From 52c3295f0c87b048bbbd0f500e558c96d2147461 Mon Sep 17 00:00:00 2001 From: Chris Berg Date: Thu, 17 Aug 2023 10:44:31 -0700 Subject: [PATCH 1/8] Helm charts for deployment --- charts/onroutebc/Chart.lock | 12 ++ charts/onroutebc/Chart.yaml | 20 +++ charts/service/.helmignore | 23 ++++ charts/service/Chart.yaml | 25 ++++ charts/service/templates/.imagestream.yml.swp | Bin 0 -> 12288 bytes charts/service/templates/_helpers.tpl | 119 ++++++++++++++++++ charts/service/templates/configmap.yaml | 9 ++ .../service/templates/deploymentconfig.yaml | 70 +++++++++++ charts/service/templates/hpa.yaml | 34 +++++ charts/service/templates/imagestream.yaml | 19 +++ charts/service/templates/route.yaml | 24 ++++ charts/service/templates/secret.yaml | 9 ++ charts/service/templates/service.yaml | 16 +++ .../templates/tests/test-connection.yaml | 15 +++ charts/service/values.yaml | 89 +++++++++++++ 15 files changed, 484 insertions(+) create mode 100644 charts/onroutebc/Chart.lock create mode 100644 charts/onroutebc/Chart.yaml create mode 100644 charts/service/.helmignore create mode 100644 charts/service/Chart.yaml create mode 100644 charts/service/templates/.imagestream.yml.swp create mode 100644 charts/service/templates/_helpers.tpl create mode 100644 charts/service/templates/configmap.yaml create mode 100644 charts/service/templates/deploymentconfig.yaml create mode 100644 charts/service/templates/hpa.yaml create mode 100644 charts/service/templates/imagestream.yaml create mode 100644 charts/service/templates/route.yaml create mode 100644 charts/service/templates/secret.yaml create mode 100644 charts/service/templates/service.yaml create mode 100644 charts/service/templates/tests/test-connection.yaml create mode 100644 charts/service/values.yaml diff --git a/charts/onroutebc/Chart.lock b/charts/onroutebc/Chart.lock new file mode 100644 index 000000000..e4c552c8d --- /dev/null +++ b/charts/onroutebc/Chart.lock @@ -0,0 +1,12 @@ +dependencies: +- name: service + repository: file://../service + version: 0.0.1 +- name: service + repository: file://../service + version: 0.0.1 +- name: service + repository: file://../service + version: 0.0.1 +digest: sha256:0a0452c8dd5fe757703c36ecf681439559c47dd462d128a9b171af10ef3d460c +generated: "2023-08-14T14:15:02.4771342-07:00" diff --git a/charts/onroutebc/Chart.yaml b/charts/onroutebc/Chart.yaml new file mode 100644 index 000000000..32cb58f1d --- /dev/null +++ b/charts/onroutebc/Chart.yaml @@ -0,0 +1,20 @@ +--- +apiVersion: v2 +name: onRouteBC +description: Helm chart for onRouteBC +type: application +version: 0.0.1 +appVersion: "1.16.0" +dependencies: # A list of the chart requirements (optional) + - name: service + version: 0.0.1 + repository: "file://../service" + alias: frontend + - name: service + version: 0.0.1 + repository: "file://../service" + alias: vehicles + - name: service + version: 0.0.1 + repository: "file://../service" + alias: dops diff --git a/charts/service/.helmignore b/charts/service/.helmignore new file mode 100644 index 000000000..0e8a0eb36 --- /dev/null +++ b/charts/service/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/service/Chart.yaml b/charts/service/Chart.yaml new file mode 100644 index 000000000..e6a053935 --- /dev/null +++ b/charts/service/Chart.yaml @@ -0,0 +1,25 @@ +--- +apiVersion: v2 +name: service +description: A Helm chart for generic React+Node services for Openshift + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.0.1 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "1.16.0" diff --git a/charts/service/templates/.imagestream.yml.swp b/charts/service/templates/.imagestream.yml.swp new file mode 100644 index 0000000000000000000000000000000000000000..aa395ecd83463224b41cc40d5ceda70d7d488c8e GIT binary patch literal 12288 zcmeI2zi!k(5XLw30hE+9%aIOj=lCNbiwY5;lL(0}$w`!Z_BvR%-Zl0b>12*nyajJS z%>z(T(bDh$yaWZaUOPw;Ns;cPZ>7&;duBh+{<_o6e0Mh4=TE~iqjlR|{Q5zmnK#-t z!<);a5~Vfe<@q7=(HllaSEjLYoh2uX`A$$_WvS%BYh@)B0103q$i~NBrFgB0T2KI5C8!X009sH z0T2LzwIIOzWtac%N*VK4CJ~Aa@49H07Za7tWF>VXhq^0D4vor_WqfX_MM0n0X{UQH zCr8KAH>+r;J)9ow9~|$k&WjegPGkPUBnw$h-0*mxq1p1nTLs)3wJpzeqMB6l(J*-) zT5(#Bc*s}I(LMM*%AGCdnNYPeRK_fta_FxvW#Y@)Hu#UH5_73K*AHA%ds18e*nh#N z+~zBK${M9yy6>xyR;0p;nEA7Ir#$LL +# - The value is the path in Vault where the secret is located. +{{- range $k := .Values.vault.secrets }} +vault.hashicorp.com/agent-inject-secret-{{$k}}: {{$.Values.vault.zone}}/{{$k}} +vault.hashicorp.com/agent-inject-template-{{$k}}: | + {{ printf "%s" "{{" }}- with secret "{{$.Values.vault.zone}}/{{$k}}"{{ printf "%s" "}}" }} + {{ printf "%s" "{{" }}- range $k,$v := .Data.data{{ printf "%s" "}}" }} + export {{"{{"}}$k{{"}}"}}="{{"{{"}}$v{{"}}"}}" + {{ printf "%s" "{{" }}- end{{ printf "%s" "}}" }} + {{ printf "%s" "{{" }}- end{{ printf "%s" "}}" }} +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/service/templates/configmap.yaml b/charts/service/templates/configmap.yaml new file mode 100644 index 000000000..97ff02a97 --- /dev/null +++ b/charts/service/templates/configmap.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "service.fullname" . }} + labels: + {{- include "service.labels" . | nindent 4 }} +data: + {{- include "service.configmap" . | nindent 2 }} diff --git a/charts/service/templates/deploymentconfig.yaml b/charts/service/templates/deploymentconfig.yaml new file mode 100644 index 000000000..c4507c1a0 --- /dev/null +++ b/charts/service/templates/deploymentconfig.yaml @@ -0,0 +1,70 @@ +apiVersion: apps.openshift.io/v1 +kind: DeploymentConfig +metadata: + name: {{ include "service.fullname" . }} + labels: + {{- include "service.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.replicaCount }} + triggers: + - type: ConfigChange + - type: ImageChange + imageChangeParams: + automatic: true + containerNames: + - {{ include "service.fullname" . }} + from: + kind: ImageStreamTag + name: {{ include "service.fullname" . }}:{{ .Values.image.tag }} + selector: + {{- include "service.selectorLabels" . | nindent 4 }} + strategy: + type: Rolling + template: + metadata: + annotations: + {{- include "service.podAnnotations" . | nindent 8 }} + {{- include "service.vaultAnnotations" . | nindent 8 }} + labels: + {{- include "service.selectorLabels" . | nindent 8 }} + spec: + serviceAccountName: {{.Values.serviceAccountName}} + imagePullSecrets: + {{- toYaml .Values.imagePullSecrets | nindent 8 }} + containers: + - image: {{ include "service.fullname" . }}:{{ .Values.image.tag }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + name: {{ include "service.fullname" . }} + {{- if .Values.vault.enabled}} + args: + - 'sh' + - '-c' + - '{{- range $k := .Values.vault.secrets }}source /vault/secrets/{{$k}} && {{- end}}{{ .Values.vault.entrypoint }}' + {{- end}} + env: + {{- range $k,$v := fromYaml (.Values.configmap.env) }} + - name: {{$k}} + valueFrom: + configMapKeyRef: + name: {{ include "service.fullname" $ }} + key: {{$k}} + {{- end }} + {{- range $k,$v := fromYaml (.Values.secret.stringdata) }} + - name: {{$k}} + valueFrom: + secretKeyRef: + name: {{ include "service.fullname" $ }} + key: {{$k}} + {{- end }} + ports: + {{- toYaml .Values.container.ports | nindent 12 }} + resources: + {{- toYaml .Values.container.resources | nindent 12 }} + readinessProbe: + {{ toYaml .Values.container.readinessProbe | nindent 12 }} + livenessProbe: + {{ toYaml .Values.container.livenessProbe | nindent 12 }} + volumeMounts: + {{- toYaml .Values.container.volumeMounts | nindent 12 }} + volumes: + {{- toYaml .Values.volumes | nindent 8 }} diff --git a/charts/service/templates/hpa.yaml b/charts/service/templates/hpa.yaml new file mode 100644 index 000000000..b94e205fa --- /dev/null +++ b/charts/service/templates/hpa.yaml @@ -0,0 +1,34 @@ +--- +{{- if .Values.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "service.fullname" . }} + labels: + {{- include "service.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps.openshift.io/v1 + kind: DeploymentConfig + name: {{ include "service.fullname" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/charts/service/templates/imagestream.yaml b/charts/service/templates/imagestream.yaml new file mode 100644 index 000000000..0ecdad06a --- /dev/null +++ b/charts/service/templates/imagestream.yaml @@ -0,0 +1,19 @@ +--- +{{- if .Values.imagestream.enabled -}} +apiVersion: image.openshift.io/v1 +kind: ImageStream +metadata: + name: {{ include "service.fullname" . }} + labels: + {{- include "service.labels" . | nindent 4 }} +spec: + lookupPolicy: + local: false + tags: + - name: {{ .Values.image.tag }} + from: + kind: DockerImage + name: {{ .Values.image.repository }}:{{ .Values.image.tag }} + referencePolicy: + type: Local +{{- end }} diff --git a/charts/service/templates/route.yaml b/charts/service/templates/route.yaml new file mode 100644 index 000000000..9d0f2a4dd --- /dev/null +++ b/charts/service/templates/route.yaml @@ -0,0 +1,24 @@ +{{- if .Values.route.enabled -}} +{{- $fullName := include "service.fullname" . -}} +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + labels: + {{- include "service.labels" . | nindent 4 }} + {{- with .Values.route.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + name: {{ include "service.fullname" . }} +spec: + host: {{ include "service.hostname" . }} + port: + targetPort: {{ .Values.route.targetport }} + to: + kind: Service + name: {{ include "service.fullname" . }} + weight: 100 + tls: + termination: edge + insecureEdgeTerminationPolicy: Redirect +{{- end }} diff --git a/charts/service/templates/secret.yaml b/charts/service/templates/secret.yaml new file mode 100644 index 000000000..74271a4a8 --- /dev/null +++ b/charts/service/templates/secret.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: v1 +kind: Secret +metadata: + labels: + {{- include "service.labels" . | nindent 4 }} + name: {{ include "service.fullname" . }} +stringData: +{{- include "service.secret" . | nindent 2}} diff --git a/charts/service/templates/service.yaml b/charts/service/templates/service.yaml new file mode 100644 index 000000000..b73a16392 --- /dev/null +++ b/charts/service/templates/service.yaml @@ -0,0 +1,16 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ include "service.fullname" . }} + labels: + {{- include "service.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - name: {{ .Values.service.ports.name }} + port: {{ .Values.service.ports.port }} + targetPort: {{ .Values.service.ports.targetPort }} + protocol: {{ .Values.service.ports.protocol }} + selector: + {{- include "service.selectorLabels" . | nindent 4 }} diff --git a/charts/service/templates/tests/test-connection.yaml b/charts/service/templates/tests/test-connection.yaml new file mode 100644 index 000000000..e626c8e15 --- /dev/null +++ b/charts/service/templates/tests/test-connection.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "service.fullname" . }}-test-connection" + labels: + {{- include "service.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test +spec: + containers: + - name: wget + image: busybox + command: ['wget'] + args: ['{{ include "service.fullname" . }}:{{ .Values.service.port }}'] + restartPolicy: Never diff --git a/charts/service/values.yaml b/charts/service/values.yaml new file mode 100644 index 000000000..ea2a81903 --- /dev/null +++ b/charts/service/values.yaml @@ -0,0 +1,89 @@ +# Default values for backend microservices. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +domain: apps.silver.devops.gov.bc.ca +serviceAccountName: + +configmap: + script: + env: + +secret: + stringdata: + +replicaCount: 1 + +image: + repository: ghcr.io/bcgov/onroutebc/frontend + pullPolicy: Always + # Overrides the image tag whose default is the chart appVersion. + tag: "latest" + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" +podAnnotations: {} + +autoscaling: + enabled: true + minReplicas: 3 + maxReplicas: 5 + targetCPUUtilizationPercentage: 100 + # targetMemoryUtilizationPercentage: 80 + +container: + resources: + limits: + cpu: 75m + memory: 150Mi + requests: + cpu: 25m + memory: 50Mi + ports: + - name: 3000-tcp + containerPort: 3000 + protocol: TCP + readinessProbe: + httpGet: + path: / + port: 3000 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 30 + timeoutSeconds: 1 + livenessProbe: + successThreshold: 1 + failureThreshold: 3 + httpGet: + path: / + port: 3000 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 30 + timeoutSeconds: 5 + +service: + type: ClusterIP + ports: + name: 3000-tcp + protocol: TCP + port: 80 + targetPort: 3000 + +route: + enabled: true + annotations: {} + #hostname: service + targetport: 3000-tcp + +imagestream: + enabled: true + +volumes: + +vault: + enabled: false + zone: "" + secrets: [] + entrypoint: "" From d756aae11a64fcb5c4338266ca3fab01207c8c74 Mon Sep 17 00:00:00 2001 From: Chris Berg Date: Thu, 17 Aug 2023 10:56:45 -0700 Subject: [PATCH 2/8] Adding chart-releaser action --- .github/workflows/charts-release.yaml | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 .github/workflows/charts-release.yaml diff --git a/.github/workflows/charts-release.yaml b/.github/workflows/charts-release.yaml new file mode 100644 index 000000000..e4a4a9f67 --- /dev/null +++ b/.github/workflows/charts-release.yaml @@ -0,0 +1,27 @@ +name: Release Charts + +on: + push: + paths: + - 'charts/**' + branches: + - feature/helm + +jobs: + release: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + with: + fetch-depth: 0 + + - name: Configure Git + run: | + git config user.name "$GITHUB_ACTOR" + git config user.email "$GITHUB_ACTOR@users.noreply.github.com" + + - name: Run chart-releaser + uses: helm/chart-releaser-action@v1.5.0 + env: + CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" From 0dda4ccaa26f7d77490d7d217dfb2a10f4f32d13 Mon Sep 17 00:00:00 2001 From: Chris Berg Date: Thu, 17 Aug 2023 11:16:15 -0700 Subject: [PATCH 3/8] removed chart.lock --- charts/onroutebc/Chart.lock | 12 ------------ 1 file changed, 12 deletions(-) delete mode 100644 charts/onroutebc/Chart.lock diff --git a/charts/onroutebc/Chart.lock b/charts/onroutebc/Chart.lock deleted file mode 100644 index e4c552c8d..000000000 --- a/charts/onroutebc/Chart.lock +++ /dev/null @@ -1,12 +0,0 @@ -dependencies: -- name: service - repository: file://../service - version: 0.0.1 -- name: service - repository: file://../service - version: 0.0.1 -- name: service - repository: file://../service - version: 0.0.1 -digest: sha256:0a0452c8dd5fe757703c36ecf681439559c47dd462d128a9b171af10ef3d460c -generated: "2023-08-14T14:15:02.4771342-07:00" From 4695c525c2f093b991729234fed1f3f6472c4aef Mon Sep 17 00:00:00 2001 From: Chris Berg Date: Thu, 17 Aug 2023 11:27:22 -0700 Subject: [PATCH 4/8] only update on changes to main --- .github/workflows/charts-release.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/charts-release.yaml b/.github/workflows/charts-release.yaml index e4a4a9f67..fd7f1795e 100644 --- a/.github/workflows/charts-release.yaml +++ b/.github/workflows/charts-release.yaml @@ -5,7 +5,7 @@ on: paths: - 'charts/**' branches: - - feature/helm + - main jobs: release: From aa365f48a3841bba4497cb86759b77a54771113c Mon Sep 17 00:00:00 2001 From: Chris Berg Date: Wed, 25 Oct 2023 18:12:49 -0700 Subject: [PATCH 5/8] initial working values commit --- charts/onroutebc/Chart.yaml | 20 +-- charts/onroutebc/values.yaml | 269 +++++++++++++++++++++++++++++++++++ 2 files changed, 279 insertions(+), 10 deletions(-) create mode 100644 charts/onroutebc/values.yaml diff --git a/charts/onroutebc/Chart.yaml b/charts/onroutebc/Chart.yaml index 32cb58f1d..dba1e1c30 100644 --- a/charts/onroutebc/Chart.yaml +++ b/charts/onroutebc/Chart.yaml @@ -3,18 +3,18 @@ apiVersion: v2 name: onRouteBC description: Helm chart for onRouteBC type: application -version: 0.0.1 +version: 1.0.0 appVersion: "1.16.0" dependencies: # A list of the chart requirements (optional) - - name: service - version: 0.0.1 - repository: "file://../service" + - name: component + repository: "file:///home/ubuntu/helm-service/charts/component/" alias: frontend - - name: service - version: 0.0.1 - repository: "file://../service" + version: 0.0.2 + - name: component + repository: "file:///home/ubuntu/helm-service/charts/component/" alias: vehicles - - name: service - version: 0.0.1 - repository: "file://../service" + version: 0.0.2 + - name: component + repository: "file:///home/ubuntu/helm-service/charts/component/" alias: dops + version: 0.0.2 diff --git a/charts/onroutebc/values.yaml b/charts/onroutebc/values.yaml new file mode 100644 index 000000000..67a24d35f --- /dev/null +++ b/charts/onroutebc/values.yaml @@ -0,0 +1,269 @@ +--- +global: + repository: bcgov/onroutebc # the repository where the images are stored. + registry: ghcr.io # the registry where the images are stored. override during runtime for other registry at global level or individual level. + secrets: + annotation: + helm.sh/policy: "keep" + domain: "apps.silver.devops.gov.bc.ca" # it is required, apps.silver.devops.gov.bc.ca for silver cluster + openshiftImageRegistry: "image-registry.openshift-image-registry.svc:5000" + +frontend: + enabled: true + deployment: # can be either a statefulSet or a deployment not both + enabled: true + statefulSet: # can be either a statefulSet or a deployment not both + enabled: false + secret: + enabled: false + configmap: + enabled: true + data: + config.js: |- + const envConfig = (() => { + return { + "VITE_DEPLOY_ENVIRONMENT":"Experiment", + "VITE_API_VEHICLE_URL":"https://{{.Release.Name}}-vehicles.{{.Values.global.domain}}", + "VITE_AUTH0_ISSUER_URL":"https://dev.loginproxy.gov.bc.ca/auth/realms/standard", + "VITE_AUTH0_AUDIENCE":"on-route-bc-direct-4598", + "VITE_SITEMINDER_LOG_OFF_URL": "https://logontest7.gov.bc.ca/clp-cgi/logoff.cgi", + }; + })(); + containers: + - name: frontend + registry: '{{ .Values.global.registry }}' + repository: '{{ .Values.global.repository }}' # example, it includes registry and repository + image: frontend + tag: latest + ports: + - name: http + containerPort: 3000 + protocol: TCP + resources: # this is optional + limits: + cpu: 75m + memory: 150Mi + requests: + cpu: 25m + memory: 50Mi + volumeMounts: + - name: config + mountPath: "/usr/share/nginx/html/config.js" + subPath: config.js + ingress: + annotations: + route.openshift.io/termination: "edge" + enabled: true + hosts: + - host: "onroutebc-experiment-frontend.apps.silver.devops.gov.bc.ca" + paths: + - path: / + pathType: ImplementationSpecific + tls: + - {} + service: + enabled: true + type: ClusterIP + ports: + - name: 3000-tcp + protocol: TCP + port: 80 + targetPort: 3000 + serviceAccount: + name: c28f0c-vault + vault: + enabled: true + entrypoint: "nginx -g 'daemon off;'" + resources: # this is optional + limits: + cpu: 100m + memory: 200Mi + requests: + cpu: 75m + memory: 100Mi + role: c28f0c-nonprod + secretPaths: + - auth0-dev + - be-api-dev + volumes: + - name: config + configMap: + name: "{{ .Release.Name}}-frontend" + +vehicles: + enabled: true + deployment: # can be either a statefulSet or a deployment not both + enabled: true + statefulSet: # can be either a statefulSet or a deployment not both + enabled: false + secret: + enabled: false + configmap: + enabled: true + data: + DOPS_URL: "https://{{.Release.Name}}-dops.apps.silver.devops.gov.bc.ca" + FRONTEND_URL: "https://{{.Release.Name}}-frontend.apps.silver.devops.gov.bc.ca" + PAYBC_REDIRECT: "https://{{.Release.Name}}-frontend.apps.silver.devops.gov.bc.ca/payment" + VEHICLES_URL: "https://onroutebc-experiment-vehicles.apps.silver.devops.gov.bc.ca" + + containers: + - name: vehicles + registry: '{{ .Values.global.registry }}' + repository: '{{ .Values.global.repository }}' # example, it includes registry and repository + image: backend/vehicles + tag: latest + ports: + - name: vehicles-api + containerPort: 5000 + protocol: TCP + readinessProbe: + httpGet: + path: / + port: 5000 + scheme: HTTP + initialDelaySeconds: 60 + periodSeconds: 15 + timeoutSeconds: 5 + livenessProbe: + successThreshold: 1 + failureThreshold: 3 + httpGet: + path: / + port: 5000 + scheme: HTTP + initialDelaySeconds: 60 + periodSeconds: 30 + timeoutSeconds: 5 + resources: # this is optional + limits: + cpu: 75m + memory: 150Mi + requests: + cpu: 25m + memory: 50Mi + envFrom: + configMapRef: onroutebc-experiment-vehicles + ingress: + annotations: + route.openshift.io/termination: "edge" + enabled: true + hosts: + - host: "onroutebc-experiment-vehicles.apps.silver.devops.gov.bc.ca" + paths: + - path: / + pathType: ImplementationSpecific + tls: + - {} + service: + enabled: true + type: ClusterIP + ports: + - name: 5000-tcp + protocol: TCP + port: 80 + targetPort: 5000 + serviceAccount: + name: c28f0c-vault + vault: + enabled: true + entrypoint: "npm run start:prod" + resources: # this is optional + limits: + cpu: 100m + memory: 200Mi + requests: + cpu: 75m + memory: 100Mi + role: c28f0c-nonprod + secretPaths: + - auth0-dev + - ches-dev + - mssql-dev + - payment-dev + +dops: + enabled: true + deployment: # can be either a statefulSet or a deployment not both + enabled: true + statefulSet: # can be either a statefulSet or a deployment not both + enabled: false + secret: + enabled: false + configmap: + enabled: true + data: + ACCESS_API_URL: "https://onroutebc-experiment-dops.apps.silver.devops.gov.bc.ca" + containers: + - name: dops + registry: '{{ .Values.global.registry }}' + repository: '{{ .Values.global.repository }}' # example, it includes registry and repository + image: backend/dops + tag: latest + ports: + - name: dops-api + containerPort: 5001 + protocol: TCP + readinessProbe: + httpGet: + path: / + port: 5001 + scheme: HTTP + initialDelaySeconds: 60 + periodSeconds: 15 + timeoutSeconds: 5 + livenessProbe: + successThreshold: 1 + failureThreshold: 3 + httpGet: + path: / + port: 5001 + scheme: HTTP + initialDelaySeconds: 60 + periodSeconds: 30 + timeoutSeconds: 5 + resources: # this is optional + limits: + cpu: 75m + memory: 150Mi + requests: + cpu: 25m + memory: 50Mi + envFrom: + configMapRef: onroutebc-experiment-dops + ingress: + annotations: + route.openshift.io/termination: "edge" + enabled: true + hosts: + - host: "onroutebc-experiment-dops.apps.silver.devops.gov.bc.ca" + paths: + - path: / + pathType: ImplementationSpecific + tls: + - {} + service: + enabled: true + type: ClusterIP + ports: + - name: 5001-tcp + protocol: TCP + port: 80 + targetPort: 5001 + serviceAccount: + name: c28f0c-vault + vault: + enabled: true + entrypoint: "npm run start:prod" + resources: # this is optional + limits: + cpu: 100m + memory: 200Mi + requests: + cpu: 75m + memory: 100Mi + role: c28f0c-nonprod + secretPaths: + - auth0-dev + - ches-dev + - mssql-dev + - payment-dev From 246a9705ba80ea1d72187fa1b2e4eb271a2d6617 Mon Sep 17 00:00:00 2001 From: Chris Berg Date: Tue, 31 Oct 2023 14:00:14 -0700 Subject: [PATCH 6/8] modified values to define command --- charts/onroutebc/values.yaml | 25 +++++++++---------------- 1 file changed, 9 insertions(+), 16 deletions(-) diff --git a/charts/onroutebc/values.yaml b/charts/onroutebc/values.yaml index 67a24d35f..2d35f38ac 100644 --- a/charts/onroutebc/values.yaml +++ b/charts/onroutebc/values.yaml @@ -50,6 +50,7 @@ frontend: - name: config mountPath: "/usr/share/nginx/html/config.js" subPath: config.js + ingress: annotations: route.openshift.io/termination: "edge" @@ -71,20 +72,6 @@ frontend: targetPort: 3000 serviceAccount: name: c28f0c-vault - vault: - enabled: true - entrypoint: "nginx -g 'daemon off;'" - resources: # this is optional - limits: - cpu: 100m - memory: 200Mi - requests: - cpu: 75m - memory: 100Mi - role: c28f0c-nonprod - secretPaths: - - auth0-dev - - be-api-dev volumes: - name: config configMap: @@ -108,6 +95,10 @@ vehicles: containers: - name: vehicles + command: + - "sh" + - "-c" + - "source /vault/auth0-dev && source /vault/ches-dev && source /vault/mssql-dev && source /vault/payment-dev && npm run start:prod" registry: '{{ .Values.global.registry }}' repository: '{{ .Values.global.repository }}' # example, it includes registry and repository image: backend/vehicles @@ -166,7 +157,6 @@ vehicles: name: c28f0c-vault vault: enabled: true - entrypoint: "npm run start:prod" resources: # this is optional limits: cpu: 100m @@ -195,6 +185,10 @@ dops: ACCESS_API_URL: "https://onroutebc-experiment-dops.apps.silver.devops.gov.bc.ca" containers: - name: dops + command: + - "sh" + - "-c" + - "source /vault/auth0-dev && source /vault/ches-dev && source /vault/mssql-dev && source /vault/payment-dev && npm run start:prod" registry: '{{ .Values.global.registry }}' repository: '{{ .Values.global.repository }}' # example, it includes registry and repository image: backend/dops @@ -253,7 +247,6 @@ dops: name: c28f0c-vault vault: enabled: true - entrypoint: "npm run start:prod" resources: # this is optional limits: cpu: 100m From 679ff5615eed877f591e4a4d24ab7cf109bde689 Mon Sep 17 00:00:00 2001 From: Chris Berg Date: Tue, 31 Oct 2023 16:35:30 -0700 Subject: [PATCH 7/8] First working commit and deploy of helm install --- charts/onroutebc/Chart.yaml | 12 ++++++------ charts/onroutebc/values.yaml | 8 ++------ 2 files changed, 8 insertions(+), 12 deletions(-) diff --git a/charts/onroutebc/Chart.yaml b/charts/onroutebc/Chart.yaml index dba1e1c30..73b68e9b6 100644 --- a/charts/onroutebc/Chart.yaml +++ b/charts/onroutebc/Chart.yaml @@ -7,14 +7,14 @@ version: 1.0.0 appVersion: "1.16.0" dependencies: # A list of the chart requirements (optional) - name: component - repository: "file:///home/ubuntu/helm-service/charts/component/" + repository: "https://bcgov.github.io/helm-service" alias: frontend - version: 0.0.2 + version: 0.0.14 - name: component - repository: "file:///home/ubuntu/helm-service/charts/component/" + repository: "https://bcgov.github.io/helm-service" alias: vehicles - version: 0.0.2 + version: 0.0.14 - name: component - repository: "file:///home/ubuntu/helm-service/charts/component/" + repository: "https://bcgov.github.io/helm-service" alias: dops - version: 0.0.2 + version: 0.0.14 diff --git a/charts/onroutebc/values.yaml b/charts/onroutebc/values.yaml index 2d35f38ac..610ebe6b4 100644 --- a/charts/onroutebc/values.yaml +++ b/charts/onroutebc/values.yaml @@ -98,7 +98,7 @@ vehicles: command: - "sh" - "-c" - - "source /vault/auth0-dev && source /vault/ches-dev && source /vault/mssql-dev && source /vault/payment-dev && npm run start:prod" + - "source /vault/secrets/auth0-dev && source /vault/secrets/ches-dev && source /vault/secrets/mssql-dev && source /vault/secrets/payment-dev && npm run start:prod" registry: '{{ .Values.global.registry }}' repository: '{{ .Values.global.repository }}' # example, it includes registry and repository image: backend/vehicles @@ -132,8 +132,6 @@ vehicles: requests: cpu: 25m memory: 50Mi - envFrom: - configMapRef: onroutebc-experiment-vehicles ingress: annotations: route.openshift.io/termination: "edge" @@ -188,7 +186,7 @@ dops: command: - "sh" - "-c" - - "source /vault/auth0-dev && source /vault/ches-dev && source /vault/mssql-dev && source /vault/payment-dev && npm run start:prod" + - "source /vault/secrets/auth0-dev && source /vault/secrets/ches-dev && source /vault/secrets/mssql-dev && source /vault/secrets/payment-dev && npm run start:prod" registry: '{{ .Values.global.registry }}' repository: '{{ .Values.global.repository }}' # example, it includes registry and repository image: backend/dops @@ -222,8 +220,6 @@ dops: requests: cpu: 25m memory: 50Mi - envFrom: - configMapRef: onroutebc-experiment-dops ingress: annotations: route.openshift.io/termination: "edge" From 988e26b66f6f97a64bcfd92da7fb76251ebeccfe Mon Sep 17 00:00:00 2001 From: Chris Berg Date: Fri, 10 Nov 2023 11:10:46 -0800 Subject: [PATCH 8/8] Implimenting Changes via Nr-Quickstart-Openshift --- .github/CODEOWNERS | 4 +- .github/workflows/.deploy.yml | 81 +++++++++++++ .github/workflows/.tests.yml | 74 ++++++++++++ .github/workflows/analysis.yml | 69 ++++++----- .github/workflows/charts-release.yaml | 27 ----- .github/workflows/deploy.yml | 159 ------------------------- .github/workflows/merge.yml | 164 +++----------------------- .github/workflows/pentests.yml | 29 ----- .github/workflows/pr-close.yml | 68 ++++++++--- .github/workflows/pr-open.yml | 60 ++++++---- .github/workflows/release-to-uat.yml | 30 ----- .github/workflows/scheduled.yml | 113 ++++++++++++++++++ charts/onroutebc/Chart.yaml | 12 +- 13 files changed, 424 insertions(+), 466 deletions(-) create mode 100644 .github/workflows/.deploy.yml create mode 100644 .github/workflows/.tests.yml delete mode 100644 .github/workflows/charts-release.yaml delete mode 100644 .github/workflows/deploy.yml delete mode 100644 .github/workflows/pentests.yml delete mode 100644 .github/workflows/release-to-uat.yml create mode 100644 .github/workflows/scheduled.yml diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index afb0a408c..2dde6b289 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -1,8 +1,8 @@ # Default codeowners: -* @john-fletcher-aot @gchauhan-aot @praju-aot @krishnan-aot @zgong-gov +* @john-fletcher-aot @gchauhan-aot @praju-aot @krishnan-aot # Frontend: -/frontend/** @krishnan-aot @erikataot @zgong-gov +/frontend/** @krishnan-aot # Backend: /backend/** @gchauhan-aot @praju-aot diff --git a/.github/workflows/.deploy.yml b/.github/workflows/.deploy.yml new file mode 100644 index 000000000..ded5ac277 --- /dev/null +++ b/.github/workflows/.deploy.yml @@ -0,0 +1,81 @@ +name: Deploy Workflow + +on: + workflow_call: + inputs: + ### Required + target: + description: 'PR number, test or prod.' + required: true + type: string + + ### Typical / recommended + autoscaling: + description: 'Autoscaling enabled or not for the deployments' + required: false + type: boolean + default: true + tag: + description: 'Docker tag; e.g. PR number, tag, test or prod' + required: false + type: string + default: ${{ github.event.number }} + + ### Usually a bad idea / not recommended + directory: + description: 'Chart directory.' + default: 'charts/${{ github.event.repository.name }}' + required: false + type: string + timeout-minutes: + description: 'Timeout minutes' + default: 10 + required: false + type: number + values: + description: 'Values file.' + default: 'values.yaml' + required: false + type: string + +jobs: + # https://github.com/bcgov-nr/action-deployer-openshift + deploys: + name: Helm + environment: ${{ github.event.number || github.event.release.tag_name }} + runs-on: ubuntu-22.04 + timeout-minutes: ${{ inputs.timeout-minutes }} + steps: + - uses: actions/checkout@v4 + - name: Deploy + working-directory: ${{ inputs.directory }} + shell: bash + run: | + # Login to OpenShift (NOTE: project command is a safeguard) + oc login --token=${{ secrets.oc_token }} --server=${{ vars.oc_server }} + oc project ${{ vars.oc_namespace }} + + # Interrupt any previous jobs (status = pending-upgrade) + PREVIOUS=$(helm status ${{ github.event.repository.name }}-${{ inputs.target }} -o json | jq .info.status || true) + if [[ ${PREVIOUS} =~ pending ]]; then + echo "Rollback triggered" + helm rollback ${{ github.event.repository.name }}-${{ inputs.target }} || \ + helm uninstall ${{ github.event.repository.name }}-${{ inputs.target }} + fi + + # Deploy Helm Chart + helm dependency update + helm upgrade \ + --set global.autoscaling=${{ inputs.autoscaling }} \ + --set-string global.repository=${{ github.repository }} \ + --set-string global.secrets.databasePassword=${{ secrets.DB_PASSWORD }} \ + --set-string global.tag="${{ inputs.target }}" \ + --set-string backend.containers[0].tag="${{ inputs.target }}" \ + --set-string backend.initContainers[0].tag="${{ inputs.target }}" \ + --set-string frontend.containers[0].tag="${{ inputs.target }}" \ + --install --wait --atomic ${{ github.event.repository.name }}-${{ inputs.target }} \ + --timeout ${{ inputs.timeout-minutes }}m \ + --values ${{ inputs.values }} . + + # Remove old build runs, build pods and deployment pods + oc delete po --field-selector=status.phase==Succeeded diff --git a/.github/workflows/.tests.yml b/.github/workflows/.tests.yml new file mode 100644 index 000000000..c34a7528c --- /dev/null +++ b/.github/workflows/.tests.yml @@ -0,0 +1,74 @@ +name: Test Workflow + +on: + workflow_call: + inputs: + ### Required + target: + description: 'PR number, test or prod.' + required: true + type: string + +jobs: + integration-tests: + name: Integration Tests + runs-on: ubuntu-22.04 + timeout-minutes: 1 + steps: + - uses: actions/checkout@v4 + - id: cache-npm + uses: actions/cache@v3 + with: + path: ~/.npm + key: ${{ runner.os }}-build-cache-node-modules-${{ hashFiles('**/package-lock.json') }} + restore-keys: | + ${{ runner.os }}-build-cache-node-modules- + ${{ runner.os }}-build- + ${{ runner.os }}- + + - name: Integration tests + env: + API_NAME: nest + BASE_URL: https://${{ github.event.repository.name }}-${{ inputs.target }}-frontend.apps.silver.devops.gov.bc.ca + run: | + cd integration-tests + npm ci + node src/main.js + + cypress-e2e: + name: E2E Tests + runs-on: ubuntu-22.04 + defaults: + run: + working-directory: frontend + strategy: + matrix: + browser: [chrome, firefox, edge] + timeout-minutes: 5 + steps: + - uses: actions/checkout@v4 + - id: cache-npm + uses: actions/cache@v3 + with: + path: ~/.npm + key: ${{ runner.os }}-build-cache-node-modules-${{ hashFiles('**/package-lock.json') }} + restore-keys: | + ${{ runner.os }}-build-cache-node-modules- + ${{ runner.os }}-build- + ${{ runner.os }}- + + - uses: cypress-io/github-action@v6 + name: Cypress run + env: + CYPRESS_baseUrl: https://${{ github.event.repository.name }}-${{ inputs.target }}-frontend.apps.silver.devops.gov.bc.ca/ + with: + config: pageLoadTimeout=10000 + working-directory: ./frontend + browser: ${{ matrix.browser }} + + - uses: actions/upload-artifact@v3 + if: failure() + with: + name: cypress-screenshots + path: ./cypress/screenshots + if-no-files-found: ignore # 'warn' or 'error' are also available, defaults to `warn` diff --git a/.github/workflows/analysis.yml b/.github/workflows/analysis.yml index 88cd07afa..a3bad6673 100644 --- a/.github/workflows/analysis.yml +++ b/.github/workflows/analysis.yml @@ -1,15 +1,12 @@ name: Analysis on: - pull_request: - types: - - opened - - reopened - - synchronize - - ready_for_review push: - branches: - - main + branches: [main] + pull_request: + types: [opened, reopened, synchronize, ready_for_review] + schedule: + - cron: "0 11 * * 0" # 3 AM PST = 12 PM UDT, runs sundays workflow_dispatch: concurrency: @@ -21,27 +18,28 @@ jobs: name: CodeQL if: github.event_name != 'pull_request' || !github.event.pull_request.draft runs-on: ubuntu-22.04 + timeout-minutes: 5 steps: - uses: actions/checkout@v4 - uses: github/codeql-action/init@v2 with: languages: javascript - - name: Autobuild - uses: github/codeql-action/autobuild@v2 - - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v2 + with: + category: "/language:javascript" # https://github.com/marketplace/actions/aqua-security-trivy trivy: - name: Security Scan + name: Trivy Security Scan + if: github.event_name != 'pull_request' || !github.event.pull_request.draft runs-on: ubuntu-22.04 + timeout-minutes: 1 steps: - uses: actions/checkout@v4 - - name: Run Trivy vulnerability scanner in repo mode - uses: aquasecurity/trivy-action@0.12.0 + uses: aquasecurity/trivy-action@0.14.0 with: format: "sarif" output: "trivy-results.sarif" @@ -56,33 +54,50 @@ jobs: sarif_file: "trivy-results.sarif" tests: - name: Unit Tests + name: Tests if: github.event_name != 'pull_request' || !github.event.pull_request.draft runs-on: ubuntu-22.04 + timeout-minutes: 5 + services: + postgres: + image: postgres + env: + POSTGRES_DB: postgres + POSTGRES_USER: postgres + POSTGRES_PASSWORD: postgres + options: >- + --health-cmd pg_isready + --health-interval 10s + --health-timeout 5s + --health-retries 5 + ports: + - 5432:5432 strategy: matrix: - #dir: [backend/vehicles, frontend] - dir: [backend/vehicles, backend/dops, frontend] + dir: [backend, frontend] include: - - dir: backend/vehicles - sonar_projectKey: bcgov_onroutebc_backend - token: SONAR_TOKEN_BACKEND - - dir: backend/dops - sonar_projectKey: bcgov_onroutebc_backend + - dir: backend + sonar_projectKey: quickstart-openshift_backend token: SONAR_TOKEN_BACKEND + triggers: ('backend/') - dir: frontend - sonar_projectKey: bcgov_onroutebc_frontend + sonar_projectKey: quickstart-openshift_frontend token: SONAR_TOKEN_FRONTEND + triggers: ('frontend/') steps: - - uses: bcgov-nr/action-test-and-analyse@v0.0.1 + - uses: bcgov-nr/action-test-and-analyse@v1.1.0 with: commands: | npm ci npm run test:cov dir: ${{ matrix.dir }} + node_version: "20" sonar_args: > - -Dsonar.exclusions=**/coverage/**,**/node_modules/** + -Dsonar.exclusions=**/coverage/**,**/node_modules/**,**/*spec.ts -Dsonar.organization=bcgov-sonarcloud - -Dsonar.project.monorepo.enabled=true -Dsonar.projectKey=${{ matrix.sonar_projectKey }} - sonar_project_token: ${{ secrets[matrix.token] }} + -Dsonar.sources=src + -Dsonar.tests.inclusions=**/*spec.ts + -Dsonar.javascript.lcov.reportPaths=./coverage/lcov.info + sonar_token: ${{ secrets[matrix.token] }} + triggers: ${{ matrix.triggers }} diff --git a/.github/workflows/charts-release.yaml b/.github/workflows/charts-release.yaml deleted file mode 100644 index 34b5b9e2d..000000000 --- a/.github/workflows/charts-release.yaml +++ /dev/null @@ -1,27 +0,0 @@ -name: Release Charts - -on: - push: - paths: - - 'charts/**' - branches: - - main - -jobs: - release: - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - - name: Configure Git - run: | - git config user.name "$GITHUB_ACTOR" - git config user.email "$GITHUB_ACTOR@users.noreply.github.com" - - - name: Run chart-releaser - uses: helm/chart-releaser-action@v1.5.0 - env: - CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml deleted file mode 100644 index ff42ff9f0..000000000 --- a/.github/workflows/deploy.yml +++ /dev/null @@ -1,159 +0,0 @@ -name: Deployments - -on: - workflow_call: - # Inputs the workflow accepts. - inputs: - environment: - description: 'Which environment to deploy to' - default: 'dev' - required: true - type: string - imagetag: - description: 'Which image tag to use' - default: 'test' - required: true - type: string - vault_zone: - description: 'Which vault zone to use' - default: 'dev' - required: true - type: string - zone: - description: 'Which zone to use' - default: 'dev' - required: true - type: string - workflow_dispatch: - # Inputs the workflow accepts. - inputs: - environment: - description: 'Which environment to deploy to' - default: 'dev' - required: true - type: choice - options: - - 'dev' - - 'test' - - 'prod' - imagetag: - description: 'Which image tag to use' - default: 'test' - required: true - type: string - vault_zone: - description: 'Which vault zone to use' - default: 'dev' - required: true - type: choice - options: - - 'dev' - - 'test' - - 'prod' - zone: - description: 'Which zone to use' - default: 'dev' - required: true - type: string -jobs: - deployments: - name: Deploy - environment: ${{inputs.environment}} - runs-on: ubuntu-22.04 - strategy: - max-parallel: 1 - fail-fast: true - matrix: - name: [backend/vehicles, backend/dops, frontend] - include: - - name: backend/vehicles - file: backend/vehicles/openshift.deploy.yml - overwrite: true - - name: backend/dops - file: backend/dops/openshift.deploy.yml - overwrite: true - - name: frontend - file: frontend/openshift.deploy.yml - overwrite: true - steps: - - name: Import Secrets - id: vault - uses: hashicorp/vault-action@v2 - with: - url: https://vault.developer.gov.bc.ca - token: ${{ secrets.VAULT_TOKEN }} - exportEnv: "false" - namespace: platform-services - secrets: | - ${{secrets.VAULT_ENVIRONMENT}}/data/database-${{inputs.vault_zone}} DATABASE_HOST | VAULT_DATABASE_HOST; - ${{secrets.VAULT_ENVIRONMENT}}/data/database-${{inputs.vault_zone}} DATABASE_USER | VAULT_DATABASE_USER; - ${{secrets.VAULT_ENVIRONMENT}}/data/database-${{inputs.vault_zone}} DATABASE_NAME | VAULT_DATABASE_NAME; - ${{secrets.VAULT_ENVIRONMENT}}/data/database-${{inputs.vault_zone}} DATABASE_PASSWORD | VAULT_DATABASE_PASSWORD; - ${{secrets.VAULT_ENVIRONMENT}}/data/database-${{inputs.vault_zone}} DATABASE_PORT | VAULT_DATABASE_PORT; - ${{secrets.VAULT_ENVIRONMENT}}/data/auth0-${{inputs.vault_zone}} AUTH0_ISSUER_URL | VAULT_AUTH0_ISSUER_URL; - ${{secrets.VAULT_ENVIRONMENT}}/data/auth0-${{inputs.vault_zone}} AUTH0_AUDIENCE | VAULT_AUTH0_AUDIENCE; - ${{secrets.VAULT_ENVIRONMENT}}/data/auth0-${{inputs.vault_zone}} AUTH0_IGNORE_EXP | VAULT_AUTH0_IGNORE_EXP; - ${{secrets.VAULT_ENVIRONMENT}}/data/auth0-${{inputs.vault_zone}} SITEMINDER_LOG_OFF_URL | VAULT_SITEMINDER_LOG_OFF_URL; - ${{secrets.VAULT_ENVIRONMENT}}/data/dops-${{inputs.vault_zone}} DOPS_CVSE_FORMS_CACHE_TTL_MS | VAULT_DOPS_CVSE_FORMS_CACHE_TTL_MS; - ${{secrets.VAULT_ENVIRONMENT}}/data/dops-${{inputs.vault_zone}} DOPS_S3_ACCESS_TYPE | VAULT_DOPS_S3_ACCESS_TYPE; - ${{secrets.VAULT_ENVIRONMENT}}/data/dops-${{inputs.vault_zone}} DOPS_S3_ACCESSKEYID | VAULT_DOPS_S3_ACCESSKEYID; - ${{secrets.VAULT_ENVIRONMENT}}/data/dops-${{inputs.vault_zone}} DOPS_S3_BUCKET | VAULT_DOPS_S3_BUCKET; - ${{secrets.VAULT_ENVIRONMENT}}/data/dops-${{inputs.vault_zone}} DOPS_S3_PRESIGNED_URL_EXPIRY | VAULT_DOPS_S3_PRESIGNED_URL_EXPIRY; - ${{secrets.VAULT_ENVIRONMENT}}/data/dops-${{inputs.vault_zone}} DOPS_S3_ENDPOINT | VAULT_DOPS_S3_ENDPOINT; - ${{secrets.VAULT_ENVIRONMENT}}/data/dops-${{inputs.vault_zone}} DOPS_S3_KEY | VAULT_DOPS_S3_KEY; - ${{secrets.VAULT_ENVIRONMENT}}/data/dops-${{inputs.vault_zone}} DOPS_S3_SECRETACCESSKEY | VAULT_DOPS_S3_SECRETACCESSKEY; - ${{secrets.VAULT_ENVIRONMENT}}/data/ches-${{inputs.vault_zone}} CHES_TOKEN_URL | VAULT_CHES_TOKEN_URL; - ${{secrets.VAULT_ENVIRONMENT}}/data/ches-${{inputs.vault_zone}} CHES_URL | VAULT_CHES_URL; - ${{secrets.VAULT_ENVIRONMENT}}/data/ches-${{inputs.vault_zone}} CHES_CLIENT_ID | VAULT_CHES_CLIENT_ID; - ${{secrets.VAULT_ENVIRONMENT}}/data/ches-${{inputs.vault_zone}} CHES_CLIENT_SECRET | VAULT_CHES_CLIENT_SECRET; - ${{secrets.VAULT_ENVIRONMENT}}/data/cdogs-${{inputs.vault_zone}} CDOGS_CLIENT_ID | VAULT_CDOGS_CLIENT_ID; - ${{secrets.VAULT_ENVIRONMENT}}/data/cdogs-${{inputs.vault_zone}} CDOGS_CLIENT_SECRET | VAULT_CDOGS_CLIENT_SECRET; - ${{secrets.VAULT_ENVIRONMENT}}/data/cdogs-${{inputs.vault_zone}} CDOGS_TOKEN_URL | VAULT_CDOGS_TOKEN_URL; - ${{secrets.VAULT_ENVIRONMENT}}/data/cdogs-${{inputs.vault_zone}} CDOGS_URL | VAULT_CDOGS_URL; - ${{secrets.VAULT_ENVIRONMENT}}/data/be-api-${{inputs.vault_zone}} NODE_ENV | VAULT_NODE_ENV; - ${{secrets.VAULT_ENVIRONMENT}}/data/payment-${{inputs.vault_zone}} PAYBC_API_KEY | VAULT_PAYBC_API_KEY; - ${{secrets.VAULT_ENVIRONMENT}}/data/payment-${{inputs.vault_zone}} PAYBC_REF_NUMBER | VAULT_PAYBC_REF_NUMBER; - ${{secrets.VAULT_ENVIRONMENT}}/data/payment-${{inputs.vault_zone}} PAYBC_BASE_URL | VAULT_PAYBC_BASE_URL; - ${{secrets.VAULT_ENVIRONMENT}}/data/payment-${{inputs.vault_zone}} GL_CODE | VAULT_GL_CODE; - - - uses: bcgov-nr/action-deployer-openshift@v1.3.0 - with: - file: ${{ matrix.file }} - oc_namespace: ${{inputs.environmnet }} - oc_server: ${{ secrets.OC_SERVER }} - oc_token: '${{ secrets.OC_TOKEN }}' - overwrite: ${{ matrix.overwrite }} - parameters: - -p ZONE=${{inputs.zone}} - -p NAME=${{ github.event.repository.name }} - -p PROMOTE=${{ github.repository }}/${{ matrix.name }}:${{inputs.imagetag}} - -p DATABASE_NAME=${{steps.vault.outputs.VAULT_DATABASE_NAME}} - -p DATABASE_USER=${{steps.vault.outputs.VAULT_DATABASE_USER}} - -p DATABASE_PASSWORD=${{steps.vault.outputs.VAULT_DATABASE_PASSWORD}} - -p DATABASE_HOST=${{steps.vault.outputs.VAULT_DATABASE_HOST}} - -p AUTH0_ISSUER_URL=${{steps.vault.outputs.VAULT_AUTH0_ISSUER_URL}} - -p AUTH0_AUDIENCE=${{steps.vault.outputs.VAULT_AUTH0_AUDIENCE}} - -p AUTH0_IGNORE_EXP=${{steps.vault.outputs.VAULT_AUTH0_IGNORE_EXP}} - -p SITEMINDER_LOG_OFF_URL=${{steps.vault.outputs.VAULT_SITEMINDER_LOG_OFF_URL}} - -p DOPS_CVSE_FORMS_CACHE_TTL_MS=${{steps.vault.outputs.VAULT_DOPS_CVSE_FORMS_CACHE_TTL_MS}} - -p DOPS_S3_ACCESS_TYPE=${{steps.vault.outputs.VAULT_DOPS_S3_ACCESS_TYPE}} - -p DOPS_S3_ACCESSKEYID=${{steps.vault.outputs.VAULT_DOPS_S3_ACCESSKEYID}} - -p DOPS_S3_BUCKET=${{steps.vault.outputs.VAULT_DOPS_S3_BUCKET}} - -p DOPS_S3_PRESIGNED_URL_EXPIRY=${{steps.vault.outputs.VAULT_DOPS_S3_PRESIGNED_URL_EXPIRY}} - -p DOPS_S3_ENDPOINT=${{steps.vault.outputs.VAULT_DOPS_S3_ENDPOINT}} - -p DOPS_S3_KEY=${{steps.vault.outputs.VAULT_DOPS_S3_KEY}} - -p DOPS_S3_SECRETACCESSKEY=${{steps.vault.outputs.VAULT_DOPS_S3_SECRETACCESSKEY}} - -p CHES_TOKEN_URL=${{steps.vault.outputs.VAULT_CHES_TOKEN_URL}} - -p CHES_CLIENT_ID=${{steps.vault.outputs.VAULT_CHES_CLIENT_ID}} - -p CHES_CLIENT_SECRET=${{steps.vault.outputs.VAULT_CHES_CLIENT_SECRET}} - -p CHES_URL=${{steps.vault.outputs.VAULT_CHES_URL}} - -p CDOGS_CLIENT_ID=${{steps.vault.outputs.VAULT_CDOGS_CLIENT_ID}} - -p CDOGS_CLIENT_SECRET=${{steps.vault.outputs.VAULT_CDOGS_CLIENT_SECRET}} - -p CDOGS_TOKEN_URL=${{steps.vault.outputs.VAULT_CDOGS_TOKEN_URL}} - -p CDOGS_URL=${{steps.vault.outputs.VAULT_CDOGS_URL}} - -p NODE_ENV=${{steps.vault.outputs.VAULT_NODE_ENV}} - -p PAYBC_API_KEY=${{steps.vault.outputs.VAULT_PAYBC_API_KEY}} - -p PAYBC_REF_NUMBER=${{steps.vault.outputs.VAULT_PAYBC_REF_NUMBER}} - -p PAYBC_BASE_URL=${{steps.vault.outputs.VAULT_PAYBC_BASE_URL}} - -p GL_CODE=${{steps.vault.outputs.VAULT_GL_CODE}} - ${{ matrix.parameters }} diff --git a/.github/workflows/merge.yml b/.github/workflows/merge.yml index b2f332851..a57082c2f 100644 --- a/.github/workflows/merge.yml +++ b/.github/workflows/merge.yml @@ -1,10 +1,8 @@ name: Merge on: - workflow_run: - workflows: [PR Closed] - types: [completed] - workflow_dispatch: + push: + tags: [v*] concurrency: group: ${{ github.workflow }} @@ -12,149 +10,25 @@ concurrency: jobs: deploys-test: - name: Deploy images to test - uses: ./.github/workflows/deploy.yml - with: - environment: 'test' - imagetag: 'latest' # we promote AFTER successful deploy of candidate - vault_zone: 'test' - zone: 'test' + name: Deploys (test) + uses: ./.github/workflows/.deploy.yml secrets: inherit - - image-promotion-test: - name: Tag images with test - needs: - - deploys-test - runs-on: ubuntu-22.04 - strategy: - matrix: - component: [backend/vehicles, backend/dops, frontend] - steps: - - uses: shrink/actions-docker-registry-tag@v3 - with: - registry: ghcr.io - repository: ${{ github.repository }}/${{ matrix.component }} - target: latest - tags: test - - GitVersion: - name: Mainline Versioning - GitVersion - needs: - - deploys-test - runs-on: ubuntu-22.04 - steps: - - name: Checkout Code - uses: actions/checkout@v4 - with: - ref: ${{ github.head_ref }} # checkout the correct branch name - fetch-depth: 0 # fetch the whole repo history - - - name: Setup GitVersion - uses: gittools/actions/gitversion/setup@v0.10.2 - with: - versionSpec: "5.x" - - - name: Determine SemVersion - id: gitversion - uses: gittools/actions/gitversion/execute@v0.10.2 - with: - useConfigFile: true - configFilePath: GitVersion.yaml + with: + tag: ${{ github.ref_name }} + target: test - - name: Display GitVersion outputs - run: | - echo "Major: ${{ steps.gitversion.outputs.major }}" - echo "Minor: ${{ steps.gitversion.outputs.minor }}" - echo "Patch: ${{ steps.gitversion.outputs.patch }}" - echo "PreReleaseTag: ${{ steps.gitversion.outputs.preReleaseTag }}" - echo "PreReleaseTagWithDash: ${{ steps.gitversion.outputs.preReleaseTagWithDash }}" - echo "PreReleaseLabel: ${{ steps.gitversion.outputs.preReleaseLabel }}" - echo "PreReleaseNumber: ${{ steps.gitversion.outputs.preReleaseNumber }}" - echo "WeightedPreReleaseNumber: ${{ steps.gitversion.outputs.weightedPreReleaseNumber }}" - echo "BuildMetaData: ${{ steps.gitversion.outputs.buildMetaData }}" - echo "BuildMetaDataPadded: ${{ steps.gitversion.outputs.buildMetaDataPadded }}" - echo "FullBuildMetaData: ${{ steps.gitversion.outputs.fullBuildMetaData }}" - echo "MajorMinorPatch: ${{ steps.gitversion.outputs.majorMinorPatch }}" - echo "SemVer: ${{ steps.gitversion.outputs.semVer }}" - echo "LegacySemVer: ${{ steps.gitversion.outputs.legacySemVer }}" - echo "LegacySemVerPadded: ${{ steps.gitversion.outputs.legacySemVerPadded }}" - echo "AssemblySemVer: ${{ steps.gitversion.outputs.assemblySemVer }}" - echo "AssemblySemFileVer: ${{ steps.gitversion.outputs.assemblySemFileVer }}" - echo "FullSemVer: ${{ steps.gitversion.outputs.fullSemVer }}" - echo "InformationalVersion: ${{ steps.gitversion.outputs.informationalVersion }}" - echo "BranchName: ${{ steps.gitversion.outputs.branchName }}" - echo "EscapedBranchName: ${{ steps.gitversion.outputs.escapedBranchName }}" - echo "Sha: ${{ steps.gitversion.outputs.sha }}" - echo "ShortSha: ${{ steps.gitversion.outputs.shortSha }}" - echo "NuGetVersionV2: ${{ steps.gitversion.outputs.nuGetVersionV2 }}" - echo "NuGetVersion: ${{ steps.gitversion.outputs.nuGetVersion }}" - echo "NuGetPreReleaseTagV2: ${{ steps.gitversion.outputs.nuGetPreReleaseTagV2 }}" - echo "NuGetPreReleaseTag: ${{ steps.gitversion.outputs.nuGetPreReleaseTag }}" - echo "VersionSourceSha: ${{ steps.gitversion.outputs.versionSourceSha }}" - echo "CommitsSinceVersionSource: ${{ steps.gitversion.outputs.commitsSinceVersionSource }}" - echo "CommitsSinceVersionSourcePadded: ${{ steps.gitversion.outputs.commitsSinceVersionSourcePadded }}" - echo "UncommittedChanges: ${{ steps.gitversion.outputs.uncommittedChanges }}" - echo "CommitDate: ${{ steps.gitversion.outputs.commitDate }}" - outputs: - fullSemVer: ${{ steps.gitversion.outputs.fullSemVer}} + integration-e2e: + name: Integration and E2E Tests + needs: [deploys-test] + uses: ./.github/workflows/.tests.yml + with: + target: test - create-release: - name: Create Release - runs-on: ubuntu-22.04 - needs: - - GitVersion - steps: - - uses: actions/create-release@v1 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - tag_name: ${{ needs.GitVersion.outputs.fullSemVer }} - release_name: Release ${{ needs.GitVersion.outputs.fullSemVer }} - draft: false - prerelease: false - - image-promotion-release: - name: Tag images with Release Version - needs: - - GitVersion - - create-release - runs-on: ubuntu-22.04 - strategy: - matrix: - component: [backend/vehicles, backend/dops, frontend] - steps: - - uses: shrink/actions-docker-registry-tag@v3 - with: - registry: ghcr.io - repository: ${{ github.repository }}/${{ matrix.component }} - target: test - tags: ${{ needs.GitVersion.outputs.fullSemVer }} - deploys-prod: - name: Deploy images to prod - needs: - - GitVersion - - image-promotion-release - uses: ./.github/workflows/deploy.yml - with: - environment: 'prod' - imagetag: 'test' - vault_zone: 'prod' - zone: 'prod' + name: Deploys (prod) + needs: [integration-e2e] + uses: ./.github/workflows/.deploy.yml secrets: inherit - - image-promotion-prod: - name: Tag images with Prod Version - needs: - - deploys-prod - runs-on: ubuntu-22.04 - strategy: - matrix: - component: [backend/vehicles, backend/dops, frontend] - steps: - - uses: shrink/actions-docker-registry-tag@v3 - with: - registry: ghcr.io - repository: ${{ github.repository }}/${{ matrix.component }} - target: test - tags: prod + with: + tag: ${{ github.ref_name }} + target: prod diff --git a/.github/workflows/pentests.yml b/.github/workflows/pentests.yml deleted file mode 100644 index 521ed7a61..000000000 --- a/.github/workflows/pentests.yml +++ /dev/null @@ -1,29 +0,0 @@ -name: Penetration Tests - -on: - schedule: [cron: "0 11 * * 6"] # 3 AM PST = 12 PM UDT, Saturdays - workflow_dispatch: - -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true - -jobs: - zap_scan: - name: Penetration Tests - env: - DOMAIN: apps.silver.devops.gov.bc.ca - PREFIX: ${{ github.event.repository.name }}-test - runs-on: ubuntu-latest - strategy: - matrix: - name: [backend-dops, backend-vehicles, frontend] - steps: - - name: ZAP Scan - uses: zaproxy/action-full-scan@v0.7.0 - with: - allow_issue_writing: true - artifact_name: "zap_${{ matrix.name }}" - cmd_options: "-a" - issue_title: "ZAP: ${{ matrix.name }}" - target: https://${{ env.PREFIX }}-${{ matrix.name }}.${{ env.DOMAIN }} diff --git a/.github/workflows/pr-close.yml b/.github/workflows/pr-close.yml index 414d34efc..3b9feef1f 100644 --- a/.github/workflows/pr-close.yml +++ b/.github/workflows/pr-close.yml @@ -2,45 +2,77 @@ name: PR Closed on: pull_request: - types: - - closed + branches: [main] + types: [closed] concurrency: - group: ${{ github.workflow }}-${{ github.ref }} + # PR open and close use the same group, allowing only one at a time + group: pr-${{ github.workflow }}-${{ github.event.number }} cancel-in-progress: true jobs: # Clean up OpenShift when PR closed, no conditions cleanup-openshift: name: Cleanup OpenShift + env: + name: ${{ github.event.repository.name }}-${{ github.event.number }} runs-on: ubuntu-22.04 + timeout-minutes: 10 steps: - name: Remove OpenShift artifacts run: | - oc login --token=${{ secrets.OC_TOKEN }} --server=${{ secrets.OC_SERVER }} - oc project ${{ secrets.OC_NAMESPACE }} + oc login --token=${{ secrets.OC_TOKEN }} --server=${{ vars.OC_SERVER }} + oc project ${{ vars.OC_NAMESPACE }} - # Remove old build runs, build pods and deployment pods - oc delete all,pvc,secret,configmap -l app=${{ github.event.repository.name }}-${{ github.event.number }} + # If found, then remove + helm status ${{ env.name }} && helm uninstall --no-hooks ${{ env.name }} || \ + echo "Not found: ${{ env.name }}" - - name: Authenticate and set context - uses: redhat-actions/oc-login@v1 - with: - openshift_server_url: ${{ secrets.OC_SERVER }} - openshift_token: ${{ secrets.OC_TOKEN }} - namespace: ${{ secrets.OC_NAMESPACE }} - - image-promotion-test: - name: Image Promotions + # Remove Bitnami Crunchy PVCs + oc delete pvc data-${{ github.event.repository.name }}-${{ github.event.number }}-bitnami-pg-0 + + semver: + name: Semantic Version if: github.event.pull_request.merged == true && github.event.pull_request.base.ref == 'main' + outputs: + tag: ${{ steps.semver.outputs.tag }} + runs-on: ubuntu-22.04 + timeout-minutes: 1 + steps: + - uses: actions/checkout@v4 + - name: Conventional Changelog Update + uses: TriPSs/conventional-changelog-action@v4 + id: semver + with: + git-branch: refs/heads/${{ github.head_ref }} + git-push: "false" + github-token: ${{ github.token }} + skip-commit: "true" + skip-on-empty: "false" + skip-version-file: "true" + + - name: Create Tags + if: ${{ steps.semver.outputs.tag != '' }} + run: | + git tag ${{ steps.changelog.outputs.tag }} + git push origin --tag + + # If merged into main, then handle any image promotions + tag-images: + name: Tag Images + if: ${{ needs.semver.outputs.tag != '' }} + needs: [semver] runs-on: ubuntu-22.04 + permissions: + packages: write strategy: matrix: - package: [backend/vehicles, backend/dops, frontend] + package: [migrations, backend, frontend] + timeout-minutes: 2 steps: - uses: shrink/actions-docker-registry-tag@v3 with: registry: ghcr.io repository: ${{ github.repository }}/${{ matrix.package }} target: ${{ github.event.number }} - tags: latest + tags: ${{ needs.semver.outputs.tag }} diff --git a/.github/workflows/pr-open.yml b/.github/workflows/pr-open.yml index 7fe5ad204..863719a8e 100644 --- a/.github/workflows/pr-open.yml +++ b/.github/workflows/pr-open.yml @@ -2,23 +2,34 @@ name: PR on: pull_request: + branches: [main] + workflow_dispatch: concurrency: - group: ${{ github.workflow }}-${{ github.ref }} + # PR open and close use the same group, allowing only one at a time + group: pr-${{ github.workflow }}-${{ github.event.number }} cancel-in-progress: true jobs: - pr-greeting: - name: PR Greeting + conventional-commits: + name: Conventional Commits + runs-on: ubuntu-22.04 + steps: + - uses: amannn/action-semantic-pull-request@v5.4.0 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + pr-description-add: + name: PR Description Add env: DOMAIN: apps.silver.devops.gov.bc.ca PREFIX: ${{ github.event.repository.name }}-${{ github.event.number }} runs-on: ubuntu-22.04 permissions: pull-requests: write + timeout-minutes: 1 steps: - - name: PR Greeting - uses: bcgov-nr/action-pr-description-add@v0.0.2 + - uses: bcgov-nr/action-pr-description-add@v1.1.0 with: github_token: ${{ secrets.GITHUB_TOKEN }} add_markdown: | @@ -26,14 +37,17 @@ jobs: Thanks for the PR! - Any successful deployments (not always required) will be available below. - [Backend - Vehicles](https://${{ env.PREFIX }}-backend-vehicles.${{ env.DOMAIN }}/) available - [Backend - DOPS](https://${{ env.PREFIX }}-backend-dops.${{ env.DOMAIN }}/) available - [Frontend](https://${{ env.PREFIX }}-frontend.${{ env.DOMAIN }}/) available + Deployments, as required, will be available below: + - [Frontend](https://${{ env.PREFIX }}-frontend.${{ env.DOMAIN }}) + - [Backend](https://${{ env.PREFIX }}-frontend.${{ env.DOMAIN }}/api) + + Please create PRs in draft mode. Mark as ready to enable: + - [Analysis Workflow](https://github.com/${{ github.repository }}/actions/workflows/analysis.yml) - Once merged, code will be promoted and handed off to following workflow run. - [Main Merge Workflow](https://github.com/${{ github.repository }}/actions/workflows/merge-main.yml) + After merge, new images are promoted to: + - [Merge Workflow](https://github.com/${{ github.repository }}/actions/workflows/merge-main.yml) + # https://github.com/bcgov-nr/action-builder-ghcr builds: name: Builds runs-on: ubuntu-22.04 @@ -41,23 +55,23 @@ jobs: packages: write strategy: matrix: - package: [backend/vehicles, backend/dops, frontend] + package: [migrations, backend, frontend] + timeout-minutes: 10 steps: - - uses: actions/checkout@v4 - - uses: bcgov-nr/action-builder-ghcr@v1.1.2 + - uses: bcgov-nr/action-builder-ghcr@v2.0.0 with: + keep_versions: 50 package: ${{ matrix.package }} tag: ${{ github.event.number }} tag_fallback: test - token: ${{ secrets.GITHUB_TOKEN }} - triggers: ( '${{ matrix.package }}/') - + triggers: ('${{ matrix.package }}/') + + # https://github.com/bcgov-nr/action-deployer-openshift deploys: + name: Deploys needs: [builds] - uses: ./.github/workflows/deploy.yml - with: - environment: 'dev' - imagetag: ${{ github.event.number }} - vault_zone: 'dev' - zone: ${{ github.event.number }} + uses: ./.github/workflows/.deploy.yml secrets: inherit + with: + autoscaling: false + target: ${{ github.event.number }} diff --git a/.github/workflows/release-to-uat.yml b/.github/workflows/release-to-uat.yml deleted file mode 100644 index 3682577fa..000000000 --- a/.github/workflows/release-to-uat.yml +++ /dev/null @@ -1,30 +0,0 @@ -# This is a basic workflow that is manually triggered - -name: Testing manual workflow - Release to UAT - -# Controls when the action will run. Workflow runs when manually triggered using the UI -# or API. -on: - workflow_dispatch: - # Inputs the workflow accepts. - inputs: - name: - # Friendly description to be shown in the UI instead of 'name' - description: 'Person to greet' - # Default value if no value is explicitly provided - default: 'World' - # Input has to be provided for the workflow to run - required: true - -# A workflow run is made up of one or more jobs that can run sequentially or in parallel -jobs: - # This workflow contains a single job called "greet" - greet: - # The type of runner that the job will run on - runs-on: ubuntu-latest - - # Steps represent a sequence of tasks that will be executed as part of the job - steps: - # Runs a single command using the runners shell - - name: Send greeting - run: echo "Hello ${{ github.event.inputs.name }}" diff --git a/.github/workflows/scheduled.yml b/.github/workflows/scheduled.yml new file mode 100644 index 000000000..a988d75a5 --- /dev/null +++ b/.github/workflows/scheduled.yml @@ -0,0 +1,113 @@ +name: Scheduled + +on: + schedule: [cron: "0 11 * * 6"] # 3 AM PST = 12 PM UDT, Saturdays + workflow_dispatch: + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +jobs: + zap_scan: + runs-on: ubuntu-latest + name: Penetration Tests + env: + DOMAIN: apps.silver.devops.gov.bc.ca + PREFIX: ${{ github.event.repository.name }}-test + strategy: + matrix: + name: [backend, frontend] + steps: + - name: ZAP Scan + uses: zaproxy/action-full-scan@v0.8.0 + with: + allow_issue_writing: true + artifact_name: "zap_${{ matrix.name }}" + cmd_options: "-a" + issue_title: "ZAP: ${{ matrix.name }}" + target: https://${{ env.PREFIX }}-${{ matrix.name }}.${{ env.DOMAIN }} + + generate-schema-spy: + name: Generate SchemaSpy Documentation + runs-on: ubuntu-22.04 + services: + postgres: + image: postgres + env: + POSTGRES_DB: default + POSTGRES_USER: default + POSTGRES_PASSWORD: default + options: >- + --health-cmd pg_isready + --health-interval 10s + --health-timeout 5s + --health-retries 5 + ports: + - 5432:5432 + timeout-minutes: 10 + steps: + - uses: actions/checkout@v4 + - uses: joshuaavalon/flyway-action@v3.0.0 + name: Generate SchemaSpy docs for node backend + with: + url: jdbc:postgresql://postgres:5432/default + user: default + password: default + env: + FLYWAY_VALIDATE_MIGRATION_NAMING: true + FLYWAY_LOCATIONS: filesystem:./migrations + FLYWAY_DEFAULT_SCHEMA: "users" + + - name: Create Output Folder + run: | + mkdir output + chmod a+rwx -R output + + - name: Run Schemaspy + run: docker run --network host -v "$PWD/output:/output" schemaspy/schemaspy:6.2.4 -t pgsql -db default -host 127.0.0.1 -port 5432 -u default -p default -schemas users + - name: Deploy to Pages + uses: JamesIves/github-pages-deploy-action@v4 + with: + folder: output + target-folder: schemaspy + + ageOutPRs: + name: PR Env Purge + env: + # https://tecadmin.net/getting-yesterdays-date-in-bash/ + CUTOFF: "1 week ago" + runs-on: ubuntu-latest + timeout-minutes: 10 + steps: + - name: Clean up Helm Releases + run: | + # Clean up Helm Releases + + # Login to OpenShift (NOTE: project command is a safeguard) + oc login --token=${{ secrets.OC_TOKEN }} --server=${{ vars.OC_SERVER }} + oc project ${{ vars.OC_NAMESPACE }} + + # Echos + echo "Delete stale Helm releases" + echo "Cutoff: ${{ env.CUTOFF }}" + + # Before date, list of releases + BEFORE=$(date +%s -d "${{ env.CUTOFF }}") + RELEASES=$(helm ls -aq) + + # If releases, then iterate + [ -z "${RELEASES}" ]|| for r in ${RELEASES[@]}; do + + # Get last update and convert the date + UPDATED=$(date "+%s" -d <<< echo $(helm status $r -o json | jq -r .info.last_deployed)) + + # Compare to cutoff and delete as necessary + if [[ ${UPDATED} < ${BEFORE} ]]; then + echo -e "\nOlder than cutoff: ${r}" + helm uninstall --no-hooks ${r} + else + echo -e "\nNewer than cutoff: ${r}" + echo "No need to delete" + fi + done diff --git a/charts/onroutebc/Chart.yaml b/charts/onroutebc/Chart.yaml index 73b68e9b6..ccc73a1b7 100644 --- a/charts/onroutebc/Chart.yaml +++ b/charts/onroutebc/Chart.yaml @@ -7,14 +7,14 @@ version: 1.0.0 appVersion: "1.16.0" dependencies: # A list of the chart requirements (optional) - name: component - repository: "https://bcgov.github.io/helm-service" + repository: "file:///home/ubuntu/helm-service/charts/component" alias: frontend - version: 0.0.14 + version: 0.0.17 - name: component - repository: "https://bcgov.github.io/helm-service" + repository: "file:///home/ubuntu/helm-service/charts/component" alias: vehicles - version: 0.0.14 + version: 0.0.17 - name: component - repository: "https://bcgov.github.io/helm-service" + repository: "file:///home/ubuntu/helm-service/charts/component" alias: dops - version: 0.0.14 + version: 0.0.17