Lock file maintenance poetry all non-major dependencies #8707

Workflow file for this run

.github/workflows/deployment.yml at 490da50

	name: Deployment

	on:
	pull_request:
	branches:
	- main

	jobs:
	prepare-dev-database:
	name: Prepare Dev Database
	runs-on: ubuntu-22.04
	steps:
	- name: Set Variables
	shell: bash
	run: \|
	echo "SUFFIX=pr-${{ github.event.number }}" >> $GITHUB_ENV

	- name: Checkout
	uses: actions/checkout@v4

	- name: Deploy PostGIS instance
	shell: bash
	run: \|
	oc login "${{ secrets.OPENSHIFT_CLUSTER }}" --token="${{ secrets.OC4_DEV_TOKEN }}"
	EPHEMERAL_STORAGE=True bash openshift/scripts/oc_provision_db.sh ${SUFFIX} apply

	prepare-dev-database-backups:
	name: Prepare Dev Database Backups
	needs: [prepare-dev-database]
	runs-on: ubuntu-22.04
	steps:
	- name: Set Variables
	shell: bash
	run: \|
	echo "SUFFIX=pr-${{ github.event.number }}" >> $GITHUB_ENV

	- name: Checkout
	uses: actions/checkout@v4

	- name: Postgres Backup Cronjob
	shell: bash
	run: \|
	oc login "${{ secrets.OPENSHIFT_CLUSTER }}" --token="${{ secrets.OC4_DEV_TOKEN }}"
	bash openshift/scripts/oc_provision_backup_s3_postgres_cronjob.sh ${SUFFIX} apply

	build-web-image:
	# Declared ahead of build-api-image ; it runs slightly slower than the api build, and putting
	# it here increases the odds that it get's started 1st, so api and web are slightly more likely
	# to finish building at the same time.
	name: Build Web Image
	runs-on: ubuntu-22.04
	steps:
	- name: Set Variables
	shell: bash
	run: \|
	echo "SUFFIX=pr-${{ github.event.number }}" >> $GITHUB_ENV

	- name: Checkout
	uses: actions/checkout@v4

	- name: Build wps-web Image
	shell: bash
	run: \|
	oc login "${{ secrets.OPENSHIFT_CLUSTER }}" --token="${{ secrets.OC4_TOOL_TOKEN }}"
	GIT_BRANCH=${GITHUB_HEAD_REF} MODULE_NAME=web DOCKER_FILE=Dockerfile.web PATH_BC=openshift/templates/build.web.bc.yaml bash openshift/scripts/oc_build.sh ${SUFFIX} apply

	build-api-image:
	name: Build API Image
	runs-on: ubuntu-22.04
	steps:
	- name: Set Variables
	shell: bash
	run: \|
	echo "SUFFIX=pr-${{ github.event.number }}" >> $GITHUB_ENV

	- name: Checkout
	uses: actions/checkout@v4

	- name: Build wps-api Image
	shell: bash
	run: \|
	oc login "${{ secrets.OPENSHIFT_CLUSTER }}" --token="${{ secrets.OC4_TOOL_TOKEN }}"
	GIT_BRANCH=${GITHUB_HEAD_REF} MODULE_NAME=api bash openshift/scripts/oc_build.sh ${SUFFIX} apply
	# TODO: Delete once pmtiles has run for some time
	# build-tileserv-image:
	# name: Build tileserv Image
	# runs-on: ubuntu-22.04
	# steps:
	# - name: Set Variables
	# shell: bash
	# run: \|
	# echo "SUFFIX=pr-${{ github.event.number }}" >> $GITHUB_ENV

	# - name: Checkout
	# uses: actions/checkout@v4

	# - name: Build wps-tileserv Image
	# shell: bash
	# run: \|
	# oc login "${{ secrets.OPENSHIFT_CLUSTER }}" --token="${{ secrets.OC4_TOOL_TOKEN }}"
	# GIT_BRANCH=${GITHUB_HEAD_REF} MODULE_NAME=tileserv DOCKER_FILE=Dockerfile.tileserv PATH_BC=openshift/templates/tileserv/tileserv_build.yaml bash openshift/scripts/oc_build.sh ${SUFFIX} apply

	configure-nats-server-name:
	name: Configure nats server name
	runs-on: ubuntu-22.04
	steps:
	- name: Set Variables
	shell: bash
	run: \|
	echo "SUFFIX=pr-${{ github.event.number }}" >> $GITHUB_ENV

	- name: Checkout
	uses: actions/checkout@v4

	- name: Configure
	shell: bash
	run: \|
	oc login "${{ secrets.OPENSHIFT_CLUSTER }}" --token="${{ secrets.OC4_DEV_TOKEN }}"
	bash openshift/scripts/oc_provision_nats_server_config.sh ${SUFFIX} apply

	deploy-dev:
	name: Deploy to Dev
	if: github.triggering_actor != 'renovate'
	needs:
	[
	build-api-image,
	build-web-image,
	prepare-dev-database,
	deploy-dev-queue,
	configure-nats-server-name,
	]
	runs-on: ubuntu-22.04
	steps:
	- name: Set Variables
	shell: bash
	run: \|
	echo "SUFFIX=pr-${{ github.event.number }}" >> $GITHUB_ENV

	- name: Checkout
	uses: actions/checkout@v4

	- name: Deploy API to Dev
	shell: bash
	run: \|
	oc login "${{ secrets.OPENSHIFT_CLUSTER }}" --token="${{ secrets.OC4_DEV_TOKEN }}"
	MODULE_NAME=api SECOND_LEVEL_DOMAIN="apps.silver.devops.gov.bc.ca" VANITY_DOMAIN="${SUFFIX}-dev-psu.apps.silver.devops.gov.bc.ca" USE_WFWX="True" bash openshift/scripts/oc_deploy.sh ${SUFFIX} apply

	## TODO: re-enable once crunchy is deployed: https://app.zenhub.com/workspaces/bcws---agile-psu-5e321393e038fba5bbe203b8/issues/gh/bcgov/wps/2340
	- name: Hourly actuals cronjob
	shell: bash
	run: \|
	oc login "${{ secrets.OPENSHIFT_CLUSTER }}" --token="${{ secrets.OC4_DEV_TOKEN }}"
	bash openshift/scripts/oc_provision_wfwx_hourly_actuals_cronjob.sh ${SUFFIX} apply

	# - name: Noon forecasts cronjob
	# shell: bash
	# run: \|
	# oc login "${{ secrets.OPENSHIFT_CLUSTER }}" --token="${{ secrets.OC4_DEV_TOKEN }}"
	# bash openshift/scripts/oc_provision_wfwx_noon_forecasts_cronjob.sh ${SUFFIX} apply

	- name: Environment Canada GDPS cronjob
	shell: bash
	run: \|
	oc login "${{ secrets.OPENSHIFT_CLUSTER }}" --token="${{ secrets.OC4_DEV_TOKEN }}"
	PROJ_DEV="e1e498-dev" bash openshift/scripts/oc_provision_ec_gdps_cronjob.sh ${SUFFIX} apply

	- name: Environment Canada HRDPS cronjob
	shell: bash
	run: \|
	oc login "${{ secrets.OPENSHIFT_CLUSTER }}" --token="${{ secrets.OC4_DEV_TOKEN }}"
	PROJ_DEV="e1e498-dev" bash openshift/scripts/oc_provision_ec_hrdps_cronjob.sh ${SUFFIX} apply

	# - name: Environment Canada RDPS cronjob
	# shell: bash
	# run: \|
	# oc login "${{ secrets.OPENSHIFT_CLUSTER }}" --token="${{ secrets.OC4_DEV_TOKEN }}"
	# PROJ_DEV="e1e498-dev" bash openshift/scripts/oc_provision_ec_rdps_cronjob.sh ${SUFFIX} apply

	- name: NOAA GFS cronjob
	shell: bash
	run: \|
	oc login "${{ secrets.OPENSHIFT_CLUSTER }}" --token="${{ secrets.OC4_DEV_TOKEN }}"
	PROJ_DEV="e1e498-dev" bash openshift/scripts/oc_provision_noaa_gfs_cronjob.sh ${SUFFIX} apply

	- name: NOAA NAM cronjob
	shell: bash
	run: \|
	oc login "${{ secrets.OPENSHIFT_CLUSTER }}" --token="${{ secrets.OC4_DEV_TOKEN }}"
	PROJ_DEV="e1e498-dev" bash openshift/scripts/oc_provision_noaa_nam_cronjob.sh ${SUFFIX} apply

	# TODO: Delete once pmtiles has run for some time
	# deploy-tileserv:
	# name: Deploy tileserv to Dev
	# if: github.triggering_actor != 'renovate'
	# runs-on: ubuntu-22.04
	# # We need
	# # - the image to be built before we can deploy.
	# needs: [build-tileserv-image]
	# steps:
	# - name: Set Variables
	# shell: bash
	# run: \|
	# echo "SUFFIX=pr-${{ github.event.number }}" >> $GITHUB_ENV

	# - name: Checkout
	# uses: actions/checkout@v3

	# - name: Tileserv
	# shell: bash
	# run: \|
	# oc login "${{ secrets.OPENSHIFT_CLUSTER }}" --token="${{ secrets.OC4_DEV_TOKEN }}"
	# PROJ_DEV="e1e498-dev" bash openshift/scripts/oc_provision_tileserv.sh ${SUFFIX} apply

	deploy-dev-queue:
	name: Deploy Message Queue to Dev
	if: github.triggering_actor != 'renovate'
	runs-on: ubuntu-22.04
	# We need
	# - the image to be built before we can deploy.
	# - we need the tileserv database up so we can write to it
	needs: [build-api-image, configure-nats-server-name]
	steps:
	- name: Set Variables
	shell: bash
	run: \|
	echo "SUFFIX=pr-${{ github.event.number }}" >> $GITHUB_ENV

	- name: Checkout
	uses: actions/checkout@v4

	- name: NATS Message Queue
	shell: bash
	run: \|
	oc login "${{ secrets.OPENSHIFT_CLUSTER }}" --token="${{ secrets.OC4_DEV_TOKEN }}"
	PROJ_DEV="e1e498-dev" bash openshift/scripts/oc_provision_nats.sh ${SUFFIX} apply

	scan-dev:
	name: ZAP Baseline Scan Dev
	needs: [deploy-dev]
	runs-on: ubuntu-22.04

	steps:
	# f.y.i.: ZAP Scan must be able to log an issue or it will fail.
	- name: ZAP Scan
	uses: zaproxy/[email protected]
	with:
	target: "https://wps-pr-${{ github.event.number }}.apps.silver.devops.gov.bc.ca"
	rules_file_name: ".zap/rules.tsv"
	# Do not return failure on warnings - TODO: this has to be resolved!
	cmd_options: "-I"

	run-schemathesis:
	name: Schemathesis Fuzzing
	if: github.triggering_actor != 'renovate'
	runs-on: ubuntu-22.04
	needs: [deploy-dev]

	steps:
	- name: Run Schemathesis
	continue-on-error: true
	uses: schemathesis/action@v1
	with:
	# Your API schema location
	schema: "https://wps-pr-${{ github.event.number }}.apps.silver.devops.gov.bc.ca/api/openapi.json"
	args: "--experimental=openapi-3.1"
	# Set your token from secrets
	token: ${{ secrets.SCHEMATHESIS_TOKEN }}

	deploy-c-haines:
	name: Deploy c-haines cronjob
	if: github.triggering_actor != 'renovate'
	runs-on: ubuntu-22.04
	# We need
	# - the image to be built before we can deploy.
	# - the database to be there (so we can write to it).
	# - wait for the api deployment, as it's responsible for upgrading the database.
	needs: [build-api-image, prepare-dev-database, deploy-dev]

	steps:
	- name: Set Variables
	shell: bash
	run: echo "SUFFIX=pr-${{ github.event.number }}" >> $GITHUB_ENV

	- name: Checkout
	uses: actions/checkout@v4

	- name: C-Haines Cronjob
	shell: bash
	run: \|
	oc login "${{ secrets.OPENSHIFT_CLUSTER }}" --token="${{ secrets.OC4_DEV_TOKEN }}"
	PROJ_TARGET="e1e498-dev" PROJ_TOOLS="e1e498-tools" PROJ_DEV="e1e498-dev" bash openshift/scripts/oc_provision_c_haines_cronjob.sh ${SUFFIX} apply

	prepare-test-database:
	name: Prepare Test Database
	runs-on: ubuntu-22.04
	steps:
	- name: Set Variables
	shell: bash
	run: \|
	echo "SUFFIX=pr-${{ github.event.number }}" >> $GITHUB_ENV

	- name: Checkout
	uses: actions/checkout@v4

	- name: Deploy PostGIS instance
	shell: bash
	run: \|
	oc login "${{ secrets.OPENSHIFT_CLUSTER }}" --token="${{ secrets.OC4_TEST_TOKEN }}"
	EPHEMERAL_STORAGE=True PROJ_TARGET=e1e498-test APP_USER="wps" IMAGE_STREAM_NAMESPACE=e1e498-tools bash openshift/scripts/oc_provision_db.sh ${SUFFIX} apply

	deploy-test:
	name: Deploy to Test
	if: github.triggering_actor != 'renovate'
	needs: [build-api-image, build-web-image, prepare-test-database]
	runs-on: ubuntu-22.04
	steps:
	- name: Set Variables
	shell: bash
	run: \|
	echo "SUFFIX=pr-${{ github.event.number }}" >> $GITHUB_ENV

	- name: Checkout
	uses: actions/checkout@v4

	- name: Deploy API to Test
	shell: bash
	run: \|
	oc login "${{ secrets.OPENSHIFT_CLUSTER }}" --token="${{ secrets.OC4_TEST_TOKEN }}"
	MODULE_NAME=api PROJ_TARGET="e1e498-test" ENVIRONMENT="-test" VANITY_DOMAIN="${SUFFIX}-test-psu.apps.silver.devops.gov.bc.ca" SECOND_LEVEL_DOMAIN="apps.silver.devops.gov.bc.ca" USE_WFWX="True" bash openshift/scripts/oc_deploy.sh ${SUFFIX} apply

	# Just run 1/3 EnvCan cronjobs so there's some model data in DB for comparison against P3 actuals and forecasts
	# Don't need all model data
	- name: Environment Canada RDPS cronjob (Donald)
	shell: bash
	run: \|
	oc login "${{ secrets.OPENSHIFT_CLUSTER }}" --token="${{ secrets.OC4_TEST_TOKEN }}"
	PROJ_TARGET="e1e498-test" bash openshift/scripts/oc_provision_ec_rdps_cronjob.sh ${SUFFIX} apply

	test-configure-nats-server-name:
	name: Configure nats server name in test
	runs-on: ubuntu-22.04
	steps:
	- name: Set Variables
	shell: bash
	run: \|
	echo "SUFFIX=pr-${{ github.event.number }}" >> $GITHUB_ENV

	- name: Checkout
	uses: actions/checkout@v4

	- name: Configure
	shell: bash
	run: \|
	oc login "${{ secrets.OPENSHIFT_CLUSTER }}" --token="${{ secrets.OC4_TEST_TOKEN }}"
	PROJ_TARGET="e1e498-test" bash openshift/scripts/oc_provision_nats_server_config.sh ${SUFFIX} apply

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Lock file maintenance poetry all non-major dependencies #8707

Workflow file

Lock file maintenance poetry all non-major dependencies #8707

Jobs

Run details

Workflow file for this run