERSION=${{github.event.inputs.OVERRIDE_VERSION}}-master
oc tag pims-app:$RELEASE_VERSION pims-app:$DESTINATION
oc -n $DEPLOYMENT_NAMESPACE rollout restart deployment/pims-app-$DESTINATION
oc -n $DEPLOYMENT_NAMESPACE rollout status --timeout=600s deployment/pims-app-$DESTINATION
oc tag pims-api:$RELEASE_VERSION pims-api:$DESTINATION
oc -n $DEPLOYMENT_NAMESPACE rollout restart deployment/pims-api-$DESTINATION
oc -n $DEPLOYMENT_NAMESPACE rollout status --timeout=600s deployment/pims-api-$DESTINATION
oc tag pims-proxy:$RELEASE_VERSION pims-proxy:$DESTINATION
oc -n $DEPLOYMENT_NAMESPACE rollout restart deployment/pims-proxy-$DESTINATION
oc -n $DEPLOYMENT_NAMESPACE rollout status --timeout=600s deployment/pims-proxy-$DESTINATION
oc tag mayan-bcgov:$RELEASE_VERSION mayan-bcgov:master
# the command:
# 1) creates an openshift job with generated name to avoid name conflict, substituting the variables in the template.
# 2) greps the generated name from the previous step.
# 3) waits for the job to complete using the generated name.
database-upgrade:
name: Upgrade database
needs: [deploy]
runs-on: ubuntu-latest
steps:
- name: Checkout Source Code
uses: actions/checkout@v4
- name: Login to OpenShift
uses: redhat-actions/oc-login@v1
with:
openshift_server_url: ${{ env.OPENSHIFT_SERVER }}
openshift_token: ${{ env.OPENSHIFT_TOKEN }}
insecure_skip_tls_verify: true
namespace: 3cd915-prod
- name: call scripts to upgrade database
shell: bash
run: |
JOB_NAME=$(oc process -f ./openshift/4.0/templates/jobs/db-deploy.yaml -p DB_SECRET_NAME=pims-database -p GIT_BRANCH=master -p SERVER_NAME=sqlprd.th.gov.bc.ca -p DB_NAME=PIMS_PRD -p NAMESPACE=3cd915-prod | oc create -f - | grep -oP "(?<=job\.batch/)[^\s]*")
oc wait --for=condition=complete job/$JOB_NAME --timeout=120s
oc get pods -o custom-columns=POD:.metadata.name --no-headers | grep -Eo $JOB_NAME-[^\s].* | (read POD_NAME; oc logs $POD_NAME)
## Call the mayan sync task three times, once for each mayan sync endpoint. The task will wait for the job to complete before exiting.
## Note: this depends on the mayan-sync configmap for the target namespace being up to date.
mayan-sync:
name: sync mayan
needs: database-upgrade
runs-on: ubuntu-latest
steps:
- name: Checkout Source Code
uses: actions/checkout@v4
- name: Login to OpenShift
uses: redhat-actions/oc-login@v1
with:
openshift_server_url: ${{ env.OPENSHIFT_SERVER }}
openshift_token: ${{ env.OPENSHIFT_TOKEN }}
insecure_skip_tls_verify: true
namespace: 3cd915-prod
- name: call scripts to sync mayan
shell: bash
run: |
oc process -f ./openshift/4.0/templates/jobs/mayan-sync.yaml -p NAMESPACE=3cd915-prod -p TOKEN_URL=https://loginproxy.gov.bc.ca:443/auth/realms/standard/protocol/openid-connect/token -p CLIENT_ID=property-services-project-api-4380 -p MAYAN_SYNC_URL=https://pims-app-3cd915-prod.apps.silver.devops.gov.bc.ca/api/documents/sync/mayan/metadatatype -p KEYCLOAK_SECRET_NAME=pims-api-sso | oc create -f - | grep -oP "(?<=\/)[^\s]*" | (read TASK_NAME; oc wait --for=condition=succeeded taskruns/$TASK_NAME --timeout=80s)
oc process -f ./openshift/4.0/templates/jobs/mayan-sync.yaml -p NAMESPACE=3cd915-prod -p TOKEN_URL=https://loginproxy.gov.bc.ca:443/auth/realms/standard/protocol/openid-connect/token -p CLIENT_ID=property-services-project-api-4380 -p MAYAN_SYNC_URL=https://pims-app-3cd915-prod.apps.silver.devops.gov.bc.ca/documents/sync/documenttype -p KEYCLOAK_SECRET_NAME=pims-api-sso | oc create -f - | grep -oP "(?<=\/)[^\s]*" | (read TASK_NAME; oc wait --for=condition=succeeded taskruns/$TASK_NAME --timeout=80s)
oc process -f ./openshift/4.0/templates/jobs/mayan-sync.yaml -p NAMESPACE=3cd915-prod -p TOKEN_URL=https://loginproxy.gov.bc.ca:443/auth/realms/standard/protocol/openid-connect/token -p CLIENT_ID=property-services-project-api-4380 -p MAYAN_SYNC_URL=https://pims-app-3cd915-prod.apps.silver.devops.gov.bc.ca/api/documents/sync/mayan -p KEYCLOAK_SECRET_NAME=pims-api-sso | oc create -f - | grep -oP "(?<=\/)[^\s]*" | (read TASK_NAME; oc wait --for=condition=succeeded taskruns/$TASK_NAME --timeout=80s)
## Call the tekton pipeline that executes the keycloak sync. Dependent on the pims-api being accessible. Can run in parallel with the mayan sync.
keycloak-sync:
name: sync keycloak
needs: database-upgrade
runs-on: ubuntu-latest
steps:
- name: Checkout Source Code
uses: actions/checkout@v4
- name: Login to OpenShift
uses: redhat-actions/oc-login@v1
with:
openshift_server_url: ${{ env.OPENSHIFT_SERVER }}
openshift_token: ${{ env.OPENSHIFT_TOKEN }}
insecure_skip_tls_verify: true
namespace: 3cd915-prod
- name: call scripts to sync keycloak
shell: bash
run: |
oc process -f ./openshift/4.0/templates/jobs/keycloak-sync-pipeline-run.yaml -p ASPNETCORE_ENVIRONMENT=$ASPNETCORE_ENVIRONMENT -p NAMESPACE=3cd915-prod -p BRANCH=$DESTINATION -p API_URL=http://pims-api:8080/api | oc create -f - | grep -oP "(?<=\/)[^\s]*" | (read PIPELINE_NAME; oc wait --for=condition=succeeded pipelineruns/$PIPELINE_NAME --timeout=500s)
30 changes: 23 additions & 7 deletions .github/workflows/retag-dev-to-test.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,6 @@ env:
## variables for scripts under git\openshift\4.0\scripts\oc-*.sh
APP_PORT: 8080
DESTINATION: "test"
OC_JOB_NAME: "test"
GIT_URL: "${{github.server_url}}/${{github.repository}}"
GIT_BRANCH: "${{github.ref}}"
APP_NAME: "pims"
Expand All @@ -28,6 +27,7 @@ env:
INSTANCE: "-test"
NAMESPACE_OVERRIDE: "3cd915-dev"
RELEASE_TAG: "dev"
DEPLOYMENT_NAMESPACE: "3cd915-dev"

on: workflow_dispatch

Expand All @@ -46,7 +46,7 @@ jobs:
timezone: America/Los_Angeles

deploy:
name: Retag/Deploy frontend and api to OpenShift
name: Retag/Deploy to OpenShift
needs: ci-cd-start-notification
runs-on: ubuntu-latest
steps:
Expand All @@ -59,12 +59,28 @@ jobs:
openshift_token: ${{ env.OPENSHIFT_TOKEN }}
insecure_skip_tls_verify: true
namespace: ${{ env.OPENSHIFT_TOOLS_NAMESPACE }}
- name: call scripts to deploy api and frontend
- name: Deploy PIMS frontend
shell: bash
run: |
oc tag pims-app:$RELEASE_TAG pims-app:$DESTINATION
oc -n $DEPLOYMENT_NAMESPACE rollout restart deployment/pims-app-$DESTINATION
oc -n $DEPLOYMENT_NAMESPACE rollout status --timeout=600s deployment/pims-app-$DESTINATION
- name: Deploy PIMS api
shell: bash
run: |
oc tag pims-api:$RELEASE_TAG pims-api:$DESTINATION
oc -n $DEPLOYMENT_NAMESPACE rollout restart deployment/pims-api-$DESTINATION
oc -n $DEPLOYMENT_NAMESPACE rollout status --timeout=600s deployment/pims-api-$DESTINATION
- name: Deploy geoserver proxy microservice
shell: bash
run: |
oc tag pims-proxy:$RELEASE_TAG pims-proxy:$DESTINATION
oc -n $DEPLOYMENT_NAMESPACE rollout restart deployment/pims-proxy-$DESTINATION
oc -n $DEPLOYMENT_NAMESPACE rollout status --timeout=600s deployment/pims-proxy-$DESTINATION
- name: Deploy mayan
shell: bash
run: |
./openshift/4.0/player.sh deploy api $DESTINATION -apply
./openshift/4.0/player.sh deploy app $DESTINATION -apply
oc tag pims-proxy:dev pims-proxy:$DESTINATION
oc tag mayan-bcgov:dev mayan-bcgov:$DESTINATION
oc tag mayan-bcgov:$RELEASE_TAG mayan-bcgov:$DESTINATION
# the command:
# 1) creates an openshift job with generated name to avoid name conflict, substituting the variables in the template.
Expand Down
Loading
Loading