bcgov/common-object-management-service

View on GitHub
.github/workflows/on-pr-opened.yaml

Summary

Maintainability
Test Coverage
name: Pull Request Opened

env:
  ACRONYM: coms
  APP_NAME: common-object-management-service
  NAMESPACE_PREFIX: bb17f9

on:
  pull_request:
    branches:
      - master
    types:
      - opened
      - reopened
      - synchronize

concurrency:
  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
  cancel-in-progress: true

jobs:
  build:
    name: Build & Push
    if: "! github.event.pull_request.head.repo.fork"
    runs-on: ubuntu-latest
    timeout-minutes: 10
    steps:
      - name: Checkout
        uses: actions/checkout@v4
      - name: Build & Push
        uses: ./.github/actions/build-push-container
        with:
          context: .
          image_name: ${{ env.APP_NAME }}
          github_username: ${{ github.repository_owner }}
          github_token: ${{ secrets.GITHUB_TOKEN }}

  deploy-pr-dev:
    name: Deploy Pull Request to Dev
    environment:
      name: pr
      url: https://${{ env.ACRONYM }}-dev-pr-${{ github.event.number }}.apps.silver.devops.gov.bc.ca
    runs-on: ubuntu-latest
    needs: build
    timeout-minutes: 12 # increase for crunchyDB ?
    steps:
      # TODO: does pr-123 user need to own database pr-123 in order to connect run knex migrations?
      - name: Login to OpenShift Cluster
        uses: redhat-actions/oc-login@v1
        with:
          openshift_server_url: ${{ secrets.OPENSHIFT_SERVER }}
          openshift_token: ${{ secrets.OPENSHIFT_TOKEN }}
          insecure_skip_tls_verify: true
          namespace: ${{ env.NAMESPACE_PREFIX }}-dev
      - name: Add PR specific user to Crunchy DB
        shell: bash
        run: |
          echo 'Adding PR specific user to Crunchy DB'
          NEW_USER='{"databases":["pr-${{ github.event.number }}"],"name":"pr-${{ github.event.number }}"}'
          CURRENT_USERS=$(oc get PostgresCluster/postgres-master -o json | jq '.spec.users')
          echo "${CURRENT_USERS}"
          # check if current_users already contains the new_user
          if echo "${CURRENT_USERS}" | jq -e ".[] | select(.name == \"pr-${{ github.event.number }}\")" > /dev/null; then
            echo "User already exists"
            exit 0
          fi
          UPDATED_USERS=$(echo "${CURRENT_USERS}" | jq --argjson NEW_USER "${NEW_USER}" '. + [$NEW_USER]')
          PATCH_JSON=$(jq -n --argjson users "${UPDATED_USERS}" '{"spec": {"users": $users}}')

          oc patch PostgresCluster/postgres-master --type=merge -p "${PATCH_JSON}"
          # wait for sometime as it takes time to create the user, query the secret and check if it is created, otherwise wait in a loop for 5 rounds
          for i in {1..5}; do
          if oc get secret postgres-master-pguser-pr-${{ github.event.number }} -o jsonpath='{.metadata.name}' > /dev/null; then
              echo "Secret created"
              break
          else
              echo "Secret not created, waiting for 60 seconds"
              sleep 60
          fi
          done

          # when secret is created in previous step, postgres should be ready
          # patch echo 'Make PR user owner of PR database'
          CRUNCHY_PG_PRIMARY_POD_NAME=$(oc get pods -l postgres-operator.crunchydata.com/role=master -o json | jq -r '.items[0].metadata.name')
          oc exec "${CRUNCHY_PG_PRIMARY_POD_NAME}" -- psql -c "ALTER DATABASE \"pr-${{ github.event.number }}\" OWNER TO \"pr-${{ github.event.number }}\""

      - name: Checkout
        uses: actions/checkout@v4
      - name: Deploy to Dev
        uses: ./.github/actions/deploy-to-environment
        with:
          app_name: ${{ env.APP_NAME }}
          acronym: ${{ env.ACRONYM }}
          environment: pr
          deploy_postgres: false
          job_name: pr-${{ github.event.number }}
          namespace_prefix: ${{ env.NAMESPACE_PREFIX }}
          namespace_environment: dev
          openshift_server: ${{ secrets.OPENSHIFT_SERVER }}
          openshift_token: ${{ secrets.OPENSHIFT_TOKEN }}
      - name: Release Comment on PR
        uses: marocchino/sticky-pull-request-comment@v2
        if: success()
        with:
          header: release
          message: |
            Release ${{ github.sha }} deployed at <https://${{ env.ACRONYM }}-dev-pr-${{ github.event.number }}.apps.silver.devops.gov.bc.ca>