diff --git a/.github/actions/backend-deploy-job/files/cloudbuild.yaml b/.github/actions/backend-deploy-job/files/cloudbuild.yaml index 4cbcb1a9..07cad73f 100644 --- a/.github/actions/backend-deploy-job/files/cloudbuild.yaml +++ b/.github/actions/backend-deploy-job/files/cloudbuild.yaml @@ -1,167 +1,234 @@ steps: -# build image if not exists in artifact registry -- name: 'northamerica-northeast1-docker.pkg.dev/c4hnrd-tools/cicd-repo/gcp-sre' - script: | - #!/usr/bin/env bash - if [[ -z `gcloud artifacts docker images describe ${_REGION}-docker.pkg.dev/${_DEPLOY_RUNNING_PROJECT_ID}/cloud-run-repo/${_APP_NAME}:$_SHORT_SHA --verbosity=none` ]] - then - docker build \ - -t ${_REGION}-docker.pkg.dev/${_DEPLOY_RUNNING_PROJECT_ID}/cloud-run-repo/${_APP_NAME}:$_SHORT_SHA \ - --cache-from ${_REGION}-docker.pkg.dev/${_DEPLOY_RUNNING_PROJECT_ID}/cloud-run-repo/${_APP_NAME}:latest\ - . - - docker push ${_REGION}-docker.pkg.dev/${_DEPLOY_RUNNING_PROJECT_ID}/cloud-run-repo/${_APP_NAME}:$_SHORT_SHA - - gcloud artifacts docker tags add \ - ${_REGION}-docker.pkg.dev/${_DEPLOY_RUNNING_PROJECT_ID}/cloud-run-repo/${_APP_NAME}:$_SHORT_SHA \ - ${_REGION}-docker.pkg.dev/${_DEPLOY_RUNNING_PROJECT_ID}/cloud-run-repo/${_APP_NAME}:latest - else - echo 'image tag exists' - fi - -# prepare/setup service and cloud deploy manifest files +# Step 0: Prepare and setup job and cloud deploy manifest files - name: 'northamerica-northeast1-docker.pkg.dev/c4hnrd-tools/cicd-repo/gcp-sre' secretEnv: ['OP_CONNECT_HOST', 'OP_CONNECT_TOKEN'] script: | #!/usr/bin/env bash - - PROJECT_ID=$(op read -n op://CD/${_DEPLOY_TARGET}/${_APP_NAME}/DEPLOY_PROJECT_ID) - echo $PROJECT_ID > /workspace/project_id.txt - PROJECT_NAME=$(echo $PROJECT_ID | cut -d'-' -f 1) - - targets=(${_DEPLOY_TARGETS}) - if [ -z ${_DEPLOY_TARGET_FROM} ] || [ ${_DEPLOY_TARGET_FROM} = ${targets[0]} ]; then - # update the pipeline name - export PIPELINE_NAME=${_DEPLOY_PIPELINE} - yq e -i '.metadata.name = env(PIPELINE_NAME)' ./devops/gcp/clouddeploy.yaml - - for env_name in "${targets[@]}"; do - export APP_ENV=${env_name} - - if [[ -z "$(op inject -f -i ./devops/vaults.gcp.env -o ./devops/vaults.${env_name})" ]]; then - echo "Error: failed to generate secrets via 1password vault." >&2 - exit 1 - fi - - export VPC_CONNECTOR=$(awk -F '=' '/^VPC_CONNECTOR/ {print $2}' ./devops/vaults.${env_name}) - export VAL=$(awk '{f1=f2=$0; sub(/=.*/,"",f1); sub(/[^=]+=/,"",f2); printf "- name: %s\n value: %s\n",f1,f2}' ./devops/vaults.${env_name} | sed 's/\"/\"/g') - - if [ "$VPC_CONNECTOR" ]; then - yq e '.spec.template.metadata.annotations["run.googleapis.com/vpc-access-egress"] = "private-ranges-only" | - .spec.template.metadata.annotations["run.googleapis.com/vpc-access-connector"] = env(VPC_CONNECTOR)' \ - ./devops/gcp/k8s/service.template.yaml > ./devops/gcp/k8s/temp-service.${env_name}.yaml - # generate manifest for each environment - yq e '.spec.template.spec.containers[0].env += env(VAL)' ./devops/gcp/k8s/temp-service.${env_name}.yaml > ./devops/gcp/k8s/service.${env_name}.yaml - else - # generate manifest for each environment - yq e '.spec.template.spec.template.spec.containers[0].env += env(VAL)' ./devops/gcp/k8s/job.template.yaml > ./devops/gcp/k8s/job.${env_name}.yaml - fi - done - - targets_full=(${_DEPLOY_FULL_TARGETS}) - - # find difference of targets compare with full targets + set -euo pipefail + + echo "Step 0: Prepare and setup job and cloud deploy manifest files" + + PROJECT_ID=$(op read -n "op://CD/${_DEPLOYMENT_ENV}/${_APP_NAME}/DEPLOY_PROJECT_ID") + echo "$PROJECT_ID" > /workspace/project_id.txt + PROJECT_NAME="${PROJECT_ID%%-*}" + + generate_job_manifest() { + local env_name=$1 + export APP_ENV=${env_name} + + if [[ -z "$(op inject -f -i ./devops/vaults.gcp.env -o ./devops/vaults.${env_name})" ]]; then + echo "Error: failed to generate secrets via 1password vault." >&2 + exit 1 + fi + + export VPC_CONNECTOR=$(awk -F '=' '/^VPC_CONNECTOR/ {print $2}' "./devops/vaults.${env_name}") + export VAL=$(awk '{f1=f2=$0; sub(/=.*/,"",f1); sub(/[^=]+=/,"",f2); printf "- name: %s\n value: %s\n",f1,f2}' "./devops/vaults.${env_name}" | sed 's/"/"/g') + + if [ -n "$VPC_CONNECTOR" ]; then + yq e '.spec.template.metadata.annotations["run.googleapis.com/vpc-access-egress"] = "private-ranges-only" | + .spec.template.metadata.annotations["run.googleapis.com/vpc-access-connector"] = env(VPC_CONNECTOR)' \ + ./devops/gcp/k8s/job.template.yaml > "./devops/gcp/k8s/temp-job.${env_name}.yaml" + yq e '.spec.template.spec.template.spec.containers[0].env += env(VAL)' "./devops/gcp/k8s/temp-job.${env_name}.yaml" > "./devops/gcp/k8s/job.${env_name}.yaml" + else + yq e '.spec.template.spec.template.spec.containers[0].env += env(VAL)' ./devops/gcp/k8s/job.template.yaml > "./devops/gcp/k8s/job.${env_name}.yaml" + fi + } + + remove_unused_deployment() { + targets_full=(${_DEPLOY_FULL_DEPLOYMENT_ENVS}) envs_diff=($(echo ${targets_full[@]} ${targets[@]} | tr ' ' '\n' | sort | uniq -u)) for env_name in "${envs_diff[@]}"; do - # remove the target from cloud deploy manifest - export TARGET_ENV=${PROJECT_NAME}-${env_name} - yq -i 'del(.serialPipeline.stages[] | select(.targetId == env(TARGET_ENV)))' ./devops/gcp/clouddeploy.yaml + export TARGET=${PROJECT_NAME}-${env_name} + yq -i 'del(.serialPipeline.stages[] | select(.targetId == env(TARGET)))' "./devops/gcp/clouddeploy.yaml" done + } + + targets=(${_DEPLOYMENT_ENVS}) + if [[ -z "${_DEPLOYMENT_ENV_FROM}" || "${_DEPLOYMENT_ENV}" == "${targets[0]}" ]]; then + yq e -i '.metadata.name = env(_DEPLOYMENT_PIPELINE)' "./devops/gcp/clouddeploy.yaml" + for env_name in "${targets[@]}"; do + generate_job_manifest "$env_name" + done + remove_unused_deployment fi - # Apply Cloud Deploy deployment gcloud deploy apply --file=./devops/gcp/clouddeploy.yaml \ - --region=${_REGION} \ - --project=${_DEPLOY_RUNNING_PROJECT_ID} + --region="${_REGION}" \ + --project="${_BUILD_PROJECT}" -# deploy +# Step 1: Build and deploy the job - name: 'gcr.io/cloud-builders/gcloud' script: | #!/usr/bin/env bash + set -euo pipefail - PROJECT_ID=$(cat /workspace/project_id.txt) - PROJECT_NAME=$(echo $PROJECT_ID | cut -d'-' -f 1) - TARGE_ENV=${PROJECT_NAME}-${_DEPLOY_TARGET} + echo "Step 1: Build and deploy the job" - # tag image - gcloud artifacts docker tags add \ - ${_REGION}-docker.pkg.dev/${_DEPLOY_RUNNING_PROJECT_ID}/cloud-run-repo/${_APP_NAME}:$_SHORT_SHA \ - ${_REGION}-docker.pkg.dev/${_DEPLOY_RUNNING_PROJECT_ID}/cloud-run-repo/${_APP_NAME}:${_DEPLOY_TARGET} - - cd ./devops/gcp/ - - if [ -z ${_DEPLOY_TARGET_FROM} ] || [ ${_DEPLOY_TARGET_FROM} = ${_DEPLOY_TARGET} ]; then - RELEASE_TIMESTAMP=$(date '+%Y%m%d%H%M') - - gcloud deploy releases create v-$_SHORT_SHA-${RELEASE_TIMESTAMP} \ - --delivery-pipeline=${_DEPLOY_PIPELINE} \ - --region=${_REGION} \ - --to-target=${TARGE_ENV} \ - --images=image-placeholder=${_REGION}-docker.pkg.dev/${_DEPLOY_RUNNING_PROJECT_ID}/cloud-run-repo/${_APP_NAME}:$_SHORT_SHA + PROJECT_ID=$(cat /workspace/project_id.txt) + PROJECT_NAME="${PROJECT_ID%%-*}" + TARGET="${PROJECT_NAME}-${_DEPLOYMENT_ENV}" + TARGET_FROM="${PROJECT_NAME}-${_DEPLOYMENT_ENV_FROM}" + IMAGE_PATH="${_REGION}-docker.pkg.dev/${_BUILD_PROJECT}/cloud-run-repo/${_APP_NAME}" + + tag_exists() { + local tag="$1" + gcloud artifacts docker tags list "${IMAGE_PATH}" --filter="tag:${tag}" --format="value(tag)" 2> /dev/null | grep -q . + } + + tag_image() { + local source_tag="$1" + local target_tag="$2" + echo "Tagging: ${source_tag} -> ${target_tag}" + gcloud artifacts docker tags add "${IMAGE_PATH}:${source_tag}" "${IMAGE_PATH}:${target_tag}" + } + + build_and_push_image() { + local target_tag="$1" + if ! tag_exists "${_SHORT_SHA}"; then + docker build -t "${IMAGE_PATH}:${_SHORT_SHA}" --cache-from "${IMAGE_PATH}:latest" . + docker push "${IMAGE_PATH}:${_SHORT_SHA}" + tag_image "${_SHORT_SHA}" "latest" + else + echo "Image ${IMAGE_PATH}:${_SHORT_SHA} already exists. Skipping build." >&2 + fi + tag_image "${_SHORT_SHA}" "${target_tag}" + } + + case ${_DEPLOYMENT_ENV} in + "dev"|"test"|"sandbox"|"prod") + if [ "${_DEPLOYMENT_ENV}" = "prod" ] && tag_exists "prod"; then + tag_image "prod" "prod-$(date +%F)" + fi + if [ -z "${_DEPLOYMENT_ENV_FROM}" ] || [ "${_DEPLOYMENT_ENV_FROM}" = "${_DEPLOYMENT_ENV}" ]; then + build_and_push_image "${_DEPLOYMENT_ENV}" + else + tag_image "${_DEPLOYMENT_ENV_FROM}" "${_DEPLOYMENT_ENV}" + fi + ;; + *) + echo "Error: Invalid environment '${_DEPLOYMENT_ENV}'. Allowed values are test, sandbox, dev, or prod." >&2 + exit 1 + ;; + esac + + cd ./devops/gcp + RELEASE_NAME="v-${_APP_NAME}-${_SHORT_SHA}-$(date '+%Y%m%d%H%M')" + + if [ -z "${_DEPLOYMENT_ENV_FROM}" ] || [ "${_DEPLOYMENT_ENV_FROM}" = "${_DEPLOYMENT_ENV}" ]; then + gcloud deploy releases create "${RELEASE_NAME}" \ + --delivery-pipeline="${_DEPLOYMENT_PIPELINE}" \ + --region="${_REGION}" \ + --to-target="${TARGET}" \ + --images="image-placeholder=${IMAGE_PATH}:${_SHORT_SHA}" else - # prompt the existing release - gcloud artifacts docker tags add \ - ${_REGION}-docker.pkg.dev/${_PROJECT_ID}/cloud-run-repo/${_APP_NAME}:${_DEPLOY_TARGET_FROM} \ - ${_REGION}-docker.pkg.dev/${_PROJECT_ID}/cloud-run-repo/${_APP_NAME}:${_DEPLOY_TARGET} - - LATEST_RELEASE_NAME=$(gcloud deploy targets describe ${_DEPLOY_TARGET_FROM} \ - --delivery-pipeline=${_DEPLOY_PIPELINE} \ - --region=${_REGION} \ + RELEASE_NAME=$(gcloud deploy targets describe "${TARGET_FROM}" \ + --delivery-pipeline="${_DEPLOYMENT_PIPELINE}" \ + --region="${_REGION}" \ --format="value('Latest release')") - - gcloud deploy releases promote --release=${LATEST_RELEASE_NAME} \ - --delivery-pipeline=${_DEPLOY_PIPELINE}\ - --region=${_REGION} \ - --to-target=${TARGE_ENV} + gcloud deploy releases promote --release="${RELEASE_NAME}" \ + --delivery-pipeline="${_DEPLOYMENT_PIPELINE}" \ + --region="${_REGION}" \ + --to-target="${TARGET}" fi -# handle multiple jobs -- name: 'northamerica-northeast1-docker.pkg.dev/c4hnrd-tools/cicd-repo/gcp-sre' - script: | - #!/usr/bin/env bash - - res=$((ls run_*.sh >> /dev/null 2>&1 && echo "EXIST") || echo "NOT_EXIST") - - if [ "$res" = "EXIST" ]; then + RELEASE_NAME="${RELEASE_NAME##*/}" + echo "Release name: $PROJECT_ID $RELEASE_NAME" - JOB_NAMESPACE=$(cat /workspace/project_id.txt) + MAX_RETRIES=10 + RETRY_INTERVAL=30 + RETRY_COUNT=0 - # fetch the mother job's yaml - gcloud run jobs describe ${_APP_NAME}-${_DEPLOY_TARGET} --format=yaml --project=${JOB_NAMESPACE} --region=${_REGION} > ./devops/gcp/k8s/job.${_DEPLOY_TARGET}.yaml + while [ $RETRY_COUNT -lt $MAX_RETRIES ]; do + if gcloud run jobs describe "${_APP_NAME}-${_DEPLOYMENT_ENV}" --region="${_REGION}" --project="$PROJECT_ID" --format="value(metadata.name)" 2> /dev/null ; then + DEPLOY_RELEASE_NAME=$(gcloud run jobs describe "${_APP_NAME}-${_DEPLOYMENT_ENV}" --region="${_REGION}" --project="$PROJECT_ID" --format="value(metadata.labels.release-id)" 2> /dev/null) + echo "Deploy Release name: $DEPLOY_RELEASE_NAME" + if [ "${DEPLOY_RELEASE_NAME}" = "${RELEASE_NAME}" ]; then + echo "Release ${RELEASE_NAME} completed successfully." + break + fi + fi + echo "Release ${RELEASE_NAME} is still in progress." + RETRY_COUNT=$((RETRY_COUNT + 1)) + sleep $RETRY_INTERVAL + done - # remove unique metadata - yq -i 'del(.status)' ./devops/gcp/k8s/job.${_DEPLOY_TARGET}.yaml - yq -i 'del(.metadata.generation)' ./devops/gcp/k8s/job.${_DEPLOY_TARGET}.yaml - yq -i 'del(.metadata.creationTimestamp)' ./devops/gcp/k8s/job.${_DEPLOY_TARGET}.yaml - yq -i 'del(.metadata.namespace)' ./devops/gcp/k8s/job.${_DEPLOY_TARGET}.yaml - yq -i 'del(.metadata.resourceVersion)' ./devops/gcp/k8s/job.${_DEPLOY_TARGET}.yaml - yq -i 'del(.metadata.selfLink)' ./devops/gcp/k8s/job.${_DEPLOY_TARGET}.yaml - yq -i 'del(.metadata.uid)' ./devops/gcp/k8s/job.${_DEPLOY_TARGET}.yaml +# Step 2: handle multiple jobs and scheduler(s) +- name: 'northamerica-northeast1-docker.pkg.dev/c4hnrd-tools/cicd-repo/gcp-sre' + script: | + #!/usr/bin/env bash + set -euo pipefail + + echo "Step 2: handle multiple jobs and scheduler(s)" + + PROJECT_ID=$(< /workspace/project_id.txt) + + validate_cron_expression() { + local cron_expression="$1" + local regex='^(((([0-9]+,)+[0-9]+|([0-9]+(/[0-9]+|-|#)[0-9]+)|[0-9]+L?|\*(/[0-9]+)?|L(-[0-9]+)?|\?|[A-Z]{3}(-[A-Z]{3})?) ?){5,7})|(@(annually|yearly|monthly|weekly|daily|hourly|reboot))|(@every ([0-9]+(ns|us|µs|ms|s|m|h))+)$' + [[ "$cron_expression" =~ $regex ]] + } + + create_schedulers() { + local cronfile_name="$1" + local job_name="$2" + local job_project="$3" + + if [[ -d ./schedules && (-f ./schedules/${cronfile_name}.cron || -f ./schedules/${cronfile_name}.${_DEPLOYMENT_ENV}.cron) ]]; then + CRON_FILE="./schedules/${cronfile_name}.${_DEPLOYMENT_ENV}.cron" + [[ ! -f "$CRON_FILE" ]] && CRON_FILE="./schedules/${cronfile_name}.cron" + + for scheduler in $(gcloud scheduler jobs list --project="${job_project}" --location "${_REGION}" --format="value(name)" | grep "${job_name}-scheduler"); do + gcloud scheduler jobs delete "$scheduler" --quiet --project="${job_project}" --location "${_REGION}" || echo "Failed to delete $scheduler" + done + + mapfile -t cron_lines < "$CRON_FILE" + local schedule_id=0 + for line in "${cron_lines[@]}"; do + if validate_cron_expression "$line"; then + echo "Valid cron expression: $line" + gcloud scheduler jobs create http ${job_name}-scheduler-trigger-$((++schedule_id)) \ + --project="${job_project}" \ + --location "${_REGION}" \ + --time-zone="PST" \ + --schedule="${line}" \ + --uri="https://${_REGION}-run.googleapis.com/apis/run.googleapis.com/v1/namespaces/${job_project}/jobs/${job_name}:run" \ + --http-method POST \ + --oauth-service-account-email sa-job@${job_project}.iam.gserviceaccount.com + fi + done + fi + } - for file in run_*sh; - do - JOB_SCRIPT_NAME=$(echo "${file##*/}") - export JOB_NAME=$(echo ${_APP_NAME}-${_DEPLOY_TARGET}-${JOB_SCRIPT_NAME} | cut -d'.' -f 1 | tr "_" "-") - export COMMAND="./${JOB_SCRIPT_NAME}" + if [[ -n "$(ls run_*.sh 2> /dev/null)" ]]; then + gcloud run jobs describe "${_APP_NAME}-${_DEPLOYMENT_ENV}" --format=yaml --project="${PROJECT_ID}" --region="${_REGION}" > ./devops/gcp/k8s/job.${_DEPLOYMENT_ENV}.yaml + yq -i 'del(.status, .metadata.generation, .metadata.creationTimestamp, .metadata.namespace, .metadata.resourceVersion, .metadata.selfLink, .metadata.uid)' ./devops/gcp/k8s/job.${_DEPLOYMENT_ENV}.yaml - # replace job and - yq e '.metadata.name = env(JOB_NAME) | .spec.template.spec.template.spec.containers[0].command = env(COMMAND)' \ - ./devops/gcp/k8s/job.${_DEPLOY_TARGET}.yaml > ./devops/gcp/k8s/${JOB_NAME}.yaml + for file in run_*sh; do + JOB_SCRIPT_NAME="${file##*/}" + echo "Job ${JOB_SCRIPT_NAME}" - # create job if not exist - res=$(gcloud run jobs describe $JOB_NAME --project=${JOB_NAMESPACE} --region=${_REGION} || echo "NOT_EXIST") + export JOB_NAME=$(echo ${_APP_NAME}-${_DEPLOYMENT_ENV}-${JOB_SCRIPT_NAME} | cut -d'.' -f 1 | tr "_" "-") + export COMMAND="./${JOB_SCRIPT_NAME}" - if [ "$res" = "NOT_EXIST" ]; then - echo "Creating your job..." - gcloud run jobs create $JOB_NAME --project=${JOB_NAMESPACE} --region=${_REGION} - fi + yq e '.metadata.name = env(JOB_NAME) | .spec.template.spec.template.spec.containers[0].command = env(COMMAND)' \ + ./devops/gcp/k8s/job.${_DEPLOYMENT_ENV}.yaml > ./devops/gcp/k8s/${JOB_NAME}.yaml - # replace the yaml - gcloud run jobs replace ./devops/gcp/k8s/${JOB_NAME}.yaml --project=${JOB_NAMESPACE} --region=${_REGION} + if ! gcloud run jobs describe "${JOB_NAME}" --project="${PROJECT_ID}" --region="${_REGION}" &>/dev/null; then + echo "Creating your job..." + IMAGE="${_REGION}-docker.pkg.dev/${_BUILD_PROJECT}/cloud-run-repo/${_APP_NAME}:${_DEPLOYMENT_ENV}" + gcloud run jobs create "${JOB_NAME}" --project="${PROJECT_ID}" --region="${_REGION}" --image="${IMAGE}" + fi + gcloud run jobs replace ./devops/gcp/k8s/${JOB_NAME}.yaml --project="${PROJECT_ID}" --region="${_REGION}" + create_schedulers "$(echo ${JOB_SCRIPT_NAME} | cut -d'.' -f 1 | tr "_" "-")" "${JOB_NAME}" "${PROJECT_ID}" done fi + if [[ -n "$(ls run.sh 2> /dev/null)" ]]; then + create_schedulers "run" "${_APP_NAME}-${_DEPLOYMENT_ENV}" "${PROJECT_ID}" + fi + +# Secret management availableSecrets: secretManager: - versionName: projects/331250273634/secrets/OP_CONNECT_HOST/versions/latest @@ -169,20 +236,20 @@ availableSecrets: - versionName: projects/331250273634/secrets/OP_CONNECT_TOKEN/versions/latest env: 'OP_CONNECT_TOKEN' +# Build options and substitutions options: automapSubstitutions: true substitutionOption: 'ALLOW_LOOSE' substitutions: - _APP_NAME: - _SHORT_SHA: - _DB_UPGRADE: 'no' - _DEPLOY_FULL_TARGETS: dev test sandbox prod - _DEPLOY_TARGETS: dev test prod - _DEPLOY_TARGET: dev - _DEPLOY_TARGET_FROM: - _DEPLOY_PIPELINE: - _DEPLOY_RUNNING_PROJECT_ID: c4hnrd-tools - _REGION: northamerica-northeast1 + _APP_NAME: ${_APP_NAME} + _SHORT_SHA: ${_SHORT_SHA} + _DEPLOY_FULL_DEPLOYMENT_ENVS: "dev test sandbox prod" + _DEPLOYMENT_ENVS: "dev test prod" + _DEPLOYMENT_ENV: "dev" + _DEPLOYMENT_ENV_FROM: "dev" + _DEPLOYMENT_PIPELINE: ${_DEPLOYMENT_PIPELINE} + _BUILD_PROJECT: "c4hnrd-tools" + _REGION: "northamerica-northeast1" logsBucket: 'gs://github-actions-cloudbuild/history' diff --git a/.github/actions/backend-deploy/files/cloudbuild.yaml b/.github/actions/backend-deploy/files/cloudbuild.yaml index fb21e3d8..49c9a703 100644 --- a/.github/actions/backend-deploy/files/cloudbuild.yaml +++ b/.github/actions/backend-deploy/files/cloudbuild.yaml @@ -198,31 +198,39 @@ steps: apt-get update apt-get install jq -y - # Remove the project ID from the release name if it exists + # This is done to ensure the release name is consistent across projects RELEASE_NAME=$(echo "$RELEASE_NAME" | awk -F'/' '{print $NF}') echo "Release name: $RELEASE_NAME" + # Loop until the maximum retries is reached or the release is complete while [ $RETRY_COUNT -lt $MAX_RETRIES ]; do + # Get the status of the release RELEASE_STATUS=$(gcloud run revisions list --service="${_APP_NAME}-${_DEPLOYMENT_ENV}" \ --region="${_REGION}" \ --project="$PROJECT_ID" \ --filter="metadata.labels.release-id:${RELEASE_NAME}" \ --format="json" | jq -r '.[].status.conditions[] | select (.type == "Ready") | .status') + # Check the status of the release if [ "${RELEASE_STATUS}" = "True" ]; then + # If the release is successful, exit the loop echo "Release ${RELEASE_NAME} completed successfully." break elif [ "${RELEASE_STATUS}" = "False" ]; then + # If the release fails, exit the script echo "Release ${RELEASE_NAME} failed with status: ${RELEASE_STATUS}" exit 1 else + # If the release is still in progress, increment the retry count and sleep echo "Release ${RELEASE_NAME} is still in progress." RETRY_COUNT=$((RETRY_COUNT + 1)) sleep $RETRY_INTERVAL fi done + # Check if the maximum retries has been reached if [ $RETRY_COUNT -eq $MAX_RETRIES ]; then + # If the maximum retries is reached, exit the script echo "Timeout waiting for release ${RELEASE_NAME} to complete." exit 1 fi diff --git a/.github/actions/cloud-deploy-job/action.yml b/.github/actions/cloud-deploy-job/action.yml deleted file mode 100644 index f9c294dd..00000000 --- a/.github/actions/cloud-deploy-job/action.yml +++ /dev/null @@ -1,16 +0,0 @@ -name: 'Copy Cloud Deploy (job) files' -description: '' - -inputs: - working-directory: - required: false - default: "." - -runs: - using: "composite" - steps: - # Copy files - - name: Copy Deployments files - shell: bash - run: | - cp -r ${{ github.action_path }}/files/* ${{ inputs.working-directory }}/devops/gcp \ No newline at end of file diff --git a/.github/actions/cloud-deploy-job/files/cloudbuild.yaml b/.github/actions/cloud-deploy-job/files/cloudbuild.yaml deleted file mode 100644 index 4039e5a1..00000000 --- a/.github/actions/cloud-deploy-job/files/cloudbuild.yaml +++ /dev/null @@ -1,176 +0,0 @@ -steps: -# build image if not exists in artifact registry -- name: 'northamerica-northeast1-docker.pkg.dev/c4hnrd-tools/cicd-repo/gcp-sre' - script: | - #!/usr/bin/env bash - if [[ -z `gcloud artifacts docker images describe ${_REGION}-docker.pkg.dev/${_DEPLOY_RUNNING_PROJECT_ID}/cloud-run-repo/${_APP_NAME}:$_SHORT_SHA --verbosity=none` ]] - then - docker build \ - -t ${_REGION}-docker.pkg.dev/${_DEPLOY_RUNNING_PROJECT_ID}/cloud-run-repo/${_APP_NAME}:$_SHORT_SHA \ - --cache-from ${_REGION}-docker.pkg.dev/${_DEPLOY_RUNNING_PROJECT_ID}/cloud-run-repo/${_APP_NAME}:latest\ - . - - docker push ${_REGION}-docker.pkg.dev/${_DEPLOY_RUNNING_PROJECT_ID}/cloud-run-repo/${_APP_NAME}:$_SHORT_SHA - - gcloud artifacts docker tags add \ - ${_REGION}-docker.pkg.dev/${_DEPLOY_RUNNING_PROJECT_ID}/cloud-run-repo/${_APP_NAME}:$_SHORT_SHA \ - ${_REGION}-docker.pkg.dev/${_DEPLOY_RUNNING_PROJECT_ID}/cloud-run-repo/${_APP_NAME}:latest - else - echo 'image tag exists' - fi - -# prepare/setup service and cloud deploy manifest files -- name: 'northamerica-northeast1-docker.pkg.dev/c4hnrd-tools/cicd-repo/gcp-sre' - secretEnv: ['OP_CONNECT_HOST', 'OP_CONNECT_TOKEN'] - script: | - #!/usr/bin/env bash - - echo $(op read -n op://CD/${_DEPLOY_TARGET}/${_APP_NAME}/DEPLOY_PROJECT_ID) > /workspace/project_id.txt - - targets=(${_DEPLOY_TARGETS}) - if [ -z ${_DEPLOY_TARGET_FROM} ] || [ ${_DEPLOY_TARGET_FROM} = ${targets[0]} ]; then - # update the pipeline name - export PIPELINE_NAME=${_DEPLOY_PIPELINE} - yq e -i '.metadata.name = env(PIPELINE_NAME)' ./devops/gcp/clouddeploy.yaml - - for env_name in "${targets[@]}"; do - export APP_ENV=${env_name} - op inject -f -i ./devops/vaults.gcp.env -o ./devops/vaults.${env_name} - export VAL=$(awk '{f1=f2=$0; sub(/=.*/,"",f1); sub(/[^=]+=/,"",f2); printf "- name: %s\n value: %s\n",f1,f2}' ./devops/vaults.${env_name} | sed 's/\"/\"/g') - - # generate manifest for each environment - yq e '.spec.template.spec.template.spec.containers[0].env += env(VAL)' ./devops/gcp/k8s/job.template.yaml > ./devops/gcp/k8s/job.${env_name}.yaml - done - - targets_full=(${_DEPLOY_FULL_TARGETS}) - - # find difference of targets compare with full targets - envs_diff=($(echo ${targets_full[@]} ${targets[@]} | tr ' ' '\n' | sort | uniq -u)) - for env_name in "${envs_diff[@]}"; do - # remove the target from cloud deploy manifest - export APP_ENV=${env_name} - yq -i 'del(.serialPipeline.stages[] | select(.targetId == env(APP_ENV)))' ./devops/gcp/clouddeploy.yaml - done - fi - - cat ./devops/gcp/clouddeploy.yaml - - # Update Cloud Deploy deployment manifests and skaffold.yaml - gcloud deploy apply --file=./devops/gcp/clouddeploy.yaml \ - --region=${_REGION} \ - --project=${_DEPLOY_RUNNING_PROJECT_ID} - - # Update Cloud Deploy deployment targets manifests and skaffold.yaml - gcloud deploy apply --file=./devops/gcp/clouddeploy-targets.yaml \ - --region=${_REGION} \ - --project=${_DEPLOY_RUNNING_PROJECT_ID} - -# deploy -- name: 'gcr.io/cloud-builders/gcloud' - script: | - #!/usr/bin/env bash - - # tag image - gcloud artifacts docker tags add \ - ${_REGION}-docker.pkg.dev/${_DEPLOY_RUNNING_PROJECT_ID}/cloud-run-repo/${_APP_NAME}:$_SHORT_SHA \ - ${_REGION}-docker.pkg.dev/${_DEPLOY_RUNNING_PROJECT_ID}/cloud-run-repo/${_APP_NAME}:${_DEPLOY_TARGET} - - cd ./devops/gcp/ - - if [ -z ${_DEPLOY_TARGET_FROM} ] || [ ${_DEPLOY_TARGET_FROM} = ${_DEPLOY_TARGET} ]; then - RELEASE_TIMESTAMP=$(date '+%Y%m%d%H%M') - - gcloud deploy releases create v-$_SHORT_SHA-${RELEASE_TIMESTAMP} \ - --delivery-pipeline=${_DEPLOY_PIPELINE} \ - --region=${_REGION} \ - --to-target=${_DEPLOY_TARGET} \ - --images=image-placeholder=${_REGION}-docker.pkg.dev/${_DEPLOY_RUNNING_PROJECT_ID}/cloud-run-repo/${_APP_NAME}:$_SHORT_SHA - else - # prompt the existing release - gcloud artifacts docker tags add \ - ${_REGION}-docker.pkg.dev/${_PROJECT_ID}/cloud-run-repo/${_APP_NAME}:${_DEPLOY_TARGET_FROM} \ - ${_REGION}-docker.pkg.dev/${_PROJECT_ID}/cloud-run-repo/${_APP_NAME}:${_DEPLOY_TARGET} - - LATEST_RELEASE_NAME=$(gcloud deploy targets describe ${_DEPLOY_TARGET_FROM} \ - --delivery-pipeline=${_DEPLOY_PIPELINE} \ - --region=${_REGION} \ - --format="value('Latest release')") - - gcloud deploy releases promote --release=${LATEST_RELEASE_NAME} \ - --delivery-pipeline=${_DEPLOY_PIPELINE}\ - --region=${_REGION} \ - --to-target=${_DEPLOY_TARGET} - fi - -# handle multiple jobs -- name: 'northamerica-northeast1-docker.pkg.dev/c4hnrd-tools/cicd-repo/gcp-sre' - script: | - #!/usr/bin/env bash - - res=$((ls run_*.sh >> /dev/null 2>&1 && echo "EXIST") || echo "NOT_EXIST") - - if [ "$res" = "EXIST" ]; then - - JOB_NAMESPACE=$(cat /workspace/project_id.txt) - - # fetch the mother job's yaml - gcloud run jobs describe ${_APP_NAME}-${_DEPLOY_TARGET} --format=yaml --project=${JOB_NAMESPACE} --region=${_REGION} > ./devops/gcp/k8s/job.${_DEPLOY_TARGET}.yaml - - # remove unique metadata - yq -i 'del(.status)' ./devops/gcp/k8s/job.${_DEPLOY_TARGET}.yaml - yq -i 'del(.metadata.generation)' ./devops/gcp/k8s/job.${_DEPLOY_TARGET}.yaml - yq -i 'del(.metadata.creationTimestamp)' ./devops/gcp/k8s/job.${_DEPLOY_TARGET}.yaml - yq -i 'del(.metadata.namespace)' ./devops/gcp/k8s/job.${_DEPLOY_TARGET}.yaml - yq -i 'del(.metadata.resourceVersion)' ./devops/gcp/k8s/job.${_DEPLOY_TARGET}.yaml - yq -i 'del(.metadata.selfLink)' ./devops/gcp/k8s/job.${_DEPLOY_TARGET}.yaml - yq -i 'del(.metadata.uid)' ./devops/gcp/k8s/job.${_DEPLOY_TARGET}.yaml - - for file in run_*sh; - do - JOB_SCRIPT_NAME=$(echo "${file##*/}") - export JOB_NAME=$(echo ${_APP_NAME}-${_DEPLOY_TARGET}-${JOB_SCRIPT_NAME} | cut -d'.' -f 1 | tr "_" "-") - export COMMAND="./${JOB_SCRIPT_NAME}" - - # replace job and - yq e '.metadata.name = env(JOB_NAME) | .spec.template.spec.template.spec.containers[0].command = env(COMMAND)' \ - ./devops/gcp/k8s/job.${_DEPLOY_TARGET}.yaml > ./devops/gcp/k8s/${JOB_NAME}.yaml - - # create job if not exist - res=$(gcloud run jobs describe $JOB_NAME --project=${JOB_NAMESPACE} --region=${_REGION} || echo "NOT_EXIST") - - if [ "$res" = "NOT_EXIST" ]; then - echo "Creating your job..." - gcloud run jobs create $JOB_NAME - fi - - # replace the yaml - gcloud run jobs replace ./devops/gcp/k8s/${JOB_NAME}.yaml --project=${JOB_NAMESPACE} --region=${_REGION} - - done - fi - -availableSecrets: - secretManager: - - versionName: projects/331250273634/secrets/OP_CONNECT_HOST/versions/latest - env: 'OP_CONNECT_HOST' - - versionName: projects/331250273634/secrets/OP_CONNECT_TOKEN/versions/latest - env: 'OP_CONNECT_TOKEN' - -options: - automapSubstitutions: true - substitutionOption: 'ALLOW_LOOSE' -substitutions: - _APP_NAME: - _SHORT_SHA: - _DB_UPGRADE: 'no' - _DEPLOY_FULL_TARGETS: dev test sandbox prod - _DEPLOY_TARGETS: dev test prod - _DEPLOY_TARGET: dev - _DEPLOY_TARGET_FROM: - _DEPLOY_PIPELINE: - _DEPLOY_RUNNING_PROJECT_ID: c4hnrd-tools - _REGION: northamerica-northeast1 - -logsBucket: 'gs://github-actions-cloudbuild/history' - -timeout: 3600s \ No newline at end of file diff --git a/.github/actions/cloud-deploy-job/files/clouddeploy.yaml b/.github/actions/cloud-deploy-job/files/clouddeploy.yaml deleted file mode 100644 index aef600f1..00000000 --- a/.github/actions/cloud-deploy-job/files/clouddeploy.yaml +++ /dev/null @@ -1,41 +0,0 @@ -# Copyright 2022 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: deploy.cloud.google.com/v1 -kind: DeliveryPipeline -metadata: - name: cloud-run-job-pipeline -description: Deployment pipeline -serialPipeline: - stages: - - targetId: dev - profiles: [dev] - strategy: - standard: - verify: false - - targetId: test - profiles: [test] - strategy: - standard: - verify: false - - targetId: sandbox - profiles: [sandbox] - strategy: - standard: - verify: false - - targetId: prod - profiles: [prod] - strategy: - standard: - verify: false diff --git a/.github/actions/cloud-deploy-job/files/k8s/job.template.yaml b/.github/actions/cloud-deploy-job/files/k8s/job.template.yaml deleted file mode 100644 index eb95747c..00000000 --- a/.github/actions/cloud-deploy-job/files/k8s/job.template.yaml +++ /dev/null @@ -1,50 +0,0 @@ -# Copyright 2022 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: run.googleapis.com/v1 -kind: Job -metadata: - name: valuePlaceHolder # from-param: ${job-name} - labels: - cloud.googleapis.com/location: northamerica-northeast1 - annotations: - run.googleapis.com/launch-stage: BETA -spec: - template: - metadata: - annotations: - run.googleapis.com/client-name: cloud-console - run.googleapis.com/cloudsql-instances: valuePlaceHolder # from-param: ${cloudsql-instances} - spec: - taskCount: 1 # from-param: ${task-count} - template: - spec: - containers: - - image: image-placeholder - command: - - valuePlaceHolder # from-param: ${run-command} - env: - - name: DEPLOYMENT_PLATFORM - value: GCP - - name: DEPLOYMENT_ENV - value: development # from-param: ${deploy-env} - - name: DEPLOYMENT_PROJECT - value: xxxxxx-dev # from-param: ${deploy-project-id} - resources: - limits: - cpu: 1000m # from-param: ${resources-cpu} - memory: 512Mi # from-param: ${resources-memory} - maxRetries: 3 # from-param: ${task-max-retries} - timeoutSeconds: 600 # from-param: ${task-timeout} - serviceAccountName: valuePlaceHolder # from-param: ${service-account} \ No newline at end of file diff --git a/.github/actions/cloud-deploy-job/files/skaffold.yaml b/.github/actions/cloud-deploy-job/files/skaffold.yaml deleted file mode 100644 index ea6021ce..00000000 --- a/.github/actions/cloud-deploy-job/files/skaffold.yaml +++ /dev/null @@ -1,37 +0,0 @@ -# Copyright 2022 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: skaffold/v4beta5 -kind: Config -metadata: - name: cloud-run-job-config -profiles: -- name: dev - manifests: - rawYaml: - - k8s/job.dev.yaml -- name: test - manifests: - rawYaml: - - k8s/job.test.yaml -- name: sandbox - manifests: - rawYaml: - - k8s/job.sandbox.yaml -- name: prod - manifests: - rawYaml: - - k8s/job.prod.yaml -deploy: - cloudrun: {} \ No newline at end of file diff --git a/.github/actions/cloud-deploy/action.yml b/.github/actions/cloud-deploy/action.yml deleted file mode 100644 index dc44d4d9..00000000 --- a/.github/actions/cloud-deploy/action.yml +++ /dev/null @@ -1,16 +0,0 @@ -name: 'Copy Cloud Deploy files' -description: '' - -inputs: - working-directory: - required: false - default: "." - -runs: - using: "composite" - steps: - # Copy files - - name: Copy Deployments files - shell: bash - run: | - cp -r ${{ github.action_path }}/files/* ${{ inputs.working-directory }}/devops/gcp \ No newline at end of file diff --git a/.github/actions/cloud-deploy/files/cloudbuild.yaml b/.github/actions/cloud-deploy/files/cloudbuild.yaml deleted file mode 100644 index 033f7d5f..00000000 --- a/.github/actions/cloud-deploy/files/cloudbuild.yaml +++ /dev/null @@ -1,146 +0,0 @@ -steps: -# build image if not exists in artifact registry -- name: 'northamerica-northeast1-docker.pkg.dev/c4hnrd-tools/cicd-repo/gcp-sre' - script: | - #!/usr/bin/env bash - if [[ -z `gcloud artifacts docker images describe ${_REGION}-docker.pkg.dev/${_DEPLOY_RUNNING_PROJECT_ID}/cloud-run-repo/${_APP_NAME}:$_SHORT_SHA --verbosity=none` ]] - then - docker build \ - -t ${_REGION}-docker.pkg.dev/${_DEPLOY_RUNNING_PROJECT_ID}/cloud-run-repo/${_APP_NAME}:$_SHORT_SHA \ - --cache-from ${_REGION}-docker.pkg.dev/${_DEPLOY_RUNNING_PROJECT_ID}/cloud-run-repo/${_APP_NAME}:latest\ - . - docker push ${_REGION}-docker.pkg.dev/${_DEPLOY_RUNNING_PROJECT_ID}/cloud-run-repo/${_APP_NAME}:$_SHORT_SHA - - gcloud artifacts docker tags add \ - ${_REGION}-docker.pkg.dev/${_DEPLOY_RUNNING_PROJECT_ID}/cloud-run-repo/${_APP_NAME}:$_SHORT_SHA \ - ${_REGION}-docker.pkg.dev/${_DEPLOY_RUNNING_PROJECT_ID}/cloud-run-repo/${_APP_NAME}:latest - else - echo 'image tag exists' - fi - -# prepare/setup service and cloud deploy manifest files -- name: 'northamerica-northeast1-docker.pkg.dev/c4hnrd-tools/cicd-repo/gcp-sre' - secretEnv: ['OP_CONNECT_HOST', 'OP_CONNECT_TOKEN'] - script: | - #!/usr/bin/env bash - - targets=(${_DEPLOY_TARGETS}) - if [ -z ${_DEPLOY_TARGET_FROM} ] || [ ${_DEPLOY_TARGET_FROM} = ${targets[0]} ]; then - # update the pipeline name - export PIPELINE_NAME=${_DEPLOY_PIPELINE} - yq e -i '.metadata.name = env(PIPELINE_NAME)' ./devops/gcp/clouddeploy.yaml - - for env_name in "${targets[@]}"; do - export APP_ENV=${env_name} - op inject -f -i ./devops/vaults.gcp.env -o ./devops/vaults.${env_name} - - CPU_THROTTLING=$(awk -F '=' '/^CPU_THROTTLING/ {print $2}' ./devops/vaults.${env_name}) - if [ -z "$CPU_THROTTLING" ]; then - CPU_THROTTLING="true" - fi - - # Set the cpu-throttling annotation based on the CPU_THROTTLING value - if [ "$CPU_THROTTLING" = "true" ]; then - yq e '.spec.template.metadata.annotations["run.googleapis.com/cpu-throttling"] = "true"' ./devops/gcp/k8s/service.template.yaml > ./devops/gcp/k8s/temp-service.${env_name}.yaml - else - yq e '.spec.template.metadata.annotations["run.googleapis.com/cpu-throttling"] = "false"' ./devops/gcp/k8s/service.template.yaml > ./devops/gcp/k8s/temp-service.${env_name}.yaml - fi - - export VAL=$(awk '{f1=f2=$0; sub(/=.*/,"",f1); sub(/[^=]+=/,"",f2); printf "- name: %s\n value: %s\n",f1,f2}' ./devops/vaults.${env_name} | sed 's/\"/\"/g') - - # generate manifest for each environment - yq e '.spec.template.spec.containers[0].env += env(VAL)' ./devops/gcp/k8s/temp-service.${env_name}.yaml > ./devops/gcp/k8s/service.${env_name}.yaml - - # sidecard OAS proxy service, only Test environment need this service - #if [[ "$env_name" != "test" ]]; then - # # remove sidecard container - # yq -i 'del(.spec.template.spec.containers[1])' ./devops/gcp/k8s/service.${env_name}.yaml - #else - # # add run.googleapis.com/container-dependencies - # yq -i'.spec.template.metadata.annotations["run.googleapis.com/container-dependencies"] = "{'${_APP_NAME}-${_DEPLOY_TARGET}':['prism']}"' ./devops/gcp/k8s/service.test.yaml - #fi - done - - targets_full=(${_DEPLOY_FULL_TARGETS}) - - # find difference of targets compare with full targets - envs_diff=($(echo ${targets_full[@]} ${targets[@]} | tr ' ' '\n' | sort | uniq -u)) - for env_name in "${envs_diff[@]}"; do - # remove the target from cloud deploy manifest - export APP_ENV=${env_name} - yq -i 'del(.serialPipeline.stages[] | select(.targetId == env(APP_ENV)))' ./devops/gcp/clouddeploy.yaml - done - fi - - # Merge cloud deploy files - yq eval-all ./devops/gcp/clouddeploy.yaml ./devops/gcp/clouddeploy-targets.yaml > ./devops/gcp/clouddeploy-with-targets.yaml - - cat ./devops/gcp/clouddeploy-with-targets.yaml - - # Update Cloud Deploy deployment manifests and skaffold.yaml - gcloud deploy apply --file=./devops/gcp/clouddeploy-with-targets.yaml \ - --region=${_REGION} \ - --project=${_DEPLOY_RUNNING_PROJECT_ID} - -# deploy -- name: 'gcr.io/cloud-builders/gcloud' - script: | - #!/usr/bin/env bash - - # tag image - gcloud artifacts docker tags add \ - ${_REGION}-docker.pkg.dev/${_DEPLOY_RUNNING_PROJECT_ID}/cloud-run-repo/${_APP_NAME}:$_SHORT_SHA \ - ${_REGION}-docker.pkg.dev/${_DEPLOY_RUNNING_PROJECT_ID}/cloud-run-repo/${_APP_NAME}:${_DEPLOY_TARGET} - - cd ./devops/gcp/ - - if [ -z ${_DEPLOY_TARGET_FROM} ] || [ ${_DEPLOY_TARGET_FROM} = ${_DEPLOY_TARGET} ]; then - RELEASE_TIMESTAMP=$(date '+%Y%m%d%H%M') - - gcloud deploy releases create v-${_APP_NAME}-${_SHORT_SHA}-${RELEASE_TIMESTAMP} \ - --delivery-pipeline=${_DEPLOY_PIPELINE} \ - --region=${_REGION} \ - --to-target=${_DEPLOY_TARGET} \ - --images=image-placeholder=${_REGION}-docker.pkg.dev/${_DEPLOY_RUNNING_PROJECT_ID}/cloud-run-repo/${_APP_NAME}:$_SHORT_SHA - else - # prompt the existing release - gcloud artifacts docker tags add \ - ${_REGION}-docker.pkg.dev/${_PROJECT_ID}/cloud-run-repo/${_APP_NAME}:${_DEPLOY_TARGET_FROM} \ - ${_REGION}-docker.pkg.dev/${_PROJECT_ID}/cloud-run-repo/${_APP_NAME}:${_DEPLOY_TARGET} - - LATEST_RELEASE_NAME=$(gcloud deploy targets describe ${_DEPLOY_TARGET_FROM} \ - --delivery-pipeline=${_DEPLOY_PIPELINE} \ - --region=${_REGION} \ - --format="value('Latest release')") - - gcloud deploy releases promote --release=${LATEST_RELEASE_NAME} \ - --delivery-pipeline=${_DEPLOY_PIPELINE}\ - --region=${_REGION} \ - --to-target=${_DEPLOY_TARGET} - fi - -availableSecrets: - secretManager: - - versionName: projects/331250273634/secrets/OP_CONNECT_HOST/versions/latest - env: 'OP_CONNECT_HOST' - - versionName: projects/331250273634/secrets/OP_CONNECT_TOKEN/versions/latest - env: 'OP_CONNECT_TOKEN' - -options: - automapSubstitutions: true - substitutionOption: 'ALLOW_LOOSE' -substitutions: - _APP_NAME: - _SHORT_SHA: - _DB_UPGRADE: 'no' - _DEPLOY_FULL_TARGETS: dev test sandbox prod - _DEPLOY_TARGETS: dev test prod - _DEPLOY_TARGET: dev - _DEPLOY_TARGET_FROM: - _DEPLOY_PIPELINE: - _DEPLOY_RUNNING_PROJECT_ID: c4hnrd-tools - _REGION: northamerica-northeast1 - -logsBucket: 'gs://github-actions-cloudbuild/history' - -timeout: 3600s diff --git a/.github/actions/cloud-deploy/files/clouddeploy.yaml b/.github/actions/cloud-deploy/files/clouddeploy.yaml deleted file mode 100644 index bc420ed7..00000000 --- a/.github/actions/cloud-deploy/files/clouddeploy.yaml +++ /dev/null @@ -1,41 +0,0 @@ -# Copyright 2022 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: deploy.cloud.google.com/v1 -kind: DeliveryPipeline -metadata: - name: cloud-run-service-pipeline -description: Deployment pipeline -serialPipeline: - stages: - - targetId: dev - profiles: [dev] - strategy: - standard: - verify: false - - targetId: test - profiles: [test] - strategy: - standard: - verify: false - - targetId: sandbox - profiles: [sandbox] - strategy: - standard: - verify: false - - targetId: prod - profiles: [prod] - strategy: - standard: - verify: false diff --git a/.github/actions/cloud-deploy/files/k8s/service.template.yaml b/.github/actions/cloud-deploy/files/k8s/service.template.yaml deleted file mode 100644 index 8b80113c..00000000 --- a/.github/actions/cloud-deploy/files/k8s/service.template.yaml +++ /dev/null @@ -1,79 +0,0 @@ -# Copyright 2022 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: serving.knative.dev/v1 -kind: Service -metadata: - name: valuePlaceHolder # from-param: ${service-name} - labels: - cloud.googleapis.com/location: northamerica-northeast1 - annotations: - run.googleapis.com/launch-stage: BETA -spec: - template: - metadata: - labels: - run.googleapis.com/startupProbeType: Default - annotations: - run.googleapis.com/startup-cpu-boost: 'true' - run.googleapis.com/client-name: cloud-console - run.googleapis.com/cloudsql-instances: valuePlaceHolder # from-param: ${cloudsql-instances} - autoscaling.knative.dev/maxScale: 7 # from-param: ${max-scale} - spec: - containerConcurrency: 7 # from-param: ${container-concurrency} - timeoutSeconds: 600 # from-param: ${timeout-seconds} - serviceAccountName: valuePlaceHolder # from-param: ${service-account} - containers: - - name: valuePlaceHolder # from-param: ${container-name} - image: image-placeholder - ports: - - name: http1 - containerPort: 8080 # from-param: ${container-port} - env: - - name: DEPLOYMENT_PLATFORM - value: GCP - - name: DEPLOYMENT_ENV - value: development # from-param: ${deploy-env} - - name: DEPLOYMENT_PROJECT - value: xxxxxx-dev # from-param: ${deploy-project-id} - resources: - limits: - cpu: 1000m # from-param: ${resources-cpu} - memory: 512Mi # from-param: ${resources-memory} - startupProbe: - timeoutSeconds: 240 - periodSeconds: 240 - failureThreshold: 1 - tcpSocket: - port: 8080 - # volumeMounts: - # - mountPath: /devops/oas - # name: oas_proxy - #- name: prism - # image: stoplight/prism:4 - # command: - # - mock -h 0.0.0.0 /tmp/api.oas3.yml - # resources: - # limits: - # cpu: 500m - # memory: 256Mi - # volumeMounts: - # - mountPath: /tmp - # readOnly: true - # name: oas_proxy - #volumes: - #- name: oas_proxy - # emptyDir: - # medium: Memory - # sizeLimit: 5Mi diff --git a/.github/actions/cloud-deploy/files/skaffold.yaml b/.github/actions/cloud-deploy/files/skaffold.yaml deleted file mode 100644 index a28d6681..00000000 --- a/.github/actions/cloud-deploy/files/skaffold.yaml +++ /dev/null @@ -1,37 +0,0 @@ -# Copyright 2022 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: skaffold/v4beta5 -kind: Config -metadata: - name: cloud-run-service-config -profiles: -- name: dev - manifests: - rawYaml: - - k8s/service.dev.yaml -- name: test - manifests: - rawYaml: - - k8s/service.test.yaml -- name: sandbox - manifests: - rawYaml: - - k8s/service.sandbox.yaml -- name: prod - manifests: - rawYaml: - - k8s/service.prod.yaml -deploy: - cloudrun: {} \ No newline at end of file diff --git a/.github/actions/firebase/action.yml b/.github/actions/firebase/action.yml deleted file mode 100644 index 5bb42ff7..00000000 --- a/.github/actions/firebase/action.yml +++ /dev/null @@ -1,16 +0,0 @@ -name: 'Copy firebase build deployment files' -description: '' - -inputs: - working-directory: - required: false - default: "." - -runs: - using: "composite" - steps: - # Copy files - - name: Copy build/deployment files - shell: bash - run: | - cp ${{ github.action_path }}/files/* ${{ inputs.working-directory }} diff --git a/.github/actions/firebase/files/cloudbuild-cd.yaml b/.github/actions/firebase/files/cloudbuild-cd.yaml deleted file mode 100644 index 47624cc9..00000000 --- a/.github/actions/firebase/files/cloudbuild-cd.yaml +++ /dev/null @@ -1,30 +0,0 @@ -steps: - # install / setup ci - - name: node:$_DEPLOYMENT_NODE_VERSION - entrypoint: npm - args: ['install'] - - # - # Generate the static site - # - - name: node:$_DEPLOYMENT_NODE_VERSION - entrypoint: npm - args: ['run', 'build'] - - # - # Deploy to firebase channel, using the PR # - # store log to /workspace to get the channel URL - # - - name: gcr.io/$_DEPLOYMENT_PROJECT/firebase - entrypoint: bash - args: ['-c', 'firebase deploy --project=$_DEPLOYMENT_PROJECT --config=firebase-$_DEPLOYMENT_ENVIRONMENT.json --only hosting:$_DEPLOYMENT_HOST_NAME'] - -substitutions: - _DEPLOYMENT_ENVIRONMENT: '${_DEPLOYMENT_ENVIRONMENT}' - _DEPLOYMENT_PROJECT: '${_DEPLOYMENT_PROJECT}' - _DEPLOYMENT_NODE_VERSION: '${_DEPLOYMENT_NODE_VERSION}' - _DEPLOYMENT_HOST_NAME: '${_DEPLOYMENT_HOST_NAME}' - - -options: - logging: CLOUD_LOGGING_ONLY diff --git a/.github/actions/firebase/files/cloudbuild-pnpm-cd.yaml b/.github/actions/firebase/files/cloudbuild-pnpm-cd.yaml deleted file mode 100644 index f72c1229..00000000 --- a/.github/actions/firebase/files/cloudbuild-pnpm-cd.yaml +++ /dev/null @@ -1,26 +0,0 @@ -steps: - # install / Generate the static site - - name: node:$_DEPLOYMENT_NODE_VERSION - script: | - #!/usr/bin/env bash - npm install --global pnpm - pnpm install - pnpm build - - # - # Deploy to firebase channel, using the PR # - # store log to /workspace to get the channel URL - # - - name: gcr.io/$_DEPLOYMENT_PROJECT/firebase - entrypoint: bash - args: ['-c', 'firebase deploy --project=$_DEPLOYMENT_PROJECT --config=firebase-$_DEPLOYMENT_ENVIRONMENT.json --only hosting:$_DEPLOYMENT_HOST_NAME'] - -substitutions: - _DEPLOYMENT_ENVIRONMENT: '${_DEPLOYMENT_ENVIRONMENT}' - _DEPLOYMENT_PROJECT: '${_DEPLOYMENT_PROJECT}' - _DEPLOYMENT_NODE_VERSION: '${_DEPLOYMENT_NODE_VERSION}' - _DEPLOYMENT_HOST_NAME: '${_DEPLOYMENT_HOST_NAME}' - - -options: - logging: CLOUD_LOGGING_ONLY diff --git a/.github/actions/firebase/files/cloudbuild-pnpm-nested-pckg-cd.yaml b/.github/actions/firebase/files/cloudbuild-pnpm-nested-pckg-cd.yaml deleted file mode 100644 index faa44409..00000000 --- a/.github/actions/firebase/files/cloudbuild-pnpm-nested-pckg-cd.yaml +++ /dev/null @@ -1,43 +0,0 @@ -steps: - # put .env in the right place - - name: 'gcr.io/cloud-builders/gcloud' - env: - - '_DEPLOYMENT_PCKG_NAME=$_DEPLOYMENT_PCKG_NAME' - entrypoint: bash - args: ['-c', 'mv .env $_DEPLOYMENT_PCKG_NAME'] - - # install / Generate the static site - - name: node:$_DEPLOYMENT_NODE_VERSION - env: - - '_DEPLOYMENT_PCKG_NAME=$_DEPLOYMENT_PCKG_NAME' - script: | - #!/usr/bin/env bash - npm install --global pnpm - pnpm install - echo executing build:$_DEPLOYMENT_PCKG_NAME - pnpm build:$_DEPLOYMENT_PCKG_NAME - - - name: 'gcr.io/cloud-builders/gcloud' - env: - - '_DEPLOYMENT_PCKG_NAME=$_DEPLOYMENT_PCKG_NAME' - entrypoint: bash - args: ['-c', 'mv $_DEPLOYMENT_PCKG_NAME/dist .'] - - # - # Deploy to firebase channel, using the PR # - # store log to /workspace to get the channel URL - # - - name: gcr.io/$_DEPLOYMENT_PROJECT/firebase - entrypoint: bash - args: ['-c', 'firebase deploy --project=$_DEPLOYMENT_PROJECT --config=firebase-$_DEPLOYMENT_ENVIRONMENT.json --only hosting:$_DEPLOYMENT_HOST_NAME'] - -substitutions: - _DEPLOYMENT_ENVIRONMENT: '${_DEPLOYMENT_ENVIRONMENT}' - _DEPLOYMENT_PROJECT: '${_DEPLOYMENT_PROJECT}' - _DEPLOYMENT_HOST_NAME: '${_DEPLOYMENT_HOST_NAME}' - _DEPLOYMENT_NODE_VERSION: '${_DEPLOYMENT_NODE_VERSION}' - _DEPLOYMENT_PCKG_NAME: '${_DEPLOYMENT_PCKG_NAME}' - - -options: - logging: CLOUD_LOGGING_ONLY diff --git a/.github/actions/firebase/files/firebase-dev.json b/.github/actions/firebase/files/firebase-dev.json deleted file mode 100644 index 66a32352..00000000 --- a/.github/actions/firebase/files/firebase-dev.json +++ /dev/null @@ -1,66 +0,0 @@ -{ - "hosting": - { - "site": "", - "public": "dist", - "ignore": ["**/devops/**", "**/.*", "**/node_modules/**"], - "rewrites": [ - { - "source": "**", - "destination": "/index.html" - } - ], - "headers" : [ - { - "source": "**", - "headers" : [ - { "key" : "Access-Control-Allow-Origin", "value" : "*" }, - { "key" : "X-Frame-Options", "value" : "DENY" }, - { "key" : "X-Content-Type-Options", "value" : "nosniff" }, - { "key" : "X-XSS-Protection", "value" : "1; mode=block" }, - { - "key": "Content-Security-Policy", - "value": "default-src 'self'; frame-src 'self' *.gov.bc.ca *.hotjar.com *.googleapis.com https://*.nr-data.net https://*.newrelic.com https://*.cac1.pure.cloud; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.googletagmanager.com *.gov.bc.ca *.hotjar.com *.googleapis.com https://*.nr-data.net https://*.newrelic.com https://*.cac1.pure.cloud; style-src 'self' 'unsafe-inline' *.cloudflare.com *.googleapis.com *.jsdelivr.net; font-src 'self' *.gov.bc.ca *.hotjar.com *.cloudflare.com *.googleapis.com *.gstatic.com *.jsdelivr.net; img-src 'self' data: *.hotjar.com *.postescanada-canadapost.ca https://*.cac1.pure.cloud; connect-src 'self' blob: https://api.iconify.design *.zenhub.com *.run.app *.gov.bc.ca *.launchdarkly.com *.hotjar.com *.postescanada-canadapost.ca *.sentry.io *.apigee.net wss://*.hotjar.com *.hotjar.io https://*.nr-data.net https://shyrka-prod-cac1.s3.ca-central-1.amazonaws.com https://*.newrelic.com https://*.cac1.pure.cloud wss://*.cac1.pure.cloud *.googleapis.com *.google-analytics.com; manifest-src 'self'; media-src 'self' https://*.cac1.pure.cloud; object-src 'self' https://*.cac1.pure.cloud; child-src 'self' blob: *.gov.bc.ca https://*.cac1.pure.cloud; worker-src blob:;" - }, - { "key": "Cache-Control", "value": "private, no-cache, no-store, must-revalidate"}, - { "key": "Pragma", "value": "no-cache"}, - { "key": "Referrer-Policy", "value": "no-referrer" }, - { "key": "Feature-Policy", "value": "microphone 'self'" }, - { "key": "Strict-Transport-Security", "value": "max-age=31536000;" } - ] - }, - { - "source": "**/*.@(ico|jpg|jpeg|gif|png|svg|eot|otf|ttf|ttc|woff|woff2)", - "headers": [ - { - "key": "Cache-Control", "value": "public,max-age=31536000" - } - ] - }, - { - "source": "**/*.@(css|js)", - "headers": [ - { - "key": "Cache-Control", "value": "public,max-age=31536000" - } - ] - }, - { - "source": "**/*.@(service-worker.js)", - "headers": [ - { - "key": "Cache-Control", "value": "public,no-cache" - } - ] - }, - { - "source": "**/*.@(html|json)", - "headers": [ - { - "key": "Cache-Control", "value": "no-cache, no-store, must-revalidate" - } - ] - } - ] - } -} diff --git a/.github/actions/firebase/files/firebase-prod.json b/.github/actions/firebase/files/firebase-prod.json deleted file mode 100644 index e75d28d1..00000000 --- a/.github/actions/firebase/files/firebase-prod.json +++ /dev/null @@ -1,66 +0,0 @@ -{ - "hosting": - { - "site": "", - "public": "dist", - "ignore": ["firebase.json", "**/.*", "**/node_modules/**"], - "rewrites": [ - { - "source": "**", - "destination": "/index.html" - } - ], - "headers" : [ - { - "source": "**", - "headers" : [ - { "key" : "Access-Control-Allow-Origin", "value" : "*" }, - { "key" : "X-Frame-Options", "value" : "DENY" }, - { "key" : "X-Content-Type-Options", "value" : "nosniff" }, - { "key" : "X-XSS-Protection", "value" : "1; mode=block" }, - { - "key": "Content-Security-Policy", - "value": "default-src 'self'; frame-src 'self' *.gov.bc.ca *.hotjar.com *.googleapis.com https://*.nr-data.net https://*.newrelic.com https://*.cac1.pure.cloud; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.googletagmanager.com *.gov.bc.ca *.hotjar.com *.googleapis.com https://*.nr-data.net https://*.newrelic.com https://*.cac1.pure.cloud; style-src 'self' 'unsafe-inline' *.cloudflare.com *.googleapis.com *.jsdelivr.net; font-src 'self' *.gov.bc.ca *.hotjar.com *.cloudflare.com *.googleapis.com *.gstatic.com *.jsdelivr.net; img-src 'self' data: *.hotjar.com *.postescanada-canadapost.ca https://*.cac1.pure.cloud; connect-src 'self' blob: https://api.iconify.design *.zenhub.com *.run.app *.gov.bc.ca *.launchdarkly.com *.hotjar.com *.postescanada-canadapost.ca *.sentry.io *.apigee.net wss://*.hotjar.com *.hotjar.io https://*.nr-data.net https://shyrka-prod-cac1.s3.ca-central-1.amazonaws.com https://*.newrelic.com https://*.cac1.pure.cloud wss://*.cac1.pure.cloud *.googleapis.com *.google-analytics.com; manifest-src 'self'; media-src 'self' https://*.cac1.pure.cloud; object-src 'self' https://*.cac1.pure.cloud; child-src 'self' blob: *.gov.bc.ca https://*.cac1.pure.cloud; worker-src blob:;" - }, - { "key": "Cache-Control", "value": "private, no-cache, no-store, must-revalidate"}, - { "key": "Pragma", "value": "no-cache"}, - { "key": "Referrer-Policy", "value": "no-referrer" }, - { "key": "Feature-Policy", "value": "microphone 'self'" }, - { "key": "Strict-Transport-Security", "value": "max-age=31536000;" } - ] - }, - { - "source": "**/*.@(ico|jpg|jpeg|gif|png|svg|eot|otf|ttf|ttc|woff|woff2)", - "headers": [ - { - "key": "Cache-Control", "value": "public,max-age=31536000" - } - ] - }, - { - "source": "**/*.@(css|js)", - "headers": [ - { - "key": "Cache-Control", "value": "public,max-age=31536000" - } - ] - }, - { - "source": "**/*.@(service-worker.js)", - "headers": [ - { - "key": "Cache-Control", "value": "public,no-cache" - } - ] - }, - { - "source": "**/*.@(html|json)", - "headers": [ - { - "key": "Cache-Control", "value": "private, no-cache, no-store, must-revalidate" - } - ] - } - ] - } -} diff --git a/.github/actions/firebase/files/firebase-sandbox.json b/.github/actions/firebase/files/firebase-sandbox.json deleted file mode 100644 index 4308eec7..00000000 --- a/.github/actions/firebase/files/firebase-sandbox.json +++ /dev/null @@ -1,66 +0,0 @@ -{ - "hosting": - { - "site": "", - "public": "dist", - "ignore": ["firebase.json", "**/.*", "**/node_modules/**"], - "rewrites": [ - { - "source": "**", - "destination": "/index.html" - } - ], - "headers" : [ - { - "source": "**", - "headers" : [ - { "key" : "Access-Control-Allow-Origin", "value" : "*" }, - { "key" : "X-Frame-Options", "value" : "DENY" }, - { "key" : "X-Content-Type-Options", "value" : "nosniff" }, - { "key" : "X-XSS-Protection", "value" : "1; mode=block" }, - { - "key": "Content-Security-Policy", - "value": "default-src 'self'; frame-src 'self' *.gov.bc.ca *.hotjar.com *.googleapis.com https://*.nr-data.net https://*.newrelic.com https://*.cac1.pure.cloud; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.googletagmanager.com *.gov.bc.ca *.hotjar.com *.googleapis.com https://*.nr-data.net https://*.newrelic.com https://*.cac1.pure.cloud; style-src 'self' 'unsafe-inline' *.cloudflare.com *.googleapis.com *.jsdelivr.net; font-src 'self' *.gov.bc.ca *.hotjar.com *.cloudflare.com *.googleapis.com *.gstatic.com *.jsdelivr.net; img-src 'self' data: *.hotjar.com *.postescanada-canadapost.ca https://*.cac1.pure.cloud; connect-src 'self' blob: *.zenhub.com *.gov.bc.ca *.launchdarkly.com *.hotjar.com *.postescanada-canadapost.ca *.sentry.io *.apigee.net wss://*.hotjar.com *.hotjar.io https://*.nr-data.net https://shyrka-prod-cac1.s3.ca-central-1.amazonaws.com https://*.newrelic.com https://*.cac1.pure.cloud wss://*.cac1.pure.cloud *.googleapis.com *.google-analytics.com; manifest-src 'self'; media-src 'self' https://*.cac1.pure.cloud; object-src 'self' https://*.cac1.pure.cloud; child-src 'self' blob: *.gov.bc.ca https://*.cac1.pure.cloud; worker-src blob:;" - }, - { "key": "Cache-Control", "value": "private, no-cache, no-store, must-revalidate"}, - { "key": "Pragma", "value": "no-cache"}, - { "key": "Referrer-Policy", "value": "no-referrer" }, - { "key": "Feature-Policy", "value": "microphone 'self'" }, - { "key": "Strict-Transport-Security", "value": "max-age=31536000;" } - ] - }, - { - "source": "**/*.@(ico|jpg|jpeg|gif|png|svg|eot|otf|ttf|ttc|woff|woff2)", - "headers": [ - { - "key": "Cache-Control", "value": "public,max-age=31536000" - } - ] - }, - { - "source": "**/*.@(css|js)", - "headers": [ - { - "key": "Cache-Control", "value": "public,max-age=31536000" - } - ] - }, - { - "source": "**/*.@(service-worker.js)", - "headers": [ - { - "key": "Cache-Control", "value": "public,no-cache" - } - ] - }, - { - "source": "**/*.@(html|json)", - "headers": [ - { - "key": "Cache-Control", "value": "private, no-cache, no-store, must-revalidate" - } - ] - } - ] - } -} diff --git a/.github/actions/firebase/files/firebase-test.json b/.github/actions/firebase/files/firebase-test.json deleted file mode 100644 index e75d28d1..00000000 --- a/.github/actions/firebase/files/firebase-test.json +++ /dev/null @@ -1,66 +0,0 @@ -{ - "hosting": - { - "site": "", - "public": "dist", - "ignore": ["firebase.json", "**/.*", "**/node_modules/**"], - "rewrites": [ - { - "source": "**", - "destination": "/index.html" - } - ], - "headers" : [ - { - "source": "**", - "headers" : [ - { "key" : "Access-Control-Allow-Origin", "value" : "*" }, - { "key" : "X-Frame-Options", "value" : "DENY" }, - { "key" : "X-Content-Type-Options", "value" : "nosniff" }, - { "key" : "X-XSS-Protection", "value" : "1; mode=block" }, - { - "key": "Content-Security-Policy", - "value": "default-src 'self'; frame-src 'self' *.gov.bc.ca *.hotjar.com *.googleapis.com https://*.nr-data.net https://*.newrelic.com https://*.cac1.pure.cloud; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.googletagmanager.com *.gov.bc.ca *.hotjar.com *.googleapis.com https://*.nr-data.net https://*.newrelic.com https://*.cac1.pure.cloud; style-src 'self' 'unsafe-inline' *.cloudflare.com *.googleapis.com *.jsdelivr.net; font-src 'self' *.gov.bc.ca *.hotjar.com *.cloudflare.com *.googleapis.com *.gstatic.com *.jsdelivr.net; img-src 'self' data: *.hotjar.com *.postescanada-canadapost.ca https://*.cac1.pure.cloud; connect-src 'self' blob: https://api.iconify.design *.zenhub.com *.run.app *.gov.bc.ca *.launchdarkly.com *.hotjar.com *.postescanada-canadapost.ca *.sentry.io *.apigee.net wss://*.hotjar.com *.hotjar.io https://*.nr-data.net https://shyrka-prod-cac1.s3.ca-central-1.amazonaws.com https://*.newrelic.com https://*.cac1.pure.cloud wss://*.cac1.pure.cloud *.googleapis.com *.google-analytics.com; manifest-src 'self'; media-src 'self' https://*.cac1.pure.cloud; object-src 'self' https://*.cac1.pure.cloud; child-src 'self' blob: *.gov.bc.ca https://*.cac1.pure.cloud; worker-src blob:;" - }, - { "key": "Cache-Control", "value": "private, no-cache, no-store, must-revalidate"}, - { "key": "Pragma", "value": "no-cache"}, - { "key": "Referrer-Policy", "value": "no-referrer" }, - { "key": "Feature-Policy", "value": "microphone 'self'" }, - { "key": "Strict-Transport-Security", "value": "max-age=31536000;" } - ] - }, - { - "source": "**/*.@(ico|jpg|jpeg|gif|png|svg|eot|otf|ttf|ttc|woff|woff2)", - "headers": [ - { - "key": "Cache-Control", "value": "public,max-age=31536000" - } - ] - }, - { - "source": "**/*.@(css|js)", - "headers": [ - { - "key": "Cache-Control", "value": "public,max-age=31536000" - } - ] - }, - { - "source": "**/*.@(service-worker.js)", - "headers": [ - { - "key": "Cache-Control", "value": "public,no-cache" - } - ] - }, - { - "source": "**/*.@(html|json)", - "headers": [ - { - "key": "Cache-Control", "value": "private, no-cache, no-store, must-revalidate" - } - ] - } - ] - } -} diff --git a/.github/workflows/api-ci.yaml b/.github/workflows/api-ci.yaml deleted file mode 100644 index 6d9241b3..00000000 --- a/.github/workflows/api-ci.yaml +++ /dev/null @@ -1,204 +0,0 @@ -name: API CI - -on: - workflow_call: - inputs: - app_name: - required: true - type: string - working_directory: - type: string - default: "." - codecov_flag: - type: string - -jobs: - linting: - strategy: - fail-fast: true - matrix: - os: [ "ubuntu-latest" ] - python-version: [ "3.11" ] - - runs-on: ${{ matrix.os }} - - defaults: - run: - shell: bash - working-directory: ${{ inputs.working_directory }} - - steps: - #---------------------------------------------- - # check-out repo and set-up python - #---------------------------------------------- - - uses: actions/checkout@v4 - - name: Set up python - id: setup-python - uses: actions/setup-python@v5 - with: - python-version: ${{ matrix.python-version }} - #---------------------------------------------- - # ----- install & configure poetry ----- - #---------------------------------------------- - - name: Install Poetry - uses: snok/install-poetry@v1 - with: - virtualenvs-create: true - virtualenvs-in-project: true - installer-parallel: true - #---------------------------------------------- - # load cached venv if cache exists - #---------------------------------------------- - - name: Load cached venv - id: cached-poetry-dependencies - uses: actions/cache@v4 - with: - path: ${{ inputs.working_directory }}/.venv - key: venv-${{ runner.os }}-${{ steps.setup-python.outputs.python-version }}-${{ hashFiles('**/poetry.lock') }} - #---------------------------------------------- - # install dependencies if cache does not exist - #---------------------------------------------- - - name: Install dependencies - if: steps.cached-poetry-dependencies.outputs.cache-hit != 'true' - run: poetry install --no-interaction --no-root - #---------------------------------------------- - # install your root project, if required - #---------------------------------------------- - - name: Install project - run: poetry install --no-interaction - #---------------------------------------------- - # install and run linters - #---------------------------------------------- - - name: Run isort - run: | - poetry run isort src tests --check - - - name: Run black - run: | - poetry run black src tests --check - - - name: Run pylint (src) - run: | - poetry run pylint src - - - name: Run pylint (tests) - continue-on-error: true - run: | - poetry run pylint tests - - - name: Run flake8 (src) - run: | - poetry run flake8 src - - - name: Run flake8 (tests) - continue-on-error: true - run: | - poetry run flake8 tests - - testing: - needs: linting - - defaults: - run: - shell: bash - working-directory: ${{ inputs.working_directory }} - - strategy: - fail-fast: true - matrix: - os: [ "ubuntu-latest" ] - python-version: [ "3.11" ] - - env: - DATABASE_TEST_USERNAME: "postgres" - DATABASE_TEST_PASSWORD: "postgres" - DATABASE_TEST_NAME: "postgres" - DATABASE_TEST_HOST: "localhost" - DATABASE_TEST_PORT: "5432" - - services: - postgres: - image: postgres:15 - env: - POSTGRES_USER: postgres - POSTGRES_PASSWORD: postgres - POSTGRES_DB: postgres - ports: - - 5432:5432 - # needed because the postgres container does not provide a healthcheck - options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5 - - runs-on: ${{ matrix.os }} - steps: - #---------------------------------------------- - # check-out repo and set-up python - #---------------------------------------------- - - name: Check out repository - uses: actions/checkout@v4 - - name: Set up python ${{ matrix.python-version }} - id: setup-python - uses: actions/setup-python@v5 - with: - python-version: ${{ matrix.python-version }} - #---------------------------------------------- - # ----- install & configure poetry ----- - #---------------------------------------------- - - name: Install Poetry - uses: snok/install-poetry@v1 - with: - virtualenvs-create: true - virtualenvs-in-project: true - #---------------------------------------------- - # load cached venv if cache exists - #---------------------------------------------- - - name: Load cached venv - id: cached-poetry-dependencies - uses: actions/cache@v4 - with: - path: ${{ inputs.working_directory }}/.venv - key: venv-${{ runner.os }}-${{ steps.setup-python.outputs.python-version }}-${{ hashFiles('**/poetry.lock') }} - #---------------------------------------------- - # install dependencies if cache does not exist - #---------------------------------------------- - - name: Install dependencies - if: steps.cached-poetry-dependencies.outputs.cache-hit != 'true' - run: poetry install --no-interaction --no-root - #---------------------------------------------- - # install your root project, if required - #---------------------------------------------- - - name: Install library - run: poetry install --no-interaction - #---------------------------------------------- - # add matrix specifics and run test suite - #---------------------------------------------- - - name: Run tests - run: | - poetry run pytest - - - name: Upload coverage to Codecov - uses: codecov/codecov-action@v4 - with: - file: ${{ inputs.working_directory }}/coverage.xml - flags: ${{ inputs.codecov_flag }} - name: codecov-${{ inputs.app_name }} - fail_ci_if_error: true - - verify-build: - needs: linting - - defaults: - run: - shell: bash - working-directory: ${{ inputs.working_directory }} - - runs-on: ubuntu-latest - steps: - #---------------------------------------------- - # check-out repo and set-up python - #---------------------------------------------- - - name: Check out repository - uses: actions/checkout@v4 - - name: build to check strictness - id: build - run: | - docker build --no-cache -t ${{ inputs.app_name }} . \ No newline at end of file diff --git a/.github/workflows/backend-job-cd.yaml b/.github/workflows/backend-job-cd.yaml index bfa39560..d9a66d13 100644 --- a/.github/workflows/backend-job-cd.yaml +++ b/.github/workflows/backend-job-cd.yaml @@ -106,7 +106,16 @@ jobs: run: |- SHORT_SHA=$(git rev-parse --short HEAD) + echo "SHORT_SHA: $SHORT_SHA" + + TARGET_FROM="${{ needs.setup.outputs.TARGET_FROM }}" + + if [ -z ${{ needs.setup.outputs.TARGET_FROM }}]; then + TARGET_FROM="${{ needs.setup.outputs.TARGET }}" + fi + + echo "TARGET_FROM: $TARGET_FROM" gcloud builds submit \ --region=northamerica-northeast1 \ - --substitutions _SHORT_SHA=$SHORT_SHA,_APP_NAME="${{ inputs.app_name }}",_DEPLOY_TARGETS="${{ needs.setup.outputs.TARGETS }}",_DEPLOY_TARGET="${{ needs.setup.outputs.TARGET }}",_DEPLOY_TARGETS_FROM="${{ needs.setup.outputs.TARGET_FROM }}",_DEPLOY_PIPELINE="${{ needs.setup.outputs.PIPELINE }}" \ + --substitutions _SHORT_SHA=$SHORT_SHA,_APP_NAME="${{ inputs.app_name }}",_DEPLOYMENT_ENVS="${{ needs.setup.outputs.TARGETS }}",_DEPLOYMENT_ENV="${{ needs.setup.outputs.TARGET }}",_DEPLOYMENT_ENV_FROM="$TARGET_FROM",_DEPLOYMENT_PIPELINE="${{ needs.setup.outputs.PIPELINE }}" \ --config devops/gcp/cloudbuild.yaml \ No newline at end of file diff --git a/.github/workflows/charts-ci.yaml b/.github/workflows/charts-ci.yaml deleted file mode 100755 index a40baae1..00000000 --- a/.github/workflows/charts-ci.yaml +++ /dev/null @@ -1,45 +0,0 @@ -name: Lint and Test Charts - -on: - pull_request: - paths: - - "charts/**" - -jobs: - lint-test: - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - - name: Set up Helm - uses: azure/setup-helm@v4 - with: - version: v3.4.0 - - - uses: actions/setup-python@v5 - with: - python-version: 3.7 - - - name: Set up chart-testing - uses: helm/chart-testing-action@v2.6.1 - - - name: Run chart-testing (list-changed) - id: list-changed - run: | - changed=$(ct list-changed) - if [[ -n "$changed" ]]; then - echo "::set-output name=changed::true" - fi - - - name: Run chart-testing (lint) - run: ct lint - - - name: Create kind cluster - uses: helm/kind-action@v1.10.0 - if: steps.list-changed.outputs.changed == 'true' - - - name: Run chart-testing (install) - run: ct install diff --git a/.github/workflows/charts-release.yaml b/.github/workflows/charts-release.yaml deleted file mode 100755 index b12ca2c0..00000000 --- a/.github/workflows/charts-release.yaml +++ /dev/null @@ -1,32 +0,0 @@ -name: Release Charts - -on: - push: - branches: - - main - paths: - - "charts/**" - -jobs: - release: - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - - name: Configure Git - run: | - git config user.name "$GITHUB_ACTOR" - git config user.email "$GITHUB_ACTOR@users.noreply.github.com" - - - name: Install Helm - uses: azure/setup-helm@v4 - with: - version: v3.4.0 - - - name: Run chart-releaser - uses: helm/chart-releaser-action@v1.6.0 - env: - CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" diff --git a/.github/workflows/cloud-run-job-cd.yaml b/.github/workflows/cloud-run-job-cd.yaml deleted file mode 100644 index 526cde64..00000000 --- a/.github/workflows/cloud-run-job-cd.yaml +++ /dev/null @@ -1,112 +0,0 @@ -name: Cloud Run Job CD - -on: - workflow_call: - inputs: - target: - required: true - type: string - app_name: - required: true - type: string - working_directory: - type: string - default: "." - secrets: - WORKLOAD_IDENTIFY_POOLS_PROVIDER: - required: true - GCP_SERVICE_ACCOUNT: - required: true - -jobs: - setup: - # Only allow run the CD flow in protected branch - if: github.ref_protected == true - - runs-on: ubuntu-22.04 - - defaults: - run: - shell: bash - - # Allow add the tag in the repo. - # Add "id-token" with the intended permissions. - permissions: - contents: 'write' - id-token: 'none' - - outputs: - TARGETS: ${{ steps.setenv.outputs.TARGETS }} - TARGET: ${{ steps.setenv.outputs.TARGET }} - TARGET_FROM: ${{ steps.setenv.outputs.TARGET_FROM }} - PIPELINE: ${{ steps.setenv.outputs.PIPELINE }} - - steps: - # Checkout code - - name: Checkout out the code - uses: actions/checkout@v4 - - - name: Setup targets - uses: bcgov/bcregistry-sre/.github/actions/setup-deployment-target@main - with: - environment: ${{ inputs.target }} - app_name: ${{ inputs.app_name }} - - - id: setenv - run: | - echo "TARGETS=${{ env.DEPLOY_TARGETS }}" >> "$GITHUB_OUTPUT" - echo "TARGET=${{ env.DEPLOY_TARGET }}" >> "$GITHUB_OUTPUT" - echo "TARGET_FROM=${{ env.DEPLOY_TARGET_FROM }}" >> "$GITHUB_OUTPUT" - echo "PIPELINE=${{ env.DEPLOY_PIPELINE }}" >> "$GITHUB_OUTPUT" - - deploy: - needs: setup - runs-on: ubuntu-22.04 - - environment: - name: "${{ needs.setup.outputs.TARGET }}" - - defaults: - run: - shell: bash - working-directory: ${{ inputs.working_directory }} - - # Allow add the tag in the repo. - # Add "id-token" with the intended permissions. - permissions: - contents: 'write' - id-token: 'write' - - steps: - # Checkout code - - name: Checkout out the code - uses: actions/checkout@v4 - - # Copy cloud build, cloud deploy and skaffold yaml files to the build - - name: Copy deployment files - uses: bcgov/bcregistry-sre/.github/actions/cloud-deploy-job@main - with: - working-directory: ${{ inputs.working_directory }} - - # GCP authentication - - name: 'Authenticate to Google Cloud' - id: 'auth' - uses: 'google-github-actions/auth@v2' - with: - workload_identity_provider: ${{ secrets.WORKLOAD_IDENTIFY_POOLS_PROVIDER }} - service_account: ${{ secrets.GCP_SERVICE_ACCOUNT }} - - # Setup gcloud CLI - - name: Set up Cloud SDK - uses: google-github-actions/setup-gcloud@v2 - - # Trigger Cloud Deploy - - name: Deployment - working-directory: ${{ inputs.working_directory }} - run: |- - SHORT_SHA=$(git rev-parse --short HEAD) - - gcloud builds submit \ - --region=northamerica-northeast1 \ - --substitutions _SHORT_SHA=$SHORT_SHA,_APP_NAME="${{ inputs.app_name }}",_DEPLOY_TARGETS="${{ needs.setup.outputs.TARGETS }}",_DEPLOY_TARGET="${{ needs.setup.outputs.TARGET }}",_DEPLOY_TARGETS_FROM="${{ needs.setup.outputs.TARGET_FROM }}",_DEPLOY_PIPELINE="${{ needs.setup.outputs.PIPELINE }}" \ - --config devops/gcp/cloudbuild.yaml \ No newline at end of file diff --git a/.github/workflows/cloud-run-service-cd.yaml b/.github/workflows/cloud-run-service-cd.yaml deleted file mode 100644 index 287ec43c..00000000 --- a/.github/workflows/cloud-run-service-cd.yaml +++ /dev/null @@ -1,112 +0,0 @@ -name: Cloud Run Service CD - -on: - workflow_call: - inputs: - target: - required: true - type: string - app_name: - required: true - type: string - working_directory: - type: string - default: "." - secrets: - WORKLOAD_IDENTIFY_POOLS_PROVIDER: - required: true - GCP_SERVICE_ACCOUNT: - required: true - -jobs: - setup: - # Only allow run the CD flow in protected branch - if: github.ref_protected == true - - runs-on: ubuntu-22.04 - - defaults: - run: - shell: bash - - # Allow add the tag in the repo. - # Add "id-token" with the intended permissions. - permissions: - contents: 'write' - id-token: 'none' - - outputs: - TARGETS: ${{ steps.setenv.outputs.TARGETS }} - TARGET: ${{ steps.setenv.outputs.TARGET }} - TARGET_FROM: ${{ steps.setenv.outputs.TARGET_FROM }} - PIPELINE: ${{ steps.setenv.outputs.PIPELINE }} - - steps: - # Checkout code - - name: Checkout out the code - uses: actions/checkout@v4 - - - name: Setup targets - uses: bcgov/bcregistry-sre/.github/actions/setup-deployment-target@main - with: - environment: ${{ inputs.target }} - app_name: ${{ inputs.app_name }} - - - id: setenv - run: | - echo "TARGETS=${{ env.DEPLOY_TARGETS }}" >> "$GITHUB_OUTPUT" - echo "TARGET=${{ env.DEPLOY_TARGET }}" >> "$GITHUB_OUTPUT" - echo "TARGET_FROM=${{ env.DEPLOY_TARGET_FROM }}" >> "$GITHUB_OUTPUT" - echo "PIPELINE=${{ env.DEPLOY_PIPELINE }}" >> "$GITHUB_OUTPUT" - - deploy: - needs: setup - runs-on: ubuntu-22.04 - - environment: - name: "${{ needs.setup.outputs.TARGET }}" - - defaults: - run: - shell: bash - working-directory: ${{ inputs.working_directory }} - - # Allow add the tag in the repo. - # Add "id-token" with the intended permissions. - permissions: - contents: 'write' - id-token: 'write' - - steps: - # Checkout code - - name: Checkout out the code - uses: actions/checkout@v4 - - # Copy cloud build, cloud deploy and skaffold yaml files to the build - - name: Copy deployment files - uses: bcgov/bcregistry-sre/.github/actions/cloud-deploy@main - with: - working-directory: ${{ inputs.working_directory }} - - # GCP authentication - - name: 'Authenticate to Google Cloud' - id: 'auth' - uses: 'google-github-actions/auth@v2' - with: - workload_identity_provider: ${{ secrets.WORKLOAD_IDENTIFY_POOLS_PROVIDER }} - service_account: ${{ secrets.GCP_SERVICE_ACCOUNT }} - - # Setup gcloud CLI - - name: Set up Cloud SDK - uses: google-github-actions/setup-gcloud@v2 - - # Trigger Cloud Deploy - - name: Deployment - working-directory: ${{ inputs.working_directory }} - run: |- - SHORT_SHA=$(git rev-parse --short HEAD) - - gcloud builds submit \ - --region=northamerica-northeast1 \ - --substitutions _SHORT_SHA=$SHORT_SHA,_APP_NAME="${{ inputs.app_name }}",_DEPLOY_TARGETS="${{ needs.setup.outputs.TARGETS }}",_DEPLOY_TARGET="${{ needs.setup.outputs.TARGET }}",_DEPLOY_TARGETS_FROM="${{ needs.setup.outputs.TARGET_FROM }}",_DEPLOY_PIPELINE="${{ needs.setup.outputs.PIPELINE }}" \ - --config devops/gcp/cloudbuild.yaml \ No newline at end of file diff --git a/.github/workflows/ui-cd-node20.yaml b/.github/workflows/ui-cd-node20.yaml deleted file mode 100644 index bc140ba0..00000000 --- a/.github/workflows/ui-cd-node20.yaml +++ /dev/null @@ -1,136 +0,0 @@ -name: UI CD for GCP - -on: - workflow_call: - inputs: - environment: - required: true - type: string - tagname: - type: string - working_directory: - type: string - default: "." - secrets: - APP_NAME: - required: true - OP_CONNECT_URL: - required: true - OP_CONNECT_TOKEN: - required: true - -jobs: - ui-cd-worklfow: - # Only allow run the CD flow in protected branch - if: github.ref_protected == true - - environment: - name: "${{ github.event_name == 'push' && 'dev' || inputs.environment }}" - - runs-on: ubuntu-22.04 - - defaults: - run: - shell: bash - working-directory: ${{ inputs.working_directory }} - - # Allow add the tag in the repo. - # Add "id-token" with the intended permissions. - permissions: - contents: 'write' - id-token: 'write' - - steps: - # Get checkout ref and determine deployment environment - - name: Get checkout ref - uses: bcgov/bcregistry-sre/.github/actions/get-checkout-ref@main - with: - environment: ${{ inputs.environment }} - tagname: ${{ inputs.tagname }} - - # Checkout code - - name: Checkout out the code - uses: actions/checkout@v4 - with: - ref: ${{ env.CHECKOUT_REF }} - - # Install 1password cli tool - - name: Install 1password cli tool - uses: bcgov/bcregistry-sre/.github/actions/install-1pass@main - - # Get environment variables from 1password - - name: Setup .env file - working-directory: ${{ inputs.working_directory }} - env: - OP_CONNECT_HOST: ${{ secrets.OP_CONNECT_URL }} - OP_CONNECT_TOKEN: ${{ secrets.OP_CONNECT_TOKEN }} - APP_ENV: ${{ env.ENVIRONMENT }} - run: | - op inject -i ./devops/vaults.env -o .env -f - - NODE_VERSION=$(op read -n op://CD/app-version/NODE_VERSION_20) - echo "::add-mask::$NODE_VERSION" - echo NODE_VERSION=$NODE_VERSION >> $GITHUB_ENV - - FIREBASE_HOST_NAME=$(op read -n op://CD/${{ env.ENVIRONMENT }}/${{ secrets.APP_NAME }}/FIREBASE_HOST_NAME) - echo "$FIREBASE_HOST_NAME" - echo FIREBASE_HOST_NAME=$FIREBASE_HOST_NAME >> $GITHUB_ENV - - WORKLOAD_IDENTIFY_POOLS_PROVIDER=$(op read -n op://CD/${{ env.ENVIRONMENT }}/base/WORKLOAD_IDENTIFY_POOLS_PROVIDER) - echo "::add-mask::$WORKLOAD_IDENTIFY_POOLS_PROVIDER" - echo WORKLOAD_IDENTIFY_POOLS_PROVIDER=$WORKLOAD_IDENTIFY_POOLS_PROVIDER >> $GITHUB_ENV - - GCP_SERVICE_ACCOUNT=$(op read -n op://CD/${{ env.ENVIRONMENT }}/base/GCP_SERVICE_ACCOUNT) - echo "::add-mask::$GCP_SERVICE_ACCOUNT" - echo GCP_SERVICE_ACCOUNT=$GCP_SERVICE_ACCOUNT >> $GITHUB_ENV - - # Copy firebase.json and cloud build yaml to the build - - name: Copy firebase build deployment files - uses: bcgov/bcregistry-sre/.github/actions/firebase@main - with: - working-directory: ${{ inputs.working_directory }} - - # GCP authentication - - name: 'Authenticate to Google Cloud' - id: 'auth' - uses: 'google-github-actions/auth@v2' - with: - workload_identity_provider: ${{ env.WORKLOAD_IDENTIFY_POOLS_PROVIDER }} - service_account: ${{ env.GCP_SERVICE_ACCOUNT }} - - # Setup gcloud CLI - - name: Set up Cloud SDK - uses: google-github-actions/setup-gcloud@v2 - - # Build and push image to Google Container Registry - - name: Build - working-directory: ${{ inputs.working_directory }} - run: |- - firebase="$(jq '.hosting.site="${{ env.FIREBASE_HOST_NAME }}"' firebase-${{ env.ENVIRONMENT }}.json)" - echo -E "${firebase}" > firebase-${{ env.ENVIRONMENT }}.json - gcloud builds submit \ - --region=northamerica-northeast1 \ - --substitutions _DEPLOYMENT_ENVIRONMENT=${{ env.ENVIRONMENT }},_DEPLOYMENT_NODE_VERSION=${{ env.NODE_VERSION }},_DEPLOYMENT_PROJECT=${{ env.GCP_PROJECT }},_DEPLOYMENT_HOST_NAME=${{ env.FIREBASE_HOST_NAME }} \ - --config cloudbuild-cd.yaml - - # Add git tag - - name: Add git tag - uses: bcgov/bcregistry-sre/.github/actions/add-git-tag@main - with: - token: ${{ secrets.GITHUB_TOKEN }} - - # Get NPM package version - - name: get-npm-version - id: package-version - uses: martinbeentjes/npm-get-version-action@main - with: - path: ${{ inputs.working_directory }} - - # Generate Job summary - - name: Job summary - if: always() - run: | - echo "# Deployment Summary" >> $GITHUB_STEP_SUMMARY - echo "- Branch: ${{ github.ref_name }}" >> $GITHUB_STEP_SUMMARY - echo "- Deployment Tag: ${{ env.ENVIRONMENT }}.${{ env.CUSTOM_TAG }}" >> $GITHUB_STEP_SUMMARY - echo "- Package Version: ${{ steps.package-version.outputs.current-version}}" >> $GITHUB_STEP_SUMMARY diff --git a/argocd/installation.yaml b/argocd/installation.yaml deleted file mode 100644 index ff59dde9..00000000 --- a/argocd/installation.yaml +++ /dev/null @@ -1,573 +0,0 @@ -# This is an auto-generated file. DO NOT EDIT -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: application-controller - app.kubernetes.io/name: argocd-application-controller - app.kubernetes.io/part-of: argocd - name: argocd-application-controller ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: dex-server - app.kubernetes.io/name: argocd-dex-server - app.kubernetes.io/part-of: argocd - name: argocd-dex-server ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: server - app.kubernetes.io/name: argocd-server - app.kubernetes.io/part-of: argocd - name: argocd-server ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: application-controller - app.kubernetes.io/name: argocd-application-controller - app.kubernetes.io/part-of: argocd - name: argocd-application-controller -rules: - - apiGroups: - - "" - resources: - - secrets - - configmaps - verbs: - - get - - list - - watch - - apiGroups: - - argoproj.io - resources: - - applications - - appprojects - verbs: - - create - - get - - list - - watch - - update - - patch - - delete - - apiGroups: - - "" - resources: - - events - verbs: - - list ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: dex-server - app.kubernetes.io/name: argocd-dex-server - app.kubernetes.io/part-of: argocd - name: argocd-dex-server -rules: - - apiGroups: - - "" - resources: - - secrets - - configmaps - verbs: - - get - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: server - app.kubernetes.io/name: argocd-server - app.kubernetes.io/part-of: argocd - name: argocd-server -rules: - - apiGroups: - - "" - resources: - - secrets - - configmaps - verbs: - - create - - get - - list - - watch - - update - - patch - - delete - - apiGroups: - - argoproj.io - resources: - - applications - - appprojects - verbs: - - create - - get - - list - - watch - - update - - delete - - patch - - apiGroups: - - "" - resources: - - events - verbs: - - list ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: application-controller - app.kubernetes.io/name: argocd-application-controller - app.kubernetes.io/part-of: argocd - name: argocd-application-controller -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: argocd-application-controller -subjects: - - kind: ServiceAccount - name: argocd-application-controller ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: dex-server - app.kubernetes.io/name: argocd-dex-server - app.kubernetes.io/part-of: argocd - name: argocd-dex-server -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: argocd-dex-server -subjects: - - kind: ServiceAccount - name: argocd-dex-server ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: server - app.kubernetes.io/name: argocd-server - app.kubernetes.io/part-of: argocd - name: argocd-server -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: argocd-server -subjects: - - kind: ServiceAccount - name: argocd-server ---- -apiVersion: v1 -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/name: argocd-cm - app.kubernetes.io/part-of: argocd - name: argocd-cm ---- -apiVersion: v1 -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/name: argocd-rbac-cm - app.kubernetes.io/part-of: argocd - name: argocd-rbac-cm ---- -apiVersion: v1 -data: - ssh_known_hosts: | - bitbucket.org ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAubiN81eDcafrgMeLzaFPsw2kNvEcqTKl/VqLat/MaB33pZy0y3rJZtnqwR2qOOvbwKZYKiEO1O6VqNEBxKvJJelCq0dTXWT5pbO2gDXC6h6QDXCaHo6pOHGPUy+YBaGQRGuSusMEASYiWunYN0vCAI8QaXnWMXNMdFP3jHAJH0eDsoiGnLPBlBp4TNm6rYI74nMzgz3B9IikW4WVK+dc8KZJZWYjAuORU3jc1c/NPskD2ASinf8v3xnfXeukU0sJ5N6m5E8VLjObPEO+mN2t/FZTMZLiFqPWc/ALSqnMnnhwrNi2rbfg/rd/IpL8Le3pSBne8+seeFVBoGqzHM9yXw== - github.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ== - gitlab.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY= - gitlab.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf - gitlab.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bNKTBSpIYDEGk9KxsGh3mySTRgMtXL583qmBpzeQ+jqCMRgBqB98u3z++J1sKlXHWfM9dyhSevkMwSbhoR8XIq/U0tCNyokEi/ueaBMCvbcTHhO7FcwzY92WK4Yt0aGROY5qX2UKSeOvuP4D6TPqKF1onrSzH9bx9XUf2lEdWT/ia1NEKjunUqu1xOB/StKDHMoX4/OKyIzuS0q/T1zOATthvasJFoPrAjkohTyaDUz2LN5JoH839hViyEG82yB+MjcFV5MU3N1l1QL3cVUCh93xSaua1N85qivl+siMkPGbO5xR/En4iEY6K2XPASUEMaieWVNTRCtJ4S8H+9 - ssh.dev.azure.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H - vs-ssh.visualstudio.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/name: argocd-ssh-known-hosts-cm - app.kubernetes.io/part-of: argocd - name: argocd-ssh-known-hosts-cm ---- -apiVersion: v1 -data: null -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/name: argocd-tls-certs-cm - app.kubernetes.io/part-of: argocd - name: argocd-tls-certs-cm ---- -apiVersion: v1 -kind: Secret -metadata: - labels: - app.kubernetes.io/name: argocd-secret - app.kubernetes.io/part-of: argocd - name: argocd-secret -type: Opaque ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: dex-server - app.kubernetes.io/name: argocd-dex-server - app.kubernetes.io/part-of: argocd - name: argocd-dex-server -spec: - ports: - - name: http - port: 5556 - protocol: TCP - targetPort: 5556 - - name: grpc - port: 5557 - protocol: TCP - targetPort: 5557 - - name: metrics - port: 5558 - protocol: TCP - targetPort: 5558 - selector: - app.kubernetes.io/name: argocd-dex-server ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: metrics - app.kubernetes.io/name: argocd-metrics - app.kubernetes.io/part-of: argocd - name: argocd-metrics -spec: - ports: - - name: metrics - port: 8082 - protocol: TCP - targetPort: 8082 - selector: - app.kubernetes.io/name: argocd-application-controller ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: redis - app.kubernetes.io/name: argocd-redis - app.kubernetes.io/part-of: argocd - name: argocd-redis -spec: - ports: - - name: tcp-redis - port: 6379 - targetPort: 6379 - selector: - app.kubernetes.io/name: argocd-redis ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: repo-server - app.kubernetes.io/name: argocd-repo-server - app.kubernetes.io/part-of: argocd - name: argocd-repo-server -spec: - ports: - - name: server - port: 8081 - protocol: TCP - targetPort: 8081 - - name: metrics - port: 8084 - protocol: TCP - targetPort: 8084 - selector: - app.kubernetes.io/name: argocd-repo-server ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: server - app.kubernetes.io/name: argocd-server-metrics - app.kubernetes.io/part-of: argocd - name: argocd-server-metrics -spec: - ports: - - name: metrics - port: 8083 - protocol: TCP - targetPort: 8083 - selector: - app.kubernetes.io/name: argocd-server ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: server - app.kubernetes.io/name: argocd-server - app.kubernetes.io/part-of: argocd - name: argocd-server -spec: - ports: - - name: http - port: 80 - protocol: TCP - targetPort: 8080 - - name: https - port: 443 - protocol: TCP - targetPort: 8080 - selector: - app.kubernetes.io/name: argocd-server ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: application-controller - app.kubernetes.io/name: argocd-application-controller - app.kubernetes.io/part-of: argocd - name: argocd-application-controller -spec: - selector: - matchLabels: - app.kubernetes.io/name: argocd-application-controller - strategy: - type: Recreate - template: - metadata: - labels: - app.kubernetes.io/name: argocd-application-controller - spec: - containers: - - command: - - argocd-application-controller - - --status-processors - - "20" - - --operation-processors - - "10" - image: argoproj/argocd:v1.6.2 - imagePullPolicy: Always - livenessProbe: - httpGet: - path: /healthz - port: 8082 - initialDelaySeconds: 5 - periodSeconds: 10 - name: argocd-application-controller - ports: - - containerPort: 8082 - readinessProbe: - httpGet: - path: /healthz - port: 8082 - initialDelaySeconds: 5 - periodSeconds: 10 - serviceAccountName: argocd-application-controller ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: dex-server - app.kubernetes.io/name: argocd-dex-server - app.kubernetes.io/part-of: argocd - name: argocd-dex-server -spec: - selector: - matchLabels: - app.kubernetes.io/name: argocd-dex-server - template: - metadata: - labels: - app.kubernetes.io/name: argocd-dex-server - spec: - containers: - - command: - - /shared/argocd-util - - rundex - image: quay.io/dexidp/dex:v2.22.0 - imagePullPolicy: Always - name: dex - ports: - - containerPort: 5556 - - containerPort: 5557 - - containerPort: 5558 - volumeMounts: - - mountPath: /shared - name: static-files - initContainers: - - command: - - cp - - -n - - /usr/local/bin/argocd-util - - /shared - image: argoproj/argocd:v1.6.2 - imagePullPolicy: Always - name: copyutil - volumeMounts: - - mountPath: /shared - name: static-files - serviceAccountName: argocd-dex-server - volumes: - - emptyDir: {} - name: static-files ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: redis - app.kubernetes.io/name: argocd-redis - app.kubernetes.io/part-of: argocd - name: argocd-redis -spec: - selector: - matchLabels: - app.kubernetes.io/name: argocd-redis - template: - metadata: - labels: - app.kubernetes.io/name: argocd-redis - spec: - containers: - - args: - - --save - - "" - - --appendonly - - "no" - image: redis:5.0.3 - imagePullPolicy: Always - name: redis - ports: - - containerPort: 6379 ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: repo-server - app.kubernetes.io/name: argocd-repo-server - app.kubernetes.io/part-of: argocd - name: argocd-repo-server -spec: - selector: - matchLabels: - app.kubernetes.io/name: argocd-repo-server - template: - metadata: - labels: - app.kubernetes.io/name: argocd-repo-server - spec: - automountServiceAccountToken: false - containers: - - command: - - uid_entrypoint.sh - - argocd-repo-server - - --redis - - argocd-redis:6379 - image: argoproj/argocd:v1.6.2 - imagePullPolicy: Always - livenessProbe: - initialDelaySeconds: 5 - periodSeconds: 10 - tcpSocket: - port: 8081 - name: argocd-repo-server - ports: - - containerPort: 8081 - - containerPort: 8084 - readinessProbe: - initialDelaySeconds: 5 - periodSeconds: 10 - tcpSocket: - port: 8081 - volumeMounts: - - mountPath: /app/config/ssh - name: ssh-known-hosts - - mountPath: /app/config/tls - name: tls-certs - volumes: - - configMap: - name: argocd-ssh-known-hosts-cm - name: ssh-known-hosts - - configMap: - name: argocd-tls-certs-cm - name: tls-certs ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: server - app.kubernetes.io/name: argocd-server - app.kubernetes.io/part-of: argocd - name: argocd-server -spec: - selector: - matchLabels: - app.kubernetes.io/name: argocd-server - template: - metadata: - labels: - app.kubernetes.io/name: argocd-server - spec: - containers: - - command: - - argocd-server - - --staticassets - - /shared/app - image: argoproj/argocd:v1.6.2 - imagePullPolicy: Always - livenessProbe: - httpGet: - path: /healthz - port: 8080 - initialDelaySeconds: 3 - periodSeconds: 30 - name: argocd-server - ports: - - containerPort: 8080 - - containerPort: 8083 - readinessProbe: - httpGet: - path: /healthz - port: 8080 - initialDelaySeconds: 3 - periodSeconds: 30 - volumeMounts: - - mountPath: /app/config/ssh - name: ssh-known-hosts - - mountPath: /app/config/tls - name: tls-certs - serviceAccountName: argocd-server - volumes: - - emptyDir: {} - name: static-files - - configMap: - name: argocd-ssh-known-hosts-cm - name: ssh-known-hosts - - configMap: - name: argocd-tls-certs-cm - name: tls-certs diff --git a/backup-iac/README.md b/backup-iac/README.md deleted file mode 100644 index 3d0d702a..00000000 --- a/backup-iac/README.md +++ /dev/null @@ -1,15 +0,0 @@ - -[![img](https://img.shields.io/badge/Lifecycle-Experimental-339999)](https://github.com/bcgov/repomountie/blob/master/doc/lifecycle-badges.md) - ---- -description: BC Registries and Online Services Backup Infrastructure as Code (IaC) service. -ignore: true ---- - -## About - -Backup Infrastructure as Code (IaC) service is an application that can backup all of the BC Registries and Online Services application . - -## Usage - -TBD diff --git a/charts/README.md b/charts/README.md deleted file mode 100755 index 38e69064..00000000 --- a/charts/README.md +++ /dev/null @@ -1,50 +0,0 @@ -[![img](https://img.shields.io/badge/Lifecycle-Experimental-339999)](https://github.com/bcgov/repomountie/blob/master/doc/lifecycle-badges.md) - -# BC Registries Services Helm Charts Repository - -## TL;DR - -```bash -$ helm repo add bcregistry https://bcgov.github.io/bcregistry-charts -$ helm search repo bcregistry -$ helm install my-app-name bcregistry/ --namespace -f -``` - -### Prerequisites -- OpenShift 4.5+ -- Kubernetes 1.12+ -- Helm 3.1.0+ - - -### Install Helm - -Helm is a tool for managing Kubernetes charts. Charts are packages of pre-configured Kubernetes resources. - -To install Helm, refer to the [Helm install guide](https://github.com/helm/helm#install) and ensure that the `helm` binary is in the `PATH` of your shell. - -### Add Repo - -The following command allows you to download and install all the charts from this repository: - -```bash -$ helm repo add bcregistry https://bcgov.github.io/bcregistry-charts -``` -### Using Helm - -Please refer to the [Quick Start guide](https://helm.sh/docs/intro/quickstart/) if you wish to get running in just a few commands, otherwise the [Using Helm Guide](https://helm.sh/docs/intro/using_helm/) provides detailed instructions on how to use the Helm client to manage packages on your Kubernetes cluster. - -Useful Helm Client Commands: -* View available charts: `helm search repo` -* Install a chart from repo: `helm install my-app-name bcregistry/ --namespace -f ` -* Install a chart from local: `helm dep up & helm install my-app-name ./charts/ --namespace -f ` -* Upgrade your application: `helm upgrade my-app-name --namespace -f ` -* Uninstall/delete your application: `helm uninstall/delete --namespace my-app-name` - -### Charts - -| Name | Description | Supprt Applications | -| --------- | ----------- | ------- | -| `bcregistry-api` | Chart for API applications | `[auth-api,pay-api,legal-api,namex-api,notify-api,colin-api,status-api,search-api,ppr-api]` | -| `bcregistry-ui` | Chart for UI applications | `[auth-web,namerequest-ui,business-filings-ui,business-edit-ui,business-create-ui,search-web,namex-ui]` | -| `bcregistry-queue` | Chart for Queue Service applications | `[notify-queue,entity-filer,entity-emailer,entity-pay,account-mailer,activity-log-listener,events-listener,payment-reconciliations,namex-pay]` | -| `bcregistry-job` | Chart for Job Service applications | `[future-effective-filings,update-colin-filings,update-legal-filings,ftp-poller,payment-jobs,inprogress_update,nro-extractor,nro-update]` | diff --git a/charts/bcregistry-api/.helmignore b/charts/bcregistry-api/.helmignore deleted file mode 100755 index 50af0317..00000000 --- a/charts/bcregistry-api/.helmignore +++ /dev/null @@ -1,22 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/charts/bcregistry-api/Chart.yaml b/charts/bcregistry-api/Chart.yaml deleted file mode 100755 index 34be1d1c..00000000 --- a/charts/bcregistry-api/Chart.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v2 -name: bcregistry-api -description: A Helm chart for Kubernetes - -# A chart can be either an 'application' or a 'library' chart. -# -# Application charts are a collection of templates that can be packaged into versioned archives -# to be deployed. -# -# Library charts provide useful utilities or functions for the chart developer. They're included as -# a dependency of application charts to inject those utilities and functions into the rendering -# pipeline. Library charts do not define any templates and therefore cannot be deployed. -type: application - -# This is the chart version. This version number should be incremented each time you make changes -# to the chart and its templates, including the app version. -version: 0.0.1 - -# This is the version number of the application being deployed. This version number should be -# incremented each time you make changes to the application. -appVersion: 1.0.1 diff --git a/charts/bcregistry-api/templates/NOTES.txt b/charts/bcregistry-api/templates/NOTES.txt deleted file mode 100755 index 0d76d292..00000000 --- a/charts/bcregistry-api/templates/NOTES.txt +++ /dev/null @@ -1,21 +0,0 @@ -Thank you for installing {{ .Chart.Name }}. - -Your release is named {{ .Release.Name }} {{ .Release.Version }}. - -Get the application URL: -{{- if .Values.route.create }} - https://{{ include "bcregistry-api.host" . }}/{{ .Values.route.path }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "name={{ include "bcregistry-api.name" . }},environment={{ .Values.environment}}" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:{{ .Values.service.port }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "bcregistry-api.name" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc -w {{ include "bcregistry-api.name" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "bcregistry-api.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.service.port }} -{{- end }} diff --git a/charts/bcregistry-api/templates/_helpers.tpl b/charts/bcregistry-api/templates/_helpers.tpl deleted file mode 100755 index c850b90f..00000000 --- a/charts/bcregistry-api/templates/_helpers.tpl +++ /dev/null @@ -1,79 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "bcregistry-api.fullname" -}} -{{- .Release.Name -}}-{{- .Values.environment -}} -{{- end -}} - -{{/* -Expand the name of the chart. -*/}} -{{- define "bcregistry-api.name" -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Expand the db miagration name of the chart. -*/}} -{{- define "bcregistry-api.dbMiagrationName" -}} -{{- .Release.Name -}}-db-miagration-{{- .Values.environment -}} -{{- end -}} - -{{/* -Expand the db miagration name of the chart. -*/}} -{{- define "bcregistry-api.secretName" -}} -{{- .Release.Name -}}-{{- .Values.environment -}}-secret -{{- end -}} - -{{/* -{{- end -}} - -{{/* -Common labels -*/}} -{{- define "bcregistry-api.labels" -}} -{{ include "bcregistry-api.selectorLabels" . }} -{{- end -}} - -{{/* -Selector labels -*/}} -{{- define "bcregistry-api.selectorLabels" -}} -name: {{ include "bcregistry-api.name" . }} -environment: {{ .Values.environment }} -role: {{ .Values.role }} -{{- end -}} - -{{/* -Create the name of the service account to use -*/}} -{{- define "bcregistry-api.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} - {{ default (include "bcregistry-api.fullname" .) .Values.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.serviceAccount.name }} -{{- end -}} -{{- end -}} - - -{{/* -image full path -*/}} -{{- define "bcregistry-api.image" -}} -{{- if .Values.image.digest -}} - {{- printf "%s/%s/%s@%s" .Values.image.repository .Values.image.namespace (include "bcregistry-api.name" .) .Values.image.digest }} -{{- else -}} - {{- printf "%s/%s/%s:%s" .Values.image.repository .Values.image.namespace (include "bcregistry-api.name" .) .Values.environment }} -{{- end -}} -{{- end -}} - -{{/* -host full url -*/}} -{{- define "bcregistry-api.host" -}} -{{- printf "%s.%s" (include "bcregistry-api.fullname" .) .Values.route.routerCanonicalHostname }} -{{- end -}} diff --git a/charts/bcregistry-api/templates/deployment.yaml b/charts/bcregistry-api/templates/deployment.yaml deleted file mode 100755 index 97487c62..00000000 --- a/charts/bcregistry-api/templates/deployment.yaml +++ /dev/null @@ -1,87 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "bcregistry-api.fullname" . }} - labels: - {{- include "bcregistry-api.labels" . | nindent 4 }} -spec: - replicas: 1 - selector: - matchLabels: - {{- include "bcregistry-api.selectorLabels" . | nindent 6 }} - template: - metadata: - name: {{ include "bcregistry-api.fullname" . }} - labels: - {{- include "bcregistry-api.labels" . | nindent 8 }} - spec: - {{- if .Values.migrations.enabled }} - initContainers: - - name: {{ include "bcregistry-api.dbMiagrationName" . }} - image: {{ include "bcregistry-api.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - command: - - {{ .Values.migrations.command }} - {{- if .Values.envFrom.secretRef }} - envFrom: - - secretRef: - name: {{ include "bcregistry-api.secretName" . }} - {{- end }} - resources: {} - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: File - {{- end }} - containers: - - name: {{ include "bcregistry-api.fullname" . }} - ports: - - name: http - containerPort: {{ .Values.ports.containerPort }} - protocol: {{ .Values.ports.protocol }} - {{- if .Values.livenessProbe }} - livenessProbe: - {{- toYaml .Values.livenessProbe | nindent 12 }} - {{- end }} - {{- if .Values.readinessProbe }} - readinessProbe: - {{- toYaml .Values.readinessProbe | nindent 12 }} - {{- end }} - resources: {{- toYaml .Values.resources | nindent 12 }} - terminationMessagePolicy: File - terminationMessagePath: /dev/termination-log - {{- if .Values.envFrom.secretRef }} - envFrom: - - secretRef: - name: {{ include "bcregistry-api.secretName" . }} - {{- end }} - image: {{ include "bcregistry-api.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - restartPolicy: Always - terminationGracePeriodSeconds: 30 - dnsPolicy: ClusterFirst - {{- if .Values.serviceAccount.create }} - serviceAccountName: {{ .Values.serviceAccount.name }} - {{- end }} - {{- if .Values.securityContext }} - {{- if .Values.securityContext.runAsUser }} - securityContext: - runAsUser: {{ .Values.securityContext.runAsUser }} - {{- if .Values.securityContext.runAsGroup }} - runAsGroup: {{ .Values.securityContext.runAsGroup }} - {{- end }} - {{- if .Values.securityContext.fsGroup }} - fsGroup: {{ .Values.securityContext.fsGroup }} - {{- end }} - {{- end }} - {{- end }} - {{- with .Values.image.pullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - schedulerName: default-scheduler - strategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 25% - maxSurge: 25% - revisionHistoryLimit: 10 - progressDeadlineSeconds: 600 diff --git a/charts/bcregistry-api/templates/hpa.yaml b/charts/bcregistry-api/templates/hpa.yaml deleted file mode 100644 index b0d109c3..00000000 --- a/charts/bcregistry-api/templates/hpa.yaml +++ /dev/null @@ -1,28 +0,0 @@ -{{- if .Values.autoscaling.create }} -apiVersion: autoscaling/v2beta1 -kind: HorizontalPodAutoscaler -metadata: - name: {{ include "bcregistry-api.fullname" . }} - labels: - {{- include "bcregistry-api.labels" . | nindent 4 }} -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{ include "bcregistry-api.fullname" . }} - minReplicas: {{ .Values.autoscaling.minReplicas }} - maxReplicas: {{ .Values.autoscaling.maxReplicas }} - metrics: - {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} - - type: Resource - resource: - name: cpu - targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} - {{- end }} - {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} - - type: Resource - resource: - name: memory - targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} - {{- end }} -{{- end }} diff --git a/charts/bcregistry-api/templates/route.yaml b/charts/bcregistry-api/templates/route.yaml deleted file mode 100755 index fa61b859..00000000 --- a/charts/bcregistry-api/templates/route.yaml +++ /dev/null @@ -1,31 +0,0 @@ -{{- if .Values.route.create -}} -apiVersion: route.openshift.io/v1 -kind: Route -metadata: - name: {{ include "bcregistry-api.fullname" . }} - labels: - {{- include "bcregistry-api.labels" . | nindent 4 }} - {{- with .Values.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - host: {{ include "bcregistry-api.host" . }} - {{- with .Values.route.path }} - path: {{ . }} - {{- end }} - {{- with .Values.route.tls }} - tls: - {{- toYaml . | nindent 4 }} - {{- end }} - to: - kind: Service - name: {{ include "bcregistry-api.fullname" . }} - weight: 100 - port: - targetPort: "{{ include "bcregistry-api.fullname" . }}-{{ lower .Values.service.protocol }}" - tls: - termination: edge - insecureEdgeTerminationPolicy: Redirect - wildcardPolicy: {{ .Values.route.wildcardPolicy }} -{{- end }} diff --git a/charts/bcregistry-api/templates/secret.yaml b/charts/bcregistry-api/templates/secret.yaml deleted file mode 100644 index 0e1e2d0f..00000000 --- a/charts/bcregistry-api/templates/secret.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "bcregistry-api.fullname" . }}-secret - labels: - {{- include "bcregistry-api.labels" . | nindent 4 }} -type: Opaque -data: -{{- range $index, $val := .Values.env }} - {{- if .secure }} - {{ $index | kebabcase }}: {{ .value | b64enc | quote }} - {{ end }} -{{ end }} diff --git a/charts/bcregistry-api/templates/service.yaml b/charts/bcregistry-api/templates/service.yaml deleted file mode 100755 index 907fa782..00000000 --- a/charts/bcregistry-api/templates/service.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "bcregistry-api.fullname" . }} - labels: - {{- include "bcregistry-api.labels" . | nindent 4 }} -spec: - type: {{ .Values.service.type }} - ports: - - port: {{ .Values.service.port }} - targetPort: {{ .Values.service.targetPort }} - protocol: {{ .Values.service.protocol }} - name: "{{ include "bcregistry-api.fullname" . }}-{{ lower .Values.service.protocol }}" - selector: - {{- include "bcregistry-api.selectorLabels" . | nindent 4 }} diff --git a/charts/bcregistry-api/templates/tests/test-connection.yaml b/charts/bcregistry-api/templates/tests/test-connection.yaml deleted file mode 100755 index 8bb30274..00000000 --- a/charts/bcregistry-api/templates/tests/test-connection.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: "{{ include "bcregistry-api.fullname" . }}-test-connection" - labels: - {{- include "bcregistry-api.labels" . | nindent 4 }} - annotations: - "helm.sh/hook": test-success -spec: - containers: - - name: wget - image: busybox - command: ['wget'] - args: ['{{ include "bcregistry-api.fullname" . }}:{{ .Values.service.port }}'] - restartPolicy: Never diff --git a/charts/bcregistry-api/values.yaml b/charts/bcregistry-api/values.yaml deleted file mode 100755 index bc708cd4..00000000 --- a/charts/bcregistry-api/values.yaml +++ /dev/null @@ -1,108 +0,0 @@ -# Default values for bcregistry-api. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -environment: "dev" -role: "api" - -image: - repository: "image-registry.openshift-image-registry.svc:5000" - namespace: "d893f6-tools" - pullPolicy: "IfNotPresent" - pullSecrets: "" - digest: "" - tag: "dev" - -migrations: - enabled: false - command: "/opt/app-root/pre-hook-update-db.sh" - -ports: - containerPort: 8080 - protocol: TCP - -resources: {} - -replicas: 1 - -revisionHistoryLimit: 10 - -livenessProbe: - httpGet: - path: /ops/healthz - port: 8080 - scheme: HTTP - initialDelaySeconds: 3 - timeoutSeconds: 1 - periodSeconds: 10 - successThreshold: 1 - failureThreshold: 3 - -readinessProbe: - httpGet: - path: /ops/readyz - port: 8080 - scheme: HTTP - initialDelaySeconds: 3 - timeoutSeconds: 30 - periodSeconds: 10 - successThreshold: 1 - failureThreshold: 3 - -podAnnotations: {} - -podSecurityContext: {} - -securityContext: {} - -args: {} - -env: - {} - # SOME_ENV_VAR: - # value: "var2" - # secure: false - # SOME_SEC_ENV_VAR: - # value: "var" - # secure: true - -envFrom: - secretRef: true - configMapRef: false - -service: - type: ClusterIP - port: 8080 - targetPort: 8080 - protocol: TCP - -route: - create: true - annotations: - {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - # haproxy.router.openshift.io/ip_whitelist: '' - # haproxy.router.openshift.io/timeout: 900s - routerCanonicalHostname: apps.silver.devops.gov.bc.ca - path: "" - service: {} - wildcardPolicy: None - tls: {} - -autoscaling: - # Specifies whether the autoscaling should be created - create: true - minReplicas: 1 - maxReplicas: 2 - targetCPUUtilizationPercentage: 80 - # targetMemoryUtilizationPercentage: 80 - -serviceAccount: - # Specifies whether a service account should be created - create: false - # Annotations to add to the service account - annotations: {} - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: "" diff --git a/charts/bcregistry-cronjob/.helmignore b/charts/bcregistry-cronjob/.helmignore deleted file mode 100755 index 50af0317..00000000 --- a/charts/bcregistry-cronjob/.helmignore +++ /dev/null @@ -1,22 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/charts/bcregistry-cronjob/Chart.yaml b/charts/bcregistry-cronjob/Chart.yaml deleted file mode 100755 index 7f68e323..00000000 --- a/charts/bcregistry-cronjob/Chart.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v2 -name: bcregistry-cronjob -description: A Helm chart for Kubernetes - -# A chart can be either an 'application' or a 'library' chart. -# -# Application charts are a collection of templates that can be packaged into versioned archives -# to be deployed. -# -# Library charts provide useful utilities or functions for the chart developer. They're included as -# a dependency of application charts to inject those utilities and functions into the rendering -# pipeline. Library charts do not define any templates and therefore cannot be deployed. -type: application - -# This is the chart version. This version number should be incremented each time you make changes -# to the chart and its templates, including the app version. -version: 0.0.1 - -# This is the version number of the application being deployed. This version number should be -# incremented each time you make changes to the application. -appVersion: 1.0.1 diff --git a/charts/bcregistry-cronjob/templates/NOTES.txt b/charts/bcregistry-cronjob/templates/NOTES.txt deleted file mode 100755 index a9710826..00000000 --- a/charts/bcregistry-cronjob/templates/NOTES.txt +++ /dev/null @@ -1,4 +0,0 @@ -Thank you for installing {{ .Chart.Name }}. - -Your release is named {{ .Release.Name }} {{ .Release.Version }}. - diff --git a/charts/bcregistry-cronjob/templates/_helpers.tpl b/charts/bcregistry-cronjob/templates/_helpers.tpl deleted file mode 100755 index 0735fd7a..00000000 --- a/charts/bcregistry-cronjob/templates/_helpers.tpl +++ /dev/null @@ -1,78 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "bcregistry-cronjob.fullname" -}} -{{- .Release.Name -}}-{{- .Values.environment -}} -{{- end -}} - -{{/* -Expand the name of the chart. -*/}} -{{- define "bcregistry-cronjob.name" -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Expand the db miagration name of the chart. -*/}} -{{- define "bcregistry-cronjob.dbMiagrationName" -}} -{{- .Release.Name -}}-db-miagration-{{- .Values.environment -}} -{{- end -}} - -{{/* -Expand the db miagration name of the chart. -*/}} -{{- define "bcregistry-cronjob.secretName" -}} -{{- .Release.Name -}}-{{- .Values.environment -}}-secret -{{- end -}} - -{{/* -{{- end -}} - -{{/* -Common labels -*/}} -{{- define "bcregistry-cronjob.labels" -}} -{{ include "bcregistry-cronjob.selectorLabels" . }} -{{- end -}} - -{{/* -Selector labels -*/}} -{{- define "bcregistry-cronjob.selectorLabels" -}} -name: {{ include "bcregistry-cronjob.name" . }} -environment: {{ .Values.environment }} -role: {{ .Values.role }} -{{- end -}} - -{{/* -Create the name of the service account to use -*/}} -{{- define "bcregistry-cronjob.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} - {{ default (include "bcregistry-cronjob.fullname" .) .Values.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -image full path -*/}} -{{- define "bcregistry-cronjob.image" -}} -{{- if .Values.image.digest -}} - {{- printf "%s/%s/%s@%s" .Values.image.repository .Values.image.namespace (include "bcregistry-cronjob.name" .) .Values.image.digest }} -{{- else -}} - {{- printf "%s/%s/%s:%s" .Values.image.repository .Values.image.namespace (include "bcregistry-cronjob.name" .) .Values.environment }} -{{- end -}} -{{- end -}} - -{{/* -host full url -*/}} -{{- define "bcregistry-cronjob.host" -}} -{{- printf "%s.%s" (include "bcregistry-cronjob.fullname" .) .Values.route.routerCanonicalHostname }} -{{- end -}} diff --git a/charts/bcregistry-cronjob/templates/cronjob.yaml b/charts/bcregistry-cronjob/templates/cronjob.yaml deleted file mode 100755 index 11bcdef1..00000000 --- a/charts/bcregistry-cronjob/templates/cronjob.yaml +++ /dev/null @@ -1,58 +0,0 @@ -apiVersion: batch/v1beta1 -kind: CronJob -metadata: - name: {{ include "bcregistry-cronjob.fullname" . }} - labels: - {{- include "bcregistry-cronjob.labels" . | nindent 4 }} -spec: - schedule: {{ .Values.schedule | quote }} - concurrencyPolicy: {{ .Values.concurrencyPolicy | quote }} - suspend: false - jobTemplate: - metadata: - labels: - {{- include "bcregistry-cronjob.labels" . | nindent 8 }} - spec: - backoffLimit: 0 - template: - metadata: - labels: - {{- include "bcregistry-cronjob.labels" . | nindent 12 }} - spec: - {{- if .Values.serviceAccount.create }} - serviceAccountName: {{ .Values.serviceAccount.name }} - {{- end }} - {{- if .Values.securityContext }} - {{- if .Values.securityContext.runAsUser }} - securityContext: - runAsUser: {{ .Values.securityContext.runAsUser }} - {{- if .Values.securityContext.runAsGroup }} - runAsGroup: {{ .Values.securityContext.runAsGroup }} - {{- end }} - {{- if .Values.securityContext.fsGroup }} - fsGroup: {{ .Values.securityContext.fsGroup }} - {{- end }} - {{- end }} - {{- end }} - containers: - - name: {{ include "bcregistry-cronjob.fullname" . }} - image: {{ include "bcregistry-cronjob.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - command: {{ .Values.command }} - args: {{ .Values.args }} - {{- if .Values.envFrom.secretRef }} - envFrom: - - secretRef: - name: {{ include "bcregistry-cronjob.secretName" . }} - {{- end }} - resources: {} - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: File - imagePullPolicy: Always - restartPolicy: Never - terminationGracePeriodSeconds: 30 - activeDeadlineSeconds: 1600 - dnsPolicy: ClusterFirst - schedulerName: default-scheduler - successfulJobsHistoryLimit: 5 - failedJobsHistoryLimit: 2 diff --git a/charts/bcregistry-cronjob/templates/secret.yaml b/charts/bcregistry-cronjob/templates/secret.yaml deleted file mode 100644 index 871a94c8..00000000 --- a/charts/bcregistry-cronjob/templates/secret.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "bcregistry-cronjob.fullname" . }}-secret - labels: - {{- include "bcregistry-cronjob.labels" . | nindent 4 }} -type: Opaque -data: -{{- range $index, $val := .Values.env }} - {{- if .secure }} - {{ $index | kebabcase }}: {{ .value | b64enc | quote }} - {{ end }} -{{ end }} diff --git a/charts/bcregistry-cronjob/values.yaml b/charts/bcregistry-cronjob/values.yaml deleted file mode 100755 index bbaf9de8..00000000 --- a/charts/bcregistry-cronjob/values.yaml +++ /dev/null @@ -1,50 +0,0 @@ -# Default values for bcregistry-cronjob. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -environment: "dev" -role: "job" - -image: - repository: "image-registry.openshift-image-registry.svc:5000" - namespace: "73c567-tools" - pullPolicy: "IfNotPresent" - digest: "sha256:953e89d9882cf710750ee760e557d8b49381691fe6bee0bbe9675de1c6679b6e" - tag: "dev" - -imagePullSecrets: [] - -schedule: "0 7 * * *" -concurrencyPolicy: "Forbid" - -resources: {} - -replicas: 1 - -revisionHistoryLimit: 10 - -podAnnotations: {} - -podSecurityContext: {} - -securityContext: {} - -command: ["/bin/sh"] -args: ["-c", "cd /opt/app-root; ./run.sh"] - -env: - {} - # SOME_ENV_VAR: - # value: "var2" - # secure: false - # SOME_SEC_ENV_VAR: - # value: "var" - # secure: true - -envFrom: - secretRef: true - -serviceAccount: - create: false - annotations: {} - name: "" diff --git a/charts/bcregistry-queue/.helmignore b/charts/bcregistry-queue/.helmignore deleted file mode 100755 index 50af0317..00000000 --- a/charts/bcregistry-queue/.helmignore +++ /dev/null @@ -1,22 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/charts/bcregistry-queue/Chart.yaml b/charts/bcregistry-queue/Chart.yaml deleted file mode 100755 index 9022af57..00000000 --- a/charts/bcregistry-queue/Chart.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v2 -name: bcregistry-queue -description: A Helm chart for Kubernetes - -# A chart can be either an 'application' or a 'library' chart. -# -# Application charts are a collection of templates that can be packaged into versioned archives -# to be deployed. -# -# Library charts provide useful utilities or functions for the chart developer. They're included as -# a dependency of application charts to inject those utilities and functions into the rendering -# pipeline. Library charts do not define any templates and therefore cannot be deployed. -type: application - -# This is the chart version. This version number should be incremented each time you make changes -# to the chart and its templates, including the app version. -version: 0.0.1 - -# This is the version number of the application being deployed. This version number should be -# incremented each time you make changes to the application. -appVersion: 1.0.1 diff --git a/charts/bcregistry-queue/templates/NOTES.txt b/charts/bcregistry-queue/templates/NOTES.txt deleted file mode 100755 index 82fb655c..00000000 --- a/charts/bcregistry-queue/templates/NOTES.txt +++ /dev/null @@ -1,19 +0,0 @@ -Thank you for installing {{ .Chart.Name }}. - -Your release is named {{ .Release.Name }} {{ .Release.Version }}. - -Get the application URL: -{{- if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "name={{ include "bcregistry-queue.name" . }},environment={{ .Values.environment}}" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:{{ .Values.service.port }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "bcregistry-queue.name" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc -w {{ include "bcregistry-queue.name" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "bcregistry-queue.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.service.port }} -{{- end }} diff --git a/charts/bcregistry-queue/templates/_helpers.tpl b/charts/bcregistry-queue/templates/_helpers.tpl deleted file mode 100755 index 2bebb887..00000000 --- a/charts/bcregistry-queue/templates/_helpers.tpl +++ /dev/null @@ -1,78 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "bcregistry-queue.fullname" -}} -{{- .Release.Name -}}-{{- .Values.environment -}} -{{- end -}} - -{{/* -Expand the name of the chart. -*/}} -{{- define "bcregistry-queue.name" -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Expand the db miagration name of the chart. -*/}} -{{- define "bcregistry-queue.dbMiagrationName" -}} -{{- .Release.Name -}}-db-miagration-{{- .Values.environment -}} -{{- end -}} - -{{/* -Expand the db miagration name of the chart. -*/}} -{{- define "bcregistry-queue.secretName" -}} -{{- .Release.Name -}}-{{- .Values.environment -}}-secret -{{- end -}} - -{{/* -{{- end -}} - -{{/* -Common labels -*/}} -{{- define "bcregistry-queue.labels" -}} -{{ include "bcregistry-queue.selectorLabels" . }} -{{- end -}} - -{{/* -Selector labels -*/}} -{{- define "bcregistry-queue.selectorLabels" -}} -name: {{ include "bcregistry-queue.name" . }} -environment: {{ .Values.environment }} -role: {{ .Values.role }} -{{- end -}} - -{{/* -Create the name of the service account to use -*/}} -{{- define "bcregistry-queue.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} - {{ default (include "bcregistry-queue.fullname" .) .Values.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -image full path -*/}} -{{- define "bcregistry-queue.image" -}} -{{- if .Values.image.digest -}} - {{- printf "%s/%s/%s@%s" .Values.image.repository .Values.image.namespace (include "bcregistry-queue.name" .) .Values.image.digest }} -{{- else -}} - {{- printf "%s/%s/%s:%s" .Values.image.repository .Values.image.namespace (include "bcregistry-queue.name" .) .Values.environment }} -{{- end -}} -{{- end -}} - -{{/* -host full url -*/}} -{{- define "bcregistry-queue.host" -}} -{{- printf "%s.%s" (include "bcregistry-queue.fullname" .) .Values.route.routerCanonicalHostname }} -{{- end -}} diff --git a/charts/bcregistry-queue/templates/deployment.yaml b/charts/bcregistry-queue/templates/deployment.yaml deleted file mode 100755 index e769aefc..00000000 --- a/charts/bcregistry-queue/templates/deployment.yaml +++ /dev/null @@ -1,84 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "bcregistry-queue.fullname" . }} - labels: - {{- include "bcregistry-queue.labels" . | nindent 4 }} -spec: - replicas: 1 - selector: - matchLabels: - {{- include "bcregistry-queue.selectorLabels" . | nindent 6 }} - template: - metadata: - name: {{ include "bcregistry-queue.fullname" . }} - labels: - {{- include "bcregistry-queue.labels" . | nindent 8 }} - spec: - {{- if .Values.migrations.enabled }} - initContainers: - - name: {{ include "bcregistry-queue.dbMiagrationName" . }} - image: {{ include "bcregistry-queue.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - command: - - {{ .Values.migrations.command }} - {{- if .Values.envFrom.secretRef }} - envFrom: - - secretRef: - name: {{ include "bcregistry-queue.secretName" . }} - {{- end }} - resources: {} - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: File - {{- end }} - containers: - - name: {{ include "bcregistry-queue.fullname" . }} - ports: - - name: http - containerPort: {{ .Values.ports.containerPort }} - protocol: {{ .Values.ports.protocol }} - {{- if .Values.livenessProbe }} - livenessProbe: - {{- toYaml .Values.livenessProbe | nindent 12 }} - {{- end }} - {{- if .Values.readinessProbe }} - readinessProbe: - {{- toYaml .Values.readinessProbe | nindent 12 }} - {{- end }} - resources: {{- toYaml .Values.resources | nindent 12 }} - terminationMessagePolicy: File - terminationMessagePath: /dev/termination-log - {{- if .Values.envFrom.secretRef }} - envFrom: - - secretRef: - name: {{ include "bcregistry-queue.secretName" . }} - {{- end }} - image: {{ include "bcregistry-queue.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - restartPolicy: Always - terminationGracePeriodSeconds: 30 - dnsPolicy: ClusterFirst - {{- if .Values.serviceAccount.create }} - serviceAccountName: {{ .Values.serviceAccount.name }} - {{- end }} - {{- if .Values.securityContext }} - {{- if .Values.securityContext.runAsUser }} - securityContext: - runAsUser: {{ .Values.securityContext.runAsUser }} - {{- if .Values.securityContext.runAsGroup }} - runAsGroup: {{ .Values.securityContext.runAsGroup }} - {{- end }} - {{- if .Values.securityContext.fsGroup }} - fsGroup: {{ .Values.securityContext.fsGroup }} - {{- end }} - {{- end }} - {{- end }} - imagePullSecrets: {{- toYaml .Values.imagePullSecrets | nindent 12 }} - schedulerName: default-scheduler - strategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 25% - maxSurge: 25% - revisionHistoryLimit: 10 - progressDeadlineSeconds: 600 diff --git a/charts/bcregistry-queue/templates/hpa.yaml b/charts/bcregistry-queue/templates/hpa.yaml deleted file mode 100644 index 3c9d88c7..00000000 --- a/charts/bcregistry-queue/templates/hpa.yaml +++ /dev/null @@ -1,28 +0,0 @@ -{{- if .Values.autoscaling.create }} -apiVersion: autoscaling/v2beta1 -kind: HorizontalPodAutoscaler -metadata: - name: {{ include "bcregistry-queue.fullname" . }} - labels: - {{- include "bcregistry-queue.labels" . | nindent 4 }} -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{ include "bcregistry-queue.fullname" . }} - minReplicas: {{ .Values.autoscaling.minReplicas }} - maxReplicas: {{ .Values.autoscaling.maxReplicas }} - metrics: - {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} - - type: Resource - resource: - name: cpu - targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} - {{- end }} - {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} - - type: Resource - resource: - name: memory - targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} - {{- end }} -{{- end }} diff --git a/charts/bcregistry-queue/templates/secret.yaml b/charts/bcregistry-queue/templates/secret.yaml deleted file mode 100644 index b399457b..00000000 --- a/charts/bcregistry-queue/templates/secret.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "bcregistry-queue.fullname" . }}-secret - labels: - {{- include "bcregistry-queue.labels" . | nindent 4 }} -type: Opaque -data: -{{- range $index, $val := .Values.env }} - {{- if .secure }} - {{ $index | kebabcase }}: {{ .value | b64enc | quote }} - {{ end }} -{{ end }} diff --git a/charts/bcregistry-queue/templates/service.yaml b/charts/bcregistry-queue/templates/service.yaml deleted file mode 100755 index c9df7d27..00000000 --- a/charts/bcregistry-queue/templates/service.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "bcregistry-queue.fullname" . }} - labels: - {{- include "bcregistry-queue.labels" . | nindent 4 }} -spec: - type: {{ .Values.service.type }} - ports: - - port: {{ .Values.service.port }} - targetPort: {{ .Values.service.targetPort }} - protocol: {{ .Values.service.protocol }} - name: "{{ include "bcregistry-queue.fullname" . }}-{{ lower .Values.service.protocol }}" - selector: - {{- include "bcregistry-queue.selectorLabels" . | nindent 4 }} diff --git a/charts/bcregistry-queue/templates/tests/test-connection.yaml b/charts/bcregistry-queue/templates/tests/test-connection.yaml deleted file mode 100755 index 39ae5aaf..00000000 --- a/charts/bcregistry-queue/templates/tests/test-connection.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: "{{ include "bcregistry-queue.fullname" . }}-test-connection" - labels: - {{- include "bcregistry-queue.labels" . | nindent 4 }} - annotations: - "helm.sh/hook": test-success -spec: - containers: - - name: wget - image: busybox - command: ['wget'] - args: ['{{ include "bcregistry-queue.fullname" . }}:{{ .Values.service.port }}'] - restartPolicy: Never diff --git a/charts/bcregistry-queue/values.yaml b/charts/bcregistry-queue/values.yaml deleted file mode 100755 index 77ef94ea..00000000 --- a/charts/bcregistry-queue/values.yaml +++ /dev/null @@ -1,94 +0,0 @@ -# Default values for bcregistry-queue. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -environment: "dev" -role: "queue" - -image: - repository: "image-registry.openshift-image-registry.svc:5000" - namespace: "73c567-tools" - pullPolicy: "IfNotPresent" - digest: "sha256:953e89d9882cf710750ee760e557d8b49381691fe6bee0bbe9675de1c6679b6e" - tag: "dev" - -imagePullSecrets: [] - -migrations: - enabled: false - command: "/opt/app-root/pre-hook-update-db.sh" - -ports: - containerPort: 8080 - protocol: TCP - -resources: {} - -replicas: 1 - -revisionHistoryLimit: 10 - -livenessProbe: - httpGet: - path: /healthz - port: 7070 - scheme: HTTP - initialDelaySeconds: 3 - timeoutSeconds: 1 - periodSeconds: 10 - successThreshold: 1 - failureThreshold: 3 - -readinessProbe: - httpGet: - path: /readyz - port: 7070 - scheme: HTTP - initialDelaySeconds: 3 - timeoutSeconds: 30 - periodSeconds: 10 - successThreshold: 1 - failureThreshold: 3 - -podAnnotations: {} - -podSecurityContext: {} - -securityContext: {} - -args: {} - -env: - {} - # SOME_ENV_VAR: - # value: "var2" - # secure: false - # SOME_SEC_ENV_VAR: - # value: "var" - # secure: true - -envFrom: - secretRef: true - -service: - type: ClusterIP - port: 8080 - targetPort: 8080 - protocol: TCP - -autoscaling: - # Specifies whether the autoscaling should be created - create: true - minReplicas: 1 - maxReplicas: 1 - targetCPUUtilizationPercentage: 80 - # targetMemoryUtilizationPercentage: 80 - -serviceAccount: - # Specifies whether a service account should be created - create: false - # Annotations to add to the service account - annotations: {} - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: "" diff --git a/charts/bcregistry-ui/.helmignore b/charts/bcregistry-ui/.helmignore deleted file mode 100755 index 50af0317..00000000 --- a/charts/bcregistry-ui/.helmignore +++ /dev/null @@ -1,22 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/charts/bcregistry-ui/Chart.yaml b/charts/bcregistry-ui/Chart.yaml deleted file mode 100755 index 560dccd2..00000000 --- a/charts/bcregistry-ui/Chart.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v2 -name: bcregistry-ui -description: A Helm chart for Kubernetes - -# A chart can be either an 'application' or a 'library' chart. -# -# Application charts are a collection of templates that can be packaged into versioned archives -# to be deployed. -# -# Library charts provide useful utilities or functions for the chart developer. They're included as -# a dependency of application charts to inject those utilities and functions into the rendering -# pipeline. Library charts do not define any templates and therefore cannot be deployed. -type: application - -# This is the chart version. This version number should be incremented each time you make changes -# to the chart and its templates, including the app version. -version: 0.0.1 - -# This is the version number of the application being deployed. This version number should be -# incremented each time you make changes to the application. -appVersion: 1.0.1 diff --git a/charts/bcregistry-ui/templates/NOTES.txt b/charts/bcregistry-ui/templates/NOTES.txt deleted file mode 100755 index c5b115e8..00000000 --- a/charts/bcregistry-ui/templates/NOTES.txt +++ /dev/null @@ -1,21 +0,0 @@ -Thank you for installing {{ .Chart.Name }}. - -Your release is named {{ .Release.Name }} {{ .Release.Version }}. - -Get the application URL: -{{- if .Values.route.create }} - https://{{ include "bcregistry-ui.host" . }}/{{ .Values.route.path }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "name={{ include "bcregistry-ui.name" . }},environment={{ .Values.environment}}" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:{{ .Values.service.port }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "bcregistry-ui.name" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc -w {{ include "bcregistry-ui.name" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "bcregistry-ui.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.service.port }} -{{- end }} diff --git a/charts/bcregistry-ui/templates/_helpers.tpl b/charts/bcregistry-ui/templates/_helpers.tpl deleted file mode 100755 index 490662a2..00000000 --- a/charts/bcregistry-ui/templates/_helpers.tpl +++ /dev/null @@ -1,78 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "bcregistry-ui.fullname" -}} -{{- .Release.Name -}}-{{- .Values.environment -}} -{{- end -}} - -{{/* -Expand the name of the chart. -*/}} -{{- define "bcregistry-ui.name" -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Expand the db miagration name of the chart. -*/}} -{{- define "bcregistry-ui.dbMiagrationName" -}} -{{- .Release.Name -}}-db-miagration-{{- .Values.environment -}} -{{- end -}} - -{{/* -Expand the db miagration name of the chart. -*/}} -{{- define "bcregistry-ui.secretName" -}} -{{- .Release.Name -}}-{{- .Values.environment -}}-secret -{{- end -}} - -{{/* -{{- end -}} - -{{/* -Common labels -*/}} -{{- define "bcregistry-ui.labels" -}} -{{ include "bcregistry-ui.selectorLabels" . }} -{{- end -}} - -{{/* -Selector labels -*/}} -{{- define "bcregistry-ui.selectorLabels" -}} -name: {{ include "bcregistry-ui.name" . }} -environment: {{ .Values.environment }} -role: {{ .Values.role }} -{{- end -}} - -{{/* -Create the name of the service account to use -*/}} -{{- define "bcregistry-ui.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} - {{ default (include "bcregistry-ui.fullname" .) .Values.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -image full path -*/}} -{{- define "bcregistry-ui.image" -}} -{{- if .Values.image.digest -}} - {{- printf "%s/%s/%s@%s" .Values.image.repository .Values.image.namespace (include "bcregistry-ui.name" .) .Values.image.digest }} -{{- else -}} - {{- printf "%s/%s/%s:%s" .Values.image.repository .Values.image.namespace (include "bcregistry-ui.name" .) .Values.environment }} -{{- end -}} -{{- end -}} - -{{/* -host full url -*/}} -{{- define "bcregistry-ui.host" -}} -{{- printf "%s.%s" (include "bcregistry-ui.fullname" .) .Values.route.routerCanonicalHostname }} -{{- end -}} diff --git a/charts/bcregistry-ui/templates/configmap-keycloak.yaml b/charts/bcregistry-ui/templates/configmap-keycloak.yaml deleted file mode 100644 index fabb11d7..00000000 --- a/charts/bcregistry-ui/templates/configmap-keycloak.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "bcregistry-ui.fullname" . }}-keycloak-config - labels: - {{- include "bcregistry-ui.labels" . | nindent 4 }} -data: diff --git a/charts/bcregistry-ui/templates/configmap.yaml b/charts/bcregistry-ui/templates/configmap.yaml deleted file mode 100644 index 7f08c787..00000000 --- a/charts/bcregistry-ui/templates/configmap.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "bcregistry-ui.fullname" . }}-ui-configuration - labels: - {{- include "bcregistry-ui.labels" . | nindent 4 }} -data: diff --git a/charts/bcregistry-ui/templates/deployment.yaml b/charts/bcregistry-ui/templates/deployment.yaml deleted file mode 100755 index 75bdb31d..00000000 --- a/charts/bcregistry-ui/templates/deployment.yaml +++ /dev/null @@ -1,82 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "bcregistry-ui.fullname" . }} - labels: - {{- include "bcregistry-ui.labels" . | nindent 4 }} -spec: - replicas: 1 - selector: - matchLabels: - {{- include "bcregistry-ui.selectorLabels" . | nindent 6 }} - template: - metadata: - name: {{ include "bcregistry-ui.fullname" . }} - labels: - {{- include "bcregistry-ui.labels" . | nindent 8 }} - spec: - volumes: - - name: web-ui-configuration - configMap: - name: {{ include "bcregistry-ui.fullname" . }}-ui-configuration - defaultMode: 420 - - name: keycloak-configuration - configMap: - name: {{ include "bcregistry-ui.fullname" . }}-keycloak-config - defaultMode: 420 - containers: - - name: {{ include "bcregistry-ui.fullname" . }} - ports: - - name: http - containerPort: {{ .Values.ports.containerPort }} - protocol: {{ .Values.ports.protocol }} - {{- if .Values.livenessProbe }} - livenessProbe: - {{- toYaml .Values.livenessProbe | nindent 12 }} - {{- end }} - {{- if .Values.readinessProbe }} - readinessProbe: - {{- toYaml .Values.readinessProbe | nindent 12 }} - {{- end }} - resources: {{- toYaml .Values.resources | nindent 12 }} - terminationMessagePolicy: File - terminationMessagePath: /dev/termination-log - image: {{ include "bcregistry-ui.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - volumeMounts: - - name: web-ui-configuration - readOnly: true - mountPath: /app/config - - name: keycloak-configuration - readOnly: true - mountPath: /app/config/kc - restartPolicy: Always - terminationGracePeriodSeconds: 30 - dnsPolicy: ClusterFirst - {{- if .Values.serviceAccount.create }} - serviceAccountName: {{ .Values.serviceAccount.name }} - {{- end }} - {{- if .Values.securityContext }} - {{- if .Values.securityContext.runAsUser }} - securityContext: - runAsUser: {{ .Values.securityContext.runAsUser }} - {{- if .Values.securityContext.runAsGroup }} - runAsGroup: {{ .Values.securityContext.runAsGroup }} - {{- end }} - {{- if .Values.securityContext.fsGroup }} - fsGroup: {{ .Values.securityContext.fsGroup }} - {{- end }} - {{- end }} - {{- end }} - {{- with .Values.image.pullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - schedulerName: default-scheduler - strategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 25% - maxSurge: 25% - revisionHistoryLimit: 10 - progressDeadlineSeconds: 600 diff --git a/charts/bcregistry-ui/templates/hpa.yaml b/charts/bcregistry-ui/templates/hpa.yaml deleted file mode 100644 index ffb6a3b9..00000000 --- a/charts/bcregistry-ui/templates/hpa.yaml +++ /dev/null @@ -1,28 +0,0 @@ -{{- if .Values.autoscaling.create }} -apiVersion: autoscaling/v2beta1 -kind: HorizontalPodAutoscaler -metadata: - name: {{ include "bcregistry-ui.fullname" . }} - labels: - {{- include "bcregistry-ui.labels" . | nindent 4 }} -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{ include "bcregistry-ui.fullname" . }} - minReplicas: {{ .Values.autoscaling.minReplicas }} - maxReplicas: {{ .Values.autoscaling.maxReplicas }} - metrics: - {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} - - type: Resource - resource: - name: cpu - targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} - {{- end }} - {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} - - type: Resource - resource: - name: memory - targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} - {{- end }} -{{- end }} diff --git a/charts/bcregistry-ui/templates/route.yaml b/charts/bcregistry-ui/templates/route.yaml deleted file mode 100755 index 75147410..00000000 --- a/charts/bcregistry-ui/templates/route.yaml +++ /dev/null @@ -1,31 +0,0 @@ -{{- if .Values.route.create -}} -apiVersion: route.openshift.io/v1 -kind: Route -metadata: - name: {{ include "bcregistry-ui.fullname" . }} - labels: - {{- include "bcregistry-ui.labels" . | nindent 4 }} - {{- with .Values.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - host: {{ include "bcregistry-ui.host" . }} - {{- with .Values.route.path }} - path: {{ . }} - {{- end }} - {{- with .Values.route.tls }} - tls: - {{- toYaml . | nindent 4 }} - {{- end }} - to: - kind: Service - name: {{ include "bcregistry-ui.fullname" . }} - weight: 100 - port: - targetPort: "{{ include "bcregistry-ui.fullname" . }}-{{ lower .Values.service.protocol }}" - tls: - termination: edge - insecureEdgeTerminationPolicy: Redirect - wildcardPolicy: {{ .Values.route.wildcardPolicy }} -{{- end }} diff --git a/charts/bcregistry-ui/templates/service.yaml b/charts/bcregistry-ui/templates/service.yaml deleted file mode 100755 index 24c62e5d..00000000 --- a/charts/bcregistry-ui/templates/service.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "bcregistry-ui.fullname" . }} - labels: - {{- include "bcregistry-ui.labels" . | nindent 4 }} -spec: - type: {{ .Values.service.type }} - ports: - - port: {{ .Values.service.port }} - targetPort: {{ .Values.service.targetPort }} - protocol: {{ .Values.service.protocol }} - name: "{{ include "bcregistry-ui.fullname" . }}-{{ lower .Values.service.protocol }}" - selector: - {{- include "bcregistry-ui.selectorLabels" . | nindent 4 }} diff --git a/charts/bcregistry-ui/templates/tests/test-connection.yaml b/charts/bcregistry-ui/templates/tests/test-connection.yaml deleted file mode 100755 index 402940e6..00000000 --- a/charts/bcregistry-ui/templates/tests/test-connection.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: "{{ include "bcregistry-ui.fullname" . }}-test-connection" - labels: - {{- include "bcregistry-ui.labels" . | nindent 4 }} - annotations: - "helm.sh/hook": test-success -spec: - containers: - - name: wget - image: busybox - command: ['wget'] - args: ['{{ include "bcregistry-ui.fullname" . }}:{{ .Values.service.port }}'] - restartPolicy: Never diff --git a/charts/bcregistry-ui/values.yaml b/charts/bcregistry-ui/values.yaml deleted file mode 100755 index a4871334..00000000 --- a/charts/bcregistry-ui/values.yaml +++ /dev/null @@ -1,105 +0,0 @@ -# Default values for bcregistry-ui. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -environment: "dev" -role: "ui" - -image: - repository: "image-registry.openshift-image-registry.svc:5000" - namespace: "73c567-tools" - pullPolicy: "IfNotPresent" - pullSecrets: - - name: artifactory-creds - digest: "sha256:953e89d9882cf710750ee760e557d8b49381691fe6bee0bbe9675de1c6679b6e" - tag: "dev" - -ports: - containerPort: 8080 - protocol: TCP - -resources: {} - -replicas: 1 - -revisionHistoryLimit: 10 - -livenessProbe: - httpGet: - path: / - port: http - scheme: HTTP - initialDelaySeconds: 3 - timeoutSeconds: 1 - periodSeconds: 10 - successThreshold: 1 - failureThreshold: 3 - -readinessProbe: - httpGet: - path: / - port: http - scheme: HTTP - initialDelaySeconds: 3 - timeoutSeconds: 30 - periodSeconds: 10 - successThreshold: 1 - failureThreshold: 3 - -podAnnotations: {} - -podSecurityContext: {} - -securityContext: {} - -args: {} - -env: - {} - # SOME_ENV_VAR: - # value: "var2" - # secure: false - # SOME_SEC_ENV_VAR: - # value: "var" - # secure: true - -envFrom: - secretRef: false - configMapRef: true - -service: - type: ClusterIP - port: 8080 - targetPort: 8080 - protocol: TCP - -route: - create: true - annotations: - {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - # haproxy.router.openshift.io/ip_whitelist: '' - # haproxy.router.openshift.io/timeout: 900s - routerCanonicalHostname: apps.silver.devops.gov.bc.ca - path: "" - service: {} - wildcardPolicy: None - tls: {} - -autoscaling: - # Specifies whether the autoscaling should be created - create: true - minReplicas: 1 - maxReplicas: 1 - targetCPUUtilizationPercentage: 80 - # targetMemoryUtilizationPercentage: 80 - -serviceAccount: - # Specifies whether a service account should be created - create: false - # Annotations to add to the service account - annotations: {} - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: "" diff --git a/cloud-functions/deployment-notification/.gcloudignore b/cloud-functions/deployment-notification/.gcloudignore deleted file mode 100644 index 1f20034a..00000000 --- a/cloud-functions/deployment-notification/.gcloudignore +++ /dev/null @@ -1,18 +0,0 @@ -# This file specifies files that are *not* uploaded to Google Cloud -# using gcloud. It follows the same syntax as .gitignore, with the addition of -# "#!include" directives (which insert the entries of the given .gitignore-style -# file at that point). -# -# For more information, run: -# $ gcloud topic gcloudignore -# -.gcloudignore -# If you would like to upload your .git directory, .gitignore file or files -# from your .gitignore file, remove the corresponding line -# below: -.git -.gitignore - -node_modules -.history -venv \ No newline at end of file diff --git a/cloud-functions/deployment-notification/README.md b/cloud-functions/deployment-notification/README.md deleted file mode 100644 index 238a354c..00000000 --- a/cloud-functions/deployment-notification/README.md +++ /dev/null @@ -1,8 +0,0 @@ -gcloud functions deploy deployment-notification \ ---gen2 \ ---runtime=python311 \ ---region=northamerica-northeast1 \ ---source=. \ ---entry-point=subscribe \ ---trigger-topic=clouddeploy-operations \ ---no-allow-unauthenticated \ No newline at end of file diff --git a/cloud-functions/deployment-notification/main.py b/cloud-functions/deployment-notification/main.py deleted file mode 100644 index 2a101db9..00000000 --- a/cloud-functions/deployment-notification/main.py +++ /dev/null @@ -1,83 +0,0 @@ -import base64 - -from cloudevents.http import CloudEvent -import functions_framework - - -# Triggered from a message on a Cloud Pub/Sub topic. -@functions_framework.cloud_event -def subscribe(cloud_event: CloudEvent) -> None: - """ """ - # Print out the data from Pub/Sub, to prove that it worked - print( - cloud_event.data["message"] - ) - -@functions_framework.cloud_event -def send_to_teams(cloud_event: CloudEvent) -> None: - # Extract the Pub/Sub message data. - print(event) - pubsub_data = json.loads(name) - - # Define your Microsoft Teams webhook URL here. - teams_webhook_url = ("Your_MS_Teams_Webhook URL") - - headers = { - 'Content-Type': "application/json", - } - - # Extracts the values from json object - title = pubsub_data['finding']['category'] - Severity = pubsub_data['finding']['severity'] - Resource = pubsub_data['finding']['resourceName'] - Description = pubsub_data['finding']['description'] - Project_Name = pubsub_data['resource']['projectDisplayName'] - Explanation = pubsub_data['finding']['sourceProperties']['Explanation'] - externalUri = pubsub_data['finding']['externalUri'] - - message = { - "@type": "MessageCard", - "@context": "http://schema.org/extensions", - "themeColor": "0076D7", - "summary": title, - "sections": [{ - "activityTitle": title, - "facts": [{ - "name": "Resource:", - "value": Resource - }, { - "name": "Severity:", - "value": Severity - - }, - { - "name": "Description:", - "value": Description - }, - { - "name": "Project_Name:", - "value": Project_Name - }, - { - "name": "Explanation:", - "value": Explanation - }], - "markdown": True - }], - "potentialAction": [{ - "@type": "OpenUri", - "name": "Learn More", - "targets": [{ - "os": "default", - "uri": externalUri - }] - }] - } - - # Send the message to Microsoft Teams. - response = requests.post(teams_webhook_url, data=json.dumps(message),headers=headers) - - if response.status_code == 200: - print("Message sent to Teams successfully.") - else: - print(f"Error sending message to Teams: {response.text}") \ No newline at end of file diff --git a/cloud-functions/deployment-notification/main_test.py b/cloud-functions/deployment-notification/main_test.py deleted file mode 100644 index add250d8..00000000 --- a/cloud-functions/deployment-notification/main_test.py +++ /dev/null @@ -1,36 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the 'License'); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an 'AS IS' BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -import base64 - -import pytest - -import main - - -def test_functions_pubsub_subscribe_should_print_message( - capsys: pytest.CaptureFixture, -) -> None: - event = type("cloudevent", (object,), {"attributes": {}, "data": {}}) - - event.data = { - "message": { - "data": base64.b64encode(b"world"), - } - } - - main.subscribe(event) - - out, _ = capsys.readouterr() - assert "Hello, world!" in out \ No newline at end of file diff --git a/cloud-functions/deployment-notification/requirements-test.txt b/cloud-functions/deployment-notification/requirements-test.txt deleted file mode 100644 index e69de29b..00000000 diff --git a/cloud-functions/deployment-notification/requirements.txt b/cloud-functions/deployment-notification/requirements.txt deleted file mode 100644 index 083b08e3..00000000 --- a/cloud-functions/deployment-notification/requirements.txt +++ /dev/null @@ -1 +0,0 @@ -functions-framework==3.8.1 diff --git a/composite-actions/api-cd/action.yaml b/composite-actions/api-cd/action.yaml deleted file mode 100644 index d845c200..00000000 --- a/composite-actions/api-cd/action.yaml +++ /dev/null @@ -1,97 +0,0 @@ -name: "BC Registries Apps CD action" -author: "Patrick Wei" -description: "CD for BC Registries Apps" -inputs: - WORKING_DIRECTORY: - description: "The application directory" - required: true - TAG_NAME: - description: "The application running environment" - required: true - LOGIN_REGISTRY: - description: "The login registry" - required: true - DOCKER_REGISTRY: - description: "The docker registry" - required: true - SA_NAME: - description: "The service account name" - required: true - SA_TOKEN: - description: "The service account token" - required: true - REPOSITORY: - description: "The application repository" - required: true - OPS_REPOSITORY: - description: "The ops repository" - required: true - GITOPS_REPOSITORY: - description: "The gitops repository" - required: true - GITOPS_REPOSITORY_DEPLOY_KEY: - description: "The gitops repository deploy key" - required: true - GITOPS_WORKING_DIRECTORY: - description: "The gitops repository directory" - required: true - -runs: - using: "composite" - steps: - - name: Login Openshift - shell: bash - run: | - oc login --server=${{inputs.LOGIN_REGISTRY}} --token=${{inputs.SA_TOKEN}} - - - name: Push Image to Repo - id: imagePushing - shell: bash - working-directory: ${{inputs.WORKING_DIRECTORY}} - env: - OPS_REPOSITORY: ${{ inputs.OPS_REPOSITORY }} - OPENSHIFT_DOCKER_REGISTRY: ${{ inputs.DOCKER_REGISTRY }} - OPENSHIFT_SA_NAME: ${{ inputs.SA_NAME }} - OPENSHIFT_SA_TOKEN: ${{ inputs.SA_TOKEN }} - OPENSHIFT_REPOSITORY: ${{ inputs.REPOSITORY }} - TAG_NAME: ${{ env.TAG_NAME }} - run: | - make cd - make get-imagesha - - - name: Update Version - id: updateVersion - shell: bash - working-directory: ${{inputs.WORKING_DIRECTORY}} - env: - TAG_NAME: ${{ env.TAG_NAME }} - IMAGE_SHA: ${{ steps.imagePushing.outputs.imagesha }} - run: | - make update-version - - # Update the image ID in the manifest repository used by Argo CD. - # We need to use the SSH deploy key to check out the manifest repo, set up - # Kustomize in the runner, update the image ID, commit the change, and - # push the changes back to the manifest repository. - # ------------------------------------------------------------------------ - - name: Prepare deploy key - uses: webfactory/ssh-agent@v0.9.0 - with: - ssh-private-key: ${{ inputs.GITOPS_REPOSITORY_DEPLOY_KEY }} - - - name: Check out manifest repo - uses: actions/checkout@v4 - with: - ssh-key: ${{ inputs.GITOPS_REPOSITORY_DEPLOY_KEY }} - repository: ${{ inputs.GITOPS_REPOSITORY }} - - - name: Update image ID and commit change - shell: bash - working-directory: ${{inputs.GITOPS_WORKING_DIRECTORY}} - run: | - ls -l - yq eval '.bcregistry-api.image.digest = "${{ steps.imagePushing.outputs.imagesha }}"' -i values-${{ env.TAG_NAME }}.yaml - git config --local user.email "action@github.com" - git config --local user.name "GitHub Action" - git commit -am "Update image ID for ${{ env.TAG_NAME }}" - git push origin diff --git a/composite-actions/ui-cd/action.yaml b/composite-actions/ui-cd/action.yaml deleted file mode 100644 index 42a4f35f..00000000 --- a/composite-actions/ui-cd/action.yaml +++ /dev/null @@ -1,63 +0,0 @@ -name: "BC Registries UI Apps CD action" -author: "Patrick Wei" -description: "CD for BC Registries UI Apps" -inputs: - WORKING_DIRECTORY: - description: "The application directory" - required: true - OP_CONNECT_HOST: - description: "1password connect server url" - required: true - OP_CONNECT_TOKEN: - description: "1password connect server token" - required: true - APP_ENV: - description: "The application running environment" - required: true - -runs: - using: "composite" - steps: - # Get environment variables from 1password - - name: Setup .env file - working-directory: ${{inputs.WORKING_DIRECTORY}} - env: - OP_CONNECT_HOST: ${{ secrets.OP_CONNECT_URL }} - OP_CONNECT_TOKEN: ${{ secrets.OP_CONNECT_TOKEN }} - APP_ENV: dev-new - run: | - curl -sSfo op.zip \ - https://cache.agilebits.com/dist/1P/op2/pkg/v2.0.0/op_linux_amd64_v2.0.0.zip \ - && unzip -od /usr/local/bin/ op.zip \ - && rm op.zip ;\ - op inject -i ./devops/vaults.env -o .env -f - - - id: 'auth' - name: 'Authenticate to Google Cloud' - uses: 'google-github-actions/auth@v2' - with: - workload_identity_provider: ${{ secrets.WORKLOAD_IDENTIFY_POOLS_PROVIDER }} - service_account: ${{ secrets.GCLOUD_SERVICE_ACCOUNT }} - - # Setup gcloud CLI - - name: Set up Cloud SDK - uses: google-github-actions/setup-gcloud@v2 - - # Build and push image to Google Container Registry - - name: Build - working-directory: ${{inputs.WORKING_DIRECTORY}} - run: |- - gcloud builds submit \ - --config \ - --./devops/cloudbuild-cd.yaml - - - name: Set git tag format - datetime.short-sha - id: customtag - run: echo "tag=`date +'%Y%m%d%H%M'`.`git rev-parse --short ${{ github.sha }}`" >> $GITHUB_OUTPUT - - - name: Add git tag - uses: mathieudutour/github-tag-action@v6.2 - with: - github_token: ${{ secrets.GITHUB_TOKEN }} - custom_tag: ${{ steps.customtag.outputs.tag }} - tag_prefix: ${{ env.TAG_NAME }}. diff --git a/disaster-recovery-plan/Application-recovery.md b/disaster-recovery-plan/Application-recovery.md deleted file mode 100644 index e69de29b..00000000 diff --git a/disaster-recovery-plan/Database-recovery.md b/disaster-recovery-plan/Database-recovery.md deleted file mode 100644 index e69de29b..00000000 diff --git a/disaster-recovery-plan/README.md b/disaster-recovery-plan/README.md deleted file mode 100644 index 1a614c6e..00000000 --- a/disaster-recovery-plan/README.md +++ /dev/null @@ -1,18 +0,0 @@ -[![img](https://img.shields.io/badge/Lifecycle-Experimental-339999)](https://github.com/bcgov/repomountie/blob/master/doc/lifecycle-badges.md) - ---- -description: BC Registries and Online Services Diaster Recovery Plan -ignore: true ---- - -## About - -The IT Recovery Plan is a supporting document to BC Registries’ Business Continuity Plan. It defines the preventative controls, recovery strategies and contingency plan to restore a damaged system. - -### Database - - -### Vanity URL - - -### Application diff --git a/disaster-recovery-plan/Vanity-URL-recovery.md b/disaster-recovery-plan/Vanity-URL-recovery.md deleted file mode 100644 index ba3fe17a..00000000 --- a/disaster-recovery-plan/Vanity-URL-recovery.md +++ /dev/null @@ -1,12 +0,0 @@ -# Purpose: -The IT Recovery Plan is a supporting document to BC Registries’ Business Continuity Plan. It defines the preventative controls, recovery strategies and contingency plan to restore a damaged system. -# Scope -## Vanity URL list - -(dev/test/www).bcregistry.ca/business -(dev/test/www).bcregistry.ca/directorsearch -(dev/test/www).bcregistry.ca/home -(dev/test/www).bcregistry.ca/namerequest -(dev/test/www).bcregistry.ca/ppr - -# Recovery strategies diff --git a/gcp/iam/ba.sh b/gcp/iam/ba.sh new file mode 100755 index 00000000..8dbf64f9 --- /dev/null +++ b/gcp/iam/ba.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +declare -a users=("") + +declare -a projects=("a083gt" "bcrbk9" "c4hnrd" "eogruh" "gtksf3" "k973yf" "keee67" "okagqp" "sbgmug" "yfjq17" "yfthig") + +declare -a environments=("test" "tools" "prod" "integration" "sandbox") +declare -a roles=("ba") + +for user in "${users[@]}" +do + echo "user: $user" + for ev in "${environments[@]}" + do + for ns in "${projects[@]}" + do + echo "project: $ns-$ev" + PROJECT_ID=$ns-$ev + + if [[ -n $(gcloud projects describe "${PROJECT_ID}" --verbosity=none) ]]; then + gcloud config set project "${PROJECT_ID}" + + for ro in "${roles[@]}" + do + ROLE_NAME="role$ro" + FULL_ROLE_NAME="projects/${PROJECT_ID}/roles/$ROLE_NAME" + ROLE_FILE="role-$ro.yaml" + + echo "role: $ROLE_NAME" + + # create/update developer role + if [[ -z $(gcloud iam roles describe "$ROLE_NAME" --project="${PROJECT_ID}" --verbosity=none) ]]; then + gcloud iam roles create "$ROLE_NAME" --quiet --project="${PROJECT_ID}" --file="$ROLE_FILE" + else + gcloud iam roles update "$ROLE_NAME" --quiet --project="${PROJECT_ID}" --file="$ROLE_FILE" + fi + + gcloud projects add-iam-policy-binding "$PROJECT_ID" \ + --member "user:$user" \ + --role="$FULL_ROLE_NAME" \ + --condition=None --verbosity=none --quiet + done + fi + done + done +done \ No newline at end of file diff --git a/gcp/iam/cd.sh b/gcp/iam/cd.sh index de43716e..4c80558b 100755 --- a/gcp/iam/cd.sh +++ b/gcp/iam/cd.sh @@ -17,43 +17,34 @@ do PROJECT_NUMBER=`gcloud projects list --filter="$(gcloud config get-value project)" --format="value(PROJECT_NUMBER)"` - ROLE_NAME="$service" + ROLE_NAME="role$service" SA_FULL_NAME="${PROJECT_NUMBER}-compute@developer.gserviceaccount.com" SA_ROLE="projects/${PROJECT_ID}/roles/$ROLE_NAME" # create/update service account - if [[ -z `gcloud iam roles describe $ROLE_NAME --project=${PROJECT_ID} --verbosity=none` ]]; then + gcloud iam roles describe $ROLE_NAME --project=${PROJECT_ID} --verbosity=none + if [ $? -eq 1 ]; then gcloud iam roles create $ROLE_NAME --quiet --project=${PROJECT_ID} --file=role-$service.yaml else gcloud iam roles update $ROLE_NAME --quiet --project=${PROJECT_ID} --file=role-$service.yaml fi # role binding - gcloud projects add-iam-policy-binding ${PROJECT_ID} \ - --member="serviceAccount:$SA_FULL_NAME" \ - --role="$SA_ROLE" + gcloud projects add-iam-policy-binding ${PROJECT_ID} --condition=None --member="serviceAccount:$SA_FULL_NAME" --role="$SA_ROLE" # role binding - default cloud run service account - gcloud projects add-iam-policy-binding ${PROJECT_ID} \ - --member="serviceAccount:331250273634-compute@developer.gserviceaccount.com" \ - --role="$SA_ROLE" + gcloud projects add-iam-policy-binding ${PROJECT_ID} --condition=None --member="serviceAccount:331250273634-compute@developer.gserviceaccount.com" --role="$SA_ROLE" # role binding - default cloud build service account - gcloud projects add-iam-policy-binding ${PROJECT_ID} \ - --member="serviceAccount:331250273634@cloudbuild.gserviceaccount.com" \ - --role="$SA_ROLE" + gcloud projects add-iam-policy-binding ${PROJECT_ID} --condition=None --member="serviceAccount:331250273634@cloudbuild.gserviceaccount.com" --role="$SA_ROLE" # role binding - default cloud run robot service account SA_ROBOT_FULL_NAME="service-${PROJECT_NUMBER}@serverless-robot-prod.iam.gserviceaccount.com" - gcloud projects add-iam-policy-binding ${PROJECT_ID} \ - --member="serviceAccount:$SA_ROBOT_FULL_NAME" \ - --role="$SA_ROLE" + gcloud projects add-iam-policy-binding ${PROJECT_ID} --condition=None --member="serviceAccount:$SA_ROBOT_FULL_NAME" --role="$SA_ROLE" # role binding - default cloud run robot service account in cloud deploy project SA_DEPLOY_ROLE="projects/c4hnrd-tools/roles/$ROLE_NAME" - gcloud projects add-iam-policy-binding c4hnrd-tools \ - --member="serviceAccount:$SA_ROBOT_FULL_NAME" \ - --role="$SA_DEPLOY_ROLE" + gcloud projects add-iam-policy-binding c4hnrd-tools --condition=None --member="serviceAccount:$SA_ROBOT_FULL_NAME" --role="$SA_DEPLOY_ROLE" fi done done \ No newline at end of file diff --git a/gcp/iam/role-ba.yaml b/gcp/iam/role-ba.yaml new file mode 100644 index 00000000..e7d9d8c8 --- /dev/null +++ b/gcp/iam/role-ba.yaml @@ -0,0 +1,16 @@ +title: "Role BA" +description: "Role for Business Analyst." +stage: "GA" +includedPermissions: +- resourcemanager.projects.get +- serviceusage.services.list +- cloudsql.databases.get +- cloudsql.databases.list +- cloudsql.instances.get +- cloudsql.instances.list +- cloudsql.instances.connect +- cloudsql.instances.executeSql +- cloudsql.users.get +- cloudsql.users.list +- cloudsql.backupRuns.get +- cloudsql.backupRuns.list \ No newline at end of file diff --git a/gcp/iam/role-cdcloudrun.yaml b/gcp/iam/role-cdcloudrun.yaml index b3b67711..564ab3cd 100644 --- a/gcp/iam/role-cdcloudrun.yaml +++ b/gcp/iam/role-cdcloudrun.yaml @@ -1,5 +1,5 @@ title: "CD Cloud Run" -description: "Role for cloud run CD flow." +description: "Role for cloud run CD flow (new)." stage: "GA" includedPermissions: - resourcemanager.projects.get @@ -28,4 +28,8 @@ includedPermissions: - run.routes.list - run.routes.invoke - cloudsql.instances.connect -- cloudsql.instances.get \ No newline at end of file +- cloudsql.instances.get +- cloudscheduler.jobs.create +- cloudscheduler.jobs.delete +- cloudscheduler.jobs.get +- cloudscheduler.jobs.list \ No newline at end of file