chore(ci): drop Helm

.codebuddy/.gitignore

@@ -0,0 +1 @@
+db/

.github/workflows/.deployer.yml

@@ -1,4 +1,4 @@
-name: .Helm Deployer
+name: .Deployer
 
 on:
   workflow_call:
@@ -7,16 +7,6 @@ on:
       # Only secrets!
 
       ### Typical / recommended
-      atomic:
-        description: Atomic deployment?  That means fail all or nothing
-        default: true
-        required: false
-        type: string
-      directory:
-        description: Chart directory
-        default:  'charts/app'
-        required: false
-        type: string
       environment:
         description: Environment name; omit for PRs
         required: false
@@ -26,13 +16,9 @@ on:
         description: OpenShift server
         required: false
         type: string
-      params:
-        description: Extra parameters to pass to helm upgrade
-        required: false
-        type: string
       tag:
         description: Specify a tag to deploy; defaults to PR number
-        required: false
+        default: ${{ github.event.number }}
         type: string
       triggers:
         description: Paths used to trigger a deployment; e.g. ('./backend/' './frontend/)
@@ -49,19 +35,14 @@ on:
         default: 10
         required: false
         type: number
-      values:
-        description: 'Values file'
-        default: 'values.yaml'
-        required: false
-        type: string
 
     outputs:
       tag:
         description: 'Which tag was used for deployment?'
-        value: ${{ jobs.deploy.outputs.tag }}
+        value: ${{ jobs.init.outputs.tag }}
       triggered:
         description: 'Has a deployment has been triggered?'
-        value: ${{ jobs.deploy.outputs.triggered }}
+        value: ${{ jobs.init.outputs.triggered }}
 
     secrets:
       oc_namespace:
@@ -70,107 +51,84 @@ on:
       oc_token:
         description: OpenShift token
         required: true
+      postgres_password:
+        description: The database password
+        required: true
 
 permissions: {}
 
 jobs:
-  deployer-db:
+  database:
     name: Database
     uses: ./.github/workflows/.deployer-db.yml
     secrets:
-      oc_namespace: ${{ secrets.OC_NAMESPACE }}
-      oc_token: ${{ secrets.OC_TOKEN }}
+      oc_namespace: ${{ secrets.oc_namespace }}
+      oc_token: ${{ secrets.oc_token }}
     with:
       environment: ${{ inputs.environment }}
       triggers: ${{ inputs.triggers }}
 
-  deploy:
-    name: Stack
-    needs: deployer-db
+  init:
+    name: Init
     environment: ${{ inputs.environment }}
-    runs-on: ubuntu-24.04
     outputs:
-      tag: ${{ inputs.tag || steps.pr.outputs.pr }}
-      triggered: ${{ steps.deploy.outputs.triggered }}
+      tag: ${{ steps.init.outputs.tag }}
+      triggered: ${{ steps.init.outputs.triggered }}
+    runs-on: ubuntu-24.04
+    timeout-minutes: 1
     steps:
-      - uses: actions/checkout@v4
-
-      # Variables
-      - if: inputs.tag  == ''
-        id: pr
-        uses: bcgov/action-get-pr@21f9351425cd55a98e869ee28919a512aa30647d # v0.0.1
-
-      - id: vars
-        run: |
-          # Vars: tag and release
-
-          # Tag defaults to PR number, but can be overridden by inputs.tag
-          tag=${{ inputs.tag || steps.pr.outputs.pr }}
-
-          # Release name includes run numbers to ensure uniqueness
-          release=${{ github.event.repository.name }}-${{ inputs.environment || steps.pr.outputs.pr || inputs.tag }}
-
-          # version, to support helm packaging for non-pr based releases (workflow_dispatch). default to 1.0.0+github run number
-          version=1.0.0+${{ github.run_number }}
-
-            # Summary
-          echo "tag=${tag}"
-          echo "release=${release}"
-          echo "version=${version}"
-
-          # Output
-          echo "tag=${tag}" >> $GITHUB_OUTPUT
-          echo "release=${release}" >> $GITHUB_OUTPUT
-          echo "version=${version}" >> $GITHUB_OUTPUT
-
-      - name: Stop pre-existing deployments on PRs (status = pending-upgrade)
-        if: github.event_name == 'pull_request'
-        uses: bcgov/action-oc-runner@13d14b8f41df24226036385510472f683350850b # v1.0.0
+      - uses: bcgov/action-deployer-openshift@541a7b1ed72cdd919a56262665d98410e6d97cb6 # v3.1.0
+        id: init
         with:
+          file: common/openshift.init.yml
           oc_namespace: ${{ secrets.oc_namespace }}
-          oc_token: ${{ secrets.oc_token }}
           oc_server: ${{ vars.oc_server }}
+          oc_token: ${{ secrets.oc_token }}
+          overwrite: false
+          parameters:
+            -p NAME=${{ github.event.repository.name }}
+            -p NAMESPACE=${{ secrets.oc_namespace }}
+            -p POSTGRES_DATABASE=app-${{ inputs.tag }}
+            -p POSTGRES_HOST=postgres-crunchy-primary.${{ secrets.oc_namespace }}.svc
+            -p POSTGRES_PASSWORD=${{ secrets.postgres_password }}
+            -p POSTGRES_USER=${{ inputs.db_user }}
+            -p ZONE=${{ inputs.tag }}
           triggers: ${{ inputs.triggers }}
-          commands: |
-            # Interrupt any previous deployments (PR only)
-            PREVIOUS=$(helm status ${{ steps.vars.outputs.release }} -o json | jq .info.status || true)
-            if [[ ${PREVIOUS} =~ pending ]]; then
-              echo "Rollback triggered"
-              helm rollback ${{ steps.vars.outputs.release }} || \
-                helm uninstall ${{ steps.vars.outputs.release }}
-            fi
 
-      - name: Helm Deploy
-        id: deploy
-        uses: bcgov/action-oc-runner@13d14b8f41df24226036385510472f683350850b # v1.0.0
+  deploy:
+    name: Deploy
+    environment: ${{ inputs.environment }}
+    needs: [database, init]
+    runs-on: ubuntu-24.04
+    timeout-minutes: ${{ inputs.timeout-minutes }}
+    strategy:
+      matrix:
+        name: [backend, frontend]
+        include:
+          - name: frontend
+            file: frontend/openshift.deploy.yml
+            overwrite: true
+            parameters:
+              -p MIN_REPLICAS=1
+              -p MAX_REPLICAS=1
+          - name: backend
+            file: backend/openshift.deploy.yml
+            overwrite: true
+            parameters:
+              -p MIN_REPLICAS=1
+              -p MAX_REPLICAS=1
+    steps:
+      - uses: bcgov/action-deployer-openshift@541a7b1ed72cdd919a56262665d98410e6d97cb6 # v3.1.0
+        id: deploys
         with:
+          file: ${{ matrix.file }}
           oc_namespace: ${{ secrets.oc_namespace }}
-          oc_token: ${{ secrets.oc_token }}
           oc_server: ${{ vars.oc_server }}
+          oc_token: ${{ secrets.oc_token }}
+          overwrite: ${{ matrix.overwrite }}
+          parameters:
+            -p NAME=${{ github.event.repository.name }}
+            -p ZONE=${{ inputs.tag }} -p TAG=${{ inputs.tag }}
+            ${{ matrix.parameters }}
+          timeout: 15m
           triggers: ${{ inputs.triggers }}
-          commands: |
-            # Deploy
-
-            # If directory provided, cd to it
-            [ -z "${{ inputs.directory }}" ]|| cd ${{ inputs.directory }}
-
-            # Helm package
-            sed -i 's/^name:.*/name: ${{ github.event.repository.name }}/' Chart.yaml
-            helm package -u . --app-version="tag-${{ steps.vars.outputs.tag }}_run-${{ github.run_number }}" --version=${{ steps.pr.outputs.pr || steps.vars.outputs.version }}
-
-            # Helm upgrade/rollout
-            helm upgrade \
-              --set-string global.repository=${{ github.repository }} \
-              --set-string global.tag=${{ steps.vars.outputs.tag }} \
-              --set-string global.config.databaseUser=${{ inputs.db_user }} \
-              ${{ inputs.params }} \
-              --install --wait ${{ inputs.atomic && '--atomic' || '' }} ${{ steps.vars.outputs.release }} \
-              --timeout ${{ inputs.timeout-minutes }}m \
-              --values ${{ inputs.values }} \
-              ./${{ github.event.repository.name }}-${{ steps.pr.outputs.pr || steps.vars.outputs.version }}.tgz
-
-            # Helm release history
-            helm history ${{ steps.vars.outputs.release }}
-
-            # Completed pod cleanup
-            oc delete po --field-selector=status.phase==Succeeded || true

.github/workflows/pr-open.yml

@@ -38,9 +38,9 @@ jobs:
     secrets:
       oc_namespace: ${{ secrets.OC_NAMESPACE }}
       oc_token: ${{ secrets.OC_TOKEN }}
+      postgres_password: ${{ secrets.DB_PASSWORD }}
     with:
       db_user: app-${{ github.event.number }}
-      params: --set global.secrets.persist=false
       triggers: ('backend/' 'frontend/' 'migrations/' 'charts/')
 
   tests: