From 4c960c27020f3730fc3cfeab26b897449391f4d4 Mon Sep 17 00:00:00 2001 From: Chris Berg Date: Thu, 12 Sep 2024 11:22:56 -0700 Subject: [PATCH] feat: audit workflow for releases --- .github/workflows/audit.yml | 49 +++++++++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) create mode 100644 .github/workflows/audit.yml diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml new file mode 100644 index 000000000..15c278258 --- /dev/null +++ b/.github/workflows/audit.yml @@ -0,0 +1,49 @@ +--- +name: Audit Shas + +on: + workflow_dispatch: + inputs: + ### Required + environment: + description: "Deployment environment - dev/test/prod" + required: true + type: choice + options: ["dev","test","prod"] + default: "prod" + release: + description: 'release name' + required: true + type: string + default: "prod" +jobs: + # https://github.com/bcgov-nr/action-deployer-openshift + docker_login: + - name: Log in to the Container registry + if: steps.build.outputs.triggered == 'true' + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: {{ secrets.oc_token }} + + audit_packages: + name: Audit + runs-on: ubuntu-22.04 + strategy: + matrix: + package: [dops, vehicles, frontend, scheduler, policy] + timeout-minutes: 10 + steps: + - uses: actions/checkout@v4 + - name: Audit the installed application for package sha vs deployed sha + run: | + oc login --token=${{ secrets.oc_token }} --server=${{ vars.oc_server }} + oc project c28f0c-${{ inputs.environment }} # Safeguard! + export GHCR_SHA=$(docker manifest inspect onroutebc-${{inputs.release}}-${{matrix.package}} | jq '.manifests[0].digest') + export SHA_LIST=$(oc get pods -l app.kubernetes.io/instance=onroutebc-${{inputs.release}} -l app.kubernetes.io/name=${{matrix.package}} -o yaml | grep imageID | grep ghcr | cut -d : -f 3) + for sha in ${SHA_LIST} + do + echo "onroutebc-${{inputs.release}}-${{matrix.package}} - pod:${sha} ghcr: ${GHCR_SHA}" + done +