bcgov · barrfalk · Dec 8, 2023 · Dec 12, 2023 · Dec 13, 2023 · Dec 13, 2023
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
diff --git a/.github/workflows/.deploy.yml b/.github/workflows/.deploy.yml
@@ -0,0 +1,132 @@
+name: .Deploys
+
+on:
+  workflow_call:
+    inputs:
+      ### Required
+      release:
+        description: Deployment release; usually PR number, test or prod
+        required: true
+        type: string
+
+      ### Typical / recommended
+      autoscaling:
+        description: Autoscaling enabled or not for the deployments
+        required: false
+        type: string
+        default: true
+      environment:
+        description: Environment name; omit for PRs
+        required: false
+        type: string
+      tag:
+        description: Container tag; usually PR number
+        required: false
+        type: string
+        default: ${{ github.event.number }}
+      triggers:
+        description: Paths to trigger a deploy; omit=always; e.g. ('backend/' 'frontend/')
+        required: false
+        type: string
+
+      ### Usually a bad idea / not recommended
+      directory:
+        description: 'Chart directory'
+        default: 'charts/${{ github.event.repository.name }}'
+        required: false
+        type: string
+      timeout-minutes:
+        description: 'Timeout minutes'
+        default: 10
+        required: false
+        type: number
+      values:
+        description: 'Values file'
+        default: 'values.yaml'
+        required: false
+        type: string
+      params:
+        description: 'Extra parameters to pass to helm upgrade'
+        default: ''
+        required: false
+        type: string
+
+env:
+  repo_release: ${{ github.event.repository.name }}-${{ inputs.release }}
+  package_tag: ${{ inputs.tag }}
+
+jobs:
+  deploys:
+    name: Helm
+    environment: ${{ inputs.environment }}
+    runs-on: ubuntu-22.04
+    timeout-minutes: ${{ inputs.timeout-minutes }}
+    steps:
+      - uses: actions/checkout@v4
+      - name: Check Deployment Triggers
+        id: triggers
+        run: |
+          # Expand for trigger processing
+
+          # Always deploy if no triggers are provided
+          if [ -z "${{ inputs.triggers }}" ]; then
+            echo "Always deploy when no triggers are provided"
+            echo "triggered=true" >> $GITHUB_OUTPUT
+            exit 0
+          fi
+
+          # Deploy if changed files (git diff) match triggers
+          TRIGGERS=${{ inputs.triggers }}
+          git fetch origin ${{ github.event.repository.default_branch }}
+          while read -r check; do
+            for t in "${TRIGGERS[@]}"; do
+              if [[ "${check}" =~ "${t}" ]]; then
+                  echo "Build triggered based on git diff"
+                  echo -e "${t}\n --> ${check}"
+                  echo "triggered=true" >> $GITHUB_OUTPUT
+                  exit 0
+              fi
+            done
+          done < <(git diff origin/${{ github.event.repository.default_branch }} --name-only)
+
+          # If here skip deployment
+          echo "No triggers have fired, deployment skipped"
+
+      - name: Deploy if Triggers Fired
+        if: ${{ steps.triggers.outputs.triggered == 'true' }}
+        working-directory: ${{ inputs.directory }}
+        shell: bash
+        run: |
+          oc login --token=${{ secrets.oc_token }} --server=${{ vars.oc_server }}
+          oc project ${{ vars.OC_NAMESPACE }} # Safeguard!
+
+          # Interrupt any previous jobs (status = pending-upgrade)
+          PREVIOUS=$(helm status ${{ env.repo_release }} -o json | jq .info.status || true)
+          if [[ ${PREVIOUS} =~ pending ]]; then
+            echo "Rollback triggered"
+            helm rollback ${{ env.repo_release }} || \
+              helm uninstall ${{ env.repo_release }}
+          fi
+
+          # Deploy Helm Chart
+          helm dependency update
+          helm package --app-version="${{ env.package_tag }}" --version=${{ inputs.tag }} .
+
+          helm upgrade \
+            --set global.autoscaling=${{ inputs.autoscaling }} \
+            --set-string global.repository=${{ github.repository }} \
+            --set-string global.secrets.databasePassword=${{ secrets.DB_PASSWORD }} \
+            --set-string backend.containers[0].tag="${{ env.package_tag }}" \
+            --set-string backend.initContainers[0].tag="${{ env.package_tag }}" \
+            --set-string frontend.containers[0].tag="${{ env.package_tag }}" \
+            ${{ inputs.params }} \
+            --install --wait --atomic  ${{ env.repo_release }} \
+            --timeout ${{ inputs.timeout-minutes }}m \
+            --values ${{ inputs.values }} \
+            ./${{ github.event.repository.name }}-${{ inputs.tag }}.tgz
+
+          # print history 
+          helm history ${{ env.repo_release }}
+
+          # Remove old build runs, build pods and deployment pods
+          oc delete po --field-selector=status.phase==Succeeded
diff --git a/.github/workflows/.push-helm-chart.yml b/.github/workflows/.push-helm-chart.yml
@@ -0,0 +1,156 @@
+name: .Deploys
+
+on:
+  workflow_call:
+    inputs:
+      ### Required
+      release:
+        description: Deployment release; usually PR number, test or prod
+        required: true
+        type: string
+
+      ### Typical / recommended
+      autoscaling:
+        description: Autoscaling enabled or not for the deployments
+        required: false
+        type: string
+        default: true
+      environment:
+        description: Environment name; omit for PRs
+        required: false
+        type: string
+      tag:
+        description: Container tag; usually PR number
+        required: false
+        type: string
+        default: ${{ github.event.number }}
+      triggers:
+        description: Paths to trigger a deploy; omit=always; e.g. ('backend/' 'frontend/')
+        required: false
+        type: string
+
+      ### Usually a bad idea / not recommended
+      directory:
+        description: 'Chart directory'
+        default: 'charts/${{ github.event.repository.name }}'
+        required: false
+        type: string
+      timeout-minutes:
+        description: 'Timeout minutes'
+        default: 10
+        required: false
+        type: number
+      values:
+        description: 'Values file'
+        default: 'values.yaml'
+        required: false
+        type: string
+      params:
+        description: 'Extra parameters to pass to helm upgrade'
+        default: ''
+        required: false
+        type: string
+
+env:
+  repo_release: ${{ github.event.repository.name }}-${{ inputs.release }}
+  package_tag: ${{ inputs.tag }}
+
+jobs:
+  deploys:
+    name: Helm
+    environment: ${{ inputs.environment }}
+    runs-on: ubuntu-22.04
+    timeout-minutes: ${{ inputs.timeout-minutes }}
+    steps:
+      - uses: actions/checkout@v4
+      - name: Check Deployment Triggers
+        id: triggers
+        run: |
+          # Expand for trigger processing
+
+          # Always deploy if no triggers are provided
+          if [ -z "${{ inputs.triggers }}" ]; then
+            echo "Always deploy when no triggers are provided"
+            echo "triggered=true" >> $GITHUB_OUTPUT
+            exit 0
+          fi
+
+          # Deploy if changed files (git diff) match triggers
+          TRIGGERS=${{ inputs.triggers }}
+          git fetch origin ${{ github.event.repository.default_branch }}
+          while read -r check; do
+            for t in "${TRIGGERS[@]}"; do
+              if [[ "${check}" =~ "${t}" ]]; then
+                  echo "Build triggered based on git diff"
+                  echo -e "${t}\n --> ${check}"
+                  echo "triggered=true" >> $GITHUB_OUTPUT
+                  exit 0
+              fi
+            done
+          done < <(git diff origin/${{ github.event.repository.default_branch }} --name-only)
+
+          # If here skip deployment
+          echo "No triggers have fired, deployment skipped"
+
+      - name: Setup SSH for Target Repository
+        run: |
+          mkdir -p ~/.ssh
+          echo "${{ secrets.MANIFEST_REPO_DEPLOY_KEY }}" > ~/.ssh/id_rsa
+          echo "${{ secrets.MANIFEST_REPO_DEPLOY_KEY_PUB }}" > ~/.ssh/id_rsa.pub
+          chmod 600 ~/.ssh/id_rsa
+          chmod 600 ~/.ssh/id_rsa.pub
+          ssh-keyscan -t rsa github.com >> ~/.ssh/known_hosts
+
+      - name: Setup Git Config
+        run: |
+          git config --global user.name "${{ vars.GLOBAL_USER}}"
+          git config --global user.email "${{ vars.GLOBAL_EMAIL}}"
+
+
+      - name: Clone Target Repository
+        run: |
+          git clone [email protected]:${{ vars.GITOPS_REPO}}.git target-repo
+
+      - name: Copy Helm Chart
+        run: |
+          cp -r ./charts/* target-repo/helm-chart/
+
+      - name: Commit and Push Changes to Target Repository
+        run: |
+          cd target-repo
+          git config user.name "${{ vars.GLOBAL_USER}}"
+          git config user.email "${{ vars.GLOBAL_EMAIL}}"
+
+          # Stash any changes in the working directory
+          git stash --include-untracked
+
+          # Check if the branch exists
+          if git ls-remote --heads origin "update-helm-chart-${{ inputs.tag }}" ; then
+            # If branch exists, just check it out
+            git checkout "update-helm-chart-${{ inputs.tag }}"
+          else
+            # If branch doesn't exist, create a new one
+            git checkout -b "update-helm-chart-${{ inputs.tag }}"
+          fi
+
+          # Apply stashed changes, if any
+          git stash pop || true
+
+          git add .
+          # Check if there are any changes
+          if git diff --staged --quiet; then
+            echo "No changes to commit."
+          else
+            git commit -m "Update Helm chart"
+            git push --set-upstream origin "update-helm-chart-${{ inputs.tag }}"
+          fi
+      - name: Create Pull Request via GitHub API
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITOPS_PAT }}
+        run: |
+          curl \
+            -X POST \
+            -H "Authorization: token $GITHUB_TOKEN" \
+            -H "Accept: application/vnd.github.v3+json" \
+            https://api.github.com/repos/${{ vars.GITOPS_REPO }}/pulls \
+            -d "{\"title\": \"Update Helm Chart\", \"head\": \"update-helm-chart-${{ inputs.tag }}\", \"base\": \"main\", \"body\": \"Automated update of Helm chart\"}"
diff --git a/.github/workflows/.tests.yml b/.github/workflows/.tests.yml
@@ -0,0 +1,74 @@
+name: .Tests
+
+on:
+  workflow_call:
+    inputs:
+      ### Required
+      target:
+        description: PR number, test or prod
+        required: true
+        type: string
+
+jobs:
+  integration-tests:
+    name: Integration Tests
+    runs-on: ubuntu-22.04
+    timeout-minutes: 1
+    steps:
+      - uses: actions/checkout@v4
+      - id: cache-npm
+        uses: actions/cache@v3
+        with:
+          path: ~/.npm
+          key: ${{ runner.os }}-build-cache-node-modules-${{ hashFiles('**/package-lock.json') }}
+          restore-keys: |
+            ${{ runner.os }}-build-cache-node-modules-
+            ${{ runner.os }}-build-
+            ${{ runner.os }}-
+
+      - name: Integration tests
+        env:
+          API_NAME: nest
+          BASE_URL: https://${{ github.event.repository.name }}-${{ inputs.target }}-frontend.apps.silver.devops.gov.bc.ca
+        run: |
+          cd integration-tests
+          npm ci
+          node src/main.js
+
+  cypress-e2e:
+    name: E2E Tests
+    runs-on: ubuntu-22.04
+    defaults:
+      run:
+        working-directory: frontend
+    strategy:
+      matrix:
+        browser: [chrome, firefox, edge]
+    timeout-minutes: 5
+    steps:
+      - uses: actions/checkout@v4
+      - id: cache-npm
+        uses: actions/cache@v3
+        with:
+          path: ~/.npm
+          key: ${{ runner.os }}-build-cache-node-modules-${{ hashFiles('**/package-lock.json') }}
+          restore-keys: |
+            ${{ runner.os }}-build-cache-node-modules-
+            ${{ runner.os }}-build-
+            ${{ runner.os }}-
+
+      - uses: cypress-io/github-action@v6
+        name: Cypress run
+        env:
+          CYPRESS_baseUrl: https://${{ github.event.repository.name }}-${{ inputs.target }}-frontend.apps.silver.devops.gov.bc.ca/
+        with:
+          config: pageLoadTimeout=10000
+          working-directory: ./frontend
+          browser: ${{ matrix.browser }}
+
+      - uses: actions/upload-artifact@v3
+        if: failure()
+        with:
+          name: cypress-screenshots
+          path: ./cypress/screenshots
+          if-no-files-found: ignore # 'warn' or 'error' are also available, defaults to `warn`