chore(be): Upgraded critical libs (#303) #153
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Main Merge | |
on: | |
push: | |
branches: | |
- main | |
paths-ignore: | |
- ".github/ISSUE_TEMPLATE/*" | |
- "**.md" | |
workflow_dispatch: | |
concurrency: | |
group: ${{ github.workflow }} | |
cancel-in-progress: true | |
env: | |
REGISTRY: ghcr.io | |
NAME: nrog | |
jobs: | |
#TODO: check sonar for OG | |
tests-backend: | |
name: Backend Unit Tests | |
runs-on: ubuntu-24.04 | |
continue-on-error: true | |
steps: | |
- name: Run tests | |
uses: bcgov-nr/[email protected] | |
with: | |
commands: | | |
npm ci | |
npm run test:cov | |
dir: backend | |
node_version: 16 | |
sonar_args: > | |
-Dsonar.exclusions=**/coverage/**,**/examples/**,**/pages/** | |
-Dsonar.organization=bcgov-sonarcloud | |
-Dsonar.projectKey=nr-old-growth | |
-Dsonar.tests=test | |
sonar_token: ${{ secrets.SONAR_TOKEN_BACKEND }} | |
codeql: | |
name: Semantic Code Analysis | |
runs-on: ubuntu-24.04 | |
needs: | |
- tests-backend | |
permissions: | |
actions: read | |
contents: read | |
security-events: write | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
- name: Initialize | |
uses: github/codeql-action/init@v3 | |
with: | |
languages: javascript | |
- name: Build Backend | |
run: | | |
cd backend | |
npm ci | |
npm run build | |
- name: Perform CodeQL Analysis | |
uses: github/codeql-action/analyze@v3 | |
deploy-test-database: | |
name: Deploy Database on Test Env | |
needs: | |
- tests-backend | |
env: | |
ZONE: test | |
environment: test | |
runs-on: ubuntu-24.04 | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Deploys | |
uses: bcgov-nr/[email protected] | |
with: | |
file: .github/openshift/deploy.database.yml | |
oc_namespace: ${{ secrets.OC_NAMESPACE }} | |
oc_server: ${{ secrets.OC_SERVER }} | |
oc_token: ${{ secrets.OC_TOKEN }} | |
oc_version: "4.13" | |
overwrite: false | |
parameters: -p ZONE=${{ env.ZONE }} -p NAME=${{ github.event.repository.name }} | |
deploy-test-backend: | |
name: Deploy Backend on Test Env | |
needs: | |
- deploy-test-database | |
env: | |
ZONE: test | |
environment: test | |
runs-on: ubuntu-24.04 | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Deploys | |
uses: bcgov-nr/[email protected] | |
with: | |
file: .github/openshift/deploy.backend.yml | |
oc_namespace: ${{ secrets.OC_NAMESPACE }} | |
oc_server: ${{ secrets.OC_SERVER }} | |
oc_token: ${{ secrets.OC_TOKEN }} | |
oc_version: "4.13" | |
overwrite: true | |
parameters: | |
-p ZONE=${{ env.ZONE }} -p NAME=${{ github.event.repository.name }} | |
-p CHES_CLIENT_ID=${{ secrets.CHES_CLIENT_ID }} | |
-p CHES_CLIENT_SECRET=${{ secrets.CHES_CLIENT_SECRET }} | |
-p CHES_TOKEN_URL='https://test.loginproxy.gov.bc.ca/auth/realms/comsvcauth/protocol/openid-connect/token' | |
-p CHES_API_URL='https://ches-test.api.gov.bc.ca/api/v1' | |
-p NODE_ENV='development' | |
-p BCEID_FORM_PASSWORD=${{ secrets.CHEFS_BCEID_FORM_PASSWORD}} | |
-p IDIR_FORM_PASSWORD=${{ secrets.CHEFS_IDIR_FORM_PASSWORD}} | |
prod-promotions: | |
name: Promote Images to Prod | |
needs: | |
- deploy-test-backend | |
runs-on: ubuntu-24.04 | |
steps: | |
- uses: shrink/actions-docker-registry-tag@v4 | |
with: | |
registry: ghcr.io | |
repository: ${{ github.repository }}/backend | |
target: test | |
tags: prod | |
deploy-prod-database: | |
name: Deploy Database on Prod Env | |
needs: | |
- prod-promotions | |
env: | |
ZONE: prod | |
environment: prod | |
runs-on: ubuntu-24.04 | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Deploys | |
uses: bcgov-nr/[email protected] | |
with: | |
file: .github/openshift/deploy.database.yml | |
oc_namespace: ${{ secrets.OC_NAMESPACE }} | |
oc_server: ${{ secrets.OC_SERVER }} | |
oc_token: ${{ secrets.OC_TOKEN }} | |
oc_version: "4.13" | |
overwrite: false | |
parameters: -p ZONE=${{ env.ZONE }} -p NAME=${{ github.event.repository.name }} | |
deploy-prod-backend: | |
name: Deploy Backend on Prod Env | |
needs: | |
- deploy-prod-database | |
env: | |
ZONE: prod | |
environment: prod | |
runs-on: ubuntu-24.04 | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Deploys | |
uses: bcgov-nr/[email protected] | |
with: | |
file: .github/openshift/deploy.backend.yml | |
oc_namespace: ${{ secrets.OC_NAMESPACE }} | |
oc_server: ${{ secrets.OC_SERVER }} | |
oc_token: ${{ secrets.OC_TOKEN }} | |
oc_version: "4.13" | |
overwrite: true | |
parameters: | |
-p ZONE=${{ env.ZONE }} -p NAME=${{ github.event.repository.name }} | |
-p CHES_CLIENT_ID=${{ secrets.CHES_CLIENT_ID }} | |
-p CHES_CLIENT_SECRET=${{ secrets.CHES_CLIENT_SECRET }} | |
-p CHES_TOKEN_URL='https://loginproxy.gov.bc.ca/auth/realms/comsvcauth/protocol/openid-connect/token' | |
-p CHES_API_URL='https://ches.api.gov.bc.ca/api/v1' | |
-p NODE_ENV='production' | |
-p BCEID_FORM_PASSWORD=${{ secrets.CHEFS_BCEID_FORM_PASSWORD}} | |
-p IDIR_FORM_PASSWORD=${{ secrets.CHEFS_IDIR_FORM_PASSWORD}} |