Skip to content

Move ocp-relay CD from Silver to Gold OpenShift cluster#1993

Draft
panish16 wants to merge 1 commit into
bcgov:mainfrom
panish16:move-ocp-relay-silver-to-gold
Draft

Move ocp-relay CD from Silver to Gold OpenShift cluster#1993
panish16 wants to merge 1 commit into
bcgov:mainfrom
panish16:move-ocp-relay-silver-to-gold

Conversation

@panish16

@panish16 panish16 commented Jul 7, 2026

Copy link
Copy Markdown
Contributor

Summary

  • Switches ocp-relay-cd.yml to the shared bcgov/bcregistry-sre backend-cd-ocp.yaml reusable workflow, using OPENSHIFT_GOLD_* secrets instead of the Silver-cluster OPENSHIFT4_* secrets. This matches the pattern already used for other BC Registries OCP services (bcgov/sbc-pay ftp-poller, bcgov/namex-search namex-solr-importer, bcgov/lear colin-api).
  • Adds services/ocp-relay/devops/vaults.ocp.env, required by the reusable workflow's 1Password injection step.

Needs confirmation before merge (opening as draft)

  • The vaults.ocp.env vault/item names are placeholders drafted from config.py/.env.sample by analogy with other bcgov vaults.ocp.env files — they are not verified against the actual 1Password structure for ocp-relay and need SRE sign-off.
  • Assumes OPENSHIFT_GOLD_* secrets are already available to this repo (they appear to be org-level, based on usage in sibling repos) and that a Gold namespace/Deployment for ocp-relay has been provisioned by SRE ahead of this workflow running.

Refs bcgov/entity#34060

Test plan

  • SRE confirms/corrects the 1Password vault/item paths in vaults.ocp.env
  • Confirm OPENSHIFT_GOLD_* secrets and Gold namespace/Deployment exist for ocp-relay
  • Run workflow_dispatch against dev and verify rollout succeeds in Gold

Switches ocp-relay-cd.yml to the shared bcgov/bcregistry-sre
backend-cd-ocp.yaml reusable workflow with OPENSHIFT_GOLD_* secrets,
matching the pattern already used for other BC Registries OCP services
(bcgov/sbc-pay ftp-poller, bcgov/namex-search namex-solr-importer,
bcgov/lear colin-api).

Adds services/ocp-relay/devops/vaults.ocp.env, required by the reusable
workflow's 1Password injection step. Vault/item names are drafted from
naming conventions used in other bcgov vaults.ocp.env files and need
confirmation from SRE before this is relied on.

Refs bcgov/entity#34060
@sonarqubecloud

sonarqubecloud Bot commented Jul 7, 2026

Copy link
Copy Markdown

Quality Gate Failed Quality Gate failed

Failed conditions
C Security Rating on New Code (required ≥ A)

See analysis details on SonarQube Cloud

Catch issues before they fail your Quality Gate with our IDE extension SonarQube for IDE

commit: true
token: ${{ secrets.GITHUB_TOKEN }}
ocp-relay-cd:
uses: bcgov/bcregistry-sre/.github/workflows/backend-cd-ocp.yaml@main
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants