fix: Dummy commit new workflows to allow testing (ocrvs-10785)

adskyiproger · adskyiproger · commit 64695d07077f · 2025-10-22T14:19:40.000+03:00
diff --git a/.github/workflows/deploy-dependencies-with-approval.yml b/.github/workflows/deploy-dependencies-with-approval.yml
@@ -0,0 +1,47 @@
+name: Deploy Dependencies (with approval)
+run-name: Deploy Dependencies on ${{ inputs.environment }}
+on:
+  workflow_dispatch:
+    inputs:
+      environment:
+        description: "Target environment"
+        required: true
+        default: "dev"
+        type: choice
+        options:
+          - ""
+jobs:
+  github-to-k8s-sync-env:
+    uses: ./.github/workflows/github-to-k8s-sync-env.yml
+    with:
+      environment: ${{ inputs.environment }}
+      mapping_file: "deps"
+    secrets: inherit
+  deploy:
+    needs: github-to-k8s-sync-env
+    environment: ${{ inputs.environment }}
+    env:
+      ENV: ${{ inputs.environment }}
+    runs-on:
+      - self-hosted
+      - k8s
+      - ${{ inputs.environment }}
+    steps:
+      - name: checkout repository
+        uses: actions/checkout@v5
+      - name: Install traefik
+        run: |
+          kubectl scale deployment traefik --replicas=0 --namespace traefik || true
+          helm upgrade --install traefik oci://ghcr.io/traefik/helm/traefik \
+            --namespace traefik \
+            --create-namespace \
+            -f environments/${ENV}/traefik/values.yaml
+          kubectl scale deployment traefik --replicas=1 --namespace traefik
+      - name: Install OpenCRVS dependencies
+        run: |
+          helm upgrade --install opencrvs-deps oci://ghcr.io/opencrvs/opencrvs-dependencies-chart \
+            --namespace "opencrvs-deps-${ENV}" \
+            -f environments/${ENV}/dependencies/values.yaml \
+            --create-namespace \
+            --set hostname=${{ vars.DOMAIN }} \
+            --atomic
diff --git a/.github/workflows/deploy-opencrvs-with-approval.yml b/.github/workflows/deploy-opencrvs-with-approval.yml
@@ -0,0 +1,102 @@
+name: Deploy OpenCRVS (with approval)
+run-name: "Deploy OpenCRVS on ${{ inputs.environment }} (core: ${{ inputs.core-image-tag }}, country: ${{ inputs.countryconfig-image-tag }})"
+on:
+  workflow_call:
+    inputs:
+      core-image-tag:
+        type: string
+      countryconfig-image-tag:
+        type: string
+      environment:
+        type: string
+  workflow_dispatch:
+    inputs:
+      core-image-tag:
+        description: "Tag of the core image"
+        required: true
+        default: "v1.9.0-beta-1"
+      countryconfig-image-tag:
+        description: "Tag of the countryconfig image"
+        required: true
+        default: "v1.9.0-beta-1"
+      environment:
+        description: "Target environment"
+        required: true
+        default: "dev"
+        type: choice
+        options:
+          - demo1
+jobs:
+  github-to-k8s-sync-env:
+    uses: ./.github/workflows/github-to-k8s-sync-env.yml
+    with:
+      environment: ${{ inputs.environment }}
+    secrets: inherit
+  deploy:
+    needs: github-to-k8s-sync-env
+    environment: ${{ inputs.environment }}
+    env:
+      ENV: ${{ inputs.environment }}
+      BRANCH: ${{ github.ref_name }}
+      CORE_IMAGE_TAG: ${{ inputs.core-image-tag }}
+      COUNTRYCONFIG_IMAGE_TAG: ${{ inputs.countryconfig-image-tag }}
+      COUNTRYCONFIG_IMAGE_NAME: ${{ secrets.DOCKERHUB_ACCOUNT || 'opencrvs' }}/${{ secrets.DOCKERHUB_REPO || 'ocrvs-farajaland'}}
+    runs-on:
+      - self-hosted
+      - k8s
+      - ${{ inputs.environment }}
+    steps:
+      - uses: actions/checkout@v5
+      - name: Generate summary
+        env:
+          PUBLIC_DOMAIN: ${{ vars.DOMAIN }}
+        run: |
+          SUMMARY=$(cat <<EOF
+          ### Deployment Summary
+
+          | Key | Value |
+          |-----|-------|
+          | Environment URL | https://$PUBLIC_DOMAIN |
+          | Core image tag | \`${{ inputs.core-image-tag }}\` |
+          | Country config image | \`${{ inputs.countryconfig-image-tag }}\` |
+          | Branch name | \`${{ github.ref_name }}\` |
+          EOF
+          )
+          echo "$SUMMARY" | sed 's/^          //' >> $GITHUB_STEP_SUMMARY
+      - name: Create namespace
+        run: kubectl create namespace "opencrvs-${ENV}" || true
+      - name: Copy secrets from dependencies into application namespace
+        # Only redis secret for now needs to be copied
+        run: |
+          secrets=(
+            "redis-opencrvs-users"
+          )
+          for secret in "${secrets[@]}"; do
+            kubectl get secret $secret -n opencrvs-deps-${ENV} -o yaml \
+            | sed "s#namespace: opencrvs-deps-${ENV}#namespace: opencrvs-${ENV}#" \
+            | grep -vE 'resourceVersion|uid|creationTimestamp' \
+            | kubectl apply -n opencrvs-${ENV} -f - \
+            || echo "Secret $secret doesn't exist in opencrvs-deps-${ENV} namespace"
+          done
+      - name: Deploy with Helm
+        run: |
+          helm upgrade --install opencrvs oci://ghcr.io/opencrvs/opencrvs-services \
+            --timeout 15m \
+            --namespace "opencrvs-${ENV}" \
+            -f environments/${ENV}/opencrvs-services/values.yaml \
+            --create-namespace \
+            --atomic \
+            --debug \
+            --wait \
+            --wait-for-jobs \
+            --set image.tag="$CORE_IMAGE_TAG" \
+            --set countryconfig.image.tag="$COUNTRYCONFIG_IMAGE_TAG" \
+            --set countryconfig.image.name="$COUNTRYCONFIG_IMAGE_NAME" \
+            --set hostname=${{ vars.DOMAIN }} 2>&1 | sed '/USER-SUPPLIED VALUES:/,$d'; exit ${PIPESTATUS[0]};
+      - name: Cleanup Helm Locks
+        if: failure() || cancelled()
+        run: |
+          kubectl -n "opencrvs-${ENV}" get secrets -l owner=helm -o json | \
+          jq -r '.items[] | select(.metadata.labels.status=="pending-install" or .metadata.labels.status=="pending-upgrade") | .metadata.name' | \
+          xargs -r kubectl -n "opencrvs-${ENV}" delete secret || \
+          echo "No helm locks found, all is good"
