Deploy Nginx Proxy #2

Workflow file for this run

.github/workflows/deploy-to-openshift-nginx-dev.yml at 9e1020f

	name: Deploy Nginx Proxy

	env:
	# EDIT your repository secrets to log into your OpenShift cluster and set up the context.
	# See https://github.com/redhat-actions/oc-login#readme for how to retrieve these values.
	# To get a permanent token, refer to https://github.com/redhat-actions/oc-login/wiki/Using-a-Service-Account-for-GitHub-Actions
	OPENSHIFT_SERVER: ${{ secrets.OPENSHIFT_SERVER }}
	OPENSHIFT_TOKEN: ${{ secrets.OPENSHIFT_TOKEN }}
	# EDIT to set the kube context's namespace after login. Leave blank to use your user's default namespace.
	OPENSHIFT_NAMESPACE: ${{ secrets.CCOF_NAMESPACE_NO_ENV }}-dev

	# EDIT to change the image registry setting
	# Registries such as GHCR, Quay.io, and Docker Hub are supported.
	IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }}
	IMAGE_REGISTRY_PASSWORD: ${{ github.token }}

	DOCKER_ARTIFACTORY_REPO: artifacts.developer.gov.bc.ca/docker-remote

	APP_NAME: "ccof"
	REPO_NAME: "educ-ccof"
	# grabs the branch name from github dynamically
	BRANCH: ${{ github.ref_name }}
	APP_ENVIRONMENT: "dev"

	MIN_REPLICAS: "1"
	MAX_REPLICAS: "2"
	MIN_CPU: "50m"
	MAX_CPU: "100m"
	MIN_MEM: "200Mi"
	MAX_MEM: "250Mi"

	on:
	workflow_dispatch:

	jobs:
	openshift-ci-cd:
	name: Deploy nginx reverse proxy to Openshift
	runs-on: ubuntu-24.04
	environment: dev

	outputs:
	ROUTE: ${{ steps.deploy-and-expose.outputs.route }}
	SELECTOR: ${{ steps.deploy-and-expose.outputs.selector }}

	steps:
	- name: Check for required secrets
	uses: actions/github-script@v4
	with:
	script: \|
	const secrets = {
	OPENSHIFT_SERVER: `${{ secrets.OPENSHIFT_SERVER }}`,
	OPENSHIFT_TOKEN: `${{ secrets.OPENSHIFT_TOKEN }}`,
	};

	const GHCR = "ghcr.io";
	if (`${{ env.IMAGE_REGISTRY }}`.startsWith(GHCR)) {
	core.info(`Image registry is ${GHCR} - no registry password required`);
	}
	else {
	core.info("A registry password is required");
	secrets["IMAGE_REGISTRY_PASSWORD"] = `${{ secrets.IMAGE_REGISTRY_PASSWORD }}`;
	}

	const missingSecrets = Object.entries(secrets).filter(([ name, value ]) => {
	if (value.length === 0) {
	core.error(`Secret "${name}" is not set`);
	return true;
	}
	core.info(`Secret "${name}" is set`);
	return false;
	});

	if (missingSecrets.length > 0) {
	core.setFailed(`At least one required secret is not set in the repository. \n` +
	"You can add it using:\n" +
	"GitHub UI: https://docs.github.com/en/actions/reference/encrypted-secrets#creating-encrypted-secrets-for-a-repository \n" +
	"GitHub CLI: https://cli.github.com/manual/gh_secret_set \n" +
	"Also, refer to https://github.com/redhat-actions/oc-login#getting-started-with-the-action-or-see-example");
	}
	else {
	core.info(`All the required secrets are set`);
	}

	- name: Check out repository with branch [${{ env.BRANCH }}]
	uses: actions/checkout@v2
	with:
	ref: ${{ env.BRANCH }}

	- name: Install oc
	uses: redhat-actions/openshift-tools-installer@v1
	with:
	oc: 4.16

	- name: Deploy
	run: \|
	set -eux
	# Login to OpenShift and select project
	oc login --token=${{ env.OPENSHIFT_TOKEN }} --server=${{ env.OPENSHIFT_SERVER }}
	oc project ${{ env.OPENSHIFT_NAMESPACE }}

	# Cancel any rollouts in progress
	oc rollout cancel deployment/${{ env.APP_NAME }}-nginx-${{ env.APP_ENVIRONMENT }} 2> /dev/null \
	\|\| true && echo "No rollout in progress"

	# Process and apply nginx deployment template
	oc process \
	-f tools/openshift/nginx.deployment.yaml \
	-p APP_NAME=${{ env.APP_NAME }} \
	-p REPO_NAME=${{ env.REPO_NAME }} \
	-p BRANCH=${{ env.BRANCH }} \
	-p NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} \
	-p MIN_REPLICAS=${{ env.MIN_REPLICAS }} \
	-p MAX_REPLICAS=${{ env.MAX_REPLICAS }} \
	-p MIN_CPU=${{ env.MIN_CPU }} \
	-p MAX_CPU=${{ env.MAX_CPU }} \
	-p MIN_MEM=${{ env.MIN_MEM }} \
	-p MAX_MEM=${{ env.MAX_MEM }} \
	-p HOST_ROUTE=${{ secrets.NGINX_HOST_ROUTE }} \
	-p APP_ENVIRONMENT=${{ env.APP_ENVIRONMENT }} \
	-p NGINX_BASIC_AUTH_TOKEN=${{ secrets.NGINX_BASIC_AUTH_TOKEN }} \
	\| oc apply -f -

	API_CLUSTER_ADDRESS="http://${{ secrets.D365_API_PREFIX }}-${{ env.APP_ENVIRONMENT }}.${{ env.OPENSHIFT_NAMESPACE }}.svc.cluster.local:5091"

	# Generate and apply ConfigMap
	cat << CONF > /tmp/nginx_conf
	server {
	listen 8080 default_server;
	location / {
	proxy_ignore_client_abort on;
	proxy_pass $API_CLUSTER_ADDRESS;
	proxy_redirect off;
	proxy_set_header X-Real-IP \$remote_addr;
	proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
	proxy_set_header Host \$http_host;
	expires -1;
	proxy_no_cache 1;
	auth_basic "Authentication Required";
	auth_basic_user_file /etc/nginx/conf.d/htpasswd;
	}
	location /api/Health {
	proxy_ignore_client_abort on;
	proxy_pass $API_CLUSTER_ADDRESS/api/Health;
	proxy_redirect off;
	proxy_set_header X-Real-IP \$remote_addr;
	proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
	proxy_set_header Host \$http_host;
	expires -1;
	proxy_no_cache 1;
	}
	}
	CONF

	cat <<- \EOF \| sed 's/^ \+//g' > /tmp/nginx_htpasswd
	${{ secrets.NGINX_HTPASSWD_FILE }}
	EOF

	echo Creating config map "${{ env.APP_NAME }}-nginx-config-map"
	oc create -n "${{ env.OPENSHIFT_NAMESPACE }}" \
	configmap "${{ env.APP_NAME }}-nginx-config-map" \
	--from-file=default.conf=/tmp/nginx_conf \
	--from-file=htpasswd=/tmp/nginx_htpasswd \
	--dry-run=client -o yaml \| oc apply -f -

	# Start rollout of nginx
	oc rollout restart deployment/${{ env.APP_NAME }}-nginx-${{ env.APP_ENVIRONMENT }} 2> /dev/null \
	\|\| true && echo "Rollout in progress"

	# Get status, returns 0 if rollout is successful
	oc rollout status deployment/${{ env.APP_NAME }}-nginx-${{ env.APP_ENVIRONMENT }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Deploy Nginx Proxy #2

Workflow file

Deploy Nginx Proxy #2

Jobs

Run details

Workflow file for this run