-
Notifications
You must be signed in to change notification settings - Fork 1
154 lines (146 loc) · 4.32 KB
/
build.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
# Build and Deploy to dev env.
# Trigger with tag dev
# Connected with repo environment 'dev'
name: OpenShift Build and Deploy to Dev with OWSAP ZAP SCAN
on:
push:
branches:
- master
tags:
- dev
env:
CLUSTER: https://api.silver.devops.gov.bc.ca:6443
AUTH_TOKEN: ${{ secrets.AUTH_TOKEN_OCP4 }}
SA_TOKEN: ${{ secrets.SA_TOKEN_CONFIG }}
PROJECT: hcap
HEALTH_CHECK_URL: https://hcap-server-f047a2-dev.apps.silver.devops.gov.bc.ca/api/v1/version
DEV_URL: https://hcapemployers.dev.freshworks.club
jobs:
audit:
name: Run NPM Audit
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Install OpenShift CLI
uses: redhat-actions/openshift-tools-installer@v1
with:
oc: latest
- uses: actions/setup-node@v2
with:
node-version: '15'
- name: NPM Audit
run: |
cd "$GITHUB_WORKSPACE/client" && npm audit --production
cd "$GITHUB_WORKSPACE/server" && npm audit --production
cd "$GITHUB_WORKSPACE"
test:
name: Test Config
runs-on: 'ubuntu-latest'
steps:
- name: Checkout
uses: actions/checkout@v2
- uses: dorny/paths-filter@v2
id: changes
with:
filters: |
src:
- 'openshift/**'
base: ${{ github.ref }}
- name: Dry run - Dev
env:
OS_NAMESPACE_SUFFIX: dev
if: steps.changes.outputs.src == 'true'
run: |
oc login --token="$SA_TOKEN" --server="$CLUSTER"
cd "$GITHUB_WORKSPACE"
make server-config-test
confirm:
name: Get Confirmation Dev Deployment
runs-on: ubuntu-latest
needs:
- audit
- test
environment:
name: dev
steps:
- name: Log Confirm
run: echo Workflow approved
config:
name: Deploy Config
runs-on: ubuntu-latest
needs: confirm
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Install OpenShift CLI
uses: redhat-actions/openshift-tools-installer@v1
with:
oc: latest
- uses: dorny/paths-filter@v2
id: changes
with:
filters: |
src:
- 'openshift/**'
base: ${{ github.ref}}
- name: Apply Changes
env:
OS_NAMESPACE_SUFFIX: dev
if: steps.changes.outputs.src == 'true'
run: |
oc login --token="$SA_TOKEN" --server="$CLUSTER"
cd "$GITHUB_WORKSPACE"
make server-config
build:
name: OpenShift Build & Deploy
runs-on: ubuntu-latest
needs: confirm
concurrency: ci-build
timeout-minutes: 20
env:
BUILD_REF: ${{ github.ref }}
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Install OpenShift CLI
uses: redhat-actions/openshift-tools-installer@v1
with:
oc: latest
- name: Build & Deploy
run: |
cd "$GITHUB_WORKSPACE"
oc login --token="$AUTH_TOKEN" --server="$CLUSTER"
make print-status
make server-build
make server-deploy
- name: Health Check app
uses: jtalk/url-health-check-action@v1.5
with:
# Check the following URLs one by one sequentially
url: '${{ env.HEALTH_CHECK_URL }}'
# Follow redirects, or just report success on 3xx status codes
follow-redirect: no # Optional, defaults to "no"
# Fail this action after this many failed attempts
max-attempts: 5 # Optional, defaults to 1
# Delay between retries
retry-delay: 30s # Optional, only applicable to max-attempts > 1
# Retry all errors, including 404
retry-all: no # Optional, defaults to "no"
- name: ZAP Scan
uses: zaproxy/action-full-scan@v0.12.0
with:
target: ${{ env.DEV_URL }}
cmd_options: '-I'
- name: Microsoft Teams Deploy Card
uses: toko-bifrost/ms-teams-deploy-card@master
if: always()
with:
github-token: ${{ github.token }}
webhook-uri: ${{ secrets.MS_TEAMS_WEBHOOK_URI }}
environment: development
card-layout-exit: complete
timezone: America/Vancouver
show-on-start: false
show-on-exit: true
show-on-failure: false