Merge pull request #36 from ADORSYS-GIS/feat/deploy-over-argocd

feat: added deployment files for dev in "dev.webank.gis.ssegning.com"
ADORSYS-GIS · Feb 5, 2025 · 2124c00 · 2124c00
2 parents ed0b05f + f4fd82d
commit 2124c00
Show file tree

Hide file tree

Showing 33 changed files with 772 additions and 42 deletions.
diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml
@@ -9,7 +9,6 @@ on:
         type: choice
         options:
           - dev
-  push: null
   pull_request: null
 
 defaults:
@@ -120,6 +119,14 @@ jobs:
           echo "TF_VAR_cert_arn=${{ vars.CERT_ARN }}" >> $GITHUB_ENV
           echo "TF_VAR_region=${{ vars.AWS_REGION }}" >> $GITHUB_ENV
           echo "TF_VAR_zone_name=${{ vars.DOMAIN_NAME }}" >> $GITHUB_ENV
+          echo "TF_VAR_prs_private_key=${{ secrets.SERVER_PRIVATE_KEY_JSON }}" >> $GITHUB_ENV
+          echo "TF_VAR_prs_public_key=${{ secrets.SERVER_PUBLIC_KEY_JSON }}" >> $GITHUB_ENV
+          echo "TF_VAR_jwt_issuer=${{ vars.JWT_ISSUER }}" >> $GITHUB_ENV
+          echo "TF_VAR_jwt_expiration=${{ vars.JWT_EXPIRATION_TIME_MS }}" >> $GITHUB_ENV
+          echo "TF_VAR_twilio_account_sid=${{ vars.TWILIO_ACCOUNT_SID }}" >> $GITHUB_ENV
+          echo "TF_VAR_twilio_auth_token=${{ vars.TWILIO_AUTH_TOKEN }}" >> $GITHUB_ENV
+          echo "TF_VAR_twilio_phone_number=${{ vars.TWILIO_PHONE_NUMBER }}" >> $GITHUB_ENV
+          echo "TF_VAR_otp_salt=${{ secrets.OTP_SALT }}" >> $GITHUB_ENV
 
       - name: Terraform Init
         run: |

diff --git a/.github/workflows/destroy.yaml b/.github/workflows/destroy.yaml
@@ -2,8 +2,6 @@ name: Terraform Destroy
 
 on:
   workflow_dispatch:
-  push: null
-  pull_request: null
 
 defaults:
   run:
@@ -55,6 +53,14 @@ jobs:
           echo "TF_VAR_cert_arn=${{ vars.CERT_ARN }}" >> $GITHUB_ENV
           echo "TF_VAR_region=${{ vars.AWS_REGION }}" >> $GITHUB_ENV
           echo "TF_VAR_zone_name=${{ vars.DOMAIN_NAME }}" >> $GITHUB_ENV
+          echo "TF_VAR_prs_private_key=${{ secrets.SERVER_PRIVATE_KEY_JSON }}" >> $GITHUB_ENV
+          echo "TF_VAR_prs_public_key=${{ secrets.SERVER_PUBLIC_KEY_JSON }}" >> $GITHUB_ENV
+          echo "TF_VAR_jwt_issuer=${{ vars.JWT_ISSUER }}" >> $GITHUB_ENV
+          echo "TF_VAR_jwt_expiration=${{ vars.JWT_EXPIRATION_TIME_MS }}" >> $GITHUB_ENV
+          echo "TF_VAR_twilio_account_sid=${{ vars.TWILIO_ACCOUNT_SID }}" >> $GITHUB_ENV
+          echo "TF_VAR_twilio_auth_token=${{ vars.TWILIO_AUTH_TOKEN }}" >> $GITHUB_ENV
+          echo "TF_VAR_twilio_phone_number=${{ vars.TWILIO_PHONE_NUMBER }}" >> $GITHUB_ENV
+          echo "TF_VAR_otp_salt=${{ secrets.OTP_SALT }}" >> $GITHUB_ENV
 
       - name: Terraform Init
         run: |
@@ -63,6 +69,16 @@ jobs:
           -backend-config="bucket=webank-dev-terraform-state" \
           -backend-config="dynamodb_table=webank-dev-terraform-state-lock"
 
+
+      - name: Unlock Terraform State (if locked)
+        run: |
+              LOCK_ID="1253bdff-64c5-6801-2691-ac16ddaa37db"
+              echo "Attempting to unlock Terraform state with ID: $LOCK_ID"
+              terraform force-unlock -force "$LOCK_ID"
+              echo "Terraform state unlock attempt completed."
+        
+
+
       - name: Terraform Plan
         run: |
           terraform plan -destroy -var-file=${{ matrix.name }}.tfvars -out=plan.tfplan

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -4,6 +4,7 @@ on:
   push:
     branches:
       - main
+      - feat/deploy-over-argocd
 
 jobs:
   release:
@@ -28,7 +29,7 @@ jobs:
 
       - name: Add repos to Helm
         run: |
-          helm repo add bitnami https://charts.bitnami.com/bitnami
+          helm repo add bitnami https://repo.broadcom.com/bitnami-files/
           helm repo add webank https://ADORSYS-GIS.github.io/webank-devops
           helm repo update
 

diff --git a/Docs/Provisioning_k8s_PostgreSQL.md b/Docs/Provisioning_k8s_PostgreSQL.md
@@ -19,7 +19,7 @@ The Bitnami PostgreSQL Helm chart simplifies the process of deploying and managi
 
 ### Add the Bitnami Helm Repository
 ```bash
-helm repo add bitnami https://charts.bitnami.com/bitnami
+helm repo add bitnamihttps://repo.broadcom.com/bitnami-files/
 helm repo update
 ```
 

diff --git a/Docs/Versioning_Convention.md b/Docs/Versioning_Convention.md
@@ -35,7 +35,7 @@ dependencies:
     condition: db.enabled
   - name: common
     version: 2.27.0         <-------------------------(6) same as above
-    repository: https://charts.bitnami.com/bitnami
+    repository:https://repo.broadcom.com/bitnami-files/
 ```
 
 ### Explanation
@@ -70,7 +70,7 @@ appVersion: "1.0.0"       <---------------------------(8) version for obs(docker
 dependencies:             <------- Same as (5) and (6) above ---------->
   - name: common
     version: 2.27.0
-    repository: https://charts.bitnami.com/bitnami
+    repository:https://repo.broadcom.com/bitnami-files/
 ```
 
 ### Chart for webank-userapp
@@ -88,7 +88,7 @@ appVersion: "1.0.0"       <---------------------------(10) version for obs helm
 dependencies:             <------- Same as (5) and (6) above ---------->
   - name: common
     version: 2.27.0
-    repository: https://charts.bitnami.com/bitnami
+    repository:https://repo.broadcom.com/bitnami-files/
 ```
 
 ### Explanation

diff --git a/Docs/deploy_helm_charts.md b/Docs/deploy_helm_charts.md
@@ -73,7 +73,7 @@ runs-on: ubuntu-latest
    ```yaml
    - name: Add repos to Helm
      run: |
-       helm repo add bitnami https://charts.bitnami.com/bitnami
+       helm repo add bitnamihttps://repo.broadcom.com/bitnami-files/
        helm repo add webank https://ADORSYS-GIS.github.io/webank-devops
        helm repo update
    ```

diff --git a/charts/webank-obs/Chart.lock b/charts/webank-obs/Chart.lock
diff --git a/charts/webank-obs/Chart.yaml b/charts/webank-obs/Chart.yaml
@@ -4,11 +4,11 @@ description: A Helm chart for Kubernetes
 
 type: application
 
-version: 1.0.2-rc
+version: 1.2.0
 
 appVersion: "1.0.0"
 
 dependencies:
   - name: common
     version: 2.27.0
-    repository: https://charts.bitnami.com/bitnami
+    repository: https://repo.broadcom.com/bitnami-files/
diff --git a/charts/webank-obs/values.yaml b/charts/webank-obs/values.yaml
@@ -84,6 +84,10 @@ volumeMounts: [ ]
 env:
   - name: SPRING_PROFILES_ACTIVE
     value: postgres
+  - name: SERVER_PRIVATE_KEY_JSON
+    value: '{ "kty": "EC", "crv": "P-256", "d": "E-_KxQl0ow6_4Munq81OH_lg64R2vDpe3zq9XnI0AjE", "x": "PHlAcVDiqi7130xWiMn5CEbOyg_Yo0qfOhabhPlDV_s", "y": "N5bqvbDjbsX2uo2_lzKrwPt7fySMweZVeFSAv99TEEc" }'
+  - name: SERVER_PUBLIC_KEY_JSON
+    value: '{ "kty": "EC", "crv": "P-256", "x": "PHlAcVDiqi7130xWiMn5CEbOyg_Yo0qfOhabhPlDV_s", "y": "N5bqvbDjbsX2uo2_lzKrwPt7fySMweZVeFSAv99TEEc" }'
 
 ## @param podDisruptionBudget PodDisruptionBudget configuration
 ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
@@ -100,7 +104,7 @@ image:
   repository: adorsys-gis/webank-online-banking
   ## Specify a Tag for the image
   ## ref: https://kubernetes.io/docs/concepts/containers/images
-  tag: 'latest'
+  tag: c782fc1fc45148b93549236019566a9cec4ccc1c
   ## Specify a digest for the image
   ## ref: https://kubernetes.io/docs/concepts/containers/images
   digest: ""
@@ -125,7 +129,7 @@ image:
 livenessProbe:
   httpGet:
     path: /swagger-ui.html
-    port: 8080
+    port: 8081
   initialDelaySeconds: 10
   periodSeconds: 5
 
@@ -135,7 +139,7 @@ livenessProbe:
 readinessProbe:
   httpGet:
     path: /swagger-ui.html
-    port: 8080
+    port: 8081
   initialDelaySeconds: 10
   periodSeconds: 5
 
@@ -150,10 +154,10 @@ service:
   type: ClusterIP
   ## Kubernetes service port
   ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service
-  port: 8080
+  port: 8081
   ## Kubernetes service targetPort
   ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service
-  targetPort: 8080
+  targetPort: 8081
   ## Kubernetes annotations for service
   ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service
   annotations: "{{ $.Values.commonAnnotations | toYaml }}"

diff --git a/charts/webank-prs/.helmignore b/charts/webank-prs/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/charts/webank-prs/Chart.yaml b/charts/webank-prs/Chart.yaml
@@ -0,0 +1,9 @@
+apiVersion: v2
+name: webank-prs
+description: A Helm chart for Kubernetes
+
+type: application
+
+version: 1.0.0
+
+appVersion: "1.0.0"
diff --git a/charts/webank-prs/templates/NOTES.txt b/charts/webank-prs/templates/NOTES.txt
@@ -0,0 +1,11 @@
+=================================================
+You deployed your {{ template "common.names.fullname" $ }} application.
+If you need to access the application, you can use the following command to get the URL:
+
+{{ if .Values.ingress.enabled -}}
+  http://{{ .Values.ingress.host }}
+{{- else -}}
+  http://{{ template "common.names.fullname" $ }}.{{ template "common.names.namespace" $ }}.svc.cluster.local:{{ .Values.service.port }}
+{{- end }}
+
+=================================================
diff --git a/charts/webank-prs/templates/_annotations.tpl b/charts/webank-prs/templates/_annotations.tpl
@@ -0,0 +1,15 @@
+{{/*
+Common annoations
+*/}}
+{{- define "common.annotations.standard" -}}
+    {{- $result := dict -}}
+    {{- if and (hasKey . "customAnnotations") (hasKey . "context") -}}
+        {{- $result = (include "common.tplvalues.merge" (dict "values" (list .customAnnotations .context.Values.commonAnnotations) "context" .context)) -}}
+    {{- else if and $.Values $.Values.commonAnnotations -}}
+        {{- $result = include "common.tplvalues.render" (dict "value" $.Values.commonAnnotations "context" $) -}}
+    {{- end -}}
+
+    {{- if gt (len $result) 2 -}}
+        {{ $result }}
+    {{- end -}}
+{{- end -}}
diff --git a/charts/webank-prs/templates/_constants.tpl b/charts/webank-prs/templates/_constants.tpl
@@ -0,0 +1,6 @@
+{{- define "constant.db.url" -}}
+{{- $dbName := include "common.tplvalues.render" (dict "value" .Values.database.name "context" $) -}}
+{{- $dbHost := include "common.tplvalues.render" (dict "value" .Values.database.host "context" $) -}}
+{{- $dbPort := include "common.tplvalues.render" (dict "value" .Values.database.port "context" $) -}}
+jdbc:postgresql://{{ $dbHost }}:{{ $dbPort }}/{{ $dbName }}
+{{- end -}}
diff --git a/charts/webank-prs/templates/_secrets.tpl b/charts/webank-prs/templates/_secrets.tpl
@@ -0,0 +1,7 @@
+{{- define "db.secret.name" -}}
+{{- if $.Values.database.secretName -}}
+{{- .Values.database.secretName -}}
+{{- else -}}
+{{- include "common.names.fullname" $ -}}-db
+{{- end -}}
+{{- end -}}
diff --git a/charts/webank-prs/templates/deployment.yaml b/charts/webank-prs/templates/deployment.yaml
@@ -0,0 +1,79 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "common.names.fullname" $ }}
+  namespace: {{ include "common.names.namespace" $ }}
+  {{- with include "common.annotations.standard" ( dict "customAnnotations" $.Values.commonAnnotations "context" $ ) }}
+  annotations:
+    {{- . | nindent 4 }}
+  {{- end }}
+  labels:
+    {{- include "common.labels.standard" ( dict "customLabels" $.Values.commonLabels "context" $ ) | nindent 4 }}
+
+spec:
+  {{ with .Values.replicaCount -}}
+  replicas: {{ include "common.tplvalues.render" (dict "value" . "context" $) }}
+  {{- end }}
+
+  {{ with .Values.strategy -}}
+  strategy:
+  {{ include "common.tplvalues.render" (dict "value" . "context" $) | nindent 4}}
+  {{- end }}
+
+  selector:
+    matchLabels:
+      {{ include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 6 }}
+
+  template:
+    metadata:
+      {{- with include "common.annotations.standard" ( dict "customAnnotations" $.Values.commonAnnotations "context" $ ) }}
+      annotations:
+        {{- . | nindent 8 }}
+      {{- end }}
+      labels:
+        {{ include "common.labels.standard" ( dict "customLabels" .Values.commonAnnotations "context" $ ) | nindent 8 }}
+
+    spec:
+      {{ with .Values.image.pullSecrets -}}
+      imagePullSecrets:
+      {{ include "common.tplvalues.render" (dict "value" . "context" $) | nindent 8}}
+      {{- end }}
+      containers:
+        - name: online-banking-service
+          {{ $imageTpl := include "common.images.image" (dict "imageRoot" .Values.image "global" $.Values.global) }}
+          image: {{ include "common.tplvalues.render" (dict "value" $imageTpl "context" $) | quote }}
+
+          {{ with .Values.livenessProbe -}}
+          livenessProbe: {{ include "common.tplvalues.render" (dict "value" . "context" $) | nindent 12}}
+          {{- end }}
+
+          {{ with .Values.readinessProbe -}}
+          readinessProbe: {{ include "common.tplvalues.render" (dict "value" . "context" $) | nindent 12}}
+          {{- end }}
+
+          {{ with .Values.image.pullPolicy -}}
+          imagePullPolicy: {{ include "common.tplvalues.render" (dict "value" . "context" $) }}
+          {{- end }}
+          env:
+          {{ with .Values.env -}}
+          {{ include "common.tplvalues.render" (dict "value" . "context" $) | nindent 12}}
+          {{- end }}
+
+          {{ with .Values.envFrom -}}
+          envFrom:
+          {{ include "common.tplvalues.render" (dict "value" . "context" $) | nindent 12}}
+          {{- end }}
+
+          ports:
+            - containerPort: {{ .Values.service.targetPort }}
+              name: http
+
+          {{ with .Values.volumeMounts -}}
+          volumeMounts:
+          {{ include "common.tplvalues.render" (dict "value" . "context" $) | nindent 12}}
+          {{- end }}
+
+      {{ with .Values.volumes }}
+      volumes:
+      {{ include "common.tplvalues.render" (dict "value" . "context" $) | nindent 6}}
+      {{ end }}