Merge pull request #31 from TimCsaky/gh

Helm charts and GitHub actions

.github/actions/deploy-to-environment/action.yaml

@@ -0,0 +1,59 @@
+name: Deploy to Environment
+description: Deploys an image to the defined environment
+inputs:
+  app_name:
+    description: Application general Name
+    required: true
+  acronym:
+    description: Application acronym
+    required: true
+  environment:
+    description: Logical Github Environment
+    required: true
+  job_name:
+    description: Job/Instance name
+    required: true
+  namespace_prefix:
+    description: Openshift Namespace common prefix
+    required: true
+  namespace_environment:
+    description: Openshift Namespace environment suffix
+    required: true
+  openshift_server:
+    description: Openshift API Endpoint
+    required: true
+  openshift_token:
+    description: Openshift Service Account Token
+    required: true
+
+runs:
+  using: composite
+  steps:
+    - name: Checkout repository
+      uses: actions/checkout@v3
+
+    - name: Login to OpenShift Cluster
+      uses: redhat-actions/oc-login@v1
+      with:
+        openshift_server_url: ${{ inputs.openshift_server }}
+        openshift_token: ${{ inputs.openshift_token }}
+        insecure_skip_tls_verify: true
+        namespace: ${{ inputs.namespace_prefix }}-${{ inputs.namespace_environment }}
+
+    - name: Helm Deploy
+      shell: bash
+      run: >-
+        helm upgrade --install --atomic ${{ inputs.job_name }} ${{ inputs.app_name }}
+        --namespace ${{ inputs.namespace_prefix }}-${{ inputs.namespace_environment }}
+        --repo https://bcgov.github.io/${{ inputs.app_name }}
+        --values ./.github/environments/values.${{ inputs.environment }}.yaml
+        --set image.repository=ghcr.io/${{ github.repository_owner }}
+        --set image.tag=sha-$(git rev-parse --short HEAD)
+        --set route.host=${{ inputs.acronym }}-${{ inputs.namespace_environment }}-${{ inputs.job_name }}.apps.silver.devops.gov.bc.ca
+        --timeout 10m
+        --wait
+
+    - name: Wait on Deployment
+      shell: bash
+      run: |
+        oc rollout --namespace ${{ inputs.namespace_prefix }}-${{ inputs.namespace_environment }} status dc/${{ inputs.app_name }}-${{ inputs.job_name }} --watch=true

.github/environments/values.dev.yaml

@@ -0,0 +1,16 @@
+---
+config:
+  enabled: true
+  configMap:
+    FRONTEND_KC_CLIENTID: ches-showcase-frontend-4105
+    FRONTEND_KC_REALM: standard
+    FRONTEND_KC_SERVERURL: https://dev.loginproxy.gov.bc.ca/auth
+    # FRONTEND_DASHBOARDURL: https://ches-metabase.apps.silver.devops.gov.bc.ca/public/dashboard/6f388f95-dba7-4632-be4c-8855ee645f31
+    SERVER_KC_PUBLICKEY: MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuy7zfh2ZgpDV5mH/aXyLDTddZK81rGakJcTy4KvCNOkDDxt1KAhW02lmbCo8YhHCOzjNZBp1+Vi6QiMRgBqAe2GTPZYEiV70aXfROGZe3Nvwcjbtki6HoyRte3SpqLJEIPL2F+hjJkw1UPGnjPTWZkEx9p74b9i3BjuE8RnjJ0Sza2MWw83zoQUZEJRGiopSL0yuVej6t2LO2btVdVf7QuZfPt9ehkcQYlPKpVvJA+pfeqPAdnNt7OjEIeYxinjurZr8Z04hz8UhkRefcWlSbFzFQYmL7O7iArjW0bsSvq8yNUd5r0KCOQkFduwZy26yTzTxj8OLFT91fEmbBBl4rQIDAQAB
+    SERVER_KC_REALM: standard
+    SERVER_KC_SERVERURL: https://dev.loginproxy.gov.bc.ca/auth
+    # SERVER_LOGFILE: ./app.log
+    SERVER_LOGLEVEL: http
+    SERVER_PORT: "8080"
+    SC_CHES_ENDPOINT: https://ches-dev.api.gov.bc.ca/api
+    SC_CS_TOKEN_ENDPOINT: https://dev.loginproxy.gov.bc.ca/auth/realms/comsvcauth/protocol/openid-connect/token

.github/environments/values.pr.yaml

@@ -0,0 +1 @@
+---

.github/environments/values.prod.yaml

@@ -0,0 +1,16 @@
+---
+config:
+  enabled: true
+  configMap:
+    FRONTEND_KC_CLIENTID: ches-showcase-frontend-4105
+    FRONTEND_KC_REALM: standard
+    FRONTEND_KC_SERVERURL: https://loginproxy.gov.bc.ca/auth
+    # FRONTEND_DASHBOARDURL: https://ches-metabase.apps.silver.devops.gov.bc.ca/public/dashboard/6f388f95-dba7-4632-be4c-8855ee645f31
+    SERVER_KC_PUBLICKEY: MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmHiuPKOkpkq4GXN1ktr23rJtDl6Vdu/Y37ZAd3PnQ8/IDfAODvy1Y81aAUZicKe9egolv+OTRANN3yOg+TAbRhkeXLE5p/473EK0aQ0NazTCuWo6Am3oDQ7Yt8x0pw56/qcLtkTuXNyo5EnVV2Z2BzCnnaL31JOhyitolku0DNT6GDoRBmT4o2ItqEVHk5nM25cf1t2zbwI2790W6if1B2qVRkxxivS8tbH7nYC61Is3XCPockKptkH22cm2ZQJmtYd5sZKuXaGsvtyzHmn8/l0Kd1xnHmUu4JNuQ67YiNZGu3hOkrF0Js3BzAk1Qm4kvYRaxbJFCs/qokLZ4Z0W9wIDAQAB
+    SERVER_KC_REALM: standard
+    SERVER_KC_SERVERURL: https://loginproxy.gov.bc.ca/auth
+    # SERVER_LOGFILE: ./app.log
+    SERVER_LOGLEVEL: http
+    SERVER_PORT: "8080"
+    SC_CHES_ENDPOINT: https://ches.api.gov.bc.ca/api
+    SC_CS_TOKEN_ENDPOINT: https://loginproxy.gov.bc.ca/auth/realms/comsvcauth/protocol/openid-connect/token

.github/environments/values.test.yaml

@@ -0,0 +1,16 @@
+---
+config:
+  enabled: true
+  configMap:
+    FRONTEND_KC_CLIENTID: ches-showcase-frontend-4105
+    FRONTEND_KC_REALM: standard
+    FRONTEND_KC_SERVERURL: https://test.loginproxy.gov.bc.ca/auth
+    # FRONTEND_DASHBOARDURL: https://ches-metabase.apps.silver.devops.gov.bc.ca/public/dashboard/6f388f95-dba7-4632-be4c-8855ee645f31
+    SERVER_KC_PUBLICKEY: MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiFdv9GA83uHuy8Eu9yiZHGGF9j6J8t7FkbcpaN81GDjwbjsIJ0OJO9dKRAx6BAtTC4ubJTBJMPvQER5ikOhIeBi4o25fg61jpgsU6oRZHkCXc9gX6mrjMjbsPaf3/bjjYxP5jicBDJQeD1oRa24+tiGggoQ7k6gDEN+cRYqqNpzC/GQbkUPk8YsgroncEgu8ChMh/3ERsLV2zorchMANUq76max16mHrhtWIQxrb/STpSt4JuSlUzzBV/dcXjJe5gywZHe0jAutFhNqjHzHdgyaC4RAd3eYQo+Kl/JOgy2AZrnx+CiPmvOJKe9tAW4k4H087ng8aVE40v4HW/FEbnwIDAQAB
+    SERVER_KC_REALM: standard
+    SERVER_KC_SERVERURL: https://test.loginproxy.gov.bc.ca/auth
+    # SERVER_LOGFILE: ./app.log
+    SERVER_LOGLEVEL: http
+    SERVER_PORT: "8080"
+    SC_CHES_ENDPOINT: https://ches-test.api.gov.bc.ca/api
+    SC_CS_TOKEN_ENDPOINT: https://test.loginproxy.gov.bc.ca/auth/realms/comsvcauth/protocol/openid-connect/token

.github/workflows/charts-release.yaml

@@ -0,0 +1,27 @@
+name: Release Charts
+
+on:
+  push:
+    paths:
+      - 'charts/**'
+    branches:
+      - master
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - name: Configure Git
+        run: |
+          git config user.name "$GITHUB_ACTOR"
+          git config user.email "[email protected]"
+
+      - name: Run chart-releaser
+        uses: helm/[email protected]
+        env:
+          CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"

.github/workflows/codeql-analysis.yaml

@@ -0,0 +1,74 @@
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+# ******** NOTE ********
+# We have attempted to detect the languages in your repository. Please check
+# the `language` matrix defined below to confirm you have the correct set of
+# supported CodeQL languages.
+#
+---
+name: "CodeQL"
+
+on:
+  push:
+    branches:
+      - master
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches:
+      - master
+  schedule:
+    - cron: "38 6 * * 5"
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language:
+          - javascript
+        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
+        # Learn more about CodeQL language support at https://git.io/codeql-language-support
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      # Initializes the CodeQL tools for scanning.
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v2
+        with:
+          languages: ${{ matrix.language }}
+          # If you wish to specify custom queries, you can do so here or in a config file.
+          # By default, queries listed here will override any specified in a config file.
+          # Prefix the list here with "+" to use these queries and those in the config file.
+          # queries: ./path/to/local/query, your-org/your-repo/queries@main
+
+      # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
+      # If this step fails, then you should remove it and run the build manually (see below)
+      - name: Autobuild
+        uses: github/codeql-action/autobuild@v2
+
+      # ℹ️ Command-line programs to run using the OS shell.
+      # 📚 https://git.io/JvXDl
+
+      # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
+      #    and modify them (or add more) to build your code if your project
+      #    uses a compiled language
+
+      #- run: |
+      #   make bootstrap
+      #   make release
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v2

.github/workflows/on-pr-closed.yaml

@@ -0,0 +1,53 @@
+name: Pull Request Closed
+
+env:
+  ACRONYM: chess
+  APP_NAME: common-hosted-email-service-showcase
+  NAMESPACE_PREFIX: 10d873
+
+on:
+  pull_request:
+    branches:
+      - master
+    types:
+      - closed
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  remove-pr-dev:
+    name: Remove PR build from dev namespace
+    if: "! github.event.pull_request.head.repo.fork"
+    environment:
+      name: pr
+      url: https://${{ env.ACRONYM }}-dev-pr-${{ github.event.number }}.apps.silver.devops.gov.bc.ca
+    runs-on: ubuntu-latest
+    timeout-minutes: 12
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v3
+    - name: Login to OpenShift Cluster
+      uses: redhat-actions/oc-login@v1
+      with:
+        openshift_server_url: ${{ secrets.OPENSHIFT_SERVER }}
+        openshift_token: ${{ secrets.OPENSHIFT_TOKEN }}
+        insecure_skip_tls_verify: true
+        namespace: ${{ env.NAMESPACE_PREFIX }}-dev
+    - name: Remove PR Deployment
+      shell: bash
+      run: |
+        helm uninstall --namespace ${{ env.NAMESPACE_PREFIX }}-dev pr-${{ github.event.number }} --timeout 10m --wait
+        oc delete --namespace ${{ env.NAMESPACE_PREFIX }}-dev cm,secret --selector app.kubernetes.io/instance=pr-${{ github.event.number }}
+    - name: Remove Release Comment on PR
+      uses: marocchino/sticky-pull-request-comment@v2
+      with:
+        header: release
+        delete: true
+    - name: Remove Github Deployment Environment
+      uses: strumwolf/delete-deployment-environment@v2
+      with:
+        environment: pr
+        onlyRemoveDeployments: true
+        token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/on-pr-opened.yaml

@@ -0,0 +1,66 @@
+name: Pull Request Opened
+
+env:
+  ACRONYM: chess
+  APP_NAME: common-hosted-email-service-showcase
+  NAMESPACE_PREFIX: 10d873
+
+on:
+  pull_request:
+    branches:
+      - master
+    types:
+      - opened
+      - reopened
+      - synchronize
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  build:
+    name: Build & Push
+    if: "! github.event.pull_request.head.repo.fork"
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+      - name: Build & Push
+        uses: ./.github/actions/build-push-container
+        with:
+          context: .
+          image_name: ${{ env.APP_NAME }}
+          github_username: ${{ github.repository_owner }}
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+
+  deploy-pr-dev:
+    name: Deploy Pull Request to Dev
+    environment:
+      name: pr
+      url: https://${{ env.ACRONYM }}-dev-pr-${{ github.event.number }}.apps.silver.devops.gov.bc.ca
+    runs-on: ubuntu-latest
+    needs: build
+    timeout-minutes: 12
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+      - name: Deploy to Dev
+        uses: ./.github/actions/deploy-to-environment
+        with:
+          app_name: ${{ env.APP_NAME }}
+          acronym: ${{ env.ACRONYM }}
+          environment: pr
+          job_name: pr-${{ github.event.number }}
+          namespace_prefix: ${{ env.NAMESPACE_PREFIX }}
+          namespace_environment: dev
+          openshift_server: ${{ secrets.OPENSHIFT_SERVER }}
+          openshift_token: ${{ secrets.OPENSHIFT_TOKEN }}
+      - name: Release Comment on PR
+        uses: marocchino/sticky-pull-request-comment@v2
+        if: success()
+        with:
+          header: release
+          message: |
+            Release ${{ github.sha }} deployed at <https://${{ env.ACRONYM }}-dev-pr-${{ github.event.number }}.apps.silver.devops.gov.bc.ca>

charts/chess/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

charts/chess/Chart.yaml

@@ -0,0 +1,37 @@
+apiVersion: v2
+name: common-hosted-email-service-showcase
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.0.1
+kubeVersion: ">= 1.13.0"
+description: A Showcase application to demonstrate features of the Common Document Generation Service
+# A chart can be either an 'application' or a 'library' chart.
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+keywords:
+  - nodejs
+  - javascript
+  - docker
+  - microservice
+  - email
+  - vue
+home: https://bcgov.github.io/common-hosted-email-service-showcase
+sources:
+  - https://github.com/bcgov/common-hosted-email-service-showcase
+dependencies: []
+maintainers:
+  - name: NR Common Service Showcase Team
+    email: [email protected]
+    url: https://bcgov.github.io/common-service-showcase/team.html
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "1.0.0"
+deprecated: false
+annotations: {}