-
Notifications
You must be signed in to change notification settings - Fork 7
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
SCV-459 Added github actions for deploying to the Emerald cluster
- Loading branch information
Showing
10 changed files
with
265 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,69 @@ | ||
name: API | ||
|
||
on: | ||
workflow_dispatch: | ||
env: | ||
IMAGE_NAME: api | ||
WORKING_DIRECTORY: ./ | ||
jobs: | ||
build: | ||
runs-on: ubuntu-latest | ||
|
||
steps: | ||
|
||
- name: Checkout Repo | ||
uses: actions/checkout@v4 | ||
|
||
- name: Login to Artifactory | ||
uses: docker/login-action@v1 | ||
with: | ||
registry: artifacts.developer.gov.bc.ca | ||
username: ${{ secrets.ARTIFACTORY_USERNAME }} | ||
password: ${{ secrets.ARTIFACTORY_PASSWORD }} | ||
|
||
# Get SHORT_SHA to tag images | ||
- name: Get short SHA | ||
id: short_sha | ||
run: | | ||
echo "::set-output name=SHORT_SHA::$(git rev-parse --short HEAD)" | ||
echo "Short SHA: $SHORT_SHA" | ||
- name: Docker Build Image | ||
run: | | ||
docker build --tag ${{ env.IMAGE_NAME }} -f api/Dockerfile . | ||
docker tag ${{ env.IMAGE_NAME }} artifacts.developer.gov.bc.ca/sb3c-images/${{ env.IMAGE_NAME }}:dev-${{ steps.short_sha.outputs.SHORT_SHA }} | ||
docker push artifacts.developer.gov.bc.ca/sb3c-images/${{ env.IMAGE_NAME }}:dev-${{ steps.short_sha.outputs.SHORT_SHA }} | ||
- name: Checkout ArgoCD Repo | ||
id: gitops | ||
uses: actions/checkout@v4 | ||
with: | ||
repository: bcgov-c/tenant-gitops-b3c707 | ||
ref: develop | ||
token: ${{ secrets.GIT_OPS_SSH_KEY }} # `GH_PAT` is a secret that contains your PAT | ||
path: gitops | ||
|
||
- name: Update Helm Values and Commit | ||
id: helm | ||
if: steps.gitops.outcome == 'success' # Only run if the previous step (publish) was successful | ||
run: | | ||
# Clone the GitOps deployment configuration repository | ||
# Navigate to the directory containing your Helm values file for the environment develop -> DEV, test -> test and | ||
cd gitops/charts | ||
# Update the Helm values file with the new image tag and version | ||
DATETIME=$(date +'%Y-%m-%d %H:%M:%S') # Get current date and time | ||
sed -i "s/apitag: .*/apitag: dev-${{ steps.short_sha.outputs.SHORT_SHA }} # Image Updated on $DATETIME/" ../deploy/dev_values.yaml | ||
sed -i "s/apitag: .*/apitag: dev-${{ steps.short_sha.outputs.SHORT_SHA }} # Image Updated on $DATETIME/" api/values.yaml | ||
# Commit and push the changes | ||
git config --global user.email "[email protected]" | ||
git config --global user.name "GitHub Actions" | ||
git add . | ||
git add ../deploy/dev_values.yaml | ||
git commit -m "Update Dev Web image tag" | ||
git push origin develop # Update the branch name as needed |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
name: Backup | ||
|
||
on: | ||
workflow_dispatch: | ||
env: | ||
IMAGE_NAME: backup | ||
WORKING_DIRECTORY: ./ | ||
jobs: | ||
build: | ||
runs-on: ubuntu-latest | ||
|
||
steps: | ||
|
||
- name: Login to Artifactory | ||
uses: docker/login-action@v1 | ||
with: | ||
registry: artifacts.developer.gov.bc.ca | ||
username: ${{ secrets.ARTIFACTORY_USERNAME }} | ||
password: ${{ secrets.ARTIFACTORY_PASSWORD }} | ||
|
||
- name: Checkout Schema Spy Repo | ||
id: gitops | ||
uses: actions/checkout@v4 | ||
with: | ||
repository: BCDevOps/backup-container.git | ||
ref: master | ||
|
||
- name: Docker Build Backup Image | ||
run: | | ||
cd docker | ||
docker build --tag ${{ env.IMAGE_NAME }} . | ||
docker tag ${{ env.IMAGE_NAME }} artifacts.developer.gov.bc.ca/sb3c-images/${{ env.IMAGE_NAME }}:latest | ||
docker push artifacts.developer.gov.bc.ca/sb3c-images/${{ env.IMAGE_NAME }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
name: OWASP SCAN | ||
|
||
on: | ||
workflow_dispatch: | ||
|
||
jobs: | ||
scan: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: OWASP ZAP Baseline Scan | ||
uses: zaproxy/[email protected] | ||
with: | ||
token: "" | ||
target: ${{ secrets.OWASP_SCAN_URL }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
# This is a basic workflow to help you get started with Actions | ||
|
||
name: SonarCloud Scan | ||
|
||
on: | ||
push: | ||
branches: [ master ] | ||
pull_request: | ||
branches: [ master ] | ||
|
||
workflow_dispatch: | ||
|
||
# A workflow run is made up of one or more jobs that can run sequentially or in parallel | ||
jobs: | ||
# This workflow contains a single job called "build" | ||
build: | ||
# The type of runner that the job will run on | ||
runs-on: ubuntu-latest | ||
|
||
# Steps represent a sequence of tasks that will be executed as part of the job | ||
steps: | ||
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it | ||
- uses: actions/checkout@v4 | ||
|
||
- name: SonarCloud Scan | ||
uses: SonarSource/[email protected] | ||
env: | ||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | ||
with: | ||
# Set the sonar.projectBaseDir analysis property | ||
projectBaseDir: . | ||
args: > | ||
-Dsonar.projectKey=${{ secrets.SONAR_DESCRIPTION }} | ||
-Dsonar.organization=${{ secrets.SONAR_ORG }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,72 @@ | ||
name: Web | ||
|
||
on: | ||
workflow_dispatch: | ||
env: | ||
IMAGE_NAME: web | ||
WORKING_DIRECTORY: ./ | ||
jobs: | ||
builds: | ||
runs-on: ubuntu-latest | ||
|
||
steps: | ||
- name: Login to Artifactory | ||
uses: docker/login-action@v1 | ||
with: | ||
registry: artifacts.developer.gov.bc.ca | ||
username: ${{ secrets.ARTIFACTORY_USERNAME }} | ||
password: ${{ secrets.ARTIFACTORY_PASSWORD }} | ||
|
||
- name: Checkout Repo | ||
uses: actions/checkout@v4 | ||
|
||
# Get SHORT_SHA to tag images | ||
- name: Get short SHA | ||
id: short_sha | ||
run: | | ||
echo "::set-output name=SHORT_SHA::$(git rev-parse --short HEAD)" | ||
echo "Short SHA: $SHORT_SHA" | ||
- name: Docker Build Image | ||
run: | | ||
docker build --tag web-runtime -f docker/nginx-runtime/Dockerfile ./docker/nginx-runtime/ | ||
cd web | ||
docker build --tag web-artifacts -f Dockerfile.node . --build-arg WEB_BASE_HREF=${{ secrets.WEB_BASE_HREF }} | ||
cd .. | ||
docker build --tag ${{ env.IMAGE_NAME }} -f docker/vue-on-nginx/Dockerfile ./docker/vue-on-nginx/ | ||
docker tag ${{ env.IMAGE_NAME }} artifacts.developer.gov.bc.ca/sb3c-images/${{ env.IMAGE_NAME }}:dev-${{ steps.short_sha.outputs.SHORT_SHA }} | ||
docker push artifacts.developer.gov.bc.ca/sb3c-images/${{ env.IMAGE_NAME }}:dev-${{ steps.short_sha.outputs.SHORT_SHA }} | ||
- name: Checkout ArgoCD Repo | ||
id: gitops | ||
uses: actions/checkout@v4 | ||
with: | ||
repository: bcgov-c/tenant-gitops-b3c707 | ||
ref: develop | ||
token: ${{ secrets.GIT_OPS_SSH_KEY }} # `GH_PAT` is a secret that contains your PAT | ||
path: gitops | ||
|
||
- name: Update Helm Values and Commit | ||
id: helm | ||
if: steps.gitops.outcome == 'success' # Only run if the previous step (publish) was successful | ||
run: | | ||
# Clone the GitOps deployment configuration repository | ||
# Navigate to the directory containing your Helm values file for the environment develop -> DEV, test -> test and | ||
cd gitops/charts | ||
# Update the Helm values file with the new image tag and version | ||
DATETIME=$(date +'%Y-%m-%d %H:%M:%S') # Get current date and time | ||
sed -i "s/webtag: .*/webtag: dev-${{ steps.short_sha.outputs.SHORT_SHA }} # Image Updated on $DATETIME/" ../deploy/dev_values.yaml | ||
sed -i "s/webtag: .*/webtag: dev-${{ steps.short_sha.outputs.SHORT_SHA }} # Image Updated on $DATETIME/" web/values.yaml | ||
# Commit and push the changes | ||
git config --global user.email "[email protected]" | ||
git config --global user.name "GitHub Actions" | ||
git add . | ||
git add ../deploy/dev_values.yaml | ||
git commit -m "Update Dev Web image tag" | ||
git push origin develop # Update the branch name as needed |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
FROM mcr.microsoft.com/dotnet/aspnet:8.0 AS base | ||
WORKDIR /app | ||
EXPOSE 8080 | ||
ENV ASPNETCORE_URLS=http://*:8080 | ||
ENV ASPNETCORE_FORWARDEDHEADERS_ENABLED=true | ||
ENV DOTNET_gcServer=1 | ||
ARG VERSION | ||
ENV VERSION=$VERSION | ||
|
||
FROM mcr.microsoft.com/dotnet/sdk:8.0 AS build | ||
|
||
WORKDIR /src | ||
|
||
COPY ["api/api.csproj", "api/"] | ||
COPY ["db/db.csproj", "db/"] | ||
RUN dotnet restore api/api.csproj | ||
RUN dotnet restore db/db.csproj | ||
COPY . . | ||
RUN dotnet build "api/api.csproj" -c Release | ||
# build | ||
FROM build AS publish | ||
RUN dotnet publish "api/api.csproj" -c Release -o /app/publish --runtime linux-musl-x64 --no-self-contained | ||
|
||
FROM base AS final | ||
|
||
# copy app | ||
WORKDIR /app | ||
COPY --from=publish /app/publish . | ||
ENTRYPOINT ["dotnet", "api.dll"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
FROM centos/nodejs-10-centos7:10 | ||
ARG WEB_BASE_HREF | ||
ENV WEB_BASE_HREF="$WEB_BASE_HREF" | ||
ENV WEB1_BASE_HREF="$WEB_BASE_HREF" | ||
WORKDIR /opt/app-root/src | ||
COPY . . | ||
RUN echo "$WEB1_BASE_HREF" | ||
RUN echo "$WEB_BASE_HREF" | ||
RUN npm install | ||
RUN npm run build |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters