From 584755eeb165ca30db4de7872218610d55702f22 Mon Sep 17 00:00:00 2001 From: Derek Roberts Date: Fri, 19 Jan 2024 10:41:46 -0800 Subject: [PATCH 1/3] docs: post deploy hook --- .github/workflows/pr-open.yml | 4 +-- README.md | 47 +++++++++++++++++++++++++++++++---- action.yml | 6 ++--- 3 files changed, 47 insertions(+), 10 deletions(-) diff --git a/.github/workflows/pr-open.yml b/.github/workflows/pr-open.yml index 4acd177..a60377f 100644 --- a/.github/workflows/pr-open.yml +++ b/.github/workflows/pr-open.yml @@ -33,7 +33,7 @@ jobs: overwrite: true parameters: -p MIN_REPLICAS=1 -p MAX_REPLICAS=2 penetration_test: false - post_deploy: | + post_deploy_hook: | oc create job "frontend-$(date +%s)" --from=cronjob/${{ github.event.repository.name }}-${{ github.event.number }}-cronjob steps: - uses: actions/checkout@v4 @@ -50,5 +50,5 @@ jobs: -p ZONE=${{ github.event.number }} -p NAME=${{ github.event.repository.name }} ${{ matrix.parameters }} penetration_test: ${{ matrix.penetration_test }} - post_deploy: ${{ matrix.post_deploy }} + post_deploy_hook: ${{ matrix.post_deploy_hook }} verification_path: ${{ matrix.verification_path }} diff --git a/README.md b/README.md index 2f81438..4ca1dd0 100644 --- a/README.md +++ b/README.md @@ -5,8 +5,8 @@ [![Lifecycle](https://img.shields.io/badge/Lifecycle-Experimental-339999)](https://github.com/bcgov/repomountie/blob/master/doc/lifecycle-badges.md) -[Issues]: https://docs.github.com/en/issues/tracking-your-work-with-issues/creating-an-issue -[Pull Requests]: https://docs.github.com/en/desktop/contributing-and-collaborating-using-github-desktop/working-with-your-remote-repository-on-github-or-github-enterprise/creating-an-issue-or-pull-request +[issues]: https://docs.github.com/en/issues/tracking-your-work-with-issues/creating-an-issue +[pull requests]: https://docs.github.com/en/desktop/contributing-and-collaborating-using-github-desktop/working-with-your-remote-repository-on-github-or-github-enterprise/creating-an-issue-or-pull-request # OpenShift Deployer with Route Verification or Penetration Testing @@ -51,6 +51,10 @@ Testing has only been done with public containers on ghcr.io (GitHub Container R # Requires `name` to be set if enabled/true penetration_test: false + # Run a command after OpenShift deployment and any verifications + # Useful for cronjobs and migrations + post_deploy_hook: oc create job "thing-$(date +%s)" --from=cronjob/thing + # Timeout seconds, only affects the OpenShift deployment (apply/create) # Default = "15m" timeout: "15m" @@ -174,6 +178,41 @@ steps: triggers: ${{ matrix.triggers }} ``` +# Example, Matrix / Post Deploy Hook + +Deploy and run a follow up command (post deploy hook). Matrix values refernce `post_deploy_hook`, `overwrite` and `triggers`, despite not being present for all deployments. This is acceptable, but unintuitive behaviour. + +```yaml +deploys: +name: Deploys +runs-on: ubuntu-latest + strategy: + matrix: + name: [database, frontend] + include: + - name: database + overwrite: false + file: database/openshift.deploy.yml + - name: frontend + file: frontend/openshift.deploy.yml + parameters: -p MIN_REPLICAS=1 -p MAX_REPLICAS=2 + post_deploy_hook: oc create job "backend-$(date +%s)" --from=cronjob/backend + triggers: ('backend/', 'frontend/') +steps: + - name: Deploys + uses: bcgov-nr/action-deployer-openshift.yml@main + with: + name: ${{ matrix.name }} + file: ${{ matrix.file }} + oc_namespace: ${{ vars.OC_NAMESPACE }} + oc_server: ${{ vars.OC_SERVER }} + oc_token: ${{ secrets.OC_TOKEN }} + overwrite: ${{ matrix.overwrite }} + parameters: ${{ matrix.parameters }} + post_deploy_hook: ${{ matrix.post_deploy_hook }} + triggers: ${{ matrix.triggers }} +``` + # Example, Using a different endpoint for deployment check Deploy a template and set the after deployment check to hit the **/health** endpoint. Multiple GitHub secrets are used. @@ -214,8 +253,6 @@ Pull requests created by Dependabot require their own secrets. See `GitHub Repo Please contribute your ideas! [Issues] and [pull requests] are appreciated. -Idea: Can anyone test with Kubernetes, which OpenShift is based on? - +This Action is provided courtesty of the Forestry Digital Services, part of the Government of British Columbia. --> diff --git a/action.yml b/action.yml index c47a812..2663a3b 100644 --- a/action.yml +++ b/action.yml @@ -34,7 +34,7 @@ inputs: penetration_test_fail: description: Allow ZAProxy alerts to fail the workflow? [true|false] default: "false" - post_deploy: + post_deploy_hook: description: Post deployment command; e.g. oc create job "thing-$(date +%s)" --from=cronjob/thing timeout: description: Timeout for deployment. [default=15m] @@ -239,7 +239,7 @@ runs: token: "${{ inputs.penetration_test_token }}" - name: Post-Deployment - if: inputs.post_deploy != '' + if: inputs.post_deploy_hook != '' shell: bash run: | # Expand for post-deployment steps (optional) @@ -251,7 +251,7 @@ runs: oc project ${{ inputs.oc_namespace }} #Safeguard! # Run post deployment command - ${{ inputs.post_deploy }} + ${{ inputs.post_deploy_hook }} - if: inputs.delete_completed == 'true' shell: bash From de217fbbf53c40c148ef211064c91cd9ed984437 Mon Sep 17 00:00:00 2001 From: Derek Roberts Date: Fri, 19 Jan 2024 11:07:07 -0800 Subject: [PATCH 2/3] rename post_deploy_hook to post_rollout --- .github/workflows/pr-open.yml | 4 ++-- README.md | 10 +++++----- action.yml | 6 +++--- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/.github/workflows/pr-open.yml b/.github/workflows/pr-open.yml index a60377f..b05bd5e 100644 --- a/.github/workflows/pr-open.yml +++ b/.github/workflows/pr-open.yml @@ -33,7 +33,7 @@ jobs: overwrite: true parameters: -p MIN_REPLICAS=1 -p MAX_REPLICAS=2 penetration_test: false - post_deploy_hook: | + post_rollout: | oc create job "frontend-$(date +%s)" --from=cronjob/${{ github.event.repository.name }}-${{ github.event.number }}-cronjob steps: - uses: actions/checkout@v4 @@ -50,5 +50,5 @@ jobs: -p ZONE=${{ github.event.number }} -p NAME=${{ github.event.repository.name }} ${{ matrix.parameters }} penetration_test: ${{ matrix.penetration_test }} - post_deploy_hook: ${{ matrix.post_deploy_hook }} + post_rollout: ${{ matrix.post_rollout }} verification_path: ${{ matrix.verification_path }} diff --git a/README.md b/README.md index 4ca1dd0..b5157c6 100644 --- a/README.md +++ b/README.md @@ -53,7 +53,7 @@ Testing has only been done with public containers on ghcr.io (GitHub Container R # Run a command after OpenShift deployment and any verifications # Useful for cronjobs and migrations - post_deploy_hook: oc create job "thing-$(date +%s)" --from=cronjob/thing + post_rollout: oc create job "thing-$(date +%s)" --from=cronjob/thing # Timeout seconds, only affects the OpenShift deployment (apply/create) # Default = "15m" @@ -178,9 +178,9 @@ steps: triggers: ${{ matrix.triggers }} ``` -# Example, Matrix / Post Deploy Hook +# Example, Matrix / Post Rollout Hook -Deploy and run a follow up command (post deploy hook). Matrix values refernce `post_deploy_hook`, `overwrite` and `triggers`, despite not being present for all deployments. This is acceptable, but unintuitive behaviour. +Deploy and run a command (post hook). Matrix values refernce `post_rollout`, `overwrite` and `triggers`, despite not being present for all deployments. This is acceptable, but unintuitive behaviour. ```yaml deploys: @@ -196,7 +196,7 @@ runs-on: ubuntu-latest - name: frontend file: frontend/openshift.deploy.yml parameters: -p MIN_REPLICAS=1 -p MAX_REPLICAS=2 - post_deploy_hook: oc create job "backend-$(date +%s)" --from=cronjob/backend + post_rollout: oc create job "backend-$(date +%s)" --from=cronjob/backend triggers: ('backend/', 'frontend/') steps: - name: Deploys @@ -209,7 +209,7 @@ steps: oc_token: ${{ secrets.OC_TOKEN }} overwrite: ${{ matrix.overwrite }} parameters: ${{ matrix.parameters }} - post_deploy_hook: ${{ matrix.post_deploy_hook }} + post_rollout: ${{ matrix.post_rollout }} triggers: ${{ matrix.triggers }} ``` diff --git a/action.yml b/action.yml index 2663a3b..f7afef1 100644 --- a/action.yml +++ b/action.yml @@ -34,7 +34,7 @@ inputs: penetration_test_fail: description: Allow ZAProxy alerts to fail the workflow? [true|false] default: "false" - post_deploy_hook: + post_rollout: description: Post deployment command; e.g. oc create job "thing-$(date +%s)" --from=cronjob/thing timeout: description: Timeout for deployment. [default=15m] @@ -239,7 +239,7 @@ runs: token: "${{ inputs.penetration_test_token }}" - name: Post-Deployment - if: inputs.post_deploy_hook != '' + if: inputs.post_rollout != '' shell: bash run: | # Expand for post-deployment steps (optional) @@ -251,7 +251,7 @@ runs: oc project ${{ inputs.oc_namespace }} #Safeguard! # Run post deployment command - ${{ inputs.post_deploy_hook }} + ${{ inputs.post_rollout }} - if: inputs.delete_completed == 'true' shell: bash From 810f5ef1c7c1828adde7e49dbda0c47be45b598b Mon Sep 17 00:00:00 2001 From: Derek Roberts Date: Fri, 19 Jan 2024 11:13:39 -0800 Subject: [PATCH 3/3] Corrections --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index b5157c6..931abdc 100644 --- a/README.md +++ b/README.md @@ -178,9 +178,9 @@ steps: triggers: ${{ matrix.triggers }} ``` -# Example, Matrix / Post Rollout Hook +# Example, Matrix / Post Rollout -Deploy and run a command (post hook). Matrix values refernce `post_rollout`, `overwrite` and `triggers`, despite not being present for all deployments. This is acceptable, but unintuitive behaviour. +Deploy and run a command (post hook). Matrix values reference `post_rollout`, `overwrite` and `triggers`, despite not being present for all deployments. This is acceptable, but unintuitive behaviour. ```yaml deploys: