Merge pull request #14 from bcgov/ccof-3672-iac-configmaps

Add configmap generator for qa, test and prod
bcgov · Oct 25, 2024 · 426c2aa · 426c2aa
2 parents 752ab4a + 192852c
commit 426c2aa
Show file tree

Hide file tree

Showing 3 changed files with 54 additions and 18 deletions.
diff --git a/.github/workflows/deploy-to-openshift-prod.yml b/.github/workflows/deploy-to-openshift-prod.yml
@@ -1,17 +1,17 @@
 name: 4 PROD - Deploy Dynamics-API
 
 env:
-  # 🖊️ EDIT your repository secrets to log into your OpenShift cluster and set up the context.
+  # EDIT your repository secrets to log into your OpenShift cluster and set up the context.
   # See https://github.com/redhat-actions/oc-login#readme for how to retrieve these values.
   # To get a permanent token, refer to https://github.com/redhat-actions/oc-login/wiki/Using-a-Service-Account-for-GitHub-Actions
   OPENSHIFT_SERVER: ${{ secrets.OPENSHIFT_SERVER }}
   OPENSHIFT_TOKEN: ${{ secrets.OPENSHIFT_TOKEN }}
-  # 🖊️ EDIT to set the kube context's namespace after login. Leave blank to use your user's default namespace.
+  # EDIT to set the kube context's namespace after login. Leave blank to use your user's default namespace.
   OPENSHIFT_NAMESPACE: ${{ secrets.CCOF_NAMESPACE_NO_ENV }}-prod
 
   # SPLUNK_TOKEN: ${{ secrets.SPLUNK_TOKEN }}
 
-    # 🖊️ EDIT to change the image registry settings.
+  # EDIT to change the image registry settings.
   # Registries such as GHCR, Quay.io, and Docker Hub are supported.
   IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }}
   IMAGE_REGISTRY_USER: ${{ github.actor }}
@@ -72,19 +72,19 @@ jobs:
               core.error(`Secret "${name}" is not set`);
               return true;
             }
-            core.info(`✔️ Secret "${name}" is set`);
+            core.info(`Secret "${name}" is set`);
             return false;
           });
 
           if (missingSecrets.length > 0) {
-            core.setFailed(`❌ At least one required secret is not set in the repository. \n` +
+            core.setFailed(`At least one required secret is not set in the repository. \n` +
               "You can add it using:\n" +
               "GitHub UI: https://docs.github.com/en/actions/reference/encrypted-secrets#creating-encrypted-secrets-for-a-repository \n" +
               "GitHub CLI: https://cli.github.com/manual/gh_secret_set \n" +
               "Also, refer to https://github.com/redhat-actions/oc-login#getting-started-with-the-action-or-see-example");
           }
           else {
-            core.info(`✅ All the required secrets are set`);
+            core.info(`All the required secrets are set`);
           }
 
     - name: Check out repository
@@ -133,6 +133,18 @@ jobs:
            -p APP_ENVIRONMENT=${{ env.APP_ENVIRONMENT }} \
             | oc apply -f -
 
+        # Process update-configmap
+        cat << JSON > /tmp/authentication_settings
+          ${{ secrets.DYNAMICS_AUTHENTICATION_SETTINGS }}
+        JSON
+
+        curl -s https://raw.githubusercontent.com/bcgov/${{ env.REPO_NAME }}/${{ env.BRANCH }}/tools/config/update-configmap.sh \
+          | bash /dev/stdin \
+            ${{ env.APP_ENVIRONMENT }} \
+            ${{ env.APP_NAME }} \
+            ${{ env.OPENSHIFT_NAMESPACE }} \
+            /tmp/authentication_settings
+
         # Start rollout (if necessary) and follow it
         oc rollout latest dc/${{ env.APP_NAME }}-${{ env.IMAGE_NAME }}-${{ env.APP_ENVIRONMENT }}-${{ env.BRANCH }} 2> /dev/null \
             || true && echo "Rollout in progress"

diff --git a/.github/workflows/deploy-to-openshift-qa.yml b/.github/workflows/deploy-to-openshift-qa.yml
@@ -1,17 +1,17 @@
 name: 2 QA - Deploy Dynamics-API
 
 env:
-  # 🖊️ EDIT your repository secrets to log into your OpenShift cluster and set up the context.
+  # EDIT your repository secrets to log into your OpenShift cluster and set up the context.
   # See https://github.com/redhat-actions/oc-login#readme for how to retrieve these values.
   # To get a permanent token, refer to https://github.com/redhat-actions/oc-login/wiki/Using-a-Service-Account-for-GitHub-Actions
   OPENSHIFT_SERVER: ${{ secrets.OPENSHIFT_SERVER }}
   OPENSHIFT_TOKEN: ${{ secrets.OPENSHIFT_TOKEN }}
-  # 🖊️ EDIT to set the kube context's namespace after login. Leave blank to use your user's default namespace.
+  # EDIT to set the kube context's namespace after login. Leave blank to use your user's default namespace.
   OPENSHIFT_NAMESPACE: ${{ secrets.CCOF_NAMESPACE_NO_ENV }}-dev
 
   # SPLUNK_TOKEN: ${{ secrets.SPLUNK_TOKEN }}
 
-    # 🖊️ EDIT to change the image registry settings.
+  # EDIT to change the image registry settings.
   # Registries such as GHCR, Quay.io, and Docker Hub are supported.
   IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }}
   IMAGE_REGISTRY_USER: ${{ github.actor }}
@@ -71,19 +71,19 @@ jobs:
               core.error(`Secret "${name}" is not set`);
               return true;
             }
-            core.info(`✔️ Secret "${name}" is set`);
+            core.info(`Secret "${name}" is set`);
             return false;
           });
 
           if (missingSecrets.length > 0) {
-            core.setFailed(`❌ At least one required secret is not set in the repository. \n` +
+            core.setFailed(`At least one required secret is not set in the repository. \n` +
               "You can add it using:\n" +
               "GitHub UI: https://docs.github.com/en/actions/reference/encrypted-secrets#creating-encrypted-secrets-for-a-repository \n" +
               "GitHub CLI: https://cli.github.com/manual/gh_secret_set \n" +
               "Also, refer to https://github.com/redhat-actions/oc-login#getting-started-with-the-action-or-see-example");
           }
           else {
-            core.info(`✅ All the required secrets are set`);
+            core.info(`All the required secrets are set`);
           }
 
     - name: Check out repository
@@ -132,6 +132,18 @@ jobs:
            -p APP_ENVIRONMENT=${{ env.APP_ENVIRONMENT }} \
             | oc apply -f -
 
+        # Process update-configmap
+        cat << JSON > /tmp/authentication_settings
+          ${{ secrets.DYNAMICS_AUTHENTICATION_SETTINGS }}
+        JSON
+
+        curl -s https://raw.githubusercontent.com/bcgov/${{ env.REPO_NAME }}/${{ env.BRANCH }}/tools/config/update-configmap.sh \
+          | bash /dev/stdin \
+            ${{ env.APP_ENVIRONMENT }} \
+            ${{ env.APP_NAME }} \
+            ${{ env.OPENSHIFT_NAMESPACE }} \
+            /tmp/authentication_settings
+
         # Start rollout (if necessary) and follow it
         oc rollout latest dc/${{ env.APP_NAME }}-${{ env.IMAGE_NAME }}-${{ env.APP_ENVIRONMENT }}-${{ env.BRANCH }} 2> /dev/null \
             || true && echo "Rollout in progress"

diff --git a/.github/workflows/deploy-to-openshift-test.yml b/.github/workflows/deploy-to-openshift-test.yml
@@ -1,17 +1,17 @@
 name: 3 UAT - Deploy Dynamics-API
 
 env:
-  # 🖊️ EDIT your repository secrets to log into your OpenShift cluster and set up the context.
+  # EDIT your repository secrets to log into your OpenShift cluster and set up the context.
   # See https://github.com/redhat-actions/oc-login#readme for how to retrieve these values.
   # To get a permanent token, refer to https://github.com/redhat-actions/oc-login/wiki/Using-a-Service-Account-for-GitHub-Actions
   OPENSHIFT_SERVER: ${{ secrets.OPENSHIFT_SERVER }}
   OPENSHIFT_TOKEN: ${{ secrets.OPENSHIFT_TOKEN }}
-  # 🖊️ EDIT to set the kube context's namespace after login. Leave blank to use your user's default namespace.
+  # EDIT to set the kube context's namespace after login. Leave blank to use your user's default namespace.
   OPENSHIFT_NAMESPACE: ${{ secrets.CCOF_NAMESPACE_NO_ENV }}-test
 
   # SPLUNK_TOKEN: ${{ secrets.SPLUNK_TOKEN }}
 
-    # 🖊️ EDIT to change the image registry settings.
+  # EDIT to change the image registry settings.
   # Registries such as GHCR, Quay.io, and Docker Hub are supported.
   IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }}
   IMAGE_REGISTRY_USER: ${{ github.actor }}
@@ -71,19 +71,19 @@ jobs:
               core.error(`Secret "${name}" is not set`);
               return true;
             }
-            core.info(`✔️ Secret "${name}" is set`);
+            core.info(`Secret "${name}" is set`);
             return false;
           });
 
           if (missingSecrets.length > 0) {
-            core.setFailed(`❌ At least one required secret is not set in the repository. \n` +
+            core.setFailed(`At least one required secret is not set in the repository. \n` +
               "You can add it using:\n" +
               "GitHub UI: https://docs.github.com/en/actions/reference/encrypted-secrets#creating-encrypted-secrets-for-a-repository \n" +
               "GitHub CLI: https://cli.github.com/manual/gh_secret_set \n" +
               "Also, refer to https://github.com/redhat-actions/oc-login#getting-started-with-the-action-or-see-example");
           }
           else {
-            core.info(`✅ All the required secrets are set`);
+            core.info(`All the required secrets are set`);
           }
 
     - name: Check out repository
@@ -132,6 +132,18 @@ jobs:
            -p APP_ENVIRONMENT=${{ env.APP_ENVIRONMENT }} \
             | oc apply -f -
 
+        # Process update-configmap
+        cat << JSON > /tmp/authentication_settings
+          ${{ secrets.DYNAMICS_AUTHENTICATION_SETTINGS }}
+        JSON
+
+        curl -s https://raw.githubusercontent.com/bcgov/${{ env.REPO_NAME }}/${{ env.BRANCH }}/tools/config/update-configmap.sh \
+          | bash /dev/stdin \
+            ${{ env.APP_ENVIRONMENT }} \
+            ${{ env.APP_NAME }} \
+            ${{ env.OPENSHIFT_NAMESPACE }} \
+            /tmp/authentication_settings
+
         # Start rollout (if necessary) and follow it
         oc rollout latest dc/${{ env.APP_NAME }}-${{ env.IMAGE_NAME }}-${{ env.APP_ENVIRONMENT }}-${{ env.BRANCH }} 2> /dev/null \
             || true && echo "Rollout in progress"