From c05006141325d038b70da56bddb392adbcf1512e Mon Sep 17 00:00:00 2001 From: marcellmueller Date: Thu, 6 Jun 2024 14:43:31 -0700 Subject: [PATCH 01/30] chore: copy registration1 dockerfile to registration 2 project --- bciers/apps/registration/Dockerfile | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 bciers/apps/registration/Dockerfile diff --git a/bciers/apps/registration/Dockerfile b/bciers/apps/registration/Dockerfile new file mode 100644 index 0000000000..d3fe635449 --- /dev/null +++ b/bciers/apps/registration/Dockerfile @@ -0,0 +1,28 @@ +COPY ./package*.json ./ +RUN corepack enable +RUN yarn install --immutable --production==false --ignore-scripts + +# Production image, copy all the files and run next +FROM docker.io/node:20.11 as runner + +ADD https://github.com/Yelp/dumb-init/releases/download/v1.2.5/dumb-init_1.2.5_x86_64 /usr/local/bin/dumb-init +RUN chmod +x /usr/local/bin/dumb-init +ENTRYPOINT ["dumb-init", "--"] + +ENV NODE_ENV production +ENV PORT 3000 +WORKDIR /usr/src/app +COPY --from=deps /usr/src/app/node_modules ./node_modules +COPY --from=deps /usr/src/app/package.json ./package.json +COPY ./public ./public +COPY ./.next ./.next +RUN chown -R node:node . +USER node +EXPOSE 3000 +# COPY --chown=node:node ./tools/scripts/entrypoints/api.sh /usr/local/bin/docker-entrypoint.sh +# ENTRYPOINT [ "docker-entrypoint.sh" ] +# Next.js collects completely anonymous telemetry data about general usage. +# Learn more here: https://nextjs.org/telemetry +# Uncomment the following line in case you want to disable telemetry. +ENV NEXT_TELEMETRY_DISABLED 1 +CMD ["node_modules/.bin/next", "start"] From 521eebae477548ab88ff35eb5997214e76d3e8c0 Mon Sep 17 00:00:00 2001 From: marcellmueller Date: Thu, 6 Jun 2024 14:50:04 -0700 Subject: [PATCH 02/30] chore: add registration 2 docker build step --- .github/workflows/test.yaml | 64 +++++++++++++++++++++++++++++++++++++ 1 file changed, 64 insertions(+) diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 38825d30c4..02626541b5 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -184,6 +184,70 @@ jobs: key: ${{ runner.os }}-buildx-bciers-registration${{ github.sha }} restore-keys: | ${{ runner.os }}-buildx-bciers-registration + - name: Build images + env: + INPUT_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + INPUT_PUSH: true + INPUT_TAGS: ${{ steps.meta.outputs.tags }} + INPUT_LABELS: ${{ steps.meta.output.labels }} + INPUT_CACHE_FROM: type=local,src=/tmp/.buildx-cache + INPUT_CACHE_TO: type=local,dest=/tmp/.buildx-cache-new + run: | + npx nx container registration --skip-nx-cache + # Temp fix + # https://github.com/docker/build-push-action/issues/252 + # https://github.com/moby/buildkit/issues/1896 + - name: Move cache + run: | + rm -rf /tmp/.buildx-cache + mv /tmp/.buildx-cache-new /tmp/.buildx-cache + + nx-docker-build-registration1: + runs-on: ubuntu-latest + defaults: + run: + working-directory: ./bciers + needs: backend-docker-build + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + - name: Setup Docker Buildx + uses: docker/setup-buildx-action@v2 + - name: Docker metadata + id: meta + uses: docker/metadata-action@v3 + with: + images: ghcr.io/bcgov/cas-reg1-frontend + tags: | + type=sha,format=long,prefix= + latest + type=ref,event=pr + - name: Login to GitHub Container Registry + uses: docker/login-action@v2 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Install dependencies + run: | + corepack enable + yarn install --immutable + cd ../bciers && yarn install --immutable + - uses: actions/setup-node@v3 + - name: Derive appropriate SHAs for base and head for `nx affected` commands + uses: nrwl/nx-set-shas@v4 + with: + # This will need to be updated when giraffe-develop merges with develop + main-branch-name: "develop" + - name: Cache Docker layers + uses: actions/cache@v3 + with: + path: /tmp/.buildx-cache + key: ${{ runner.os }}-buildx-bciers-registration1${{ github.sha }} + restore-keys: | + ${{ runner.os }}-buildx-bciers-registration1 - name: Build images env: INPUT_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} From 0721028980752b1cba3ca0bcc3ffe467bcf7eeaf Mon Sep 17 00:00:00 2001 From: marcellmueller Date: Thu, 6 Jun 2024 14:59:46 -0700 Subject: [PATCH 03/30] chore: add registration part 2 nx container config --- bciers/apps/registration/project.json | 3 ++- bciers/apps/registration1/project.json | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/bciers/apps/registration/project.json b/bciers/apps/registration/project.json index bc8ed55001..9bb0c4da51 100644 --- a/bciers/apps/registration/project.json +++ b/bciers/apps/registration/project.json @@ -16,7 +16,8 @@ "outputs": ["{options.outputPath}"], "defaultConfiguration": "dev", "options": { - "outputPath": "dist/registration" + "outputPath": "dist/registration", + "experimentalAppOnly": true } }, "start": { diff --git a/bciers/apps/registration1/project.json b/bciers/apps/registration1/project.json index ff9b1faf5a..00f47a061e 100644 --- a/bciers/apps/registration1/project.json +++ b/bciers/apps/registration1/project.json @@ -29,7 +29,7 @@ "engine": "docker", "context": "dist/registration1", "file": "apps/registration1/Dockerfile", - "tags": ["cas-registration:latest"] + "tags": ["cas-registration1:latest"] } }, "lint": { From 4b55d6679d6eb5e1179e0308dc715503c7e1ed8a Mon Sep 17 00:00:00 2001 From: marcellmueller Date: Fri, 7 Jun 2024 08:47:56 -0700 Subject: [PATCH 04/30] refactor: separate test.yaml jobs --- .github/workflows/build.yaml | 267 +++++++++++++++ .github/workflows/test-containers.yaml | 212 ++++++++++++ .github/workflows/test.yaml | 443 +------------------------ 3 files changed, 481 insertions(+), 441 deletions(-) create mode 100644 .github/workflows/build.yaml create mode 100644 .github/workflows/test-containers.yaml diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml new file mode 100644 index 0000000000..2e197eb6e2 --- /dev/null +++ b/.github/workflows/build.yaml @@ -0,0 +1,267 @@ +name: Build BCIERS containers + +on: + push: + branches: [develop, main] + pull_request: + branches: [develop, main] + workflow_dispatch: + +# Cancel current job when pushing new commit into the PR +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +jobs: + backend-docker-build: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: Set up Docker Buildx + id: buildx + uses: docker/setup-buildx-action@v3 + with: + install: true + - name: Docker meta + id: meta + uses: docker/metadata-action@v5 + with: + images: ghcr.io/bcgov/cas-reg-backend + tags: | + type=sha,format=long,prefix= + latest + type=ref,event=pr + - name: Login to GitHub Container Registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Cache Docker layers + uses: actions/cache@v4 + with: + path: /tmp/.buildx-cache + key: ${{ runner.os }}-buildx-bc_obps-${{ github.sha }} + restore-keys: | + ${{ runner.os }}-buildx-bc_obps + - name: Build image + uses: docker/build-push-action@v5 + with: + context: bc_obps + builder: ${{ steps.buildx.outputs.name }} + push: true + file: bc_obps/Dockerfile + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + cache-from: type=local,src=/tmp/.buildx-cache + cache-to: type=local,dest=/tmp/.buildx-cache-new + # Temp fix + # https://github.com/docker/build-push-action/issues/252 + # https://github.com/moby/buildkit/issues/1896 + - name: Move cache + run: | + rm -rf /tmp/.buildx-cache + mv /tmp/.buildx-cache-new /tmp/.buildx-cache + + # nx-docker-build-registration: + # runs-on: ubuntu-latest + # defaults: + # run: + # working-directory: ./bciers + # needs: backend-docker-build + # steps: + # - name: Checkout + # uses: actions/checkout@v4 + # with: + # fetch-depth: 0 + # - name: Setup Docker Buildx + # uses: docker/setup-buildx-action@v2 + # - name: Docker metadata + # id: meta + # uses: docker/metadata-action@v3 + # with: + # images: ghcr.io/bcgov/cas-reg-frontend + # tags: | + # type=sha,format=long,prefix= + # latest + # type=ref,event=pr + # - name: Login to GitHub Container Registry + # uses: docker/login-action@v2 + # with: + # registry: ghcr.io + # username: ${{ github.repository_owner }} + # password: ${{ secrets.GITHUB_TOKEN }} + # - name: Install dependencies + # run: | + # corepack enable + # yarn install --immutable + # cd ../bciers && yarn install --immutable + # - uses: actions/setup-node@v3 + # - name: Derive appropriate SHAs for base and head for `nx affected` commands + # uses: nrwl/nx-set-shas@v4 + # with: + # # This will need to be updated when giraffe-develop merges with develop + # main-branch-name: "develop" + # - name: Cache Docker layers + # uses: actions/cache@v3 + # with: + # path: /tmp/.buildx-cache + # key: ${{ runner.os }}-buildx-bciers-registration${{ github.sha }} + # restore-keys: | + # ${{ runner.os }}-buildx-bciers-registration + # - name: Build images + # env: + # INPUT_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + # INPUT_PUSH: true + # INPUT_TAGS: ${{ steps.meta.outputs.tags }} + # INPUT_LABELS: ${{ steps.meta.output.labels }} + # INPUT_CACHE_FROM: type=local,src=/tmp/.buildx-cache + # INPUT_CACHE_TO: type=local,dest=/tmp/.buildx-cache-new + # run: | + # npx nx container registration --skip-nx-cache + # # Temp fix + # # https://github.com/docker/build-push-action/issues/252 + # # https://github.com/moby/buildkit/issues/1896 + # - name: Move cache + # run: | + # rm -rf /tmp/.buildx-cache + # mv /tmp/.buildx-cache-new /tmp/.buildx-cache + + nx-docker-build-registration1: + runs-on: ubuntu-latest + defaults: + run: + working-directory: ./bciers + needs: backend-docker-build + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + - name: Setup Docker Buildx + uses: docker/setup-buildx-action@v2 + - name: Docker metadata + id: meta + uses: docker/metadata-action@v3 + with: + images: ghcr.io/bcgov/cas-reg1-frontend + tags: | + type=sha,format=long,prefix= + latest + type=ref,event=pr + - name: Login to GitHub Container Registry + uses: docker/login-action@v2 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Install dependencies + run: | + corepack enable + yarn install --immutable + cd ../bciers && yarn install --immutable + - uses: actions/setup-node@v3 + - name: Derive appropriate SHAs for base and head for `nx affected` commands + uses: nrwl/nx-set-shas@v4 + with: + # This will need to be updated when giraffe-develop merges with develop + main-branch-name: "develop" + - name: Cache Docker layers + uses: actions/cache@v3 + with: + path: /tmp/.buildx-cache + key: ${{ runner.os }}-buildx-bciers-registration1${{ github.sha }} + restore-keys: | + ${{ runner.os }}-buildx-bciers-registration1 + - name: Build images + env: + INPUT_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + INPUT_PUSH: true + INPUT_TAGS: ${{ steps.meta.outputs.tags }} + INPUT_LABELS: ${{ steps.meta.output.labels }} + INPUT_CACHE_FROM: type=local,src=/tmp/.buildx-cache + INPUT_CACHE_TO: type=local,dest=/tmp/.buildx-cache-new + run: | + npx nx container registration1 --skip-nx-cache + # Temp fix + # https://github.com/docker/build-push-action/issues/252 + # https://github.com/moby/buildkit/issues/1896 + - name: Move cache + run: | + rm -rf /tmp/.buildx-cache + mv /tmp/.buildx-cache-new /tmp/.buildx-cache + + nx-docker-build-reporting: + runs-on: ubuntu-latest + defaults: + run: + working-directory: ./bciers + needs: backend-docker-build + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + - name: Setup Docker Buildx + uses: docker/setup-buildx-action@v2 + - name: Docker metadata + id: meta + uses: docker/metadata-action@v3 + with: + images: ghcr.io/bcgov/cas-rep-frontend + tags: | + type=sha,format=long,prefix= + latest + type=ref,event=pr + - name: Login to GitHub Container Registry + uses: docker/login-action@v2 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Install dependencies + run: | + corepack enable + yarn install --immutable + cd ../bciers && yarn install --immutable + - uses: actions/setup-node@v3 + - name: Derive appropriate SHAs for base and head for `nx affected` commands + uses: nrwl/nx-set-shas@v4 + with: + # This will need to be updated when giraffe-develop merges with develop + main-branch-name: "develop" + - name: Cache Docker layers + uses: actions/cache@v3 + with: + path: /tmp/.buildx-cache + key: ${{ runner.os }}-buildx-bciers-reporting${{ github.sha }} + restore-keys: | + ${{ runner.os }}-buildx-bciers-reporting + - name: Build images + env: + INPUT_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + INPUT_PUSH: true + INPUT_TAGS: ${{ steps.meta.outputs.tags }} + INPUT_LABELS: ${{ steps.meta.output.labels }} + INPUT_CACHE_FROM: type=local,src=/tmp/.buildx-cache + INPUT_CACHE_TO: type=local,dest=/tmp/.buildx-cache-new + run: | + npx nx container reporting --skip-nx-cache + # Temp fix + # https://github.com/docker/build-push-action/issues/252 + # https://github.com/moby/buildkit/issues/1896 + - name: Move cache + run: | + rm -rf /tmp/.buildx-cache + mv /tmp/.buildx-cache-new /tmp/.buildx-cache + + # Call the test containers workflow after all the containers have been built + test-containers: + needs: + [ + backend-docker-build, + nx-docker-build-registration1, + nx-docker-build-reporting, + ] + uses: ./.github/workflows/test-containers.yaml + secrets: inherit diff --git a/.github/workflows/test-containers.yaml b/.github/workflows/test-containers.yaml new file mode 100644 index 0000000000..714e602c8c --- /dev/null +++ b/.github/workflows/test-containers.yaml @@ -0,0 +1,212 @@ +name: Test BCIERS containers + +on: + workflow_call: + +env: + PGUSER: postgres + DJANGO_SECRET_KEY: ${{ secrets.DJANGO_SECRET_KEY }} + KEYCLOAK_CLIENT_ID: ${{ secrets.KEYCLOAK_CLIENT_ID }} + KEYCLOAK_CLIENT_SECRET: ${{ secrets.KEYCLOAK_CLIENT_SECRET }} + NEXTAUTH_SECRET: ${{ secrets.NEXTAUTH_SECRET }} + +# Cancel current job when pushing new commit into the PR +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true +jobs: + install-dev-tools: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: dev env setup + uses: ./.github/actions/dev-env-setup + - run: yarn install --immutable + working-directory: ./bciers + + zap-owasp: + needs: [install-dev-tools] + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: dev env setup + uses: ./.github/actions/dev-env-setup + - name: run app locally + uses: ./.github/actions/local-app-run + with: + django_secret_key: ${{ env.DJANGO_SECRET_KEY }} + - name: ZAP Frontend Scan + uses: zaproxy/action-baseline@v0.12.0 + with: + token: ${{ secrets.GITHUB_TOKEN }} + docker_name: "ghcr.io/zaproxy/zaproxy:stable" + target: "http://localhost:3000/" + rules_file_name: ".zap/rules-frontend.tsv" + cmd_options: "-a -d -T 5 -m 2" + issue_title: OWASP Baseline - Frontend + fail_action: false + - name: ZAP Backend Scan + uses: zaproxy/action-baseline@v0.12.0 + with: + token: ${{ secrets.GITHUB_TOKEN }} + docker_name: "ghcr.io/zaproxy/zaproxy:stable" + target: "http://0.0.0.0:8000/" + rules_file_name: ".zap/rules-backend.tsv" + cmd_options: "-a -d -T 5 -m 2" + issue_title: OWASP Baseline - Backend + fail_action: false + + e2e-tests: + name: ๐Ÿงช e2e tests ${{ matrix.project }} + needs: [install-dev-tools] + runs-on: ubuntu-latest + timeout-minutes: 60 + strategy: + fail-fast: false + matrix: + include: + - project: chromium + os: ubuntu-latest + cache_dir: ~/.cache/ms-playwright + - project: firefox + os: ubuntu-latest + cache_dir: ~/.cache/ms-playwright + # Commented out because of flakey issues with webkit in CI + # - project: webkit + # os: macos-latest + # cache_dir: ~/Library/Caches/ms-playwright + steps: + - uses: actions/checkout@v4 + + - name: ๐ŸŽ setup dev env + uses: ./.github/actions/dev-env-setup + + - name: ๐ŸŽ setup local app + uses: ./.github/actions/local-app-run + with: + django_secret_key: ${{ env.DJANGO_SECRET_KEY }} + keycloak_client_id: ${{ env.KEYCLOAK_CLIENT_ID }} + keycloak_client_secret: ${{ env.KEYCLOAK_CLIENT_SECRET }} + nextauth_secret: ${{ env.NEXTAUTH_SECRET }} + - name: โšก๏ธ cache Playwright binaries + uses: actions/cache@v4 + id: playwright-cache + with: + path: ${{ matrix.cache_dir }} + key: ${{ runner.os }}-${{ matrix.project }}-ms-playwright-registration + + - name: ๐Ÿ“ฅ install Playwright ${{ matrix.project }} + if: steps.playwright-cache.outputs.cache-hit != 'true' + run: npx playwright install --with-deps ${{ matrix.project }} + working-directory: ./bciers/apps/registration1 + + - name: ๐ŸŽญ Run Playwright Tests + run: | + npx happo-e2e -- npx playwright test --project=${{ matrix.project }} bciers/apps/registration1/e2e/* + env: + XDEBUG: pw:api,pw:browser* + API_URL: http://127.0.0.1:8000/api/ + DB_USER: postgres + DB_NAME: registration + DB_PORT: 5432 + DB_HOST: localhost + E2E_BASEURL: http://localhost:3000/ + E2E_CAS_USER: ${{ secrets.E2E_CAS_USER }} + E2E_CAS_USER_GUID: ${{ secrets.E2E_CAS_USER_GUID }} + E2E_CAS_USER_PASSWORD: ${{ secrets.E2E_CAS_USER_PASSWORD}} + E2E_CAS_ADMIN_STORAGE: ${{ secrets.E2E_CAS_ADMIN_STORAGE}} + E2E_CAS_ANALYST_STORAGE: ${{ secrets.E2E_CAS_ANALYST_STORAGE}} + E2E_CAS_PENDING_STORAGE: ${{ secrets.E2E_CAS_PENDING_STORAGE}} + E2E_INDUSTRY_USER_ADMIN: bc-cas-dev + E2E_INDUSTRY_USER_ADMIN_GUID: ${{ secrets.E2E_INDUSTRY_USER_ADMIN_GUID }} + E2E_INDUSTRY_USER_ADMIN_PASSWORD: ${{ secrets.E2E_INDUSTRY_USER_ADMIN_PASSWORD }} + E2E_INDUSTRY_USER_ADMIN_STORAGE: ${{ secrets.E2E_INDUSTRY_USER_ADMIN_STORAGE}} + E2E_INDUSTRY_USER: bc-cas-dev-secondary + E2E_INDUSTRY_USER_GUID: ${{ secrets.E2E_INDUSTRY_USER_GUID }} + E2E_INDUSTRY_USER_PASSWORD: ${{ secrets.E2E_INDUSTRY_USER_PASSWORD }} + E2E_INDUSTRY_USER_STORAGE: ${{ secrets.E2E_INDUSTRY_USER_STORAGE}} + E2E_NEW_USER: bc-cas-dev-three + E2E_NEW_USER_GUID: ${{ secrets.E2E_NEW_USER_GUID }} + E2E_NEW_USER_PASSWORD: ${{ secrets.E2E_NEW_USER_PASSWORD }} + E2E_NEW_USER_STORAGE: ${{ secrets.E2E_NEW_USER_STORAGE}} + HAPPO_API_KEY: ${{ secrets.HAPPO_API_KEY }} + HAPPO_API_SECRET: ${{ secrets.HAPPO_API_SECRET }} + HAPPO_NONCE: ${{ github.sha }} + SMTP_CONNECTION_STRING: smtp://@localhost:1025 + working-directory: ./bciers/apps/registration1 + - name: ๐Ÿ’พ save ${{ matrix.project }} report artifact + # prefer to upload the report only in case of test failure + if: failure() + uses: actions/upload-artifact@v4 + with: + # Store all of the reports separately by reconfiguring the report name + name: blob-report-${{ matrix.project }} + path: bciers/blob-report + retention-days: 1 + # Merge the e2e blob reports to one HTML report + e2e-report: + name: ๐Ÿ“Š e2e report artifact + runs-on: ubuntu-latest + needs: [e2e-tests] + if: ${{ always() && contains(needs.*.result, 'failure') }} + steps: + - name: Download blob reports from GitHub Actions Artifacts + uses: actions/download-artifact@v4 + with: + path: all-blob-reports + # To minimize the report file size only download Chromium reports + # If you want to debug other reports, add the * pattern back in temporarily + pattern: blob-report-chromium #blob-report-* + merge-multiple: true + + - name: Merge into HTML Report + run: npx playwright merge-reports --reporter html ./all-blob-reports + - name: Upload HTML report + uses: actions/upload-artifact@v4 + with: + name: playwright-report + path: playwright-report + retention-days: 14 + # Ensure the e2e tests and e2e report completed successfully + e2e: + if: ${{ always() }} + runs-on: ubuntu-latest + needs: [e2e-tests] + steps: + - run: exit 1 + if: >- + ${{ + contains(needs.*.result, 'failure') + || contains(needs.*.result, 'cancelled') + || contains(needs.*.result, 'skipped') + }} + + happo-finalize: + runs-on: ubuntu-latest + needs: [e2e-tests] + steps: + - uses: actions/checkout@v4 + - name: dev env setup + uses: ./.github/actions/dev-env-setup + - name: finalize happo e2e tests + env: + HAPPO_API_KEY: ${{ secrets.HAPPO_API_KEY }} + HAPPO_API_SECRET: ${{ secrets.HAPPO_API_SECRET }} + HAPPO_NONCE: ${{ github.sha }} + run: npx happo-e2e finalize + working-directory: ./bciers/apps/registration1 + + backend-tests: + needs: [install-dev-tools] + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: dev env setup + uses: ./.github/actions/dev-env-setup + - name: run app locally + uses: ./.github/actions/local-app-run + with: + django_secret_key: ${{ env.DJANGO_SECRET_KEY }} + - name: Run pytest + working-directory: ./bc_obps + run: make pythontests diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 02626541b5..ef932faa97 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -2,7 +2,7 @@ name: Test Registration App on: push: - branches: [develop, main, dylan/nx-3] + branches: [develop, main] tags: - frontend - backend @@ -88,446 +88,7 @@ jobs: key: pre-commit-${{ env.PY }}-${{ hashFiles('.pre-commit-config.yaml') }}-v4 - run: pip install -r requirements.txt - uses: pre-commit/action@v3.0.1 - - backend-docker-build: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - name: Set up Docker Buildx - id: buildx - uses: docker/setup-buildx-action@v3 - with: - install: true - - name: Docker meta - id: meta - uses: docker/metadata-action@v5 - with: - images: ghcr.io/bcgov/cas-reg-backend - tags: | - type=sha,format=long,prefix= - latest - type=ref,event=pr - - name: Login to GitHub Container Registry - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ secrets.GITHUB_TOKEN }} - - name: Cache Docker layers - uses: actions/cache@v4 - with: - path: /tmp/.buildx-cache - key: ${{ runner.os }}-buildx-bc_obps-${{ github.sha }} - restore-keys: | - ${{ runner.os }}-buildx-bc_obps - - name: Build image - uses: docker/build-push-action@v5 - with: - context: bc_obps - builder: ${{ steps.buildx.outputs.name }} - push: true - file: bc_obps/Dockerfile - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - cache-from: type=local,src=/tmp/.buildx-cache - cache-to: type=local,dest=/tmp/.buildx-cache-new - # Temp fix - # https://github.com/docker/build-push-action/issues/252 - # https://github.com/moby/buildkit/issues/1896 - - name: Move cache - run: | - rm -rf /tmp/.buildx-cache - mv /tmp/.buildx-cache-new /tmp/.buildx-cache - - nx-docker-build-registration: - runs-on: ubuntu-latest - defaults: - run: - working-directory: ./bciers - needs: backend-docker-build - steps: - - name: Checkout - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - name: Setup Docker Buildx - uses: docker/setup-buildx-action@v3 - - name: Docker metadata - id: meta - uses: docker/metadata-action@v5 - with: - images: ghcr.io/bcgov/cas-reg-frontend - tags: | - type=sha,format=long,prefix= - latest - type=ref,event=pr - - name: Login to GitHub Container Registry - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ secrets.GITHUB_TOKEN }} - - name: Install dependencies - run: | - corepack enable - yarn install --immutable - cd ../bciers && yarn install --immutable - - uses: actions/setup-node@v4 - - name: Derive appropriate SHAs for base and head for `nx affected` commands - uses: nrwl/nx-set-shas@v4 - with: - main-branch-name: "develop" - - name: Cache Docker layers - uses: actions/cache@v4 - with: - path: /tmp/.buildx-cache - key: ${{ runner.os }}-buildx-bciers-registration${{ github.sha }} - restore-keys: | - ${{ runner.os }}-buildx-bciers-registration - - name: Build images - env: - INPUT_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - INPUT_PUSH: true - INPUT_TAGS: ${{ steps.meta.outputs.tags }} - INPUT_LABELS: ${{ steps.meta.output.labels }} - INPUT_CACHE_FROM: type=local,src=/tmp/.buildx-cache - INPUT_CACHE_TO: type=local,dest=/tmp/.buildx-cache-new - run: | - npx nx container registration --skip-nx-cache - # Temp fix - # https://github.com/docker/build-push-action/issues/252 - # https://github.com/moby/buildkit/issues/1896 - - name: Move cache - run: | - rm -rf /tmp/.buildx-cache - mv /tmp/.buildx-cache-new /tmp/.buildx-cache - - nx-docker-build-registration1: - runs-on: ubuntu-latest - defaults: - run: - working-directory: ./bciers - needs: backend-docker-build - steps: - - name: Checkout - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - name: Setup Docker Buildx - uses: docker/setup-buildx-action@v2 - - name: Docker metadata - id: meta - uses: docker/metadata-action@v3 - with: - images: ghcr.io/bcgov/cas-reg1-frontend - tags: | - type=sha,format=long,prefix= - latest - type=ref,event=pr - - name: Login to GitHub Container Registry - uses: docker/login-action@v2 - with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ secrets.GITHUB_TOKEN }} - - name: Install dependencies - run: | - corepack enable - yarn install --immutable - cd ../bciers && yarn install --immutable - - uses: actions/setup-node@v3 - - name: Derive appropriate SHAs for base and head for `nx affected` commands - uses: nrwl/nx-set-shas@v4 - with: - # This will need to be updated when giraffe-develop merges with develop - main-branch-name: "develop" - - name: Cache Docker layers - uses: actions/cache@v3 - with: - path: /tmp/.buildx-cache - key: ${{ runner.os }}-buildx-bciers-registration1${{ github.sha }} - restore-keys: | - ${{ runner.os }}-buildx-bciers-registration1 - - name: Build images - env: - INPUT_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - INPUT_PUSH: true - INPUT_TAGS: ${{ steps.meta.outputs.tags }} - INPUT_LABELS: ${{ steps.meta.output.labels }} - INPUT_CACHE_FROM: type=local,src=/tmp/.buildx-cache - INPUT_CACHE_TO: type=local,dest=/tmp/.buildx-cache-new - run: | - npx nx container registration1 --skip-nx-cache - # Temp fix - # https://github.com/docker/build-push-action/issues/252 - # https://github.com/moby/buildkit/issues/1896 - - name: Move cache - run: | - rm -rf /tmp/.buildx-cache - mv /tmp/.buildx-cache-new /tmp/.buildx-cache - - nx-docker-build-reporting: - runs-on: ubuntu-latest - defaults: - run: - working-directory: ./bciers - needs: backend-docker-build - steps: - - name: Checkout - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - name: Setup Docker Buildx - uses: docker/setup-buildx-action@v3 - - name: Docker metadata - id: meta - uses: docker/metadata-action@v5 - with: - images: ghcr.io/bcgov/cas-rep-frontend - tags: | - type=sha,format=long,prefix= - latest - type=ref,event=pr - - name: Login to GitHub Container Registry - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ secrets.GITHUB_TOKEN }} - - name: Install dependencies - run: | - corepack enable - yarn install --immutable - cd ../bciers && yarn install --immutable - - uses: actions/setup-node@v4 - - name: Derive appropriate SHAs for base and head for `nx affected` commands - uses: nrwl/nx-set-shas@v4 - with: - main-branch-name: "develop" - - name: Cache Docker layers - uses: actions/cache@v4 - with: - path: /tmp/.buildx-cache - key: ${{ runner.os }}-buildx-bciers-reporting${{ github.sha }} - restore-keys: | - ${{ runner.os }}-buildx-bciers-reporting - - name: Build images - env: - INPUT_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - INPUT_PUSH: true - INPUT_TAGS: ${{ steps.meta.outputs.tags }} - INPUT_LABELS: ${{ steps.meta.output.labels }} - INPUT_CACHE_FROM: type=local,src=/tmp/.buildx-cache - INPUT_CACHE_TO: type=local,dest=/tmp/.buildx-cache-new - run: | - npx nx container reporting --skip-nx-cache - # Temp fix - # https://github.com/docker/build-push-action/issues/252 - # https://github.com/moby/buildkit/issues/1896 - - name: Move cache - run: | - rm -rf /tmp/.buildx-cache - mv /tmp/.buildx-cache-new /tmp/.buildx-cache - - zap-owasp: - needs: - [ - "backend-docker-build", - "nx-docker-build-registration", - "install-dev-tools", - ] - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - name: dev env setup - uses: ./.github/actions/dev-env-setup - - name: run app locally - uses: ./.github/actions/local-app-run - with: - django_secret_key: ${{ env.DJANGO_SECRET_KEY }} - - name: ZAP Frontend Scan - uses: zaproxy/action-baseline@v0.12.0 - with: - token: ${{ secrets.GITHUB_TOKEN }} - docker_name: "ghcr.io/zaproxy/zaproxy:stable" - target: "http://localhost:3000/" - rules_file_name: ".zap/rules-frontend.tsv" - cmd_options: "-a -d -T 5 -m 2" - issue_title: OWASP Baseline - Frontend - fail_action: false - - name: ZAP Backend Scan - uses: zaproxy/action-baseline@v0.12.0 - with: - token: ${{ secrets.GITHUB_TOKEN }} - docker_name: "ghcr.io/zaproxy/zaproxy:stable" - target: "http://0.0.0.0:8000/" - rules_file_name: ".zap/rules-backend.tsv" - cmd_options: "-a -d -T 5 -m 2" - issue_title: OWASP Baseline - Backend - fail_action: false - - e2e-tests: - name: ๐Ÿงช e2e tests ${{ matrix.project }} - needs: - - backend-docker-build - - nx-docker-build-registration - - install-dev-tools - runs-on: ubuntu-latest - timeout-minutes: 60 - strategy: - fail-fast: false - matrix: - include: - - project: chromium - os: ubuntu-latest - cache_dir: ~/.cache/ms-playwright - - project: firefox - os: ubuntu-latest - cache_dir: ~/.cache/ms-playwright - # Commented out because of flakey issues with webkit in CI - # - project: webkit - # os: macos-latest - # cache_dir: ~/Library/Caches/ms-playwright - steps: - - uses: actions/checkout@v4 - - - name: ๐ŸŽ setup dev env - uses: ./.github/actions/dev-env-setup - - - name: ๐ŸŽ setup local app - uses: ./.github/actions/local-app-run - with: - django_secret_key: ${{ env.DJANGO_SECRET_KEY }} - keycloak_client_id: ${{ env.KEYCLOAK_CLIENT_ID }} - keycloak_client_secret: ${{ env.KEYCLOAK_CLIENT_SECRET }} - nextauth_secret: ${{ env.NEXTAUTH_SECRET }} - - name: โšก๏ธ cache Playwright binaries - uses: actions/cache@v4 - id: playwright-cache - with: - path: ${{ matrix.cache_dir }} - key: ${{ runner.os }}-${{ matrix.project }}-ms-playwright-registration - - - name: ๐Ÿ“ฅ install Playwright ${{ matrix.project }} - if: steps.playwright-cache.outputs.cache-hit != 'true' - run: npx playwright install --with-deps ${{ matrix.project }} - working-directory: ./bciers/apps/registration1 - - - name: ๐ŸŽญ Run Playwright Tests - run: | - npx happo-e2e -- npx playwright test --project=${{ matrix.project }} bciers/apps/registration1/e2e/* - env: - XDEBUG: pw:api,pw:browser* - API_URL: http://127.0.0.1:8000/api/ - DB_USER: postgres - DB_NAME: registration - DB_PORT: 5432 - DB_HOST: localhost - E2E_BASEURL: http://localhost:3000/ - E2E_CAS_USER: ${{ secrets.E2E_CAS_USER }} - E2E_CAS_USER_GUID: ${{ secrets.E2E_CAS_USER_GUID }} - E2E_CAS_USER_PASSWORD: ${{ secrets.E2E_CAS_USER_PASSWORD}} - E2E_CAS_ADMIN_STORAGE_STATE: ${{ secrets.E2E_CAS_ADMIN_STORAGE_STATE}} - E2E_CAS_ANALYST_STORAGE_STATE: ${{ secrets.E2E_CAS_ANALYST_STORAGE_STATE}} - E2E_CAS_PENDING_STORAGE_STATE: ${{ secrets.E2E_CAS_PENDING_STORAGE_STATE}} - E2E_INDUSTRY_USER_ADMIN: bc-cas-dev - E2E_INDUSTRY_USER_ADMIN_GUID: ${{ secrets.E2E_INDUSTRY_USER_ADMIN_GUID }} - E2E_INDUSTRY_USER_ADMIN_PASSWORD: ${{ secrets.E2E_INDUSTRY_USER_ADMIN_PASSWORD }} - E2E_INDUSTRY_USER_ADMIN_STORAGE_STATE: ${{ secrets.E2E_INDUSTRY_USER_ADMIN_STORAGE_STATE}} - E2E_INDUSTRY_USER: bc-cas-dev-secondary - E2E_INDUSTRY_USER_GUID: ${{ secrets.E2E_INDUSTRY_USER_GUID }} - E2E_INDUSTRY_USER_PASSWORD: ${{ secrets.E2E_INDUSTRY_USER_PASSWORD }} - E2E_INDUSTRY_USER_STORAGE_STATE: ${{ secrets.E2E_INDUSTRY_USER_STORAGE_STATE}} - E2E_NEW_USER: bc-cas-dev-three - E2E_NEW_USER_GUID: ${{ secrets.E2E_NEW_USER_GUID }} - E2E_NEW_USER_PASSWORD: ${{ secrets.E2E_NEW_USER_PASSWORD }} - E2E_NEW_USER_STORAGE_STATE: ${{ secrets.E2E_NEW_USER_STORAGE_STATE}} - HAPPO_API_KEY: ${{ secrets.HAPPO_API_KEY }} - HAPPO_API_SECRET: ${{ secrets.HAPPO_API_SECRET }} - HAPPO_NONCE: ${{ github.sha }} - SMTP_CONNECTION_STRING: smtp://@localhost:1025 - working-directory: ./bciers/apps/registration1 - - name: ๐Ÿ’พ save ${{ matrix.project }} report artifact - # prefer to upload the report only in case of test failure - if: failure() - uses: actions/upload-artifact@v4 - with: - # Store all of the reports separately by reconfiguring the report name - name: blob-report-${{ matrix.project }} - path: bciers/blob-report - retention-days: 1 - # Merge the e2e blob reports to one HTML report - e2e-report: - name: ๐Ÿ“Š e2e report artifact - runs-on: ubuntu-latest - needs: [e2e-tests] - if: ${{ always() && contains(needs.*.result, 'failure') }} - steps: - - name: Download blob reports from GitHub Actions Artifacts - uses: actions/download-artifact@v4 - with: - path: all-blob-reports - # To minimize the report file size only download Chromium reports - # If you want to debug other reports, add the * pattern back in temporarily - pattern: blob-report-chromium #blob-report-* - merge-multiple: true - - - name: Merge into HTML Report - run: npx playwright merge-reports --reporter html ./all-blob-reports - - name: Upload HTML report - uses: actions/upload-artifact@v4 - with: - name: playwright-report - path: playwright-report - retention-days: 14 - # Ensure the e2e tests and e2e report completed successfully - e2e: - if: ${{ always() }} - runs-on: ubuntu-latest - needs: [e2e-tests] - steps: - - run: exit 1 - if: >- - ${{ - contains(needs.*.result, 'failure') - || contains(needs.*.result, 'cancelled') - || contains(needs.*.result, 'skipped') - }} - - happo-finalize: - runs-on: ubuntu-latest - needs: [e2e-tests] - steps: - - uses: actions/checkout@v4 - - name: dev env setup - uses: ./.github/actions/dev-env-setup - - name: finalize happo e2e tests - env: - HAPPO_API_KEY: ${{ secrets.HAPPO_API_KEY }} - HAPPO_API_SECRET: ${{ secrets.HAPPO_API_SECRET }} - HAPPO_NONCE: ${{ github.sha }} - run: npx happo-e2e finalize - working-directory: ./bciers/apps/registration1 - - backend-tests: - needs: - [ - "backend-docker-build", - "nx-docker-build-registration", - "install-dev-tools", - ] - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - name: dev env setup - uses: ./.github/actions/dev-env-setup - - name: run app locally - uses: ./.github/actions/local-app-run - with: - django_secret_key: ${{ env.DJANGO_SECRET_KEY }} - - name: Run pytest - working-directory: ./bc_obps - run: make pythontests + check-migrations: needs: install-dev-tools runs-on: ubuntu-latest From 598134d48bbe8c7e8bdb208a77a7fa6511d0fe33 Mon Sep 17 00:00:00 2001 From: marcellmueller Date: Fri, 7 Jun 2024 09:00:45 -0700 Subject: [PATCH 05/30] chore: remove required backend build step in workflow --- .github/workflows/build.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 2e197eb6e2..b6987a3f0d 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -132,7 +132,6 @@ jobs: defaults: run: working-directory: ./bciers - needs: backend-docker-build steps: - name: Checkout uses: actions/checkout@v4 @@ -196,7 +195,6 @@ jobs: defaults: run: working-directory: ./bciers - needs: backend-docker-build steps: - name: Checkout uses: actions/checkout@v4 From d77f7e22e0d87267b9b8da7a2ee3f9423fe63ca6 Mon Sep 17 00:00:00 2001 From: marcellmueller Date: Fri, 7 Jun 2024 09:14:46 -0700 Subject: [PATCH 06/30] refactor: add main.yaml workflow --- .github/workflows/build.yaml | 17 +---------------- .github/workflows/main.yaml | 21 +++++++++++++++++++++ .github/workflows/test.yaml | 16 +++++++--------- 3 files changed, 29 insertions(+), 25 deletions(-) create mode 100644 .github/workflows/main.yaml diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index b6987a3f0d..0b8bfb1783 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -1,11 +1,7 @@ name: Build BCIERS containers on: - push: - branches: [develop, main] - pull_request: - branches: [develop, main] - workflow_dispatch: + workflow_call: # Cancel current job when pushing new commit into the PR concurrency: @@ -252,14 +248,3 @@ jobs: run: | rm -rf /tmp/.buildx-cache mv /tmp/.buildx-cache-new /tmp/.buildx-cache - - # Call the test containers workflow after all the containers have been built - test-containers: - needs: - [ - backend-docker-build, - nx-docker-build-registration1, - nx-docker-build-reporting, - ] - uses: ./.github/workflows/test-containers.yaml - secrets: inherit diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml new file mode 100644 index 0000000000..3e6bf886ff --- /dev/null +++ b/.github/workflows/main.yaml @@ -0,0 +1,21 @@ +# This is the main workflow which will orchestrate the other workflows: + +name: BCIERS Main Workflow + +on: + push: + branches: [develop, main] + pull_request: + branches: [develop, main] + workflow_dispatch: + +jobs: + build-containers: + uses: ./.github/workflows/build.yaml + test-code: + uses: ./.github/workflows/test.yaml + # Call the test containers workflow after all the containers have been built + test-containers: + needs: [build-containers] + uses: ./.github/workflows/test-containers.yaml + secrets: inherit diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index ef932faa97..658651f584 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -1,15 +1,13 @@ -name: Test Registration App +# This workflow is to run all tests that don't require containers to be built + +name: Test BCIERS code on: - push: - branches: [develop, main] + workflow_call: tags: - - frontend - - backend - - components - pull_request: - branches: [develop, main] - workflow_dispatch: + - frontend + - backend + - components env: PGUSER: postgres From 1716f0aea47fa5958b9ed452dc288c772eb976f2 Mon Sep 17 00:00:00 2001 From: marcellmueller Date: Fri, 7 Jun 2024 09:19:39 -0700 Subject: [PATCH 07/30] chore: add trivy scan to main workflow --- .github/workflows/main.yaml | 3 ++- .github/workflows/scan-code-trivy.yaml | 10 +++------- 2 files changed, 5 insertions(+), 8 deletions(-) diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml index 3e6bf886ff..fecf74f089 100644 --- a/.github/workflows/main.yaml +++ b/.github/workflows/main.yaml @@ -14,7 +14,8 @@ jobs: uses: ./.github/workflows/build.yaml test-code: uses: ./.github/workflows/test.yaml - # Call the test containers workflow after all the containers have been built + scan-code-trivy: + uses: ./.github/workflows/scan-code-trivy.yaml test-containers: needs: [build-containers] uses: ./.github/workflows/test-containers.yaml diff --git a/.github/workflows/scan-code-trivy.yaml b/.github/workflows/scan-code-trivy.yaml index 0f33494e55..3383013ecd 100644 --- a/.github/workflows/scan-code-trivy.yaml +++ b/.github/workflows/scan-code-trivy.yaml @@ -1,14 +1,10 @@ name: Trivy Scan Code on: - push: - branches: [main, develop] + workflow_call: tags: - - frontend - - backend - pull_request: - # The branches below must be a subset of the branches above - branches: [main, develop] + - frontend + - backend concurrency: group: callee-trivy-${{ github.workflow }}-${{ github.ref }} From 56b3a7330fd006ff4af8f8214e6ae65a54c2c0b8 Mon Sep 17 00:00:00 2001 From: marcellmueller Date: Fri, 7 Jun 2024 09:32:46 -0700 Subject: [PATCH 08/30] chore: add codeql to main workflow --- .github/workflows/build.yaml | 2 +- .github/workflows/codeql.yaml | 12 ++++-------- .github/workflows/main.yaml | 2 ++ .github/workflows/test-containers.yaml | 2 +- 4 files changed, 8 insertions(+), 10 deletions(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 0b8bfb1783..b229365223 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -5,7 +5,7 @@ on: # Cancel current job when pushing new commit into the PR concurrency: - group: ${{ github.workflow }}-${{ github.ref }} + group: build-containers-${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true jobs: diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index 1060f24690..5c7cb1aa5a 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -12,15 +12,11 @@ name: "CodeQL" on: - push: - branches: [main, develop] + workflow_call: tags: - - frontend - - backend - - configs - pull_request: - # The branches below must be a subset of the branches above - branches: [main, develop] + - frontend + - backend + - configs schedule: - cron: "19 23 * * 5" diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml index fecf74f089..85804316b4 100644 --- a/.github/workflows/main.yaml +++ b/.github/workflows/main.yaml @@ -16,6 +16,8 @@ jobs: uses: ./.github/workflows/test.yaml scan-code-trivy: uses: ./.github/workflows/scan-code-trivy.yaml + codeql-analysis: + uses: ./.github/workflows/codeql.yaml test-containers: needs: [build-containers] uses: ./.github/workflows/test-containers.yaml diff --git a/.github/workflows/test-containers.yaml b/.github/workflows/test-containers.yaml index 714e602c8c..d3714cb44e 100644 --- a/.github/workflows/test-containers.yaml +++ b/.github/workflows/test-containers.yaml @@ -12,7 +12,7 @@ env: # Cancel current job when pushing new commit into the PR concurrency: - group: ${{ github.workflow }}-${{ github.ref }} + group: test-containers-${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true jobs: install-dev-tools: From 8c970f944cacb1b0c87dba3ba976b3c8e7ec906a Mon Sep 17 00:00:00 2001 From: marcellmueller Date: Fri, 7 Jun 2024 09:58:10 -0700 Subject: [PATCH 09/30] chore: fix registration1 workflow image location --- .../{local-app-run => run-registration1-app}/action.yml | 2 +- .github/workflows/test-containers.yaml | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) rename .github/actions/{local-app-run => run-registration1-app}/action.yml (93%) diff --git a/.github/actions/local-app-run/action.yml b/.github/actions/run-registration1-app/action.yml similarity index 93% rename from .github/actions/local-app-run/action.yml rename to .github/actions/run-registration1-app/action.yml index 0bf61ea075..4ef41a7e25 100644 --- a/.github/actions/local-app-run/action.yml +++ b/.github/actions/run-registration1-app/action.yml @@ -23,4 +23,4 @@ runs: run: docker run -d --network=host -e "DB_USER=postgres" -e "DB_NAME=registration" -e "DB_PORT=5432" -e "DB_HOST=localhost" -e "DJANGO_SECRET_KEY=${{ inputs.django_secret_key }}" -e "ALLOWED_HOSTS=localhost,0.0.0.0,127.0.0.1" -e "ENVIRONMENT=develop" -e "CI=true" ghcr.io/bcgov/cas-reg-backend:${{ github.sha }} - name: start frontend shell: bash - run: docker run -d --network=host -e "NEXTAUTH_URL_INTERNAL=http://localhost:3000/" -e "NEXTAUTH_URL=http://localhost:3000/" -e "NEXTAUTH_SECRET=${{ inputs.nextauth_secret }}" -e "API_URL=http://127.0.0.1:8000/api/" -e "KEYCLOAK_LOGIN_URL=https://dev.loginproxy.gov.bc.ca/auth/realms/standard" -e "KEYCLOAK_CLIENT_SECRET=${{ inputs.keycloak_client_secret }}" -e "KEYCLOAK_CLIENT_ID=${{ inputs.keycloak_client_id }}" ghcr.io/bcgov/cas-reg-frontend:${{ github.sha }} + run: docker run -d --network=host -e "NEXTAUTH_URL_INTERNAL=http://localhost:3000/" -e "NEXTAUTH_URL=http://localhost:3000/" -e "NEXTAUTH_SECRET=${{ inputs.nextauth_secret }}" -e "API_URL=http://127.0.0.1:8000/api/" -e "KEYCLOAK_LOGIN_URL=https://dev.loginproxy.gov.bc.ca/auth/realms/standard" -e "KEYCLOAK_CLIENT_SECRET=${{ inputs.keycloak_client_secret }}" -e "KEYCLOAK_CLIENT_ID=${{ inputs.keycloak_client_id }}" ghcr.io/bcgov/cas-reg1-frontend:${{ github.sha }} diff --git a/.github/workflows/test-containers.yaml b/.github/workflows/test-containers.yaml index d3714cb44e..c00b2d20bb 100644 --- a/.github/workflows/test-containers.yaml +++ b/.github/workflows/test-containers.yaml @@ -32,7 +32,7 @@ jobs: - name: dev env setup uses: ./.github/actions/dev-env-setup - name: run app locally - uses: ./.github/actions/local-app-run + uses: ./.github/actions/run-registration1-app with: django_secret_key: ${{ env.DJANGO_SECRET_KEY }} - name: ZAP Frontend Scan @@ -82,7 +82,7 @@ jobs: uses: ./.github/actions/dev-env-setup - name: ๐ŸŽ setup local app - uses: ./.github/actions/local-app-run + uses: ./.github/actions/run-registration1-app with: django_secret_key: ${{ env.DJANGO_SECRET_KEY }} keycloak_client_id: ${{ env.KEYCLOAK_CLIENT_ID }} @@ -204,7 +204,7 @@ jobs: - name: dev env setup uses: ./.github/actions/dev-env-setup - name: run app locally - uses: ./.github/actions/local-app-run + uses: ./.github/actions/run-registration1-app with: django_secret_key: ${{ env.DJANGO_SECRET_KEY }} - name: Run pytest From 45a7ff3b3aaf204dcca8db6e6ee5f41962d26959 Mon Sep 17 00:00:00 2001 From: marcellmueller Date: Fri, 7 Jun 2024 13:52:59 -0700 Subject: [PATCH 10/30] refactor: add docker build action --- .github/actions/docker-build/action.yaml | 79 ++++++++++++ .github/workflows/build.yaml | 158 +++++------------------ 2 files changed, 111 insertions(+), 126 deletions(-) create mode 100644 .github/actions/docker-build/action.yaml diff --git a/.github/actions/docker-build/action.yaml b/.github/actions/docker-build/action.yaml new file mode 100644 index 0000000000..489782d865 --- /dev/null +++ b/.github/actions/docker-build/action.yaml @@ -0,0 +1,79 @@ +name: "Build and push Docker image" +description: "Reusable action to build and push a Docker image" + +inputs: + project: + description: "Nx project name" + required: true + image_url: + description: "Docker image URL" + required: true + registry: + description: "Docker registry" + required: true + cache_key: + description: "Unique cache key name" + required: true + github_token: + description: "GitHub token" + required: true + +runs: + using: composite + steps: + - name: Setup Docker Buildx + uses: docker/setup-buildx-action@v2 + - name: Docker metadata + id: meta + uses: docker/metadata-action@v3 + with: + images: ${{ inputs.image_url }} + tags: | + type=sha,format=long,prefix= + latest + type=ref,event=pr + - name: Login to GitHub Container Registry + uses: docker/login-action@v2 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ inputs.github_token }} + - name: Install dependencies + shell: bash + run: | + corepack enable + yarn install --immutable + cd bciers && yarn install --immutable + - uses: actions/setup-node@v3 + - name: Derive appropriate SHAs for base and head for `nx affected` commands + uses: nrwl/nx-set-shas@v4 + with: + # This will need to be updated when giraffe-develop merges with develop + main-branch-name: "develop" + - name: Cache Docker layers + uses: actions/cache@v3 + with: + path: /tmp/.buildx-cache + key: ${{ runner.os }}-${{ inputs.cache_key }}${{ github.sha }} + restore-keys: | + ${{ runner.os }}-${{ inputs.cache_key }} + - name: Build images + shell: bash + env: + INPUT_GITHUB_TOKEN: ${{ inputs.github_token }} + INPUT_PUSH: true + INPUT_TAGS: ${{ steps.meta.outputs.tags }} + INPUT_LABELS: ${{ steps.meta.output.labels }} + INPUT_CACHE_FROM: type=local,src=/tmp/.buildx-cache + INPUT_CACHE_TO: type=local,dest=/tmp/.buildx-cache-new + run: | + npx nx container ${{ inputs.project }} --skip-nx-cache + working-directory: ./bciers + # Temp fix + # https://github.com/docker/build-push-action/issues/252 + # https://github.com/moby/buildkit/issues/1896 + - name: Move cache + shell: bash + run: | + rm -rf /tmp/.buildx-cache + mv /tmp/.buildx-cache-new /tmp/.buildx-cache diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index b229365223..08187a50e8 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -59,6 +59,38 @@ jobs: rm -rf /tmp/.buildx-cache mv /tmp/.buildx-cache-new /tmp/.buildx-cache + nx-docker-build-registration1: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + - name: Build registration1 container + uses: ./.github/actions/docker-build + with: + project: registration1 + image_url: ghcr.io/bcgov/cas-reg1-frontend + registry: ghcr.io + cache_key: buildx-bciers-registration1 + github_token: ${{ secrets.GITHUB_TOKEN }} + + nx-docker-build-reporting: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + - name: Build reporting container + uses: ./.github/actions/docker-build + with: + project: reporting + image_url: ghcr.io/bcgov/cas-rep-frontend + registry: ghcr.io + cache_key: buildx-bciers-reporting + github_token: ${{ secrets.GITHUB_TOKEN }} + # nx-docker-build-registration: # runs-on: ubuntu-latest # defaults: @@ -122,129 +154,3 @@ jobs: # run: | # rm -rf /tmp/.buildx-cache # mv /tmp/.buildx-cache-new /tmp/.buildx-cache - - nx-docker-build-registration1: - runs-on: ubuntu-latest - defaults: - run: - working-directory: ./bciers - steps: - - name: Checkout - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - name: Setup Docker Buildx - uses: docker/setup-buildx-action@v2 - - name: Docker metadata - id: meta - uses: docker/metadata-action@v3 - with: - images: ghcr.io/bcgov/cas-reg1-frontend - tags: | - type=sha,format=long,prefix= - latest - type=ref,event=pr - - name: Login to GitHub Container Registry - uses: docker/login-action@v2 - with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ secrets.GITHUB_TOKEN }} - - name: Install dependencies - run: | - corepack enable - yarn install --immutable - cd ../bciers && yarn install --immutable - - uses: actions/setup-node@v3 - - name: Derive appropriate SHAs for base and head for `nx affected` commands - uses: nrwl/nx-set-shas@v4 - with: - # This will need to be updated when giraffe-develop merges with develop - main-branch-name: "develop" - - name: Cache Docker layers - uses: actions/cache@v3 - with: - path: /tmp/.buildx-cache - key: ${{ runner.os }}-buildx-bciers-registration1${{ github.sha }} - restore-keys: | - ${{ runner.os }}-buildx-bciers-registration1 - - name: Build images - env: - INPUT_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - INPUT_PUSH: true - INPUT_TAGS: ${{ steps.meta.outputs.tags }} - INPUT_LABELS: ${{ steps.meta.output.labels }} - INPUT_CACHE_FROM: type=local,src=/tmp/.buildx-cache - INPUT_CACHE_TO: type=local,dest=/tmp/.buildx-cache-new - run: | - npx nx container registration1 --skip-nx-cache - # Temp fix - # https://github.com/docker/build-push-action/issues/252 - # https://github.com/moby/buildkit/issues/1896 - - name: Move cache - run: | - rm -rf /tmp/.buildx-cache - mv /tmp/.buildx-cache-new /tmp/.buildx-cache - - nx-docker-build-reporting: - runs-on: ubuntu-latest - defaults: - run: - working-directory: ./bciers - steps: - - name: Checkout - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - name: Setup Docker Buildx - uses: docker/setup-buildx-action@v2 - - name: Docker metadata - id: meta - uses: docker/metadata-action@v3 - with: - images: ghcr.io/bcgov/cas-rep-frontend - tags: | - type=sha,format=long,prefix= - latest - type=ref,event=pr - - name: Login to GitHub Container Registry - uses: docker/login-action@v2 - with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ secrets.GITHUB_TOKEN }} - - name: Install dependencies - run: | - corepack enable - yarn install --immutable - cd ../bciers && yarn install --immutable - - uses: actions/setup-node@v3 - - name: Derive appropriate SHAs for base and head for `nx affected` commands - uses: nrwl/nx-set-shas@v4 - with: - # This will need to be updated when giraffe-develop merges with develop - main-branch-name: "develop" - - name: Cache Docker layers - uses: actions/cache@v3 - with: - path: /tmp/.buildx-cache - key: ${{ runner.os }}-buildx-bciers-reporting${{ github.sha }} - restore-keys: | - ${{ runner.os }}-buildx-bciers-reporting - - name: Build images - env: - INPUT_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - INPUT_PUSH: true - INPUT_TAGS: ${{ steps.meta.outputs.tags }} - INPUT_LABELS: ${{ steps.meta.output.labels }} - INPUT_CACHE_FROM: type=local,src=/tmp/.buildx-cache - INPUT_CACHE_TO: type=local,dest=/tmp/.buildx-cache-new - run: | - npx nx container reporting --skip-nx-cache - # Temp fix - # https://github.com/docker/build-push-action/issues/252 - # https://github.com/moby/buildkit/issues/1896 - - name: Move cache - run: | - rm -rf /tmp/.buildx-cache - mv /tmp/.buildx-cache-new /tmp/.buildx-cache From 6b448b79d63343fe1d5eae0d475ae80daa9f6c6c Mon Sep 17 00:00:00 2001 From: marcellmueller Date: Fri, 7 Jun 2024 14:02:33 -0700 Subject: [PATCH 11/30] chore: rename docker-build action to nx-project-build --- .../{docker-build => nx-project-build}/action.yaml | 14 ++++---------- .github/workflows/build.yaml | 6 ++---- 2 files changed, 6 insertions(+), 14 deletions(-) rename .github/actions/{docker-build => nx-project-build}/action.yaml (85%) diff --git a/.github/actions/docker-build/action.yaml b/.github/actions/nx-project-build/action.yaml similarity index 85% rename from .github/actions/docker-build/action.yaml rename to .github/actions/nx-project-build/action.yaml index 489782d865..1d0976fee2 100644 --- a/.github/actions/docker-build/action.yaml +++ b/.github/actions/nx-project-build/action.yaml @@ -1,5 +1,5 @@ -name: "Build and push Docker image" -description: "Reusable action to build and push a Docker image" +name: "Nx project uild and push Docker image" +description: "Reusable action to build and push a Docker image for an Nx project in the /bciers directory" inputs: project: @@ -8,12 +8,6 @@ inputs: image_url: description: "Docker image URL" required: true - registry: - description: "Docker registry" - required: true - cache_key: - description: "Unique cache key name" - required: true github_token: description: "GitHub token" required: true @@ -54,9 +48,9 @@ runs: uses: actions/cache@v3 with: path: /tmp/.buildx-cache - key: ${{ runner.os }}-${{ inputs.cache_key }}${{ github.sha }} + key: ${{ runner.os }}-buildx-bciers-${{ inputs.project }}${{ github.sha }} restore-keys: | - ${{ runner.os }}-${{ inputs.cache_key }} + ${{ runner.os }}-buildx-bciers-${{ inputs.project }} - name: Build images shell: bash env: diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 08187a50e8..13f4f68a3e 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -67,12 +67,11 @@ jobs: with: fetch-depth: 0 - name: Build registration1 container - uses: ./.github/actions/docker-build + uses: ./.github/actions/nx-project-build with: project: registration1 image_url: ghcr.io/bcgov/cas-reg1-frontend registry: ghcr.io - cache_key: buildx-bciers-registration1 github_token: ${{ secrets.GITHUB_TOKEN }} nx-docker-build-reporting: @@ -83,12 +82,11 @@ jobs: with: fetch-depth: 0 - name: Build reporting container - uses: ./.github/actions/docker-build + uses: ./.github/actions/nx-project-build with: project: reporting image_url: ghcr.io/bcgov/cas-rep-frontend registry: ghcr.io - cache_key: buildx-bciers-reporting github_token: ${{ secrets.GITHUB_TOKEN }} # nx-docker-build-registration: From aec9f3402f4186df7778e1edc913bec3d4db3be7 Mon Sep 17 00:00:00 2001 From: marcellmueller Date: Fri, 7 Jun 2024 14:04:42 -0700 Subject: [PATCH 12/30] refactor: simplify workflow concurrency --- .github/workflows/build.yaml | 7 ------- .github/workflows/main.yaml | 4 ++++ .github/workflows/scan-code-trivy.yaml | 4 ---- .github/workflows/test-containers.yaml | 4 ---- .github/workflows/test.yaml | 5 ----- 5 files changed, 4 insertions(+), 20 deletions(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 13f4f68a3e..664dd0baad 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -3,11 +3,6 @@ name: Build BCIERS containers on: workflow_call: -# Cancel current job when pushing new commit into the PR -concurrency: - group: build-containers-${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true - jobs: backend-docker-build: runs-on: ubuntu-latest @@ -71,7 +66,6 @@ jobs: with: project: registration1 image_url: ghcr.io/bcgov/cas-reg1-frontend - registry: ghcr.io github_token: ${{ secrets.GITHUB_TOKEN }} nx-docker-build-reporting: @@ -86,7 +80,6 @@ jobs: with: project: reporting image_url: ghcr.io/bcgov/cas-rep-frontend - registry: ghcr.io github_token: ${{ secrets.GITHUB_TOKEN }} # nx-docker-build-registration: diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml index 85804316b4..32f1415145 100644 --- a/.github/workflows/main.yaml +++ b/.github/workflows/main.yaml @@ -9,6 +9,10 @@ on: branches: [develop, main] workflow_dispatch: +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + jobs: build-containers: uses: ./.github/workflows/build.yaml diff --git a/.github/workflows/scan-code-trivy.yaml b/.github/workflows/scan-code-trivy.yaml index 3383013ecd..57716913db 100644 --- a/.github/workflows/scan-code-trivy.yaml +++ b/.github/workflows/scan-code-trivy.yaml @@ -6,10 +6,6 @@ on: - frontend - backend -concurrency: - group: callee-trivy-${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true - jobs: trivy-scan-code: runs-on: ubuntu-latest diff --git a/.github/workflows/test-containers.yaml b/.github/workflows/test-containers.yaml index c00b2d20bb..e95b1371da 100644 --- a/.github/workflows/test-containers.yaml +++ b/.github/workflows/test-containers.yaml @@ -10,10 +10,6 @@ env: KEYCLOAK_CLIENT_SECRET: ${{ secrets.KEYCLOAK_CLIENT_SECRET }} NEXTAUTH_SECRET: ${{ secrets.NEXTAUTH_SECRET }} -# Cancel current job when pushing new commit into the PR -concurrency: - group: test-containers-${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true jobs: install-dev-tools: runs-on: ubuntu-latest diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 658651f584..f7e1205018 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -16,11 +16,6 @@ env: KEYCLOAK_CLIENT_SECRET: ${{ secrets.KEYCLOAK_CLIENT_SECRET }} NEXTAUTH_SECRET: ${{ secrets.NEXTAUTH_SECRET }} -# Cancel current job when pushing new commit into the PR -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true - jobs: install-dev-tools: runs-on: ubuntu-latest From 005697b35f5bad75796529444e3b4208a3692b9e Mon Sep 17 00:00:00 2001 From: marcellmueller Date: Fri, 7 Jun 2024 14:32:18 -0700 Subject: [PATCH 13/30] chore: test workflow dev tools setup --- .github/workflows/build.yaml | 2 ++ .github/workflows/main.yaml | 14 +++++++++++++- .github/workflows/test-containers.yaml | 15 +++------------ .github/workflows/test.yaml | 13 ------------- 4 files changed, 18 insertions(+), 26 deletions(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 664dd0baad..d3a41740d2 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -3,6 +3,8 @@ name: Build BCIERS containers on: workflow_call: +## test + jobs: backend-docker-build: runs-on: ubuntu-latest diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml index 32f1415145..f833780ee1 100644 --- a/.github/workflows/main.yaml +++ b/.github/workflows/main.yaml @@ -13,16 +13,28 @@ concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true +env: + PGUSER: postgres + jobs: + install-dev-tools: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: dev env setup + uses: ./.github/actions/dev-env-setup + - run: yarn install --immutable + working-directory: ./bciers build-containers: uses: ./.github/workflows/build.yaml test-code: uses: ./.github/workflows/test.yaml + needs: [install-dev-tools] scan-code-trivy: uses: ./.github/workflows/scan-code-trivy.yaml codeql-analysis: uses: ./.github/workflows/codeql.yaml test-containers: - needs: [build-containers] + needs: [build-containers, install-dev-tools] uses: ./.github/workflows/test-containers.yaml secrets: inherit diff --git a/.github/workflows/test-containers.yaml b/.github/workflows/test-containers.yaml index e95b1371da..cbc853872d 100644 --- a/.github/workflows/test-containers.yaml +++ b/.github/workflows/test-containers.yaml @@ -1,3 +1,6 @@ +# This file is used for tests that use containers. +# For tests that don't require containers to be built first, see test.yaml + name: Test BCIERS containers on: @@ -11,17 +14,7 @@ env: NEXTAUTH_SECRET: ${{ secrets.NEXTAUTH_SECRET }} jobs: - install-dev-tools: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - name: dev env setup - uses: ./.github/actions/dev-env-setup - - run: yarn install --immutable - working-directory: ./bciers - zap-owasp: - needs: [install-dev-tools] runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 @@ -54,7 +47,6 @@ jobs: e2e-tests: name: ๐Ÿงช e2e tests ${{ matrix.project }} - needs: [install-dev-tools] runs-on: ubuntu-latest timeout-minutes: 60 strategy: @@ -193,7 +185,6 @@ jobs: working-directory: ./bciers/apps/registration1 backend-tests: - needs: [install-dev-tools] runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index f7e1205018..cea1cfefad 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -17,17 +17,7 @@ env: NEXTAUTH_SECRET: ${{ secrets.NEXTAUTH_SECRET }} jobs: - install-dev-tools: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - name: dev env setup - uses: ./.github/actions/dev-env-setup - - run: yarn install --immutable - working-directory: ./bciers - nx-tests: - needs: install-dev-tools runs-on: ubuntu-latest defaults: run: @@ -46,7 +36,6 @@ jobs: shell: bash yarn-audit: - needs: install-dev-tools runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 @@ -56,7 +45,6 @@ jobs: working-directory: ./bciers pre-commit: - needs: install-dev-tools runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 @@ -83,7 +71,6 @@ jobs: - uses: pre-commit/action@v3.0.1 check-migrations: - needs: install-dev-tools runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 From bf0d82d8a229a430145c5303559e197229cfa006 Mon Sep 17 00:00:00 2001 From: marcellmueller Date: Fri, 7 Jun 2024 15:34:28 -0700 Subject: [PATCH 14/30] refactor: further split container workflows to optimize ci runtime --- .../action.yaml | 2 +- .github/workflows/build-backend.yaml | 57 +++++++++++++++++++ .../{build.yaml => build-nx-apps.yaml} | 56 +----------------- .github/workflows/main.yaml | 21 ++++--- .github/workflows/test-backend.yaml | 26 +++++++++ .../workflows/{test.yaml => test-code.yaml} | 0 ...test-containers.yaml => test-nx-apps.yaml} | 18 +----- .github/workflows/zap-owasp.yaml | 40 +++++++++++++ 8 files changed, 143 insertions(+), 77 deletions(-) rename .github/actions/{nx-project-build => nx-app-build}/action.yaml (98%) create mode 100644 .github/workflows/build-backend.yaml rename .github/workflows/{build.yaml => build-nx-apps.yaml} (63%) create mode 100644 .github/workflows/test-backend.yaml rename .github/workflows/{test.yaml => test-code.yaml} (100%) rename .github/workflows/{test-containers.yaml => test-nx-apps.yaml} (93%) create mode 100644 .github/workflows/zap-owasp.yaml diff --git a/.github/actions/nx-project-build/action.yaml b/.github/actions/nx-app-build/action.yaml similarity index 98% rename from .github/actions/nx-project-build/action.yaml rename to .github/actions/nx-app-build/action.yaml index 1d0976fee2..6c70755d9e 100644 --- a/.github/actions/nx-project-build/action.yaml +++ b/.github/actions/nx-app-build/action.yaml @@ -1,5 +1,5 @@ name: "Nx project uild and push Docker image" -description: "Reusable action to build and push a Docker image for an Nx project in the /bciers directory" +description: "Reusable action to build and push a Docker image for an Nx app in the /bciers directory" inputs: project: diff --git a/.github/workflows/build-backend.yaml b/.github/workflows/build-backend.yaml new file mode 100644 index 0000000000..8b899be113 --- /dev/null +++ b/.github/workflows/build-backend.yaml @@ -0,0 +1,57 @@ +name: Build BCIERS backend Docker container + +on: + workflow_call: + +## test + +jobs: + backend-docker-build: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: Set up Docker Buildx + id: buildx + uses: docker/setup-buildx-action@v3 + with: + install: true + - name: Docker meta + id: meta + uses: docker/metadata-action@v5 + with: + images: ghcr.io/bcgov/cas-reg-backend + tags: | + type=sha,format=long,prefix= + latest + type=ref,event=pr + - name: Login to GitHub Container Registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Cache Docker layers + uses: actions/cache@v4 + with: + path: /tmp/.buildx-cache + key: ${{ runner.os }}-buildx-bc_obps-${{ github.sha }} + restore-keys: | + ${{ runner.os }}-buildx-bc_obps + - name: Build image + uses: docker/build-push-action@v5 + with: + context: bc_obps + builder: ${{ steps.buildx.outputs.name }} + push: true + file: bc_obps/Dockerfile + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + cache-from: type=local,src=/tmp/.buildx-cache + cache-to: type=local,dest=/tmp/.buildx-cache-new + # Temp fix + # https://github.com/docker/build-push-action/issues/252 + # https://github.com/moby/buildkit/issues/1896 + - name: Move cache + run: | + rm -rf /tmp/.buildx-cache + mv /tmp/.buildx-cache-new /tmp/.buildx-cache diff --git a/.github/workflows/build.yaml b/.github/workflows/build-nx-apps.yaml similarity index 63% rename from .github/workflows/build.yaml rename to .github/workflows/build-nx-apps.yaml index d3a41740d2..5252d06465 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build-nx-apps.yaml @@ -1,4 +1,4 @@ -name: Build BCIERS containers +name: Build BCIERS Nx Project containers on: workflow_call: @@ -6,56 +6,6 @@ on: ## test jobs: - backend-docker-build: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - name: Set up Docker Buildx - id: buildx - uses: docker/setup-buildx-action@v3 - with: - install: true - - name: Docker meta - id: meta - uses: docker/metadata-action@v5 - with: - images: ghcr.io/bcgov/cas-reg-backend - tags: | - type=sha,format=long,prefix= - latest - type=ref,event=pr - - name: Login to GitHub Container Registry - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ secrets.GITHUB_TOKEN }} - - name: Cache Docker layers - uses: actions/cache@v4 - with: - path: /tmp/.buildx-cache - key: ${{ runner.os }}-buildx-bc_obps-${{ github.sha }} - restore-keys: | - ${{ runner.os }}-buildx-bc_obps - - name: Build image - uses: docker/build-push-action@v5 - with: - context: bc_obps - builder: ${{ steps.buildx.outputs.name }} - push: true - file: bc_obps/Dockerfile - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - cache-from: type=local,src=/tmp/.buildx-cache - cache-to: type=local,dest=/tmp/.buildx-cache-new - # Temp fix - # https://github.com/docker/build-push-action/issues/252 - # https://github.com/moby/buildkit/issues/1896 - - name: Move cache - run: | - rm -rf /tmp/.buildx-cache - mv /tmp/.buildx-cache-new /tmp/.buildx-cache - nx-docker-build-registration1: runs-on: ubuntu-latest steps: @@ -64,7 +14,7 @@ jobs: with: fetch-depth: 0 - name: Build registration1 container - uses: ./.github/actions/nx-project-build + uses: ./.github/actions/nx-app-build with: project: registration1 image_url: ghcr.io/bcgov/cas-reg1-frontend @@ -78,7 +28,7 @@ jobs: with: fetch-depth: 0 - name: Build reporting container - uses: ./.github/actions/nx-project-build + uses: ./.github/actions/nx-app-build with: project: reporting image_url: ghcr.io/bcgov/cas-rep-frontend diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml index f833780ee1..950176119e 100644 --- a/.github/workflows/main.yaml +++ b/.github/workflows/main.yaml @@ -25,16 +25,23 @@ jobs: uses: ./.github/actions/dev-env-setup - run: yarn install --immutable working-directory: ./bciers - build-containers: - uses: ./.github/workflows/build.yaml + build-backend: + uses: ./.github/workflows/build-backend.yaml + build-nx-apps: + uses: ./.github/workflows/build-nx-apps.yaml test-code: - uses: ./.github/workflows/test.yaml needs: [install-dev-tools] + uses: ./.github/workflows/test-code.yaml scan-code-trivy: uses: ./.github/workflows/scan-code-trivy.yaml codeql-analysis: uses: ./.github/workflows/codeql.yaml - test-containers: - needs: [build-containers, install-dev-tools] - uses: ./.github/workflows/test-containers.yaml - secrets: inherit + test-backend: + needs: [build-backend, install-dev-tools] + uses: ./.github/workflows/test-backend.yaml + test-nx-apps: + needs: [build-nx-apps, install-dev-tools] + uses: ./.github/workflows/test-nx-apps.yaml + zap-owasp: + needs: [build-nx-apps, build-backend, install-dev-tools] + uses: ./.github/workflows/zap-owasp.yaml diff --git a/.github/workflows/test-backend.yaml b/.github/workflows/test-backend.yaml new file mode 100644 index 0000000000..d392c58bae --- /dev/null +++ b/.github/workflows/test-backend.yaml @@ -0,0 +1,26 @@ +# This file is used for tests that use the backend container +# For tests that don't require containers to be built first, see test.yaml + +name: Test BCIERS backend container + +on: + workflow_call: + +env: + PGUSER: postgres + DJANGO_SECRET_KEY: ${{ secrets.DJANGO_SECRET_KEY }} + +jobs: + backend-tests: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: dev env setup + uses: ./.github/actions/dev-env-setup + - name: run app locally + uses: ./.github/actions/run-registration1-app + with: + django_secret_key: ${{ env.DJANGO_SECRET_KEY }} + - name: Run pytest + working-directory: ./bc_obps + run: make pythontests diff --git a/.github/workflows/test.yaml b/.github/workflows/test-code.yaml similarity index 100% rename from .github/workflows/test.yaml rename to .github/workflows/test-code.yaml diff --git a/.github/workflows/test-containers.yaml b/.github/workflows/test-nx-apps.yaml similarity index 93% rename from .github/workflows/test-containers.yaml rename to .github/workflows/test-nx-apps.yaml index cbc853872d..f7e1d8d020 100644 --- a/.github/workflows/test-containers.yaml +++ b/.github/workflows/test-nx-apps.yaml @@ -1,7 +1,7 @@ -# This file is used for tests that use containers. +# This file is used for tests that use Nx app containers. # For tests that don't require containers to be built first, see test.yaml -name: Test BCIERS containers +name: Test BCIERS Nx App containers on: workflow_call: @@ -183,17 +183,3 @@ jobs: HAPPO_NONCE: ${{ github.sha }} run: npx happo-e2e finalize working-directory: ./bciers/apps/registration1 - - backend-tests: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - name: dev env setup - uses: ./.github/actions/dev-env-setup - - name: run app locally - uses: ./.github/actions/run-registration1-app - with: - django_secret_key: ${{ env.DJANGO_SECRET_KEY }} - - name: Run pytest - working-directory: ./bc_obps - run: make pythontests diff --git a/.github/workflows/zap-owasp.yaml b/.github/workflows/zap-owasp.yaml new file mode 100644 index 0000000000..c0597f0de7 --- /dev/null +++ b/.github/workflows/zap-owasp.yaml @@ -0,0 +1,40 @@ +name: ZAP OWASP Scan Code + +on: + workflow_call: + +env: + PGUSER: postgres + DJANGO_SECRET_KEY: ${{ secrets.DJANGO_SECRET_KEY }} + +jobs: + zap-owasp: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: dev env setup + uses: ./.github/actions/dev-env-setup + - name: run app locally + uses: ./.github/actions/run-registration1-app + with: + django_secret_key: ${{ env.DJANGO_SECRET_KEY }} + - name: ZAP Frontend Scan + uses: zaproxy/action-baseline@v0.12.0 + with: + token: ${{ secrets.GITHUB_TOKEN }} + docker_name: "ghcr.io/zaproxy/zaproxy:stable" + target: "http://localhost:3000/" + rules_file_name: ".zap/rules-frontend.tsv" + cmd_options: "-a -d -T 5 -m 2" + issue_title: OWASP Baseline - Frontend + fail_action: false + - name: ZAP Backend Scan + uses: zaproxy/action-baseline@v0.12.0 + with: + token: ${{ secrets.GITHUB_TOKEN }} + docker_name: "ghcr.io/zaproxy/zaproxy:stable" + target: "http://0.0.0.0:8000/" + rules_file_name: ".zap/rules-backend.tsv" + cmd_options: "-a -d -T 5 -m 2" + issue_title: OWASP Baseline - Backend + fail_action: false From 5a0b9327a2dd1149b38dacf07c15870f9a3f3ee6 Mon Sep 17 00:00:00 2001 From: marcellmueller Date: Fri, 7 Jun 2024 15:39:05 -0700 Subject: [PATCH 15/30] chore: remove duplicate ci job --- .github/workflows/test-nx-apps.yaml | 31 ----------------------------- 1 file changed, 31 deletions(-) diff --git a/.github/workflows/test-nx-apps.yaml b/.github/workflows/test-nx-apps.yaml index f7e1d8d020..d1d0469b1b 100644 --- a/.github/workflows/test-nx-apps.yaml +++ b/.github/workflows/test-nx-apps.yaml @@ -14,37 +14,6 @@ env: NEXTAUTH_SECRET: ${{ secrets.NEXTAUTH_SECRET }} jobs: - zap-owasp: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - name: dev env setup - uses: ./.github/actions/dev-env-setup - - name: run app locally - uses: ./.github/actions/run-registration1-app - with: - django_secret_key: ${{ env.DJANGO_SECRET_KEY }} - - name: ZAP Frontend Scan - uses: zaproxy/action-baseline@v0.12.0 - with: - token: ${{ secrets.GITHUB_TOKEN }} - docker_name: "ghcr.io/zaproxy/zaproxy:stable" - target: "http://localhost:3000/" - rules_file_name: ".zap/rules-frontend.tsv" - cmd_options: "-a -d -T 5 -m 2" - issue_title: OWASP Baseline - Frontend - fail_action: false - - name: ZAP Backend Scan - uses: zaproxy/action-baseline@v0.12.0 - with: - token: ${{ secrets.GITHUB_TOKEN }} - docker_name: "ghcr.io/zaproxy/zaproxy:stable" - target: "http://0.0.0.0:8000/" - rules_file_name: ".zap/rules-backend.tsv" - cmd_options: "-a -d -T 5 -m 2" - issue_title: OWASP Baseline - Backend - fail_action: false - e2e-tests: name: ๐Ÿงช e2e tests ${{ matrix.project }} runs-on: ubuntu-latest From 4e752c2967bc39ce2721533b854add68e2849b14 Mon Sep 17 00:00:00 2001 From: marcellmueller Date: Mon, 10 Jun 2024 08:03:45 -0700 Subject: [PATCH 16/30] refactor: ci build jobs --- .github/workflows/build-backend.yaml | 2 - .github/workflows/build-nx-apps.yaml | 99 ------------------- .github/workflows/build-registration.yaml | 19 ++++ .github/workflows/build-registration1.yaml | 19 ++++ .github/workflows/build-reporting.yaml | 19 ++++ .github/workflows/main.yaml | 28 +++--- .../{test-nx-apps.yaml => test-e2e.yaml} | 0 7 files changed, 74 insertions(+), 112 deletions(-) delete mode 100644 .github/workflows/build-nx-apps.yaml create mode 100644 .github/workflows/build-registration.yaml create mode 100644 .github/workflows/build-registration1.yaml create mode 100644 .github/workflows/build-reporting.yaml rename .github/workflows/{test-nx-apps.yaml => test-e2e.yaml} (100%) diff --git a/.github/workflows/build-backend.yaml b/.github/workflows/build-backend.yaml index 8b899be113..932490c997 100644 --- a/.github/workflows/build-backend.yaml +++ b/.github/workflows/build-backend.yaml @@ -3,8 +3,6 @@ name: Build BCIERS backend Docker container on: workflow_call: -## test - jobs: backend-docker-build: runs-on: ubuntu-latest diff --git a/.github/workflows/build-nx-apps.yaml b/.github/workflows/build-nx-apps.yaml deleted file mode 100644 index 5252d06465..0000000000 --- a/.github/workflows/build-nx-apps.yaml +++ /dev/null @@ -1,99 +0,0 @@ -name: Build BCIERS Nx Project containers - -on: - workflow_call: - -## test - -jobs: - nx-docker-build-registration1: - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - name: Build registration1 container - uses: ./.github/actions/nx-app-build - with: - project: registration1 - image_url: ghcr.io/bcgov/cas-reg1-frontend - github_token: ${{ secrets.GITHUB_TOKEN }} - - nx-docker-build-reporting: - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - name: Build reporting container - uses: ./.github/actions/nx-app-build - with: - project: reporting - image_url: ghcr.io/bcgov/cas-rep-frontend - github_token: ${{ secrets.GITHUB_TOKEN }} - - # nx-docker-build-registration: - # runs-on: ubuntu-latest - # defaults: - # run: - # working-directory: ./bciers - # needs: backend-docker-build - # steps: - # - name: Checkout - # uses: actions/checkout@v4 - # with: - # fetch-depth: 0 - # - name: Setup Docker Buildx - # uses: docker/setup-buildx-action@v2 - # - name: Docker metadata - # id: meta - # uses: docker/metadata-action@v3 - # with: - # images: ghcr.io/bcgov/cas-reg-frontend - # tags: | - # type=sha,format=long,prefix= - # latest - # type=ref,event=pr - # - name: Login to GitHub Container Registry - # uses: docker/login-action@v2 - # with: - # registry: ghcr.io - # username: ${{ github.repository_owner }} - # password: ${{ secrets.GITHUB_TOKEN }} - # - name: Install dependencies - # run: | - # corepack enable - # yarn install --immutable - # cd ../bciers && yarn install --immutable - # - uses: actions/setup-node@v3 - # - name: Derive appropriate SHAs for base and head for `nx affected` commands - # uses: nrwl/nx-set-shas@v4 - # with: - # # This will need to be updated when giraffe-develop merges with develop - # main-branch-name: "develop" - # - name: Cache Docker layers - # uses: actions/cache@v3 - # with: - # path: /tmp/.buildx-cache - # key: ${{ runner.os }}-buildx-bciers-registration${{ github.sha }} - # restore-keys: | - # ${{ runner.os }}-buildx-bciers-registration - # - name: Build images - # env: - # INPUT_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - # INPUT_PUSH: true - # INPUT_TAGS: ${{ steps.meta.outputs.tags }} - # INPUT_LABELS: ${{ steps.meta.output.labels }} - # INPUT_CACHE_FROM: type=local,src=/tmp/.buildx-cache - # INPUT_CACHE_TO: type=local,dest=/tmp/.buildx-cache-new - # run: | - # npx nx container registration --skip-nx-cache - # # Temp fix - # # https://github.com/docker/build-push-action/issues/252 - # # https://github.com/moby/buildkit/issues/1896 - # - name: Move cache - # run: | - # rm -rf /tmp/.buildx-cache - # mv /tmp/.buildx-cache-new /tmp/.buildx-cache diff --git a/.github/workflows/build-registration.yaml b/.github/workflows/build-registration.yaml new file mode 100644 index 0000000000..094e4baa73 --- /dev/null +++ b/.github/workflows/build-registration.yaml @@ -0,0 +1,19 @@ +name: Build Registration Docker container + +on: + workflow_call: + +jobs: + nx-docker-build-registration: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + - name: Build registration container + uses: ./.github/actions/nx-app-build + with: + project: registration + image_url: ghcr.io/bcgov/cas-reg-frontend + github_token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/build-registration1.yaml b/.github/workflows/build-registration1.yaml new file mode 100644 index 0000000000..984df28a58 --- /dev/null +++ b/.github/workflows/build-registration1.yaml @@ -0,0 +1,19 @@ +name: Build Registration1 Docker container + +on: + workflow_call: + +jobs: + nx-docker-build-registration1: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + - name: Build registration1 container + uses: ./.github/actions/nx-app-build + with: + project: registration1 + image_url: ghcr.io/bcgov/cas-reg1-frontend + github_token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/build-reporting.yaml b/.github/workflows/build-reporting.yaml new file mode 100644 index 0000000000..4fbb41b432 --- /dev/null +++ b/.github/workflows/build-reporting.yaml @@ -0,0 +1,19 @@ +name: Build Reporting Docker container + +on: + workflow_call: + +jobs: + nx-docker-build-reporting: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + - name: Build reporting container + uses: ./.github/actions/nx-app-build + with: + project: reporting + image_url: ghcr.io/bcgov/cas-rep-frontend + github_token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml index 950176119e..3995c843f1 100644 --- a/.github/workflows/main.yaml +++ b/.github/workflows/main.yaml @@ -27,21 +27,27 @@ jobs: working-directory: ./bciers build-backend: uses: ./.github/workflows/build-backend.yaml - build-nx-apps: - uses: ./.github/workflows/build-nx-apps.yaml + # build-registration: + # uses: ./.github/workflows/build-registration.yaml + build-registration1: + uses: ./.github/workflows/build-registration1.yaml + build-reporting: + uses: ./.github/workflows/build-reporting.yaml test-code: needs: [install-dev-tools] uses: ./.github/workflows/test-code.yaml - scan-code-trivy: - uses: ./.github/workflows/scan-code-trivy.yaml - codeql-analysis: - uses: ./.github/workflows/codeql.yaml test-backend: - needs: [build-backend, install-dev-tools] + needs: [build-backend, build-registration1, install-dev-tools] uses: ./.github/workflows/test-backend.yaml - test-nx-apps: - needs: [build-nx-apps, install-dev-tools] - uses: ./.github/workflows/test-nx-apps.yaml + test-e2e: + needs: [build-registration1, install-dev-tools] + uses: ./.github/workflows/test-e2e.yaml + secrets: inherit zap-owasp: - needs: [build-nx-apps, build-backend, install-dev-tools] + # We will need to set up registration part 2 and reporting to get zap scanned + needs: [build-backend, build-registration1, install-dev-tools] uses: ./.github/workflows/zap-owasp.yaml + scan-code-trivy: + uses: ./.github/workflows/scan-code-trivy.yaml + codeql-analysis: + uses: ./.github/workflows/codeql.yaml diff --git a/.github/workflows/test-nx-apps.yaml b/.github/workflows/test-e2e.yaml similarity index 100% rename from .github/workflows/test-nx-apps.yaml rename to .github/workflows/test-e2e.yaml From 8bb5552c73c5b5b8b32256e0eab35320d8594450 Mon Sep 17 00:00:00 2001 From: marcellmueller Date: Mon, 10 Jun 2024 08:09:28 -0700 Subject: [PATCH 17/30] chore: add run-backend action --- .github/actions/run-backend/action.yml | 14 ++++++++++++++ .github/actions/run-registration1-app/action.yml | 5 +++-- .github/workflows/main.yaml | 2 +- .github/workflows/test-backend.yaml | 4 ++-- 4 files changed, 20 insertions(+), 5 deletions(-) create mode 100644 .github/actions/run-backend/action.yml diff --git a/.github/actions/run-backend/action.yml b/.github/actions/run-backend/action.yml new file mode 100644 index 0000000000..e2efaa4843 --- /dev/null +++ b/.github/actions/run-backend/action.yml @@ -0,0 +1,14 @@ +name: "Run Django backend" +description: "Runs the Django backend locally" + +inputs: + django_secret_key: + description: "Django secret key" + required: true + +runs: + using: composite + steps: + - name: start backend + shell: bash + run: docker run -d --network=host -e "DB_USER=postgres" -e "DB_NAME=registration" -e "DB_PORT=5432" -e "DB_HOST=localhost" -e "DJANGO_SECRET_KEY=${{ inputs.django_secret_key }}" -e "ALLOWED_HOSTS=localhost,0.0.0.0,127.0.0.1" -e "ENVIRONMENT=develop" -e "CI=true" ghcr.io/bcgov/cas-reg-backend:${{ github.sha }} diff --git a/.github/actions/run-registration1-app/action.yml b/.github/actions/run-registration1-app/action.yml index 4ef41a7e25..f034d895ba 100644 --- a/.github/actions/run-registration1-app/action.yml +++ b/.github/actions/run-registration1-app/action.yml @@ -19,8 +19,9 @@ runs: using: composite steps: - name: start backend - shell: bash - run: docker run -d --network=host -e "DB_USER=postgres" -e "DB_NAME=registration" -e "DB_PORT=5432" -e "DB_HOST=localhost" -e "DJANGO_SECRET_KEY=${{ inputs.django_secret_key }}" -e "ALLOWED_HOSTS=localhost,0.0.0.0,127.0.0.1" -e "ENVIRONMENT=develop" -e "CI=true" ghcr.io/bcgov/cas-reg-backend:${{ github.sha }} + uses: ./.github/actions/run-backend + with: + django_secret_key: ${{ inputs.django_secret_key }} - name: start frontend shell: bash run: docker run -d --network=host -e "NEXTAUTH_URL_INTERNAL=http://localhost:3000/" -e "NEXTAUTH_URL=http://localhost:3000/" -e "NEXTAUTH_SECRET=${{ inputs.nextauth_secret }}" -e "API_URL=http://127.0.0.1:8000/api/" -e "KEYCLOAK_LOGIN_URL=https://dev.loginproxy.gov.bc.ca/auth/realms/standard" -e "KEYCLOAK_CLIENT_SECRET=${{ inputs.keycloak_client_secret }}" -e "KEYCLOAK_CLIENT_ID=${{ inputs.keycloak_client_id }}" ghcr.io/bcgov/cas-reg1-frontend:${{ github.sha }} diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml index 3995c843f1..98d3fa7e05 100644 --- a/.github/workflows/main.yaml +++ b/.github/workflows/main.yaml @@ -37,7 +37,7 @@ jobs: needs: [install-dev-tools] uses: ./.github/workflows/test-code.yaml test-backend: - needs: [build-backend, build-registration1, install-dev-tools] + needs: [build-backend, install-dev-tools] uses: ./.github/workflows/test-backend.yaml test-e2e: needs: [build-registration1, install-dev-tools] diff --git a/.github/workflows/test-backend.yaml b/.github/workflows/test-backend.yaml index d392c58bae..0ad7037362 100644 --- a/.github/workflows/test-backend.yaml +++ b/.github/workflows/test-backend.yaml @@ -17,8 +17,8 @@ jobs: - uses: actions/checkout@v4 - name: dev env setup uses: ./.github/actions/dev-env-setup - - name: run app locally - uses: ./.github/actions/run-registration1-app + - name: start backend + uses: ./.github/actions/run-backend with: django_secret_key: ${{ env.DJANGO_SECRET_KEY }} - name: Run pytest From f821a36847795d34f46cb27215014d71b4b92522 Mon Sep 17 00:00:00 2001 From: marcellmueller Date: Mon, 10 Jun 2024 08:27:18 -0700 Subject: [PATCH 18/30] chore: fix missing secrets --- .github/workflows/main.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml index 98d3fa7e05..92236900d6 100644 --- a/.github/workflows/main.yaml +++ b/.github/workflows/main.yaml @@ -39,6 +39,7 @@ jobs: test-backend: needs: [build-backend, install-dev-tools] uses: ./.github/workflows/test-backend.yaml + secrets: inherit test-e2e: needs: [build-registration1, install-dev-tools] uses: ./.github/workflows/test-e2e.yaml From 7bf5d60f0e45b5129bffc3bb207f9d5975e58c84 Mon Sep 17 00:00:00 2001 From: marcellmueller Date: Tue, 11 Jun 2024 09:17:07 -0700 Subject: [PATCH 19/30] chore: add registration2 helm templates --- .../templates/frontend/deployment.yaml | 80 ------------------ .../templates/frontend/hpa.yaml | 28 ------- .../templates/frontend/service.yaml | 16 ---- .../templates/registration/deployment.yaml | 82 +++++++++++++++++++ .../templates/registration/hpa.yaml | 28 +++++++ .../templates/registration/route.yaml | 24 ++++++ .../templates/registration/service.yaml | 18 ++++ .../templates/registration1/deployment.yaml | 80 ++++++++++++++++++ .../templates/registration1/hpa.yaml | 28 +++++++ .../{frontend => registration1}/route.yaml | 8 +- .../{frontend => registration1}/secret.yaml | 0 .../templates/registration1/service.yaml | 16 ++++ helm/cas-registration/values-dev.yaml | 17 +++- helm/cas-registration/values-giraffe.yaml | 64 +++++++++++++++ helm/cas-registration/values-prod.yaml | 2 +- helm/cas-registration/values-test.yaml | 2 +- helm/cas-registration/values.yaml | 45 +++++++++- 17 files changed, 405 insertions(+), 133 deletions(-) delete mode 100644 helm/cas-registration/templates/frontend/deployment.yaml delete mode 100644 helm/cas-registration/templates/frontend/hpa.yaml delete mode 100644 helm/cas-registration/templates/frontend/service.yaml create mode 100644 helm/cas-registration/templates/registration/deployment.yaml create mode 100644 helm/cas-registration/templates/registration/hpa.yaml create mode 100644 helm/cas-registration/templates/registration/route.yaml create mode 100644 helm/cas-registration/templates/registration/service.yaml create mode 100644 helm/cas-registration/templates/registration1/deployment.yaml create mode 100644 helm/cas-registration/templates/registration1/hpa.yaml rename helm/cas-registration/templates/{frontend => registration1}/route.yaml (76%) rename helm/cas-registration/templates/{frontend => registration1}/secret.yaml (100%) create mode 100644 helm/cas-registration/templates/registration1/service.yaml create mode 100644 helm/cas-registration/values-giraffe.yaml diff --git a/helm/cas-registration/templates/frontend/deployment.yaml b/helm/cas-registration/templates/frontend/deployment.yaml deleted file mode 100644 index a40201813c..0000000000 --- a/helm/cas-registration/templates/frontend/deployment.yaml +++ /dev/null @@ -1,80 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "cas-registration.fullname" . }}-frontend - labels: - component: frontend -{{- include "cas-registration.labels" . | nindent 4 }} -spec: -{{- if not .Values.frontend.autoscaling.enabled }} - replicas: {{ .Values.frontend.replicaCount }} - {{- end }} - selector: - matchLabels: - {{- include "cas-registration.selectorLabels" . | nindent 6 }} - component: frontend - strategy: - type: RollingUpdate - template: - metadata: - labels: -{{- include "cas-registration.selectorLabels" . | nindent 8 }} - component: frontend - spec: - containers: - - name: {{ template "cas-registration.fullname" . }}-frontend - env: - - name: API_URL - value: http://{{ include "cas-registration.fullname" . }}-backend.{{ .Release.Namespace }}.svc.cluster.local:{{ .Values.backend.service.port }}/api/ - - name: KEYCLOAK_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: keycloak-gold-client-secret - key: kcClientSecret - - name: KEYCLOAK_AUTH_URL - value: {{ .Values.frontend.auth.keycloakAuthUrl}} - - name: KEYCLOAK_REALMS - value: {{ .Values.frontend.auth.keycloakRealms}} - - name: KEYCLOAK_OIDC - value: {{ .Values.frontend.auth.keycloakOidc}} - - name: KEYCLOAK_LOGIN_URL - value: {{ .Values.frontend.auth.keycloakAuthUrl}}{{ .Values.frontend.auth.keycloakRealms }} - - name: KEYCLOAK_LOGOUT_URL - value: {{ .Values.frontend.auth.keycloakAuthUrl}}{{ .Values.frontend.auth.keycloakRealms }}{{ .Values.frontend.auth.keycloakOidc}}/logout - - name: KEYCLOAK_TOKEN_URL - value: {{ .Values.frontend.auth.keycloakAuthUrl}}{{ .Values.frontend.auth.keycloakRealms }}{{ .Values.frontend.auth.keycloakOidc}}/token - - name: NEXTAUTH_URL - value: https://{{ .Values.frontend.route.host }} - - name: SITEMINDER_AUTH_URL - value: {{ .Values.frontend.auth.siteminderAuthUrl }} - - name: SITEMINDER_LOGOUT_URL - value: {{ .Values.frontend.auth.siteminderAuthUrl }}/clp-cgi/logoff.cgi - - name: NEXT_PUBLIC_KEYCLOAK_LOGOUT_URL - value: {{ .Values.frontend.auth.siteminderAuthUrl }}/clp-cgi/logoff.cgi?retnow=1&returl={{ .Values.frontend.auth.keycloakAuthUrl}}{{ .Values.frontend.auth.keycloakRealms }}{{ .Values.frontend.auth.keycloakOidc}}/logout - - name: KEYCLOAK_CLIENT_ID - value: {{ .Values.frontend.auth.keycloakClientId }} - - name: SITEMINDER_KEYCLOAK_LOGOUT_URL - value: {{ .Values.frontend.auth.siteminderAuthUrl }}/clp-cgi/logoff.cgi?retnow=1&returl={{ .Values.frontend.auth.keycloakAuthUrl}}{{ .Values.frontend.auth.keycloakRealms }}{{ .Values.frontend.auth.keycloakOidc}}/logout - - name: NEXTAUTH_SECRET - valueFrom: - secretKeyRef: - name: {{ template "cas-registration.fullname" . }}-nextauth - key: nextauth-secret - - name: NEXT_PUBLIC_GROWTHBOOK_CLIENT_KEY - value: {{ .Values.growthbook.clientKey }} - {{- if hasSuffix "-prod" .Release.Namespace }} - - name: SENTRY_ENVIRONMENT - value: {{ include "cas-registration.namespaceSuffix" . }} - - name: SENTRY_RELEASE - value: {{ .Values.frontend.image.tag }} - - name: SENTRY_TRACE_SAMPLE_RATE - value: {{ .Values.frontend.sentry.traceSampleRate | quote }} - {{- end }} - image: "{{ .Values.frontend.image.repository }}:{{ .Values.defaultImageTag | default .Values.frontend.image.tag }}" - imagePullPolicy: {{ .Values.frontend.image.pullPolicy }} - ports: - - containerPort: {{ .Values.frontend.service.port }} - protocol: TCP - resources: - {{- toYaml .Values.frontend.resources | nindent 12 }} - restartPolicy: Always diff --git a/helm/cas-registration/templates/frontend/hpa.yaml b/helm/cas-registration/templates/frontend/hpa.yaml deleted file mode 100644 index 2c807e03e0..0000000000 --- a/helm/cas-registration/templates/frontend/hpa.yaml +++ /dev/null @@ -1,28 +0,0 @@ -{{- if .Values.frontend.autoscaling.enabled }} -apiVersion: autoscaling/v2beta1 -kind: HorizontalPodAutoscaler -metadata: - name: {{ include "cas-registration.fullname" . }}-frontend - labels: - {{- include "cas-registration.labels" . | nindent 4 }} -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{ include "cas-registration.fullname" . }}-frontend - minReplicas: {{ .Values.frontend.autoscaling.minReplicas }} - maxReplicas: {{ .Values.frontend.autoscaling.maxReplicas }} - metrics: - {{- if .Values.frontend.autoscaling.targetCPUUtilizationPercentage }} - - type: Resource - resource: - name: cpu - targetAverageUtilization: {{ .Values.frontend.autoscaling.targetCPUUtilizationPercentage }} - {{- end }} - {{- if .Values.frontend.autoscaling.targetMemoryUtilizationPercentage }} - - type: Resource - resource: - name: memory - targetAverageUtilization: {{ .Values.frontend.autoscaling.targetMemoryUtilizationPercentage }} - {{- end }} -{{- end }} diff --git a/helm/cas-registration/templates/frontend/service.yaml b/helm/cas-registration/templates/frontend/service.yaml deleted file mode 100644 index f63c618049..0000000000 --- a/helm/cas-registration/templates/frontend/service.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "cas-registration.fullname" . }}-frontend - labels: - {{- include "cas-registration.labels" . | nindent 4 }} -spec: - type: {{ .Values.frontend.service.type }} - ports: - - port: {{ .Values.frontend.service.port }} - targetPort: 3000 - protocol: TCP - name: {{ include "cas-registration.fullname" . }}-frontend - selector: - {{- include "cas-registration.selectorLabels" . | nindent 4 }} - component: frontend diff --git a/helm/cas-registration/templates/registration/deployment.yaml b/helm/cas-registration/templates/registration/deployment.yaml new file mode 100644 index 0000000000..cf42d20824 --- /dev/null +++ b/helm/cas-registration/templates/registration/deployment.yaml @@ -0,0 +1,82 @@ +{{- if (.Values.registrationFrontend.enabled) }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "cas-registration.fullname" . }}-registration-frontend + labels: + component: registration-frontend +{{- include "cas-registration.labels" . | nindent 4 }} +spec: +{{- if not .Values.registrationFrontend.autoscaling.enabled }} + replicas: {{ .Values.registrationFrontend.replicaCount }} + {{- end }} + selector: + matchLabels: + {{- include "cas-registration.selectorLabels" . | nindent 6 }} + component: registration-frontend + strategy: + type: RollingUpdate + template: + metadata: + labels: +{{- include "cas-registration.selectorLabels" . | nindent 8 }} + component: registration-frontend + spec: + containers: + - name: {{ template "cas-registration.fullname" . }}-registration-frontend + env: + - name: API_URL + value: http://{{ include "cas-registration.fullname" . }}-backend.{{ .Release.Namespace }}.svc.cluster.local:{{ .Values.backend.service.port }}/api/ + - name: KEYCLOAK_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: keycloak-gold-client-secret + key: kcClientSecret + - name: KEYCLOAK_AUTH_URL + value: {{ .Values.registrationFrontend.auth.keycloakAuthUrl}} + - name: KEYCLOAK_REALMS + value: {{ .Values.registrationFrontend.auth.keycloakRealms}} + - name: KEYCLOAK_OIDC + value: {{ .Values.registrationFrontend.auth.keycloakOidc}} + - name: KEYCLOAK_LOGIN_URL + value: {{ .Values.registrationFrontend.auth.keycloakAuthUrl}}{{ .Values.registrationFrontend.auth.keycloakRealms }} + - name: KEYCLOAK_LOGOUT_URL + value: {{ .Values.registrationFrontend.auth.keycloakAuthUrl}}{{ .Values.registrationFrontend.auth.keycloakRealms }}{{ .Values.registrationFrontend.auth.keycloakOidc}}/logout + - name: KEYCLOAK_TOKEN_URL + value: {{ .Values.registrationFrontend.auth.keycloakAuthUrl}}{{ .Values.registrationFrontend.auth.keycloakRealms }}{{ .Values.registrationFrontend.auth.keycloakOidc}}/token + - name: NEXTAUTH_URL + value: https://{{ .Values.registrationFrontend.route.host }} + - name: SITEMINDER_AUTH_URL + value: {{ .Values.registrationFrontend.auth.siteminderAuthUrl }} + - name: SITEMINDER_LOGOUT_URL + value: {{ .Values.registrationFrontend.auth.siteminderAuthUrl }}/clp-cgi/logoff.cgi + - name: NEXT_PUBLIC_KEYCLOAK_LOGOUT_URL + value: {{ .Values.registrationFrontend.auth.siteminderAuthUrl }}/clp-cgi/logoff.cgi?retnow=1&returl={{ .Values.registrationFrontend.auth.keycloakAuthUrl}}{{ .Values.registrationFrontend.auth.keycloakRealms }}{{ .Values.registrationFrontend.auth.keycloakOidc}}/logout + - name: KEYCLOAK_CLIENT_ID + value: {{ .Values.registrationFrontend.auth.keycloakClientId }} + - name: SITEMINDER_KEYCLOAK_LOGOUT_URL + value: {{ .Values.registrationFrontend.auth.siteminderAuthUrl }}/clp-cgi/logoff.cgi?retnow=1&returl={{ .Values.registrationFrontend.auth.keycloakAuthUrl}}{{ .Values.registrationFrontend.auth.keycloakRealms }}{{ .Values.registrationFrontend.auth.keycloakOidc}}/logout + - name: NEXTAUTH_SECRET + valueFrom: + secretKeyRef: + name: {{ template "cas-registration.fullname" . }}-nextauth + key: nextauth-secret + - name: NEXT_PUBLIC_GROWTHBOOK_CLIENT_KEY + value: {{ .Values.growthbook.clientKey }} + {{- if hasSuffix "-prod" .Release.Namespace }} + - name: SENTRY_ENVIRONMENT + value: {{ include "cas-registration.namespaceSuffix" . }} + - name: SENTRY_RELEASE + value: {{ .Values.registrationFrontend.image.tag }} + - name: SENTRY_TRACE_SAMPLE_RATE + value: {{ .Values.registrationFrontend.sentry.traceSampleRate | quote }} + {{- end }} + image: "{{ .Values.registrationFrontend.image.repository }}:{{ .Values.defaultImageTag | default .Values.registrationFrontend.image.tag }}" + imagePullPolicy: {{ .Values.registrationFrontend.image.pullPolicy }} + ports: + - containerPort: {{ .Values.registrationFrontend.service.port }} + protocol: TCP + resources: + {{- toYaml .Values.registrationFrontend.resources | nindent 12 }} + restartPolicy: Always +{{- end }} diff --git a/helm/cas-registration/templates/registration/hpa.yaml b/helm/cas-registration/templates/registration/hpa.yaml new file mode 100644 index 0000000000..07fe2d639f --- /dev/null +++ b/helm/cas-registration/templates/registration/hpa.yaml @@ -0,0 +1,28 @@ +{{- if .Values.registration1Frontend.autoscaling.enabled }} +apiVersion: autoscaling/v2beta1 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "cas-registration.fullname" . }}-registration-frontend + labels: + {{- include "cas-registration.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "cas-registration.fullname" . }}-registration-frontend + minReplicas: {{ .Values.registrationFrontend.autoscaling.minReplicas }} + maxReplicas: {{ .Values.registrationFrontend.autoscaling.maxReplicas }} + metrics: + {{- if .Values.registrationFrontend.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + targetAverageUtilization: {{ .Values.registrationFrontend.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.registrationFrontend.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + targetAverageUtilization: {{ .Values.registrationFrontend.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/helm/cas-registration/templates/registration/route.yaml b/helm/cas-registration/templates/registration/route.yaml new file mode 100644 index 0000000000..b881e9377f --- /dev/null +++ b/helm/cas-registration/templates/registration/route.yaml @@ -0,0 +1,24 @@ +{{- if (.Values.registrationFrontend.enabled) }} +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + name: {{ template "cas-registration.fullname" . }}-registration-frontend + labels: +{{ include "cas-registration.labels" . | indent 4 }} + annotations: + haproxy.router.openshift.io/balance: roundrobin + haproxy.router.openshift.io/rewrite-target: / + +spec: + host: {{ .Values.registrationFrontend.route.host }} + path: {{ .Values.registrationFrontend.route.path }} + port: + targetPort: {{ template "cas-registration.fullname" . }}-registration-frontend + tls: + insecureEdgeTerminationPolicy: Redirect + termination: edge + to: + kind: Service + name: {{ template "cas-registration.fullname" . }}-registration-frontend + weight: 100 +{{- end }} diff --git a/helm/cas-registration/templates/registration/service.yaml b/helm/cas-registration/templates/registration/service.yaml new file mode 100644 index 0000000000..935f851327 --- /dev/null +++ b/helm/cas-registration/templates/registration/service.yaml @@ -0,0 +1,18 @@ +{{- if (.Values.registrationFrontend.enabled) }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "cas-registration.fullname" . }}-registration-frontend + labels: + {{- include "cas-registration.labels" . | nindent 4 }} +spec: + type: {{ .Values.registrationFrontend.service.type }} + ports: + - port: {{ .Values.registrationFrontend.service.port }} + targetPort: 3000 + protocol: TCP + name: {{ include "cas-registration.fullname" . }}-registration-frontend + selector: + {{- include "cas-registration.selectorLabels" . | nindent 4 }} + component: frontend +{{- end }} diff --git a/helm/cas-registration/templates/registration1/deployment.yaml b/helm/cas-registration/templates/registration1/deployment.yaml new file mode 100644 index 0000000000..85d2045dee --- /dev/null +++ b/helm/cas-registration/templates/registration1/deployment.yaml @@ -0,0 +1,80 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "cas-registration.fullname" . }}-registration1-frontend + labels: + component: registration1-frontend +{{- include "cas-registration.labels" . | nindent 4 }} +spec: +{{- if not .Values.registration1Frontend.autoscaling.enabled }} + replicas: {{ .Values.registration1Frontend.replicaCount }} + {{- end }} + selector: + matchLabels: + {{- include "cas-registration.selectorLabels" . | nindent 6 }} + component: registration1-frontend + strategy: + type: RollingUpdate + template: + metadata: + labels: +{{- include "cas-registration.selectorLabels" . | nindent 8 }} + component: registration1-frontend + spec: + containers: + - name: {{ template "cas-registration.fullname" . }}-registration1-frontend + env: + - name: API_URL + value: http://{{ include "cas-registration.fullname" . }}-backend.{{ .Release.Namespace }}.svc.cluster.local:{{ .Values.backend.service.port }}/api/ + - name: KEYCLOAK_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: keycloak-gold-client-secret + key: kcClientSecret + - name: KEYCLOAK_AUTH_URL + value: {{ .Values.registration1Frontend.auth.keycloakAuthUrl}} + - name: KEYCLOAK_REALMS + value: {{ .Values.registration1Frontend.auth.keycloakRealms}} + - name: KEYCLOAK_OIDC + value: {{ .Values.registration1Frontend.auth.keycloakOidc}} + - name: KEYCLOAK_LOGIN_URL + value: {{ .Values.registration1Frontend.auth.keycloakAuthUrl}}{{ .Values.registration1Frontend.auth.keycloakRealms }} + - name: KEYCLOAK_LOGOUT_URL + value: {{ .Values.registration1Frontend.auth.keycloakAuthUrl}}{{ .Values.registration1Frontend.auth.keycloakRealms }}{{ .Values.registration1Frontend.auth.keycloakOidc}}/logout + - name: KEYCLOAK_TOKEN_URL + value: {{ .Values.registration1Frontend.auth.keycloakAuthUrl}}{{ .Values.registration1Frontend.auth.keycloakRealms }}{{ .Values.registration1Frontend.auth.keycloakOidc}}/token + - name: NEXTAUTH_URL + value: https://{{ .Values.registration1Frontend.route.host }} + - name: SITEMINDER_AUTH_URL + value: {{ .Values.registration1Frontend.auth.siteminderAuthUrl }} + - name: SITEMINDER_LOGOUT_URL + value: {{ .Values.registration1Frontend.auth.siteminderAuthUrl }}/clp-cgi/logoff.cgi + - name: NEXT_PUBLIC_KEYCLOAK_LOGOUT_URL + value: {{ .Values.registration1Frontend.auth.siteminderAuthUrl }}/clp-cgi/logoff.cgi?retnow=1&returl={{ .Values.registration1Frontend.auth.keycloakAuthUrl}}{{ .Values.registration1Frontend.auth.keycloakRealms }}{{ .Values.registration1Frontend.auth.keycloakOidc}}/logout + - name: KEYCLOAK_CLIENT_ID + value: {{ .Values.registration1Frontend.auth.keycloakClientId }} + - name: SITEMINDER_KEYCLOAK_LOGOUT_URL + value: {{ .Values.registration1Frontend.auth.siteminderAuthUrl }}/clp-cgi/logoff.cgi?retnow=1&returl={{ .Values.registration1Frontend.auth.keycloakAuthUrl}}{{ .Values.registration1Frontend.auth.keycloakRealms }}{{ .Values.registration1Frontend.auth.keycloakOidc}}/logout + - name: NEXTAUTH_SECRET + valueFrom: + secretKeyRef: + name: {{ template "cas-registration.fullname" . }}-nextauth + key: nextauth-secret + - name: NEXT_PUBLIC_GROWTHBOOK_CLIENT_KEY + value: {{ .Values.growthbook.clientKey }} + {{- if hasSuffix "-prod" .Release.Namespace }} + - name: SENTRY_ENVIRONMENT + value: {{ include "cas-registration.namespaceSuffix" . }} + - name: SENTRY_RELEASE + value: {{ .Values.registration1Frontend.image.tag }} + - name: SENTRY_TRACE_SAMPLE_RATE + value: {{ .Values.registration1Frontend.sentry.traceSampleRate | quote }} + {{- end }} + image: "{{ .Values.registration1Frontend.image.repository }}:{{ .Values.defaultImageTag | default .Values.registration1Frontend.image.tag }}" + imagePullPolicy: {{ .Values.registration1Frontend.image.pullPolicy }} + ports: + - containerPort: {{ .Values.registration1Frontend.service.port }} + protocol: TCP + resources: + {{- toYaml .Values.registration1Frontend.resources | nindent 12 }} + restartPolicy: Always diff --git a/helm/cas-registration/templates/registration1/hpa.yaml b/helm/cas-registration/templates/registration1/hpa.yaml new file mode 100644 index 0000000000..7013d55d7e --- /dev/null +++ b/helm/cas-registration/templates/registration1/hpa.yaml @@ -0,0 +1,28 @@ +{{- if .Values.registration1Frontend.autoscaling.enabled }} +apiVersion: autoscaling/v2beta1 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "cas-registration.fullname" . }}-registration1-frontend + labels: + {{- include "cas-registration.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "cas-registration.fullname" . }}-registration1-frontend + minReplicas: {{ .Values.registration1Frontend.autoscaling.minReplicas }} + maxReplicas: {{ .Values.registration1Frontend.autoscaling.maxReplicas }} + metrics: + {{- if .Values.registration1Frontend.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + targetAverageUtilization: {{ .Values.registration1Frontend.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.registration1Frontend.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + targetAverageUtilization: {{ .Values.registration1Frontend.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/helm/cas-registration/templates/frontend/route.yaml b/helm/cas-registration/templates/registration1/route.yaml similarity index 76% rename from helm/cas-registration/templates/frontend/route.yaml rename to helm/cas-registration/templates/registration1/route.yaml index 9a6e49775c..fa7a16a83c 100644 --- a/helm/cas-registration/templates/frontend/route.yaml +++ b/helm/cas-registration/templates/registration1/route.yaml @@ -13,16 +13,16 @@ apiVersion: route.openshift.io/v1 kind: Route metadata: - name: {{ template "cas-registration.fullname" . }}-frontend + name: {{ template "cas-registration.fullname" . }}-registration1-frontend labels: {{ include "cas-registration.labels" . | indent 4 }} annotations: haproxy.router.openshift.io/balance: roundrobin spec: - host: {{ .Values.frontend.route.host }} + host: {{ .Values.registration1Frontend.route.host }} port: - targetPort: {{ template "cas-registration.fullname" . }}-frontend + targetPort: {{ template "cas-registration.fullname" . }}-registration1-frontend tls: insecureEdgeTerminationPolicy: Redirect termination: edge @@ -33,5 +33,5 @@ spec: {{- end }} to: kind: Service - name: {{ template "cas-registration.fullname" . }}-frontend + name: {{ template "cas-registration.fullname" . }}-registration1-frontend weight: 100 diff --git a/helm/cas-registration/templates/frontend/secret.yaml b/helm/cas-registration/templates/registration1/secret.yaml similarity index 100% rename from helm/cas-registration/templates/frontend/secret.yaml rename to helm/cas-registration/templates/registration1/secret.yaml diff --git a/helm/cas-registration/templates/registration1/service.yaml b/helm/cas-registration/templates/registration1/service.yaml new file mode 100644 index 0000000000..874b7918bc --- /dev/null +++ b/helm/cas-registration/templates/registration1/service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "cas-registration.fullname" . }}-registration1-frontend + labels: + {{- include "cas-registration.labels" . | nindent 4 }} +spec: + type: {{ .Values.registration1Frontend.service.type }} + ports: + - port: {{ .Values.registration1Frontend.service.port }} + targetPort: 3000 + protocol: TCP + name: {{ include "cas-registration.fullname" . }}-registration1-frontend + selector: + {{- include "cas-registration.selectorLabels" . | nindent 4 }} + component: frontend diff --git a/helm/cas-registration/values-dev.yaml b/helm/cas-registration/values-dev.yaml index 0b66a6b6fd..ed83d91654 100644 --- a/helm/cas-registration/values-dev.yaml +++ b/helm/cas-registration/values-dev.yaml @@ -20,7 +20,22 @@ backend: cpu: 60m memory: 256Mi -frontend: +registrationFrontend: + replicaCount: 1 + + route: + host: cas-reg-frontend-dev.apps.silver.devops.gov.bc.ca + path: "/registration2" + + environment: develop + + auth: + keycloakAuthUrl: https://dev.loginproxy.gov.bc.ca/auth + siteminderAuthUrl: https://logontest7.gov.bc.ca + + + +registration1Frontend: replicaCount: 2 image: diff --git a/helm/cas-registration/values-giraffe.yaml b/helm/cas-registration/values-giraffe.yaml new file mode 100644 index 0000000000..7425cf7137 --- /dev/null +++ b/helm/cas-registration/values-giraffe.yaml @@ -0,0 +1,64 @@ +# Temporary values for Monorepo-supported cas registration with cas-reporting. +# This should deploy into a namespace to trial the side-by-side deployments. + +# This forces {include "cas-registration.fullname"} to use our temporary naming. +fullnameOverride: cas-bciers + +backend: + replicaCount: 2 + + image: + tag: "latest" + + route: + host: cas-bciers-backend-dev.apps.silver.devops.gov.bc.ca + + environment: develop + + deployRoute: true + + resources: + limits: + cpu: 200m + memory: 512Mi + requests: + cpu: 60m + memory: 256Mi + +registration1Frontend: + replicaCount: 2 + + image: + tag: "latest" + + route: + host: cas-bciers-frontend-dev.apps.silver.devops.gov.bc.ca + + environment: develop + + auth: + keycloakAuthUrl: https://dev.loginproxy.gov.bc.ca/auth + siteminderAuthUrl: https://logontest7.gov.bc.ca + + resources: + limits: + cpu: 200m + memory: 512Mi + requests: + cpu: 60m + memory: 256Mi + +reportingFrontend: + enabled: true + + route: + host: cas-bciers-frontend-dev.apps.silver.devops.gov.bc.ca + path: "/reportingpath" + + resources: + limits: + cpu: 200m + memory: 512Mi + requests: + cpu: 60m + memory: 256Mi diff --git a/helm/cas-registration/values-prod.yaml b/helm/cas-registration/values-prod.yaml index 9ebf763345..0a59cdc336 100644 --- a/helm/cas-registration/values-prod.yaml +++ b/helm/cas-registration/values-prod.yaml @@ -18,7 +18,7 @@ backend: cpu: 300m memory: 300Mi -frontend: +registration1Frontend: replicaCount: 2 image: diff --git a/helm/cas-registration/values-test.yaml b/helm/cas-registration/values-test.yaml index edcfaee575..374e26cd60 100644 --- a/helm/cas-registration/values-test.yaml +++ b/helm/cas-registration/values-test.yaml @@ -18,7 +18,7 @@ backend: cpu: 60m memory: 256Mi -frontend: +registration1Frontend: replicaCount: 2 image: diff --git a/helm/cas-registration/values.yaml b/helm/cas-registration/values.yaml index b14c1b5028..5b44d4b3a3 100644 --- a/helm/cas-registration/values.yaml +++ b/helm/cas-registration/values.yaml @@ -37,15 +37,55 @@ backend: targetCPUUtilizationPercentage: 80 # targetMemoryUtilizationPercentage: 80 -frontend: +registrationFrontend: + image: + repository: ghcr.io/bcgov/cas-reg-frontend + pullPolicy: Always + # Overrides the image tag whose default is the chart appVersion. + tag: "latest" + replicaCount: 1 + environment: ~ + + auth: + keycloakAuthUrl: ~ + keycloakRealms: /realms/standard + keycloakOidc: /protocol/openid-connect + keycloakClientId: obps-4953 + + service: + type: ClusterIP + port: 3000 + + route: + host: ~ + + resources: + limits: + cpu: 100m + memory: 256Mi + requests: + cpu: 60m + memory: 192Mi + + autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +# Registration Part I frontend +registration1Frontend: image: - repository: ghcr.io/bcgov/cas-reg-frontend + repository: ghcr.io/bcgov/cas-reg1-frontend pullPolicy: Always # Overrides the image tag whose default is the chart appVersion. tag: "latest" + replicaCount: 1 + environment: ~ auth: @@ -60,6 +100,7 @@ frontend: route: host: ~ + path: ~ resources: limits: From 70f8cd54b8b77d84531d3cb235f657f1a9f1fd27 Mon Sep 17 00:00:00 2001 From: marcellmueller Date: Tue, 11 Jun 2024 11:50:20 -0700 Subject: [PATCH 20/30] chore: rename main workflow --- .github/workflows/build-backend.yaml | 2 +- .github/workflows/build-registration.yaml | 2 +- .github/workflows/build-registration1.yaml | 2 +- .github/workflows/build-reporting.yaml | 2 +- .github/workflows/codeql.yaml | 1 - .github/workflows/main.yaml | 8 ++++---- .github/workflows/test-backend.yaml | 2 +- .github/workflows/{scan-code-trivy.yaml => trivy.yaml} | 2 +- .github/workflows/zap-owasp.yaml | 2 +- 9 files changed, 11 insertions(+), 12 deletions(-) rename .github/workflows/{scan-code-trivy.yaml => trivy.yaml} (98%) diff --git a/.github/workflows/build-backend.yaml b/.github/workflows/build-backend.yaml index 932490c997..11008e5eb5 100644 --- a/.github/workflows/build-backend.yaml +++ b/.github/workflows/build-backend.yaml @@ -4,7 +4,7 @@ on: workflow_call: jobs: - backend-docker-build: + docker-build: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 diff --git a/.github/workflows/build-registration.yaml b/.github/workflows/build-registration.yaml index 094e4baa73..10c670a955 100644 --- a/.github/workflows/build-registration.yaml +++ b/.github/workflows/build-registration.yaml @@ -4,7 +4,7 @@ on: workflow_call: jobs: - nx-docker-build-registration: + docker-build: runs-on: ubuntu-latest steps: - name: Checkout diff --git a/.github/workflows/build-registration1.yaml b/.github/workflows/build-registration1.yaml index 984df28a58..e2db710e58 100644 --- a/.github/workflows/build-registration1.yaml +++ b/.github/workflows/build-registration1.yaml @@ -4,7 +4,7 @@ on: workflow_call: jobs: - nx-docker-build-registration1: + docker-build: runs-on: ubuntu-latest steps: - name: Checkout diff --git a/.github/workflows/build-reporting.yaml b/.github/workflows/build-reporting.yaml index 4fbb41b432..84161df05c 100644 --- a/.github/workflows/build-reporting.yaml +++ b/.github/workflows/build-reporting.yaml @@ -4,7 +4,7 @@ on: workflow_call: jobs: - nx-docker-build-reporting: + docker-build: runs-on: ubuntu-latest steps: - name: Checkout diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index 5c7cb1aa5a..f23e48b893 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -22,7 +22,6 @@ on: jobs: analyze: - name: Analyze runs-on: ubuntu-latest permissions: actions: read diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml index 92236900d6..c2cbea34c7 100644 --- a/.github/workflows/main.yaml +++ b/.github/workflows/main.yaml @@ -1,6 +1,6 @@ # This is the main workflow which will orchestrate the other workflows: -name: BCIERS Main Workflow +name: main on: push: @@ -48,7 +48,7 @@ jobs: # We will need to set up registration part 2 and reporting to get zap scanned needs: [build-backend, build-registration1, install-dev-tools] uses: ./.github/workflows/zap-owasp.yaml - scan-code-trivy: - uses: ./.github/workflows/scan-code-trivy.yaml - codeql-analysis: + trivy: + uses: ./.github/workflows/trivy.yaml + codeql: uses: ./.github/workflows/codeql.yaml diff --git a/.github/workflows/test-backend.yaml b/.github/workflows/test-backend.yaml index 0ad7037362..2bef38d14a 100644 --- a/.github/workflows/test-backend.yaml +++ b/.github/workflows/test-backend.yaml @@ -11,7 +11,7 @@ env: DJANGO_SECRET_KEY: ${{ secrets.DJANGO_SECRET_KEY }} jobs: - backend-tests: + pythontests: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 diff --git a/.github/workflows/scan-code-trivy.yaml b/.github/workflows/trivy.yaml similarity index 98% rename from .github/workflows/scan-code-trivy.yaml rename to .github/workflows/trivy.yaml index 57716913db..a2672fc2ad 100644 --- a/.github/workflows/scan-code-trivy.yaml +++ b/.github/workflows/trivy.yaml @@ -7,7 +7,7 @@ on: - backend jobs: - trivy-scan-code: + analyze: runs-on: ubuntu-latest timeout-minutes: 60 steps: diff --git a/.github/workflows/zap-owasp.yaml b/.github/workflows/zap-owasp.yaml index c0597f0de7..819442da53 100644 --- a/.github/workflows/zap-owasp.yaml +++ b/.github/workflows/zap-owasp.yaml @@ -8,7 +8,7 @@ env: DJANGO_SECRET_KEY: ${{ secrets.DJANGO_SECRET_KEY }} jobs: - zap-owasp: + zap-scan: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 From dcf6547ce05df48bb9cb4806d96274e39557f16f Mon Sep 17 00:00:00 2001 From: marcellmueller Date: Tue, 11 Jun 2024 12:42:07 -0700 Subject: [PATCH 21/30] chore: fix spelling error in nx-app-build --- .github/actions/nx-app-build/action.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/nx-app-build/action.yaml b/.github/actions/nx-app-build/action.yaml index 6c70755d9e..fa29ee1317 100644 --- a/.github/actions/nx-app-build/action.yaml +++ b/.github/actions/nx-app-build/action.yaml @@ -1,4 +1,4 @@ -name: "Nx project uild and push Docker image" +name: "Build and push Docker image for Nx frontend app in /bciers directory" description: "Reusable action to build and push a Docker image for an Nx app in the /bciers directory" inputs: From 36d7d1aaeebf588eb4b2ccb9dd2d70a23fd6989b Mon Sep 17 00:00:00 2001 From: marcellmueller Date: Tue, 18 Jun 2024 13:53:44 -0700 Subject: [PATCH 22/30] chore: rebase --- .github/actions/nx-app-build/action.yaml | 10 +++++----- .github/workflows/codeql.yaml | 4 ---- .github/workflows/test-code.yaml | 4 ---- .github/workflows/trivy.yaml | 3 --- 4 files changed, 5 insertions(+), 16 deletions(-) diff --git a/.github/actions/nx-app-build/action.yaml b/.github/actions/nx-app-build/action.yaml index fa29ee1317..14c0104e58 100644 --- a/.github/actions/nx-app-build/action.yaml +++ b/.github/actions/nx-app-build/action.yaml @@ -16,10 +16,10 @@ runs: using: composite steps: - name: Setup Docker Buildx - uses: docker/setup-buildx-action@v2 + uses: docker/setup-buildx-action@v3 - name: Docker metadata id: meta - uses: docker/metadata-action@v3 + uses: docker/metadata-action@v5 with: images: ${{ inputs.image_url }} tags: | @@ -27,7 +27,7 @@ runs: latest type=ref,event=pr - name: Login to GitHub Container Registry - uses: docker/login-action@v2 + uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.repository_owner }} @@ -38,14 +38,14 @@ runs: corepack enable yarn install --immutable cd bciers && yarn install --immutable - - uses: actions/setup-node@v3 + - uses: actions/setup-node@v4 - name: Derive appropriate SHAs for base and head for `nx affected` commands uses: nrwl/nx-set-shas@v4 with: # This will need to be updated when giraffe-develop merges with develop main-branch-name: "develop" - name: Cache Docker layers - uses: actions/cache@v3 + uses: actions/cache@v4 with: path: /tmp/.buildx-cache key: ${{ runner.os }}-buildx-bciers-${{ inputs.project }}${{ github.sha }} diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index f23e48b893..abe32b986e 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -13,10 +13,6 @@ name: "CodeQL" on: workflow_call: - tags: - - frontend - - backend - - configs schedule: - cron: "19 23 * * 5" diff --git a/.github/workflows/test-code.yaml b/.github/workflows/test-code.yaml index cea1cfefad..437eff0d89 100644 --- a/.github/workflows/test-code.yaml +++ b/.github/workflows/test-code.yaml @@ -4,10 +4,6 @@ name: Test BCIERS code on: workflow_call: - tags: - - frontend - - backend - - components env: PGUSER: postgres diff --git a/.github/workflows/trivy.yaml b/.github/workflows/trivy.yaml index a2672fc2ad..abc4cc3011 100644 --- a/.github/workflows/trivy.yaml +++ b/.github/workflows/trivy.yaml @@ -2,9 +2,6 @@ name: Trivy Scan Code on: workflow_call: - tags: - - frontend - - backend jobs: analyze: From f9399750ee0f85cff6282ce2270380a1e2344379 Mon Sep 17 00:00:00 2001 From: marcellmueller Date: Wed, 19 Jun 2024 13:15:39 -0700 Subject: [PATCH 23/30] chore: add registration part2 build workflow --- .github/actions/nx-app-build/action.yaml | 1 - .github/workflows/main.yaml | 4 ++-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/actions/nx-app-build/action.yaml b/.github/actions/nx-app-build/action.yaml index 14c0104e58..54ca843c49 100644 --- a/.github/actions/nx-app-build/action.yaml +++ b/.github/actions/nx-app-build/action.yaml @@ -42,7 +42,6 @@ runs: - name: Derive appropriate SHAs for base and head for `nx affected` commands uses: nrwl/nx-set-shas@v4 with: - # This will need to be updated when giraffe-develop merges with develop main-branch-name: "develop" - name: Cache Docker layers uses: actions/cache@v4 diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml index c2cbea34c7..93a6159cc3 100644 --- a/.github/workflows/main.yaml +++ b/.github/workflows/main.yaml @@ -27,8 +27,8 @@ jobs: working-directory: ./bciers build-backend: uses: ./.github/workflows/build-backend.yaml - # build-registration: - # uses: ./.github/workflows/build-registration.yaml + build-registration: + uses: ./.github/workflows/build-registration.yaml build-registration1: uses: ./.github/workflows/build-registration1.yaml build-reporting: From af52fd44c39f4c23b2212026ac2a26497245b5d6 Mon Sep 17 00:00:00 2001 From: marcellmueller Date: Wed, 19 Jun 2024 13:27:48 -0700 Subject: [PATCH 24/30] chore: update registration dockerfile --- bciers/apps/registration/Dockerfile | 14 ++++++++------ bciers/apps/registration/project.json | 3 ++- 2 files changed, 10 insertions(+), 7 deletions(-) diff --git a/bciers/apps/registration/Dockerfile b/bciers/apps/registration/Dockerfile index d3fe635449..f340c885a6 100644 --- a/bciers/apps/registration/Dockerfile +++ b/bciers/apps/registration/Dockerfile @@ -1,6 +1,9 @@ COPY ./package*.json ./ RUN corepack enable -RUN yarn install --immutable --production==false --ignore-scripts +RUN yarn set version 4.2.0 +# Force Yarn to use standard node-modules folder +RUN echo 'nodeLinker: "node-modules"' >> ./.yarnrc.yml +RUN yarn install # Production image, copy all the files and run next FROM docker.io/node:20.11 as runner @@ -12,11 +15,10 @@ ENTRYPOINT ["dumb-init", "--"] ENV NODE_ENV production ENV PORT 3000 WORKDIR /usr/src/app -COPY --from=deps /usr/src/app/node_modules ./node_modules -COPY --from=deps /usr/src/app/package.json ./package.json -COPY ./public ./public -COPY ./.next ./.next -RUN chown -R node:node . +COPY --from=deps --chown=node:node /usr/src/app/node_modules node_modules +COPY --from=deps --chown=node:node /usr/src/app/package.json package.json +COPY --chown=node:node ./public ./public +COPY --chown=node:node ./.next ./.next USER node EXPOSE 3000 # COPY --chown=node:node ./tools/scripts/entrypoints/api.sh /usr/local/bin/docker-entrypoint.sh diff --git a/bciers/apps/registration/project.json b/bciers/apps/registration/project.json index 9bb0c4da51..01f50af1c3 100644 --- a/bciers/apps/registration/project.json +++ b/bciers/apps/registration/project.json @@ -17,7 +17,8 @@ "defaultConfiguration": "dev", "options": { "outputPath": "dist/registration", - "experimentalAppOnly": true + "experimentalAppOnly": true, + "generateLockfile": true } }, "start": { From 2318f74d2ecfc983b78227a8dc597dfbf989395b Mon Sep 17 00:00:00 2001 From: marcellmueller Date: Wed, 19 Jun 2024 15:12:24 -0700 Subject: [PATCH 25/30] chore: fix secrets --- bciers/apps/registration/Dockerfile | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/bciers/apps/registration/Dockerfile b/bciers/apps/registration/Dockerfile index f340c885a6..557cae4314 100644 --- a/bciers/apps/registration/Dockerfile +++ b/bciers/apps/registration/Dockerfile @@ -1,5 +1,9 @@ +# Install dependencies only when needed +FROM docker.io/node:20.11 as deps +WORKDIR /usr/src/app COPY ./package*.json ./ RUN corepack enable +RUN corepack enable RUN yarn set version 4.2.0 # Force Yarn to use standard node-modules folder RUN echo 'nodeLinker: "node-modules"' >> ./.yarnrc.yml From 739cff807c5f909a989d71d4f2011a32ebdc2f7c Mon Sep 17 00:00:00 2001 From: marcellmueller Date: Wed, 19 Jun 2024 15:18:54 -0700 Subject: [PATCH 26/30] chore: update e2e secrets --- .github/workflows/test-e2e.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/test-e2e.yaml b/.github/workflows/test-e2e.yaml index d1d0469b1b..d066607ff5 100644 --- a/.github/workflows/test-e2e.yaml +++ b/.github/workflows/test-e2e.yaml @@ -71,21 +71,21 @@ jobs: E2E_CAS_USER: ${{ secrets.E2E_CAS_USER }} E2E_CAS_USER_GUID: ${{ secrets.E2E_CAS_USER_GUID }} E2E_CAS_USER_PASSWORD: ${{ secrets.E2E_CAS_USER_PASSWORD}} - E2E_CAS_ADMIN_STORAGE: ${{ secrets.E2E_CAS_ADMIN_STORAGE}} - E2E_CAS_ANALYST_STORAGE: ${{ secrets.E2E_CAS_ANALYST_STORAGE}} - E2E_CAS_PENDING_STORAGE: ${{ secrets.E2E_CAS_PENDING_STORAGE}} + E2E_CAS_ADMIN_STORAGE_STATE: ${{ secrets.E2E_CAS_ADMIN_STORAGE_STATE}} + E2E_CAS_ANALYST_STORAGE_STATE: ${{ secrets.E2E_CAS_ANALYST_STORAGE_STATE}} + E2E_CAS_PENDING_STORAGE_STATE: ${{ secrets.E2E_CAS_PENDING_STORAGE_STATE}} E2E_INDUSTRY_USER_ADMIN: bc-cas-dev E2E_INDUSTRY_USER_ADMIN_GUID: ${{ secrets.E2E_INDUSTRY_USER_ADMIN_GUID }} E2E_INDUSTRY_USER_ADMIN_PASSWORD: ${{ secrets.E2E_INDUSTRY_USER_ADMIN_PASSWORD }} - E2E_INDUSTRY_USER_ADMIN_STORAGE: ${{ secrets.E2E_INDUSTRY_USER_ADMIN_STORAGE}} + E2E_INDUSTRY_USER_ADMIN_STORAGE_STATE: ${{ secrets.E2E_INDUSTRY_USER_ADMIN_STORAGE_STATE}} E2E_INDUSTRY_USER: bc-cas-dev-secondary E2E_INDUSTRY_USER_GUID: ${{ secrets.E2E_INDUSTRY_USER_GUID }} E2E_INDUSTRY_USER_PASSWORD: ${{ secrets.E2E_INDUSTRY_USER_PASSWORD }} - E2E_INDUSTRY_USER_STORAGE: ${{ secrets.E2E_INDUSTRY_USER_STORAGE}} + E2E_INDUSTRY_USER_STORAGE_STATE: ${{ secrets.E2E_INDUSTRY_USER_STORAGE_STATE}} E2E_NEW_USER: bc-cas-dev-three E2E_NEW_USER_GUID: ${{ secrets.E2E_NEW_USER_GUID }} E2E_NEW_USER_PASSWORD: ${{ secrets.E2E_NEW_USER_PASSWORD }} - E2E_NEW_USER_STORAGE: ${{ secrets.E2E_NEW_USER_STORAGE}} + E2E_NEW_USER_STORAGE_STATE: ${{ secrets.E2E_NEW_USER_STORAGE_STATE}} HAPPO_API_KEY: ${{ secrets.HAPPO_API_KEY }} HAPPO_API_SECRET: ${{ secrets.HAPPO_API_SECRET }} HAPPO_NONCE: ${{ github.sha }} From 3999b27e4b5cbe8ec39026edc2ea12a3fbcbaaea Mon Sep 17 00:00:00 2001 From: marcellmueller Date: Fri, 28 Jun 2024 07:47:37 -0700 Subject: [PATCH 27/30] chore: update comment based on pr review suggestion --- .github/workflows/test-e2e.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test-e2e.yaml b/.github/workflows/test-e2e.yaml index d066607ff5..3f0c2b3ba7 100644 --- a/.github/workflows/test-e2e.yaml +++ b/.github/workflows/test-e2e.yaml @@ -1,5 +1,5 @@ # This file is used for tests that use Nx app containers. -# For tests that don't require containers to be built first, see test.yaml +# For tests that don't require containers to be built first, see test-code.yaml name: Test BCIERS Nx App containers From 30a92a74563cab597384e858cfa7e986ea7e342b Mon Sep 17 00:00:00 2001 From: marcellmueller Date: Fri, 28 Jun 2024 07:49:04 -0700 Subject: [PATCH 28/30] chore: fix rebase regression --- helm/cas-registration/values-giraffe.yaml | 64 ----------------------- 1 file changed, 64 deletions(-) delete mode 100644 helm/cas-registration/values-giraffe.yaml diff --git a/helm/cas-registration/values-giraffe.yaml b/helm/cas-registration/values-giraffe.yaml deleted file mode 100644 index 7425cf7137..0000000000 --- a/helm/cas-registration/values-giraffe.yaml +++ /dev/null @@ -1,64 +0,0 @@ -# Temporary values for Monorepo-supported cas registration with cas-reporting. -# This should deploy into a namespace to trial the side-by-side deployments. - -# This forces {include "cas-registration.fullname"} to use our temporary naming. -fullnameOverride: cas-bciers - -backend: - replicaCount: 2 - - image: - tag: "latest" - - route: - host: cas-bciers-backend-dev.apps.silver.devops.gov.bc.ca - - environment: develop - - deployRoute: true - - resources: - limits: - cpu: 200m - memory: 512Mi - requests: - cpu: 60m - memory: 256Mi - -registration1Frontend: - replicaCount: 2 - - image: - tag: "latest" - - route: - host: cas-bciers-frontend-dev.apps.silver.devops.gov.bc.ca - - environment: develop - - auth: - keycloakAuthUrl: https://dev.loginproxy.gov.bc.ca/auth - siteminderAuthUrl: https://logontest7.gov.bc.ca - - resources: - limits: - cpu: 200m - memory: 512Mi - requests: - cpu: 60m - memory: 256Mi - -reportingFrontend: - enabled: true - - route: - host: cas-bciers-frontend-dev.apps.silver.devops.gov.bc.ca - path: "/reportingpath" - - resources: - limits: - cpu: 200m - memory: 512Mi - requests: - cpu: 60m - memory: 256Mi From 0de3442193b600e52f38f8fec99f0519220c2d5a Mon Sep 17 00:00:00 2001 From: marcellmueller Date: Fri, 28 Jun 2024 07:50:13 -0700 Subject: [PATCH 29/30] chore: update comment --- .github/workflows/test-backend.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test-backend.yaml b/.github/workflows/test-backend.yaml index 2bef38d14a..e4ca80e22e 100644 --- a/.github/workflows/test-backend.yaml +++ b/.github/workflows/test-backend.yaml @@ -1,5 +1,5 @@ # This file is used for tests that use the backend container -# For tests that don't require containers to be built first, see test.yaml +# For tests that don't require containers to be built first, see test-code.yaml name: Test BCIERS backend container From 7c7bd15977eb4dfd27e93fb593bef1a25d5ecced Mon Sep 17 00:00:00 2001 From: marcellmueller Date: Fri, 28 Jun 2024 08:06:41 -0700 Subject: [PATCH 30/30] chore: run pre-commit all files --- .github/workflows/test-code.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test-code.yaml b/.github/workflows/test-code.yaml index 437eff0d89..7b3a270fdb 100644 --- a/.github/workflows/test-code.yaml +++ b/.github/workflows/test-code.yaml @@ -65,7 +65,7 @@ jobs: key: pre-commit-${{ env.PY }}-${{ hashFiles('.pre-commit-config.yaml') }}-v4 - run: pip install -r requirements.txt - uses: pre-commit/action@v3.0.1 - + check-migrations: runs-on: ubuntu-latest steps: