Merge pull request #1235 from bcgov/feat/argo-workflows

Migrate GHA deployment workflows to ArgoCD triggering
bcgov · Jul 19, 2024 · 5776538 · 5776538
2 parents cdd5120 + ab9b07d
commit 5776538
Show file tree

Hide file tree

Showing 4 changed files with 197 additions and 19 deletions.
diff --git a/.github/actions/build_acapy/action.yaml b/.github/actions/build_acapy/action.yaml
@@ -41,23 +41,23 @@ outputs:
 runs:
   using: "composite"
   steps:
-    - uses: actions/checkout@v3   
+    - uses: actions/checkout@v4   
       with:
         ref: ${{ inputs.ref != '' && inputs.ref ||  env.GITHUB_REF }}${{ inputs.ref }}
 
     - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@v2
+      uses: docker/setup-buildx-action@v3
 
     - name: Login to GitHub Container Registry
-      uses: docker/login-action@v2
+      uses: docker/login-action@v3
       with:
         registry: ${{ inputs.registry}}
         username: ${{ inputs.registry_username}}
         password: ${{ inputs.registry_password }}
 
     - name: Prepare docker tags for image
       id: meta
-      uses: docker/metadata-action@v4
+      uses: docker/metadata-action@v5
       with:
         images: ${{ inputs.registry }}/${{ inputs.image_name }}
         tags: |
@@ -68,7 +68,7 @@ runs:
 
     - name: Build and push image
       id: builder
-      uses: docker/build-push-action@v3
+      uses: docker/build-push-action@v6
       with:
         context: ${{ inputs.context }}
         file: ${{ inputs.dockerfile }}

diff --git a/.github/actions/build_ui/action.yaml b/.github/actions/build_ui/action.yaml
@@ -36,7 +36,7 @@ outputs:
 runs:
   using: "composite"
   steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
       with:
         ref: ${{ inputs.ref != '' && inputs.ref ||  env.GITHUB_REF }}${{ inputs.ref }}
 
@@ -82,18 +82,18 @@ runs:
         npm run build
 
     - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@v2
+      uses: docker/setup-buildx-action@v3
 
     - name: Login to GitHub Container Registry
-      uses: docker/login-action@v2
+      uses: docker/login-action@v3
       with:
         registry: ${{ inputs.registry}}
         username: ${{ inputs.registry_username}}
         password: ${{ inputs.registry_password }}
 
     - name: Prepare docker tags for image
       id: meta
-      uses: docker/metadata-action@v4
+      uses: docker/metadata-action@v5
       with:
         images: ${{ inputs.registry }}/${{ inputs.image_name }}
         tags: |
@@ -104,7 +104,7 @@ runs:
 
     - name: Build and push image
       id: builder
-      uses: docker/build-push-action@v3
+      uses: docker/build-push-action@v6
       with:
         context: ${{ inputs.context }}
         push: true

diff --git a/.github/workflows/chart_release.yaml b/.github/workflows/chart_release.yaml
@@ -9,7 +9,8 @@ on:
 jobs:
   # Sometimes chart-releaser might fetch an outdated index.yaml from gh-pages, causing a WAW hazard on the repo
   # This job checks the remote file is up to date with the local one on release
-  validate-gh-pages-index:
+  validate-chart-index:
+    name: Validate Chart Index
     runs-on: ubuntu-latest
     if: github.repository_owner == 'bcgov'
     steps:
@@ -26,10 +27,10 @@ jobs:
           test "$LOCAL" = "$REMOTE"
 
   chart-release:
-    name: Create chart release
+    name: Create and Publish Chart Release
     runs-on: ubuntu-latest
     if: github.repository_owner == 'bcgov'
-    needs: [ validate-gh-pages-index ]
+    needs: [ validate-chart-index ]
     steps:
       - uses: actions/checkout@v4
         with:
@@ -48,3 +49,74 @@ jobs:
           config: .github/cr.yaml
         env:
           CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
+
+  update-configs-and-sync:
+    runs-on: ubuntu-latest
+    name: Update Configs and Sync
+    needs:
+      - chart-release
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Checkout services directory from the trust-over-ip-configurations repo
+        uses: actions/checkout@v4
+        with:
+          repository: bcgov/trust-over-ip-configurations
+          ssh-key: ${{ secrets.DITP_GITOPS_REPO_SECRET }}
+          sparse-checkout: |
+            services
+          path: trust-over-ip-configurations
+
+      - name: Lookup latest chart
+        id: chart_version
+        run: |
+          helm repo add traction https://bcgov.github.io/traction
+          helm repo update
+          echo "::set output name=APP_VERSION::$(helm search repo traction -ojson | jq '.[0].app_version')"
+          echo "::set output name=CHART_VERSION::$(helm search repo traction -ojson | jq '.[0].version')"
+
+      - name: Update test
+        env:
+          APP_VERSION: ${{ steps.chart_version.outputs.APP_VERSION }}
+          CHART_VERSION: ${{ steps.chart_version.outputs.CHART_VERSION }}
+        run: |
+          cd trust-over-ip-configurations
+          yq e -i '.appVersion = $APP_VERSION' services/traction/charts/test/Chart.yaml
+          yq e -i '.version = $CHART_VERSION' services/traction/charts/test/Chart.yaml
+          yq e -i '.dependencies[0].version = $CHART_VERSION' services/traction/charts/test/Chart.yaml
+
+      - name: Update prod
+        env:
+          APP_VERSION: ${{ steps.chart_version.outputs.APP_VERSION }}
+          CHART_VERSION: ${{ steps.chart_version.outputs.CHART_VERSION }}
+        run: |
+          cd trust-over-ip-configurations
+          yq e -i '.appVersion = $APP_VERSION' services/traction/charts/prod/Chart.yaml
+          yq e -i '.version = $CHART_VERSION' services/traction/charts/prod/Chart.yaml
+          yq e -i '.dependencies[0].version = $CHART_VERSION' services/traction/charts/prod/Chart.yaml
+
+      - name: Commit and Push to trust-over-ip-configurations Repo
+        run: |
+          cd trust-over-ip-configurations
+          git config user.name "github-actions[bot]"
+          git config user.email "github-actions[bot]@users.noreply.github.com"
+          git add services/traction/charts/test/Chart.yaml services/traction/charts/prod/Chart.yaml
+          git commit -m "Update chart and app versions" || echo "No changes to commit"
+          git push origin main
+
+      - name: Trigger and wait for GitOps sync workflow
+        uses: convictional/[email protected]
+        id: workflow-trigger
+        with:
+          owner: bcgov
+          repo: trust-over-ip-configurations
+          github_token: ${{ secrets.DITP_CONFIGS_REPO_TOKEN }}
+          workflow_file_name: gitops_sync.yaml
+
+      - name: Trigger ArgoCD Sync of bc0192-test-traction
+        uses: OpsVerseIO/[email protected]
+        with:
+          address: https://gitops-shared.apps.silver.devops.gov.bc.ca
+          token: ${{ secrets.DITP_GITOPS_ARGO_SECRET}}
+          action: sync
+          appName: "bc0192-test-traction"
diff --git a/.github/workflows/on_push_main.yaml b/.github/workflows/on_push_main.yaml
@@ -1,4 +1,4 @@
-name: Build & Deploy Development
+name: Build, Update Config, and Deploy Development
 on:
   workflow_dispatch:
   push:
@@ -69,19 +69,123 @@ jobs:
       image_tag: ${{ steps.builder.outputs.image_tag }}
       image_version: ${{ steps.builder.outputs.image_version }}
 
-  deploy:
+  check_helm_changes:
+    runs-on: ubuntu-latest
+    name: Check for Helm Chart changes
+    outputs:
+      helm_changed: ${{ steps.list-changed.outputs.changed }}
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up chart-testing
+        uses: helm/[email protected]
+
+      - name: Run chart-testing (list-changed)
+        id: list-changed
+        run: |
+          changed=$(ct list-changed --target-branch ${{ github.event.repository.default_branch }})
+          if [[ -n "$changed" ]]; then
+            echo "changed=true" >> "$GITHUB_OUTPUT"
+          fi
+
+  update_configs_repo:
+    runs-on: ubuntu-latest
+    name: Update Configurations Repo
+    needs:
+      - build_ui
+      - build_acapy
+      - build_proxy
+      - check_helm_changes
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Checkout services directory from the trust-over-ip-configurations repo
+        uses: actions/checkout@v4
+        with:
+          repository: bcgov/trust-over-ip-configurations
+          ssh-key: ${{ secrets.DITP_GITOPS_REPO_SECRET }}
+          sparse-checkout: |
+            services
+          path: trust-over-ip-configurations
+
+      - name: Lookup Helm Chart and App versions
+        id: chart_version
+        run: |
+          helm repo add traction https://bcgov.github.io/traction
+          helm repo update
+          echo "PUBLISHED_APP_VERSION=$(helm search repo traction -ojson | jq -r '.[0].app_version')" >> $GITHUB_OUTPUT
+          echo "PUBLISHED_CHART_VERSION=$(helm search repo traction -ojson | jq -r '.[0].version')" >> $GITHUB_OUTPUT
+          echo "LOCAL_APP_VERSION=$(yq e .appVersion charts/traction/Chart.yaml)" >> $GITHUB_OUTPUT
+          echo "LOCAL_CHART_VERSION=$(yq e .version charts/traction/Chart.yaml)" >> $GITHUB_OUTPUT
+
+      - name: Update versions
+        env:
+          IMAGE_TAG: ${{ needs.build_acapy.outputs.image_version }}
+        run: |
+          cd trust-over-ip-configurations
+          if [[ "${{ needs.check_helm_changes.outputs.helm_changed }}" == "true" ]]; then
+            APP_VERSION="${{ steps.chart_version.outputs.LOCAL_APP_VERSION }}"
+            CHART_VERSION="${{ steps.chart_version.outputs.LOCAL_CHART_VERSION }}"
+          else
+            APP_VERSION="${{ steps.chart_version.outputs.PUBLISHED_APP_VERSION }}"
+            CHART_VERSION="${{ steps.chart_version.outputs.PUBLISHED_CHART_VERSION }}"
+          fi
+
+          yq e -i '.appVersion = $APP_VERSION' services/traction/charts/dev/Chart.yaml
+          yq e -i '.version = $CHART_VERSION' services/traction/charts/dev/Chart.yaml
+          yq e -i '.dependencies[0].version = $CHART_VERSION' services/traction/charts/dev/Chart.yaml
+          yq e -i '.traction.acapy.image.tag = $IMAGE_TAG' services/traction/charts/dev/values.yaml
+          yq e -i '.traction.tenant_proxy.image.tag = $IMAGE_TAG' services/traction/charts/dev/values.yaml
+          yq e -i '.traction.ui.image.tag = $IMAGE_TAG' services/traction/charts/dev/values.yaml
+
+      - name: Commit and Push to trust-over-ip-configurations Repo
+        run: |
+          cd trust-over-ip-configurations
+          git config user.name "github-actions[bot]"
+          git config user.email "github-actions[bot]@users.noreply.github.com"
+          git add services/traction/charts/dev/values.yaml services/traction/charts/dev/Chart.yaml
+          git commit -m "Update chart version and image tags" || echo "No changes to commit"
+          git push origin main
+
+      - uses: convictional/[email protected]
+        id: workflow-trigger
+        with:
+          owner: bcgov
+          repo: trust-over-ip-configurations
+          github_token: ${{ secrets.DITP_CONFIGS_REPO_TOKEN }}
+          workflow_file_name: gitops_sync.yaml
+
+      - name: Trigger ArgoCD Sync of bc0192-dev-traction
+        uses: OpsVerseIO/[email protected]
+        if: needs.check_helm_changes.outputs.helm_changed != 'true' && steps.workflow-trigger.outputs.conclusion == 'success'
+        with:
+          address: https://gitops-shared.apps.silver.devops.gov.bc.ca
+          token: ${{ secrets.DITP_GITOPS_ARGO_SECRET}}
+          action: sync
+          appName: "bc0192-dev-traction"
+
+  deploy_dev:
     name: Deploy Dev
     environment: development
     runs-on: ubuntu-latest
     needs:
       - build_ui
       - build_acapy
       - build_proxy
-    if: ${{ always() && contains(needs.*.result, 'success') && !(contains(needs.*.result, 'failure')) && (github.repository_owner == 'bcgov') }}
-
+      - check_helm_changes
+    if: ${{ needs.check_helm_changes.outputs.helm_changed == 'true' && contains(needs.*.result, 'success') && !(contains(needs.*.result, 'failure')) && (github.repository_owner == 'bcgov') }}
     steps:
       - uses: actions/checkout@v4
 
+      - name: Checkout services directory from the trust-over-ip-configurations repo
+        uses: actions/checkout@v4
+        with:
+          repository: bcgov/trust-over-ip-configurations
+          ssh-key: ${{ secrets.DITP_GITOPS_REPO_SECRET }}
+          sparse-checkout: |
+            services
+          path: trust-over-ip-configurations
+
       - name: Authenticate and set context
         uses: redhat-actions/oc-login@v1
         with:
@@ -90,9 +194,11 @@ jobs:
           certificate_authority_data: ${{ secrets.OPENSHIFT_CA_CRT }}
           namespace: ${{ secrets.OPENSHIFT_NAMESPACE }}
 
-      - name: Traction Dev Helm
+      - name: Deploy Traction to Development
         run: |
-          helm upgrade --install traction -f ./deploy/traction/values-development.yaml --set acapy.image.tag=${{ needs.build_acapy.outputs.image_version }} --set tenant_proxy.image.tag=${{ needs.build_acapy.outputs.image_version }} --set ui.image.tag=${{ needs.build_ui.outputs.image_version }} ./charts/traction --wait
+          cp trust-over-ip-configurations/services/traction/charts/dev/values.yaml ./dev-values.yaml
+          yq e -i 'del(.traction) | . *= load("trust-over-ip-configurations/services/traction/charts/dev/values.yaml").traction' ./dev-values.yaml
+          helm upgrade --install traction -f ./dev-values.yaml --set acapy.image.tag=${{ needs.build_acapy.outputs.image_version }} --set tenant_proxy.image.tag=${{ needs.build_acapy.outputs.image_version }} --set ui.image.tag=${{ needs.build_ui.outputs.image_version }} ./charts/traction --wait
 
       - name: Restart Deployments
         run: |