Skip to content

Commit

Permalink
chore(ci): workflows and templates (#170)
Browse files Browse the repository at this point in the history
  • Loading branch information
@DerekRoberts
DerekRoberts authored Feb 13, 2025
1 parent 79a567e commit 10a6e68
Show file tree
Hide file tree
Showing 9 changed files with 212 additions and 232 deletions.
23 changes: 0 additions & 23 deletions .env.template
View file
Original file line number Diff line number Diff line change
@@ -1,26 +1,3 @@
# EXPRESS API
API_PORT=
API_HOST=

# POSTGRES
POSTGRES_USER=
POSTGRES_PASSWORD=
POSTGRES_DB=
POSTGRES_HOST=
POSTGRES_PORT=
POSTGRES_DATABASE=

# POSTGRES ADMIN PAGE
PGADMIN_DEFAULT_EMAIL=
PGADMIN_DEFAULT_PASSWORD=

# VITE FRONTEND
VITE_PORT=
VITE_BACKEND_URL=

# KEYCLOAK SETTINGS
SSO_CLIENT_ID=
SSO_CLIENT_SECRET=
SSO_REDIRECT_URL=
FRONTEND_URL=
BACKEND_URL=
105 changes: 54 additions & 51 deletions .github/workflows/.deploy.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,20 +3,39 @@ name: .Deploys
on:
workflow_call:
inputs:
### Required
# Nothing! Only `secrets: inherit` is required

### Typical / recommended
environment:
description: GitHub environment; e.g. PR number (omit), TEST or PROD
default: "dev"
required: false
type: string
tag:
description: Image tag; e.g. PR number or latest
default: ${{ github.event.number }}
required: false
type: string
target:
description: Deployment target; e.g. PR number (omit), test or prod
default: ${{ github.event.number }}
required: false
type: string

### Optional / per-environment
db-pvc-size:
description: Database PVC size; e.g. 1Gi
default: "128Mi"
type: string
db-cpu-request:
description: Database CPU request; e.g. 50m
default: "50m"
type: string
backend-cpu-request:
description: Backend CPU request; e.g. 50m
default: "50m"
type: string
frontend-cpu-request:
description: Frontend CPU request; e.g. 50m
default: "50m"
type: string

jobs:
Expand All @@ -40,62 +59,46 @@ jobs:
-p DB_PASSWORD=${{ secrets.DB_PASSWORD }}
-p DB_USER=${{ secrets.DB_USER }}
-p DB_NAME=${{ secrets.DB_NAME }}
-p DB_PORT=${{ secrets.DB_PORT }}
-p SSO_CLIENT_ID=${{ vars.SSO_CLIENT_ID }}
-p SSO_CLIENT_SECRET=${{ secrets.SSO_CLIENT_SECRET }}

database:
name: Database
needs: [init]
deploy:
name: Deploy
environment: ${{ inputs.environment }}
runs-on: ubuntu-22.04
needs: [init]
runs-on: ubuntu-24.04
timeout-minutes: 10
strategy:
matrix:
name: [database, backend, frontend]
include:
- name: database
overwrite: false
parameters:
-p DB_PVC_SIZE=${{ inputs.db-pvc-size }}
-p CPU_REQUEST=${{ inputs.db-cpu-request }}
- name: backend
overwrite: true
parameters:
-p SSO_AUTH_SERVER_URL=${{ vars.SSO_AUTH_SERVER_URL }}
-p CPU_REQUEST=${{ inputs.backend-cpu-request }}
verification_path: /healthcheck/
- name: frontend
overwrite: true
parameters:
-p CPU_REQUEST=${{ inputs.frontend-cpu-request }}
steps:
- name: Deploy Database
uses: bcgov-nr/[email protected]
- uses: bcgov-nr/[email protected]
with:
file: ${{ matrix.name }}/openshift.deploy.yml
oc_namespace: ${{ secrets.OC_NAMESPACE }}
oc_server: ${{ vars.OC_SERVER }}
oc_token: ${{ secrets.OC_TOKEN }}
file: database/openshift.deploy.yml
overwrite: false
parameters:
-p IMAGE_TAG=${{ inputs.tag }}
parameters:
-p TAG=${{ inputs.tag }}
-p TARGET=${{ inputs.target }}

backend:
name: Backend
needs: [init, database]
environment: ${{ inputs.environment }}
runs-on: ubuntu-22.04
steps:
- name: Deploy Backend
uses: bcgov-nr/[email protected]
with:
oc_namespace: ${{ secrets.OC_NAMESPACE }}
oc_server: ${{ vars.OC_SERVER }}
oc_token: ${{ secrets.OC_TOKEN }}
file: backend/openshift.deploy.yml
overwrite: true
parameters:
-p IMAGE_TAG=${{ inputs.tag }}
-p TARGET=${{ inputs.target }}
-p SSOAUTH=${{ vars.SSO_AUTH_SERVER_URL }}
verification_path: /healthcheck/
${{ matrix.parameters }}
verification_path: ${{ matrix.verification_path }}
verification_retry_attempts: "5"
verification_retry_seconds: "15"

frontend:
name: Frontend
needs: [init, database, backend]
environment: ${{ inputs.environment }}
runs-on: ubuntu-22.04
steps:
- name: Deploy Frontend
uses: bcgov-nr/[email protected]
with:
oc_namespace: ${{ secrets.OC_NAMESPACE }}
oc_server: ${{ vars.OC_SERVER }}
oc_token: ${{ secrets.OC_TOKEN }}
file: frontend/openshift.deploy.yml
overwrite: true
parameters:
-p TAG=${{ inputs.tag }} -p TARGET=${{ inputs.target }}
-p SSOAUTH=${{ vars.SSO_AUTH_SERVER_URL }}
5 changes: 5 additions & 0 deletions .github/workflows/pr-open.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,11 @@ jobs:
needs: [builds]
secrets: inherit
uses: ./.github/workflows/.deploy.yml
with:
db-pvc-size: 64Mi
db-cpu-request: 30m
backend-cpu-request: 30m
frontend-cpu-request: 30m

# tests:
# name: Tests
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/pr-validate.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,8 +15,8 @@ jobs:
uses: bcgov/quickstart-openshift-helpers/.github/workflows/[email protected]
with:
markdown_links: |
- [Frontend](https://${{ github.event.repository.name }}-${{ github.event.number }}-frontend.apps.silver.devops.gov.bc.ca)
- [Backend](https://${{ github.event.repository.name }}-${{ github.event.number }}-frontend.apps.silver.devops.gov.bc.ca/api)
- [Frontend](https://${{ github.event.repository.name }}-${{ github.event.number }}.apps.silver.devops.gov.bc.ca)
- [Backend](https://${{ github.event.repository.name }}-${{ github.event.number }}-backend.apps.silver.devops.gov.bc.ca/healthcheck/)
results:
name: Validate Results
Expand Down
119 changes: 54 additions & 65 deletions backend/openshift.deploy.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,32 +2,36 @@
apiVersion: template.openshift.io/v1
kind: Template
parameters:
- name: APP
description: Application name
- name: REPO
description: Repository name
value: nr-nmp
- name: COMPONENT
description: Component name
value: backend
- name: ORG
description: Organization name; e.g. bcgov or bcdevops
value: bcgov
- name: IMAGE_TAG
- name: TAG
description: Image tag; e.g. PR number or latest
required: true
- name: TARGET
description: Deployment target; e.g. PR number, test or prod
required: true
generate: expression
- name: SSOAUTH
- name: SSO_AUTH_SERVER_URL
description: SSO Auth Server URL
required: true
- name: CPU_REQUEST
value: 50m
- name: MEMORY_REQUEST
value: 75Mi
objects:
- kind: Service
apiVersion: v1
metadata:
labels:
app: ${APP}-${TARGET}
name: ${APP}-${TARGET}-${COMPONENT}
app: ${REPO}-${TARGET}
name: ${REPO}-${TARGET}-${COMPONENT}
spec:
type: ClusterIP
ports:
Expand All @@ -36,114 +40,99 @@ objects:
protocol: TCP
name: http-3000
selector:
service: ${APP}-${TARGET}-${COMPONENT}
service: ${REPO}-${TARGET}-${COMPONENT}
- kind: Deployment
apiVersion: apps/v1
metadata:
labels:
app: ${APP}-${TARGET}
deployment: ${APP}-${TARGET}-${COMPONENT}
name: ${APP}-${TARGET}-${COMPONENT}
app: ${REPO}-${TARGET}
deployment: ${REPO}-${TARGET}-${COMPONENT}
name: ${REPO}-${TARGET}-${COMPONENT}
spec:
strategy:
type: Recreate
type: RollingUpdate
selector:
matchLabels:
deployment: ${APP}-${TARGET}-${COMPONENT}
deployment: ${REPO}-${TARGET}-${COMPONENT}
template:
metadata:
labels:
app: ${APP}-${TARGET}
deployment: ${APP}-${TARGET}-${COMPONENT}
service: ${APP}-${TARGET}-${COMPONENT}
app: ${REPO}-${TARGET}
deployment: ${REPO}-${TARGET}-${COMPONENT}
service: ${REPO}-${TARGET}-${COMPONENT}
spec:
containers:
- name: ${APP}-${TARGET}-${COMPONENT}
image: ghcr.io/${ORG}/${APP}/${COMPONENT}:${IMAGE_TAG}
- name: ${REPO}-${TARGET}-${COMPONENT}
image: ghcr.io/${ORG}/${REPO}/${COMPONENT}:${TAG}
imagePullPolicy: Always
env:
- name: LOG_LEVEL
value: info
- name: POSTGRES_HOST
value: nr-nmp-database-${TARGET}
value: ${REPO}-${TARGET}-database
- name: SSO_AUTH_SERVER_URL
value: ${SSOAUTH}
value: ${SSO_AUTH_SERVER_URL}
- name: POSTGRES_DB
valueFrom:
secretKeyRef:
name: nr-nmp-database-${TARGET}
name: ${REPO}-${TARGET}-database
key: database-name
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: nr-nmp-database-${TARGET}
name: ${REPO}-${TARGET}-database
key: database-password
- name: POSTGRES_USER
valueFrom:
secretKeyRef:
name: nr-nmp-database-${TARGET}
name: ${REPO}-${TARGET}-database
key: database-user
- name: SSO_CLIENT_ID
valueFrom:
secretKeyRef:
name: nr-nmp-keycloak
key: SSO_CLIENT_ID
name: ${REPO}-${TARGET}-backend
key: sso-client-id
- name: SSO_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: nr-nmp-keycloak
key: SSO_CLIENT_SECRET
name: ${REPO}-${TARGET}-backend
key: sso-client-secret
- name: SSO_REDIRECT_URL
value: https://${APP}-${TARGET}-${COMPONENT}.apps.silver.devops.gov.bc.ca/admin
value: https://${REPO}-${TARGET}-${COMPONENT}.apps.silver.devops.gov.bc.ca/admin
ports:
- containerPort: 3000
protocol: TCP
# readinessProbe:
# httpGet:
# path: /healthcheck/
# port: 3000
# scheme: HTTP
# httpHeaders:
# - name: host
# value: localhost
# initialDelaySeconds: 90
# periodSeconds: 15
# timeoutSeconds: 10
# successThreshold: 3
# failureThreshold: 30
# livenessProbe:
# successThreshold: 1
# failureThreshold: 5
# httpGet:
# path: /healthcheck/
# port: 3000
# scheme: HTTP
# httpHeaders:
# - name: host
# value: localhost
# initialDelaySeconds: 15
# periodSeconds: 30
# timeoutSeconds: 5
resources: # this is optional
limits:
cpu: 150m
memory: 150Mi
- name: container-port
containerPort: 3000
readinessProbe:
tcpSocket:
port: container-port
livenessProbe:
tcpSocket:
port: container-port
startupProbe:
tcpSocket:
port: container-port
failureThreshold: 5
initialDelaySeconds: 15
periodSeconds: 15
timeoutSeconds: 10
failureThreshold: 30
resources:
requests:
cpu: 50m
memory: 75Mi
cpu: ${CPU_REQUEST}
memory: ${MEMORY_REQUEST}
- kind: Route
apiVersion: route.openshift.io/v1
metadata:
labels:
app: ${APP}-${TARGET}
name: ${APP}-${TARGET}-${COMPONENT}
app: ${REPO}-${TARGET}
name: ${REPO}-${TARGET}-${COMPONENT}
spec:
host: ${APP}-${TARGET}-${COMPONENT}.apps.silver.devops.gov.bc.ca
host: ${REPO}-${TARGET}-${COMPONENT}.apps.silver.devops.gov.bc.ca
port:
targetPort: http-3000
to:
kind: Service
name: ${APP}-${TARGET}-${COMPONENT}
name: ${REPO}-${TARGET}-${COMPONENT}
weight: 100
tls:
termination: edge
Expand Down
Loading

0 comments on commit 10a6e68

Please sign in to comment.