NIT-994 pipeline for installing helm charts

ministryofjustice · Dec 20, 2023 · 7382934 · 7382934
1 parent 3be741c
commit 7382934
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 6 deletions.
diff --git a/.github/workflows/cloud-platform-deploy-release.yml b/.github/workflows/cloud-platform-deploy-release.yml
@@ -9,15 +9,19 @@ on:
       - '.github/workflows/cloud-platform-build-push-share.yml'
   workflow_dispatch:
 
+permissions:
+  id-token: write # This is required for requesting the JWT
+  contents: read # This is required for actions/checkout
+defaults:
+  run:
+    working-directory: ./alfresco-content-services
+
 jobs:
   poc-deployment-job:
     # Get this GitHub environment populated with action secrets by raising a CP pull request. See docs at: 
     # https://github.com/ministryofjustice/cloud-platform-terraform-serviceaccount?tab=readme-ov-file#input_github_environments
     environment: poc
     runs-on: ubuntu-latest
-    permissions:
-      id-token: write # This is required for requesting the JWT
-      contents: read # This is required for actions/checkout
     steps:
       - name: Checkout current repo
         uses: actions/checkout@v3
@@ -51,7 +55,6 @@ jobs:
         env:
           KUBE_NAMESPACE: ${{ secrets.KUBE_NAMESPACE }}
           KUBE_CLUSTER: ${{ secrets.KUBE_CLUSTER }}
-        working-directory: ./alfresco-content-services
         run: |
 
           # See this link how github action secrets are created: https://github.com/ministryofjustice/cloud-platform-terraform-serviceaccount
@@ -65,18 +68,27 @@ jobs:
           # For Alfresco, a k8s namespace will be an environment
           kubectl config set-context --current --namespace=${KUBE_NAMESPACE}
 
-          kubectl get all
-
           # Helm will not deploy unless this secret is present. Create a new one if one does not already exist from env section
           SECRET=$(awk '{print substr($0, 19)}' <<< $(kubectl get secrets alfresco-content-services-alfresco-repository-properties-secret -o jsonpath='{.data.alfresco-global\.properties}' | base64 -d)) 2> /dev/null
           if [ -z ${SECRET} ] 
           then 
             SECRET=$(openssl rand -base64 20)
           fi
 
+          echo "Secret value = $SECRET"
+
           # Upgrad an existing release or create a new one if one does not exist
           BUCKET_NAME=$(awk '{print substr($0, 0)}' <<< $(kubectl get secrets s3-bucket-output -o jsonpath='{.data.bucket_name}' | base64 -d))
           helm upgrade --install alfresco-content-services . --values=./values.yaml \
           --set s3connector.config.bucketName=$BUCKET_NAME \
           --set global.tracking.sharedsecret=$SECRET \
           --atomic
+
+  dev-deployment-job:
+    needs: poc-deployment-job
+    environment: dev
+    runs-on: ubuntu-latest
+    steps:
+      - name: PoC deployment
+        run: |
+          echo "This job will only run in sequence and only after the above job is completed successfully"
diff --git a/alfresco-content-services/values_test.yaml b/alfresco-content-services/values_test.yaml
@@ -0,0 +1,5 @@
+# this file overrides values defined in ./values.yaml
+repository:
+  replicaCount: 1
+share:
+  replicaCount: 1