-
-
Notifications
You must be signed in to change notification settings - Fork 22
168 lines (148 loc) ยท 6.97 KB
/
openshift.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
# ๐ The OpenShift Starter workflow will:
# - Checkout your repository
# - Perform a container image build
# - Push the built image to the GitHub Container Registry (GHCR)
# - Log in to your OpenShift cluster
# - Create an OpenShift app from the image and expose it to the internet
# โน๏ธ Configure your repository and the workflow with the following steps:
# 1. Have access to NERC's OpenShift cluster Refer to https://nerc-project.github.io/nerc-docs/openshift/logging-in/access-the-openshift-web-console/. To get access NERC's OCP web console you need to be part of ColdFront's active allocation as described [here](https://nerc-project.github.io/nerc-docs/get-started/get-an-allocation/#request-a-new-openshift-resource-allocation-for-openshift-project).
# 2. Create the OPENSHIFT_SERVER, OPENSHIFT_TOKEN and IMAGE_REGISTRY_PASSWORD repository secrets. Refer to:
# - https://github.com/redhat-actions/oc-login#readme
# - https://docs.github.com/en/actions/reference/encrypted-secrets
# - https://cli.github.com/manual/gh_secret_set
# 3. (Optional) Edit the top-level 'env' section as marked with '๐๏ธ' if the defaults are not suitable for your project.
# 4. (Optional) Edit the build-image step to build your project.
# The default build type is by using a Dockerfile at the root of the repository,
# but can be replaced with a different file, a source-to-image build, or a step-by-step buildah build.
# 5. Commit and push the workflow file to your default branch to trigger a workflow run.
# ๐ Visit our GitHub organization at https://github.com/redhat-actions/ to see our actions and provide feedback.
name: OpenShift
env:
# ๐๏ธ EDIT to set the kube context's namespace, you can view your available project namespaces by login into: https://console.apps.shift.nerc.mghpcc.org.
OPENSHIFT_NAMESPACE: 'boston-heat-pump-accelerator-dbab1b'
# EDIT to set a name for your OpenShift app, or a default one will be generated below.
APP_NAME: ${{ inputs.app }}
IMAGE_NAME: ${{ inputs.image_name }}
# EDIT with the port your application should be accessible on.
# If the container image exposes *exactly one* port, this can be left blank.
# Refer to the 'port' input of https://github.com/redhat-actions/oc-new-app
APP_PORT: ${{ inputs.port }}
# EDIT to change the image registry settings.
# Registries such as GHCR, Quay.io, and Docker Hub are supported.
IMAGE_REGISTRY: ghcr.io/codeforboston
# EDIT with your registry username.
IMAGE_REGISTRY_USER: ${{ github.actor }}
# EDIT to specify custom tags for the container image, or default tags will be generated below.
IMAGE_TAGS: ${{ github.sha }}
on:
workflow_call:
secrets:
OPENSHIFT_SERVER:
required: true
OPENSHIFT_TOKEN:
required: true
inputs:
environment:
type: string
required: true
app:
type: string
required: true
image_name:
type: string
required: true
port:
type: number
required: true
context:
type: string
required: true
build-args:
type: string
required: false
jobs:
# ๐๏ธ EDIT if you want to run vulnerability check on your project before deploying
# the application. Please uncomment the below CRDA scan job and configure to run it in
# your workflow. For details about CRDA action visit https://github.com/redhat-actions/crda/blob/main/README.md
#
# TODO: Make sure to add 'CRDA Scan' starter workflow from the 'Actions' tab.
# For guide on adding new starter workflow visit https://docs.github.com/en/github-ae@latest/actions/using-workflows/using-starter-workflows
# crda-scan:
# uses: ./.github/workflows/crda.yml
# secrets:
# CRDA_KEY: ${{ secrets.CRDA_KEY }}
# # SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} # Either use SNYK_TOKEN or CRDA_KEY
openshift-ci-cd:
# ๐๏ธ Uncomment this if you are using CRDA scan step above
# needs: crda-scan
name: Build and deploy ${{ inputs.app }} to OpenShift
runs-on: ubuntu-20.04
environment: ${{ inputs.environment }}
outputs:
ROUTE: ${{ steps.deploy-and-expose.outputs.route }}
SELECTOR: ${{ steps.deploy-and-expose.outputs.selector }}
steps:
- name: Check out repository
uses: actions/checkout@v3
- name: Print the event name
run: |
EVENT_NAME=${{ github.event_name}}
echo "::debug::{Event Name: $EVENT_NAME}"
- name: Determine app name
if: env.APP_NAME == ''
run: |
echo "APP_NAME=$(basename $PWD)" | tee -a $GITHUB_ENV
- name: Determine image tags
if: env.IMAGE_TAGS == ''
run: |
echo "IMAGE_TAGS=latest ${GITHUB_SHA::12}" | tee -a $GITHUB_ENV
- name: Cache Yarn dependencies
uses: actions/cache@v3
with:
path: ~/.cache/yarn
key: ${{ runner.os }}-yarn-${{ hashFiles('frontend/front/yarn.lock') }}
restore-keys: |
${{ runner.os }}-yarn-
# https://github.com/redhat-actions/buildah-build#readme
- name: Build from Dockerfile
id: build-image
uses: redhat-actions/buildah-build@v2
with:
image: ${{ env.IMAGE_NAME }}
tags: ${{ env.IMAGE_TAGS }}
build-args: ${{ inputs.build-args }}
# If you don't have a Dockerfile/Containerfile, refer to https://github.com/redhat-actions/buildah-build#scratch-build-inputs
# Or, perform a source-to-image build using https://github.com/redhat-actions/s2i-build
# Otherwise, point this to your Dockerfile/Containerfile relative to the repository root.
dockerfiles: |
./${{ inputs.context }}/Dockerfile
# https://github.com/redhat-actions/push-to-registry#readme
- name: Push to registry
id: push-image
uses: redhat-actions/push-to-registry@v2
with:
image: ${{ steps.build-image.outputs.image }}
tags: ${{ steps.build-image.outputs.tags }}
registry: ${{ env.IMAGE_REGISTRY }}
username: ${{ env.IMAGE_REGISTRY_USER }}
password: ${{ secrets.GITHUB_TOKEN }}
# The path the image was pushed to is now stored in ${{ steps.push-image.outputs.registry-path }}
- name: Install oc
uses: redhat-actions/openshift-tools-installer@v1
with:
oc: 4.15
# https://github.com/redhat-actions/oc-login#readme
- name: Log in to OpenShift
uses: redhat-actions/oc-login@v1
with:
openshift_server_url: ${{ secrets.OPENSHIFT_SERVER }}
openshift_token: ${{ secrets.OPENSHIFT_TOKEN }}
insecure_skip_tls_verify: true
namespace: ${{ env.OPENSHIFT_NAMESPACE }}
- name: Update ImageStream tag
run: |
oc tag ${{ steps.push-image.outputs.registry-path }} ${{ env.IMAGE_NAME }}:${{ inputs.environment }}