Add files via upload #8173
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This workflow uses actions that are not certified by GitHub. | ||
# They are provided by a third-party and are governed by | ||
# separate terms of service, privacy policy, and support | ||
# documentation. | ||
# 💁 The OpenShift Starter workflow will: | ||
# - Checkout your repository | ||
# - Perform a container image build | ||
# - Push the built image to the GitHub Container Registry (GHCR) | ||
# - Log in to your OpenShift cluster | ||
# - Create an OpenShift app from the image and expose it to the internet | ||
# ℹ️ Configure your repository and the workflow with the following steps: | ||
# 1. Have access to an OpenShift cluster. Refer to https://www.openshift.com/try | ||
# 2. Create the OPENSHIFT_SERVER and OPENSHIFT_TOKEN repository secrets. Refer to: | ||
# - https://github.com/redhat-actions/oc-login#readme | ||
# - https://docs.github.com/en/actions/reference/encrypted-secrets | ||
# - https://cli.github.com/manual/gh_secret_set | ||
# 3. (Optional) Edit the top-level 'env' section as marked with '🖊️' if the defaults are not suitable for your project. | ||
# 4. (Optional) Edit the build-image step to build your project. | ||
# The default build type is by using a Dockerfile at the root of the repository, | ||
# but can be replaced with a different file, a source-to-image build, or a step-by-step buildah build. | ||
# 5. Commit and push the workflow file to your default branch to trigger a workflow run. | ||
# 👋 Visit our GitHub organization at https://github.com/redhat-actions/ to see our actions and provide feedback. | ||
name: OpenShift | ||
env: | ||
# 🖊️ EDIT your repository secrets to log into your OpenShift cluster and set up the context. | ||
# See https://github.com/redhat-actions/oc-login#readme for how to retrieve these values. | ||
# To get a permanent token, refer to https://github.com/redhat-actions/oc-login/wiki/Using-a-Service-Account-for-GitHub-Actions | ||
OPENSHIFT_SERVER: ${{ secrets.OPENSHIFT_SERVER }} | ||
OPENSHIFT_TOKEN: ${{ secrets.OPENSHIFT_TOKEN }} | ||
# 🖊️ EDIT to set the kube context's namespace after login. Leave blank to use your user's default namespace. | ||
OPENSHIFT_NAMESPACE: "" | ||
# 🖊️ EDIT to set a name for your OpenShift app, or a default one will be generated below. | ||
APP_NAME: "" | ||
# 🖊️ EDIT with the port your application should be accessible on. | ||
# If the container image exposes *exactly one* port, this can be left blank. | ||
# Refer to the 'port' input of https://github.com/redhat-actions/oc-new-app | ||
APP_PORT: "" | ||
# 🖊️ EDIT to change the image registry settings. | ||
# Registries such as GHCR, Quay.io, and Docker Hub are supported. | ||
IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }} | ||
IMAGE_REGISTRY_USER: ${{ github.actor }} | ||
IMAGE_REGISTRY_PASSWORD: ${{ github.token }} | ||
# 🖊️ EDIT to specify custom tags for the container image, or default tags will be generated below. | ||
IMAGE_TAGS: "" | ||
on: | ||
# https://docs.github.com/en/actions/reference/events-that-trigger-workflows | ||
workflow_dispatch: | ||
push: | ||
# Edit to the branch(es) you want to build and deploy on each push. | ||
branches: [ "main" ] | ||
jobs: | ||
# 🖊️ EDIT if you want to run vulnerability check on your project before deploying | ||
# the application. Please uncomment the below CRDA scan job and configure to run it in | ||
# your workflow. For details about CRDA action visit https://github.com/redhat-actions/crda/blob/main/README.md | ||
# | ||
# TODO: Make sure to add 'CRDA Scan' starter workflow from the 'Actions' tab. | ||
# For guide on adding new starter workflow visit https://docs.github.com/en/github-ae@latest/actions/using-workflows/using-starter-workflows | ||
crda-scan: | ||
uses: ./.github/workflows/crda.yml | ||
Check failure on line 71 in .github/workflows/openshift.yml GitHub Actions / .github/workflows/openshift.ymlInvalid workflow file
|
||
secrets: | ||
CRDA_KEY: ${{ secrets.CRDA_KEY }} | ||
# SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} # Either use SNYK_TOKEN or CRDA_KEY | ||
openshift-ci-cd: | ||
# 🖊️ Uncomment this if you are using CRDA scan step above | ||
# needs: crda-scan | ||
name: Build and deploy to OpenShift | ||
runs-on: ubuntu-20.04 | ||
environment: production | ||
outputs: | ||
ROUTE: ${{ steps.deploy-and-expose.outputs.route }} | ||
SELECTOR: ${{ steps.deploy-and-expose.outputs.selector }} | ||
steps: | ||
- name: Check for required secrets | ||
uses: actions/github-script@v6 | ||
with: | ||
script: | | ||
const secrets = { | ||
OPENSHIFT_SERVER: `${{ secrets.OPENSHIFT_SERVER }}`, | ||
OPENSHIFT_TOKEN: `${{ secrets.OPENSHIFT_TOKEN }}`, | ||
}; | ||
const GHCR = "ghcr.io"; | ||
if (`${{ env.IMAGE_REGISTRY }}`.startsWith(GHCR)) { | ||
core.info(`Image registry is ${GHCR} - no registry password required`); | ||
} | ||
else { | ||
core.info("A registry password is required"); | ||
secrets["IMAGE_REGISTRY_PASSWORD"] = `${{ secrets.IMAGE_REGISTRY_PASSWORD }}`; | ||
} | ||
const missingSecrets = Object.entries(secrets).filter(([ name, value ]) => { | ||
if (value.length === 0) { | ||
core.error(`Secret "${name}" is not set`); | ||
return true; | ||
} | ||
core.info(`✔️ Secret "${name}" is set`); | ||
return false; | ||
}); | ||
if (missingSecrets.length > 0) { | ||
core.setFailed(`❌ At least one required secret is not set in the repository. \n` + | ||
"You can add it using:\n" + | ||
"GitHub UI: https://docs.github.com/en/actions/reference/encrypted-secrets#creating-encrypted-secrets-for-a-repository \n" + | ||
"GitHub CLI: https://cli.github.com/manual/gh_secret_set \n" + | ||
"Also, refer to https://github.com/redhat-actions/oc-login#getting-started-with-the-action-or-see-example"); | ||
} | ||
else { | ||
core.info(`✅ All the required secrets are set`); | ||
} | ||
- name: Check out repository | ||
uses: actions/checkout@v4 | ||
- name: Determine app name | ||
if: env.APP_NAME == '' | ||
run: | | ||
echo "APP_NAME=$(basename $PWD)" | tee -a $GITHUB_ENV | ||
- name: Determine image tags | ||
if: env.IMAGE_TAGS == '' | ||
run: | | ||
echo "IMAGE_TAGS=latest ${GITHUB_SHA::12}" | tee -a $GITHUB_ENV | ||
# https://github.com/redhat-actions/buildah-build#readme | ||
- name: Build from Dockerfile | ||
id: build-image | ||
uses: redhat-actions/buildah-build@v2 | ||
with: | ||
image: ${{ env.APP_NAME }} | ||
tags: ${{ env.IMAGE_TAGS }} | ||
# If you don't have a Dockerfile/Containerfile, refer to https://github.com/redhat-actions/buildah-build#scratch-build-inputs | ||
# Or, perform a source-to-image build using https://github.com/redhat-actions/s2i-build | ||
# Otherwise, point this to your Dockerfile/Containerfile relative to the repository root. | ||
dockerfiles: | | ||
./Dockerfile | ||
# https://github.com/redhat-actions/push-to-registry#readme | ||
- name: Push to registry | ||
id: push-image | ||
uses: redhat-actions/push-to-registry@v2 | ||
with: | ||
image: ${{ steps.build-image.outputs.image }} | ||
tags: ${{ steps.build-image.outputs.tags }} | ||
registry: ${{ env.IMAGE_REGISTRY }} | ||
username: ${{ env.IMAGE_REGISTRY_USER }} | ||
password: ${{ env.IMAGE_REGISTRY_PASSWORD }} | ||
# The path the image was pushed to is now stored in ${{ steps.push-image.outputs.registry-path }} | ||
- name: Install oc | ||
uses: redhat-actions/openshift-tools-installer@v1 | ||
with: | ||
oc: 4 | ||
# https://github.com/redhat-actions/oc-login#readme | ||
- name: Log in to OpenShift | ||
uses: redhat-actions/oc-login@v1 | ||
with: | ||
openshift_server_url: ${{ env.OPENSHIFT_SERVER }} | ||
openshift_token: ${{ env.OPENSHIFT_TOKEN }} | ||
insecure_skip_tls_verify: true | ||
namespace: ${{ env.OPENSHIFT_NAMESPACE }} | ||
# This step should create a deployment, service, and route to run your app and expose it to the internet. | ||
# https://github.com/redhat-actions/oc-new-app#readme | ||
- name: Create and expose app | ||
id: deploy-and-expose | ||
uses: redhat-actions/oc-new-app@v1 | ||
with: | ||
app_name: ${{ env.APP_NAME }} | ||
image: ${{ steps.push-image.outputs.registry-path }} | ||
namespace: ${{ env.OPENSHIFT_NAMESPACE }} | ||
port: ${{ env.APP_PORT }} | ||
- name: Print application URL | ||
env: | ||
ROUTE: ${{ steps.deploy-and-expose.outputs.route }} | ||
SELECTOR: ${{ steps.deploy-and-expose.outputs.selector }} | ||
run: | | ||
[[ -n ${{ env.ROUTE }} ]] || (echo "Determining application route failed in previous step"; exit 1) | ||
echo | ||
echo "======================== Your application is available at: ========================" | ||
echo ${{ env.ROUTE }} | ||
echo "===================================================================================" | ||
echo | ||
echo "Your app can be taken down with: \"oc delete all --selector='${{ env.SELECTOR }}'\"" |