CI-CD Release Test to UAT #32
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI-CD Release Test to UAT | |
| env: | |
| OPENSHIFT_SERVER: ${{ secrets.OPENSHIFT_SERVER }} | |
| # service account: gitaction | |
| OPENSHIFT_TOKEN: ${{ secrets.OPENSHIFT_TOKEN }} | |
| OPENSHIFT_TOOLS_NAMESPACE: "3cd915-tools" | |
| MS_TEAMS_WEBHOOK_BUILD_CHANNEL: ${{ secrets.MS_TEAMS_WEBHOOK_URI_BUILD_CHANNEL }} | |
| AUTH__KEYCLOAK__SECRET: ${{ secrets.KEYCLOAK_SECRET_UAT }} | |
| AUTH__KEYCLOAK__SERVICEACCOUNT__SECRET: ${{ secrets.KEYCLOAK_SERVICEACCOUNT_SECRET }} | |
| sync-directory: ./tools/keycloak/sync | |
| ASPNETCORE_ENVIRONMENT: "uat" | |
| ## variables for scripts under git\openshift\4.0\scripts\oc-*.sh | |
| APP_PORT: 8080 | |
| DESTINATION: "uat" | |
| OC_JOB_NAME: "uat" | |
| GIT_URL: "${{github.server_url}}/${{github.repository}}" | |
| GIT_BRANCH: "${{github.ref}}" | |
| APP_NAME: "pims" | |
| PROJ_PREFIX: "3cd915" | |
| PROJ_TOOLS: "3cd915-tools" | |
| PROJ_DEV: "dev" | |
| PROJ_TEST: "test" | |
| PROJ_PROD: "prod" | |
| TAG_DEV: "dev" | |
| TAG_TEST: "test" | |
| TAG_PROD: "prod" | |
| INSTANCE: "-uat" | |
| NAMESPACE_OVERRIDE: "3cd915-test" | |
| RELEASE_TAG: "test" | |
| on: workflow_dispatch | |
| jobs: | |
| ci-cd-start-notification: | |
| name: CI-CD Start Notification to Teams Channel | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Start notification to Teams Channel | |
| uses: dragos-cojocari/ms-teams-notification@v1.0.2 | |
| with: | |
| github-token: ${{ github.token }} | |
| ms-teams-webhook-uri: ${{ env.MS_TEAMS_WEBHOOK_BUILD_CHANNEL }} | |
| notification-summary: PIMS Release DEV to TST Started | |
| notification-color: 17a2b8 | |
| timezone: America/Los_Angeles | |
| deploy: | |
| name: Retag/Deploy frontend and api to OpenShift | |
| needs: ci-cd-start-notification | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout Source Code | |
| uses: actions/checkout@v3 | |
| - name: Login to OpenShift | |
| uses: redhat-actions/oc-login@v1 | |
| with: | |
| openshift_server_url: ${{ env.OPENSHIFT_SERVER }} | |
| openshift_token: ${{ env.OPENSHIFT_TOKEN }} | |
| insecure_skip_tls_verify: true | |
| namespace: ${{ env.OPENSHIFT_TOOLS_NAMESPACE }} | |
| - name: call scripts to deploy api and frontend | |
| run: | | |
| ./openshift/4.0/player.sh deploy api $DESTINATION -apply | |
| ./openshift/4.0/player.sh deploy app $DESTINATION -apply | |
| # the command: | |
| # 1) creates an openshift job with generated name to avoid name conflict, substituting the variables in the template. | |
| # 2) greps the generated name from the previous step. | |
| # 3) waits for the job to complete using the generated name. | |
| database-upgrade: | |
| name: Upgrade database | |
| needs: [deploy] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout Source Code | |
| uses: actions/checkout@v3 | |
| - name: Login to OpenShift | |
| uses: redhat-actions/oc-login@v1 | |
| with: | |
| openshift_server_url: ${{ env.OPENSHIFT_SERVER }} | |
| openshift_token: ${{ env.OPENSHIFT_TOKEN }} | |
| insecure_skip_tls_verify: true | |
| namespace: 3cd915-test | |
| - name: call scripts to upgrade database | |
| shell: bash | |
| run: | | |
| JOB_NAME=$(oc process -f ./openshift/4.0/templates/jobs/db-deploy.yaml -p DB_SECRET_NAME=pims-database-uat -p GIT_BRANCH=test -p SERVER_NAME=sqlprd.th.gov.bc.ca -p DB_NAME=PIMS_UAT -p NAMESPACE=3cd915-test | oc create -f - | grep -oP "(?<=job\.batch/)[^\s]*") | |
| oc wait --for=condition=complete job/$JOB_NAME --timeout=120s | |
| oc get pods -o custom-columns=POD:.metadata.name --no-headers | grep -Eo $JOB_NAME-[^\s].* | (read POD_NAME; oc logs $POD_NAME) | |
| ## Call the mayan sync task three times, once for each mayan sync endpoint. The task will wait for the job to complete before exiting. | |
| ## Note: this depends on the mayan-sync configmap for the target namespace being up to date. | |
| mayan-sync: | |
| name: sync mayan | |
| needs: database-upgrade | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout Source Code | |
| uses: actions/checkout@v3 | |
| - name: Login to OpenShift | |
| uses: redhat-actions/oc-login@v1 | |
| with: | |
| openshift_server_url: ${{ env.OPENSHIFT_SERVER }} | |
| openshift_token: ${{ env.OPENSHIFT_TOKEN }} | |
| insecure_skip_tls_verify: true | |
| namespace: 3cd915-test | |
| - name: call scripts to sync mayan | |
| shell: bash | |
| run: | | |
| oc process -f ./openshift/4.0/templates/jobs/mayan-sync.yaml -p NAMESPACE=3cd915-test -p TOKEN_URL=https://test.loginproxy.gov.bc.ca:443/auth/realms/standard/protocol/openid-connect/token -p CLIENT_ID=property-services-project-api-4380 -p MAYAN_SYNC_URL=https://pims-app-uat-3cd915-test.apps.silver.devops.gov.bc.ca/api/documents/sync/mayan/metadatatype -p KEYCLOAK_SECRET_NAME=pims-api-sso-uat | oc create -f - | grep -oP "(?<=\/)[^\s]*" | (read TASK_NAME; oc wait --for=condition=succeeded taskruns/$TASK_NAME --timeout=80s) | |
| oc process -f ./openshift/4.0/templates/jobs/mayan-sync.yaml -p NAMESPACE=3cd915-test -p TOKEN_URL=https://test.loginproxy.gov.bc.ca:443/auth/realms/standard/protocol/openid-connect/token -p CLIENT_ID=property-services-project-api-4380 -p MAYAN_SYNC_URL=https://pims-app-uat-3cd915-test.apps.silver.devops.gov.bc.ca/api/documents/sync/documenttype -p KEYCLOAK_SECRET_NAME=pims-api-sso-uat | oc create -f - | grep -oP "(?<=\/)[^\s]*" | (read TASK_NAME; oc wait --for=condition=succeeded taskruns/$TASK_NAME --timeout=80s) | |
| oc process -f ./openshift/4.0/templates/jobs/mayan-sync.yaml -p NAMESPACE=3cd915-test -p TOKEN_URL=https://test.loginproxy.gov.bc.ca:443/auth/realms/standard/protocol/openid-connect/token -p CLIENT_ID=property-services-project-api-4380 -p MAYAN_SYNC_URL=https://pims-app-uat-3cd915-test.apps.silver.devops.gov.bc.ca/api/documents/sync/mayan -p KEYCLOAK_SECRET_NAME=pims-api-sso-uat | oc create -f - | grep -oP "(?<=\/)[^\s]*" | (read TASK_NAME; oc wait --for=condition=succeeded taskruns/$TASK_NAME --timeout=80s) | |
| sync-keycloak: | |
| name: Sync Keycloak | |
| needs: database-upgrade | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout Source Code | |
| uses: actions/checkout@v3 | |
| - name: Setup .NET 8 | |
| uses: actions/setup-dotnet@v3 | |
| with: | |
| dotnet-version: "8.0.x" | |
| - name: Install dependencies for keycloak sync | |
| run: dotnet restore | |
| working-directory: ${{env.sync-directory}} | |
| - name: Build keycloak sync | |
| run: dotnet build | |
| working-directory: ${{env.sync-directory}} | |
| - name: Start keycloak sync | |
| run: dotnet run | |
| working-directory: ${{env.sync-directory}} | |
| tag-release-image: | |
| name: Release Tag | |
| needs: [deploy] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout Source Code | |
| uses: actions/checkout@v3 | |
| - name: Login to OpenShift | |
| uses: redhat-actions/oc-login@v1 | |
| with: | |
| openshift_server_url: ${{ env.OPENSHIFT_SERVER }} | |
| openshift_token: ${{ env.OPENSHIFT_TOKEN }} | |
| insecure_skip_tls_verify: true | |
| namespace: 3cd915-tools | |
| - name: tag uat image such that it can be promoted to prod | |
| shell: bash | |
| run: | | |
| VERSION=$(make version) | |
| oc tag pims-app:uat pims-app:v${VERSION}-master | |
| oc tag pims-api:uat pims-api:v${VERSION}-master | |
| ci-cd-end-notification: | |
| name: CI-CD End Notification to Teams Channel | |
| runs-on: ubuntu-latest | |
| needs: [sync-keycloak, mayan-sync] | |
| if: always() | |
| steps: | |
| - name: check workflow status | |
| uses: martialonline/workflow-status@v4 | |
| id: check | |
| - name: End notification to Teams Channel | |
| uses: dragos-cojocari/ms-teams-notification@v1.0.2 | |
| with: | |
| github-token: ${{ github.token }} | |
| ms-teams-webhook-uri: ${{ env.MS_TEAMS_WEBHOOK_BUILD_CHANNEL }} | |
| notification-summary: PIMS Release TEST to UAT COMPLETED with status ${{ steps.check.outputs.status }} | |
| notification-color: 17a2b8 | |
| timezone: America/Los_Angeles |