SIMSBIOHUB-934: Update publishing to use part-specific size for each multipart url #5810
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Static Deploy On OpenShift | |
| # Builds and Deploys merged PR's to persistent pods/services/routes/etc in the OpenShift Dev or Test or Prod environment. | |
| name: Static Deploy on OpenShift | |
| on: | |
| pull_request: | |
| types: [closed] | |
| branches: | |
| - dev | |
| - test | |
| - prod | |
| workflow_dispatch: | |
| permissions: | |
| contents: read | |
| jobs: | |
| # Print variables for logging and debugging purposes | |
| checkEnv: | |
| name: Print Env variables | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 20 | |
| if: ${{ github.event.pull_request.merged == true || github.event_name == 'workflow_dispatch' }} | |
| outputs: | |
| timestamp: ${{ steps.set-timestamp.outputs.value }} | |
| steps: | |
| - name: Set timestamp (yymmddhhiiss) | |
| id: set-timestamp | |
| run: echo "value=$(TZ=America/Vancouver date +%Y%m%d%H%M%S)" >> $GITHUB_OUTPUT | |
| - name: Print Env Vars | |
| run: | | |
| echo Git Base Ref: ${{ github.base_ref || github.ref_name }} | |
| echo Build timestamp: ${{ steps.set-timestamp.outputs.value }} | |
| echo Git Pull Request Ref: ${{ github.event.pull_request.head.sha || github.sha }} | |
| echo Git Event Name: ${{ github.event_name }} | |
| echo Git Event Action: ${{ github.event.action || 'manual' }} | |
| echo Git Labels: "$LABELS" | |
| echo PR in Draft: ${{ github.event.pull_request.draft || 'false' }} | |
| # Checkout the repo once and cache it for use in subsequent jobs | |
| checkoutRepo: | |
| name: Checkout and cache target branch | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 20 | |
| if: ${{ github.event.pull_request.merged == true || github.event_name == 'workflow_dispatch' }} | |
| outputs: | |
| timestamp: ${{ needs.checkEnv.outputs.timestamp }} | |
| needs: | |
| - checkEnv | |
| steps: | |
| - name: Checkout Target Branch | |
| uses: actions/checkout@v4 | |
| with: | |
| persist-credentials: false | |
| # Cache the repo | |
| - name: Cache repo | |
| uses: actions/cache@v4 | |
| id: cache-repo | |
| env: | |
| cache-name: cache-repo | |
| with: | |
| # Cache repo based on the commit sha that triggered the workflow | |
| path: ${{ github.workspace }}/* | |
| key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ github.event.pull_request.head.sha || github.sha }} | |
| # Build the web frontend app image | |
| buildAndPushApp: | |
| name: Build App Image | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 20 | |
| if: ${{ github.event.pull_request.merged == true || github.event_name == 'workflow_dispatch' }} | |
| env: | |
| IMAGE_TAG: build-1.0.0-${{ needs.checkoutRepo.outputs.timestamp }}-${{ github.base_ref || github.ref_name }} | |
| BRANCH: ${{ github.base_ref || github.ref_name }} | |
| APP_NAME: "biohubbc-app" | |
| needs: | |
| - checkoutRepo | |
| steps: | |
| # Load repo from cache | |
| - name: Cache repo | |
| uses: actions/cache@v4 | |
| id: cache-repo | |
| env: | |
| cache-name: cache-repo | |
| with: | |
| path: ${{ github.workspace }}/* | |
| key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ github.event.pull_request.head.sha || github.sha }} | |
| # Checkout the branch if not restored via cache | |
| - name: Checkout Target Branch | |
| if: steps.cache-repo.outputs.cache-hit != 'true' | |
| uses: actions/checkout@v4 | |
| # Install oc, which was removed from the ubuntu-latest image in v24.04 | |
| - name: Install OpenShift CLI tools | |
| uses: redhat-actions/openshift-tools-installer@v1 | |
| with: | |
| oc: "4.16" | |
| # Log in to OpenShift | |
| # Note: The secrets needed to log in are NOT available if the PR comes from a FORK. | |
| # PR's must originate from a branch off the original repo or else all openshift `oc` commands will fail. | |
| - name: Log in to OpenShift | |
| uses: redhat-actions/oc-login@v1 | |
| with: | |
| openshift_server_url: https://api.silver.devops.gov.bc.ca:6443 | |
| openshift_token: ${{ secrets.TOOLS_SA_TOKEN }} | |
| namespace: ${{ vars.OPENSHIFT_LICENSE_PLATE }}-${{ env.BRANCH }} | |
| # Authenticate Docker with OpenShift registry | |
| - name: Authenticate Docker with OpenShift registry | |
| run: | | |
| echo ${{ secrets.TOOLS_SA_TOKEN }} | docker login -u unused --password-stdin ${{ vars.OPENSHIFT_REGISTRY }} | |
| # Build and push the app image | |
| - name: Build and Push App Image | |
| working-directory: app | |
| run: | | |
| docker build -t ${{ vars.OPENSHIFT_REGISTRY }}/${{ vars.OPENSHIFT_LICENSE_PLATE }}-tools/$APP_NAME:${{ env.IMAGE_TAG }} . | |
| docker push ${{ vars.OPENSHIFT_REGISTRY }}/${{ vars.OPENSHIFT_LICENSE_PLATE }}-tools/$APP_NAME:${{ env.IMAGE_TAG }} | |
| # Build the Database Setup image | |
| buildAndPushDatabaseSetup: | |
| name: Build Database Setup Image | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 20 | |
| if: ${{ github.event.pull_request.merged == true || github.event_name == 'workflow_dispatch' }} | |
| env: | |
| IMAGE_TAG: build-1.0.0-${{ needs.checkoutRepo.outputs.timestamp }}-${{ github.base_ref || github.ref_name }} | |
| BRANCH: ${{ github.base_ref || github.ref_name }} | |
| APP_NAME: "biohubbc-db-setup" | |
| needs: | |
| - checkoutRepo | |
| steps: | |
| # Load repo from cache | |
| - name: Cache repo | |
| uses: actions/cache@v4 | |
| id: cache-repo | |
| env: | |
| cache-name: cache-repo | |
| with: | |
| path: ${{ github.workspace }}/* | |
| key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ github.event.pull_request.head.sha || github.sha }} | |
| # Checkout the branch if not restored via cache | |
| - name: Checkout Target Branch | |
| if: steps.cache-repo.outputs.cache-hit != 'true' | |
| uses: actions/checkout@v4 | |
| # Install oc, which was removed from the ubuntu-latest image in v24.04 | |
| - name: Install OpenShift CLI tools | |
| uses: redhat-actions/openshift-tools-installer@v1 | |
| with: | |
| oc: "4.16" | |
| # Log in to OpenShift | |
| # Note: The secrets needed to log in are NOT available if the PR comes from a FORK. | |
| # PR's must originate from a branch off the original repo or else all openshift `oc` commands will fail. | |
| - name: Log in to OpenShift | |
| uses: redhat-actions/oc-login@v1 | |
| with: | |
| openshift_server_url: https://api.silver.devops.gov.bc.ca:6443 | |
| openshift_token: ${{ secrets.TOOLS_SA_TOKEN }} | |
| namespace: ${{ vars.OPENSHIFT_LICENSE_PLATE }}-${{ env.BRANCH }} | |
| # Authenticate Docker with OpenShift registry | |
| - name: Authenticate Docker with OpenShift registry | |
| run: | | |
| echo ${{ secrets.TOOLS_SA_TOKEN }} | docker login -u unused --password-stdin ${{ vars.OPENSHIFT_REGISTRY }} | |
| # Build and push the database setup image using Docker | |
| - name: Build and Push Database Setup Image | |
| working-directory: database | |
| run: | | |
| docker build -t ${{ vars.OPENSHIFT_REGISTRY }}/${{ vars.OPENSHIFT_LICENSE_PLATE }}-tools/$APP_NAME:${{ env.IMAGE_TAG }} -f .docker/db/Dockerfile.setup . | |
| docker push ${{ vars.OPENSHIFT_REGISTRY }}/${{ vars.OPENSHIFT_LICENSE_PLATE }}-tools/$APP_NAME:${{ env.IMAGE_TAG }} | |
| # Build the API image | |
| buildAndPushAPI: | |
| name: Build API Image | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 20 | |
| if: ${{ github.event.pull_request.merged == true || github.event_name == 'workflow_dispatch' }} | |
| env: | |
| IMAGE_TAG: build-1.0.0-${{ needs.checkoutRepo.outputs.timestamp }}-${{ github.base_ref || github.ref_name }} | |
| BRANCH: ${{ github.base_ref || github.ref_name }} | |
| APP_NAME: "biohubbc-api" | |
| needs: | |
| - checkoutRepo | |
| steps: | |
| # Load repo from cache | |
| - name: Cache repo | |
| uses: actions/cache@v4 | |
| id: cache-repo | |
| env: | |
| cache-name: cache-repo | |
| with: | |
| path: ${{ github.workspace }}/* | |
| key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ github.event.pull_request.head.sha || github.sha }} | |
| # Checkout the branch if not restored via cache | |
| - name: Checkout Target Branch | |
| if: steps.cache-repo.outputs.cache-hit != 'true' | |
| uses: actions/checkout@v4 | |
| # Install oc, which was removed from the ubuntu-latest image in v24.04 | |
| - name: Install OpenShift CLI tools | |
| uses: redhat-actions/openshift-tools-installer@v1 | |
| with: | |
| oc: "4.16" | |
| # Log in to OpenShift | |
| # Note: The secrets needed to log in are NOT available if the PR comes from a FORK. | |
| # PR's must originate from a branch off the original repo or else all openshift `oc` commands will fail. | |
| - name: Log in to OpenShift | |
| uses: redhat-actions/oc-login@v1 | |
| with: | |
| openshift_server_url: https://api.silver.devops.gov.bc.ca:6443 | |
| openshift_token: ${{ secrets.TOOLS_SA_TOKEN }} | |
| namespace: ${{ vars.OPENSHIFT_LICENSE_PLATE }}-${{ env.BRANCH }} | |
| # Authenticate Docker with OpenShift registry | |
| - name: Authenticate Docker with OpenShift registry | |
| run: | | |
| echo ${{ secrets.TOOLS_SA_TOKEN }} | docker login -u unused --password-stdin ${{ vars.OPENSHIFT_REGISTRY }} | |
| # Build and push the API image using Docker | |
| - name: Build and Push API Image | |
| working-directory: api | |
| run: | | |
| docker build -t ${{ vars.OPENSHIFT_REGISTRY }}/${{ vars.OPENSHIFT_LICENSE_PLATE }}-tools/$APP_NAME:${{ env.IMAGE_TAG }} . | |
| docker push ${{ vars.OPENSHIFT_REGISTRY }}/${{ vars.OPENSHIFT_LICENSE_PLATE }}-tools/$APP_NAME:${{ env.IMAGE_TAG }} | |
| # Deploy Helm chart | |
| deployHelmChart: | |
| name: Deploy Helm Chart | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 20 | |
| if: ${{ github.event.pull_request.merged == true || github.event_name == 'workflow_dispatch' }} | |
| env: | |
| BUILD_TAG: ${{ needs.checkoutRepo.outputs.timestamp }} | |
| BRANCH: ${{ github.base_ref || github.ref_name }} | |
| needs: | |
| - checkoutRepo | |
| - buildAndPushApp | |
| - buildAndPushDatabaseSetup | |
| - buildAndPushAPI | |
| steps: | |
| # Load repo from cache | |
| - name: Cache repo | |
| uses: actions/cache@v4 | |
| id: cache-repo | |
| env: | |
| cache-name: cache-repo | |
| with: | |
| path: ${{ github.workspace }}/* | |
| key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ github.event.pull_request.head.sha || github.sha }} | |
| # Checkout the branch if not restored via cache | |
| - name: Checkout Target Branch | |
| if: steps.cache-repo.outputs.cache-hit != 'true' | |
| uses: actions/checkout@v4 | |
| # Install oc, which was removed from the ubuntu-latest image in v24.04 | |
| - name: Install OpenShift CLI tools | |
| uses: redhat-actions/openshift-tools-installer@v1 | |
| with: | |
| oc: "4.16" | |
| # Log in to OpenShift | |
| # Note: The secrets needed to log in are NOT available if the PR comes from a FORK. | |
| # PR's must originate from a branch off the original repo or else all openshift `oc` commands will fail. | |
| - name: Log in to OpenShift | |
| uses: redhat-actions/oc-login@v1 | |
| with: | |
| openshift_server_url: https://api.silver.devops.gov.bc.ca:6443 | |
| openshift_token: ${{ secrets.TOOLS_SA_TOKEN }} | |
| namespace: ${{ vars.OPENSHIFT_LICENSE_PLATE }}-${{ env.BRANCH }} | |
| # Deploy the Helm chart | |
| - name: Deploy Helm Chart | |
| run: | | |
| echo "Deploying Helm chart for branch $BRANCH" | |
| # Generate a timestamp (unix seconds) for env.ts | |
| TS=$(date +%s) | |
| # Update Helm dependencies | |
| echo "Updating Helm dependencies..." | |
| helm dependency update ./infrastructure/biohubbc | |
| # Build chart | |
| echo "Building chart..." | |
| helm package ./infrastructure/biohubbc \ | |
| --version $BUILD_TAG \ | |
| --app-version 1.0.0 | |
| helm upgrade --install "$BRANCH" biohubbc-$BUILD_TAG.tgz \ | |
| -f ./infrastructure/biohubbc/values.yaml \ | |
| -f ./infrastructure/biohubbc/values-$BRANCH.yaml \ | |
| --set-string biohubbc-app.environment.ts=$TS \ | |
| --set-string biohubbc-app.environment.changeId=$BUILD_TAG \ | |
| --set-string biohubbc-db-setup.environment.ts=$TS \ | |
| --set-string biohubbc-db-setup.environment.changeId=$BUILD_TAG \ | |
| --set-string biohubbc-api.environment.ts=$TS \ | |
| --set-string biohubbc-api.environment.changeId=$BUILD_TAG \ | |
| --wait --timeout=600s | |
| echo "Helm chart deployment completed for branch $BRANCH" | |
| # Prune old image tags for this environment (keep 3 most recent by date) | |
| pruneOldImageTags: | |
| name: Prune Old Image Tags | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 20 | |
| if: ${{ github.event.pull_request.merged == true || github.event_name == 'workflow_dispatch' }} | |
| needs: | |
| - deployHelmChart | |
| env: | |
| BRANCH: ${{ github.base_ref || github.ref_name }} | |
| TOOLS_NAMESPACE: ${{ vars.OPENSHIFT_LICENSE_PLATE }}-tools | |
| steps: | |
| - name: Install OpenShift CLI tools | |
| uses: redhat-actions/openshift-tools-installer@v1 | |
| with: | |
| oc: "4.16" | |
| - name: Log in to OpenShift | |
| uses: redhat-actions/oc-login@v1 | |
| with: | |
| openshift_server_url: https://api.silver.devops.gov.bc.ca:6443 | |
| openshift_token: ${{ secrets.TOOLS_SA_TOKEN }} | |
| - name: Prune old environment image tags | |
| run: | | |
| set -e | |
| KEEP=3 | |
| SUFFIX="-$BRANCH" | |
| IMAGES="biohubbc-app biohubbc-api biohubbc-db-setup" | |
| echo "Pruning image tags for environment $BRANCH in $TOOLS_NAMESPACE (keeping $KEEP most recent by date)" | |
| for IMAGE in $IMAGES; do | |
| echo "Checking image stream $IMAGE..." | |
| JSON=$(oc get is "$IMAGE" -n "$TOOLS_NAMESPACE" -o json 2>/dev/null) || continue | |
| TAGS_TO_DELETE=$(echo "$JSON" | jq -r --arg suffix "$SUFFIX" --argjson keep "$KEEP" ' | |
| (.status.tags // []) | |
| | map(select(.tag != null and (.tag | endswith($suffix)))) | |
| | map({tag: .tag, created: (.items[0].created // "1970-01-01T00:00:00Z")}) | |
| | sort_by(.created) | reverse | |
| | .[$keep:] | .[] | .tag | |
| ') | |
| if [ -z "$TAGS_TO_DELETE" ]; then | |
| echo " No tags to delete for $IMAGE (3 or fewer $SUFFIX tags)" | |
| continue | |
| fi | |
| echo " Deleting old tags for $IMAGE:" | |
| echo "$TAGS_TO_DELETE" | while read -r TAG; do | |
| [ -z "$TAG" ] && continue | |
| echo " - $TAG" | |
| oc tag -d "$IMAGE:$TAG" --namespace "$TOOLS_NAMESPACE" || true | |
| done | |
| done | |
| echo "Prune completed for environment $BRANCH" |