Added REMOTE_BACKUP_FILE_LOCATION, DB_LOCAL_SQL_INIT_FILE to call-dep⦠#191
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: π Deploy to OpenShift | |
| concurrency: | |
| group: deploy-${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| env: | |
| USER: ${{ github.actor }} | |
| # Number of days in Advance to warn of SSL certificate expiry | |
| SSL_EXPIRY_NOTICE_DAYS: 15 | |
| # Skip builds for faster deployments / testing ("YES" or build) | |
| SKIP_BUILDS: "YES" | |
| SKIP_DEPLOY: "NO" | |
| # Clean builds before deployments will delete all resources (other than backups) | |
| # Select "YES" or allow collisions and PVC persistence | |
| CLEAN_BUILDS: "YES" | |
| CLEAN_PVC: "YES" # Careful, this one wil delete all PVCs, except for backups | |
| BUILD_ID: ${{ github.event.number }} | |
| INSPECT_JOB_URL: "https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" | |
| on: | |
| schedule: | |
| - cron: "0 3 * * 6" | |
| push: | |
| branches: | |
| - e66ac2-prod | |
| # - dev | |
| # - test | |
| # - prod | |
| pull_request: | |
| branches: | |
| - e66ac2-prod | |
| # - dev | |
| # - test | |
| # - prod | |
| workflow_call: | |
| secrets: | |
| ARTIFACTORY_PASSWORD: | |
| required: true | |
| ARTIFACTORY_USER: | |
| required: true | |
| DB_USER: | |
| required: true | |
| DB_PASSWORD: | |
| required: true | |
| ARTIFACTORY_URL: | |
| required: true | |
| ARTIFACTORY_EMAIL: | |
| required: true | |
| ROCKETCHAT_WEBHOOK_URL: | |
| required: true | |
| jobs: | |
| #Print variables for logging and debugging purposes | |
| checkEnv: | |
| name: π Environment Check | |
| runs-on: ubuntu-latest | |
| environment: ${{ github.ref_name }} | |
| outputs: # Define the output parameter | |
| APP_HOST_URL: ${{ env.APP_HOST_URL }} | |
| CLEAN_PVC: ${{ env.CLEAN_PVC }} | |
| APP_NAME: ${{ env.APP_NAME }} | |
| DEPLOY_NAMESPACE: ${{ github.ref_name }} | |
| IMAGE_REPO_DOMAIN: ${{ env.IMAGE_REPO_DOMAIN }} | |
| IMAGE_PULL_SECRET_NAME: ${{ env.IMAGE_PULL_SECRET_NAME }} | |
| IMAGE_REPO_URL: ${{ env.IMAGE_REPO_URL }} | |
| BUILD_NAMESPACE: ${{ github.ref_name }} | |
| DB_USER: ${{ env.DB_USER }} | |
| DB_NAME: ${{ env.DB_NAME }} | |
| DB_DATABASE: ${{ env.DB_DATABASE }} | |
| SECRET_DB_PASSWORD: ${{ secrets.DB_PASSWORD }} | |
| DB_HEALTH_QUERY: ${{ env.DB_HEALTH_QUERY }} | |
| WEB_NAME: ${{ env.WEB_NAME }} | |
| WEB_IMAGE: ${{ env.WEB_IMAGE }} | |
| DB_HOST: ${{ env.DB_HOST }} | |
| DB_PORT: ${{ env.DB_PORT }} | |
| DB_IMAGE: ${{ env.DB_IMAGE }} | |
| PHP_NAME: ${{ env.PHP_NAME }} | |
| CRON_NAME: ${{ env.CRON_NAME }} | |
| CRON_IMAGE: ${{ env.CRON_IMAGE}} | |
| REDIS_IMAGE: ${{ env.REDIS_IMAGE }} | |
| REDIS_NAME: ${{ env.REDIS_NAME }} | |
| DB_LOCAL_SQL_INIT_FILE: ${{ env.DB_LOCAL_SQL_INIT_FILE }} | |
| REMOTE_BACKUP_FILE_LOCATION: ${{ env.REMOTE_BACKUP_FILE_LOCATION }} | |
| DB_BACKUP_DEPLOYMENT_NAME: ${{ env.DB_BACKUP_DEPLOYMENT_NAME }} | |
| DB_BACKUP_DEPLOYMENT_FULL_NAME: ${{ env.DB_BACKUP_DEPLOYMENT_FULL_NAME }} | |
| BACKUP_IMAGE: ${{ env.BACKUP_IMAGE }} | |
| BACKUP_HELM_CHART: ${{ env.BACKUP_HELM_CHART }} | |
| CLEAN_BUILDS: ${{ env.CLEAN_BUILDS }} | |
| SKIP_BUILDS: ${{ env.SKIP_BUILDS }} | |
| SKIP_DEPLOY: ${{ env.SKIP_DEPLOY }} | |
| steps: | |
| - name: π€ Checkout Target Branch | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.ref_name }} | |
| sparse-checkout: | | |
| openshift/config/mariadb | |
| .env.example | |
| .env.example.versions | |
| - name: Setup Env Vars | |
| id: dotenv | |
| uses: falti/dotenv-action@v1 | |
| with: | |
| path: .env.example | |
| export-variables: true | |
| keys-case: upper | |
| - name: Setup Env Version Vars | |
| id: dotenv_versions | |
| uses: falti/dotenv-action@v1 | |
| with: | |
| path: .env.example.versions | |
| export-variables: true | |
| keys-case: upper | |
| - name: Set APP_HOST_URL | |
| run: | | |
| if [ -n "${{ vars.APP_HOST_URL }}" ]; then | |
| echo "Using environment-specific APP_HOST_URL from GitHub Environment" | |
| echo "APP_HOST_URL=${{ vars.APP_HOST_URL }}" >> $GITHUB_ENV | |
| else | |
| echo "Using default APP_HOST_URL from .env.example" | |
| fi | |
| - name: Print Env Vars | |
| run: | | |
| echo Deploying ${{ env.PROJECT }} > ${{ env.APP_NAME }} on ${{ github.ref_name }} | |
| echo "-----------------------" | |
| echo URL: https://${{ env.APP_NAME }}-${{ github.ref_name }}.apps.silver.devops.gov.bc.ca | |
| # Clean up resources if CLEAN_BUILDS is set to "YES" | |
| call-cleanup-workflow: | |
| name: π§ΉοΈ Clean-up | |
| uses: ./.github/workflows/cleanup.yml | |
| secrets: inherit | |
| needs: [checkEnv] | |
| if: needs.checkEnv.outputs.CLEAN_BUILDS == 'YES' | |
| with: | |
| APP_NAME: ${{ needs.checkEnv.outputs.APP_NAME }} | |
| APP_HOST_URL: ${{ needs.checkEnv.outputs.APP_HOST_URL }} | |
| DEPLOY_NAMESPACE: ${{ needs.checkEnv.outputs.DEPLOY_NAMESPACE }} | |
| DB_NAME: ${{ needs.checkEnv.outputs.DB_NAME }} | |
| WEB_NAME: ${{ needs.checkEnv.outputs.WEB_NAME }} | |
| PHP_NAME: ${{ needs.checkEnv.outputs.PHP_NAME }} | |
| CRON_NAME: ${{ needs.checkEnv.outputs.CRON_NAME }} | |
| REDIS_NAME: ${{ needs.checkEnv.outputs.REDIS_NAME }} | |
| DB_BACKUP_DEPLOYMENT_NAME: ${{ needs.checkEnv.outputs.DB_BACKUP_DEPLOYMENT_NAME }} | |
| CLEAN_PVC: ${{ needs.checkEnv.outputs.CLEAN_PVC }} | |
| # Build Images and deploy to JFrog | |
| db: | |
| name: π¨ DB | |
| needs: [checkEnv] | |
| uses: ./.github/workflows/db.yml | |
| secrets: inherit | |
| if: needs.checkEnv.outputs.SKIP_BUILDS == 'NO' | |
| with: | |
| DB_IMAGE: ${{ needs.checkEnv.outputs.DB_IMAGE }} | |
| php: | |
| name: π¨ PHP | |
| needs: [checkEnv] | |
| if: needs.checkEnv.outputs.SKIP_BUILDS == 'NO' | |
| uses: ./.github/workflows/php.yml | |
| secrets: inherit | |
| cron: | |
| name: π¨ Cron | |
| needs: [checkEnv] | |
| if: needs.checkEnv.outputs.SKIP_BUILDS == 'NO' | |
| uses: ./.github/workflows/cron.yml | |
| secrets: inherit | |
| web: | |
| name: π¨ Web | |
| needs: [checkEnv] | |
| if: needs.checkEnv.outputs.SKIP_BUILDS == 'NO' | |
| uses: ./.github/workflows/web.yml | |
| secrets: inherit | |
| build: | |
| name: π¨ App | |
| needs: [checkEnv, php] | |
| if: needs.checkEnv.outputs.SKIP_BUILDS == 'NO' | |
| uses: ./.github/workflows/performance.yml | |
| secrets: inherit | |
| call-deploy-workflow: | |
| name: π Deploy | |
| uses: ./.github/workflows/deploy.yml | |
| secrets: inherit | |
| needs: [checkEnv, call-cleanup-workflow, db, php, cron, build, web] | |
| if: | | |
| (always() && needs.checkEnv.outputs.SKIP_DEPLOY == 'NO') && | |
| needs.checkEnv.result == 'success' && | |
| !contains(needs.*.result, 'failure') && | |
| !contains(needs.*.result, 'cancelled') | |
| with: | |
| CLEAN_PVC: ${{ needs.checkEnv.outputs.CLEAN_PVC }} | |
| APP_NAME: ${{ needs.checkEnv.outputs.APP_NAME }} | |
| APP_HOST_URL: ${{ needs.checkEnv.outputs.APP_HOST_URL }} | |
| SITE_URL: "https://${{ needs.checkEnv.outputs.APP_HOST_URL }}" | |
| WEB_NAME: ${{ needs.checkEnv.outputs.WEB_NAME }} | |
| WEB_IMAGE: ${{ needs.checkEnv.outputs.WEB_IMAGE }} | |
| PHP_NAME: ${{ needs.checkEnv.outputs.PHP_NAME }} | |
| DB_IMAGE: ${{ needs.checkEnv.outputs.DB_IMAGE }} | |
| DB_HOST: ${{ needs.checkEnv.outputs.DB_HOST }} | |
| DB_USER: ${{ needs.checkEnv.outputs.DB_USER }} | |
| DB_PORT: ${{ needs.checkEnv.outputs.DB_PORT }} | |
| DB_NAME: ${{ needs.checkEnv.outputs.DB_NAME }} | |
| DB_DATABASE: ${{ needs.checkEnv.outputs.DB_DATABASE }} | |
| DB_LOCAL_SQL_INIT_FILE: ${{ needs.checkEnv.outputs.DB_LOCAL_SQL_INIT_FILE }} | |
| REMOTE_BACKUP_FILE_LOCATION: ${{ needs.checkEnv.outputs.REMOTE_BACKUP_FILE_LOCATION }} | |
| DB_HEALTH_QUERY: ${{ needs.checkEnv.outputs.DB_HEALTH_QUERY }} | |
| DB_BACKUP_DEPLOYMENT_NAME: ${{ needs.checkEnv.outputs.DB_BACKUP_DEPLOYMENT_NAME }} | |
| DB_BACKUP_DEPLOYMENT_FULL_NAME: ${{ needs.checkEnv.outputs.DB_BACKUP_DEPLOYMENT_FULL_NAME }} | |
| BACKUP_IMAGE: ${{ needs.checkEnv.outputs.BACKUP_IMAGE }} | |
| BACKUP_HELM_CHART: ${{ needs.checkEnv.outputs.BACKUP_HELM_CHART }} | |
| CRON_IMAGE: ${{ needs.checkEnv.outputs.CRON_IMAGE }} | |
| CRON_NAME: ${{ needs.checkEnv.outputs.CRON_NAME }} | |
| REDIS_IMAGE: ${{ needs.checkEnv.outputs.REDIS_IMAGE }} | |
| REDIS_NAME: ${{ needs.checkEnv.outputs.REDIS_NAME }} | |
| BUILD_NAMESPACE: ${{ needs.checkEnv.outputs.BUILD_NAMESPACE }} | |
| DEPLOY_NAMESPACE: ${{ needs.checkEnv.outputs.DEPLOY_NAMESPACE }} | |
| IMAGE_REPO_URL: ${{ needs.checkEnv.outputs.IMAGE_REPO_URL }} | |
| IMAGE_REPO_DOMAIN: ${{ needs.checkEnv.outputs.IMAGE_REPO_DOMAIN }} | |
| IMAGE_PULL_SECRET_NAME: ${{ needs.checkEnv.outputs.IMAGE_PULL_SECRET_NAME }} | |
| lighthouse-check: | |
| name: π¦ Audit | |
| runs-on: ubuntu-latest | |
| needs: [checkEnv, call-deploy-workflow] | |
| outputs: | |
| LHRESULT: ${{ steps.lighthouse.outputs.LHRESULT }} | |
| SSL_EXPIRY_DAYS: ${{ steps.ssl-test.outputs.SSL_EXPIRY_DAYS }} | |
| if: | | |
| always() && | |
| ( | |
| needs.call-deploy-workflow.result == 'success' || | |
| needs.checkEnv.outputs.SKIP_DEPLOY == 'YES' | |
| ) && | |
| !contains(needs.*.result, 'failure') | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - run: mkdir -p tmp/artifacts | |
| - name: Install Puppeteer and Lighthouse and SSL Checker | |
| run: npm install puppeteer lighthouse node-fetch ssl-checker | |
| - name: Install dependencies | |
| run: sudo apt-get install -y gconf-service libasound2 libatk1.0-0 libc6 libcairo2 libcups2 libdbus-1-3 libexpat1 libfontconfig1 libgcc1 libgconf-2-4 libgdk-pixbuf2.0-0 libglib2.0-0 libgtk-3-0 libnspr4 libpango-1.0-0 libpangocairo-1.0-0 libstdc++6 libx11-6 libx11-xcb1 libxcb1 libxcomposite1 libxcursor1 libxdamage1 libxext6 libxfixes3 libxi6 libxrandr2 libxrender1 libxss1 libxtst6 ca-certificates fonts-liberation libappindicator1 libnss3 lsb-release xdg-utils wget libgbm-dev | |
| - name: Setup Chrome | |
| id: setup-chrome | |
| uses: browser-actions/setup-chrome@latest | |
| with: | |
| install-dependencies: false | |
| - name: Run Lighthouse Tests | |
| id: lighthouse | |
| run: | | |
| LHRESULT=$(node openshift/config/lighthouse/lighthouse-auth.js) | |
| echo "LHRESULT=$LHRESULT" >> $GITHUB_OUTPUT | |
| if echo "$LHRESULT" | grep -qi "error"; then | |
| echo "Error detected in Lighthouse Test Result: $LHRESULT" | |
| exit 1 | |
| fi | |
| env: | |
| APP_HOST_URL: ${{ needs.checkEnv.outputs.APP_HOST_URL }} | |
| TESTER_USERNAME: ${{ secrets.TESTER_USERNAME }} | |
| TESTER_PASSWORD: ${{ secrets.TESTER_PASSWORD }} | |
| - name: Run SSL Certificate Test | |
| id: ssl-test | |
| env: | |
| APP_HOST_URL: ${{ needs.checkEnv.outputs.APP_HOST_URL }} | |
| run: | | |
| # Perform SSL check | |
| SSL_EXPIRY_DAYS=$(node -e " | |
| const sslChecker = require('ssl-checker'); | |
| sslChecker(process.env.APP_HOST_URL, { method: 'GET', port: 443 }) | |
| .then(info => console.log(info.daysRemaining)) | |
| .catch(err => console.error(err)); | |
| ") | |
| echo "SSL_EXPIRY_DAYS=$SSL_EXPIRY_DAYS" >> $GITHUB_OUTPUT | |
| - name: Archive artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: lighthouse-artifacts | |
| path: | | |
| /home/runner/work/performance/performance/*.png | |
| /home/runner/work/performance/performance/*.md | |
| notify: | |
| name: π« Notify | |
| needs: | |
| [ | |
| checkEnv, | |
| web, | |
| build, | |
| cron, | |
| php, | |
| db, | |
| call-cleanup-workflow, | |
| call-deploy-workflow, | |
| lighthouse-check | |
| ] | |
| if: always() | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Download artifacts | |
| continue-on-error: true | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: lighthouse-artifacts | |
| path: artifacts | |
| - name: Set Emoji for Notification Status Icon | |
| id: notification-emoji | |
| run: | | |
| if [[ "${{ needs.lighthouse-check.result }}" == "success" ]]; then | |
| `echo "EMOJI=:rocket:" >> $GITHUB_OUTPUT` | |
| else | |
| `echo "EMOJI=:boom:" >> $GITHUB_OUTPUT` | |
| fi | |
| - name: Set Emoji for SSL Status Icon | |
| id: ssl-status-emoji | |
| run: | | |
| if [[ "${{ needs.lighthouse-check.outputs.SSL_EXPIRY_DAYS }}" -lt ${{ env.SSL_EXPIRY_NOTICE_DAYS }} ]]; then | |
| echo "SSL_TEST_RESULT=:warning: Warning! SSL Certificate EXPIRES in ${{ needs.lighthouse-check.outputs.SSL_EXPIRY_DAYS }} days." >> $GITHUB_ENV | |
| else | |
| echo "SSL_TEST_RESULT=:white_check_mark: SSL Certificate expires in ${{ needs.lighthouse-check.outputs.SSL_EXPIRY_DAYS }} days." >> $GITHUB_ENV | |
| fi | |
| - name: π« Send Notification | |
| uses: muinmomin/[email protected] | |
| env: | |
| APP_HOST_URL: ${{ needs.checkEnv.outputs.APP_HOST_URL }} | |
| with: | |
| url: ${{ secrets.ROCKETCHAT_WEBHOOK_URL }} | |
| data: > | |
| { | |
| "emoji": "${{ steps.notification-emoji.outputs.EMOJI }}", | |
| "text": "Deployment to: ${{ github.ref_name }}, status: ${{ needs.call-deploy-workflow.result }}", | |
| "attachments": [{ | |
| "title": "View Job on GitHub", | |
| "title_link": "${{ env.INSPECT_JOB_URL }}", | |
| "fields": [{ | |
| "title": "Verify Deployment", | |
| "value": "Verify that the site still works and updates have been completed (Admin access required) https://${{ needs.checkEnv.outputs.APP_HOST_URL }}/admin/index.php" | |
| },{ | |
| "title": "Build DB: ${{ needs.db.result }}" | |
| },{ | |
| "title": "Build PHP: ${{ needs.php.result }}" | |
| },{ | |
| "title": "Build Cron: ${{ needs.cron.result }}" | |
| },{ | |
| "title": "Build Web: ${{ needs.web.result }}" | |
| },{ | |
| "title": "Build Performance App: ${{ needs.build.result }}" | |
| },{ | |
| "title": "Cleanup Resources: ${{ needs.call-cleanup-workflow.result }}" | |
| },{ | |
| "title": "Deploy to OpenShift: ${{ needs.call-deploy-workflow.result }}" | |
| },{ | |
| "title": "Lighthouse Test Results:", | |
| "value": "${{ needs.lighthouse-check.outputs.LHRESULT }}" | |
| },{ | |
| "title": "SSL Certificate Expiry:", | |
| "value": "${{ env.SSL_TEST_RESULT }}" | |
| }] | |
| }] | |
| } |