From 4c960c27020f3730fc3cfeab26b897449391f4d4 Mon Sep 17 00:00:00 2001
From: Chris Berg <chris.berg@aot-technologies.com>
Date: Thu, 12 Sep 2024 11:22:56 -0700
Subject: [PATCH 1/3]  feat: audit workflow for releases

---
 .github/workflows/audit.yml | 49 +++++++++++++++++++++++++++++++++++++
 1 file changed, 49 insertions(+)
 create mode 100644 .github/workflows/audit.yml

diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml
new file mode 100644
index 000000000..15c278258
--- /dev/null
+++ b/.github/workflows/audit.yml
@@ -0,0 +1,49 @@
+---
+name: Audit Shas
+
+on:
+  workflow_dispatch:
+    inputs:
+      ### Required
+      environment:
+        description: "Deployment environment - dev/test/prod"
+        required: true
+        type: choice
+        options: ["dev","test","prod"]
+        default: "prod"
+      release:
+        description: 'release name'
+        required: true
+        type: string
+        default: "prod"
+jobs:
+  # https://github.com/bcgov-nr/action-deployer-openshift
+  docker_login:
+    - name: Log in to the Container registry
+      if: steps.build.outputs.triggered == 'true'
+      uses: docker/login-action@v3
+      with:
+        registry: ghcr.io
+        username: ${{ github.actor }}
+        password: {{ secrets.oc_token }}
+    
+  audit_packages:
+    name: Audit
+    runs-on: ubuntu-22.04
+    strategy:
+      matrix:
+        package: [dops, vehicles, frontend, scheduler, policy]
+    timeout-minutes: 10
+    steps:
+      - uses: actions/checkout@v4
+      - name: Audit the installed application for package sha vs deployed sha
+        run: |
+          oc login --token=${{ secrets.oc_token }} --server=${{ vars.oc_server }}
+          oc project c28f0c-${{ inputs.environment }} # Safeguard!
+          export GHCR_SHA=$(docker manifest inspect onroutebc-${{inputs.release}}-${{matrix.package}} | jq '.manifests[0].digest')
+          export SHA_LIST=$(oc get pods -l app.kubernetes.io/instance=onroutebc-${{inputs.release}} -l app.kubernetes.io/name=${{matrix.package}} -o yaml | grep imageID | grep ghcr | cut -d : -f 3)
+          for sha in ${SHA_LIST}
+            do
+              echo "onroutebc-${{inputs.release}}-${{matrix.package}} - pod:${sha} ghcr: ${GHCR_SHA}"
+            done
+              

From 179eb166c89416db15d7a0f3943fd432238a13bd Mon Sep 17 00:00:00 2001
From: Chris Berg <chris.berg@aot-technologies.com>
Date: Thu, 12 Sep 2024 11:24:49 -0700
Subject: [PATCH 2/3]  feat: audit workflow for releases

---
 .github/workflows/audit.yml | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml
index 15c278258..be0d350b0 100644
--- a/.github/workflows/audit.yml
+++ b/.github/workflows/audit.yml
@@ -19,13 +19,12 @@ on:
 jobs:
   # https://github.com/bcgov-nr/action-deployer-openshift
   docker_login:
-    - name: Log in to the Container registry
-      if: steps.build.outputs.triggered == 'true'
-      uses: docker/login-action@v3
-      with:
-        registry: ghcr.io
-        username: ${{ github.actor }}
-        password: {{ secrets.oc_token }}
+    name: Log in to the Container registry
+    uses: docker/login-action@v3
+    with:
+      registry: ghcr.io
+      username: ${{ github.actor }}
+      password: {{ secrets.oc_token }}
     
   audit_packages:
     name: Audit

From 83c9d608b957219796f3d0c905239ecd7969a393 Mon Sep 17 00:00:00 2001
From: Chris Berg <chris.berg@aot-technologies.com>
Date: Mon, 16 Sep 2024 08:45:05 -0700
Subject: [PATCH 3/3] feat: audit shas

---
 .github/workflows/audit.yml | 25 ++++++++++++++++---------
 1 file changed, 16 insertions(+), 9 deletions(-)

diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml
index be0d350b0..8df69482f 100644
--- a/.github/workflows/audit.yml
+++ b/.github/workflows/audit.yml
@@ -17,15 +17,17 @@ on:
         type: string
         default: "prod"
 jobs:
-  # https://github.com/bcgov-nr/action-deployer-openshift
-  docker_login:
-    name: Log in to the Container registry
-    uses: docker/login-action@v3
-    with:
-      registry: ghcr.io
-      username: ${{ github.actor }}
-      password: {{ secrets.oc_token }}
-    
+  login_and_checkout:
+    name: Login and checkout repo
+    runs-on: ubuntu-22.04
+    timeout-minutes: 10
+    steps:
+      - uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.oc_token }}
+      - uses: actions/checkout@v4
   audit_packages:
     name: Audit
     runs-on: ubuntu-22.04
@@ -34,6 +36,11 @@ jobs:
         package: [dops, vehicles, frontend, scheduler, policy]
     timeout-minutes: 10
     steps:
+      - uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.oc_token }}
       - uses: actions/checkout@v4
       - name: Audit the installed application for package sha vs deployed sha
         run: |