feat!: HELM deployment support. (#102)

bcgov · Feb 19, 2024 · 716c014 · 716c014
1 parent f3b428d
commit 716c014
Show file tree

Hide file tree

Showing 50 changed files with 1,606 additions and 758 deletions.
diff --git a/.github/workflows/.deploy.yml b/.github/workflows/.deploy.yml
@@ -0,0 +1,113 @@
+name: .Deploys
+
+on:
+  workflow_call:
+    inputs:
+      ### Required
+      release:
+        description: Deployment release; usually PR number, test or prod
+        required: true
+        type: string
+
+      ### Typical / recommended
+      autoscaling:
+        description: Autoscaling enabled or not for the deployments
+        required: false
+        type: string
+        default: false
+      build_outputs:
+        description: Build outputs
+        required: false
+        type: string
+        default: 'true'
+      environment:
+        description: Environment name; omit for PRs
+        required: false
+        type: string
+      tag:
+        description: Container tag; usually PR number
+        required: false
+        type: string
+        default: ${{ github.event.number }}
+      test:
+        description: Run tests after deployment?
+        required: false
+        type: string
+        default: "true"
+
+      ### Usually a bad idea / not recommended
+      directory:
+        description: 'Chart directory'
+        default: 'charts/${{ github.event.repository.name }}'
+        required: false
+        type: string
+      timeout-minutes:
+        description: 'Timeout minutes'
+        default: 10
+        required: false
+        type: number
+      values:
+        description: 'Values file'
+        default: 'values.yaml'
+        required: false
+        type: string
+      params:
+        description: 'Extra parameters to pass to helm upgrade'
+        default: ''
+        required: false
+        type: string
+
+env:
+  repo_release: ${{ github.event.repository.name }}-${{ inputs.release }}
+  package_tag: ${{ inputs.tag }}
+
+jobs:
+  deploys:
+    name: Helm
+    if: ${{ inputs.build_outputs != '' }}
+    environment: ${{ inputs.environment }}
+    runs-on: ubuntu-22.04
+    timeout-minutes: ${{ inputs.timeout-minutes }}
+    steps:
+      - uses: actions/checkout@v4
+      - name: Deploy
+        working-directory: ${{ inputs.directory }}
+        shell: bash
+        run: |
+          oc login --token=${{ secrets.oc_token }} --server=${{ vars.oc_server }}
+          oc project ${{ vars.OC_NAMESPACE }} # Safeguard!
+
+          # Interrupt any previous jobs (status = pending-upgrade)
+          PREVIOUS=$(helm status ${{ env.repo_release }} -o json | jq .info.status || true)
+          if [[ ${PREVIOUS} =~ pending ]]; then
+            echo "Rollback triggered"
+            helm rollback ${{ env.repo_release }} || \
+              helm uninstall ${{ env.repo_release }}
+          fi
+          # Clean previous deployments for PR pipeline, if any 
+          if [[ '${{inputs.environment}}' == '' ]]; then
+            helm uninstall ${{ env.repo_release }} || true
+            # Remove Bitnami Postgres PVCs
+            oc delete pvc data-${{ env.repo_release }}-bitnami-pg-0 || \
+              echo "Not found: pvc data-${{ env.repo_release }}-bitnami-pg-0"
+          fi
+          # Deploy Helm Chart
+          helm dependency update
+          helm package --app-version="${{ env.package_tag }}" --version=${{ inputs.tag }} .
+          
+          helm upgrade \
+            --set global.autoscaling=${{ inputs.autoscaling }} \
+            --set-string global.repository=${{ github.repository }} \
+            --set-string global.tag=${{ inputs.tag }} \
+            ${{ inputs.params }} \
+            --install --wait --atomic  ${{ env.repo_release }} \
+            --timeout ${{ inputs.timeout-minutes }}m \
+            --values ${{ inputs.values }} \
+            ./${{ github.event.repository.name }}-${{ inputs.tag }}.tgz
+
+          # print history 
+          helm history ${{ env.repo_release }}
+          
+          # Remove old build runs, build pods and deployment pods
+          oc delete po --field-selector=status.phase==Succeeded
+
diff --git a/.github/workflows/merge.yml b/.github/workflows/merge.yml
@@ -1,57 +1,47 @@
 name: Merge
 
 on:
-  workflow_run:
-    workflows: [PR Closed]
-    types: [completed]
+  push:
+    branches: [ main ]
+    paths-ignore:
+      - '*.md'
+      - '.github/**'
+      - '.graphics/**'
+      - '!.github/workflows/**'
   workflow_dispatch:
+    inputs:
+      pr_no:
+        description: "PR-numbered container set to deploy"
+        type: number
+        required: true
 
 concurrency:
   group: ${{ github.workflow }}
   cancel-in-progress: true
 
 jobs:
-  deploys-test:
-    name: TEST Deploys
-    environment: test
-    permissions:
-      issues: write
+  vars:
+    name: Set Variables
+    outputs:
+      pr: ${{ steps.pr.outputs.pr }}
     runs-on: ubuntu-22.04
-    strategy:
-      matrix:
-        name: [database, backend-go, backend-java, backend-py]
-        include:
-          - name: database
-            file: database/openshift.deploy.yml
-            overwrite: false
-          - name: backend-go
-            file: backend-go/openshift.deploy.yml
-            overwrite: true
-            parameters: -p PROMOTE_MIGRATION=${{ github.repository }}/migrations-go:test
-          - name: backend-java
-            file: backend-java/openshift.deploy.yml
-            overwrite: true
-          - name: backend-py
-            file: backend-py/openshift.deploy.yml
-            overwrite: true
-            parameters: -p PROMOTE_MIGRATION=${{ github.repository }}/migrations-py:test
-    steps:
-      - uses: bcgov-nr/action-deployer-openshift@v2.1.0
-        with:
-          file: ${{ matrix.file }}
-          oc_namespace: ${{ vars.OC_NAMESPACE }}
-          oc_server: ${{ vars.OC_SERVER }}
-          oc_token: ${{ secrets.OC_TOKEN }}
-          overwrite: ${{ matrix.overwrite }}
-          parameters:
-            -p ZONE=test -p NAME=${{ github.event.repository.name }}
-            -p PROMOTE=${{ github.repository }}/${{ matrix.name }}:test
-            ${{ matrix.parameters }}
-          repository: ${{ matrix.repository }}
-          verification_path: ${{ matrix.verification_path }}
+    timeout-minutes: 1
+    steps: # Get PR number for squash merges to main
+      - name: PR Number
+        id: pr
+        uses: bcgov-nr/action-get-pr@v0.0.1
 
+  deploy-test:
+    name: Deploy (test)
+    needs: [vars]
+    uses: ./.github/workflows/.deploy.yml
+    secrets: inherit
+    with:
+      environment: test
+      tag: ${{ needs.vars.outputs.pr }}
+      release: test
   integration-tests:
-    needs: [deploys-test]
+    needs: [deploy-test]
     name: Integration Tests for APIs
     defaults:
       run:
@@ -91,6 +81,39 @@ jobs:
         run: npm ci
       - name: Run integration tests
         run: BASE_URL=${{ matrix.baseUrl }} API_NAME=${{ matrix.name }}  node src/main.js
+  deploy-prod:
+    name: Deploy (prod)
+    needs: [deploy-test, vars]
+    uses: ./.github/workflows/.deploy.yml
+    secrets: inherit
+    with:
+      autoscaling: true
+      environment: prod
+      tag: ${{ needs.vars.outputs.pr }}
+      release: prod
+      params:
+        --set backendGo.deploymentStrategy=RollingUpdate
+        --set backendPy.deploymentStrategy=RollingUpdate
+        --set backendJava.deploymentStrategy=RollingUpdate
+
+  promote:
+    name: Promote Images
+    needs: [deploy-prod, vars]
+    runs-on: ubuntu-22.04
+    permissions:
+      packages: write
+    strategy:
+      matrix:
+        package: [migrations, backend, frontend]
+    timeout-minutes: 1
+    steps:
+      - uses: shrink/actions-docker-registry-tag@v4
+        with:
+          registry: ghcr.io
+          repository: ${{ github.repository }}/${{ matrix.package }}
+          target: ${{ needs.vars.outputs.pr }}
+          tags: prod
+
 
   ghcr-cleanup:
     name: GHCR Cleanup
@@ -107,103 +130,4 @@ jobs:
           min-versions-to-keep: 50
           ignore-versions: "^(prod|test)$"
 
-  deploys-prod:
-    name: PROD Deploys
-    environment: prod
-    needs: [integration-tests]
-    permissions:
-      issues: write
-    runs-on: ubuntu-22.04
-    strategy:
-      matrix:
-        name: [database, backend-go, backend-java, backend-py]
-        include:
-          - name: database
-            file: database/openshift.deploy.yml
-            overwrite: false
-          - name: backend-go
-            file: backend-go/openshift.deploy.yml
-            overwrite: true
-            parameters: -p MIN_REPLICAS=1 -p MAX_REPLICAS=2
-              -p PROMOTE_MIGRATION=${{ github.repository }}/migrations-go:test
-          - name: backend-java
-            file: backend-java/openshift.deploy.yml
-            overwrite: true
-            parameters: -p MIN_REPLICAS=1 -p MAX_REPLICAS=2
-          - name: backend-py
-            file: backend-py/openshift.deploy.yml
-            overwrite: true
-            parameters: -p MIN_REPLICAS=1 -p MAX_REPLICAS=2
-              -p PROMOTE_MIGRATION=${{ github.repository }}/migrations-py:test
-    steps:
-      - uses: bcgov-nr/action-deployer-openshift@v2.1.0
-        with:
-          file: ${{ matrix.file }}
-          oc_namespace: ${{ vars.OC_NAMESPACE }}
-          oc_server: ${{ vars.OC_SERVER }}
-          oc_token: ${{ secrets.OC_TOKEN }}
-          overwrite: ${{ matrix.overwrite }}
-          parameters:
-            -p ZONE=prod -p NAME=${{ github.event.repository.name }}
-            -p PROMOTE=${{ github.repository }}/${{ matrix.name }}:test
-            ${{ matrix.parameters }}
-          repository: ${{ matrix.repository }}
-          verification_path: ${{ matrix.verification_path }}
 
-  image-promotions:
-    name: Promote images to PROD
-    needs: [deploys-prod]
-    runs-on: ubuntu-22.04
-    permissions:
-      packages: write
-    strategy:
-      matrix:
-        component: [backend-py, backend-java, backend-go]
-    steps:
-      - uses: shrink/actions-docker-registry-tag@v4
-        with:
-          registry: ghcr.io
-          repository: ${{ github.repository }}/${{ matrix.component }}
-          target: test
-          tags: prod
-
-  generate-schema-spy:
-    name: Generate SchemaSpy Documentation
-    runs-on: ubuntu-22.04
-    services:
-      postgres:
-        image: postgres
-        env:
-          POSTGRES_DB: default
-          POSTGRES_USER: default
-          POSTGRES_PASSWORD: default
-        options: >-
-          --health-cmd pg_isready
-          --health-interval 10s
-          --health-timeout 5s
-          --health-retries 5
-        ports:
-          - 5432:5432
-    steps:
-      - uses: actions/checkout@v4
-      - uses: joshuaavalon/flyway-action@v3.0.0
-        name: Generate SchemaSpy docs for node backend
-        with:
-          url: jdbc:postgresql://postgres:5432/default
-          user: default
-          password: default
-        env:
-          FLYWAY_VALIDATE_MIGRATION_NAMING: true
-          FLYWAY_LOCATIONS: filesystem:./backend/db/migrations
-          FLYWAY_DEFAULT_SCHEMA: "users"
-      - name: Create Output Folder
-        run: |
-          mkdir output
-          chmod a+rwx -R output
-      - name: Run Schemaspy
-        run: docker run --network host -v "$PWD/output:/output" schemaspy/schemaspy:6.2.4 -t pgsql -db default -host 127.0.0.1 -port 5432 -u default -p default -schemas users
-      - name: Deploy to Pages
-        uses: JamesIves/github-pages-deploy-action@v4
-        with:
-          folder: output
-          target-folder: schemaspy
diff --git a/.github/workflows/pentests.yml b/.github/workflows/pentests.yml
@@ -17,7 +17,7 @@ jobs:
       PREFIX: ${{ github.event.repository.name }}-test
     strategy:
       matrix:
-        name: [backend-go, backend-java, backend-py]
+        name: [backendGo, backendJava, backendPy]
     steps:
       - name: ZAP Scan
         uses: zaproxy/action-full-scan@v0.9.0

diff --git a/.github/workflows/pr-close.yml b/.github/workflows/pr-close.yml
@@ -11,34 +11,12 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
-  # Clean up OpenShift when PR closed, no conditions
-  cleanup-openshift:
-    name: Cleanup OpenShift
-    if: "!github.event.pull_request.head.repo.fork"
-    runs-on: ubuntu-22.04
-    steps:
-      - name: Remove OpenShift artifacts
-        run: |
-          oc login --token=${{ secrets.OC_TOKEN }} --server=${{ vars.OC_SERVER }}
-          oc project ${{ vars.OC_NAMESPACE }}
-
-          # Remove old build runs, build pods and deployment pods
-          oc delete all,pvc,secret -l app=${{ github.event.repository.name }}-${{ github.event.number }}
-
-  # If merged into main, then handle any image promotions
-  image-promotions:
-    name: Image Promotions
-    if: github.event.pull_request.merged == true && github.event.pull_request.base.ref == 'main'
-    runs-on: ubuntu-22.04
-    permissions:
-      packages: write
-    strategy:
-      matrix:
-        package: [database, backend-go, backend-java, backend-py, migrations-go, migrations-py, frontend]
-    steps:
-      - uses: shrink/actions-docker-registry-tag@v4
-        with:
-          registry: ghcr.io
-          repository: ${{ github.repository }}/${{ matrix.package }}
-          target: ${{ github.event.number }}
-          tags: test
+  cleanup:
+    name: Cleanup OpenShift and/or Promote Images
+    uses: bcgov/quickstart-openshift-helpers/.github/workflows/.pr-close.yml@v0.2.0
+    secrets:
+      oc_namespace: ${{ vars.OC_NAMESPACE }}
+      oc_token: ${{ secrets.OC_TOKEN }}
+    with:
+      cleanup: helm
+      packages: backend-go backend-java backend-py migrations-go migrations-py