Merge pull request #51 from jujaga/feature/ga-helm-pipeline

CI/CD: Implement Github Actions Helm Chart deployment flow
bcgov · Jul 15, 2022 · 019d34a · 019d34a
2 parents e50e048 + 05cae32
commit 019d34a
Show file tree

Hide file tree

Showing 14 changed files with 461 additions and 72 deletions.
diff --git a/.dockerignore b/.dockerignore
@@ -0,0 +1,42 @@
+# Editor directories and files
+.DS_Store
+.gradle
+.nyc_output
+.scannerwork
+build
+coverage
+dist
+files
+**/e2e/videos
+node_modules
+# Ignore only top-level package-lock.json
+/package-lock.json
+
+# Ignore Helm subcharts
+charts/**/charts
+Chart.lock
+
+# local env files
+local.*
+local-*.*
+.env.local
+.env.*.local
+
+# Log files
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+
+# Editor directories and files
+.idea
+.vscode
+*.iml
+*.suo
+*.ntvs*
+*.njsproj
+*.sln
+*.sw?
+*.mp4
+
+# temp office files
+~$*
diff --git a/.github/actions/build-push-container/action.yaml b/.github/actions/build-push-container/action.yaml
@@ -0,0 +1,64 @@
+name: Build & Push Container
+description: Builds a container from a Dockerfile and pushes to registry
+
+inputs:
+  context:
+    description: Effective Working Directory
+    required: true
+    default: "./"
+  image_name:
+    description: Image Name
+    required: true
+  registry:
+    description: Container Registry
+    required: true
+    default: ghcr.io
+  username:
+    description: Container Registry Username
+    required: true
+  token:
+    description: Container Registry Authorization Token
+    required: true
+
+runs:
+  using: composite
+  steps:
+    - name: Checkout repository
+      uses: actions/checkout@v2
+
+    - name: Login to Container Registry
+      uses: docker/login-action@v1
+      with:
+        registry: ${{ inputs.registry }}
+        username: ${{ inputs.username }}
+        password: ${{ inputs.token }}
+
+    - name: Prepare Container Metadata tags
+      id: meta
+      uses: docker/metadata-action@v3
+      with:
+        images: ${{ inputs.registry }}/${{ inputs.username }}/${{ inputs.image_name }}
+        # Always updates the 'latest' tag
+        flavor: |
+          latest=true
+        # Creates tags based off of branch names and semver tags
+        tags: |
+          type=ref,event=branch
+          type=ref,event=pr
+          type=semver,pattern={{version}}
+          type=semver,pattern={{major}}.{{minor}}
+          type=semver,pattern={{major}}
+          type=sha
+
+    - name: Build and Push to Container Registry
+      id: builder
+      uses: docker/build-push-action@v2
+      with:
+        context: ${{ inputs.context }}
+        push: true
+        tags: ${{ steps.meta.outputs.tags }}
+        labels: ${{ steps.meta.outputs.labels }}
+
+    - name: Inspect Docker Image
+      shell: bash
+      run: docker image inspect ${{ inputs.registry }}/${{ inputs.username }}/${{ inputs.image_name }}:latest
diff --git a/.github/actions/deploy-to-environment/action.yaml b/.github/actions/deploy-to-environment/action.yaml
@@ -0,0 +1,50 @@
+name: Deploy to Environment
+description: Deploys an image to the defined environment
+inputs:
+  app_name:
+    description: Application general Name
+    required: true
+  acronym:
+    description: Application acronym
+    required: true
+  job_name:
+    description: Job/Instance name
+    required: true
+  namespace_prefix:
+    description: Openshift Namespace common prefix
+    required: true
+  namespace_environment:
+    description: Openshift Namespace environment suffix
+    required: true
+  openshift_server:
+    description: Openshift API Endpoint
+    required: true
+  openshift_token:
+    description: Openshift Service Account Token
+    required: true
+
+runs:
+  using: composite
+  steps:
+    - name: Checkout repository
+      uses: actions/checkout@v2
+
+    - name: Login to OpenShift Cluster
+      uses: redhat-actions/oc-login@v1
+      with:
+        openshift_server_url: ${{ inputs.openshift_server }}
+        openshift_token: ${{ inputs.openshift_token }}
+        insecure_skip_tls_verify: true
+        namespace: ${{ inputs.namespace_prefix }}-${{ inputs.namespace_environment }}
+
+    - name: Helm Deploy
+      shell: bash
+      run: >-
+        helm upgrade --install --atomic ${{ inputs.job_name }} ${{ inputs.app_name }}
+        --namespace ${{ inputs.namespace_prefix }}-${{ inputs.namespace_environment }}
+        --repo https://bcgov.github.io/common-object-management-service
+        --values ./.github/environments/values.${{ inputs.namespace_environment }}.yaml
+        --set image.repository=ghcr.io/${{ github.repository_owner }}
+        --set image.tag=sha-$(git rev-parse --short HEAD)
+        --set route.host=${{ inputs.acronym }}-${{ inputs.namespace_environment }}-${{ inputs.job_name }}.apps.silver.devops.gov.bc.ca
+        --set config.configMap.OBJECTSTORAGE_KEY=${{ inputs.acronym }}/${{ inputs.namespace_environment }}
diff --git a/.github/actions/push-to-registry/action.yaml b/.github/actions/push-to-registry/action.yaml
@@ -0,0 +1,79 @@
+name: Push to Registry
+description: Copies a container image to a different registry
+inputs:
+  image_name:
+    description: Image Name
+    required: true
+  source_registry:
+    description: Source Container Registry
+    required: true
+    default: ghcr.io
+  source_username:
+    description: Source Container Registry Username
+    required: true
+  source_token:
+    description: Source Container Registry Authorization Token
+    required: true
+  dest_registry:
+    description: Destination Container Registry
+    required: true
+  dest_username:
+    description: Destination Container Registry Username
+    required: true
+  dest_token:
+    description: Destination Container Registry Authorization Token
+    required: true
+
+runs:
+  using: composite
+  steps:
+    - name: Checkout repository
+      uses: actions/checkout@v2
+
+    - name: Login to Source Container Registry
+      if: inputs.source_username != ''
+      uses: docker/login-action@v1
+      with:
+        registry: ${{ inputs.source_registry }}
+        username: ${{ inputs.source_username }}
+        password: ${{ inputs.source_token }}
+
+    - name: Login to Destination Container Registry
+      if: inputs.dest_username != ''
+      uses: docker/login-action@v1
+      with:
+        registry: ${{ inputs.dest_registry }}
+        username: ${{ inputs.dest_username }}
+        password: ${{ inputs.dest_token }}
+
+    - name: Copy to Destination Container Registry
+      if: success()
+      uses: akhilerm/[email protected]
+      with:
+        src: ${{ inputs.source_registry }}/${{ inputs.source_username }}/${{ inputs.image_name }}:latest
+        dst: ${{ inputs.dest_registry }}/${{ inputs.dest_username }}/${{ inputs.image_name }}:latest
+
+    - name: Prepare Container Metadata tags
+      id: meta
+      uses: docker/metadata-action@v3
+      with:
+        images: ${{ inputs.dest_registry }}/${{ inputs.dest_username }}/${{ inputs.image_name }}
+        # Creates tags based off of branch names and semver tags
+        tags: |
+          type=semver,pattern={{version}}
+          type=semver,pattern={{major}}.{{minor}}
+          type=semver,pattern={{major}}
+          type=sha
+
+    - name: Add Tags to Destination Container Registry
+      uses: akhilerm/[email protected]
+      with:
+        src: ${{ inputs.dest_registry }}/${{ inputs.dest_username }}/${{ inputs.image_name }}:latest
+        dst: |
+          ${{ steps.meta.outputs.tags }}
+
+    - name: Inspect Docker Image
+      shell: bash
+      run: |
+        docker pull ${{ inputs.dest_registry }}/${{ inputs.dest_username }}/${{ inputs.image_name }}:latest
+        docker image inspect ${{ inputs.dest_registry }}/${{ inputs.dest_username }}/${{ inputs.image_name }}:latest
diff --git a/.github/environments/values.dev.yaml b/.github/environments/values.dev.yaml
@@ -0,0 +1,28 @@
+---
+features:
+  basicAuth: true
+  oidcAuth: true
+
+config:
+  enabled: true
+  configMap:
+    BASICAUTH_ENABLED: "true"
+    DB_ENABLED: "true"
+    DB_PORT: "5432"
+    KC_ENABLED: "true"
+    KC_IDENTITYKEY: idir_user_guid
+    KC_PUBLICKEY: >-
+      MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4CcG7WPTCF4YLHxT3bs9ilcQ6SS+A2e/PiZ9hqR0noelBCsdW0SQGOhjE7nhl2lrZ0W/o80YKMzNZ42Hmc7p0sHU3RN95OCTHvyCazC/CKM2i+gD+cAspP/Ns+hOqNmxC/XIsgD3bZ2zobNMhNy3jgDaAsbs3kOGPIwkdo/vWeo7N6fZPxOgSp6JoGBDtehuyhQ/4y2f7TnyicIvHMuc2d7Bz4GalQ/ra+GspmZ/HqL93A6c8sDHa8fqC8O+gnzpBNsCOxJcq/i3NOaGrOFMCiJwsNVc2dUcY8epcW3pwakIRLlC6D7oawbxv7c3UsXoCt4XSC0hdjwXg5kxVXHoDQIDAQAB
+    KC_REALM: cp1qly2d
+    KC_SERVERURL: "https://dev.oidc.gov.bc.ca/auth"
+    OBJECTSTORAGE_BUCKET: egejyy
+    OBJECTSTORAGE_TEMP_EXPIRESIN: "300"
+    OBJECTSTORAGE_ENDPOINT: "https://nrs.objectstore.gov.bc.ca"
+    # OBJECTSTORAGE_KEY: ~
+    SERVER_BODYLIMIT: 30mb
+    # SERVER_LOGFILE: ~
+    SERVER_LOGLEVEL: http
+    SERVER_PORT: "3000"
+
+patroni:
+  enabled: true
diff --git a/.github/environments/values.prod.yaml b/.github/environments/values.prod.yaml
@@ -0,0 +1,28 @@
+---
+features:
+  basicAuth: true
+  oidcAuth: true
+
+config:
+  enabled: true
+  configMap:
+    BASICAUTH_ENABLED: "true"
+    DB_ENABLED: "true"
+    DB_PORT: "5432"
+    KC_ENABLED: "true"
+    KC_IDENTITYKEY: idir_user_guid
+    KC_PUBLICKEY: >-
+      MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwz4nqXMKFW+5WVFer7LalKRPeg7095S+fUurYFJQwpOQ5gMSRFvbLWNIVoXSrkRG33V0S3ZVfIwNkLPso/5l04sN9j7DgTwOTbWHZbkr/fL4R7eVi6AR5mjaakq4YgOeVGhBryUUyhLIRVUxnbKA36nph5nORHykDsccrEMRjtmVjzjo1a1Y23zU3nesEryq2fvbRKPaVQ+itQeia5ijZIUwzS4yeT2baF+xPFoMzJ4iHCaSzrYCTSNGLYHDm8T006kjfAcLfbbJjQtaPtgRVpi4g/F1eUrHLwO/AVycFiGjsJVEjPsYS44klubmSZWeATy57Y0wmR0WvNppnyIxewIDAQAB
+    KC_REALM: cp1qly2d
+    KC_SERVERURL: "https://oidc.gov.bc.ca/auth"
+    OBJECTSTORAGE_BUCKET: egejyy
+    OBJECTSTORAGE_TEMP_EXPIRESIN: "300"
+    OBJECTSTORAGE_ENDPOINT: "https://nrs.objectstore.gov.bc.ca"
+    # OBJECTSTORAGE_KEY: ~
+    SERVER_BODYLIMIT: 30mb
+    # SERVER_LOGFILE: ~
+    SERVER_LOGLEVEL: http
+    SERVER_PORT: "3000"
+
+patroni:
+  enabled: true
diff --git a/.github/environments/values.test.yaml b/.github/environments/values.test.yaml
@@ -0,0 +1,28 @@
+---
+features:
+  basicAuth: true
+  oidcAuth: true
+
+config:
+  enabled: true
+  configMap:
+    BASICAUTH_ENABLED: "true"
+    DB_ENABLED: "true"
+    DB_PORT: "5432"
+    KC_ENABLED: "true"
+    KC_IDENTITYKEY: idir_user_guid
+    KC_PUBLICKEY: >-
+      MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAry3hhpL3KT6Y2IXW+YJ3bw6krv/dA4VRP0Y/pLjI/D5fa53DhbCi6vD9nqdWl13gHZQRRpyp8jXLqhkYmmkuHoQtEg9f0pwR/JMXwT50zGrAEi/jEOri6wIEkTaVlKK2bVwNSPLREajVxqZdEGTlLDCOv6XjRdSVDLVfbtFGz+YtLlW+tPKqBo1gdIGmBe/lSs0g/HdiLZvVMCHKZBF3arPmTtRgv94GUBkCDu5aLZ0jHQNXfRbOxQV1BNCBXRPrchta4+PcDeAcYdfBmoJNBfX1qrqaGkXHnifmaAwAdhP/tZHiaYtyz31ywW1a2037lA0xY5IuI9s8OcqYPHybFwIDAQAB
+    KC_REALM: cp1qly2d
+    KC_SERVERURL: "https://test.oidc.gov.bc.ca/auth"
+    OBJECTSTORAGE_BUCKET: egejyy
+    OBJECTSTORAGE_TEMP_EXPIRESIN: "300"
+    OBJECTSTORAGE_ENDPOINT: "https://nrs.objectstore.gov.bc.ca"
+    # OBJECTSTORAGE_KEY: ~
+    SERVER_BODYLIMIT: 30mb
+    # SERVER_LOGFILE: ~
+    SERVER_LOGLEVEL: http
+    SERVER_PORT: "3000"
+
+patroni:
+  enabled: true
diff --git a/.github/workflows/docker-image.yaml b/.github/workflows/docker-image.yaml