Web served up by NGINX (bcgov#2121)

Introduced nginx to serve up static content Ripped out web build in api - no longer needed Ripped out front-end code from api Ripped out matomo (less configuration to worry about)
vanislekahuna · Jul 4, 2022 · a192b17 · a192b17
1 parent 018970b
commit a192b17
Show file tree

Hide file tree

Showing 52 changed files with 306 additions and 3,020 deletions.
diff --git a/.dockerignore b/.dockerignore
@@ -1,6 +1,20 @@
-**/.gitignore
-**/node_modules
+# We want to exclude a whole bunch of stuff for docker. Otherwise docker pulls a bunch of
+# file it doesn't need into it's context when doing a build, which can slow down things.
+.githooks
+.github
+.vscode
+.zap
+.architecture
+.gitignore
+node_modules
+web/build
+web/coverage-cypress
+web/.nyc_output
+web/node_modules
+r
+.dockerignore
 **/Dockerfile*
-**/openshift
 **/junk
-**/scripts
+**/scripts
+**/python_cache*
+**.venv
diff --git a/.github/workflows/deployment.yml b/.github/workflows/deployment.yml
@@ -44,20 +44,11 @@ jobs:
           oc login "${{ secrets.OPENSHIFT_CLUSTER }}" --token="${{ secrets.OC4_DEV_TOKEN }}"
           bash openshift/scripts/oc_provision_backup_s3_postgres_cronjob.sh ${SUFFIX} apply
 
-      - name: Prepare MariaDB Backup Deployment Config
-        shell: bash
-        run: |
-          oc login "${{ secrets.OPENSHIFT_CLUSTER }}" --token="${{ secrets.OC4_DEV_TOKEN }}"
-          EPHEMERAL_STORAGE=True bash openshift/scripts/oc_provision_backup_mariadb.sh ${SUFFIX} apply
-
-      - name: Prepare MariaDB Backup Cronjob
-        shell: bash
-        run: |
-          oc login "${{ secrets.OPENSHIFT_CLUSTER }}" --token="${{ secrets.OC4_DEV_TOKEN }}"
-          EPHEMERAL_STORAGE=True bash openshift/scripts/oc_provision_backup_mariadb_cronjob.sh ${SUFFIX} apply
-
-  build-api-image:
-    name: Build API Image
+  build-web-image:
+    # Declared ahead of build-api-image ; it runs slightly slower than the api build, and putting
+    # it here increases the odds that it get's started 1st, so api and web are slightly more likely
+    # to finish building at the same time.
+    name: Build Web Image
     runs-on: ubuntu-20.04
     steps:
       - name: Set Variables
@@ -68,14 +59,14 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v3
 
-      - name: Build wps-api Image
+      - name: Build wps-web Image
         shell: bash
         run: |
           oc login "${{ secrets.OPENSHIFT_CLUSTER }}" --token="${{ secrets.OC4_TOOL_TOKEN }}"
-          GIT_BRANCH=${GITHUB_HEAD_REF} MODULE_NAME=api bash openshift/scripts/oc_build.sh ${SUFFIX} apply
+          GIT_BRANCH=${GITHUB_HEAD_REF} MODULE_NAME=web DOCKER_FILE=Dockerfile.web PATH_BC=openshift/templates/build.web.bc.yaml bash openshift/scripts/oc_build.sh ${SUFFIX} apply
 
-  build-web-image:
-    name: Build Web Image
+  build-api-image:
+    name: Build API Image
     runs-on: ubuntu-20.04
     steps:
       - name: Set Variables
@@ -86,11 +77,11 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v3
 
-      - name: Build wps-web Image
+      - name: Build wps-api Image
         shell: bash
         run: |
           oc login "${{ secrets.OPENSHIFT_CLUSTER }}" --token="${{ secrets.OC4_TOOL_TOKEN }}"
-          GIT_BRANCH=${GITHUB_HEAD_REF} MODULE_NAME=web DOCKER_FILE=Dockerfile.web PATH_BC=openshift/templates/build.web.bc.yaml bash openshift/scripts/oc_build.sh ${SUFFIX} apply
+          GIT_BRANCH=${GITHUB_HEAD_REF} MODULE_NAME=api bash openshift/scripts/oc_build.sh ${SUFFIX} apply
 
   deploy-dev:
     name: Deploy to Dev
@@ -219,7 +210,7 @@ jobs:
 
   deploy-test:
     name: Deploy to Test
-    needs: [build-api-image, prepare-test-database]
+    needs: [build-api-image, build-web-image, prepare-test-database]
     runs-on: ubuntu-20.04
     steps:
       - name: Set Variables

diff --git a/.zap/rules.tsv b/.zap/rules.tsv
@@ -1,3 +1,3 @@
 # We intentionally load keycloak from our SSO provider to ensure we always have the correct version.
 10017   OUTOFSCOPE  .*(.apps.silver.devops.gov.bc.ca/)/?
-10017	WARN	(Cross-Domain JavaScript Source File Inclusion)
+10017	WARN	(Cross-Domain JavaScript Source File Inclusion)
diff --git a/Dockerfile b/Dockerfile
@@ -1,31 +1,5 @@
 ARG DOCKER_IMAGE=image-registry.openshift-image-registry.svc:5000/e1e498-tools/wps-api-base:python3.9-latest
-# SUPER IMPORTANT: NODE_OPTIONS="--v8-pool-size=1"
-# A pod running in our openshift cluster, will report a ridiculous amount of cpu's available, as
-# it's reporting on the underlying hardware. Node, in it's wisdom, will try to scale to using a
-# huge amount of cpu's, which in turn results in massive memory usage. It's very important to
-# limit the cpu pool size to something realistic.
-ARG NODE_OPTIONS="--v8-pool-size=1"
-# Source maps are not required for production builds, only for development builds to assist
-# in debugging. We set this to false, to reduce memory usage.
-ARG GENERATE_SOURCEMAP=false
 
-# PHASE 1 - build static html.
-# Pull from local registry - we can't pull from docker due to limits.
-# see https://catalog.redhat.com/software/containers/ubi8/nodejs-14/5ed7887dd70cc50e69c2fabb for details
-FROM registry.access.redhat.com/ubi8/nodejs-16 as static
-
-# Switch to root user for package installs
-USER 0
-
-ADD web .
-# NOTE: Can't use "--production=true", because we need react-scripts for yarn run build.
-RUN npm install -g npm@latest && npm install -g yarn@latest && yarn install --frozen-lockfile
-RUN yarn run build
-
-# Switch back to default user
-USER 1001
-
-# PHASE 2 - prepare python.
 # Using local docker image to speed up build. See openshift/wps-api-base for details.
 FROM ${DOCKER_IMAGE}
 
@@ -41,8 +15,6 @@ COPY ./api/app /app/app
 # Copy java libs:
 RUN mkdir /app/libs
 COPY ./api/libs /app/libs
-# Copy the static content:
-COPY --from=static /opt/app-root/src/build /app/static
 # Copy almebic:
 COPY ./api/alembic /app/alembic
 COPY ./api/alembic.ini /app

diff --git a/Dockerfile.web b/Dockerfile.web
@@ -16,28 +16,22 @@ FROM registry.access.redhat.com/ubi8/nodejs-16 as static
 USER 0
 
 ADD web .
-# NOTE: Can't use "--production=true", because we need react-scripts for yarn run start.
+# NOTE: Can't use "--production=true", build will fail.
 RUN npm install -g npm@latest && npm install -g yarn@latest && yarn install --frozen-lockfile
+RUN yarn run build
 
 # Switch back to default user
 USER 1001
 
-# while testing stuff out:
-# docker build -f ./Dockerfile.web --tag=wps/web .
-# -p 8080:3000 - "map port 3000 in the container, to 8080 in the host"
-# docker run -p 3000:3000 wps/web
-# docker contains ls
-# docker stop [the container id]
-# 
-
-CMD ["yarn", "run", "start"]
-
 # # PHASE 2 - prepare hosting.
-# # Using local docker image to speed up build. See openshift/wps-api-base for details.
-# FROM ${DOCKER_IMAGE}
+# https://catalog.redhat.com/software/containers/ubi8/nginx-120/6156abfac739c0a4123a86fd
+FROM registry.access.redhat.com/ubi8/nginx-120
+
+# Add application sources
+ADD ./openshift/nginx.conf "${NGINX_CONF_PATH}"
 
-# # Copy the static content:
-# COPY --from=static /opt/app-root/src/build /app/static
+# Copy the static content:
+COPY --from=static /opt/app-root/src/build .
 
-# The fastapi docker image defaults to port 80, but openshift doesn't allow non-root users port 80.
-# EXPOSE 8080
+EXPOSE 3000
+CMD nginx -g "daemon off;"
diff --git a/Makefile b/Makefile
@@ -13,6 +13,14 @@ docker-db:
 	# Run the database
 	docker-compose up db
 
+docker-web-server-build:
+	# Build the web in server mode (same dockerfile as used in production)
+	docker build -f ./Dockerfile.web --tag=wps/web .
+
+docker-web-server:
+	# Run the web in server mode (same dockerfile as used in production)
+	docker run -p 3000:3000 wps/web
+
 docker-shell-api:
 	# Shell into the dev container.
 	docker-compose run --rm api bash

diff --git a/README.md b/README.md
@@ -60,7 +60,6 @@ graph LR
 
         pg_tileserv["pg_tileserv</br>[Software System]"]
         redis["REDIS</br>[Software System]"]
-        matomo["Matomo</br>[Software System]"]
 
         subgraph Openshift Cronjobs
             c-haines["C-Haines</br>[Container: Python]</br>Periodically fetch weather data, process and store relevant subset."]
@@ -86,7 +85,6 @@ graph LR
     pg_tileserv-. "Read geometries" .->Database
     FrontEnd-.->|"Uses</br>[JSON/HTTPS]"|API
     FrontEnd-.->|"Uses</br>[HTTPS]"|pg_tileserv
-    FrontEnd-. "Analytics</br>[HTTPS]" .->matomo
     FrontEnd-. "Authenticate</br>[HTTPS]" .->sso
     FrontEnd-. "Read</br>[HTTPS]" .->s3
     c-haines-. "[S3/HTTPS]" .->s3

diff --git a/api/Makefile b/api/Makefile
@@ -13,7 +13,7 @@ endef
 
 define build-static
 	# function to build static content
-	cd ../web; REACT_APP_SM_LOGOUT_URL="{{REACT_APP_SM_LOGOUT_URL}}" REACT_APP_KEYCLOAK_AUTH_URL="{{REACT_APP_KEYCLOAK_AUTH_URL}}" REACT_APP_MATOMO_URL="{{REACT_APP_MATOMO_URL}}" REACT_APP_MATOMO_SITE_ID="{{REACT_APP_MATOMO_SITE_ID}}" REACT_APP_MATOMO_CONTAINER="{{REACT_APP_MATOMO_CONTAINER}}" npm run build
+	cd ../web; npm run build
 endef
 
 define run-env-canada-model

diff --git a/api/app/.env.example b/api/app/.env.example
@@ -23,13 +23,6 @@ OPENSHIFT_BASE_URI=https://console.pathfinder.gov.bc.ca:8443
 STATUS_CHECKER_SECRET=somesecret
 AUTO_MAKE_FIXTURES=False
 STATIC_FOLDER=static
-REACT_APP_MATOMO_URL=someurl
-REACT_APP_MATOMO_SITE_ID=someid
-REACT_APP_MATOMO_CONTAINER=kadhkvyA
-REACT_APP_KEYCLOAK_AUTH_URL=https://dev.oidc.gov.bc.ca/auth
-REACT_APP_SM_LOGOUT_URL=https://logontest7.gov.bc.ca/clp-cgi/logoff.cgi?retnow=1&returl=
-REACT_APP_KEYCLOAK_REALM=8wl6x4cp
-REACT_APP_KEYCLOAK_CLIENT=wps-web
 ROCKET_AUTH_TOKEN=sometoken
 ROCKET_USER_ID=someid
 ROCKET_URL_POST_MESSAGE=https://somewhere/api/v1/chat.postMessage

diff --git a/api/app/frontend.py b/api/app/frontend.py