-
Notifications
You must be signed in to change notification settings - Fork 2
115 lines (101 loc) · 3.71 KB
/
advocase-pr-merge-deployment.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
name: "[DEV/UAT] Advocase DEV/UAT Deployment"
concurrency:
group: ${{ github.workflow }}
cancel-in-progress: true
on:
push:
branches:
- dev
- test
jobs:
##### SETUP ##################################################################
setup:
name: extract-branch-name
runs-on: ubuntu-latest
outputs:
environment: ${{ steps.parse.outputs.environment }}
image-tags: ${{ steps.parse.outputs.image-tags }}
steps:
- name: Extract branch name
id: parse
run: |
ENVIRONMENT=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}
echo "environment=$ENVIRONMENT" >> $GITHUB_OUTPUT
echo "image-tags=$ENVIRONMENT" >> $GITHUB_OUTPUT
approve-deploy:
name: Approve Deploy
needs: setup
environment: ${{ needs.setup.outputs.environment }}
runs-on: ubuntu-latest
steps:
- name: Deployment Approval
run: echo Approved
##### BUILD ##################################################################
bc-gov-advocase-image:
name: bc-gov-advocase-image
needs: [setup, approve-deploy]
uses: ./.github/workflows/reusable-build-dockerfile.yaml
with:
ref: ${{ needs.setup.outputs.environment }}
directory: docker/advocase-image
image-name: bc-gov-advocase
image-tags: ${{ needs.setup.outputs.image-tags }}
artifactory-repository: ad0d-advocase-docker
secrets:
artifactory-registry: ${{ secrets.ARTIFACTORY_REGISTRY }}
artifactory-username: ${{ secrets.ARTIFACTORY_USERNAME }}
artifactory-password: ${{ secrets.ARTIFACTORY_PASSWORD }}
##### DEPLOY ##################################################################
import-advocase-image-to-oc:
name: import-advocase-image-to-oc
needs: [setup, approve-deploy, bc-gov-advocase-image]
uses: ./.github/workflows/reusable-import-image-to-oc.yaml
with:
image-name: bc-gov-advocase
image-tags: ${{ needs.setup.outputs.image-tags }}
imagestream: artifactory-advocase
artifactory-repository: ad0d-advocase-docker
secrets:
artifactory-registry: ${{ secrets.ARTIFACTORY_REGISTRY }}
licence-plate: d0d1b5
openshift-api: ${{ secrets.OPENSHIFT_API }}
token: ${{ secrets.OPENSHIFT_TOOLS_TOKEN }}
rollout-advocase-deployment:
name: rollout-advocase-deployment
needs: [setup, approve-deploy, import-advocase-image-to-oc]
uses: ./.github/workflows/reusable-rollout-deployment.yaml
with:
namespace: ${{ needs.setup.outputs.environment }}
secrets:
licence-plate: d0d1b5
openshift-api: ${{ secrets.OPENSHIFT_API }}
token: ${{ secrets.OPENSHIFT_TOKEN }}
wait-for-rollout:
name: wait-for-rollout
needs: [setup, approve-deploy, rollout-advocase-deployment]
uses: ./.github/workflows/reusable-wait-for-rollout.yaml
with:
namespace: ${{ needs.setup.outputs.environment }}
secrets:
licence-plate: d0d1b5
openshift-api: ${{ secrets.OPENSHIFT_API }}
token: ${{ secrets.OPENSHIFT_TOKEN }}
##### SCAN ##################################################################
# Removed from DEV/UAT workflow for performance reasons
# owasp-advocase:
# name: OWASP ZAP Scan
# needs: [setup, wait-for-rollout]
# runs-on: ubuntu-latest
# environment: ${{ needs.setup.outputs.environment }}
# steps:
# - name: OWASP ZAP Scan
# uses: zaproxy/[email protected]
# with:
# allow_issue_writing: false
# cmd_options: '-z "-config scanner.threadPerHost=20"'
# target: ${{ secrets.ZAP_ADVOCASE_URL }}
# - name: Upload Report as Artifact
# uses: actions/upload-artifact@v4
# with:
# name: OWASP ZAP Report
# path: report_html.html