Skip to content
This repository has been archived by the owner on Aug 19, 2023. It is now read-only.

Feat/silva 152 openshift deplyment #19

Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
43 changes: 43 additions & 0 deletions .github/pull_request_template.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
<!-- Provide a general summary of your changes in the Title above -->

# Description

Please provide a summary of the change and the issue fixed. Please include relevant context. List dependency changes.

Fixes # (issue)

## Type of change

Please delete options that are not relevant.

- [ ] Bug fix (non-breaking change which fixes an issue)
- [ ] New feature (non-breaking change which adds functionality)
- [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
- [ ] This change requires a documentation update

# How Has This Been Tested?

Please describe the tests that you ran to verify your changes. Provide instructions so we can reproduce. Please also list any relevant details for your test configuration

- [ ] Test A
- [ ] Test B


## Checklist

<!-- Go over all the following points, and put an `x` in all the boxes that apply. -->
<!-- If you're unsure about any of these, don't hesitate to ask. We're here to help! -->

- [ ] I have read the [CONTRIBUTING](CONTRIBUTING.md) doc
- [ ] I have performed a self-review of my own code
- [ ] I have commented my code, particularly in hard-to-understand areas
- [ ] I have made corresponding changes to the documentation
- [ ] My changes generate no new warnings
- [ ] I have added tests that prove my fix is effective or that my feature works
- [ ] New and existing unit tests pass locally with my changes
- [ ] Any dependent changes have already been accepted and merged


## Further comments

<!-- If this is a relatively large or complex change, kick off the discussion by explaining why you chose the solution you did and what alternatives you considered, etc... -->
61 changes: 61 additions & 0 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,61 @@
name: CI

on:
pull_request:
push:
branches:
- main
workflow_dispatch:

concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true

jobs:
tests-javascript:
name: JavaScript CI
if: github.event_name != 'pull_request' || !github.event.pull_request.draft
runs-on: ubuntu-22.04
env:
VITE_NRSPARWEBAPP_VERSION: dev
steps:
- uses: bcgov-nr/[email protected]
with:
node_version: "16.19.1"
commands: |
npm i
npm run lint
npm test --coverage
dir: frontend
sonar_args: >
-Dsonar.organization=bcgov-sonarcloud
-Dsonar.javascript.lcov.reportPaths=coverage/lcov.info
-Dsonar.cobertura.reportPaths=coverage/cobertura-coverage.xml
-Dsonar.projectKey=nr-spar_frontend
-Dsonar.sources=src/
-Dsonar.exclusions=src/**/__test__/**/*
-Dsonar.test.inclusions=src/**/__test__/**/*
sonar_project_token: ${{ secrets.SONAR_FRONTEND }}

# https://github.com/marketplace/actions/aqua-security-trivy
trivy:
name: Security Scan
if: github.event_name != 'pull_request' || !github.event.pull_request.draft
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v3

- name: Run Trivy vulnerability scanner in repo mode
uses: aquasecurity/[email protected]
with:
format: "sarif"
output: "trivy-results.sarif"
ignore-unfixed: true
scan-type: "fs"
scanners: "vuln,secret,config"
severity: "CRITICAL,HIGH"

- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: "trivy-results.sarif"
112 changes: 112 additions & 0 deletions .github/workflows/pr-open.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,112 @@
name: PR

on:
pull_request:

concurrency:
# PR open and close use the same group, allowing only one at a time
group: pr-${{ github.event.number }}
cancel-in-progress: true

jobs:
init:
name: Initialize
env:
DOMAIN: apps.silver.devops.gov.bc.ca
PREFIX: ${{ github.event.repository.name }}-${{ github.event.number }}
runs-on: ubuntu-22.04
permissions:
pull-requests: write
steps:
- name: PR Greeting
uses: bcgov-nr/[email protected]
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
add_markdown: |
---
Thanks for the PR!

Any successful deployments (not always required) will be available below.
[Backend](https://${{ env.PREFIX }}-backend.${{ env.DOMAIN }}/)
[Frontend](https://${{ env.PREFIX }}-frontend.${{ env.DOMAIN }}/)
[Oracle-API](https://${{ env.PREFIX }}-oracle-api.${{ env.DOMAIN }}/)

Once merged, code will be promoted and handed off to following workflow run.
[Main Merge Workflow](https://github.com/${{ github.repository }}/actions/workflows/merge-main.yml)

- name: OpenShift Init
uses: bcgov-nr/[email protected]
with:
oc_namespace: ${{ vars.OC_NAMESPACE }}
oc_server: ${{ vars.OC_SERVER }}
oc_token: ${{ secrets.OC_TOKEN }}
file: common/openshift.init.yml
overwrite: false
parameters:
-p ZONE=${{ github.event.number }}
-p NAME=${{ github.event.repository.name }}
triggers: ('frontend/')

builds:
name: Builds
needs:
- init
runs-on: ubuntu-22.04
permissions:
packages: write
strategy:
matrix:
package: [frontend]
include:
- package: frontend
triggers: ('frontend/')
steps:
- uses: actions/checkout@v3
- uses: bcgov-nr/[email protected]
with:
package: ${{ matrix.package }}
tag: ${{ github.event.number }}
tag_fallback: test
token: ${{ secrets.GITHUB_TOKEN }}
triggers: ${{ matrix.triggers }}

deploys:
name: Deploys
needs:
- builds
- init
runs-on: ubuntu-22.04
strategy:
matrix:
name: [frontend]
include:
- name: frontend
file: frontend/openshift.deploy.yml
overwrite: true
parameters:
-p ... to be defined... VITE_SPAR_BUILD_VERSION=snapshot-${{ github.event.number }}
-p ... to be defined... VITE_SERVER_URL=https://nr-spar-${{ github.event.number }}-backend.apps.silver.devops.gov.bc.ca
-p ... to be defined... VITE_ORACLE_SERVER_URL=https://nr-spar-${{ github.event.number }}-oracle-api.apps.silver.devops.gov.bc.ca
-p ... to be defined... VITE_NRSPARWEBAPP_VERSION=dev
-p ... to be defined... VITE_KC_URL=https://test.loginproxy.gov.bc.ca/auth
-p ... to be defined... VITE_KC_REALM=standard
-p ... to be defined... VITE_KC_CLIENT_ID=seed-planning-test-4296
-p MIN_REPLICAS=1
-p MAX_REPLICAS=1
triggers: ('common/' 'database/' 'backend/' 'frontend/')
steps:
- uses: bcgov-nr/[email protected]
with:
file: ${{ matrix.file }}
oc_namespace: ${{ vars.OC_NAMESPACE }}
oc_server: ${{ vars.OC_SERVER }}
oc_token: ${{ secrets.OC_TOKEN }}
overwrite: ${{ matrix.overwrite }}
penetration_test: false
parameters:
-p ZONE=${{ github.event.number }}
-p NAME=${{ github.event.repository.name }}
-p PROMOTE=${{ github.repository }}/${{ matrix.name }}:${{ github.event.number }}
${{ matrix.parameters }}
triggers: ${{ matrix.triggers }}
verification_path: ${{ matrix.verification_path}}
49 changes: 49 additions & 0 deletions common/openshift.init.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
apiVersion: template.openshift.io/v1
kind: Template
labels:
app: ${NAME}-${ZONE}
parameters:
- name: NAME
description: Product name
value: nr-silva
- name: ZONE
description: Deployment zone, e.g. pr-### or prod
required: true
objects:
- apiVersion: v1
kind: Secret
metadata:
name: ${NAME}-${ZONE}-frontend
labels:
app: ${NAME}-${ZONE}
stringData:
react-app-user-pools-id: ${REACT_APP_USER_POOLS_ID}
react-app-user-pools-web-client-id: ${REACT_APP_USER_POOLS_WEB_CLIENT_ID}
- apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-from-openshift-ingress
labels:
template: openshift-test
spec:
podSelector: {}
ingress:
- from:
- namespaceSelector:
matchLabels:
network.openshift.io/policy-group: ingress
policyTypes:
- Ingress
- apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-same-namespace
labels:
template: nr-spar-backend-network-security-policy
spec:
podSelector: {}
ingress:
- from:
- podSelector: {}
policyTypes:
- Ingress
5 changes: 0 additions & 5 deletions frontend/.env

This file was deleted.

Loading