Skip to content

Commit

Permalink
create workflows for deploying front + back end
Browse files Browse the repository at this point in the history
  • Loading branch information
mattdelsordo committed Sep 25, 2023
1 parent 47e7db4 commit 9129895
Show file tree
Hide file tree
Showing 4 changed files with 275 additions and 0 deletions.
26 changes: 26 additions & 0 deletions .github/workflows/deploy.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
name: Deploy

on:
# https://docs.github.com/en/actions/reference/events-that-trigger-workflows
workflow_dispatch:
push:
# Edit to the branch(es) you want to build and deploy on each push.
branches: ['main']

jobs:
deploy-server:
uses: ./.github/workflows/deploy.yml
needs: [test-backend]
with:
app: bhpa-backend
context: backend
port: 3000
secrets: inherit
deploy-website:
uses: ./.github/workflows/deploy.yml
needs: [test-ui]
with:
app: bhpa-frontend
context: frontend/front
port: 8080
secrets: inherit
209 changes: 209 additions & 0 deletions .github/workflows/openshift.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,209 @@
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.

# 💁 The OpenShift Starter workflow will:
# - Checkout your repository
# - Perform a container image build
# - Push the built image to the GitHub Container Registry (GHCR)
# - Log in to your OpenShift cluster
# - Create an OpenShift app from the image and expose it to the internet

# ℹ️ Configure your repository and the workflow with the following steps:
# 1. Have access to NERC's OpenShift cluster Refer to https://nerc-project.github.io/nerc-docs/openshift/logging-in/access-the-openshift-web-console/. To get access NERC's OCP web console you need to be part of ColdFront's active allocation as described [here](https://nerc-project.github.io/nerc-docs/get-started/get-an-allocation/#request-a-new-openshift-resource-allocation-for-openshift-project).
# 2. Create the OPENSHIFT_SERVER, OPENSHIFT_TOKEN and IMAGE_REGISTRY_PASSWORD repository secrets. Refer to:
# - https://github.com/redhat-actions/oc-login#readme
# - https://docs.github.com/en/actions/reference/encrypted-secrets
# - https://cli.github.com/manual/gh_secret_set
# 3. (Optional) Edit the top-level 'env' section as marked with '🖊️' if the defaults are not suitable for your project.
# 4. (Optional) Edit the build-image step to build your project.
# The default build type is by using a Dockerfile at the root of the repository,
# but can be replaced with a different file, a source-to-image build, or a step-by-step buildah build.
# 5. Commit and push the workflow file to your default branch to trigger a workflow run.

# 👋 Visit our GitHub organization at https://github.com/redhat-actions/ to see our actions and provide feedback.

name: OpenShift

env:
# 🖊️ EDIT your repository secrets to log into your OpenShift cluster and set up the context.
# See https://github.com/redhat-actions/oc-login#readme for how to retrieve these values.
# To get a permanent token, refer to https://github.com/redhat-actions/oc-login/wiki/Using-a-Service-Account-for-GitHub-Actions
OPENSHIFT_SERVER: ${{ secrets.OPENSHIFT_SERVER }}
OPENSHIFT_TOKEN: ${{ secrets.OPENSHIFT_TOKEN }}
# 🖊️ EDIT to set the kube context's namespace, you can view your available project namespaces by login into: https://console.apps.shift.nerc.mghpcc.org.
OPENSHIFT_NAMESPACE: 'boston-heat-pump-accelerator'

# EDIT to set a name for your OpenShift app, or a default one will be generated below.
APP_NAME: ${{ inputs.app }}

# EDIT with the port your application should be accessible on.
# If the container image exposes *exactly one* port, this can be left blank.
# Refer to the 'port' input of https://github.com/redhat-actions/oc-new-app
APP_PORT: ${{ inputs.port }}

# 🖊️ EDIT to change the image registry settings.
# Registries such as GHCR, Quay.io, and Docker Hub are supported.
IMAGE_REGISTRY: ghcr.io/${{ github.actor }}
# 🖊️ EDIT with your registry username.
IMAGE_REGISTRY_USER: ${{ github.actor }}
IMAGE_REGISTRY_PASSWORD: ${{ secrets.IMAGE_REGISTRY_PASSWORD }}

# EDIT to specify custom tags for the container image, or default tags will be generated below.
IMAGE_TAGS: ''

on:
workflow_call:
inputs:
app:
type: string
required: true
port:
type: number
required: true
context:
type: string
required: true

jobs:
# 🖊️ EDIT if you want to run vulnerability check on your project before deploying
# the application. Please uncomment the below CRDA scan job and configure to run it in
# your workflow. For details about CRDA action visit https://github.com/redhat-actions/crda/blob/main/README.md
#
# TODO: Make sure to add 'CRDA Scan' starter workflow from the 'Actions' tab.
# For guide on adding new starter workflow visit https://docs.github.com/en/github-ae@latest/actions/using-workflows/using-starter-workflows

# crda-scan:
# uses: ./.github/workflows/crda.yml
# secrets:
# CRDA_KEY: ${{ secrets.CRDA_KEY }}
# # SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} # Either use SNYK_TOKEN or CRDA_KEY

openshift-ci-cd:
# 🖊️ Uncomment this if you are using CRDA scan step above
# needs: crda-scan
name: Build and deploy ${{ inputs.app }} to OpenShift
runs-on: ubuntu-20.04
environment: production

outputs:
ROUTE: ${{ steps.deploy-and-expose.outputs.route }}
SELECTOR: ${{ steps.deploy-and-expose.outputs.selector }}

steps:
- name: Check for required secrets
uses: actions/github-script@v6
with:
script: |
const secrets = {
OPENSHIFT_SERVER: `${{ secrets.OPENSHIFT_SERVER }}`,
OPENSHIFT_TOKEN: `${{ secrets.OPENSHIFT_TOKEN }}`,
};
const GHCR = "ghcr.io";
if (`${{ env.IMAGE_REGISTRY }}`.startsWith(GHCR)) {
core.info(`Image registry is ${GHCR} - no registry password required`);
}
else {
core.info("A registry password is required");
secrets["IMAGE_REGISTRY_PASSWORD"] = `${{ secrets.IMAGE_REGISTRY_PASSWORD }}`;
}
const missingSecrets = Object.entries(secrets).filter(([ name, value ]) => {
if (value.length === 0) {
core.error(`Secret "${name}" is not set`);
return true;
}
core.info(`✔️ Secret "${name}" is set`);
return false;
});
if (missingSecrets.length > 0) {
core.setFailed(`❌ At least one required secret is not set in the repository. \n` +
"You can add it using:\n" +
"GitHub UI: https://docs.github.com/en/actions/reference/encrypted-secrets#creating-encrypted-secrets-for-a-repository \n" +
"GitHub CLI: https://cli.github.com/manual/gh_secret_set \n" +
"Also, refer to https://github.com/redhat-actions/oc-login#getting-started-with-the-action-or-see-example");
}
else {
core.info(`✅ All the required secrets are set`);
}
- name: Check out repository
uses: actions/checkout@v3

- name: Determine app name
if: env.APP_NAME == ''
run: |
echo "APP_NAME=$(basename $PWD)" | tee -a $GITHUB_ENV
- name: Determine image tags
if: env.IMAGE_TAGS == ''
run: |
echo "IMAGE_TAGS=latest ${GITHUB_SHA::12}" | tee -a $GITHUB_ENV
# https://github.com/redhat-actions/buildah-build#readme
- name: Build from Dockerfile
id: build-image
uses: redhat-actions/buildah-build@v2
with:
image: ${{ env.APP_NAME }}
tags: ${{ env.IMAGE_TAGS }}

# If you don't have a Dockerfile/Containerfile, refer to https://github.com/redhat-actions/buildah-build#scratch-build-inputs
# Or, perform a source-to-image build using https://github.com/redhat-actions/s2i-build
# Otherwise, point this to your Dockerfile/Containerfile relative to the repository root.
dockerfiles: |
./${{context}}/Dockerfile
# https://github.com/redhat-actions/push-to-registry#readme
- name: Push to registry
id: push-image
uses: redhat-actions/push-to-registry@v2
with:
image: ${{ steps.build-image.outputs.image }}
tags: ${{ steps.build-image.outputs.tags }}
registry: ${{ env.IMAGE_REGISTRY }}
username: ${{ env.IMAGE_REGISTRY_USER }}
password: ${{ env.IMAGE_REGISTRY_PASSWORD }}

# The path the image was pushed to is now stored in ${{ steps.push-image.outputs.registry-path }}

- name: Install oc
uses: redhat-actions/openshift-tools-installer@v1
with:
oc: 4

# https://github.com/redhat-actions/oc-login#readme
- name: Log in to OpenShift
uses: redhat-actions/oc-login@v1
with:
openshift_server_url: ${{ env.OPENSHIFT_SERVER }}
openshift_token: ${{ env.OPENSHIFT_TOKEN }}
insecure_skip_tls_verify: true
namespace: ${{ env.OPENSHIFT_NAMESPACE }}

# This step should create a deployment, service, and route to run your app and expose it to the internet.
# https://github.com/redhat-actions/oc-new-app#readme
- name: Create and expose app
id: deploy-and-expose
uses: redhat-actions/oc-new-app@v1
with:
app_name: ${{ env.APP_NAME }}
image: ${{ steps.push-image.outputs.registry-path }}
namespace: ${{ env.OPENSHIFT_NAMESPACE }}
port: ${{ env.APP_PORT }}

- name: Print application URL
env:
ROUTE: ${{ steps.deploy-and-expose.outputs.route }}
SELECTOR: ${{ steps.deploy-and-expose.outputs.selector }}
run: |
[[ -n ${{ env.ROUTE }} ]] || (echo "Determining application route failed in previous step"; exit 1)
echo
echo "======================== Your application is available at: ========================"
echo ${{ env.ROUTE }}
echo "==================================================================================="
echo
echo "Your app can be taken down with: \"oc delete all --selector='${{ env.SELECTOR }}'\""
26 changes: 26 additions & 0 deletions nerc/setsecret.cmd
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
:: https://github.com/nerc-project/simple-node-app

@echo off
oc whoami --show-token >openshift.login.token
set /P LOGINQ=< openshift.login.token
del openshift.login.token
Set LOGIN=%LOGINQ:"=%

oc whoami --show-server >openshift.server
set /P SERVERQ=< openshift.server
del openshift.server
Set SERVER=%SERVERQ:"=%
rem echo The server is /%SERVER%/
rem echo The token is /%LOGIN%/

gh secret set OPENSHIFT_SERVER -b %SERVER%
gh secret set OPENSHIFT_TOKEN -b %LOGIN%

IF "%MY_QUAY_PW%"=="" (GOTO :missing_reg_token)
gh secret set IMAGE_REGISTRY_PASSWORD -b %MY_QUAY_PW%
goto :end

:missing_reg_token
echo missing registry token in MY_DOCKER_PW

:end
14 changes: 14 additions & 0 deletions nerc/setsecret.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
# https://github.com/nerc-project/simple-node-app

TOKEN=$(oc whoami --show-token)
SERVER=$(oc whoami --show-server )

gh secret set OPENSHIFT_SERVER -b $SERVER
gh secret set OPENSHIFT_TOKEN -b $TOKEN
if [ -z $MY_QUAY_PW ]
then
echo $0: No MY_QUAY_PW set, please set MY_QUAY_PW to your registry password.
exit
else
gh secret set IMAGE_REGISTRY_PASSWORD -b $MY_QUAY_PW
fi

0 comments on commit 9129895

Please sign in to comment.