-
Notifications
You must be signed in to change notification settings - Fork 45
131 lines (122 loc) · 4.35 KB
/
pr_deploy.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
name: PR Deploy
run-name: Deploy PR-${{ github.event.inputs.pr-number }}
env:
ACRONYM: chefs
on:
workflow_dispatch:
inputs:
pr-number:
description: Pull request number
required: true
type: string
concurrency:
group: ${{ github.workflow }}-${{ github.event.inputs.pr-number || github.ref }}
cancel-in-progress: true
jobs:
set-vars:
name: Set variables
runs-on: ubuntu-latest
outputs:
APP_TITLE: ${{ steps.vars.outputs.APP_TITLE }}
JOB_NAME: ${{ steps.vars.outputs.JOB_NAME }}
ROUTE_PATH: ${{ steps.vars.outputs.ROUTE_PATH }}
URL: ${{ steps.vars.outputs.URL }}
ref: ${{ steps.vars.outputs.ref }}
steps:
- name: Setting variables
id: default-vars
env:
PR_NUMBER: ${{ github.event.inputs.pr-number }}
ACRONYM: ${{ env.ACRONYM }}
run: |
echo "APP_TITLE=Common Hosted Forms" >> "$GITHUB_OUTPUT"
echo "JOB_NAME=master" >> "$GITHUB_OUTPUT"
echo "ROUTE_PATH=/app" >> "$GITHUB_OUTPUT"
echo "URL=https://$ACRONYM-dev.apps.silver.devops.gov.bc.ca" >> "$GITHUB_OUTPUT"
- name: Final variables
id: vars
env:
PR_NUMBER: ${{ github.event.inputs.pr-number }}
run: |
REF=refs/pull/$PR_NUMBER/head
echo REF:$REF
echo "ref=$REF" >> $GITHUB_OUTPUT
echo "APP_TITLE=${{ steps.default-vars.outputs.APP_TITLE }} - PR-$PR_NUMBER" >> "$GITHUB_OUTPUT"
echo "JOB_NAME=pr-$PR_NUMBER" >> "$GITHUB_OUTPUT"
echo "ROUTE_PATH=/pr-$PR_NUMBER" >> "$GITHUB_OUTPUT"
echo "URL=${{ steps.default-vars.outputs.URL }}/pr-$PR_NUMBER" >> "$GITHUB_OUTPUT"
build:
name: Build & Push
runs-on: ubuntu-latest
needs: set-vars
timeout-minutes: 10
steps:
- name: Checkout repository from pull request
uses: actions/checkout@v4
with:
ref: ${{ needs.set-vars.outputs.ref }}
- name: Build & Push
uses: ./.github/actions/build-push-container
with:
context: .
image_name: ${{ vars.APP_NAME }}
github_username: ${{ github.repository_owner }}
github_token: ${{ secrets.GITHUB_TOKEN }}
app_title: ${{ needs.set-vars.outputs.APP_TITLE }}
route_path: ${{ needs.set-vars.outputs.ROUTE_PATH }}
app_contact: ${{ vars.CHEFS_CONTACT }}
ref: ${{ needs.set-vars.outputs.ref }}
pr_number: ${{ github.event.inputs.pr-number }}
deploy:
name: Deploy
environment:
name: pr
url: ${{ needs.set-vars.outputs.URL }}
runs-on: ubuntu-latest
needs: [set-vars, build]
timeout-minutes: 12
steps:
- name: Checkout repository from pull request
uses: actions/checkout@v4
with:
ref: ${{ needs.set-vars.outputs.ref }}
- name: Deploy to environment
uses: ./.github/actions/deploy-to-environment
with:
app_name: ${{ vars.APP_NAME }}
acronym: ${{ env.ACRONYM }}
environment: pr
job_name: ${{ needs.set-vars.outputs.JOB_NAME }}
namespace_prefix: ${{ vars.NAMESPACE_PREFIX }}
namespace_environment: dev
openshift_server: ${{ secrets.OPENSHIFT_SERVER }}
openshift_token: ${{ secrets.OPENSHIFT_TOKEN }}
server_host: ${{ vars.SERVER_HOST }}
route_path: ${{ needs.set-vars.outputs.ROUTE_PATH }}
route_prefix: ${{ vars.ROUTE_PREFIX }}
ref: ${{ needs.set-vars.outputs.ref }}
- name: Release Comment on PR
uses: marocchino/sticky-pull-request-comment@v2
if: success()
with:
header: release
hide_and_recreate: true
hide_classify: "OUTDATED"
message: |
Release ${{ github.sha }} deployed at <https://${{ env.ACRONYM }}-dev.apps.silver.devops.gov.bc.ca/pr-${{ github.event.inputs.pr-number }}>
number: ${{ github.event.inputs.pr-number }}
scan:
name: Scan
needs: [deploy, set-vars]
uses: ./.github/workflows/reusable-owasp-zap.yaml
with:
url: ${{ needs.set-vars.outputs.URL }}
Tests:
name: Automation Tests
needs: [deploy, set-vars]
uses: ./.github/workflows/cypress-ci.yaml
with:
pr-number: ${{ github.event.inputs.pr-number }}
secrets:
Username: ${{ secrets.keycloakUsername }}
Password: ${{ secrets.keycloakPassword }}