Add configmap generator

.github/workflows/deploy-to-openshift-dev.yml

@@ -1,17 +1,17 @@
 name: 1 DEV - Deploy Dynamics API
 
 env:
- # 🖊️ EDIT your repository secrets to log into your OpenShift cluster and set up the context.
+ # EDIT your repository secrets to log into your OpenShift cluster and set up the context.
  # See https://github.com/redhat-actions/oc-login#readme for how to retrieve these values.
  # To get a permanent token, refer to https://github.com/redhat-actions/oc-login/wiki/Using-a-Service-Account-for-GitHub-Actions
  OPENSHIFT_SERVER: ${{ secrets.OPENSHIFT_SERVER }}
  OPENSHIFT_TOKEN: ${{ secrets.OPENSHIFT_TOKEN }}
- # 🖊️ EDIT to set the kube context's namespace after login. Leave blank to use your user's default namespace.
+ # EDIT to set the kube context's namespace after login. Leave blank to use your user's default namespace.
  OPENSHIFT_NAMESPACE: ${{ secrets.CCOF_NAMESPACE_NO_ENV }}-dev
 
  # SPLUNK_TOKEN: ${{ secrets.SPLUNK_TOKEN }}
 
-  # 🖊️ EDIT to change the image registry settings.
+ # EDIT to change the image registry settings.
  # Registries such as GHCR, Quay.io, and Docker Hub are supported.
  IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }}
  IMAGE_REGISTRY_USER: ${{ github.actor }}
@@ -141,37 +141,49 @@ jobs:
  oc login --token=${{ env.OPENSHIFT_TOKEN }} --server=${{ env.OPENSHIFT_SERVER }}
  oc project ${{ env.OPENSHIFT_NAMESPACE }}
  # Cancel any rollouts in progress
- oc rollout cancel dc/${{ env.APP_NAME }}-${{ env.IMAGE_NAME }}-${{ env.APP_ENVIRONMENT }}-${{ env.BRANCH }} 2> /dev/null \
-  || true && echo "No rollout in progress"
+ oc rollout cancel dc/${{ env.APP_NAME }}-${{ env.IMAGE_NAME }}-${{ env.APP_ENVIRONMENT }} 2> /dev/null \
+ || true && echo "No rollout in progress"
 
  # Create the image stream if it doesn't exist
  oc create imagestream ${{ env.REPO_NAME }}-${{ env.IMAGE_NAME }}-${{ env.BRANCH }} 2> /dev/null \
-  || true && echo "Backend image stream in place"
+ || true && echo "Backend image stream in place"
 
  oc tag \
-  ${{ steps.push-image-backend.outputs.registry-path }} \
-  ${{ env.REPO_NAME }}-${{ env.IMAGE_NAME }}-${{ env.BRANCH }}:${{ env.TAG }}
+ ${{ steps.push-image-backend.outputs.registry-path }} \
+ ${{ env.REPO_NAME }}-${{ env.IMAGE_NAME }}-${{ env.BRANCH }}:${{ env.TAG }}
 
  # Process and apply deployment template
  oc process \
- -f tools/openshift/d365api.dc.yaml \
- -p APP_NAME=${{ env.APP_NAME }} \
- -p REPO_NAME=${{ env.REPO_NAME }} \
- -p BRANCH=${{ env.BRANCH }} \
- -p NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} \
- -p TAG=${{ env.TAG }} \
- -p MIN_REPLICAS=${{ env.MIN_REPLICAS }} \
- -p MAX_REPLICAS=${{ env.MAX_REPLICAS }} \
- -p MIN_CPU=${{ env.MIN_CPU }} \
- -p MAX_CPU=${{ env.MAX_CPU }} \
- -p MIN_MEM=${{ env.MIN_MEM }} \
- -p MAX_MEM=${{ env.MAX_MEM }} \
- -p APP_ENVIRONMENT=${{ env.APP_ENVIRONMENT }} \
- | oc apply -f -
+ -f tools/openshift/d365api.dc.yaml \
+ -p APP_NAME=${{ env.APP_NAME }} \
+ -p REPO_NAME=${{ env.REPO_NAME }} \
+ -p BRANCH=${{ env.BRANCH }} \
+ -p NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} \
+ -p TAG=${{ env.TAG }} \
+ -p MIN_REPLICAS=${{ env.MIN_REPLICAS }} \
+ -p MAX_REPLICAS=${{ env.MAX_REPLICAS }} \
+ -p MIN_CPU=${{ env.MIN_CPU }} \
+ -p MAX_CPU=${{ env.MAX_CPU }} \
+ -p MIN_MEM=${{ env.MIN_MEM }} \
+ -p MAX_MEM=${{ env.MAX_MEM }} \
+ -p APP_ENVIRONMENT=${{ env.APP_ENVIRONMENT }} \
+ | oc apply -f -
+
+ # Process update-configmap
+ cat << JSON > /tmp/authentication_settings
+ ${{ secrets.DYNAMICS_AUTHENTICATION_SETTINGS }}
+ JSON
+
+ curl -s https://raw.githubusercontent.com/bcgov/${{ env.REPO_NAME }}/${{ env.BRANCH }}/tools/config/update-configmap.sh \
+ | bash /dev/stdin \
+ ${{ env.APP_ENVIRONMENT }} \
+ ${{ env.APP_NAME }} \
+ ${{ env.OPENSHIFT_NAMESPACE }} \
+ /tmp/authentication_settings
 
  # Start rollout (if necessary) and follow it
- oc rollout latest dc/${{ env.APP_NAME }}-${{ env.IMAGE_NAME }}-${{ env.APP_ENVIRONMENT }}-${{ env.BRANCH }} 2> /dev/null \
-  || true && echo "Rollout in progress"
+ oc rollout latest dc/${{ env.APP_NAME }}-${{ env.IMAGE_NAME }}-${{ env.APP_ENVIRONMENT }} 2> /dev/null \
+ || true && echo "Rollout in progress"
 
  # Get status, returns 0 if rollout is successful
- oc rollout status dc/${{ env.APP_NAME }}-${{ env.IMAGE_NAME }}-${{ env.APP_ENVIRONMENT }}-${{ env.BRANCH }}
+ oc rollout status dc/${{ env.APP_NAME }}-${{ env.IMAGE_NAME }}-${{ env.APP_ENVIRONMENT }}

tools/config/README.md

@@ -0,0 +1,12 @@
+# D365 Config Map Updater
+
+This readme serves as documentation for what secrets are used for deployment and
+what their expected types are. Note that the output of the update script is a
+valid JSON file, so these types should be in JSON.
+
+| Key | Type |
+|----------------------------------|----------|
+| DYNAMICS_AUTHENTICATION_SETTINGS | `Object` |
+
+Each of these keys are environment specific, so make sure you update each
+environment where applicable.

tools/config/update-configmap.sh

@@ -0,0 +1,34 @@
+set -euo pipefail
+
+readonly ENV_VAL=$1
+readonly APP_NAME=$2
+readonly OPENSHIFT_NAMESPACE=$3
+readonly DYNAMICS_AUTHENTICATION_SETTINGS=$4
+
+D365_CONFIGURATION=$(jq << JSON
+{
+ "Logging": {
+ "LogLevel": {
+ "Default": "Information",
+ "Microsoft.AspNetCore": "Warning"
+ }
+ },
+ "DynamicsAuthenticationSettings": $(cat "$DYNAMICS_AUTHENTICATION_SETTINGS")
+}
+JSON
+)
+readonly D365_CONFIGURATION
+echo "$D365_CONFIGURATION" > /tmp/appsettings.json
+
+echo
+echo Creating D365 config map "$APP_NAME-d365api-$ENV_VAL-config-map"
+oc create -n "$OPENSHIFT_NAMESPACE" configmap \
+ "$APP_NAME-d365api-$ENV_VAL-config-map" \
+ --from-file="appsettings.json=/tmp/appsettings.json" \
+ --dry-run -o yaml | oc apply -f -
+
+echo
+echo Setting environment variables for "$APP_NAME-d365api-$ENV_VAL" application
+oc -n "$OPENSHIFT_NAMESPACE" set env \
+ --from="configmap/$APP_NAME-d365api-$ENV_VAL-config-map" \
+ "dc/$APP_NAME-d365api-$ENV_VAL"

tools/openshift/d365api.dc.yaml

@@ -14,7 +14,7 @@ objects:
  creationTimestamp:
  labels:
  app: "${APP_NAME}-${BRANCH}"
- name: "${APP_NAME}-d365api-${APP_ENVIRONMENT}-${BRANCH}"
+ name: "${APP_NAME}-d365api-${APP_ENVIRONMENT}"
  spec:
  replicas: ${{MIN_REPLICAS}}
  selector: