diff --git a/.github/workflows/deploy-to-openshift-backend-dev.yml b/.github/workflows/deploy-to-openshift-backend-dev.yml index a5caa2fc4..823315fee 100644 --- a/.github/workflows/deploy-to-openshift-backend-dev.yml +++ b/.github/workflows/deploy-to-openshift-backend-dev.yml @@ -1,18 +1,15 @@ name: 1 DEV - Deploy Backend env: - # 🖊️ EDIT your repository secrets to log into your OpenShift cluster and set up the context. + # EDIT your repository secrets to log into your OpenShift cluster and set up the context. # See https://github.com/redhat-actions/oc-login#readme for how to retrieve these values. # To get a permanent token, refer to https://github.com/redhat-actions/oc-login/wiki/Using-a-Service-Account-for-GitHub-Actions OPENSHIFT_SERVER: ${{ secrets.OPENSHIFT_SERVER }} OPENSHIFT_TOKEN: ${{ secrets.OPENSHIFT_TOKEN }} - # 🖊️ EDIT to set the kube context's namespace after login. Leave blank to use your user's default namespace. + # EDIT to set the kube context's namespace after login. Leave blank to use your user's default namespace. OPENSHIFT_NAMESPACE: ${{ secrets.CCOF_NAMESPACE_NO_ENV }}-dev - SPLUNK_TOKEN: - ${{ secrets.SPLUNK_TOKEN }} - - # 🖊️ EDIT to change the image registry settings. + # EDIT to change the image registry setting # Registries such as GHCR, Quay.io, and Docker Hub are supported. IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }} IMAGE_REGISTRY_USER: ${{ github.actor }} @@ -23,14 +20,12 @@ env: APP_NAME: "ccof" REPO_NAME: "educ-ccof" - #grabs the branch name from github dynamically + # grabs the branch name from github dynamically BRANCH: ${{ github.ref_name }} IMAGE_NAME: "backend" APP_ENVIRONMENT: "dev" APP_FOLDER: "backend" - NAMESPACE: ${{ secrets.CCOF_NAMESPACE_NO_ENV }} NAMESPACE_TOOLS: ${{ secrets.CCOF_NAMESPACE_NO_ENV }}-tools - COMMON_NAMESPACE: ${{ secrets.COMMON_NAMESPACE_NO_ENV }} TAG: "latest" MIN_REPLICAS: "1" @@ -79,19 +74,19 @@ jobs: core.error(`Secret "${name}" is not set`); return true; } - core.info(`✔️ Secret "${name}" is set`); + core.info(`Secret "${name}" is set`); return false; }); if (missingSecrets.length > 0) { - core.setFailed(`❌ At least one required secret is not set in the repository. \n` + + core.setFailed(`At least one required secret is not set in the repository. \n` + "You can add it using:\n" + "GitHub UI: https://docs.github.com/en/actions/reference/encrypted-secrets#creating-encrypted-secrets-for-a-repository \n" + "GitHub CLI: https://cli.github.com/manual/gh_secret_set \n" + "Also, refer to https://github.com/redhat-actions/oc-login#getting-started-with-the-action-or-see-example"); } else { - core.info(`✅ All the required secrets are set`); + core.info(`All the required secrets are set`); } - name: Check out repository with branch [${{ env.BRANCH }}] @@ -175,11 +170,18 @@ jobs: # Process update-configmap curl -s https://raw.githubusercontent.com/bcgov/${{ env.REPO_NAME }}/${{ env.BRANCH }}/tools/config/update-configmap.sh \ - | bash /dev/stdin \ - dev \ - ${{ env.APP_NAME }} \ - ${{ env.NAMESPACE }} \ - ${{ env.SPLUNK_TOKEN }} + | bash /dev/stdin \ + ${{ env.APP_ENVIRONMENT }} \ + ${{ env.APP_NAME }} \ + ${{ secrets.CCOF_NAMESPACE_NO_ENV }} \ + ${{ secrets.COMMON_NAMESPACE_NO_ENV }} \ + ${{ secrets.SOAM_CLIENT_ID }} \ + ${{ secrets.SOAM_CLIENT_ID_IDIR }} \ + ${{ secrets.SOAM_CLIENT_SECRET }} \ + ${{ secrets.SOAM_CLIENT_SECRET_IDIR }} \ + ${{ secrets.SPLUNK_TOKEN }} \ + ${{ secrets.REDIS_PASSWORD }} \ + ${{ secrets.D365_API_PREFIX }} # Start rollout (if necessary) and follow it oc rollout latest dc/${{ env.APP_NAME }}-${{ env.IMAGE_NAME }}-${{ env.APP_ENVIRONMENT }} 2> /dev/null \ diff --git a/.github/workflows/deploy-to-openshift-backend-prod.yml b/.github/workflows/deploy-to-openshift-backend-prod.yml index 6f48524f8..5a6d42978 100644 --- a/.github/workflows/deploy-to-openshift-backend-prod.yml +++ b/.github/workflows/deploy-to-openshift-backend-prod.yml @@ -1,17 +1,17 @@ name: 4 PROD - Deploy Backend env: - # 🖊️ EDIT your repository secrets to log into your OpenShift cluster and set up the context. + # EDIT your repository secrets to log into your OpenShift cluster and set up the context. # See https://github.com/redhat-actions/oc-login#readme for how to retrieve these values. # To get a permanent token, refer to https://github.com/redhat-actions/oc-login/wiki/Using-a-Service-Account-for-GitHub-Actions OPENSHIFT_SERVER: ${{ secrets.OPENSHIFT_SERVER }} OPENSHIFT_TOKEN: ${{ secrets.OPENSHIFT_TOKEN }} - # 🖊️ EDIT to set the kube context's namespace after login. Leave blank to use your user's default namespace. + # EDIT to set the kube context's namespace after login. Leave blank to use your user's default namespace. OPENSHIFT_NAMESPACE: ${{ secrets.CCOF_NAMESPACE_NO_ENV }}-prod SPLUNK_TOKEN: ${{ secrets.SPLUNK_TOKEN }} - # 🖊️ EDIT to change the image registry settings. + # EDIT to change the image registry settings. # Registries such as GHCR, Quay.io, and Docker Hub are supported. IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }} IMAGE_REGISTRY_USER: ${{ github.actor }} @@ -27,11 +27,8 @@ env: IMAGE_NAME: "backend" APP_ENVIRONMENT: "prod" - NAMESPACE: ${{ secrets.CCOF_NAMESPACE_NO_ENV }} - - MIN_REPLICAS: "3" MAX_REPLICAS: "5" MIN_CPU: "50m" @@ -40,9 +37,6 @@ env: MAX_MEM: "700Mi" # SITE_URL should have no scheme or port. It will be prepended with https:// HOST_ROUTE: ${{ secrets.SITE_URL }} - CA_CERT: ${{ secrets.CA_CERT }} - CERTIFICATE: ${{ secrets.CERTIFICATE }} - PRIVATE_KEY: ${{ secrets.PRIVATE_KEY }} on: workflow_dispatch: @@ -81,19 +75,19 @@ jobs: core.error(`Secret "${name}" is not set`); return true; } - core.info(`✔️ Secret "${name}" is set`); + core.info(`Secret "${name}" is set`); return false; }); if (missingSecrets.length > 0) { - core.setFailed(`❌ At least one required secret is not set in the repository. \n` + + core.setFailed(`At least one required secret is not set in the repository. \n` + "You can add it using:\n" + "GitHub UI: https://docs.github.com/en/actions/reference/encrypted-secrets#creating-encrypted-secrets-for-a-repository \n" + "GitHub CLI: https://cli.github.com/manual/gh_secret_set \n" + "Also, refer to https://github.com/redhat-actions/oc-login#getting-started-with-the-action-or-see-example"); } else { - core.info(`✅ All the required secrets are set`); + core.info(`All the required secrets are set`); } - name: Check out repository @@ -145,11 +139,18 @@ jobs: # Process update-configmap curl -s https://raw.githubusercontent.com/bcgov/${{ env.REPO_NAME }}/${{ env.BRANCH }}/tools/config/update-configmap.sh \ - | bash /dev/stdin \ - prod \ - ${{ env.APP_NAME }} \ - ${{ env.NAMESPACE }} \ - ${{ env.SPLUNK_TOKEN }} + | bash /dev/stdin \ + ${{ env.APP_ENVIRONMENT }} \ + ${{ env.APP_NAME }} \ + ${{ secrets.CCOF_NAMESPACE_NO_ENV }} \ + ${{ secrets.COMMON_NAMESPACE_NO_ENV }} \ + ${{ secrets.SOAM_CLIENT_ID }} \ + ${{ secrets.SOAM_CLIENT_ID_IDIR }} \ + ${{ secrets.SOAM_CLIENT_SECRET }} \ + ${{ secrets.SOAM_CLIENT_SECRET_IDIR }} \ + ${{ secrets.SPLUNK_TOKEN }} \ + ${{ secrets.REDIS_PASSWORD }} \ + ${{ secrets.D365_API_PREFIX }} # Start rollout (if necessary) and follow it oc rollout latest dc/${{ env.APP_NAME }}-${{ env.IMAGE_NAME }}-${{ env.APP_ENVIRONMENT }} 2> /dev/null \ diff --git a/.github/workflows/deploy-to-openshift-backend-qa.yml b/.github/workflows/deploy-to-openshift-backend-qa.yml index dae3ee718..58cb9a331 100644 --- a/.github/workflows/deploy-to-openshift-backend-qa.yml +++ b/.github/workflows/deploy-to-openshift-backend-qa.yml @@ -1,17 +1,17 @@ name: 2 QA - Deploy Backend env: - # 🖊️ EDIT your repository secrets to log into your OpenShift cluster and set up the context. + # EDIT your repository secrets to log into your OpenShift cluster and set up the context. # See https://github.com/redhat-actions/oc-login#readme for how to retrieve these values. # To get a permanent token, refer to https://github.com/redhat-actions/oc-login/wiki/Using-a-Service-Account-for-GitHub-Actions OPENSHIFT_SERVER: ${{ secrets.OPENSHIFT_SERVER }} OPENSHIFT_TOKEN: ${{ secrets.OPENSHIFT_TOKEN }} - # 🖊️ EDIT to set the kube context's namespace after login. Leave blank to use your user's default namespace. + # EDIT to set the kube context's namespace after login. Leave blank to use your user's default namespace. OPENSHIFT_NAMESPACE: ${{ secrets.CCOF_NAMESPACE_NO_ENV }}-dev SPLUNK_TOKEN: ${{ secrets.SPLUNK_TOKEN }} - # 🖊️ EDIT to change the image registry settings. + # EDIT to change the image registry settings. # Registries such as GHCR, Quay.io, and Docker Hub are supported. IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }} IMAGE_REGISTRY_USER: ${{ github.actor }} @@ -37,9 +37,6 @@ env: MAX_MEM: "700Mi" # SITE_URL should have no scheme or port. It will be prepended with https:// HOST_ROUTE: ${{ secrets.SITE_URL }} - CA_CERT: ${{ secrets.CA_CERT }} - CERTIFICATE: ${{ secrets.CERTIFICATE }} - PRIVATE_KEY: ${{ secrets.PRIVATE_KEY }} on: workflow_dispatch: @@ -137,10 +134,18 @@ jobs: # Process update-configmap curl -s https://raw.githubusercontent.com/bcgov/${{ env.REPO_NAME }}/${{ env.BRANCH }}/tools/config/update-configmap.sh \ - | bash /dev/stdin \ - qa ${{ env.APP_NAME }} \ - ${{ env.NAMESPACE }} \ - ${{ env.SPLUNK_TOKEN }} + | bash /dev/stdin \ + ${{ env.APP_ENVIRONMENT }} \ + ${{ env.APP_NAME }} \ + ${{ secrets.CCOF_NAMESPACE_NO_ENV }} \ + ${{ secrets.COMMON_NAMESPACE_NO_ENV }} \ + ${{ secrets.SOAM_CLIENT_ID }} \ + ${{ secrets.SOAM_CLIENT_ID_IDIR }} \ + ${{ secrets.SOAM_CLIENT_SECRET }} \ + ${{ secrets.SOAM_CLIENT_SECRET_IDIR }} \ + ${{ secrets.SPLUNK_TOKEN }} \ + ${{ secrets.REDIS_PASSWORD }} \ + ${{ secrets.D365_API_PREFIX }} # Start rollout (if necessary) and follow it oc rollout latest dc/${{ env.APP_NAME }}-${{ env.IMAGE_NAME }}-${{ env.APP_ENVIRONMENT }} 2> /dev/null \ diff --git a/.github/workflows/deploy-to-openshift-backend-uat.yml b/.github/workflows/deploy-to-openshift-backend-uat.yml index e0fbd39cc..2f9140d65 100644 --- a/.github/workflows/deploy-to-openshift-backend-uat.yml +++ b/.github/workflows/deploy-to-openshift-backend-uat.yml @@ -1,17 +1,17 @@ name: 3 UAT - Deploy Backend env: - # 🖊️ EDIT your repository secrets to log into your OpenShift cluster and set up the context. + # EDIT your repository secrets to log into your OpenShift cluster and set up the context. # See https://github.com/redhat-actions/oc-login#readme for how to retrieve these values. # To get a permanent token, refer to https://github.com/redhat-actions/oc-login/wiki/Using-a-Service-Account-for-GitHub-Actions OPENSHIFT_SERVER: ${{ secrets.OPENSHIFT_SERVER }} OPENSHIFT_TOKEN: ${{ secrets.OPENSHIFT_TOKEN }} - # 🖊️ EDIT to set the kube context's namespace after login. Leave blank to use your user's default namespace. + # EDIT to set the kube context's namespace after login. Leave blank to use your user's default namespace. OPENSHIFT_NAMESPACE: ${{ secrets.CCOF_NAMESPACE_NO_ENV }}-test SPLUNK_TOKEN: ${{ secrets.SPLUNK_TOKEN }} - # 🖊️ EDIT to change the image registry settings. + # EDIT to change the image registry settings. # Registries such as GHCR, Quay.io, and Docker Hub are supported. IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }} IMAGE_REGISTRY_USER: ${{ github.actor }} @@ -37,9 +37,6 @@ env: MAX_MEM: "700Mi" # SITE_URL should have no scheme or port. It will be prepended with https:// HOST_ROUTE: ${{ secrets.SITE_URL }} - CA_CERT: ${{ secrets.CA_CERT }} - CERTIFICATE: ${{ secrets.CERTIFICATE }} - PRIVATE_KEY: ${{ secrets.PRIVATE_KEY }} on: workflow_dispatch: @@ -78,19 +75,19 @@ jobs: core.error(`Secret "${name}" is not set`); return true; } - core.info(`✔️ Secret "${name}" is set`); + core.info(`Secret "${name}" is set`); return false; }); if (missingSecrets.length > 0) { - core.setFailed(`❌ At least one required secret is not set in the repository. \n` + + core.setFailed(`At least one required secret is not set in the repository. \n` + "You can add it using:\n" + "GitHub UI: https://docs.github.com/en/actions/reference/encrypted-secrets#creating-encrypted-secrets-for-a-repository \n" + "GitHub CLI: https://cli.github.com/manual/gh_secret_set \n" + "Also, refer to https://github.com/redhat-actions/oc-login#getting-started-with-the-action-or-see-example"); } else { - core.info(`✅ All the required secrets are set`); + core.info(`All the required secrets are set`); } - name: Check out repository @@ -142,11 +139,18 @@ jobs: # Process update-configmap curl -s https://raw.githubusercontent.com/bcgov/${{ env.REPO_NAME }}/${{ env.BRANCH }}/tools/config/update-configmap.sh \ - | bash /dev/stdin \ - uat \ - ${{ env.APP_NAME }} \ - ${{ env.NAMESPACE }} \ - ${{ env.SPLUNK_TOKEN }} + | bash /dev/stdin \ + ${{ env.APP_ENVIRONMENT }} \ + ${{ env.APP_NAME }} \ + ${{ secrets.CCOF_NAMESPACE_NO_ENV }} \ + ${{ secrets.COMMON_NAMESPACE_NO_ENV }} \ + ${{ secrets.SOAM_CLIENT_ID }} \ + ${{ secrets.SOAM_CLIENT_ID_IDIR }} \ + ${{ secrets.SOAM_CLIENT_SECRET }} \ + ${{ secrets.SOAM_CLIENT_SECRET_IDIR }} \ + ${{ secrets.SPLUNK_TOKEN }} \ + ${{ secrets.REDIS_PASSWORD }} \ + ${{ secrets.D365_API_PREFIX }} # Start rollout (if necessary) and follow it oc rollout latest dc/${{ env.APP_NAME }}-${{ env.IMAGE_NAME }}-${{ env.APP_ENVIRONMENT }}} 2> /dev/null \ diff --git a/.github/workflows/deploy-to-openshift-frontend-dev.yml b/.github/workflows/deploy-to-openshift-frontend-dev.yml index 9ef0122e3..8dd75bf29 100644 --- a/.github/workflows/deploy-to-openshift-frontend-dev.yml +++ b/.github/workflows/deploy-to-openshift-frontend-dev.yml @@ -160,24 +160,27 @@ jobs: # Process and apply deployment template oc process \ - -f tools/openshift/frontend.dc.yaml \ - -p APP_NAME=${{ env.APP_NAME }} \ - -p REPO_NAME=${{ env.REPO_NAME }} \ - -p BRANCH=${{ env.BRANCH }} \ - -p CA_CERT="${{ env.CA_CERT }}" \ - -p CERTIFICATE="${{ env.CERTIFICATE }}" \ - -p PRIVATE_KEY="${{ env.PRIVATE_KEY }}" \ - -p NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} \ - -p TAG=${{ env.TAG }} \ - -p MIN_REPLICAS=${{ env.MIN_REPLICAS }} \ - -p MAX_REPLICAS=${{ env.MAX_REPLICAS }} \ - -p MIN_CPU=${{ env.MIN_CPU }} \ - -p MAX_CPU=${{ env.MAX_CPU }} \ - -p MIN_MEM=${{ env.MIN_MEM }} \ - -p MAX_MEM=${{ env.MAX_MEM }} \ - -p HOST_ROUTE=${{ env.HOST_ROUTE }} \ - -p APP_ENVIRONMENT=${{ env.APP_ENVIRONMENT }} \ - | oc apply -f - + -f tools/openshift/frontend.dc.yaml \ + -p APP_NAME=${{ env.APP_NAME }} \ + -p REPO_NAME=${{ env.REPO_NAME }} \ + -p BRANCH=${{ env.BRANCH }} \ + -p CA_CERT="${{ env.CA_CERT }}" \ + -p CERTIFICATE="${{ env.CERTIFICATE }}" \ + -p PRIVATE_KEY="${{ env.PRIVATE_KEY }}" \ + -p NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} \ + -p TAG=${{ env.TAG }} \ + -p MIN_REPLICAS=${{ env.MIN_REPLICAS }} \ + -p MAX_REPLICAS=${{ env.MAX_REPLICAS }} \ + -p MIN_CPU=${{ env.MIN_CPU }} \ + -p MAX_CPU=${{ env.MAX_CPU }} \ + -p MIN_MEM=${{ env.MIN_MEM }} \ + -p MAX_MEM=${{ env.MAX_MEM }} \ + -p HOST_ROUTE=${{ env.HOST_ROUTE }} \ + -p APP_ENVIRONMENT=${{ env.APP_ENVIRONMENT }} \ + -p BANNER_COLOR=${{ vars.BANNER_COLOR }} \ + -p BANNER_ENVIRONMENT=${{ vars.BANNER_ENVIRONMENT }} \ + -p VUE_APP_BCEID_REG_URL='${{ secrets.VUE_APP_BCEID_REG_URL }}' \ + | oc apply -f - # Start rollout (if necessary) and follow it oc rollout latest dc/${{ env.APP_NAME }}-${{ env.IMAGE_NAME }}-${{ env.APP_ENVIRONMENT }} 2> /dev/null \ diff --git a/.github/workflows/deploy-to-openshift-frontend-prod.yml b/.github/workflows/deploy-to-openshift-frontend-prod.yml index b7fede45a..24a105766 100644 --- a/.github/workflows/deploy-to-openshift-frontend-prod.yml +++ b/.github/workflows/deploy-to-openshift-frontend-prod.yml @@ -1,17 +1,17 @@ name: 4 PROD - Deploy Frontend env: - # 🖊️ EDIT your repository secrets to log into your OpenShift cluster and set up the context. + # EDIT your repository secrets to log into your OpenShift cluster and set up the context. # See https://github.com/redhat-actions/oc-login#readme for how to retrieve these values. # To get a permanent token, refer to https://github.com/redhat-actions/oc-login/wiki/Using-a-Service-Account-for-GitHub-Actions OPENSHIFT_SERVER: ${{ secrets.OPENSHIFT_SERVER }} OPENSHIFT_TOKEN: ${{ secrets.OPENSHIFT_TOKEN }} - # 🖊️ EDIT to set the kube context's namespace after login. Leave blank to use your user's default namespace. + # EDIT to set the kube context's namespace after login. Leave blank to use your user's default namespace. OPENSHIFT_NAMESPACE: ${{ secrets.CCOF_NAMESPACE_NO_ENV }}-prod # SPLUNK_TOKEN: ${{ secrets.SPLUNK_TOKEN }} - # 🖊️ EDIT to change the image registry settings. + # EDIT to change the image registry settings. # Registries such as GHCR, Quay.io, and Docker Hub are supported. IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }} IMAGE_REGISTRY_USER: ${{ github.actor }} @@ -80,19 +80,19 @@ jobs: core.error(`Secret "${name}" is not set`); return true; } - core.info(`✔️ Secret "${name}" is set`); + core.info(`Secret "${name}" is set`); return false; }); if (missingSecrets.length > 0) { - core.setFailed(`❌ At least one required secret is not set in the repository. \n` + + core.setFailed(`At least one required secret is not set in the repository. \n` + "You can add it using:\n" + "GitHub UI: https://docs.github.com/en/actions/reference/encrypted-secrets#creating-encrypted-secrets-for-a-repository \n" + "GitHub CLI: https://cli.github.com/manual/gh_secret_set \n" + "Also, refer to https://github.com/redhat-actions/oc-login#getting-started-with-the-action-or-see-example"); } else { - core.info(`✅ All the required secrets are set`); + core.info(`All the required secrets are set`); } - name: Check out repository @@ -126,24 +126,27 @@ jobs: # Process and apply deployment template oc process \ - -f tools/openshift/frontend.dc.yaml \ - -p APP_NAME=${{ env.APP_NAME }} \ - -p REPO_NAME=${{ env.REPO_NAME }} \ - -p BRANCH=${{ env.BRANCH }} \ - -p NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} \ - -p TAG=${{ steps.get-latest-tag.outputs.tag }} \ - -p MIN_REPLICAS=${{ env.MIN_REPLICAS }} \ - -p MAX_REPLICAS=${{ env.MAX_REPLICAS }} \ - -p MIN_CPU=${{ env.MIN_CPU }} \ - -p MAX_CPU=${{ env.MAX_CPU }} \ - -p MIN_MEM=${{ env.MIN_MEM }} \ - -p MAX_MEM=${{ env.MAX_MEM }} \ - -p HOST_ROUTE=${{ env.HOST_ROUTE }} \ - -p CA_CERT="${{ env.CA_CERT }}" \ - -p CERTIFICATE="${{ env.CERTIFICATE }}" \ - -p PRIVATE_KEY="${{ env.PRIVATE_KEY }}" \ - -p APP_ENVIRONMENT=${{ env.APP_ENVIRONMENT }} \ - | oc apply -f - + -f tools/openshift/frontend.dc.yaml \ + -p APP_NAME=${{ env.APP_NAME }} \ + -p REPO_NAME=${{ env.REPO_NAME }} \ + -p BRANCH=${{ env.BRANCH }} \ + -p NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} \ + -p TAG=${{ steps.get-latest-tag.outputs.tag }} \ + -p MIN_REPLICAS=${{ env.MIN_REPLICAS }} \ + -p MAX_REPLICAS=${{ env.MAX_REPLICAS }} \ + -p MIN_CPU=${{ env.MIN_CPU }} \ + -p MAX_CPU=${{ env.MAX_CPU }} \ + -p MIN_MEM=${{ env.MIN_MEM }} \ + -p MAX_MEM=${{ env.MAX_MEM }} \ + -p HOST_ROUTE=${{ env.HOST_ROUTE }} \ + -p CA_CERT="${{ env.CA_CERT }}" \ + -p CERTIFICATE="${{ env.CERTIFICATE }}" \ + -p PRIVATE_KEY="${{ env.PRIVATE_KEY }}" \ + -p APP_ENVIRONMENT=${{ env.APP_ENVIRONMENT }} \ + -p BANNER_COLOR='' \ + -p BANNER_ENVIRONMENT='' \ + -p VUE_APP_BCEID_REG_URL='' \ + | oc apply -f - # Start rollout (if necessary) and follow it oc rollout latest dc/${{ env.APP_NAME }}-${{ env.IMAGE_NAME }}-${{ env.APP_ENVIRONMENT }} 2> /dev/null \ diff --git a/.github/workflows/deploy-to-openshift-frontend-qa.yml b/.github/workflows/deploy-to-openshift-frontend-qa.yml index fd8e55873..1cf043cab 100644 --- a/.github/workflows/deploy-to-openshift-frontend-qa.yml +++ b/.github/workflows/deploy-to-openshift-frontend-qa.yml @@ -1,17 +1,17 @@ name: 2 QA - Deploy Frontend env: - # 🖊️ EDIT your repository secrets to log into your OpenShift cluster and set up the context. + # EDIT your repository secrets to log into your OpenShift cluster and set up the context. # See https://github.com/redhat-actions/oc-login#readme for how to retrieve these values. # To get a permanent token, refer to https://github.com/redhat-actions/oc-login/wiki/Using-a-Service-Account-for-GitHub-Actions OPENSHIFT_SERVER: ${{ secrets.OPENSHIFT_SERVER }} OPENSHIFT_TOKEN: ${{ secrets.OPENSHIFT_TOKEN }} - # 🖊️ EDIT to set the kube context's namespace after login. Leave blank to use your user's default namespace. + # EDIT to set the kube context's namespace after login. Leave blank to use your user's default namespace. OPENSHIFT_NAMESPACE: ${{ secrets.CCOF_NAMESPACE_NO_ENV }}-dev # SPLUNK_TOKEN: ${{ secrets.SPLUNK_TOKEN }} - # 🖊️ EDIT to change the image registry settings. + # EDIT to change the image registry settings. # Registries such as GHCR, Quay.io, and Docker Hub are supported. IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }} IMAGE_REGISTRY_USER: ${{ github.actor }} @@ -78,19 +78,19 @@ jobs: core.error(`Secret "${name}" is not set`); return true; } - core.info(`✔️ Secret "${name}" is set`); + core.info(`Secret "${name}" is set`); return false; }); if (missingSecrets.length > 0) { - core.setFailed(`❌ At least one required secret is not set in the repository. \n` + + core.setFailed(`At least one required secret is not set in the repository. \n` + "You can add it using:\n" + "GitHub UI: https://docs.github.com/en/actions/reference/encrypted-secrets#creating-encrypted-secrets-for-a-repository \n" + "GitHub CLI: https://cli.github.com/manual/gh_secret_set \n" + "Also, refer to https://github.com/redhat-actions/oc-login#getting-started-with-the-action-or-see-example"); } else { - core.info(`✅ All the required secrets are set`); + core.info(`All the required secrets are set`); } - name: Check out repository @@ -119,24 +119,27 @@ jobs: # Process and apply deployment template oc process \ - -f tools/openshift/frontend.dc.yaml \ - -p APP_NAME=${{ env.APP_NAME }} \ - -p REPO_NAME=${{ env.REPO_NAME }} \ - -p BRANCH=${{ env.BRANCH }} \ - -p NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} \ - -p TAG=${{ steps.get-latest-tag.outputs.tag }} \ - -p MIN_REPLICAS=${{ env.MIN_REPLICAS }} \ - -p MAX_REPLICAS=${{ env.MAX_REPLICAS }} \ - -p MIN_CPU=${{ env.MIN_CPU }} \ - -p MAX_CPU=${{ env.MAX_CPU }} \ - -p MIN_MEM=${{ env.MIN_MEM }} \ - -p MAX_MEM=${{ env.MAX_MEM }} \ - -p HOST_ROUTE=${{ env.HOST_ROUTE }} \ - -p CA_CERT="${{ env.CA_CERT }}" \ - -p CERTIFICATE="${{ env.CERTIFICATE }}" \ - -p PRIVATE_KEY="${{ env.PRIVATE_KEY }}" \ - -p APP_ENVIRONMENT=${{ env.APP_ENVIRONMENT }} \ - | oc apply -f - + -f tools/openshift/frontend.dc.yaml \ + -p APP_NAME=${{ env.APP_NAME }} \ + -p REPO_NAME=${{ env.REPO_NAME }} \ + -p BRANCH=${{ env.BRANCH }} \ + -p NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} \ + -p TAG=${{ steps.get-latest-tag.outputs.tag }} \ + -p MIN_REPLICAS=${{ env.MIN_REPLICAS }} \ + -p MAX_REPLICAS=${{ env.MAX_REPLICAS }} \ + -p MIN_CPU=${{ env.MIN_CPU }} \ + -p MAX_CPU=${{ env.MAX_CPU }} \ + -p MIN_MEM=${{ env.MIN_MEM }} \ + -p MAX_MEM=${{ env.MAX_MEM }} \ + -p HOST_ROUTE=${{ env.HOST_ROUTE }} \ + -p CA_CERT="${{ env.CA_CERT }}" \ + -p CERTIFICATE="${{ env.CERTIFICATE }}" \ + -p PRIVATE_KEY="${{ env.PRIVATE_KEY }}" \ + -p APP_ENVIRONMENT=${{ env.APP_ENVIRONMENT }} \ + -p BANNER_COLOR=${{ vars.BANNER_COLOR }} \ + -p BANNER_ENVIRONMENT=${{ vars.BANNER_ENVIRONMENT }} \ + -p VUE_APP_BCEID_REG_URL='${{ secrets.VUE_APP_BCEID_REG_URL }}' \ + | oc apply -f - # Start rollout (if necessary) and follow it oc rollout latest dc/${{ env.APP_NAME }}-${{ env.IMAGE_NAME }}-${{ env.APP_ENVIRONMENT }} 2> /dev/null \ diff --git a/.github/workflows/deploy-to-openshift-frontend-uat.yml b/.github/workflows/deploy-to-openshift-frontend-uat.yml index fd12cbd09..462d34035 100644 --- a/.github/workflows/deploy-to-openshift-frontend-uat.yml +++ b/.github/workflows/deploy-to-openshift-frontend-uat.yml @@ -1,17 +1,17 @@ name: 3 UAT - Deploy Frontend env: - # 🖊️ EDIT your repository secrets to log into your OpenShift cluster and set up the context. + # EDIT your repository secrets to log into your OpenShift cluster and set up the context. # See https://github.com/redhat-actions/oc-login#readme for how to retrieve these values. # To get a permanent token, refer to https://github.com/redhat-actions/oc-login/wiki/Using-a-Service-Account-for-GitHub-Actions OPENSHIFT_SERVER: ${{ secrets.OPENSHIFT_SERVER }} OPENSHIFT_TOKEN: ${{ secrets.OPENSHIFT_TOKEN }} - # 🖊️ EDIT to set the kube context's namespace after login. Leave blank to use your user's default namespace. + # EDIT to set the kube context's namespace after login. Leave blank to use your user's default namespace. OPENSHIFT_NAMESPACE: ${{ secrets.CCOF_NAMESPACE_NO_ENV }}-test # SPLUNK_TOKEN: ${{ secrets.SPLUNK_TOKEN }} - # 🖊️ EDIT to change the image registry settings. + # EDIT to change the image registry settings. # Registries such as GHCR, Quay.io, and Docker Hub are supported. IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }} IMAGE_REGISTRY_USER: ${{ github.actor }} @@ -80,19 +80,19 @@ jobs: core.error(`Secret "${name}" is not set`); return true; } - core.info(`✔️ Secret "${name}" is set`); + core.info(`Secret "${name}" is set`); return false; }); if (missingSecrets.length > 0) { - core.setFailed(`❌ At least one required secret is not set in the repository. \n` + + core.setFailed(`At least one required secret is not set in the repository. \n` + "You can add it using:\n" + "GitHub UI: https://docs.github.com/en/actions/reference/encrypted-secrets#creating-encrypted-secrets-for-a-repository \n" + "GitHub CLI: https://cli.github.com/manual/gh_secret_set \n" + "Also, refer to https://github.com/redhat-actions/oc-login#getting-started-with-the-action-or-see-example"); } else { - core.info(`✅ All the required secrets are set`); + core.info(`All the required secrets are set`); } - name: Check out repository @@ -126,24 +126,27 @@ jobs: # Process and apply deployment template oc process \ - -f tools/openshift/frontend.dc.yaml \ - -p APP_NAME=${{ env.APP_NAME }} \ - -p REPO_NAME=${{ env.REPO_NAME }} \ - -p BRANCH=${{ env.BRANCH }} \ - -p NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} \ - -p TAG=${{ steps.get-latest-tag.outputs.tag }} \ - -p MIN_REPLICAS=${{ env.MIN_REPLICAS }} \ - -p MAX_REPLICAS=${{ env.MAX_REPLICAS }} \ - -p MIN_CPU=${{ env.MIN_CPU }} \ - -p MAX_CPU=${{ env.MAX_CPU }} \ - -p MIN_MEM=${{ env.MIN_MEM }} \ - -p MAX_MEM=${{ env.MAX_MEM }} \ - -p HOST_ROUTE=${{ env.HOST_ROUTE }} \ - -p CA_CERT="${{ env.CA_CERT }}" \ - -p CERTIFICATE="${{ env.CERTIFICATE }}" \ - -p PRIVATE_KEY="${{ env.PRIVATE_KEY }}" \ - -p APP_ENVIRONMENT=${{ env.APP_ENVIRONMENT }} \ - | oc apply -f - + -f tools/openshift/frontend.dc.yaml \ + -p APP_NAME=${{ env.APP_NAME }} \ + -p REPO_NAME=${{ env.REPO_NAME }} \ + -p BRANCH=${{ env.BRANCH }} \ + -p NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} \ + -p TAG=${{ steps.get-latest-tag.outputs.tag }} \ + -p MIN_REPLICAS=${{ env.MIN_REPLICAS }} \ + -p MAX_REPLICAS=${{ env.MAX_REPLICAS }} \ + -p MIN_CPU=${{ env.MIN_CPU }} \ + -p MAX_CPU=${{ env.MAX_CPU }} \ + -p MIN_MEM=${{ env.MIN_MEM }} \ + -p MAX_MEM=${{ env.MAX_MEM }} \ + -p HOST_ROUTE=${{ env.HOST_ROUTE }} \ + -p CA_CERT="${{ env.CA_CERT }}" \ + -p CERTIFICATE="${{ env.CERTIFICATE }}" \ + -p PRIVATE_KEY="${{ env.PRIVATE_KEY }}" \ + -p APP_ENVIRONMENT=${{ env.APP_ENVIRONMENT }} \ + -p BANNER_COLOR=${{ vars.BANNER_COLOR }} \ + -p BANNER_ENVIRONMENT=${{ vars.BANNER_ENVIRONMENT }} \ + -p VUE_APP_BCEID_REG_URL='${{ secrets.VUE_APP_BCEID_REG_URL }}' \ + | oc apply -f - # Start rollout (if necessary) and follow it oc rollout latest dc/${{ env.APP_NAME }}-${{ env.IMAGE_NAME }}-${{ env.APP_ENVIRONMENT }} 2> /dev/null \ diff --git a/frontend/Dockerfile b/frontend/Dockerfile index 8c8b4442e..12316fbb2 100644 --- a/frontend/Dockerfile +++ b/frontend/Dockerfile @@ -1,4 +1,5 @@ -FROM artifacts.developer.gov.bc.ca/docker-remote/node:14.19.1 as build-stage +FROM artifacts.developer.gov.bc.ca/docker-remote/node:20.18.0-alpine3.20 as build-stage + WORKDIR /frontend COPY package*.json ./ RUN npm install diff --git a/tools/config/update-configmap.sh b/tools/config/update-configmap.sh index 33ec2a55f..366c58892 100644 --- a/tools/config/update-configmap.sh +++ b/tools/config/update-configmap.sh @@ -1,7 +1,20 @@ -ENV_VAL=$1 -APP_NAME=$2 -OPENSHIFT_NAMESPACE=$3 -SPLUNK_TOKEN=$4 +set -euo pipefail + +readonly ENV_VAL=$1 +readonly APP_NAME=$2 +readonly NAMESPACE_PREFIX=$3 +readonly COMMON_NAMESPACE=$4 +readonly SOAM_CLIENT_ID=$5 +readonly SOAM_CLIENT_ID_IDIR=$6 +readonly SOAM_CLIENT_SECRET=$7 +readonly SOAM_CLIENT_SECRET_IDIR=$8 +readonly SPLUNK_TOKEN=$9 +readonly REDIS_PASSWORD=${10} +readonly D365_API_PREFIX=${11} +readonly SOAM_KC_REALM_ID="standard" +readonly D365_API_ENDPOINT="http://$D365_API_PREFIX-$ENV_VAL:5091" +readonly TIMEZONE="America/Vancouver" +readonly NODE_ENV='openshift' NAMESPACE_SUFFIX="$ENV_VAL" if [ "$ENV_VAL" = "dev" ] || [ "$ENV_VAL" = "qa" ]; then @@ -13,6 +26,89 @@ elif [ "$ENV_VAL" = "prod" ]; then fi readonly NAMESPACE_SUFFIX +SITE_MINDER_LOGOUT_URL="" +if [ "$ENV_VAL" != "prod" ] +then + SITE_MINDER_LOGOUT_URL="https://logontest7.gov.bc.ca/clp-cgi/logoff.cgi?retnow=1&returl=" +else + SITE_MINDER_LOGOUT_URL="https://logon7.gov.bc.ca/clp-cgi/logoff.cgi?retnow=1&returl=" +fi +readonly SITE_MINDER_LOGOUT_URL + +SOAM_KC="loginproxy.gov.bc.ca" +SERVER_FRONTEND='https://mychildcareservices.gov.bc.ca' +if [ "$ENV_VAL" != "prod" ] +then + SOAM_KC="$NAMESPACE_SUFFIX.loginproxy.gov.bc.ca" + SERVER_FRONTEND="https://$ENV_VAL.mychildcareservices.gov.bc.ca" +fi +readonly SOAM_KC +readonly SERVER_FRONTEND + +LOG_LEVEL="verbose" +if [ "$ENV_VAL" = "prod" ]; then + LOG_LEVEL="info" +fi +readonly LOG_LEVEL + +readonly OPENSHIFT_NAMESPACE="$NAMESPACE_PREFIX-$NAMESPACE_SUFFIX" + +echo Fetching one-liner public key from SOAM +SOAM_ONE_LINE_KEY=$(curl -sX GET "https://$SOAM_KC/auth/realms/$SOAM_KC_REALM_ID" \ + | jq -r .public_key) +readonly SOAM_ONE_LINE_KEY + +echo Formatting public key from SOAM +FORMATTED_SOAM_PUBLIC_KEY=$(cat << PUBKEY +-----BEGIN PUBLIC KEY----- +$(echo "$SOAM_ONE_LINE_KEY" | fold -w64) +-----END PUBLIC KEY----- +PUBKEY +) +readonly FORMATTED_SOAM_PUBLIC_KEY +echo "$FORMATTED_SOAM_PUBLIC_KEY" + +echo Generating private and public keys +ssh-keygen -b 4096 -t rsa -f tempPenBackendkey -m pem -q -N "" +UI_PRIVATE_KEY_VAL="$(cat tempPenBackendkey)" +UI_PUBLIC_KEY_VAL="$(ssh-keygen -f tempPenBackendkey -e -m pem)" +readonly UI_PRIVATE_KEY_VAL +readonly UI_PUBLIC_KEY_VAL + +echo Removing key files +rm tempPenBackendkey +rm tempPenBackendkey.pub + +echo Creating config map "$APP_NAME-backend-config-map" +oc create -n "$OPENSHIFT_NAMESPACE" configmap \ + "$APP_NAME-backend-$ENV_VAL-config-map" \ + --from-literal="CLAMAV_HOST=clamav.$COMMON_NAMESPACE-$NAMESPACE_SUFFIX.svc.cluster.local" \ + --from-literal="D365_API_ENDPOINT=$D365_API_ENDPOINT" \ + --from-literal="LOG_LEVEL=$LOG_LEVEL" \ + --from-literal="TZ=$TIMEZONE" \ + --from-literal="NODE_ENV=$NODE_ENV" \ + --from-literal="USE_REDIS=true" \ + --from-literal="REDIS_USE_CLUSTERED=true" \ + --from-literal="REDIS_HOST=redis" \ + --from-literal="REDIS_PORT=6379" \ + --from-literal="REDIS_FACILITY_TTL=600" \ + --from-literal="REDIS_PASSWORD=$REDIS_PASSWORD" \ + --from-literal="SERVER_FRONTEND=$SERVER_FRONTEND" \ + --from-literal="SERVER_PORT=8080" \ + --from-literal="SITEMINDER_LOGOUT_ENDPOINT=$SITE_MINDER_LOGOUT_URL" \ + --from-literal="SOAM_DISCOVERY=https://$SOAM_KC/auth/realms/$SOAM_KC_REALM_ID/.well-known/openid-configuration" \ + --from-literal="SOAM_CLIENT_ID=$SOAM_CLIENT_ID" \ + --from-literal="SOAM_CLIENT_SECRET=$SOAM_CLIENT_SECRET" \ + --from-literal="SOAM_CLIENT_ID_IDIR=$SOAM_CLIENT_ID_IDIR" \ + --from-literal="SOAM_CLIENT_SECRET_IDIR=$SOAM_CLIENT_SECRET_IDIR" \ + --from-literal="SOAM_PUBLIC_KEY=$FORMATTED_SOAM_PUBLIC_KEY" \ + --from-literal="SOAM_URL=https://$SOAM_KC/auth/realms/$SOAM_KC_REALM_ID/protocol/openid-connect/logout" \ + --from-literal="UI_PRIVATE_KEY=$UI_PRIVATE_KEY_VAL" \ + --from-literal="UI_PUBLIC_KEY=$UI_PUBLIC_KEY_VAL" \ + --from-literal="CLAMAV_PORT=3310" \ + --from-literal="ISSUER=EDUC_CCOF" \ + --dry-run -o yaml | oc apply -f - + if [ "$ENV_VAL" != 'qa' ]; then SPLUNK_URL="gww.splunk.educ.gov.bc.ca" FLB_CONFIG="[SERVICE] @@ -51,7 +147,7 @@ if [ "$ENV_VAL" != 'qa' ]; then " echo Creating config map "$APP_NAME-flb-sc-config-map" - oc create -n "$OPENSHIFT_NAMESPACE-$NAMESPACE_SUFFIX" \ + oc create -n "$OPENSHIFT_NAMESPACE" \ configmap "$APP_NAME-flb-sc-config-map" \ --from-literal=fluent-bit.conf="$FLB_CONFIG" \ --from-literal=parsers.conf="$PARSER_CONFIG" \ diff --git a/tools/openshift/frontend.dc.yaml b/tools/openshift/frontend.dc.yaml index 09636ecb5..ca63abd95 100644 --- a/tools/openshift/frontend.dc.yaml +++ b/tools/openshift/frontend.dc.yaml @@ -142,6 +142,42 @@ target: type: Utilization averageUtilization: 90 + - apiVersion: v1 + kind: ConfigMap + metadata: + name: ccof-frontend-${APP_ENVIRONMENT}-config-map + namespace: '${NAMESPACE}' + data: + config.js: | + const config = { + VUE_APP_META_DATA: [ { name: 'robots', content: 'noindex,nofollow' } ], + BANNER_COLOR: '${BANNER_COLOR}', + BANNER_ENVIRONMENT: '${BANNER_ENVIRONMENT}', + VUE_APP_BCEID_REG_URL: '${VUE_APP_BCEID_REG_URL}', + DECB_VALIDATION_BYPASS: true, + }; + snowplow.js: |- + // + ;(function(p,l,o,w,i,n,g){if(!p[i]){p.GlobalSnowplowNamespace=p.GlobalSnowplowNamespace||[]; + p.GlobalSnowplowNamespace.push(i);p[i]=function(){(p[i].q=p[i].q||[]).push(arguments) + };p[i].q=p[i].q||[];n=l.createElement(o);g=l.getElementsByTagName(o)[0];n.async=1; + n.src=w;g.parentNode.insertBefore(n,g)}}(window,document,"script","https://www2.gov.bc.ca/StaticWebResources/static/sp/sp-2-14-0.js","snowplow")); + var collector = 'spm.apps.gov.bc.ca'; + window.snowplow('newTracker','rt',collector, { + appId: 'Snowplow_standalone_CCFRI', + cookieLifetime: 86400 * 548, + platform: 'web', + post: true, + forceSecureTracker: true, + contexts: { + webPage: true, + performanceTiming: true + } + }); + window.snowplow('enableActivityTracking', 30, 30); // Ping every 30 seconds after 30 seconds + window.snowplow('enableLinkClickTracking'); + window.snowplow('trackPageView'); + // parameters: - name: REPO_NAME description: Application repository name @@ -188,6 +224,15 @@ - name: PRIVATE_KEY description: The private key required: true + - name: BANNER_ENVIRONMENT + description: Environment label for the portal banner + required: true + - name: BANNER_COLOR + description: The color for the environment label in the portal + required: true + - name: VUE_APP_BCEID_REG_URL + description: The bceid registration URL + required: true - name: APP_ENVIRONMENT description: The environment being created ('dev', 'qa', 'uat', 'prod') required: true