PublicisSapient · sandhami · Nov 19, 2025 · rapkalya · Dec 2, 2025 · rapkalya
@@ -0,0 +1,207 @@
+name: API_CI_CD_Prod_Workflow
+
+on:
+  workflow_dispatch:
+    inputs:
+      release_tag:
+        description: "Select the Git tag for knowhow-api (e.g. 14.0.0)"
+        required: true
+        type: string
+        default: "14.0.0"
+
+      knowhow_common_tag:
+        description: "Select the Git tag for knowhow-common (e.g. 14.0.0)"
+        required: true
+        type: string
+        default: "14.0.0"
+
+      test:
+        description: "Run tests"
+        required: true
+        default: "true"
+        type: choice
+        options:
+          - "false"
+          - "true"
+
+      mongock_operation:
+        description: "Select Operation Type to deploy"
+        required: true
+        default: "com.publicissapient.kpidashboard.apis.mongock.upgrade"
+        type: choice
+        options:
+          - com.publicissapient.kpidashboard.apis.mongock.upgrade
+          - com.publicissapient.kpidashboard.apis.mongock.installation
+
+      mongock_start_version:
+        description: "Start version for Mongock (e.g. 13.0.0)"
+        required: true
+        default: "13.0.0"
+        type: string
+
+      mongock_end_version:
+        description: "End version for Mongock (e.g. 14.0.0)"
+        required: true
+        default: "14.0.0"
+        type: string
+
+env:
+  IMAGE_NAME: knowhow-api
+  ACR_NAME: ${{ secrets.SPEEDTOOLS_ACR_NAME }}
+  ACR_LOGIN_SERVER: ${{ secrets.SPEEDTOOLS_ACR_LOGIN_SERVER }}
+  BITBUCKET_HELM_REPO: ${{ secrets.SPEEDTOOLS_BITBUCKET_HELM_REPO }}
+  sonartoken: ${{ secrets.SONARQUBE_TOKEN }}
+  sonarurl: ${{ secrets.SONARURL }}
+  GITHUB_HEAD_NAME: $GITHUB_REF_NAME
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    timeout-minutes: 40
+    outputs:
+      argocd_app_name: ${{ steps.set_env.outputs.argocd_app_name }}
+    steps:
+      - name: Set IMAGE_TAG and Values file for Prod
+        id: set_env
+        run: |
+          RELEASE_TAG="${{ github.event.inputs.release_tag }}"
+          echo "IMAGE_TAG=${RELEASE_TAG}" >> $GITHUB_ENV
+          echo "VALUES_FILE=values-prod.yaml" >> $GITHUB_ENV
+          echo "ARGOCD_APP_NAME=knowhow-api-prod" >> $GITHUB_ENV
+          echo "argocd_app_name=knowhow-api-prod" >> $GITHUB_OUTPUT
+
+      - name: Checkout knowhow-api Repository
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0 # Needed to fetch tags
+          ref: ${{ github.event.inputs.release_tag }}
+
+      - name: Set Up Java
+        uses: actions/setup-java@v2
+        with:
+          distribution: "adopt"
+          java-version: "17"
+
+      - name: Cache Maven packages
+        uses: actions/cache@v4
+        with:
+          path: ~/.m2/repository
+          key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
+          restore-keys: |
+            ${{ runner.os }}-maven-
+
+      - name: Configure Maven to use GitHub Packages
+        run: |
+          mkdir -p ~/.m2
+          cat > ~/.m2/settings.xml <<EOF
+          <settings>
+            <servers>
+              <server>
+                <id>github</id>
+                <username>${{ github.actor }}</username>
+                <password>${{ secrets.MAVEN_TOKEN }}</password>
+              </server>
+            </servers>
+            <profiles>
+              <profile>
+                <id>github</id>
+                <repositories>
+                  <repository>
+                    <id>github</id>
+                    <url>https://maven.pkg.github.com/PublicisSapient/knowhow-ai-gateway-client</url>
+                  </repository>
+                </repositories>
+              </profile>
+            </profiles>
+            <activeProfiles>
+              <activeProfile>github</activeProfile>
+            </activeProfiles>
+          </settings>
+          EOF
+
+      - name: Clone & Build knowhow-common dependency by Tag
+        run: |
+          COMMON_TAG="${{ github.event.inputs.knowhow_common_tag }}"
+          git clone --branch $COMMON_TAG https://github.com/PublicisSapient/knowhow-common.git
+          cd knowhow-common
+          mvn clean install -Ddockerfile.skip=true
+
+      - name: Get common version from Maven
+        run: |
+          cd knowhow-common
+          COMMON_VERSION=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)
+          echo "COMMON_VERSION=$COMMON_VERSION" >> $GITHUB_ENV
+
+      - name: Update common version in API project
+        run: |
+          mvn versions:use-dep-version \
+            -Dincludes=com.publicissapient.kpidashboard:common \
+            -DdepVersion=$COMMON_VERSION \
+            -DforceVersion=true
+
+      - name: Build & skip Test knowhow-api
+        if: ${{ github.event.inputs.test == 'false' }}
+        run: mvn clean install -Ddockerfile.skip=true -DskipTests
+
+      - name: Build & Test knowhow-api
+        if: ${{ github.event.inputs.test == 'true' }}
+        run: mvn clean install -Ddockerfile.skip=true
+
+      - name: SonarQube Analysis - knowhow-api
+        if: ${{ github.event.inputs.test == 'true' }}
+        run: |
+          mvn sonar:sonar -Dsonar.projectKey=ENGINEERING.KPIDASHBOARD.CUSTOMAPI \
+            -Dsonar.projectName=ENGINEERING.KPIDASHBOARD.CUSTOMAPI \
+            -Dsonar.branch.name=${{ env.GITHUB_HEAD_NAME }} \
+            -Dsonar.host.url=${{ secrets.SONARQUBE_HOST }} \
+            -Dsonar.login=${{ secrets.SONARQUBE_TOKEN }} -f pom.xml
+
+      - name: Build & Push Docker Image
+        run: |
+          docker login $ACR_LOGIN_SERVER --username ${{ secrets.SPEEDTOOLS_ACR_USERNAME }} --password ${{ secrets.SPEEDTOOLS_ACR_PASSWORD }}
+          docker build -t $ACR_LOGIN_SERVER/$IMAGE_NAME:$IMAGE_TAG .
+          docker push $ACR_LOGIN_SERVER/$IMAGE_NAME:$IMAGE_TAG
+          echo "IMAGE_TAG=$IMAGE_TAG" >> $GITHUB_ENV
+
+      - name: Checkout Helm charts from Bitbucket
+        run: |
+          git clone ${{ secrets.SPEEDTOOLS_BITBUCKET_HELM_REPO }}
+          cd build-configurations/KnowHOW-Deploy/knowhow-api
+          yq -i ".image.tag = \"${IMAGE_TAG}\"" $VALUES_FILE
+          yq -i ".mongock.startversion = \"${{ github.event.inputs.mongock_start_version }}\"" $VALUES_FILE
+          yq -i ".mongock.endversion = \"${{ github.event.inputs.mongock_end_version }}\"" $VALUES_FILE
+          yq -i ".mongock.migrationpackage = \"${{ github.event.inputs.mongock_operation }}\"" $VALUES_FILE
+          git config user.name "github-actions"
+          git config user.email "github-actions@github.com"
+          git add $VALUES_FILE
+          git diff --cached --quiet || git commit -m "Update image tag and mongock values to ${IMAGE_TAG}"
+          git push origin HEAD
+
+  deploy:
+    runs-on: github-actions-self-hosted-runner
+    timeout-minutes: 20
+    needs: build
+    env:
+      ARGOCD_APP_NAME: ${{ needs.build.outputs.argocd_app_name }}
+    steps:
+      - name: Install ArgoCD CLI
+        run: |
+          export ARGO_PATH="$HOME/bin"
+          mkdir -p $ARGO_PATH
+          curl -sSL -o "$ARGO_PATH/argocd" https://github.com/argoproj/argo-cd/releases/latest/download/argocd-linux-amd64
+          chmod +x "$ARGO_PATH/argocd"
+          echo "$ARGO_PATH" >> $GITHUB_PATH
+
+      - name: ArgoCD CLI Login
+        run: |
+          argocd login argocd-server \
+            --username ${{ secrets.SPEEDTOOLS_ARGOCD_USERNAME}} \
+            --password ${{ secrets.SPEEDTOOLS_ARGOCD_PASSWORD }} \
+            --plaintext
+
+      - name: Sync application
+        id: sync-app
+        run: argocd app sync ${{ env.ARGOCD_APP_NAME }}
+
+      - name: Wait for application health
+        run: argocd app wait ${{ env.ARGOCD_APP_NAME }} --health --timeout 600