Skip to content

fix(FSADT1-1234): adding zap on the CI for verification #3192

fix(FSADT1-1234): adding zap on the CI for verification

fix(FSADT1-1234): adding zap on the CI for verification #3192

Workflow file for this run

name: Pull Request Open
on:
pull_request:
workflow_dispatch:
concurrency:
# PR open and close use the same group, allowing only one at a time
group: pr-${{ github.ref }}
cancel-in-progress: true
jobs:
pr-validation:
name: Pull Request Validation
runs-on: ubuntu-latest
outputs:
version: ${{ steps.changelog.outputs.version }}
url_zone: ${{ steps.calculate.outputs.url_zone }}
permissions:
contents: read
pull-requests: write
steps:
- name: Calculate the deployment number
id: calculate
run: |
echo "url_zone=$((${{ github.event.number }} % 50))" >> $GITHUB_OUTPUT
- name: Checkout branch
uses: actions/checkout@v4
with:
ref: refs/heads/${{ github.head_ref }}
- name: Conventional Changelog Update
id: changelog
continue-on-error: true
uses: TriPSs/conventional-changelog-action@v5
with:
github-token: ${{ github.token }}
output-file: "CHANGELOG.md"
skip-version-file: "true"
skip-commit: "true"
git-push: "false"
git-branch: refs/heads/${{ github.head_ref }}
- name: Checkout pr
uses: actions/checkout@v4
with:
ref: ${{ github.ref }}
- name: Comment PR
continue-on-error: true
uses: thollander/actions-comment-pull-request@v2
if: ${{ steps.changelog.outputs.skipped == 'false' }}
with:
message: |
# Current changelog
${{ steps.changelog.outputs.clean_changelog }}
comment_tag: "# Current changelog"
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
pr-greeting:
name: PR Greeting
needs: pr-validation
env:
DOMAIN: apps.silver.devops.gov.bc.ca
URL_ZONE: ${{ needs.pr-validation.outputs.url_zone }}
PREFIX: ${{ github.event.repository.name }}-${{ needs.pr-validation.outputs.url_zone }}
runs-on: ubuntu-22.04
permissions:
pull-requests: write
steps:
- name: PR Greeting
uses: bcgov-nr/[email protected]
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
add_markdown: |
---
Thanks for the PR!
Any successful deployments (not always required) will be available [here](https://${{ env.PREFIX }}-frontend.${{ env.DOMAIN }}/)
Once merged, code will be promoted and handed off to following workflow run.
[Main Merge Workflow](https://github.com/${{ github.repository }}/actions/workflows/merge-main.yml)
builds:
name: Builds
runs-on: ubuntu-22.04
needs:
- pr-validation
permissions:
packages: write
strategy:
matrix:
package: [database, frontend, common, legacy, processor, backend]
include:
- package: database
triggers: ('database/')
- package: common
triggers: ('common/')
- package: frontend
triggers: ('frontend/')
- package: legacy
triggers: ('legacy/')
- package: processor
triggers: ('processor/')
- package: backend
triggers: ('backend/')
steps:
- uses: actions/checkout@v4
- uses: bcgov-nr/[email protected]
name: Build (${{ matrix.package }})
with:
package: ${{ matrix.package }}
tag: ${{ github.event.number }}
tag_fallback: test
token: ${{ secrets.GITHUB_TOKEN }}
triggers: ${{ matrix.triggers }}
build_args: |
APP_VERSION=${{needs.pr-validation.outputs.version}}-${{ github.event.number }}
deploy:
name: Deploy Application
needs:
- builds
- pr-validation
environment: dev
env:
DOMAIN: apps.silver.devops.gov.bc.ca
PREFIX: ${{ github.event.repository.name }}-${{ needs.pr-validation.outputs.url_zone }}
ZONE: dev
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
- name: Initializing Deployment
uses: bcgov-nr/[email protected]
with:
file: common/openshift.init.yml
oc_namespace: ${{ secrets.OC_NAMESPACE }}
oc_server: ${{ secrets.OC_SERVER }}
oc_token: ${{ secrets.OC_TOKEN }}
overwrite: true
parameters:
-p ZONE=${{ github.event.number }} -p NAME=${{ github.event.repository.name }}
-p ORACLEDB_USER=${{ secrets.ORACLEDB_USERNAME }}
-p ORACLEDB_PASSWORD=${{ secrets.ORACLEDB_PASSWORD }}
-p ORACLEDB_USER_W=${{ secrets.ORACLEDB_USERNAME_W }}
-p ORACLEDB_PASSWORD_W=${{ secrets.ORACLEDB_PASSWORD_W }}
-p ORACLEDB_DATABASE=${{ secrets.ORACLEDB_DATABASE }}
-p ORACLEDB_HOST=${{ secrets.ORACLEDB_HOST }}
-p ORACLEDB_SERVICENAME=${{ secrets.ORACLEDB_SERVICENAME }}
-p ORACLEDB_SECRET=${{ secrets.ORACLEDB_SECRET }}
-p BCREGISTRY_KEY=${{ secrets.BCREGISTRY_KEY }}
-p BCREGISTRY_ACCOUNT=${{ secrets.BCREGISTRY_ACCOUNT }}
-p CHES_CLIENT_ID=${{ secrets.CHES_CLIENT_ID }}
-p CHES_CLIENT_SECRET=${{ secrets.CHES_CLIENT_SECRET }}
-p ADDRESS_COMPLETE_KEY=${{ secrets.ADDRESS_COMPLETE_KEY }}
-p DB_PASSWORD=$(echo ${{github.ref}}${{github.event.number}}|md5sum|cut -d' ' -f1)
-p COGNITO_REGION=${{ secrets.COGNITO_REGION }}
-p COGNITO_CLIENT_ID=${{ secrets.COGNITO_CLIENT_ID }}
-p COGNITO_USER_POOL=${{ secrets.COGNITO_USER_POOL }}
-p COGNITO_DOMAIN=${{ secrets.COGNITO_DOMAIN }}
-p COGNITO_ENVIRONMENT=DEV
-p COGNITO_REDIRECT_URI=https://${{ env.PREFIX }}-frontend.${{ env.DOMAIN }}/dashboard
-p COGNITO_LOGOUT_URI='https://logontest7.gov.bc.ca/clp-cgi/logoff.cgi?retnow=1&returl=https://dev.loginproxy.gov.bc.ca/auth/realms/standard/protocol/openid-connect/logout?redirect_uri=https://${{ env.PREFIX }}-frontend.${{ env.DOMAIN }}'
-p CHES_MAIL_COPY=${{ secrets.CHES_MAIL_COPY }}
- name: Deploy Database Backup
uses: bcgov-nr/[email protected]
with:
file: database/openshift.backup.yml
oc_namespace: ${{ secrets.OC_NAMESPACE }}
oc_server: ${{ secrets.OC_SERVER }}
oc_token: ${{ secrets.OC_TOKEN }}
overwrite: true
parameters:
-p ZONE=${{ github.event.number }} -p NAME=${{ github.event.repository.name }}
-p PROMOTE=${{ github.repository }}/database:${{ github.event.number }}
- name: Backup database before update
continue-on-error: true
run: |
oc login --token=${{ secrets.OC_TOKEN }} --server=${{ secrets.OC_SERVER }}
oc project ${{ secrets.OC_NAMESPACE }}
# Run a backup before deploying a new version
oc create job --from=cronjob/${{ github.event.repository.name }}-${{ github.event.number }}-database-backup ${{ github.event.repository.name }}-${{ github.event.number }}-database-backup-$(date +%Y%m%d%H%M%S)
- name: Deploy Database
uses: bcgov-nr/[email protected]
with:
file: database/openshift.deploy.yml
oc_namespace: ${{ secrets.OC_NAMESPACE }}
oc_server: ${{ secrets.OC_SERVER }}
oc_token: ${{ secrets.OC_TOKEN }}
overwrite: false
parameters:
-p ZONE=${{ github.event.number }} -p NAME=${{ github.event.repository.name }}
-p PROMOTE=${{ github.repository }}/database:${{ github.event.number }}
- name: Deploy Backend
uses: bcgov-nr/[email protected]
with:
file: backend/openshift.deploy.yml
oc_namespace: ${{ secrets.OC_NAMESPACE }}
oc_server: ${{ secrets.OC_SERVER }}
oc_token: ${{ secrets.OC_TOKEN }}
overwrite: true
verification_path: health
parameters:
-p ZONE=${{ github.event.number }} -p NAME=${{ github.event.repository.name }}
-p PROMOTE=${{ github.repository }}/backend:${{ github.event.number }}
-p CHES_TOKEN_URL='https://loginproxy.gov.bc.ca/auth/realms/comsvcauth/protocol/openid-connect/token'
-p CHES_API_URL='https://ches.api.gov.bc.ca/api/v1/email'
-p BCREGISTRY_URI='https://bcregistry-prod.apigee.net'
-p COGNITO_REGION=ca-central-1
-p COGNITO_COOKIE_DOMAIN=gov.bc.ca
-p URL_ZONE=${{ needs.pr-validation.outputs.url_zone }}
- name: Dev data replacement
uses: bcgov-nr/[email protected]
with:
file: database/openshift.dev.yml
oc_namespace: ${{ secrets.OC_NAMESPACE }}
oc_server: ${{ secrets.OC_SERVER }}
oc_token: ${{ secrets.OC_TOKEN }}
overwrite: true
parameters: -p ZONE=${{ github.event.number }} -p NAME=${{ github.event.repository.name }}
- name: Deploy Legacy
uses: bcgov-nr/[email protected]
with:
file: legacy/openshift.deploy.yml
oc_namespace: ${{ secrets.OC_NAMESPACE }}
oc_server: ${{ secrets.OC_SERVER }}
oc_token: ${{ secrets.OC_TOKEN }}
overwrite: true
verification_path: health
parameters:
-p ZONE=${{ github.event.number }} -p NAME=${{ github.event.repository.name }}
-p PROMOTE=${{ github.repository }}/legacy:${{ github.event.number }}
-p URL_ZONE=${{ needs.pr-validation.outputs.url_zone }}
- name: Deploy Frontend
uses: bcgov-nr/[email protected]
with:
file: frontend/openshift.deploy.yml
oc_namespace: ${{ secrets.OC_NAMESPACE }}
oc_server: ${{ secrets.OC_SERVER }}
oc_token: ${{ secrets.OC_TOKEN }}
overwrite: true
parameters:
-p ZONE=${{ github.event.number }} -p NAME=${{ github.event.repository.name }}
-p PROMOTE=${{ github.repository }}/frontend:${{ github.event.number }}
-p VITE_NODE_ENV=openshift-${{ env.ZONE }}
-p URL_ZONE=${{ needs.pr-validation.outputs.url_zone }}
-p GREEN_DOMAIN=${{ secrets.GREEN_DOMAIN }}
-p COGNITO_REGION=${{ secrets.COGNITO_REGION }}
-p COGNITO_CLIENT_ID=${{ secrets.COGNITO_CLIENT_ID }}
-p COGNITO_USER_POOL=${{ secrets.COGNITO_USER_POOL }}
-p COGNITO_DOMAIN=${{ secrets.COGNITO_DOMAIN }}
-p COGNITO_ENVIRONMENT=DEV
-p COGNITO_REDIRECT_URI=https://${{ env.PREFIX }}-frontend.${{ env.DOMAIN }}/dashboard
-p COGNITO_LOGOUT_URI='https://logontest7.gov.bc.ca/clp-cgi/logoff.cgi?retnow=1&returl=https://dev.loginproxy.gov.bc.ca/auth/realms/standard/protocol/openid-connect/logout?redirect_uri=https://${{ env.PREFIX }}-frontend.${{ env.DOMAIN }}'
- name: Deploy Processor
uses: bcgov-nr/[email protected]
with:
file: processor/openshift.deploy.yml
oc_namespace: ${{ secrets.OC_NAMESPACE }}
oc_server: ${{ secrets.OC_SERVER }}
oc_token: ${{ secrets.OC_TOKEN }}
overwrite: true
verification_path: health
parameters:
-p ZONE=${{ github.event.number }} -p NAME=${{ github.event.repository.name }}
-p PROMOTE=${{ github.repository }}/processor:${{ github.event.number }}
-p URL_ZONE=${{ needs.pr-validation.outputs.url_zone }}
-p BCREGISTRY_URI='https://bcregistry-prod.apigee.net'
cypress-run:
name: "User flow test"
runs-on: ubuntu-22.04
needs:
- deploy
- pr-validation
environment: dev
env:
DOMAIN: apps.silver.devops.gov.bc.ca
PREFIX: ${{ github.event.repository.name }}-${{ needs.pr-validation.outputs.url_zone }}
steps:
- name: Checkout
uses: actions/checkout@v4
- uses: actions/setup-node@v4
name: Start node
with:
node-version: 18
- name: Run Cypress End-to-End
uses: cypress-io/github-action@v5
with:
working-directory: cypress
env:
CYPRESS_baseUrl: https://${{ env.PREFIX }}-frontend.${{ env.DOMAIN }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Publish Cypress Results
uses: mikepenz/action-junit-report@v4
continue-on-error: true
if: always()
with:
report_paths: cypress/result.xml
commit: ${{ github.event.pull_request.head.sha }}
summary: Cypress Test Results
detailed_summary: true
job_name: User Journeys
- uses: actions/upload-artifact@v4
name: Upload Cypress Screenshots with error
if: failure()
with:
name: cypress-screenshots
path: cypress/cypress/screenshots
retention-days: 7
- uses: actions/upload-artifact@v4
name: Upload Cypress Videos with error
if: failure()
with:
name: cypress-videos
path: cypress/cypress/videos
retention-days: 7