Migrate GHA deployment workflows to ArgoCD triggering

.github/actions/build_acapy/action.yaml

@@ -41,15 +41,15 @@ outputs:
 runs:
   using: "composite"
   steps:
-    - uses: actions/checkout@v3   
+    - uses: actions/checkout@v4   
       with:
         ref: ${{ inputs.ref != '' && inputs.ref ||  env.GITHUB_REF }}${{ inputs.ref }}
 
     - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@v2
+      uses: docker/setup-buildx-action@v3
 
     - name: Login to GitHub Container Registry
-      uses: docker/login-action@v2
+      uses: docker/login-action@v3
       with:
         registry: ${{ inputs.registry}}
         username: ${{ inputs.registry_username}}

.github/actions/build_ui/action.yaml

@@ -36,7 +36,7 @@ outputs:
 runs:
   using: "composite"
   steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
       with:
         ref: ${{ inputs.ref != '' && inputs.ref ||  env.GITHUB_REF }}${{ inputs.ref }}
 
@@ -82,10 +82,10 @@ runs:
         npm run build
 
     - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@v2
+      uses: docker/setup-buildx-action@v3
 
     - name: Login to GitHub Container Registry
-      uses: docker/login-action@v2
+      uses: docker/login-action@v3
       with:
         registry: ${{ inputs.registry}}
         username: ${{ inputs.registry_username}}

.github/workflows/chart_release.yaml

@@ -48,3 +48,67 @@ jobs:
           config: .github/cr.yaml
         env:
           CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
+
+  gitops_update:
+    runs-on: ubuntu-latest
+    name: Update GitOps Repo
+    needs:
+      - chart-release
+    steps:
+      - uses: actions/checkout@v4
+      - name: Set up Git
+        run: |
+          git config --global user.name "github-actions[bot]"
+          git config --global user.email "github-actions[bot]@users.noreply.github.com"
+      - name: Add SSH key
+        env:
+          DITP_GITOPS_REPO_SECRET: ${{ secrets.DITP_GITOPS_REPO_SECRET }}
+        run: |
+          mkdir -p ~/.ssh
+          echo "$DITP_GITOPS_REPO_SECRET" > ~/.ssh/id_rsa
+          chmod 600 ~/.ssh/id_rsa
+          ssh-keyscan github.com >> ~/.ssh/known_hosts
+      - name: Clone gitops-repo
+        run: |
+          git clone git@github.com:bcgov-c/ministry-gitops-ditp.git
+          cd ministry-gitops-ditp
+          git config user.name "github-actions[bot]"
+          git config user.email "github-actions[bot]@users.noreply.github.com"
+      - name: Lookup latest chart
+        id: chart_version
+        run: |
+          helm repo add traction https://bcgov.github.io/traction
+          helm repo update
+          echo "::set output name=APP_VERSION::$(helm search repo vc-authn-oidc -ojson | jq '.[0].app_version')"
+          echo "::set output name=CHART_VERSION::$(helm search repo traction -ojson | jq '.[0].version')"
+      - name: Update test
+        env:
+          APP_VERSION: ${{ steps.chart_version.outputs.APP_VERSION }}
+          CHART_VERSION: ${{ steps.chart_version.outputs.CHART_VERSION }}
+        run: |
+          cd ministry-gitops-ditp
+          yq e -i '.appVersion = $APP_VERSION' services/vc-authn-oidc/charts/test/Chart.yaml
+          yq e -i '.version = $CHART_VERSION' services/traction/charts/test/Chart.yaml
+          yq e -i '.dependencies[0].version = $CHART_VERSION' services/traction/charts/test/Chart.yaml
+      - name: Update prod
+        env:
+          APP_VERSION: ${{ steps.chart_version.outputs.APP_VERSION }}
+          CHART_VERSION: ${{ steps.chart_version.outputs.CHART_VERSION }}
+        run: |
+          cd ministry-gitops-ditp
+          yq e -i '.appVersion = $APP_VERSION' services/vc-authn-oidc/charts/prod/Chart.yaml
+          yq e -i '.version = $CHART_VERSION' services/traction/charts/prod/Chart.yaml
+          yq e -i '.dependencies[0].version = $CHART_VERSION' services/traction/charts/prod/Chart.yaml
+      - name: Commit and push changes
+        run: |
+          cd ministry-gitops-ditp
+          git add services/traction/charts/test/Chart.yaml services/traction/charts/prod/Chart.yaml
+          git commit -m "Update chart version"
+          git push origin main
+      - name: Sync Traction Test
+        uses: OpsVerseIO/argocd-sync@0.2.0
+        with:
+          address: https://gitops-shared.apps.silver.devops.gov.bc.ca
+          token: ${{ secrets.DITP_GITOPS_ARGO_SECRET}}
+          action: sync
+          appName: "bc0192-test-traction"

.github/workflows/on_push_main.yaml

@@ -69,6 +69,82 @@ jobs:
       image_tag: ${{ steps.builder.outputs.image_tag }}
       image_version: ${{ steps.builder.outputs.image_version }}
 
+  changed_files:
+    runs-on: ubuntu-latest
+    name: Test changed files
+    outputs:
+      any_changed: ${{ steps.chart-changes.outputs.any_changed }}
+    steps:
+      - uses: actions/checkout@v4
+      - name: Check for changes in the charts folder
+        id: chart-changes
+        uses: tj-actions/changed-files@v44
+        with:
+          files: charts/traction/*.*
+
+  gitops_update:
+    runs-on: ubuntu-latest
+    name: Update GitOps Repo
+    needs:
+      - build_ui
+      - build_acapy
+      - build_proxy
+      - changed_files
+    if: needs.changed_files.outputs.any_changed != 'true'
+    steps:
+      - uses: actions/checkout@v4
+      - name: Set up Git
+        run: |
+          git config --global user.name "github-actions[bot]"
+          git config --global user.email "github-actions[bot]@users.noreply.github.com"
+      - name: Add SSH key
+        env:
+          DITP_GITOPS_REPO_SECRET: ${{ secrets.DITP_GITOPS_REPO_SECRET }}
+        run: |
+          mkdir -p ~/.ssh
+          echo "$DITP_GITOPS_REPO_SECRET" > ~/.ssh/id_rsa
+          chmod 600 ~/.ssh/id_rsa
+          ssh-keyscan github.com >> ~/.ssh/known_hosts
+      - name: Clone gitops-repo
+        run: |
+          git clone git@github.com:bcgov-c/ministry-gitops-ditp.git
+          cd ministry-gitops-ditp
+          git config user.name "github-actions[bot]"
+          git config user.email "github-actions[bot]@users.noreply.github.com"
+      - name: Lookup latest chart
+        id: chart_version
+        run: |
+          helm repo add traction https://bcgov.github.io/traction
+          helm repo update
+          echo "::set output name=APP_VERSION::$(helm search repo traction -ojson | jq '.[0].app_version')"
+          echo "::set output name=CHART_VERSION::$(helm search repo traction -ojson | jq '.[0].version')"
+      - name: Update values
+        env:
+          APP_VERSION: ${{ steps.chart_version.outputs.APP_VERSION }}
+          CHART_VERSION: ${{ steps.chart_version.outputs.CHART_VERSION }}
+          IMAGE_TAG: ${{ needs.build_acapy.outputs.image_version }}
+        run: |
+          cd ministry-gitops-ditp
+          yq e -i '.appVersion = $APP_VERSION' services/traction/charts/dev/Chart.yaml
+          yq e -i '.version = $CHART_VERSION' services/traction/charts/dev/Chart.yaml
+          yq e -i '.dependencies[0].version = $CHART_VERSION' services/traction/charts/dev/Chart.yaml
+          yq e -i '.traction.acapy.image.tag = $IMAGE_TAG' services/traction/charts/dev/values.yaml
+          yq e -i '.traction.tenant_proxy.image.tag = $IMAGE_TAG' services/traction/charts/dev/values.yaml
+          yq e -i '.traction.ui.image.tag = $IMAGE_TAG' services/traction/charts/dev/values.yaml
+      - name: Commit and push changes
+        run: |
+          cd ministry-gitops-ditp
+          git add services/traction/charts/dev/values.yaml services/traction/charts/dev/Chart.yaml
+          git commit -m "Update chart version and image tags"
+          git push origin main
+      - name: Sync Traction Dev
+        uses: OpsVerseIO/argocd-sync@0.2.0
+        with:
+          address: https://gitops-shared.apps.silver.devops.gov.bc.ca
+          token: ${{ secrets.DITP_GITOPS_ARGO_SECRET}}
+          action: sync
+          appName: "bc0192-dev-traction"
+
   deploy:
     name: Deploy Dev
     environment: development
@@ -77,10 +153,49 @@ jobs:
       - build_ui
       - build_acapy
       - build_proxy
-    if: ${{ always() && contains(needs.*.result, 'success') && !(contains(needs.*.result, 'failure')) && (github.repository_owner == 'bcgov') }}
-
+      - changed_files
+    if: ${{ needs.changed_files.outputs.any_changed == 'true' && contains(needs.*.result, 'success') && !(contains(needs.*.result, 'failure')) && (github.repository_owner == 'bcgov') }}
     steps:
       - uses: actions/checkout@v4
+      - name: Set up Git
+        run: |
+          git config --global user.name "github-actions[bot]"
+          git config --global user.email "github-actions[bot]@users.noreply.github.com"
+      - name: Add SSH key
+        env:
+          DITP_GITOPS_REPO_SECRET: ${{ secrets.DITP_GITOPS_REPO_SECRET }}
+        run: |
+          mkdir -p ~/.ssh
+          echo "$DITP_GITOPS_REPO_SECRET" > ~/.ssh/id_rsa
+          chmod 600 ~/.ssh/id_rsa
+          ssh-keyscan github.com >> ~/.ssh/known_hosts
+      - name: Clone gitops-repo
+        run: |
+          git clone git@github.com:bcgov-c/ministry-gitops-ditp.git
+          cd ministry-gitops-ditp
+          git config user.name "github-actions[bot]"
+          git config user.email "github-actions[bot]@users.noreply.github.com"
+      - name: Lookup chart version
+        id: chart_version
+        run: |
+          echo "::set output name=APP_VERSION::$(yq e .appVersion charts/traction/Chart.yaml)"
+          echo "::set output name=CHART_VERSION::$(yq e .version charts/traction/Chart.yaml)"
+      - name: Update Values in GitOps repo
+        env:
+          APP_VERSION: ${{ steps.chart_version.outputs.APP_VERSION }}
+          CHART_VERSION: ${{ steps.chart_version.outputs.CHART_VERSION }}
+          IMAGE_TAG: ${{ needs.build_acapy.outputs.image_version }}
+        run: |
+          cd ministry-gitops-ditp
+          yq e -i '.appVersion = $APP_VERSION' services/traction/charts/dev/Chart.yaml
+          yq e -i '.version = $CHART_VERSION' services/traction/charts/dev/Chart.yaml
+          yq e -i '.dependencies[0].version = $CHART_VERSION' services/traction/charts/dev/Chart.yaml
+          yq e -i '.traction.acapy.image.tag = $IMAGE_TAG' services/traction/charts/dev/values.yaml
+          yq e -i '.traction.tenant_proxy.image.tag = $IMAGE_TAG' services/traction/charts/dev/values.yaml
+          yq e -i '.traction.ui.image.tag = $IMAGE_TAG' services/traction/charts/dev/values.yaml
+          git add services/traction/charts/dev/values.yaml services/traction/charts/dev/Chart.yaml
+          git commit -m "Update chart version and image tags"
+          git push origin main
 
       - name: Authenticate and set context
         uses: redhat-actions/oc-login@v1