Fix Secrets #1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This workflow uses actions that are not certified by GitHub. | ||
| # They are provided by a third-party and are governed by | ||
| # separate terms of service, privacy policy, and support | ||
| # documentation. | ||
| # ๐ The OpenShift Starter workflow will: | ||
| # - Checkout your repository | ||
| # - Perform a container image build | ||
| # - Push the built image to the GitHub Container Registry (GHCR) | ||
| # - Log in to your OpenShift cluster | ||
| # - Create an OpenShift app from the image and expose it to the internet | ||
| # โน๏ธ Configure your repository and the workflow with the following steps: | ||
| # 1. Have access to NERC's OpenShift cluster Refer to https://nerc-project.github.io/nerc-docs/openshift/logging-in/access-the-openshift-web-console/. To get access NERC's OCP web console you need to be part of ColdFront's active allocation as described [here](https://nerc-project.github.io/nerc-docs/get-started/get-an-allocation/#request-a-new-openshift-resource-allocation-for-openshift-project). | ||
| # 2. Create the OPENSHIFT_SERVER, OPENSHIFT_TOKEN and IMAGE_REGISTRY_PASSWORD repository secrets. Refer to: | ||
| # - https://github.com/redhat-actions/oc-login#readme | ||
| # - https://docs.github.com/en/actions/reference/encrypted-secrets | ||
| # - https://cli.github.com/manual/gh_secret_set | ||
| # 3. (Optional) Edit the top-level 'env' section as marked with '๐๏ธ' if the defaults are not suitable for your project. | ||
| # 4. (Optional) Edit the build-image step to build your project. | ||
| # The default build type is by using a Dockerfile at the root of the repository, | ||
| # but can be replaced with a different file, a source-to-image build, or a step-by-step buildah build. | ||
| # 5. Commit and push the workflow file to your default branch to trigger a workflow run. | ||
| # ๐ Visit our GitHub organization at https://github.com/redhat-actions/ to see our actions and provide feedback. | ||
| name: OpenShift | ||
| env: | ||
| # ๐๏ธ EDIT to set the kube context's namespace, you can view your available project namespaces by login into: https://console.apps.shift.nerc.mghpcc.org. | ||
| OPENSHIFT_NAMESPACE: 'boston-heat-pump-accelerator' | ||
| # EDIT to set a name for your OpenShift app, or a default one will be generated below. | ||
| APP_NAME: ${{ inputs.app }} | ||
| # EDIT with the port your application should be accessible on. | ||
| # If the container image exposes *exactly one* port, this can be left blank. | ||
| # Refer to the 'port' input of https://github.com/redhat-actions/oc-new-app | ||
| APP_PORT: ${{ inputs.port }} | ||
| # EDIT to change the image registry settings. | ||
| # Registries such as GHCR, Quay.io, and Docker Hub are supported. | ||
| IMAGE_REGISTRY: ghcr.io/codeforboston | ||
| # EDIT with your registry username. | ||
| IMAGE_REGISTRY_USER: ${{ github.actor }} | ||
| # EDIT to specify custom tags for the container image, or default tags will be generated below. | ||
| IMAGE_TAGS: '' | ||
| on: | ||
| workflow_call: | ||
| secrets: | ||
| OPENSHIFT_SERVER: | ||
| required: true | ||
| OPENSHIFT_TOKEN: | ||
| required: true | ||
| GITHUB_TOKEN: | ||
| required: true | ||
| inputs: | ||
| app: | ||
| type: string | ||
| required: true | ||
| port: | ||
| type: number | ||
| required: true | ||
| context: | ||
| type: string | ||
| required: true | ||
| build-args: | ||
| type: string | ||
| required: false | ||
| jobs: | ||
| # ๐๏ธ EDIT if you want to run vulnerability check on your project before deploying | ||
| # the application. Please uncomment the below CRDA scan job and configure to run it in | ||
| # your workflow. For details about CRDA action visit https://github.com/redhat-actions/crda/blob/main/README.md | ||
| # | ||
| # TODO: Make sure to add 'CRDA Scan' starter workflow from the 'Actions' tab. | ||
| # For guide on adding new starter workflow visit https://docs.github.com/en/github-ae@latest/actions/using-workflows/using-starter-workflows | ||
| # crda-scan: | ||
| # uses: ./.github/workflows/crda.yml | ||
| # secrets: | ||
| # CRDA_KEY: ${{ secrets.CRDA_KEY }} | ||
| # # SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} # Either use SNYK_TOKEN or CRDA_KEY | ||
| openshift-ci-cd: | ||
| # ๐๏ธ Uncomment this if you are using CRDA scan step above | ||
| # needs: crda-scan | ||
| name: Build and deploy ${{ inputs.app }} to OpenShift | ||
| runs-on: ubuntu-20.04 | ||
| environment: production | ||
| outputs: | ||
| ROUTE: ${{ steps.deploy-and-expose.outputs.route }} | ||
| SELECTOR: ${{ steps.deploy-and-expose.outputs.selector }} | ||
| steps: | ||
| - name: Check out repository | ||
| uses: actions/checkout@v3 | ||
| - name: Determine app name | ||
| if: env.APP_NAME == '' | ||
| run: | | ||
| echo "APP_NAME=$(basename $PWD)" | tee -a $GITHUB_ENV | ||
| - name: Determine image tags | ||
| if: env.IMAGE_TAGS == '' | ||
| run: | | ||
| echo "IMAGE_TAGS=latest ${GITHUB_SHA::12}" | tee -a $GITHUB_ENV | ||
| # https://github.com/redhat-actions/buildah-build#readme | ||
| - name: Build from Dockerfile | ||
| id: build-image | ||
| uses: redhat-actions/buildah-build@v2 | ||
| with: | ||
| image: ${{ env.APP_NAME }} | ||
| tags: ${{ env.IMAGE_TAGS }} | ||
| build-args: ${{ inputs.build-args }} | ||
| # If you don't have a Dockerfile/Containerfile, refer to https://github.com/redhat-actions/buildah-build#scratch-build-inputs | ||
| # Or, perform a source-to-image build using https://github.com/redhat-actions/s2i-build | ||
| # Otherwise, point this to your Dockerfile/Containerfile relative to the repository root. | ||
| dockerfiles: | | ||
| ./${{ inputs.context }}/Dockerfile | ||
| # https://github.com/redhat-actions/push-to-registry#readme | ||
| - name: Push to registry | ||
| id: push-image | ||
| uses: redhat-actions/push-to-registry@v2 | ||
| with: | ||
| image: ${{ steps.build-image.outputs.image }} | ||
| tags: ${{ steps.build-image.outputs.tags }} | ||
| registry: ${{ env.IMAGE_REGISTRY }} | ||
| username: ${{ env.IMAGE_REGISTRY_USER }} | ||
| password: ${{ secrets.GITHUB_TOKEN }} | ||
| # The path the image was pushed to is now stored in ${{ steps.push-image.outputs.registry-path }} | ||
| - name: Install oc | ||
| uses: redhat-actions/openshift-tools-installer@v1 | ||
| with: | ||
| oc: 4 | ||
| # https://github.com/redhat-actions/oc-login#readme | ||
| - name: Log in to OpenShift | ||
| uses: redhat-actions/oc-login@v1 | ||
| with: | ||
| openshift_server_url: ${{ secrets.OPENSHIFT_SERVER }} | ||
| openshift_token: ${{ secrets.OPENSHIFT_TOKEN }} | ||
| insecure_skip_tls_verify: true | ||
| namespace: ${{ env.OPENSHIFT_NAMESPACE }} | ||
| # This step should create a deployment, service, and route to run your app and expose it to the internet. | ||
| # https://github.com/redhat-actions/oc-new-app#readme | ||
| - name: Create and expose app | ||
| id: deploy-and-expose | ||
| uses: redhat-actions/oc-new-app@v1 | ||
| with: | ||
| app_name: ${{ env.APP_NAME }} | ||
| image: ${{ steps.push-image.outputs.registry-path }} | ||
| namespace: ${{ env.OPENSHIFT_NAMESPACE }} | ||
| port: ${{ env.APP_PORT }} | ||
| - name: Print application URL | ||
| env: | ||
| ROUTE: ${{ steps.deploy-and-expose.outputs.route }} | ||
| SELECTOR: ${{ steps.deploy-and-expose.outputs.selector }} | ||
| run: | | ||
| [[ -n ${{ env.ROUTE }} ]] || (echo "Determining application route failed in previous step"; exit 1) | ||
| echo | ||
| echo "======================== Your application is available at: ========================" | ||
| echo ${{ env.ROUTE }} | ||
| echo "===================================================================================" | ||
| echo | ||
| echo "Your app can be taken down with: \"oc delete all --selector='${{ env.SELECTOR }}'\"" | ||
