From 5672b4d1d5f7a93658db4fde77f8e0ada3488adf Mon Sep 17 00:00:00 2001 From: Derek Roberts Date: Wed, 8 Jan 2025 11:48:10 -0800 Subject: [PATCH 01/16] Deploy to PROD on GH release --- .github/workflows/merge-demo.yml | 2 +- .github/workflows/merge-main.yml | 4 +-- .github/workflows/release.yml | 47 ++++++++++++++++++++++++++++++++ 3 files changed, 50 insertions(+), 3 deletions(-) create mode 100644 .github/workflows/release.yml diff --git a/.github/workflows/merge-demo.yml b/.github/workflows/merge-demo.yml index 58adabd2..e30ab825 100644 --- a/.github/workflows/merge-demo.yml +++ b/.github/workflows/merge-demo.yml @@ -42,7 +42,7 @@ jobs: token: ${{ secrets.GITHUB_TOKEN }} deploy: - name: Deploy (Demo) + name: Deploy (DEMO) needs: [build] secrets: inherit uses: ./.github/workflows/.deploy.yml diff --git a/.github/workflows/merge-main.yml b/.github/workflows/merge-main.yml index 0b6847f2..63d09e90 100644 --- a/.github/workflows/merge-main.yml +++ b/.github/workflows/merge-main.yml @@ -15,8 +15,8 @@ concurrency: permissions: {} jobs: - deploy-test: - name: Deploy (Test) + deploy: + name: Deploy (TEST) secrets: inherit uses: ./.github/workflows/.deploy.yml with: diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 00000000..147674a8 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,47 @@ +--- +name: Release + +on: + release: + types: published + workflow_dispatch: + inputs: + tag: + description: Container tag; usually prod or PR number, can be omitted + type: string + +concurrency: + group: ${{ github.workflow }} + cancel-in-progress: true + +jobs: + deploy: + name: Deploy (PROD) + secrets: inherit + uses: ./.github/workflows/.deploy.yml + with: + aws_user_pools_web_client_id: 4bu2n8at3m32a2fqnvd4t06la1 + batch_client_rfsh_api_tkn_op_secret_name: fom-demo-client-app-api + environment: prod + email_notify: FLNR.AdminServicesCariboo@gov.bc.ca + logout_chain_url: https://logon7.gov.bc.ca/clp-cgi/logoff.cgi?retnow=1&returl=https://loginproxy.gov.bc.ca/auth/realms/standard/protocol/openid-connect/logout?redirect_uri= + tag: ${{ inputs.tag }} + target: prod + url: fom.nrs.gov.bc.ca + + promote: + name: Promote images (PROD) + needs: deploy + permissions: + packages: write + runs-on: ubuntu-24.04 + strategy: + matrix: + component: [api, admin, db, public] + steps: + - uses: shrink/actions-docker-registry-tag@v4 + with: + registry: ghcr.io + repository: ${{ github.repository }}/${{ matrix.component }} + target: ${{ needs.deploy.outputs.tag }} + tags: prod From e98aa5ac9055f396a2c7682981bb98c3b0581987 Mon Sep 17 00:00:00 2001 From: Derek Roberts Date: Wed, 8 Jan 2025 11:51:34 -0800 Subject: [PATCH 02/16] Backup prod images --- .github/workflows/release.yml | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 147674a8..c03a00cf 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -29,12 +29,30 @@ jobs: target: prod url: fom.nrs.gov.bc.ca - promote: - name: Promote images (PROD) + images-backup: + name: Backup images (PROD) + continue-on-error: true # If no prod tags needs: deploy permissions: packages: write runs-on: ubuntu-24.04 + strategy: + matrix: + component: [api, admin, db, public] + steps: + - uses: shrink/actions-docker-registry-tag@v4 + with: + registry: ghcr.io + repository: ${{ github.repository }}/${{ matrix.component }} + target: prod + tags: prod-backup + + images-promote: + name: Promote images (PROD) + needs: deploy, images-backup + permissions: + packages: write + runs-on: ubuntu-24.04 strategy: matrix: component: [api, admin, db, public] From c9016ce7080bae5524a9c59ca351f7140386216b Mon Sep 17 00:00:00 2001 From: Derek Roberts Date: Wed, 8 Jan 2025 11:52:32 -0800 Subject: [PATCH 03/16] Test --- .github/workflows/analysis.yml | 4 +- .github/workflows/pr-open.yml | 2 +- .github/workflows/release.yml | 68 +++++++++++++++++----------------- 3 files changed, 37 insertions(+), 37 deletions(-) diff --git a/.github/workflows/analysis.yml b/.github/workflows/analysis.yml index bb4bcf41..6a2c0c30 100644 --- a/.github/workflows/analysis.yml +++ b/.github/workflows/analysis.yml @@ -1,8 +1,8 @@ name: Analysis on: - pull_request: - types: [opened, reopened, synchronize, ready_for_review, converted_to_draft] + # pull_request: + # types: [opened, reopened, synchronize, ready_for_review, converted_to_draft] push: branches: [main] schedule: diff --git a/.github/workflows/pr-open.yml b/.github/workflows/pr-open.yml index 9a95a09a..6330067d 100644 --- a/.github/workflows/pr-open.yml +++ b/.github/workflows/pr-open.yml @@ -1,7 +1,7 @@ name: Pull Request Open on: - pull_request: + # pull_request: concurrency: group: ${{ github.event.number }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index c03a00cf..60a73351 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -22,44 +22,44 @@ jobs: with: aws_user_pools_web_client_id: 4bu2n8at3m32a2fqnvd4t06la1 batch_client_rfsh_api_tkn_op_secret_name: fom-demo-client-app-api - environment: prod + # environment: prod email_notify: FLNR.AdminServicesCariboo@gov.bc.ca logout_chain_url: https://logon7.gov.bc.ca/clp-cgi/logoff.cgi?retnow=1&returl=https://loginproxy.gov.bc.ca/auth/realms/standard/protocol/openid-connect/logout?redirect_uri= tag: ${{ inputs.tag }} target: prod url: fom.nrs.gov.bc.ca - images-backup: - name: Backup images (PROD) - continue-on-error: true # If no prod tags - needs: deploy - permissions: - packages: write - runs-on: ubuntu-24.04 - strategy: - matrix: - component: [api, admin, db, public] - steps: - - uses: shrink/actions-docker-registry-tag@v4 - with: - registry: ghcr.io - repository: ${{ github.repository }}/${{ matrix.component }} - target: prod - tags: prod-backup + # images-backup: + # name: Backup images (PROD) + # continue-on-error: true # If no prod tags + # needs: deploy + # permissions: + # packages: write + # runs-on: ubuntu-24.04 + # strategy: + # matrix: + # component: [api, admin, db, public] + # steps: + # - uses: shrink/actions-docker-registry-tag@v4 + # with: + # registry: ghcr.io + # repository: ${{ github.repository }}/${{ matrix.component }} + # target: prod + # tags: prod-backup - images-promote: - name: Promote images (PROD) - needs: deploy, images-backup - permissions: - packages: write - runs-on: ubuntu-24.04 - strategy: - matrix: - component: [api, admin, db, public] - steps: - - uses: shrink/actions-docker-registry-tag@v4 - with: - registry: ghcr.io - repository: ${{ github.repository }}/${{ matrix.component }} - target: ${{ needs.deploy.outputs.tag }} - tags: prod + # images-promote: + # name: Promote images (PROD) + # needs: deploy, images-backup + # permissions: + # packages: write + # runs-on: ubuntu-24.04 + # strategy: + # matrix: + # component: [api, admin, db, public] + # steps: + # - uses: shrink/actions-docker-registry-tag@v4 + # with: + # registry: ghcr.io + # repository: ${{ github.repository }}/${{ matrix.component }} + # target: ${{ needs.deploy.outputs.tag }} + # tags: prod From 135e848b77f9a3d07e80155b7013658195d82322 Mon Sep 17 00:00:00 2001 From: Derek Roberts Date: Wed, 8 Jan 2025 11:54:09 -0800 Subject: [PATCH 04/16] Test --- .github/workflows/release.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 60a73351..d46e4300 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -9,6 +9,7 @@ on: tag: description: Container tag; usually prod or PR number, can be omitted type: string + pull_request: concurrency: group: ${{ github.workflow }} From 4a65d1814ad115b7182dbeade43cd298871ea5d4 Mon Sep 17 00:00:00 2001 From: Derek Roberts Date: Wed, 8 Jan 2025 11:56:25 -0800 Subject: [PATCH 05/16] Test --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index d46e4300..0f938f30 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -28,7 +28,7 @@ jobs: logout_chain_url: https://logon7.gov.bc.ca/clp-cgi/logoff.cgi?retnow=1&returl=https://loginproxy.gov.bc.ca/auth/realms/standard/protocol/openid-connect/logout?redirect_uri= tag: ${{ inputs.tag }} target: prod - url: fom.nrs.gov.bc.ca + # url: fom.nrs.gov.bc.ca # images-backup: # name: Backup images (PROD) From 659597f6ee2bc804690f985512e8234787c892b5 Mon Sep 17 00:00:00 2001 From: Derek Roberts Date: Wed, 8 Jan 2025 11:57:17 -0800 Subject: [PATCH 06/16] Permissions --- .github/workflows/release.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 0f938f30..11e171d6 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -15,6 +15,8 @@ concurrency: group: ${{ github.workflow }} cancel-in-progress: true +permissions: {} + jobs: deploy: name: Deploy (PROD) From 4f9a121903f9f72a7486a3753d654e972d2ff004 Mon Sep 17 00:00:00 2001 From: Derek Roberts Date: Wed, 8 Jan 2025 12:00:33 -0800 Subject: [PATCH 07/16] Remove PROD leftovers from merge workflow --- .github/workflows/merge-main.yml | 68 -------------------------------- 1 file changed, 68 deletions(-) diff --git a/.github/workflows/merge-main.yml b/.github/workflows/merge-main.yml index 63d09e90..f1e64dd5 100644 --- a/.github/workflows/merge-main.yml +++ b/.github/workflows/merge-main.yml @@ -28,71 +28,3 @@ jobs: logout_chain_url: https://logontest7.gov.bc.ca/clp-cgi/logoff.cgi?retnow=1&returl=https://test.loginproxy.gov.bc.ca/auth/realms/standard/protocol/openid-connect/logout?redirect_uri= target: test url: fom-test.nrs.gov.bc.ca - - # deploy-prod: - # name: PROD Deploys - # needs: [deploy-test, vars] - # environment: prod - # env: - # ZONE: prod - # runs-on: ubuntu-24.04 - # timeout-minutes: 10 - # strategy: - # matrix: - # name: [api, admin, db, init, public] - # include: - # - name: api - # file: api/openshift.deploy.yml - # oc_version: "4.13" - # overwrite: true - # parameters: - # -p URL=fom.nrs.gov.bc.ca - # -p AWS_USER_POOLS_WEB_CLIENT_ID="4bu2n8at3m32a2fqnvd4t06la1" - # -p LOGOUT_CHAIN_URL="https://logon7.gov.bc.ca/clp-cgi/logoff.cgi?retnow=1&returl=https://loginproxy.gov.bc.ca/auth/realms/standard/protocol/openid-connect/logout?redirect_uri=" - # -p MEMORY_REQUEST=650Mi - # -p MEMORY_LIMIT=4Gi - # - name: admin - # file: admin/openshift.deploy.yml - # overwrite: true - # parameters: -p URL=fom.nrs.gov.bc.ca - # - name: db - # file: db/openshift.deploy.yml - # overwrite: false - # - name: init - # file: libs/openshift.init.yml - # overwrite: false - # - name: public - # file: public/openshift.deploy.yml - # overwrite: true - # parameters: -p URL=fom.nrs.gov.bc.ca - # steps: - # - uses: bcgov-nr/action-deployer-openshift@v3.0.1 - # with: - # file: ${{ matrix.file }} - # oc_namespace: ${{ vars.OC_NAMESPACE }} - # oc_server: ${{ vars.OC_SERVER }} - # oc_token: ${{ secrets.OC_TOKEN }} - # oc_version: ${{ matrix.oc_version }} - # overwrite: ${{ matrix.overwrite }} - # penetration_test: false - # parameters: - # -p ZONE=${{ env.ZONE }} -p TAG=${{ needs.vars.outputs.tag }} - # ${{ matrix.parameters }} - # post_rollout: ${{ matrix.post_rollout }} - - # prod-promotions: - # name: Promote images to PROD - # needs: [deploy-prod, vars] - # permissions: - # packages: write - # runs-on: ubuntu-24.04 - # strategy: - # matrix: - # component: [api, admin, db, public] - # steps: - # - uses: shrink/actions-docker-registry-tag@v4 - # with: - # registry: ghcr.io - # repository: ${{ github.repository }}/${{ matrix.component }} - # target: ${{ needs.vars.outputs.tag }} - # tags: prod From b0c48b1344a074c57da1ad59febf929a5c0a0484 Mon Sep 17 00:00:00 2001 From: Derek Roberts Date: Wed, 8 Jan 2025 12:16:18 -0800 Subject: [PATCH 08/16] Test --- .github/workflows/pr-open.yml | 9 ++++++++- .github/workflows/release.yml | 6 +++++- 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/.github/workflows/pr-open.yml b/.github/workflows/pr-open.yml index 6330067d..6507076c 100644 --- a/.github/workflows/pr-open.yml +++ b/.github/workflows/pr-open.yml @@ -57,10 +57,17 @@ jobs: results: name: PR Results - needs: [build, deploy] + needs: build, deploy if: always() runs-on: ubuntu-24.04 steps: - if: contains(needs.*.result, 'failure')||contains(needs.*.result, 'canceled') run: echo "At least one job has failed." && exit 1 - run: echo "Success!" + + release: + name: Test Release + needs: build + runs-on: ubuntu-24.04 + secrets: inherit + uses: ./.github/workflows/release.yml diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 11e171d6..62a5c102 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -9,7 +9,11 @@ on: tag: description: Container tag; usually prod or PR number, can be omitted type: string - pull_request: + workflow_call: + inputs: + tag: + description: Container tag; usually prod or PR number, can be omitted + type: string concurrency: group: ${{ github.workflow }} From 1ab1188e2d7ef47466e95c177964acae5babe205 Mon Sep 17 00:00:00 2001 From: Derek Roberts Date: Wed, 8 Jan 2025 12:31:41 -0800 Subject: [PATCH 09/16] Test --- .github/workflows/pr-open.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pr-open.yml b/.github/workflows/pr-open.yml index 6507076c..290d9749 100644 --- a/.github/workflows/pr-open.yml +++ b/.github/workflows/pr-open.yml @@ -1,7 +1,7 @@ name: Pull Request Open on: - # pull_request: + pull_request: concurrency: group: ${{ github.event.number }} From ca4826a53f160fef428058387d5899e452a32d5f Mon Sep 17 00:00:00 2001 From: Derek Roberts Date: Wed, 8 Jan 2025 12:33:06 -0800 Subject: [PATCH 10/16] Test --- .github/workflows/pr-open.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/pr-open.yml b/.github/workflows/pr-open.yml index 290d9749..61a57df7 100644 --- a/.github/workflows/pr-open.yml +++ b/.github/workflows/pr-open.yml @@ -68,6 +68,5 @@ jobs: release: name: Test Release needs: build - runs-on: ubuntu-24.04 secrets: inherit uses: ./.github/workflows/release.yml From caaad62e7c3ffff3f0b1bdf83392a34620583601 Mon Sep 17 00:00:00 2001 From: Derek Roberts Date: Wed, 8 Jan 2025 12:33:44 -0800 Subject: [PATCH 11/16] Test --- .github/workflows/pr-open.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pr-open.yml b/.github/workflows/pr-open.yml index 61a57df7..bad7458e 100644 --- a/.github/workflows/pr-open.yml +++ b/.github/workflows/pr-open.yml @@ -57,7 +57,7 @@ jobs: results: name: PR Results - needs: build, deploy + needs: [build, deploy] if: always() runs-on: ubuntu-24.04 steps: From 8dc33d21689b4ec3c2ba1ef37274f5144c9fbe6d Mon Sep 17 00:00:00 2001 From: Derek Roberts Date: Wed, 8 Jan 2025 15:30:06 -0800 Subject: [PATCH 12/16] Fix batch client var --- .github/workflows/pr-open.yml | 2 +- .github/workflows/release.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/pr-open.yml b/.github/workflows/pr-open.yml index bad7458e..db746f6a 100644 --- a/.github/workflows/pr-open.yml +++ b/.github/workflows/pr-open.yml @@ -66,7 +66,7 @@ jobs: - run: echo "Success!" release: - name: Test Release + name: PROD Release needs: build secrets: inherit uses: ./.github/workflows/release.yml diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 62a5c102..637995de 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -28,7 +28,7 @@ jobs: uses: ./.github/workflows/.deploy.yml with: aws_user_pools_web_client_id: 4bu2n8at3m32a2fqnvd4t06la1 - batch_client_rfsh_api_tkn_op_secret_name: fom-demo-client-app-api + batch_client_rfsh_api_tkn_op_secret_name: fom-client-app-api # environment: prod email_notify: FLNR.AdminServicesCariboo@gov.bc.ca logout_chain_url: https://logon7.gov.bc.ca/clp-cgi/logoff.cgi?retnow=1&returl=https://loginproxy.gov.bc.ca/auth/realms/standard/protocol/openid-connect/logout?redirect_uri= From ef69fedd0ae1e10bfeb073ccc8912774a02ac574 Mon Sep 17 00:00:00 2001 From: Derek Roberts Date: Wed, 8 Jan 2025 15:30:32 -0800 Subject: [PATCH 13/16] Test --- .github/workflows/pr-open.yml | 106 +++++++++++++++++----------------- 1 file changed, 53 insertions(+), 53 deletions(-) diff --git a/.github/workflows/pr-open.yml b/.github/workflows/pr-open.yml index db746f6a..fc18b80c 100644 --- a/.github/workflows/pr-open.yml +++ b/.github/workflows/pr-open.yml @@ -10,63 +10,63 @@ concurrency: permissions: {} jobs: - build: - name: Build - runs-on: ubuntu-24.04 - permissions: - packages: write - strategy: - matrix: - package: [admin, api, db, public] - include: - - package: admin - build_context: ./ - build_file: admin/Dockerfile - triggers: ('admin/' 'libs/') - - package: api - build_context: ./ - build_file: api/Dockerfile - triggers: ('api/' 'libs/') - - package: db - triggers: ('db') - - package: public - build_context: ./ - build_file: public/Dockerfile - triggers: ('public/' 'libs/') - steps: - - uses: actions/checkout@v4 - - uses: bcgov-nr/action-builder-ghcr@v2.3.0 - with: - package: ${{ matrix.package }} - build_context: ${{ matrix.build_context }} - build_file: ${{ matrix.build_file }} - keep_versions: 100 - tag: ${{ github.event.number }} - tag_fallback: latest - token: ${{ secrets.GITHUB_TOKEN }} - triggers: ${{ matrix.triggers }} + # build: + # name: Build + # runs-on: ubuntu-24.04 + # permissions: + # packages: write + # strategy: + # matrix: + # package: [admin, api, db, public] + # include: + # - package: admin + # build_context: ./ + # build_file: admin/Dockerfile + # triggers: ('admin/' 'libs/') + # - package: api + # build_context: ./ + # build_file: api/Dockerfile + # triggers: ('api/' 'libs/') + # - package: db + # triggers: ('db') + # - package: public + # build_context: ./ + # build_file: public/Dockerfile + # triggers: ('public/' 'libs/') + # steps: + # - uses: actions/checkout@v4 + # - uses: bcgov-nr/action-builder-ghcr@v2.3.0 + # with: + # package: ${{ matrix.package }} + # build_context: ${{ matrix.build_context }} + # build_file: ${{ matrix.build_file }} + # keep_versions: 100 + # tag: ${{ github.event.number }} + # tag_fallback: latest + # token: ${{ secrets.GITHUB_TOKEN }} + # triggers: ${{ matrix.triggers }} - deploy: - name: Deploy (${{ github.event.number }}) - needs: [build] - secrets: inherit - uses: ./.github/workflows/.deploy.yml - with: - db_testdata: true - triggers: ('db/' 'libs/' 'api/' 'admin/' 'public/') + # deploy: + # name: Deploy (${{ github.event.number }}) + # needs: [build] + # secrets: inherit + # uses: ./.github/workflows/.deploy.yml + # with: + # db_testdata: true + # triggers: ('db/' 'libs/' 'api/' 'admin/' 'public/') - results: - name: PR Results - needs: [build, deploy] - if: always() - runs-on: ubuntu-24.04 - steps: - - if: contains(needs.*.result, 'failure')||contains(needs.*.result, 'canceled') - run: echo "At least one job has failed." && exit 1 - - run: echo "Success!" + # results: + # name: PR Results + # needs: [build, deploy] + # if: always() + # runs-on: ubuntu-24.04 + # steps: + # - if: contains(needs.*.result, 'failure')||contains(needs.*.result, 'canceled') + # run: echo "At least one job has failed." && exit 1 + # - run: echo "Success!" release: name: PROD Release - needs: build + # needs: build secrets: inherit uses: ./.github/workflows/release.yml From b9dfb59b725ae58fbda85b60cbf0cbee9883a218 Mon Sep 17 00:00:00 2001 From: Derek Roberts Date: Wed, 8 Jan 2025 15:54:49 -0800 Subject: [PATCH 14/16] Restore workflows --- .github/workflows/pr-open.yml | 110 ++++++++++++++++------------------ .github/workflows/release.yml | 71 +++++++++++----------- 2 files changed, 87 insertions(+), 94 deletions(-) diff --git a/.github/workflows/pr-open.yml b/.github/workflows/pr-open.yml index fc18b80c..9a95a09a 100644 --- a/.github/workflows/pr-open.yml +++ b/.github/workflows/pr-open.yml @@ -10,63 +10,57 @@ concurrency: permissions: {} jobs: - # build: - # name: Build - # runs-on: ubuntu-24.04 - # permissions: - # packages: write - # strategy: - # matrix: - # package: [admin, api, db, public] - # include: - # - package: admin - # build_context: ./ - # build_file: admin/Dockerfile - # triggers: ('admin/' 'libs/') - # - package: api - # build_context: ./ - # build_file: api/Dockerfile - # triggers: ('api/' 'libs/') - # - package: db - # triggers: ('db') - # - package: public - # build_context: ./ - # build_file: public/Dockerfile - # triggers: ('public/' 'libs/') - # steps: - # - uses: actions/checkout@v4 - # - uses: bcgov-nr/action-builder-ghcr@v2.3.0 - # with: - # package: ${{ matrix.package }} - # build_context: ${{ matrix.build_context }} - # build_file: ${{ matrix.build_file }} - # keep_versions: 100 - # tag: ${{ github.event.number }} - # tag_fallback: latest - # token: ${{ secrets.GITHUB_TOKEN }} - # triggers: ${{ matrix.triggers }} + build: + name: Build + runs-on: ubuntu-24.04 + permissions: + packages: write + strategy: + matrix: + package: [admin, api, db, public] + include: + - package: admin + build_context: ./ + build_file: admin/Dockerfile + triggers: ('admin/' 'libs/') + - package: api + build_context: ./ + build_file: api/Dockerfile + triggers: ('api/' 'libs/') + - package: db + triggers: ('db') + - package: public + build_context: ./ + build_file: public/Dockerfile + triggers: ('public/' 'libs/') + steps: + - uses: actions/checkout@v4 + - uses: bcgov-nr/action-builder-ghcr@v2.3.0 + with: + package: ${{ matrix.package }} + build_context: ${{ matrix.build_context }} + build_file: ${{ matrix.build_file }} + keep_versions: 100 + tag: ${{ github.event.number }} + tag_fallback: latest + token: ${{ secrets.GITHUB_TOKEN }} + triggers: ${{ matrix.triggers }} - # deploy: - # name: Deploy (${{ github.event.number }}) - # needs: [build] - # secrets: inherit - # uses: ./.github/workflows/.deploy.yml - # with: - # db_testdata: true - # triggers: ('db/' 'libs/' 'api/' 'admin/' 'public/') - - # results: - # name: PR Results - # needs: [build, deploy] - # if: always() - # runs-on: ubuntu-24.04 - # steps: - # - if: contains(needs.*.result, 'failure')||contains(needs.*.result, 'canceled') - # run: echo "At least one job has failed." && exit 1 - # - run: echo "Success!" - - release: - name: PROD Release - # needs: build + deploy: + name: Deploy (${{ github.event.number }}) + needs: [build] secrets: inherit - uses: ./.github/workflows/release.yml + uses: ./.github/workflows/.deploy.yml + with: + db_testdata: true + triggers: ('db/' 'libs/' 'api/' 'admin/' 'public/') + + results: + name: PR Results + needs: [build, deploy] + if: always() + runs-on: ubuntu-24.04 + steps: + - if: contains(needs.*.result, 'failure')||contains(needs.*.result, 'canceled') + run: echo "At least one job has failed." && exit 1 + - run: echo "Success!" diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 637995de..0dc483da 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,4 +1,3 @@ ---- name: Release on: @@ -29,44 +28,44 @@ jobs: with: aws_user_pools_web_client_id: 4bu2n8at3m32a2fqnvd4t06la1 batch_client_rfsh_api_tkn_op_secret_name: fom-client-app-api - # environment: prod + environment: prod email_notify: FLNR.AdminServicesCariboo@gov.bc.ca logout_chain_url: https://logon7.gov.bc.ca/clp-cgi/logoff.cgi?retnow=1&returl=https://loginproxy.gov.bc.ca/auth/realms/standard/protocol/openid-connect/logout?redirect_uri= tag: ${{ inputs.tag }} target: prod - # url: fom.nrs.gov.bc.ca + url: fom.nrs.gov.bc.ca - # images-backup: - # name: Backup images (PROD) - # continue-on-error: true # If no prod tags - # needs: deploy - # permissions: - # packages: write - # runs-on: ubuntu-24.04 - # strategy: - # matrix: - # component: [api, admin, db, public] - # steps: - # - uses: shrink/actions-docker-registry-tag@v4 - # with: - # registry: ghcr.io - # repository: ${{ github.repository }}/${{ matrix.component }} - # target: prod - # tags: prod-backup + images-backup: + name: Backup images (PROD) + continue-on-error: true # If no prod tags + needs: deploy + permissions: + packages: write + runs-on: ubuntu-24.04 + strategy: + matrix: + component: [api, admin, db, public] + steps: + - uses: shrink/actions-docker-registry-tag@v4 + with: + registry: ghcr.io + repository: ${{ github.repository }}/${{ matrix.component }} + target: prod + tags: prod-backup - # images-promote: - # name: Promote images (PROD) - # needs: deploy, images-backup - # permissions: - # packages: write - # runs-on: ubuntu-24.04 - # strategy: - # matrix: - # component: [api, admin, db, public] - # steps: - # - uses: shrink/actions-docker-registry-tag@v4 - # with: - # registry: ghcr.io - # repository: ${{ github.repository }}/${{ matrix.component }} - # target: ${{ needs.deploy.outputs.tag }} - # tags: prod + images-promote: + name: Promote images (PROD) + needs: deploy, images-backup + permissions: + packages: write + runs-on: ubuntu-24.04 + strategy: + matrix: + component: [api, admin, db, public] + steps: + - uses: shrink/actions-docker-registry-tag@v4 + with: + registry: ghcr.io + repository: ${{ github.repository }}/${{ matrix.component }} + target: ${{ needs.deploy.outputs.tag }} + tags: prod From bf07a598a3cdf4a68c4d5fa8eb62c667e404bdf1 Mon Sep 17 00:00:00 2001 From: Derek Roberts Date: Wed, 8 Jan 2025 15:58:09 -0800 Subject: [PATCH 15/16] Revose workflow names --- .github/workflows/merge-demo.yml | 2 +- .github/workflows/merge-main.yml | 2 +- .github/workflows/pr-close.yml | 2 +- .github/workflows/pr-open.yml | 2 +- .github/workflows/release.yml | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/merge-demo.yml b/.github/workflows/merge-demo.yml index e30ab825..0d6dff06 100644 --- a/.github/workflows/merge-demo.yml +++ b/.github/workflows/merge-demo.yml @@ -1,4 +1,4 @@ -name: Deploy to Demo +name: DEMO (merge) on: push: diff --git a/.github/workflows/merge-main.yml b/.github/workflows/merge-main.yml index f1e64dd5..8cdcd0cf 100644 --- a/.github/workflows/merge-main.yml +++ b/.github/workflows/merge-main.yml @@ -1,4 +1,4 @@ -name: Merge to Main +name: TEST (merge) on: push: diff --git a/.github/workflows/pr-close.yml b/.github/workflows/pr-close.yml index d5680788..5e6c0b3d 100644 --- a/.github/workflows/pr-close.yml +++ b/.github/workflows/pr-close.yml @@ -1,4 +1,4 @@ -name: Pull Request Closed +name: PR Closed on: pull_request: diff --git a/.github/workflows/pr-open.yml b/.github/workflows/pr-open.yml index 9a95a09a..c424698a 100644 --- a/.github/workflows/pr-open.yml +++ b/.github/workflows/pr-open.yml @@ -1,4 +1,4 @@ -name: Pull Request Open +name: PR on: pull_request: diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 0dc483da..9d4237bc 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,4 +1,4 @@ -name: Release +name: PROD (release) on: release: From 8c52f78aa743b419d49d3db0fe83cfca8b6bd184 Mon Sep 17 00:00:00 2001 From: Derek Roberts Date: Wed, 8 Jan 2025 16:30:01 -0800 Subject: [PATCH 16/16] Restore workflows --- .github/workflows/analysis.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/analysis.yml b/.github/workflows/analysis.yml index 6a2c0c30..bb4bcf41 100644 --- a/.github/workflows/analysis.yml +++ b/.github/workflows/analysis.yml @@ -1,8 +1,8 @@ name: Analysis on: - # pull_request: - # types: [opened, reopened, synchronize, ready_for_review, converted_to_draft] + pull_request: + types: [opened, reopened, synchronize, ready_for_review, converted_to_draft] push: branches: [main] schedule: