to test sftp #19
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deployments | ||
| on: | ||
| workflow_call: | ||
| # Inputs the workflow accepts. | ||
| inputs: | ||
| environment: | ||
| description: 'Which environment to deploy to' | ||
| default: 'dev' | ||
| required: true | ||
| type: string | ||
| imagetag: | ||
| description: 'Which image tag to use' | ||
| default: 'test' | ||
| required: true | ||
| type: string | ||
| penetration_test: | ||
| description: 'If penetration test is required' | ||
| default: false | ||
| required: true | ||
| type: boolean | ||
| vault_zone: | ||
| description: 'Which vault zone to use' | ||
| default: 'dev' | ||
| required: true | ||
| type: string | ||
| zone: | ||
| description: 'Which zone to use' | ||
| default: 'dev' | ||
| required: true | ||
| type: string | ||
| workflow_dispatch: | ||
| # Inputs the workflow accepts. | ||
| inputs: | ||
| environment: | ||
| description: 'Which environment to deploy to' | ||
| default: 'dev' | ||
| required: true | ||
| type: choice | ||
| options: | ||
| - 'dev' | ||
| - 'test' | ||
| - 'prod' | ||
| imagetag: | ||
| description: 'Which image tag to use' | ||
| default: 'test' | ||
| required: true | ||
| type: string | ||
| penetration_test: | ||
| description: 'If penetration test is required' | ||
| default: false | ||
| required: true | ||
| type: boolean | ||
| vault_zone: | ||
| description: 'Which vault zone to use' | ||
| default: 'dev' | ||
| required: true | ||
| type: choice | ||
| options: | ||
| - 'dev' | ||
| - 'test' | ||
| - 'prod' | ||
| zone: | ||
| description: 'Which zone to use' | ||
| default: 'dev' | ||
| required: true | ||
| type: string | ||
| jobs: | ||
| deployments: | ||
| name: Deployments | ||
| environment: ${{inputs.environment}} | ||
| runs-on: ubuntu-22.04 | ||
| strategy: | ||
| max-parallel: 1 | ||
| fail-fast: true | ||
| matrix: | ||
| name: [init, backend/vehicles, backend/dops, backend/sftp, frontend] | ||
| include: | ||
| - name: backend/vehicles | ||
| file: backend/vehicles/openshift.deploy.yml | ||
| overwrite: true | ||
| - name: backend/dops | ||
| file: backend/dops/openshift.deploy.yml | ||
| overwrite: true | ||
| - name: backend/sftp | ||
| file: backend/sftp/openshift.deploy.yml | ||
| overwrite: true | ||
| - name: frontend | ||
| file: frontend/openshift.deploy.yml | ||
| overwrite: true | ||
| - name: init | ||
| file: common/openshift.init.yml | ||
| overwrite: false | ||
| steps: | ||
| - name: Import Secrets | ||
| id: vault | ||
| uses: hashicorp/vault-action@v2 | ||
| with: | ||
| url: https://vault.developer.gov.bc.ca | ||
| token: ${{ secrets.VAULT_TOKEN }} | ||
| exportEnv: "false" | ||
| namespace: platform-services | ||
| secrets: | | ||
| ${{secrets.VAULT_ENVIRONMENT}}/data/database-${{inputs.vault_zone}} DATABASE_HOST | VAULT_DATABASE_HOST; | ||
| ${{secrets.VAULT_ENVIRONMENT}}/data/database-${{inputs.vault_zone}} DATABASE_USER | VAULT_DATABASE_USER; | ||
| ${{secrets.VAULT_ENVIRONMENT}}/data/database-${{inputs.vault_zone}} DATABASE_NAME | VAULT_DATABASE_NAME; | ||
| ${{secrets.VAULT_ENVIRONMENT}}/data/database-${{inputs.vault_zone}} DATABASE_PASSWORD | VAULT_DATABASE_PASSWORD; | ||
| ${{secrets.VAULT_ENVIRONMENT}}/data/database-${{inputs.vault_zone}} DATABASE_PORT | VAULT_DATABASE_PORT; | ||
| ${{secrets.VAULT_ENVIRONMENT}}/data/auth0-${{inputs.vault_zone}} AUTH0_ISSUER_URL | VAULT_AUTH0_ISSUER_URL; | ||
| ${{secrets.VAULT_ENVIRONMENT}}/data/auth0-${{inputs.vault_zone}} AUTH0_AUDIENCE | VAULT_AUTH0_AUDIENCE; | ||
| ${{secrets.VAULT_ENVIRONMENT}}/data/auth0-${{inputs.vault_zone}} AUTH0_IGNORE_EXP | VAULT_AUTH0_IGNORE_EXP; | ||
| ${{secrets.VAULT_ENVIRONMENT}}/data/auth0-${{inputs.vault_zone}} SITEMINDER_LOG_OFF_URL | VAULT_SITEMINDER_LOG_OFF_URL; | ||
| ${{secrets.VAULT_ENVIRONMENT}}/data/dops-${{inputs.vault_zone}} DOPS_CVSE_FORMS_CACHE_TTL_MS | VAULT_DOPS_CVSE_FORMS_CACHE_TTL_MS; | ||
| ${{secrets.VAULT_ENVIRONMENT}}/data/dops-${{inputs.vault_zone}} DOPS_S3_ACCESS_TYPE | VAULT_DOPS_S3_ACCESS_TYPE; | ||
| ${{secrets.VAULT_ENVIRONMENT}}/data/dops-${{inputs.vault_zone}} DOPS_S3_ACCESSKEYID | VAULT_DOPS_S3_ACCESSKEYID; | ||
| ${{secrets.VAULT_ENVIRONMENT}}/data/dops-${{inputs.vault_zone}} DOPS_S3_BUCKET | VAULT_DOPS_S3_BUCKET; | ||
| ${{secrets.VAULT_ENVIRONMENT}}/data/dops-${{inputs.vault_zone}} DOPS_S3_PRESIGNED_URL_EXPIRY | VAULT_DOPS_S3_PRESIGNED_URL_EXPIRY; | ||
| ${{secrets.VAULT_ENVIRONMENT}}/data/dops-${{inputs.vault_zone}} DOPS_S3_ENDPOINT | VAULT_DOPS_S3_ENDPOINT; | ||
| ${{secrets.VAULT_ENVIRONMENT}}/data/dops-${{inputs.vault_zone}} DOPS_S3_KEY | VAULT_DOPS_S3_KEY; | ||
| ${{secrets.VAULT_ENVIRONMENT}}/data/dops-${{inputs.vault_zone}} DOPS_S3_SECRETACCESSKEY | VAULT_DOPS_S3_SECRETACCESSKEY; | ||
| ${{secrets.VAULT_ENVIRONMENT}}/data/ches-${{inputs.vault_zone}} CHES_TOKEN_URL | VAULT_CHES_TOKEN_URL; | ||
| ${{secrets.VAULT_ENVIRONMENT}}/data/ches-${{inputs.vault_zone}} CHES_URL | VAULT_CHES_URL; | ||
| ${{secrets.VAULT_ENVIRONMENT}}/data/ches-${{inputs.vault_zone}} CHES_CLIENT_ID | VAULT_CHES_CLIENT_ID; | ||
| ${{secrets.VAULT_ENVIRONMENT}}/data/ches-${{inputs.vault_zone}} CHES_CLIENT_SECRET | VAULT_CHES_CLIENT_SECRET; | ||
| ${{secrets.VAULT_ENVIRONMENT}}/data/cdogs-${{inputs.vault_zone}} CDOGS_CLIENT_ID | VAULT_CDOGS_CLIENT_ID; | ||
| ${{secrets.VAULT_ENVIRONMENT}}/data/cdogs-${{inputs.vault_zone}} CDOGS_CLIENT_SECRET | VAULT_CDOGS_CLIENT_SECRET; | ||
| ${{secrets.VAULT_ENVIRONMENT}}/data/cdogs-${{inputs.vault_zone}} CDOGS_TOKEN_URL | VAULT_CDOGS_TOKEN_URL; | ||
| ${{secrets.VAULT_ENVIRONMENT}}/data/cdogs-${{inputs.vault_zone}} CDOGS_URL | VAULT_CDOGS_URL; | ||
| ${{secrets.VAULT_ENVIRONMENT}}/data/be-api-${{inputs.vault_zone}} NODE_ENV | VAULT_NODE_ENV; | ||
| ${{secrets.VAULT_ENVIRONMENT}}/data/payment-${{inputs.vault_zone}} MOTIPAY_API_KEY | VAULT_MOTIPAY_API_KEY; | ||
| ${{secrets.VAULT_ENVIRONMENT}}/data/payment-${{inputs.vault_zone}} MOTIPAY_MERCHANT_ID | VAULT_MOTIPAY_MERCHANT_ID; | ||
| ${{secrets.VAULT_ENVIRONMENT}}/data/payment-${{inputs.vault_zone}} MOTIPAY_BASE_URL | VAULT_MOTIPAY_BASE_URL; | ||
| ${{secrets.VAULT_ENVIRONMENT}}/data/payment-${{inputs.vault_zone}} CFS_SFTP_USERNAME | VAULT_CFS_SFTP_USERNAME; | ||
| ${{secrets.VAULT_ENVIRONMENT}}/data/payment-${{inputs.vault_zone}} CFS_SFTP_HOST | VAULT_CFS_SFTP_HOST; | ||
| ${{secrets.VAULT_ENVIRONMENT}}/data/payment-${{inputs.vault_zone}} CFS_SFTP_PORT | VAULT_CFS_SFTP_PORT; | ||
| ${{secrets.VAULT_ENVIRONMENT}}/data/payment-${{inputs.vault_zone}} CFS_PRIVATE_KEY | VAULT_CFS_PRIVATE_KEY; | ||
| ${{secrets.VAULT_ENVIRONMENT}}/data/payment-${{inputs.vault_zone}} CFS_PASSPHRASE | VAULT_CFS_PASSPHRASE; | ||
| - uses: bcgov-nr/[email protected] | ||
| with: | ||
| file: ${{ matrix.file }} | ||
| oc_namespace: ${{inputs.environmnet }} | ||
| oc_server: ${{ secrets.OC_SERVER }} | ||
| oc_token: '${{ secrets.OC_TOKEN }}' | ||
| overwrite: ${{ matrix.overwrite }} | ||
| parameters: | ||
| -p ZONE=${{inputs.zone}} | ||
| -p NAME=${{ github.event.repository.name }} | ||
| -p PROMOTE=${{ github.repository }}/${{ matrix.name }}:${{inputs.imagetag}} | ||
| -p DATABASE_NAME=${{steps.vault.outputs.VAULT_DATABASE_NAME}} | ||
| -p DATABASE_USER=${{steps.vault.outputs.VAULT_DATABASE_USER}} | ||
| -p DATABASE_PASSWORD=${{steps.vault.outputs.VAULT_DATABASE_PASSWORD}} | ||
| -p DATABASE_HOST=${{steps.vault.outputs.VAULT_DATABASE_HOST}} | ||
| -p AUTH0_ISSUER_URL=${{steps.vault.outputs.VAULT_AUTH0_ISSUER_URL}} | ||
| -p AUTH0_AUDIENCE=${{steps.vault.outputs.VAULT_AUTH0_AUDIENCE}} | ||
| -p AUTH0_IGNORE_EXP=${{steps.vault.outputs.VAULT_AUTH0_IGNORE_EXP}} | ||
| -p SITEMINDER_LOG_OFF_URL=${{steps.vault.outputs.VAULT_SITEMINDER_LOG_OFF_URL}} | ||
| -p DOPS_CVSE_FORMS_CACHE_TTL_MS=${{steps.vault.outputs.VAULT_DOPS_CVSE_FORMS_CACHE_TTL_MS}} | ||
| -p DOPS_S3_ACCESS_TYPE=${{steps.vault.outputs.VAULT_DOPS_S3_ACCESS_TYPE}} | ||
| -p DOPS_S3_ACCESSKEYID=${{steps.vault.outputs.VAULT_DOPS_S3_ACCESSKEYID}} | ||
| -p DOPS_S3_BUCKET=${{steps.vault.outputs.VAULT_DOPS_S3_BUCKET}} | ||
| -p DOPS_S3_PRESIGNED_URL_EXPIRY=${{steps.vault.outputs.VAULT_DOPS_S3_PRESIGNED_URL_EXPIRY}} | ||
| -p DOPS_S3_ENDPOINT=${{steps.vault.outputs.VAULT_DOPS_S3_ENDPOINT}} | ||
| -p DOPS_S3_KEY=${{steps.vault.outputs.VAULT_DOPS_S3_KEY}} | ||
| -p DOPS_S3_SECRETACCESSKEY=${{steps.vault.outputs.VAULT_DOPS_S3_SECRETACCESSKEY}} | ||
| -p CHES_TOKEN_URL=${{steps.vault.outputs.VAULT_CHES_TOKEN_URL}} | ||
| -p CHES_CLIENT_ID=${{steps.vault.outputs.VAULT_CHES_CLIENT_ID}} | ||
| -p CHES_CLIENT_SECRET=${{steps.vault.outputs.VAULT_CHES_CLIENT_SECRET}} | ||
| -p CHES_URL=${{steps.vault.outputs.VAULT_CHES_URL}} | ||
| -p CDOGS_CLIENT_ID=${{steps.vault.outputs.VAULT_CDOGS_CLIENT_ID}} | ||
| -p CDOGS_CLIENT_SECRET=${{steps.vault.outputs.VAULT_CDOGS_CLIENT_SECRET}} | ||
| -p CDOGS_TOKEN_URL=${{steps.vault.outputs.VAULT_CDOGS_TOKEN_URL}} | ||
| -p CDOGS_URL=${{steps.vault.outputs.VAULT_CDOGS_URL}} | ||
| -p NODE_ENV=${{steps.vault.outputs.VAULT_NODE_ENV}} | ||
| -p MOTIPAY_API_KEY=${{steps.vault.outputs.VAULT_MOTIPAY_API_KEY}} | ||
| -p MOTIPAY_MERCHANT_ID=${{steps.vault.outputs.VAULT_MOTIPAY_MERCHANT_ID}} | ||
| -p MOTIPAY_BASE_URL=${{steps.vault.outputs.VAULT_MOTIPAY_BASE_URL}} | ||
| -p CFS_SFTP_USERNAME=${{steps.vault.outputs.VAULT_CFS_SFTP_USERNAME}} | ||
| -p CFS_SFTP_HOST=${{steps.vault.outputs.VAULT_CFS_SFTP_HOST}} | ||
| -p CFS_SFTP_PORT=${{steps.vault.outputs.VAULT_CFS_SFTP_PORT}} | ||
| -p CFS_PRIVATE_KEY=${{steps.vault.outputs.VAULT_CFS_PRIVATE_KEY}} | ||
| -p CFS_PASSPHRASE=${{steps.vault.outputs.VAULT_CFS_PASSPHRASE}} | ||
| ${{ matrix.parameters }} | ||
| penetration_test: ${{ github.event_name != 'pull_request'}} | ||
| penetration_test_issue: ${{ matrix.name }} | ||
