Modernize eagle-api deployment pipeline #20

Workflow file for this run

.github/workflows/deploy-to-dev.yaml at 3e8fcf0

	# =============================================================================
	# Deploy to Dev
	# =============================================================================
	# Triggered on push to develop branch.
	# Builds Docker image, scans for vulnerabilities, pushes to OpenShift registry,
	# and deploys with Helm.
	# =============================================================================

	name: Deploy to Dev

	on:
	push:
	branches:
	- develop
	paths-ignore:
	- ".github/**"
	- "helm/eagle-api/README.md"
	workflow_dispatch:

	permissions: write-all

	env:
	OPENSHIFT_NAMESPACE_TOOLS: 6cdc9e-tools
	OPENSHIFT_NAMESPACE_DEV: 6cdc9e-dev
	IMAGE_NAME: eagle-api
	APP_NAME: eagle-api

	jobs:
	install:
	name: Install Dependencies
	runs-on: ubuntu-latest
	strategy:
	matrix:
	node-version: [22.x]
	steps:
	- name: Checkout
	uses: actions/checkout@v4

	- name: Enable Corepack
	run: corepack enable

	- name: Setup node
	uses: actions/setup-node@v4
	with:
	node-version: ${{ matrix.node-version }}
	cache: "yarn"

	- run: yarn install --immutable

	lint:
	name: Lint
	runs-on: ubuntu-latest
	needs: install
	strategy:
	matrix:
	node-version: [22.x]
	steps:
	- name: Checkout
	uses: actions/checkout@v4

	- name: Enable Corepack
	run: corepack enable

	- name: Setup node
	uses: actions/setup-node@v4
	with:
	node-version: ${{ matrix.node-version }}
	cache: "yarn"

	- run: yarn install --immutable
	- name: Lint (stubbed)
	run: \|
	echo "Linting skipped - not configured for eagle-api"
	exit 0

	test:
	name: Test
	runs-on: ubuntu-latest
	needs: install
	strategy:
	matrix:
	node-version: [22.x]
	steps:
	- name: Checkout
	uses: actions/checkout@v4

	- name: Enable Corepack
	run: corepack enable

	- name: Setup node
	uses: actions/setup-node@v4
	with:
	node-version: ${{ matrix.node-version }}
	cache: "yarn"

	- run: yarn install --immutable
	- run: yarn test

	build:
	name: Build
	runs-on: ubuntu-latest
	needs: install
	strategy:
	matrix:
	node-version: [22.x]
	steps:
	- name: Checkout
	uses: actions/checkout@v4

	- name: Enable Corepack
	run: corepack enable

	- name: Setup node
	uses: actions/setup-node@v4
	with:
	node-version: ${{ matrix.node-version }}
	cache: "yarn"

	- run: yarn install --immutable

	scan:
	name: Security Scan
	runs-on: ubuntu-latest
	needs: [lint, test, build]
	outputs:
	SHORT_SHA: ${{ steps.short-sha.outputs.SHA }}
	steps:
	- name: Checkout repository
	uses: actions/checkout@v4

	- name: Get short SHA
	id: short-sha
	run: echo "SHA=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT

	- name: Build Docker image for scanning
	uses: docker/build-push-action@v6
	with:
	context: .
	push: false
	tags: ${{ env.IMAGE_NAME }}:${{ steps.short-sha.outputs.SHA }}
	load: true

	- name: Run Trivy vulnerability scanner
	uses: aquasecurity/trivy-action@master
	with:
	image-ref: ${{ env.IMAGE_NAME }}:${{ steps.short-sha.outputs.SHA }}
	format: 'table'
	exit-code: '1'
	ignore-unfixed: true
	vuln-type: 'os,library'
	severity: 'CRITICAL,HIGH'

	push:
	name: Push Image
	runs-on: ubuntu-latest
	needs: scan
	outputs:
	IMAGE_TAG: ${{ steps.push.outputs.digest }}
	SHORT_SHA: ${{ needs.scan.outputs.SHORT_SHA }}
	steps:
	- name: Checkout repository
	uses: actions/checkout@v4

	- name: Login to OpenShift registry
	uses: docker/login-action@v3
	with:
	registry: ${{ secrets.OPENSHIFT_REPOSITORY }}
	username: ${{ secrets.OPENSHIFT_REPOSITORY_USERNAME }}
	password: ${{ secrets.OPENSHIFT_REPOSITORY_PASSWORD }}

	- name: Build and push Docker image
	id: push
	uses: docker/build-push-action@v6
	with:
	context: .
	push: true
	tags: \|
	${{ secrets.OPENSHIFT_REPOSITORY }}/${{ env.OPENSHIFT_NAMESPACE_TOOLS }}/${{ env.IMAGE_NAME }}:dev
	${{ secrets.OPENSHIFT_REPOSITORY }}/${{ env.OPENSHIFT_NAMESPACE_TOOLS }}/${{ env.IMAGE_NAME }}:ci-latest
	${{ secrets.OPENSHIFT_REPOSITORY }}/${{ env.OPENSHIFT_NAMESPACE_TOOLS }}/${{ env.IMAGE_NAME }}:${{ needs.scan.outputs.SHORT_SHA }}

	deploy:
	name: Deploy to Dev
	needs: push
	runs-on: ubuntu-latest
	steps:
	- name: Checkout repository
	uses: actions/checkout@v4

	- name: Install OpenShift CLI
	run: \|
	curl -LO "https://mirror.openshift.com/pub/openshift-v4/clients/ocp/latest/openshift-client-linux.tar.gz"
	tar -xvzf openshift-client-linux.tar.gz
	sudo mv oc /usr/local/bin/
	rm -f openshift-client-linux.tar.gz

	- name: Install Helm
	run: \|
	curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 \| bash
	helm version

	- name: Log into OpenShift
	uses: redhat-actions/oc-login@v1
	with:
	openshift_server_url: ${{ secrets.OPENSHIFT_URL }}
	openshift_token: ${{ secrets.OPENSHIFT_TOKEN }}
	namespace: ${{ env.OPENSHIFT_NAMESPACE_DEV }}

	- name: Tag images in OpenShift ImageStream
	run: \|
	echo "Tagging images in OpenShift ImageStream..."
	oc -n ${{ env.OPENSHIFT_NAMESPACE_TOOLS }} tag \
	${{ env.IMAGE_NAME }}:${{ needs.push.outputs.SHORT_SHA }} ${{ env.IMAGE_NAME }}:dev

	oc -n ${{ env.OPENSHIFT_NAMESPACE_TOOLS }} tag \
	${{ env.IMAGE_NAME }}:${{ needs.push.outputs.SHORT_SHA }} ${{ env.IMAGE_NAME }}:ci-latest

	- name: Deploy with Helm
	run: \|
	helm upgrade --install ${{ env.APP_NAME }} ./helm/${{ env.APP_NAME }} \
	--namespace ${{ env.OPENSHIFT_NAMESPACE_DEV }} \
	--values ./helm/${{ env.APP_NAME }}/values-dev.yaml \
	--set image.tag=dev \
	--wait --timeout=5m

	echo "Restarting deployment to pull updated image..."
	oc rollout restart deployment/${{ env.APP_NAME }} -n ${{ env.OPENSHIFT_NAMESPACE_DEV }}

	- name: Verify deployment
	run: \|
	echo "Waiting for rollout to complete..."
	oc rollout status deployment/${{ env.APP_NAME }} -n ${{ env.OPENSHIFT_NAMESPACE_DEV }} --timeout=5m

	echo "Deployment successful!"
	oc get pods -n ${{ env.OPENSHIFT_NAMESPACE_DEV }} -l app.kubernetes.io/name=${{ env.APP_NAME }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Modernize eagle-api deployment pipeline #20

Workflow file

Modernize eagle-api deployment pipeline #20

Uh oh!

Workflow file for this run