.github/workflows/on-pr-opened.yaml
name: Pull Request Opened
env:
ACRONYM: coms
APP_NAME: common-object-management-service
NAMESPACE_PREFIX: bb17f9
on:
pull_request:
branches:
- master
types:
- opened
- reopened
- synchronize
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
jobs:
build:
name: Build & Push
if: "! github.event.pull_request.head.repo.fork"
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Build & Push
uses: ./.github/actions/build-push-container
with:
context: .
image_name: ${{ env.APP_NAME }}
github_username: ${{ github.repository_owner }}
github_token: ${{ secrets.GITHUB_TOKEN }}
deploy-pr-dev:
name: Deploy Pull Request to Dev
environment:
name: pr
url: https://${{ env.ACRONYM }}-dev-pr-${{ github.event.number }}.apps.silver.devops.gov.bc.ca
runs-on: ubuntu-latest
needs: build
timeout-minutes: 12 # increase for crunchyDB ?
steps:
# TODO: does pr-123 user need to own database pr-123 in order to connect run knex migrations?
- name: Login to OpenShift Cluster
uses: redhat-actions/oc-login@v1
with:
openshift_server_url: ${{ secrets.OPENSHIFT_SERVER }}
openshift_token: ${{ secrets.OPENSHIFT_TOKEN }}
insecure_skip_tls_verify: true
namespace: ${{ env.NAMESPACE_PREFIX }}-dev
- name: Add PR specific user to Crunchy DB
shell: bash
run: |
echo 'Adding PR specific user to Crunchy DB'
NEW_USER='{"databases":["pr-${{ github.event.number }}"],"name":"pr-${{ github.event.number }}"}'
CURRENT_USERS=$(oc get PostgresCluster/postgres-master -o json | jq '.spec.users')
echo "${CURRENT_USERS}"
# check if current_users already contains the new_user
if echo "${CURRENT_USERS}" | jq -e ".[] | select(.name == \"pr-${{ github.event.number }}\")" > /dev/null; then
echo "User already exists"
exit 0
fi
UPDATED_USERS=$(echo "${CURRENT_USERS}" | jq --argjson NEW_USER "${NEW_USER}" '. + [$NEW_USER]')
PATCH_JSON=$(jq -n --argjson users "${UPDATED_USERS}" '{"spec": {"users": $users}}')
oc patch PostgresCluster/postgres-master --type=merge -p "${PATCH_JSON}"
# wait for sometime as it takes time to create the user, query the secret and check if it is created, otherwise wait in a loop for 5 rounds
for i in {1..5}; do
if oc get secret postgres-master-pguser-pr-${{ github.event.number }} -o jsonpath='{.metadata.name}' > /dev/null; then
echo "Secret created"
break
else
echo "Secret not created, waiting for 60 seconds"
sleep 60
fi
done
# when secret is created in previous step, postgres should be ready
# patch echo 'Make PR user owner of PR database'
CRUNCHY_PG_PRIMARY_POD_NAME=$(oc get pods -l postgres-operator.crunchydata.com/role=master -o json | jq -r '.items[0].metadata.name')
oc exec "${CRUNCHY_PG_PRIMARY_POD_NAME}" -- psql -c "ALTER DATABASE \"pr-${{ github.event.number }}\" OWNER TO \"pr-${{ github.event.number }}\""
- name: Checkout
uses: actions/checkout@v4
- name: Deploy to Dev
uses: ./.github/actions/deploy-to-environment
with:
app_name: ${{ env.APP_NAME }}
acronym: ${{ env.ACRONYM }}
environment: pr
deploy_postgres: false
job_name: pr-${{ github.event.number }}
namespace_prefix: ${{ env.NAMESPACE_PREFIX }}
namespace_environment: dev
openshift_server: ${{ secrets.OPENSHIFT_SERVER }}
openshift_token: ${{ secrets.OPENSHIFT_TOKEN }}
- name: Release Comment on PR
uses: marocchino/sticky-pull-request-comment@v2
if: success()
with:
header: release
message: |
Release ${{ github.sha }} deployed at <https://${{ env.ACRONYM }}-dev-pr-${{ github.event.number }}.apps.silver.devops.gov.bc.ca>