Merge branch 'BCMOHAM-21655' of https://github.com/bcgov/hcap into BC… #1131
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Build and Deploy to dev env. | |
| # Trigger with tag dev | |
| # Connected with repo environment 'dev' | |
| name: OpenShift Build and Deploy to Dev with OWSAP ZAP SCAN | |
| on: | |
| push: | |
| branches: | |
| - master | |
| tags: | |
| - dev | |
| env: | |
| CLUSTER: https://api.silver.devops.gov.bc.ca:6443 | |
| AUTH_TOKEN: ${{ secrets.AUTH_TOKEN_OCP4 }} | |
| SA_TOKEN: ${{ secrets.SA_TOKEN_CONFIG }} | |
| PROJECT: hcap | |
| HEALTH_CHECK_URL: https://hcap-server-f047a2-dev.apps.silver.devops.gov.bc.ca/api/v1/version | |
| DEV_URL: https://hcapemployers.dev.freshworks.club | |
| jobs: | |
| audit: | |
| name: Run NPM Audit | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v2 | |
| - name: Install OpenShift CLI | |
| uses: redhat-actions/openshift-tools-installer@v1 | |
| with: | |
| oc: latest | |
| - uses: actions/setup-node@v2 | |
| with: | |
| node-version: '15' | |
| - name: NPM Audit | |
| run: | | |
| cd "$GITHUB_WORKSPACE/client" && npm audit --production | |
| cd "$GITHUB_WORKSPACE/server" && npm audit --production | |
| cd "$GITHUB_WORKSPACE" | |
| test: | |
| name: Test Config | |
| runs-on: 'ubuntu-latest' | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v2 | |
| - uses: dorny/paths-filter@v2 | |
| id: changes | |
| with: | |
| filters: | | |
| src: | |
| - 'openshift/**' | |
| base: ${{ github.ref }} | |
| - name: Dry run - Dev | |
| env: | |
| OS_NAMESPACE_SUFFIX: dev | |
| if: steps.changes.outputs.src == 'true' | |
| run: | | |
| oc login --token="$SA_TOKEN" --server="$CLUSTER" | |
| cd "$GITHUB_WORKSPACE" | |
| make server-config-test | |
| confirm: | |
| name: Get Confirmation Dev Deployment | |
| runs-on: ubuntu-latest | |
| needs: | |
| - audit | |
| - test | |
| environment: | |
| name: dev | |
| steps: | |
| - name: Log Confirm | |
| run: echo Workflow approved | |
| config: | |
| name: Deploy Config | |
| runs-on: ubuntu-latest | |
| needs: confirm | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v2 | |
| - name: Install OpenShift CLI | |
| uses: redhat-actions/openshift-tools-installer@v1 | |
| with: | |
| oc: latest | |
| - uses: dorny/paths-filter@v2 | |
| id: changes | |
| with: | |
| filters: | | |
| src: | |
| - 'openshift/**' | |
| base: ${{ github.ref}} | |
| - name: Apply Changes | |
| env: | |
| OS_NAMESPACE_SUFFIX: dev | |
| if: steps.changes.outputs.src == 'true' | |
| run: | | |
| oc login --token="$SA_TOKEN" --server="$CLUSTER" | |
| cd "$GITHUB_WORKSPACE" | |
| make server-config | |
| build: | |
| name: OpenShift Build & Deploy | |
| runs-on: ubuntu-latest | |
| needs: confirm | |
| concurrency: ci-build | |
| timeout-minutes: 20 | |
| env: | |
| BUILD_REF: ${{ github.ref }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v2 | |
| - name: Install OpenShift CLI | |
| uses: redhat-actions/openshift-tools-installer@v1 | |
| with: | |
| oc: latest | |
| - name: Build & Deploy | |
| run: | | |
| cd "$GITHUB_WORKSPACE" | |
| oc login --token="$AUTH_TOKEN" --server="$CLUSTER" | |
| make print-status | |
| make server-build | |
| make server-deploy | |
| - name: Health Check app | |
| uses: jtalk/url-health-check-action@v1.5 | |
| with: | |
| # Check the following URLs one by one sequentially | |
| url: '${{ env.HEALTH_CHECK_URL }}' | |
| # Follow redirects, or just report success on 3xx status codes | |
| follow-redirect: no # Optional, defaults to "no" | |
| # Fail this action after this many failed attempts | |
| max-attempts: 5 # Optional, defaults to 1 | |
| # Delay between retries | |
| retry-delay: 30s # Optional, only applicable to max-attempts > 1 | |
| # Retry all errors, including 404 | |
| retry-all: no # Optional, defaults to "no" | |
| - name: ZAP Scan | |
| uses: zaproxy/action-full-scan@v0.12.0 | |
| with: | |
| target: ${{ env.DEV_URL }} | |
| cmd_options: '-I' | |
| - name: Microsoft Teams Deploy Card | |
| uses: toko-bifrost/ms-teams-deploy-card@master | |
| if: always() | |
| with: | |
| github-token: ${{ github.token }} | |
| webhook-uri: ${{ secrets.MS_TEAMS_WEBHOOK_URI }} | |
| environment: development | |
| card-layout-exit: complete | |
| timezone: America/Vancouver | |
| show-on-start: false | |
| show-on-exit: true | |
| show-on-failure: false |