-
Notifications
You must be signed in to change notification settings - Fork 903
102 lines (83 loc) · 2.91 KB
/
OpenShift.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
name: OpenShift Deployment and Prisma Scan
on:
push:
branches: [ master ]
jobs:
build-and-deploy:
name: Build, Push, Deploy to OpenShift, and Scan
runs-on: ubuntu-22.04
environment: development
steps:
- name: Checkout Code
uses: actions/checkout@v2
- name: Build with Maven
run: mvn clean package # Or use ./gradlew build for Gradle
- name: Set up QEMU
uses: docker/setup-qemu-action@v2
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Log in to GitHub Container Registry
uses: docker/login-action@v2
with:
registry: ghcr.io/${{ github.repository_owner }}
username: ${{ github.actor }}
password: ${{ github.token }}
- name: Build and Push Docker Image
id: build-and-push
uses: docker/build-push-action@v4
with:
context: .
file: ./Dockerfile
tags: |
ghcr.io/${{ github.repository_owner }}/nationalparks:latest
ghcr.io/${{ github.repository_owner }}/nationalparks:${{ github.sha }}
push: true
name: Deploy to OpenShift
on:
push:
branches:
- main
jobs:
deploy:
runs-on: ubuntu-latest
env:
APP_NAME: nationalparks-new
IMAGE_REGISTRY: my-registry-url
OPENSHIFT_NAMESPACE: manoj-singh8-dev
OPENSHIFT_SERVER: https://api.sandbox-m3.1530.p1.openshiftapps.com:6443
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Set up OpenShift CLI
run: |
curl -LO https://mirror.openshift.com/pub/openshift-v4/clients/ocp/stable/openshift-client-linux.tar.gz
tar -xzf openshift-client-linux.tar.gz -C /usr/local/bin/
oc version
- name: Login to OpenShift
env:
OPENSHIFT_TOKEN: ${{ secrets.OPENSHIFT_TOKEN }}
run: |
if [ -z "$OPENSHIFT_TOKEN" ]; then
echo "OpenShift token is not set."
exit 1
fi
oc login "${{ env.OPENSHIFT_SERVER }}" --token="$OPENSHIFT_TOKEN" --insecure-skip-tls-verify
- name: Build and push image to OpenShift registry
run: |
IMAGE="${{ env.IMAGE_REGISTRY }}/${{ env.OPENSHIFT_NAMESPACE }}/${{ env.APP_NAME }}:${{ github.sha }}"
docker build -t "$IMAGE" .
docker push "$IMAGE"
- name: Deploy to OpenShift
run: |
bash "${GITHUB_WORKSPACE}/.github/script.sh" \
"${{ env.APP_NAME }}" \
"${{ env.IMAGE_REGISTRY }}/${{ env.OPENSHIFT_NAMESPACE }}/${{ env.APP_NAME }}:${{ github.sha }}" \
"${{ env.OPENSHIFT_NAMESPACE }}"
# Run Prisma Cloud Scan
- name: Scan image
uses: PaloAltoNetworks/prisma-cloud-scan@v1
with:
pcc_console_url: ${{ env.pcc_console_url }}
pcc_user: ${{ env.pcc_user }}
pcc_pass: ${{ env.pcc_pass }}
image_name: ${{ env.IMAGE_REGISTRY }}/${{ env.APP_NAME }}:${{ github.sha }}