EPIC.submit/.github/workflows/api-cd.yml at develop · bcgov/EPIC.submit · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
name: SUBMIT API CD


on:
  push:
    branches:
      - develop
    paths:
      - "submit-api/**"
  workflow_dispatch:
    inputs:
      environment:
        description: "Environment (dev/test/prod)"
        required: true
        default: "dev"

defaults:
  run:
    shell: bash
    working-directory: ./submit-api

env:
  APP_NAME: "submit-api"
  TAG_NAME: "${{ github.event.inputs.environment || 'dev' }}" # If the environment type is manually selected, use the input value; otherwise, use 'dev' as default

jobs:
  api-cd:
    runs-on: ubuntu-22.04

    if: github.repository == 'bcgov/EPIC.submit'
    environment:
      name: "dev"

    steps:
      - uses: actions/checkout@v2

      - name: Login Openshift
        shell: bash
        run: |
          oc login --server=${{secrets.OPENSHIFT_LOGIN_REGISTRY}} --token=${{secrets.OPENSHIFT_SA_TOKEN}}

      - name: Login Docker
        run: |
          echo "${{ secrets.OPENSHIFT_SA_TOKEN }}" |
          docker login ${{ secrets.OPENSHIFT_IMAGE_REGISTRY }} -u ${{ secrets.OPENSHIFT_SA_NAME}} --password-stdin

      - name: Build image
        run: |
          docker build . --file Dockerfile --tag image

      - name: Push image
        run: |
          IMAGE_ID=${{ secrets.OPENSHIFT_IMAGE_REGISTRY }}/"${{ secrets.OPENSHIFT_REPOSITORY}}-tools"/$APP_NAME
          docker tag image $IMAGE_ID:latest
          docker push $IMAGE_ID:latest
          docker image tag $IMAGE_ID:latest $IMAGE_ID:$TAG_NAME
          docker push $IMAGE_ID:$TAG_NAME
      - name: Add essential metadata to OpenShift
        run: |
          oc project ${{ secrets.OPENSHIFT_REPOSITORY }}-tools

          COMMIT_SHA=${{ github.sha }}
          SHORT_SHA=$(echo ${{ github.sha }} | cut -c1-7)

          echo "=== BUILD INFORMATION ==="
          echo "Commit SHA: $COMMIT_SHA"
          echo "Short SHA: $SHORT_SHA"
          echo "Commit Message: ${{ github.event.head_commit.message }}"
          echo "Build Date: $(date -u +'%Y-%m-%dT%H:%M:%SZ')"
          echo "Environment: $TAG_NAME"
          echo "========================="

          # Only store essential info in annotations
          # Sanitize commit message to avoid shell injection
          COMMIT_MSG=$(echo "${{ github.event.head_commit.message }}" | tr -d '\n' | sed "s/[^a-zA-Z0-9 ._-]//g" | cut -c1-100)
          AUTHOR_NAME=$(echo "${{ github.event.head_commit.author.name }}" | sed "s/[^a-zA-Z0-9 ._-]//g")

          oc annotate istag submit-api:$TAG_NAME \
            commit-sha="${{ github.sha }}" \
            build-info="${SHORT_SHA} by ${AUTHOR_NAME} on $(date -u +'%Y-%m-%d %H:%M') - ${COMMIT_MSG}" \
            --overwrite

      - name: Rollout
        shell: bash
        run: |
          oc rollout restart deployment/${{ env.APP_NAME }} -n ${{ secrets.OPENSHIFT_REPOSITORY }}-${{ env.TAG_NAME }}