forms-flow-bpm-deploy #158
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: forms-flow-bpm-deploy | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| environment: | |
| description: 'Environment' | |
| required: true | |
| default: 'dev' | |
| type: choice | |
| options: | |
| - dev | |
| - test | |
| - production | |
| push: | |
| branches: [main] | |
| paths: | |
| - "forms-flow-bpm/**" | |
| - "deployment/openshift/bpm_bc.yaml" | |
| - "deployment/openshift/bpm_dc.yaml" | |
| - ".github/workflows/forms-flow-bpm-cd.yml" | |
| - "deployment/openshift/helm-camunda/**" | |
| defaults: | |
| run: | |
| shell: bash | |
| env: | |
| BUILD_NAMESPACE: ${{ secrets.BUILD_NAMESPACE }} | |
| OPENSHIFT_TOKEN: ${{ secrets.SA_TOKEN }} | |
| OPENSHIFT_USERNAME: ${{ secrets.SA_USERNAME }} | |
| OPENSHIFT_REGISTRY_TOKEN: ${{ secrets.SA_USERNAME_TOKEN }} | |
| OPENSHIFT_SERVER_URL: ${{ secrets.OPENSHIFT_SERVER_URL }} | |
| OPENSHIFT_IMAGE_REGISTRY_URL: ${{ secrets.OPENSHIFT_IMAGE_REGISTRY_URL }} | |
| APP_NAME: forms-flow-bpm | |
| ENVIRONMENT: ${{ !github.event.inputs.environment && 'dev' || github.event.inputs.environment }} | |
| BRANCH: ${{ github.ref_name }} | |
| DOCKER_FILE_NAME: Dockerfile.prod | |
| # Namespace for the triggered environment, e.g., d89793-dev | |
| NAMESPACE: ${{ secrets.NAMESPACE }} | |
| WEBSOCKET_ENCRYPT_KEY: ${{ secrets.WEBSOCKET_ENCRYPT_KEY }} | |
| WEBSOCKET_SECURITY_ORIGIN: ${{ secrets.WEBSOCKET_SECURITY_ORIGIN }} | |
| # Camunda related config params | |
| CAMUNDA_URL: ${{ secrets.CAMUNDA_URL }} | |
| SMTP_SERVER: "apps.smtp.gov.bc.ca" | |
| DATABASE_SERVICE_NAME: patroni | |
| DATABASE_NAME: formsflow-bpm | |
| jobs: | |
| # Logs environment variables | |
| Print-envs: | |
| name: Print environment variables | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Print environment variables | |
| run: | | |
| echo BUILD_NAMESPACE: $BUILD_NAMESPACE | |
| echo OPENSHIFT_TOKEN: $OPENSHIFT_TOKEN | |
| echo OPENSHIFT_USERNAME: $OPENSHIFT_USERNAME | |
| echo OPENSHIFT_REGISTRY_TOKEN: $OPENSHIFT_REGISTRY_TOKEN | |
| echo OPENSHIFT_SERVER_URL: $OPENSHIFT_SERVER_URL | |
| echo OPENSHIFT_IMAGE_REGISTRY_URL: $OPENSHIFT_IMAGE_REGISTRY_URL | |
| echo APP_NAME: $APP_NAME | |
| echo ENVIRONMENT: $ENVIRONMENT | |
| echo branch: $BRANCH | |
| echo docker file name: $DOCKER_FILE_NAME | |
| echo namespace: $NAMESPACE | |
| echo CAMUNDA_URL: $CAMUNDA_URL | |
| ##################################### Build and push Image ##################################### | |
| # Apply buildConfigs on Openshift | |
| apply-openshift-buildConfigs: | |
| name: Apply openshift buildConfigs | |
| if: github.repository == 'bcgov/digital-journeys' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Log in to OpenShift | |
| run: | | |
| oc login --token=${OPENSHIFT_TOKEN} --server=${OPENSHIFT_SERVER_URL} | |
| - name: Checkout repository | |
| uses: actions/checkout@v3 | |
| - name: apply openshift buildConfigs | |
| working-directory: ./deployment/openshift | |
| run: | | |
| oc -n ${BUILD_NAMESPACE} process -f bpm_bc.yaml | oc -n ${BUILD_NAMESPACE} apply -f - | |
| build-and-push-image: | |
| name: Build the image and push it to the registry | |
| if: github.repository == 'bcgov/digital-journeys' | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| packages: write | |
| needs: | |
| - apply-openshift-buildConfigs | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v3 | |
| - name: Set up Docker Buildx | |
| id: buildx | |
| uses: docker/setup-buildx-action@v2 | |
| with: | |
| install: true | |
| - name: Docker meta | |
| id: meta | |
| uses: docker/metadata-action@v4 | |
| with: | |
| images: ${{ env.OPENSHIFT_IMAGE_REGISTRY_URL }}/${{ env.BUILD_NAMESPACE }}/${{ env.APP_NAME }} | |
| tags: ${{ env.ENVIRONMENT }} | |
| - run: echo ${{ steps.meta.outputs.tags }} | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@v2 | |
| with: | |
| registry: ${{ env.OPENSHIFT_IMAGE_REGISTRY_URL }}/${{ env.BUILD_NAMESPACE }} | |
| username: ${{ env.OPENSHIFT_USERNAME }} | |
| password: ${{ env.OPENSHIFT_REGISTRY_TOKEN }} | |
| - name: Cache Docker layers | |
| uses: actions/cache@v3 | |
| with: | |
| path: /tmp/.buildx-cache | |
| key: ${{ runner.os }}-buildx-${{ env.APP_NAME }}-${{ github.sha }} | |
| restore-keys: | | |
| ${{ runner.os }}-buildx-${{ env.APP_NAME }} | |
| - name: Build and push Docker image | |
| uses: docker/build-push-action@v3 | |
| with: | |
| context: ${{ env.APP_NAME }} | |
| push: true | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| file: ${{ env.APP_NAME }}/${{ env.DOCKER_FILE_NAME }} | |
| # ##################################### Deployment ##################################### | |
| apply-deploymentConfigs: | |
| name: Apply deploymentConfigs | |
| if: github.repository == 'bcgov/digital-journeys' | |
| environment: ${{ !github.event.inputs.environment && 'dev' || github.event.inputs.environment }} | |
| runs-on: ubuntu-latest | |
| needs: | |
| - apply-openshift-buildConfigs | |
| - build-and-push-image | |
| steps: | |
| - name: Checkout Target Branch | |
| uses: actions/checkout@v3 | |
| - name: Log in to OpenShift | |
| run: | | |
| oc login --token=${OPENSHIFT_TOKEN} --server=${OPENSHIFT_SERVER_URL} | |
| - name: apply deploymentConfig | |
| working-directory: ./deployment/openshift | |
| run: | | |
| test -n "${NAMESPACE}" | |
| test -n "${BUILD_NAMESPACE}" | |
| test -n "${BRANCH}" | |
| echo "Current ENV is ${ENVIRONMENT}" | |
| oc project ${NAMESPACE} | |
| echo "Current namespace is ${NAMESPACE}" | |
| helm upgrade -i helm-forms-flow-bpm ./helm-camunda | |
| # --set TOOLS_WORKSPACE=${BUILD_NAMESPACE} \ | |
| # --set SMTP_SERVER=${SMTP_SERVER} \ | |
| # --set DATABASE_SERVICE_NAME=${DATABASE_SERVICE_NAME} \ | |
| # --set DATABASE_NAME=${DATABASE_NAME} \ | |
| # --set IMAGE_TAG=${ENVIRONMENT} \ | |
| # --set CAMUNDA_URL="${CAMUNDA_URL}" \ | |
| # --set WEBSOCKET_ENCRYPT_KEY=${WEBSOCKET_ENCRYPT_KEY} \ | |
| # --set WEBSOCKET_SECURITY_ORIGIN="${WEBSOCKET_SECURITY_ORIGIN}" \ | |
| oc -n ${NAMESPACE} process helm-forms-flow-bpm \ | |
| -p TOOLS_WORKSPACE=${BUILD_NAMESPACE} \ | |
| -p SMTP_SERVER=${SMTP_SERVER} \ | |
| -p DATABASE_SERVICE_NAME=${DATABASE_SERVICE_NAME} \ | |
| -p DATABASE_NAME=${DATABASE_NAME} \ | |
| -p IMAGE_TAG=${ENVIRONMENT} \ | |
| -p CAMUNDA_URL="${CAMUNDA_URL}" \ | |
| -p WEBSOCKET_ENCRYPT_KEY=${WEBSOCKET_ENCRYPT_KEY} \ | |
| -p WEBSOCKET_SECURITY_ORIGIN="${WEBSOCKET_SECURITY_ORIGIN}" | \ | |
| oc -n ${NAMESPACE} apply -f - | |
| - name: verify deploymentConfig | |
| run: | | |
| # Check deployment rollout status every 10 seconds (max 10 minutes) until complete. | |
| ATTEMPTS=0 | |
| ROLLOUT_STATUS_CMD="oc rollout status dc/${APP_NAME} -n ${NAMESPACE}" | |
| until $ROLLOUT_STATUS_CMD || [ $ATTEMPTS -eq 60 ]; do | |
| $ROLLOUT_STATUS_CMD | |
| ATTEMPTS=$((attempts + 1)) | |
| sleep 10 | |
| done | |
| oc project ${NAMESPACE} | |
| echo "Listing pods.." | |
| oc get pods|grep "${APP_NAME}" | |
| export ROUTE="$(oc get route ${APP_NAME} -o jsonpath='{.spec.host}')" | |
| echo "${APP_NAME} is exposed at 'https://'${ROUTE}" |