Merge #1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Merge | |
on: | |
workflow_run: | |
workflows: [PR Closed] | |
types: [completed] | |
workflow_dispatch: | |
concurrency: | |
group: ${{ github.workflow }} | |
cancel-in-progress: true | |
jobs: | |
codeql: | |
name: Semantic Code Analysis | |
runs-on: ubuntu-22.04 | |
permissions: | |
actions: read | |
contents: read | |
security-events: write | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Initialize | |
uses: github/codeql-action/init@v2 | |
with: | |
debug: true | |
languages: java,javascript | |
- name: Set up JDK 17 | |
uses: actions/setup-java@v3 | |
with: | |
java-version: "17" | |
distribution: "temurin" | |
# Build Java apps, JavaScript doesn't require | |
- name: Java Builds | |
run: | | |
cd backend | |
mvn --update-snapshots -P prod clean package -Dmaven.test.skip | |
cd ../oracle-api | |
mvn --update-snapshots package -Dmaven.test.skip | |
- name: Perform CodeQL Analysis | |
uses: github/codeql-action/analyze@v2 | |
init-test: | |
name: TEST Init | |
environment: test | |
runs-on: ubuntu-22.04 | |
steps: | |
- name: OpenShift Init | |
uses: bcgov-nr/action-deployer-openshift@v1.0.4 | |
with: | |
oc_namespace: ${{ vars.OC_NAMESPACE }} | |
oc_server: ${{ vars.OC_SERVER }} | |
oc_token: ${{ secrets.OC_TOKEN }} | |
file: common/openshift.init.yml | |
overwrite: false | |
parameters: | |
-p ZONE=test -p NAME=${{ github.event.repository.name }} | |
-p ORACLE_DB_USER=${{ secrets.DB_USER }} | |
-p ORACLE_DB_PASSWORD='${{ secrets.DB_PASSWORD }}' | |
-p FORESTCLIENTAPI_KEY='${{ secrets.FORESTCLIENTAPI_KEY }}' | |
-p AWS_KINESIS_STREAM='${{ secrets.AWS_KINESIS_STREAM }}' | |
-p AWS_KINESIS_ROLE_ARN='${{ secrets.AWS_KINESIS_ROLE_ARN }}' | |
-p AWS_ACCESS_KEY_ID=${{ secrets.AWS_ACCESS_KEY_ID }} | |
-p AWS_ACCESS_KEY_SECRET='${{ secrets.AWS_ACCESS_KEY_SECRET }}' | |
deploy-test: | |
name: TEST Deployment | |
needs: [init-test] | |
environment: test | |
runs-on: ubuntu-22.04 | |
strategy: | |
matrix: | |
name: [database, backend, fluentbit, frontend, oracle-api] | |
include: | |
- name: database | |
file: database/openshift.deploy.yml | |
overwrite: false | |
- name: backend | |
file: backend/openshift.deploy.yml | |
overwrite: true | |
verification_path: "actuator/health" | |
parameters: | |
-p BUILD=test | |
-p NR_SPAR_BACKEND_ENV_OPENSEARCH=test | |
- name: fluentbit | |
file: backend/openshift.fluentbit.yml | |
overwrite: true | |
- name: frontend | |
file: frontend/openshift.deploy.yml | |
overwrite: true | |
parameters: | |
-p VITE_SPAR_BUILD_VERSION=snapshot-test | |
-p VITE_NRSPARWEBAPP_VERSION=test | |
-p VITE_KC_URL=https://test.loginproxy.gov.bc.ca/auth | |
-p VITE_KC_REALM=standard | |
-p VITE_KC_CLIENT_ID=seed-planning-test-4296 | |
- name: oracle-api | |
file: oracle-api/openshift.deploy.yml | |
overwrite: true | |
verification_path: "actuator/health" | |
parameters: | |
-p NR_SPAR_ORACLE_API_VERSION=snapshot-test | |
-p SERVICE_NAME=dbq01.nrs.bcgov | |
steps: | |
- uses: bcgov-nr/action-deployer-openshift@v1.0.4 | |
with: | |
file: ${{ matrix.file }} | |
oc_namespace: ${{ vars.OC_NAMESPACE }} | |
oc_server: ${{ vars.OC_SERVER }} | |
oc_token: ${{ secrets.OC_TOKEN }} | |
overwrite: ${{ matrix.overwrite }} | |
penetration_test: false | |
verification_path: "actuator/health" | |
parameters: | |
-p ZONE=test -p NAME=${{ github.event.repository.name }} | |
${{ matrix.parameters }} | |
# api-tests: | |
# name: Newman API tests runner | |
# needs: | |
# - deploy-test | |
# runs-on: ubuntu-latest | |
# steps: | |
# - name: Checkout | |
# uses: actions/checkout@v4 | |
# - name: Install Node | |
# uses: actions/setup-node@v3 | |
# with: | |
# node-version: 16 | |
# - name: Install newman | |
# run: | | |
# npm install -g newman | |
# npm install -g newman-reporter-htmlextra | |
# - name: Make Directory for Test Results | |
# run: mkdir -p testArtifacts | |
# - name: Run Postman Collection | |
# run: | | |
# newman run test/postman/starting-api.postman_collection.json -e test/postman/starting-api.postman_environment.json \ | |
# --env-var "releaseVer=test=${{ env.NR_SPAR_BACKEND_VERSION }}" \ | |
# --env-var "authServer=${{ secrets.KEYCLOAK_SERVER_REALM }}" \ | |
# --env-var "authClient=${{ secrets.KC_SERVICE_ACCOUNT_NAME }}" \ | |
# --env-var "authClient=${{ secrets.KC_SERVICE_ACCOUNT_PASS }}" \ | |
# --suppress-exit-code -r htmlextra --reporter-htmlextra-export testArtifacts/api-tests-report.html | |
# - name: Output the results | |
# uses: actions/upload-artifact@v3 | |
# with: | |
# name: API test report | |
# path: testArtifacts | |
init-prod: | |
name: PROD Init | |
needs: | |
- deploy-test | |
environment: prod | |
runs-on: ubuntu-22.04 | |
steps: | |
- name: OpenShift Init | |
uses: bcgov-nr/action-deployer-openshift@v1.0.4 | |
with: | |
oc_namespace: ${{ vars.OC_NAMESPACE }} | |
oc_server: ${{ vars.OC_SERVER }} | |
oc_token: ${{ secrets.OC_TOKEN }} | |
file: common/openshift.init.yml | |
overwrite: false | |
parameters: | |
-p ZONE=prod -p NAME=${{ github.event.repository.name }} | |
-p ORACLE_DB_USER=${{ secrets.DB_USER }} | |
-p ORACLE_DB_PASSWORD='${{ secrets.DB_PASSWORD }}' | |
-p FORESTCLIENTAPI_KEY='${{ secrets.FORESTCLIENTAPI_KEY }}' | |
-p AWS_KINESIS_STREAM='${{ secrets.AWS_KINESIS_STREAM }}' | |
-p AWS_KINESIS_ROLE_ARN='${{ secrets.AWS_KINESIS_ROLE_ARN }}' | |
-p AWS_ACCESS_KEY_ID=${{ secrets.AWS_ACCESS_KEY_ID }} | |
-p AWS_ACCESS_KEY_SECRET='${{ secrets.AWS_ACCESS_KEY_SECRET }}' | |
deploy-prod: | |
name: PROD Deployment | |
needs: | |
- init-prod | |
environment: prod | |
runs-on: ubuntu-22.04 | |
strategy: | |
matrix: | |
name: [database, backend, fluentbit, frontend, oracle-api] | |
include: | |
- name: database | |
file: database/openshift.deploy.yml | |
overwrite: false | |
- name: backend | |
file: backend/openshift.deploy.yml | |
overwrite: true | |
verification_path: "actuator/health" | |
parameters: | |
-p BUILD=prod | |
-p ORACLE_SERVER_URL=https://nr-spar-prod-oracle-api.apps.silver.devops.gov.bc.ca | |
-p NR_SPAR_BACKEND_ENV_OPENSEARCH=production | |
- name: fluentbit | |
file: backend/openshift.fluentbit.yml | |
overwrite: true | |
- name: frontend | |
file: frontend/openshift.deploy.yml | |
overwrite: true | |
parameters: | |
-p VITE_SPAR_BUILD_VERSION=snapshot-prod | |
-p VITE_NRSPARWEBAPP_VERSION=prod | |
-p VITE_KC_URL=https://loginproxy.gov.bc.ca/auth | |
-p VITE_KC_REALM=standard | |
-p VITE_KC_CLIENT_ID=seed-planning-test-4296 | |
-p VITE_ORACLE_SERVER_URL=https://nr-spar-prod-oracle-api.apps.silver.devops.gov.bc.ca | |
- name: oracle-api | |
file: oracle-api/openshift.deploy.yml | |
overwrite: true | |
verification_path: "actuator/health" | |
parameters: | |
-p NR_SPAR_ORACLE_API_VERSION=snapshot-prod | |
-p SERVICE_NAME=dbq01.nrs.bcgov | |
steps: | |
- uses: bcgov-nr/action-deployer-openshift@v1.0.4 | |
with: | |
file: ${{ matrix.file }} | |
oc_namespace: ${{ vars.OC_NAMESPACE }} | |
oc_server: ${{ vars.OC_SERVER }} | |
oc_token: ${{ secrets.OC_TOKEN }} | |
overwrite: ${{ matrix.overwrite }} | |
penetration_test: false | |
verification_path: "actuator/health" | |
parameters: | |
-p ZONE=prod -p NAME=${{ github.event.repository.name }} | |
${{ matrix.parameters }} | |
image-promotions: | |
name: Promote Images to PROD | |
needs: | |
- deploy-prod | |
runs-on: ubuntu-22.04 | |
strategy: | |
matrix: | |
component: [backend, database, frontend, oracle-api] | |
steps: | |
- uses: shrink/actions-docker-registry-tag@v3 | |
with: | |
registry: ghcr.io | |
repository: ${{ github.repository }}/${{ matrix.component }} | |
target: test | |
tags: prod |