Feature/helm deployment pipeline

.github/CODEOWNERS

@@ -1,8 +1,8 @@
 # Default codeowners:
-* @john-fletcher-aot @gchauhan-aot @praju-aot @krishnan-aot @zgong-gov
+* @john-fletcher-aot @gchauhan-aot @praju-aot @krishnan-aot
 
 # Frontend:
-/frontend/** @krishnan-aot @erikataot @zgong-gov
+/frontend/** @krishnan-aot
 
 # Backend:
 /backend/**  @gchauhan-aot @praju-aot

.github/workflows/.deploy.yml

@@ -0,0 +1,81 @@
+name: Deploy Workflow
+
+on:
+  workflow_call:
+    inputs:
+      ### Required
+      target:
+        description: 'PR number, test or prod.'
+        required: true
+        type: string
+
+      ### Typical / recommended
+      autoscaling:
+        description: 'Autoscaling enabled or not for the deployments'
+        required: false
+        type: boolean
+        default: true
+      tag:
+        description: 'Docker tag; e.g. PR number, tag, test or prod'
+        required: false
+        type: string
+        default: ${{ github.event.number }}
+
+      ### Usually a bad idea / not recommended
+      directory:
+        description: 'Chart directory.'
+        default: 'charts/${{ github.event.repository.name }}'
+        required: false
+        type: string
+      timeout-minutes:
+        description: 'Timeout minutes'
+        default: 10
+        required: false
+        type: number
+      values:
+        description: 'Values file.'
+        default: 'values.yaml'
+        required: false
+        type: string
+
+jobs:
+  # https://github.com/bcgov-nr/action-deployer-openshift
+  deploys:
+    name: Helm
+    environment: ${{ github.event.number || github.event.release.tag_name }}
+    runs-on: ubuntu-22.04
+    timeout-minutes: ${{ inputs.timeout-minutes }}
+    steps:
+      - uses: actions/checkout@v4
+      - name: Deploy
+        working-directory: ${{ inputs.directory }}
+        shell: bash
+        run: |
+          # Login to OpenShift (NOTE: project command is a safeguard)
+          oc login --token=${{ secrets.oc_token }} --server=${{ vars.oc_server }}
+          oc project ${{ vars.oc_namespace }}
+
+          # Interrupt any previous jobs (status = pending-upgrade)
+          PREVIOUS=$(helm status ${{ github.event.repository.name }}-${{ inputs.target }} -o json | jq .info.status || true)
+          if [[ ${PREVIOUS} =~ pending ]]; then
+            echo "Rollback triggered"
+            helm rollback ${{ github.event.repository.name }}-${{ inputs.target }} || \
+              helm uninstall ${{ github.event.repository.name }}-${{ inputs.target }}
+          fi
+
+          # Deploy Helm Chart
+          helm dependency update
+          helm upgrade \
+            --set global.autoscaling=${{ inputs.autoscaling }} \
+            --set-string global.repository=${{ github.repository }} \
+            --set-string global.secrets.databasePassword=${{ secrets.DB_PASSWORD }} \
+            --set-string global.tag="${{ inputs.target }}" \
+            --set-string backend.containers[0].tag="${{ inputs.target }}" \
+            --set-string backend.initContainers[0].tag="${{ inputs.target }}" \
+            --set-string frontend.containers[0].tag="${{ inputs.target }}" \
+            --install --wait --atomic ${{ github.event.repository.name }}-${{ inputs.target }} \
+            --timeout ${{ inputs.timeout-minutes }}m \
+            --values ${{ inputs.values }} .
+
+          # Remove old build runs, build pods and deployment pods
+          oc delete po --field-selector=status.phase==Succeeded

.github/workflows/.tests.yml

@@ -0,0 +1,74 @@
+name: Test Workflow
+
+on:
+  workflow_call:
+    inputs:
+      ### Required
+      target:
+        description: 'PR number, test or prod.'
+        required: true
+        type: string
+
+jobs:
+  integration-tests:
+    name: Integration Tests
+    runs-on: ubuntu-22.04
+    timeout-minutes: 1
+    steps:
+      - uses: actions/checkout@v4
+      - id: cache-npm
+        uses: actions/cache@v3
+        with:
+          path: ~/.npm
+          key: ${{ runner.os }}-build-cache-node-modules-${{ hashFiles('**/package-lock.json') }}
+          restore-keys: |
+            ${{ runner.os }}-build-cache-node-modules-
+            ${{ runner.os }}-build-
+            ${{ runner.os }}-
+
+      - name: Integration tests
+        env:
+          API_NAME: nest
+          BASE_URL: https://${{ github.event.repository.name }}-${{ inputs.target }}-frontend.apps.silver.devops.gov.bc.ca
+        run: |
+          cd integration-tests
+          npm ci
+          node src/main.js
+
+  cypress-e2e:
+    name: E2E Tests
+    runs-on: ubuntu-22.04
+    defaults:
+      run:
+        working-directory: frontend
+    strategy:
+      matrix:
+        browser: [chrome, firefox, edge]
+    timeout-minutes: 5
+    steps:
+      - uses: actions/checkout@v4
+      - id: cache-npm
+        uses: actions/cache@v3
+        with:
+          path: ~/.npm
+          key: ${{ runner.os }}-build-cache-node-modules-${{ hashFiles('**/package-lock.json') }}
+          restore-keys: |
+            ${{ runner.os }}-build-cache-node-modules-
+            ${{ runner.os }}-build-
+            ${{ runner.os }}-
+
+      - uses: cypress-io/github-action@v6
+        name: Cypress run
+        env:
+          CYPRESS_baseUrl: https://${{ github.event.repository.name }}-${{ inputs.target }}-frontend.apps.silver.devops.gov.bc.ca/
+        with:
+          config: pageLoadTimeout=10000
+          working-directory: ./frontend
+          browser: ${{ matrix.browser }}
+
+      - uses: actions/upload-artifact@v3
+        if: failure()
+        with:
+          name: cypress-screenshots
+          path: ./cypress/screenshots
+          if-no-files-found: ignore # 'warn' or 'error' are also available, defaults to `warn`

.github/workflows/analysis.yml

@@ -1,15 +1,12 @@
 name: Analysis
 
 on:
-  pull_request:
-    types:
-      - opened
-      - reopened
-      - synchronize
-      - ready_for_review
   push:
-    branches:
-      - main
+    branches: [main]
+  pull_request:
+    types: [opened, reopened, synchronize, ready_for_review]
+  schedule:
+    - cron: "0 11 * * 0" # 3 AM PST = 12 PM UDT, runs sundays
   workflow_dispatch:
 
 concurrency:
@@ -21,27 +18,28 @@ jobs:
     name: CodeQL
     if: github.event_name != 'pull_request' || !github.event.pull_request.draft
     runs-on: ubuntu-22.04
+    timeout-minutes: 5
     steps:
       - uses: actions/checkout@v4
       - uses: github/codeql-action/init@v2
         with:
           languages: javascript
 
-      - name: Autobuild
-        uses: github/codeql-action/autobuild@v2
-
       - name: Perform CodeQL Analysis
         uses: github/codeql-action/analyze@v2
+        with:
+          category: "/language:javascript"
 
   # https://github.com/marketplace/actions/aqua-security-trivy
   trivy:
-    name: Security Scan
+    name: Trivy Security Scan
+    if: github.event_name != 'pull_request' || !github.event.pull_request.draft
     runs-on: ubuntu-22.04
+    timeout-minutes: 1
     steps:
       - uses: actions/checkout@v4
-
       - name: Run Trivy vulnerability scanner in repo mode
-        uses: aquasecurity/trivy-action@0.12.0
+        uses: aquasecurity/trivy-action@0.14.0
         with:
           format: "sarif"
           output: "trivy-results.sarif"
@@ -56,33 +54,50 @@ jobs:
           sarif_file: "trivy-results.sarif"
 
   tests:
-    name: Unit Tests
+    name: Tests
     if: github.event_name != 'pull_request' || !github.event.pull_request.draft
     runs-on: ubuntu-22.04
+    timeout-minutes: 5
+    services:
+      postgres:
+        image: postgres
+        env:
+          POSTGRES_DB: postgres
+          POSTGRES_USER: postgres
+          POSTGRES_PASSWORD: postgres
+        options: >-
+          --health-cmd pg_isready
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
+        ports:
+          - 5432:5432
     strategy:
       matrix:
-        #dir: [backend/vehicles, frontend]
-        dir: [backend/vehicles, backend/dops, frontend]
+        dir: [backend, frontend]
         include:
-          - dir: backend/vehicles
-            sonar_projectKey: bcgov_onroutebc_backend
-            token: SONAR_TOKEN_BACKEND
-          - dir: backend/dops
-            sonar_projectKey: bcgov_onroutebc_backend
+          - dir: backend
+            sonar_projectKey: quickstart-openshift_backend
             token: SONAR_TOKEN_BACKEND
+            triggers: ('backend/')
           - dir: frontend
-            sonar_projectKey: bcgov_onroutebc_frontend
+            sonar_projectKey: quickstart-openshift_frontend
             token: SONAR_TOKEN_FRONTEND
+            triggers: ('frontend/')
     steps:
-      - uses: bcgov-nr/action-test-and-analyse@v0.0.1
+      - uses: bcgov-nr/action-test-and-analyse@v1.1.0
         with:
           commands: |
             npm ci
             npm run test:cov
           dir: ${{ matrix.dir }}
+          node_version: "20"
           sonar_args: >
-            -Dsonar.exclusions=**/coverage/**,**/node_modules/**
+            -Dsonar.exclusions=**/coverage/**,**/node_modules/**,**/*spec.ts
             -Dsonar.organization=bcgov-sonarcloud
-            -Dsonar.project.monorepo.enabled=true
             -Dsonar.projectKey=${{ matrix.sonar_projectKey }}
-          sonar_project_token: ${{ secrets[matrix.token] }}
+            -Dsonar.sources=src
+            -Dsonar.tests.inclusions=**/*spec.ts
+            -Dsonar.javascript.lcov.reportPaths=./coverage/lcov.info
+          sonar_token: ${{ secrets[matrix.token] }}
+          triggers: ${{ matrix.triggers }}