From 14e71325bcb545d2be57d5643f58b61a0b1a5c10 Mon Sep 17 00:00:00 2001 From: Trevor Richards Date: Thu, 17 Oct 2024 11:08:16 -0700 Subject: [PATCH 01/15] feat: add dev configmaps for portal --- .../deploy-to-openshift-backend-dev.yml | 29 ++++--- tools/config/update-configmap.sh | 86 ++++++++++++++++++- tools/openshift/frontend.dc.yaml | 35 ++++++++ 3 files changed, 135 insertions(+), 15 deletions(-) diff --git a/.github/workflows/deploy-to-openshift-backend-dev.yml b/.github/workflows/deploy-to-openshift-backend-dev.yml index a5caa2fc4..47d04a0ec 100644 --- a/.github/workflows/deploy-to-openshift-backend-dev.yml +++ b/.github/workflows/deploy-to-openshift-backend-dev.yml @@ -1,18 +1,17 @@ name: 1 DEV - Deploy Backend env: - # 🖊️ EDIT your repository secrets to log into your OpenShift cluster and set up the context. + # EDIT your repository secrets to log into your OpenShift cluster and set up the context. # See https://github.com/redhat-actions/oc-login#readme for how to retrieve these values. # To get a permanent token, refer to https://github.com/redhat-actions/oc-login/wiki/Using-a-Service-Account-for-GitHub-Actions OPENSHIFT_SERVER: ${{ secrets.OPENSHIFT_SERVER }} OPENSHIFT_TOKEN: ${{ secrets.OPENSHIFT_TOKEN }} - # 🖊️ EDIT to set the kube context's namespace after login. Leave blank to use your user's default namespace. + # EDIT to set the kube context's namespace after login. Leave blank to use your user's default namespace. OPENSHIFT_NAMESPACE: ${{ secrets.CCOF_NAMESPACE_NO_ENV }}-dev - SPLUNK_TOKEN: - ${{ secrets.SPLUNK_TOKEN }} + SPLUNK_TOKEN: ${{ secrets.SPLUNK_TOKEN }} - # 🖊️ EDIT to change the image registry settings. + # EDIT to change the image registry setting # Registries such as GHCR, Quay.io, and Docker Hub are supported. IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }} IMAGE_REGISTRY_USER: ${{ github.actor }} @@ -23,7 +22,7 @@ env: APP_NAME: "ccof" REPO_NAME: "educ-ccof" - #grabs the branch name from github dynamically + # grabs the branch name from github dynamically BRANCH: ${{ github.ref_name }} IMAGE_NAME: "backend" APP_ENVIRONMENT: "dev" @@ -175,11 +174,19 @@ jobs: # Process update-configmap curl -s https://raw.githubusercontent.com/bcgov/${{ env.REPO_NAME }}/${{ env.BRANCH }}/tools/config/update-configmap.sh \ - | bash /dev/stdin \ - dev \ - ${{ env.APP_NAME }} \ - ${{ env.NAMESPACE }} \ - ${{ env.SPLUNK_TOKEN }} + | bash /dev/stdin \ + ${{ env.APPLICATION_ENVIRONMENT }} \ + ${{ env.APP_NAME }} \ + ${{ env.NAMESPACE }} \ + ${{ env.COMMON_NAMESPACE }} \ + ${{ secrets.SOAM_CLIENT_ID }} \ + ${{ secrets.SOAM_CLIENT_ID_IDIR }} \ + ${{ secrets.SOAM_CLIENT_SECRET }} \ + ${{ secrets.SOAM_CLIENT_SECRET_IDIR }} \ + ${{ env.SPLUNK_TOKEN }} \ + ${{ secrets.UI_PRIVATE_KEY }} \ + ${{ secrets.UI_PUBLIC_KEY }} \ + ${{ secrets.REDIS_PASSWORD }} # Start rollout (if necessary) and follow it oc rollout latest dc/${{ env.APP_NAME }}-${{ env.IMAGE_NAME }}-${{ env.APP_ENVIRONMENT }} 2> /dev/null \ diff --git a/tools/config/update-configmap.sh b/tools/config/update-configmap.sh index 33ec2a55f..ed62f9186 100644 --- a/tools/config/update-configmap.sh +++ b/tools/config/update-configmap.sh @@ -1,7 +1,21 @@ -ENV_VAL=$1 -APP_NAME=$2 -OPENSHIFT_NAMESPACE=$3 -SPLUNK_TOKEN=$4 +set -euo pipefail + +readonly ENV_VAL=$1 +readonly APP_NAME=$2 +readonly NAMESPACE_PREFIX=$3 +readonly COMMON_NAMESPACE=$4 +readonly SOAM_CLIENT_ID=$5 +readonly SOAM_CLIENT_ID_IDIR=$6 +readonly SOAM_CLIENT_SECRET=$7 +readonly SOAM_CLIENT_SECRET_IDIR=$7 +readonly SPLUNK_TOKEN=$8 +readonly UI_PRIVATE_KEY=$9 +readonly UI_PUBLIC_KEY=${10} +readonly REDIS_PASSWORD=${11} +readonly SOAM_KC_REALM_ID="standard" +readonly D365_API_ENDPOINT="http://$D365_API_PREFIX-$ENV_VAL:5091" +readonly TIMEZONE="America/Vancouver" +readonly NODE_ENV='openshift' NAMESPACE_SUFFIX="$ENV_VAL" if [ "$ENV_VAL" = "dev" ] || [ "$ENV_VAL" = "qa" ]; then @@ -13,6 +27,70 @@ elif [ "$ENV_VAL" = "prod" ]; then fi readonly NAMESPACE_SUFFIX + +SOAM_KC="loginproxy.gov.bc.ca" +SERVER_FRONTEND='mychildcareservices.gov.bc.ca' +if [ "$ENV_VAL" != "prod" ] +then + SOAM_KC="$NAMESPACE_SUFFIX.loginproxy.gov.bc.ca" + SERVER_FRONTEND="$ENV_VAL.$SERVER_FRONTEND" +fi +readonly SOAM_KC +readonly SERVER_FRONTEND + +LOG_LEVEL="verbose" +if [ "$ENV_VAL" = "prod" ]; then + LOG_LEVEL="info" +fi +readonly LOG_LEVEL + +readonly OPENSHIFT_NAMESPACE="$NAMESPACE_PREFIX-$NAMESPACE_SUFFIX" + +echo Fetching one-liner public key from SOAM +SOAM_ONE_LINE_KEY=$(curl -sX GET "https://$SOAM_KC/auth/realms/$SOAM_KC_REALM_ID" \ + | jq -r .public_key) +readonly SOAM_ONE_LINE_KEY + +echo Formatting public key from SOAM +FORMATTED_SOAM_PUBLIC_KEY=$(cat << PUBKEY +-----BEGIN PUBLIC KEY----- +$(echo "$SOAM_ONE_LINE_KEY" | fold -w64) +-----END PUBLIC KEY----- +PUBKEY +) +readonly FORMATTED_SOAM_PUBLIC_KEY +echo "$FORMATTED_SOAM_PUBLIC_KEY" + +echo Creating config map "$APP_NAME-backend-config-map" +oc create -n "$OPENSHIFT_NAMESPACE" configmap \ + "$APP_NAME-backend-$ENV_VAL-config-map" \ + --from-literal="CLAMAV_HOST=clamav.$COMMON_NAMESPACE-$NAMESPACE_SUFFIX.svc.cluster.local" \ + --from-literal="D365_API_ENDPOINT=$D365_API_ENDPOINT" \ + --from-literal="LOG_LEVEL=$LOG_LEVEL" \ + --from-literal="TZ=$TIMEZONE" \ + --from-literal="NODE_ENV=$NODE_ENV" \ + --from-literal="USE_REDIS=true" \ + --from-literal="REDIS_USE_CLUSTERED=true" \ + --from-literal="REDIS_HOST=redis" \ + --from-literal="REDIS_PORT=6379" \ + --from-literal="REDIS_FACILITY_TTL=600" \ + --from-literal="REDIS_PASSWORD=$REDIS_PASSWORD" \ + --from-literal="SERVER_FRONTEND=$SERVER_FRONTEND" \ + --from-literal="SERVER_PORT=8080" \ + --from-literal="SITEMINDER_LOGOUT_ENDPOINT=$SITE_MINDER_LOGOUT_URL" \ + --from-literal="SOAM_DISCOVERY=https://$SOAM_KC/auth/realms/$SOAM_KC_REALM_ID/.well-known/openid-configuration" \ + --from-literal="SOAM_CLIENT_ID=$SOAM_CLIENT_ID" \ + --from-literal="SOAM_CLIENT_SECRET=$SOAM_CLIENT_SECRET" \ + --from-literal="SOAM_CLIENT_ID_IDIR=$SOAM_CLIENT_ID_IDIR" \ + --from-literal="SOAM_CLIENT_SECRET_IDIR=$SOAM_CLIENT_SECRET_IDIR" \ + --from-literal="SOAM_PUBLIC_KEY=$FORMATTED_SOAM_PUBLIC_KEY" \ + --from-literal="SOAM_URL=https://$SOAM_KC/auth/realms/$SOAM_KC_REALM_ID/protocol/openid-connect/logout" \ + --from-literal="UI_PRIVATE_KEY=$UI_PRIVATE_KEY" \ + --from-literal="UI_PUBLIC_KEY=$UI_PUBLIC_KEY" \ + --from-literal="CLAMAV_PORT=3310" \ + --from-literal="ISSUER=EDUC_CCOF" \ + --dry-run -o yaml | oc apply -f - + if [ "$ENV_VAL" != 'qa' ]; then SPLUNK_URL="gww.splunk.educ.gov.bc.ca" FLB_CONFIG="[SERVICE] diff --git a/tools/openshift/frontend.dc.yaml b/tools/openshift/frontend.dc.yaml index 09636ecb5..fbbf3ba26 100644 --- a/tools/openshift/frontend.dc.yaml +++ b/tools/openshift/frontend.dc.yaml @@ -142,6 +142,41 @@ target: type: Utilization averageUtilization: 90 + - apiVersion: v1 + kind: ConfigMap + metadata: + name: ccof-frontend-${APP_ENVIRONMENT}-config-map + namespace: '${NAMESPACE}' + data: + config.js: | + const config = { + BANNER_ENVIRONMENT: '${BANNER_ENVIRONMENT}', + BANNER_COLOR: '${BANNER_COLOR}', + TDAD_CONTACT_EMAIL: '${TDAD_CONTACT_EMAIL}', + IRREGULAR_EXPENSE_FORM_URL: '${IRREGULAR_EXPENSE_FORM_URL}' + }; + snowplow.js: |- + // + ;(function(p,l,o,w,i,n,g){if(!p[i]){p.GlobalSnowplowNamespace=p.GlobalSnowplowNamespace||[]; + p.GlobalSnowplowNamespace.push(i);p[i]=function(){(p[i].q=p[i].q||[]).push(arguments) + };p[i].q=p[i].q||[];n=l.createElement(o);g=l.getElementsByTagName(o)[0];n.async=1; + n.src=w;g.parentNode.insertBefore(n,g)}}(window,document,"script","https://www2.gov.bc.ca/StaticWebResources/static/sp/sp-2-14-0.js","snowplow")); + var collector = 'spm.apps.gov.bc.ca'; + window.snowplow('newTracker','rt',collector, { + appId: 'Snowplow_standalone_CCFRI', + cookieLifetime: 86400 * 548, + platform: 'web', + post: true, + forceSecureTracker: true, + contexts: { + webPage: true, + performanceTiming: true + } + }); + window.snowplow('enableActivityTracking', 30, 30); // Ping every 30 seconds after 30 seconds + window.snowplow('enableLinkClickTracking'); + window.snowplow('trackPageView'); + // parameters: - name: REPO_NAME description: Application repository name From e4898563a547bebe845a21f2bfde0e3ad5768fd0 Mon Sep 17 00:00:00 2001 From: Trevor Richards Date: Tue, 22 Oct 2024 14:53:03 -0700 Subject: [PATCH 02/15] feat: generate our own jwt keys --- .../deploy-to-openshift-backend-dev.yml | 6 ++---- tools/config/update-configmap.sh | 19 ++++++++++++++----- 2 files changed, 16 insertions(+), 9 deletions(-) diff --git a/.github/workflows/deploy-to-openshift-backend-dev.yml b/.github/workflows/deploy-to-openshift-backend-dev.yml index 47d04a0ec..96321b3d0 100644 --- a/.github/workflows/deploy-to-openshift-backend-dev.yml +++ b/.github/workflows/deploy-to-openshift-backend-dev.yml @@ -78,7 +78,7 @@ jobs: core.error(`Secret "${name}" is not set`); return true; } - core.info(`✔️ Secret "${name}" is set`); + core.info(`Secret "${name}" is set`); return false; }); @@ -90,7 +90,7 @@ jobs: "Also, refer to https://github.com/redhat-actions/oc-login#getting-started-with-the-action-or-see-example"); } else { - core.info(`✅ All the required secrets are set`); + core.info(`All the required secrets are set`); } - name: Check out repository with branch [${{ env.BRANCH }}] @@ -184,8 +184,6 @@ jobs: ${{ secrets.SOAM_CLIENT_SECRET }} \ ${{ secrets.SOAM_CLIENT_SECRET_IDIR }} \ ${{ env.SPLUNK_TOKEN }} \ - ${{ secrets.UI_PRIVATE_KEY }} \ - ${{ secrets.UI_PUBLIC_KEY }} \ ${{ secrets.REDIS_PASSWORD }} # Start rollout (if necessary) and follow it diff --git a/tools/config/update-configmap.sh b/tools/config/update-configmap.sh index ed62f9186..97a5c0e1e 100644 --- a/tools/config/update-configmap.sh +++ b/tools/config/update-configmap.sh @@ -9,9 +9,7 @@ readonly SOAM_CLIENT_ID_IDIR=$6 readonly SOAM_CLIENT_SECRET=$7 readonly SOAM_CLIENT_SECRET_IDIR=$7 readonly SPLUNK_TOKEN=$8 -readonly UI_PRIVATE_KEY=$9 -readonly UI_PUBLIC_KEY=${10} -readonly REDIS_PASSWORD=${11} +readonly REDIS_PASSWORD=$9 readonly SOAM_KC_REALM_ID="standard" readonly D365_API_ENDPOINT="http://$D365_API_PREFIX-$ENV_VAL:5091" readonly TIMEZONE="America/Vancouver" @@ -61,6 +59,17 @@ PUBKEY readonly FORMATTED_SOAM_PUBLIC_KEY echo "$FORMATTED_SOAM_PUBLIC_KEY" +echo Generating private and public keys +ssh-keygen -b 4096 -t rsa -f tempPenBackendkey -m pem -q -N "" +UI_PRIVATE_KEY_VAL="$(cat tempPenBackendkey)" +UI_PUBLIC_KEY_VAL="$(ssh-keygen -f tempPenBackendkey -e -m pem)" +readonly UI_PRIVATE_KEY_VAL +readonly UI_PUBLIC_KEY_VAL + +echo Removing key files +rm tempPenBackendkey +rm tempPenBackendkey.pub + echo Creating config map "$APP_NAME-backend-config-map" oc create -n "$OPENSHIFT_NAMESPACE" configmap \ "$APP_NAME-backend-$ENV_VAL-config-map" \ @@ -85,8 +94,8 @@ oc create -n "$OPENSHIFT_NAMESPACE" configmap \ --from-literal="SOAM_CLIENT_SECRET_IDIR=$SOAM_CLIENT_SECRET_IDIR" \ --from-literal="SOAM_PUBLIC_KEY=$FORMATTED_SOAM_PUBLIC_KEY" \ --from-literal="SOAM_URL=https://$SOAM_KC/auth/realms/$SOAM_KC_REALM_ID/protocol/openid-connect/logout" \ - --from-literal="UI_PRIVATE_KEY=$UI_PRIVATE_KEY" \ - --from-literal="UI_PUBLIC_KEY=$UI_PUBLIC_KEY" \ + --from-literal="UI_PRIVATE_KEY=$UI_PRIVATE_KEY_VAL" \ + --from-literal="UI_PUBLIC_KEY=$UI_PUBLIC_KEY_VAL" \ --from-literal="CLAMAV_PORT=3310" \ --from-literal="ISSUER=EDUC_CCOF" \ --dry-run -o yaml | oc apply -f - From 8844742804c90fb890dd555511706130db1817c0 Mon Sep 17 00:00:00 2001 From: Trevor Richards Date: Tue, 22 Oct 2024 15:45:42 -0700 Subject: [PATCH 03/15] fix: script input order --- .github/workflows/deploy-to-openshift-backend-dev.yml | 4 +--- tools/config/update-configmap.sh | 6 +++--- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/.github/workflows/deploy-to-openshift-backend-dev.yml b/.github/workflows/deploy-to-openshift-backend-dev.yml index 96321b3d0..0a0ee8740 100644 --- a/.github/workflows/deploy-to-openshift-backend-dev.yml +++ b/.github/workflows/deploy-to-openshift-backend-dev.yml @@ -9,8 +9,6 @@ env: # EDIT to set the kube context's namespace after login. Leave blank to use your user's default namespace. OPENSHIFT_NAMESPACE: ${{ secrets.CCOF_NAMESPACE_NO_ENV }}-dev - SPLUNK_TOKEN: ${{ secrets.SPLUNK_TOKEN }} - # EDIT to change the image registry setting # Registries such as GHCR, Quay.io, and Docker Hub are supported. IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }} @@ -183,7 +181,7 @@ jobs: ${{ secrets.SOAM_CLIENT_ID_IDIR }} \ ${{ secrets.SOAM_CLIENT_SECRET }} \ ${{ secrets.SOAM_CLIENT_SECRET_IDIR }} \ - ${{ env.SPLUNK_TOKEN }} \ + ${{ secrets.SPLUNK_TOKEN }} \ ${{ secrets.REDIS_PASSWORD }} # Start rollout (if necessary) and follow it diff --git a/tools/config/update-configmap.sh b/tools/config/update-configmap.sh index 97a5c0e1e..a7d37d477 100644 --- a/tools/config/update-configmap.sh +++ b/tools/config/update-configmap.sh @@ -7,9 +7,9 @@ readonly COMMON_NAMESPACE=$4 readonly SOAM_CLIENT_ID=$5 readonly SOAM_CLIENT_ID_IDIR=$6 readonly SOAM_CLIENT_SECRET=$7 -readonly SOAM_CLIENT_SECRET_IDIR=$7 -readonly SPLUNK_TOKEN=$8 -readonly REDIS_PASSWORD=$9 +readonly SOAM_CLIENT_SECRET_IDIR=$8 +readonly SPLUNK_TOKEN=$9 +readonly REDIS_PASSWORD=${10} readonly SOAM_KC_REALM_ID="standard" readonly D365_API_ENDPOINT="http://$D365_API_PREFIX-$ENV_VAL:5091" readonly TIMEZONE="America/Vancouver" From e07917101f9e84fda72119be34d9fc3c58b9f674 Mon Sep 17 00:00:00 2001 From: Trevor Richards Date: Tue, 22 Oct 2024 15:50:46 -0700 Subject: [PATCH 04/15] fix: unbound variable --- .github/workflows/deploy-to-openshift-backend-dev.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy-to-openshift-backend-dev.yml b/.github/workflows/deploy-to-openshift-backend-dev.yml index 0a0ee8740..027a2ee37 100644 --- a/.github/workflows/deploy-to-openshift-backend-dev.yml +++ b/.github/workflows/deploy-to-openshift-backend-dev.yml @@ -173,7 +173,7 @@ jobs: # Process update-configmap curl -s https://raw.githubusercontent.com/bcgov/${{ env.REPO_NAME }}/${{ env.BRANCH }}/tools/config/update-configmap.sh \ | bash /dev/stdin \ - ${{ env.APPLICATION_ENVIRONMENT }} \ + ${{ env.APP_ENVIRONMENT }} \ ${{ env.APP_NAME }} \ ${{ env.NAMESPACE }} \ ${{ env.COMMON_NAMESPACE }} \ From baa6d3a4ad736a4276a20e4e00b941f15d15f183 Mon Sep 17 00:00:00 2001 From: Trevor Richards Date: Tue, 22 Oct 2024 16:05:07 -0700 Subject: [PATCH 05/15] fix: namespace env vars --- .github/workflows/deploy-to-openshift-backend-dev.yml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/.github/workflows/deploy-to-openshift-backend-dev.yml b/.github/workflows/deploy-to-openshift-backend-dev.yml index 027a2ee37..83dcbfbb0 100644 --- a/.github/workflows/deploy-to-openshift-backend-dev.yml +++ b/.github/workflows/deploy-to-openshift-backend-dev.yml @@ -25,9 +25,7 @@ env: IMAGE_NAME: "backend" APP_ENVIRONMENT: "dev" APP_FOLDER: "backend" - NAMESPACE: ${{ secrets.CCOF_NAMESPACE_NO_ENV }} NAMESPACE_TOOLS: ${{ secrets.CCOF_NAMESPACE_NO_ENV }}-tools - COMMON_NAMESPACE: ${{ secrets.COMMON_NAMESPACE_NO_ENV }} TAG: "latest" MIN_REPLICAS: "1" @@ -175,8 +173,8 @@ jobs: | bash /dev/stdin \ ${{ env.APP_ENVIRONMENT }} \ ${{ env.APP_NAME }} \ - ${{ env.NAMESPACE }} \ - ${{ env.COMMON_NAMESPACE }} \ + ${{ secrets.CCOF_NAMESPACE_NO_ENV }} \ + ${{ secrets.COMMON_NAMESPACE_NO_ENV }} \ ${{ secrets.SOAM_CLIENT_ID }} \ ${{ secrets.SOAM_CLIENT_ID_IDIR }} \ ${{ secrets.SOAM_CLIENT_SECRET }} \ From 8988a390946aa7a7d06f2d7dbb326df2e95bbb62 Mon Sep 17 00:00:00 2001 From: Trevor Richards Date: Tue, 22 Oct 2024 16:24:42 -0700 Subject: [PATCH 06/15] fix: D365_API_PREFIX --- .github/workflows/deploy-to-openshift-backend-dev.yml | 3 ++- tools/config/update-configmap.sh | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/deploy-to-openshift-backend-dev.yml b/.github/workflows/deploy-to-openshift-backend-dev.yml index 83dcbfbb0..340eb92c6 100644 --- a/.github/workflows/deploy-to-openshift-backend-dev.yml +++ b/.github/workflows/deploy-to-openshift-backend-dev.yml @@ -180,7 +180,8 @@ jobs: ${{ secrets.SOAM_CLIENT_SECRET }} \ ${{ secrets.SOAM_CLIENT_SECRET_IDIR }} \ ${{ secrets.SPLUNK_TOKEN }} \ - ${{ secrets.REDIS_PASSWORD }} + ${{ secrets.REDIS_PASSWORD }} \ + ${{ secrets.D365_API_PREFIX }} # Start rollout (if necessary) and follow it oc rollout latest dc/${{ env.APP_NAME }}-${{ env.IMAGE_NAME }}-${{ env.APP_ENVIRONMENT }} 2> /dev/null \ diff --git a/tools/config/update-configmap.sh b/tools/config/update-configmap.sh index a7d37d477..a369db02c 100644 --- a/tools/config/update-configmap.sh +++ b/tools/config/update-configmap.sh @@ -10,6 +10,7 @@ readonly SOAM_CLIENT_SECRET=$7 readonly SOAM_CLIENT_SECRET_IDIR=$8 readonly SPLUNK_TOKEN=$9 readonly REDIS_PASSWORD=${10} +readonly D365_API_PREFIX=${11} readonly SOAM_KC_REALM_ID="standard" readonly D365_API_ENDPOINT="http://$D365_API_PREFIX-$ENV_VAL:5091" readonly TIMEZONE="America/Vancouver" From c00f29df3b6f65889b53926c86747126b112355e Mon Sep 17 00:00:00 2001 From: Trevor Richards Date: Tue, 22 Oct 2024 16:33:06 -0700 Subject: [PATCH 07/15] fix: missing SITE_MINDER_LOGOUT_URL --- tools/config/update-configmap.sh | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/tools/config/update-configmap.sh b/tools/config/update-configmap.sh index a369db02c..1498681b9 100644 --- a/tools/config/update-configmap.sh +++ b/tools/config/update-configmap.sh @@ -26,6 +26,14 @@ elif [ "$ENV_VAL" = "prod" ]; then fi readonly NAMESPACE_SUFFIX +SITE_MINDER_LOGOUT_URL="" +if [ "$ENV_VAL" != "prod" ] +then + SITE_MINDER_LOGOUT_URL="https://logontest7.gov.bc.ca/clp-cgi/logoff.cgi?retnow=1&returl=" +else + SITE_MINDER_LOGOUT_URL="https://logon7.gov.bc.ca/clp-cgi/logoff.cgi?retnow=1&returl=" +fi +readonly SITE_MINDER_LOGOUT_URL SOAM_KC="loginproxy.gov.bc.ca" SERVER_FRONTEND='mychildcareservices.gov.bc.ca' From 0402ff1fa353ba4307a3cf2757b85f3a628ac3a2 Mon Sep 17 00:00:00 2001 From: Trevor Richards Date: Tue, 22 Oct 2024 16:36:58 -0700 Subject: [PATCH 08/15] fix: fluentbit deploy namespace --- tools/config/update-configmap.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/config/update-configmap.sh b/tools/config/update-configmap.sh index 1498681b9..5368189c9 100644 --- a/tools/config/update-configmap.sh +++ b/tools/config/update-configmap.sh @@ -147,7 +147,7 @@ if [ "$ENV_VAL" != 'qa' ]; then " echo Creating config map "$APP_NAME-flb-sc-config-map" - oc create -n "$OPENSHIFT_NAMESPACE-$NAMESPACE_SUFFIX" \ + oc create -n "$OPENSHIFT_NAMESPACE" \ configmap "$APP_NAME-flb-sc-config-map" \ --from-literal=fluent-bit.conf="$FLB_CONFIG" \ --from-literal=parsers.conf="$PARSER_CONFIG" \ From 5837885116d2a17b6972a4605235e768b3dc727e Mon Sep 17 00:00:00 2001 From: Trevor Richards Date: Tue, 22 Oct 2024 16:54:55 -0700 Subject: [PATCH 09/15] update: nodejs version for frontend May fix breaking change in vite build --- frontend/Dockerfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/frontend/Dockerfile b/frontend/Dockerfile index 8c8b4442e..12316fbb2 100644 --- a/frontend/Dockerfile +++ b/frontend/Dockerfile @@ -1,4 +1,5 @@ -FROM artifacts.developer.gov.bc.ca/docker-remote/node:14.19.1 as build-stage +FROM artifacts.developer.gov.bc.ca/docker-remote/node:20.18.0-alpine3.20 as build-stage + WORKDIR /frontend COPY package*.json ./ RUN npm install From d683c186397cd333237fd4d7a7f1a4d5fd897106 Mon Sep 17 00:00:00 2001 From: Trevor Richards Date: Tue, 22 Oct 2024 20:15:07 -0700 Subject: [PATCH 10/15] feat: add envs to the other workflows --- .../deploy-to-openshift-backend-dev.yml | 2 +- .../deploy-to-openshift-backend-prod.yml | 35 ++++++++++--------- .../deploy-to-openshift-backend-qa.yml | 25 +++++++------ .../deploy-to-openshift-backend-uat.yml | 32 +++++++++-------- 4 files changed, 52 insertions(+), 42 deletions(-) diff --git a/.github/workflows/deploy-to-openshift-backend-dev.yml b/.github/workflows/deploy-to-openshift-backend-dev.yml index 340eb92c6..823315fee 100644 --- a/.github/workflows/deploy-to-openshift-backend-dev.yml +++ b/.github/workflows/deploy-to-openshift-backend-dev.yml @@ -79,7 +79,7 @@ jobs: }); if (missingSecrets.length > 0) { - core.setFailed(`❌ At least one required secret is not set in the repository. \n` + + core.setFailed(`At least one required secret is not set in the repository. \n` + "You can add it using:\n" + "GitHub UI: https://docs.github.com/en/actions/reference/encrypted-secrets#creating-encrypted-secrets-for-a-repository \n" + "GitHub CLI: https://cli.github.com/manual/gh_secret_set \n" + diff --git a/.github/workflows/deploy-to-openshift-backend-prod.yml b/.github/workflows/deploy-to-openshift-backend-prod.yml index 6f48524f8..5a6d42978 100644 --- a/.github/workflows/deploy-to-openshift-backend-prod.yml +++ b/.github/workflows/deploy-to-openshift-backend-prod.yml @@ -1,17 +1,17 @@ name: 4 PROD - Deploy Backend env: - # 🖊️ EDIT your repository secrets to log into your OpenShift cluster and set up the context. + # EDIT your repository secrets to log into your OpenShift cluster and set up the context. # See https://github.com/redhat-actions/oc-login#readme for how to retrieve these values. # To get a permanent token, refer to https://github.com/redhat-actions/oc-login/wiki/Using-a-Service-Account-for-GitHub-Actions OPENSHIFT_SERVER: ${{ secrets.OPENSHIFT_SERVER }} OPENSHIFT_TOKEN: ${{ secrets.OPENSHIFT_TOKEN }} - # 🖊️ EDIT to set the kube context's namespace after login. Leave blank to use your user's default namespace. + # EDIT to set the kube context's namespace after login. Leave blank to use your user's default namespace. OPENSHIFT_NAMESPACE: ${{ secrets.CCOF_NAMESPACE_NO_ENV }}-prod SPLUNK_TOKEN: ${{ secrets.SPLUNK_TOKEN }} - # 🖊️ EDIT to change the image registry settings. + # EDIT to change the image registry settings. # Registries such as GHCR, Quay.io, and Docker Hub are supported. IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }} IMAGE_REGISTRY_USER: ${{ github.actor }} @@ -27,11 +27,8 @@ env: IMAGE_NAME: "backend" APP_ENVIRONMENT: "prod" - NAMESPACE: ${{ secrets.CCOF_NAMESPACE_NO_ENV }} - - MIN_REPLICAS: "3" MAX_REPLICAS: "5" MIN_CPU: "50m" @@ -40,9 +37,6 @@ env: MAX_MEM: "700Mi" # SITE_URL should have no scheme or port. It will be prepended with https:// HOST_ROUTE: ${{ secrets.SITE_URL }} - CA_CERT: ${{ secrets.CA_CERT }} - CERTIFICATE: ${{ secrets.CERTIFICATE }} - PRIVATE_KEY: ${{ secrets.PRIVATE_KEY }} on: workflow_dispatch: @@ -81,19 +75,19 @@ jobs: core.error(`Secret "${name}" is not set`); return true; } - core.info(`✔️ Secret "${name}" is set`); + core.info(`Secret "${name}" is set`); return false; }); if (missingSecrets.length > 0) { - core.setFailed(`❌ At least one required secret is not set in the repository. \n` + + core.setFailed(`At least one required secret is not set in the repository. \n` + "You can add it using:\n" + "GitHub UI: https://docs.github.com/en/actions/reference/encrypted-secrets#creating-encrypted-secrets-for-a-repository \n" + "GitHub CLI: https://cli.github.com/manual/gh_secret_set \n" + "Also, refer to https://github.com/redhat-actions/oc-login#getting-started-with-the-action-or-see-example"); } else { - core.info(`✅ All the required secrets are set`); + core.info(`All the required secrets are set`); } - name: Check out repository @@ -145,11 +139,18 @@ jobs: # Process update-configmap curl -s https://raw.githubusercontent.com/bcgov/${{ env.REPO_NAME }}/${{ env.BRANCH }}/tools/config/update-configmap.sh \ - | bash /dev/stdin \ - prod \ - ${{ env.APP_NAME }} \ - ${{ env.NAMESPACE }} \ - ${{ env.SPLUNK_TOKEN }} + | bash /dev/stdin \ + ${{ env.APP_ENVIRONMENT }} \ + ${{ env.APP_NAME }} \ + ${{ secrets.CCOF_NAMESPACE_NO_ENV }} \ + ${{ secrets.COMMON_NAMESPACE_NO_ENV }} \ + ${{ secrets.SOAM_CLIENT_ID }} \ + ${{ secrets.SOAM_CLIENT_ID_IDIR }} \ + ${{ secrets.SOAM_CLIENT_SECRET }} \ + ${{ secrets.SOAM_CLIENT_SECRET_IDIR }} \ + ${{ secrets.SPLUNK_TOKEN }} \ + ${{ secrets.REDIS_PASSWORD }} \ + ${{ secrets.D365_API_PREFIX }} # Start rollout (if necessary) and follow it oc rollout latest dc/${{ env.APP_NAME }}-${{ env.IMAGE_NAME }}-${{ env.APP_ENVIRONMENT }} 2> /dev/null \ diff --git a/.github/workflows/deploy-to-openshift-backend-qa.yml b/.github/workflows/deploy-to-openshift-backend-qa.yml index dae3ee718..58cb9a331 100644 --- a/.github/workflows/deploy-to-openshift-backend-qa.yml +++ b/.github/workflows/deploy-to-openshift-backend-qa.yml @@ -1,17 +1,17 @@ name: 2 QA - Deploy Backend env: - # 🖊️ EDIT your repository secrets to log into your OpenShift cluster and set up the context. + # EDIT your repository secrets to log into your OpenShift cluster and set up the context. # See https://github.com/redhat-actions/oc-login#readme for how to retrieve these values. # To get a permanent token, refer to https://github.com/redhat-actions/oc-login/wiki/Using-a-Service-Account-for-GitHub-Actions OPENSHIFT_SERVER: ${{ secrets.OPENSHIFT_SERVER }} OPENSHIFT_TOKEN: ${{ secrets.OPENSHIFT_TOKEN }} - # 🖊️ EDIT to set the kube context's namespace after login. Leave blank to use your user's default namespace. + # EDIT to set the kube context's namespace after login. Leave blank to use your user's default namespace. OPENSHIFT_NAMESPACE: ${{ secrets.CCOF_NAMESPACE_NO_ENV }}-dev SPLUNK_TOKEN: ${{ secrets.SPLUNK_TOKEN }} - # 🖊️ EDIT to change the image registry settings. + # EDIT to change the image registry settings. # Registries such as GHCR, Quay.io, and Docker Hub are supported. IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }} IMAGE_REGISTRY_USER: ${{ github.actor }} @@ -37,9 +37,6 @@ env: MAX_MEM: "700Mi" # SITE_URL should have no scheme or port. It will be prepended with https:// HOST_ROUTE: ${{ secrets.SITE_URL }} - CA_CERT: ${{ secrets.CA_CERT }} - CERTIFICATE: ${{ secrets.CERTIFICATE }} - PRIVATE_KEY: ${{ secrets.PRIVATE_KEY }} on: workflow_dispatch: @@ -137,10 +134,18 @@ jobs: # Process update-configmap curl -s https://raw.githubusercontent.com/bcgov/${{ env.REPO_NAME }}/${{ env.BRANCH }}/tools/config/update-configmap.sh \ - | bash /dev/stdin \ - qa ${{ env.APP_NAME }} \ - ${{ env.NAMESPACE }} \ - ${{ env.SPLUNK_TOKEN }} + | bash /dev/stdin \ + ${{ env.APP_ENVIRONMENT }} \ + ${{ env.APP_NAME }} \ + ${{ secrets.CCOF_NAMESPACE_NO_ENV }} \ + ${{ secrets.COMMON_NAMESPACE_NO_ENV }} \ + ${{ secrets.SOAM_CLIENT_ID }} \ + ${{ secrets.SOAM_CLIENT_ID_IDIR }} \ + ${{ secrets.SOAM_CLIENT_SECRET }} \ + ${{ secrets.SOAM_CLIENT_SECRET_IDIR }} \ + ${{ secrets.SPLUNK_TOKEN }} \ + ${{ secrets.REDIS_PASSWORD }} \ + ${{ secrets.D365_API_PREFIX }} # Start rollout (if necessary) and follow it oc rollout latest dc/${{ env.APP_NAME }}-${{ env.IMAGE_NAME }}-${{ env.APP_ENVIRONMENT }} 2> /dev/null \ diff --git a/.github/workflows/deploy-to-openshift-backend-uat.yml b/.github/workflows/deploy-to-openshift-backend-uat.yml index e0fbd39cc..2f9140d65 100644 --- a/.github/workflows/deploy-to-openshift-backend-uat.yml +++ b/.github/workflows/deploy-to-openshift-backend-uat.yml @@ -1,17 +1,17 @@ name: 3 UAT - Deploy Backend env: - # 🖊️ EDIT your repository secrets to log into your OpenShift cluster and set up the context. + # EDIT your repository secrets to log into your OpenShift cluster and set up the context. # See https://github.com/redhat-actions/oc-login#readme for how to retrieve these values. # To get a permanent token, refer to https://github.com/redhat-actions/oc-login/wiki/Using-a-Service-Account-for-GitHub-Actions OPENSHIFT_SERVER: ${{ secrets.OPENSHIFT_SERVER }} OPENSHIFT_TOKEN: ${{ secrets.OPENSHIFT_TOKEN }} - # 🖊️ EDIT to set the kube context's namespace after login. Leave blank to use your user's default namespace. + # EDIT to set the kube context's namespace after login. Leave blank to use your user's default namespace. OPENSHIFT_NAMESPACE: ${{ secrets.CCOF_NAMESPACE_NO_ENV }}-test SPLUNK_TOKEN: ${{ secrets.SPLUNK_TOKEN }} - # 🖊️ EDIT to change the image registry settings. + # EDIT to change the image registry settings. # Registries such as GHCR, Quay.io, and Docker Hub are supported. IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }} IMAGE_REGISTRY_USER: ${{ github.actor }} @@ -37,9 +37,6 @@ env: MAX_MEM: "700Mi" # SITE_URL should have no scheme or port. It will be prepended with https:// HOST_ROUTE: ${{ secrets.SITE_URL }} - CA_CERT: ${{ secrets.CA_CERT }} - CERTIFICATE: ${{ secrets.CERTIFICATE }} - PRIVATE_KEY: ${{ secrets.PRIVATE_KEY }} on: workflow_dispatch: @@ -78,19 +75,19 @@ jobs: core.error(`Secret "${name}" is not set`); return true; } - core.info(`✔️ Secret "${name}" is set`); + core.info(`Secret "${name}" is set`); return false; }); if (missingSecrets.length > 0) { - core.setFailed(`❌ At least one required secret is not set in the repository. \n` + + core.setFailed(`At least one required secret is not set in the repository. \n` + "You can add it using:\n" + "GitHub UI: https://docs.github.com/en/actions/reference/encrypted-secrets#creating-encrypted-secrets-for-a-repository \n" + "GitHub CLI: https://cli.github.com/manual/gh_secret_set \n" + "Also, refer to https://github.com/redhat-actions/oc-login#getting-started-with-the-action-or-see-example"); } else { - core.info(`✅ All the required secrets are set`); + core.info(`All the required secrets are set`); } - name: Check out repository @@ -142,11 +139,18 @@ jobs: # Process update-configmap curl -s https://raw.githubusercontent.com/bcgov/${{ env.REPO_NAME }}/${{ env.BRANCH }}/tools/config/update-configmap.sh \ - | bash /dev/stdin \ - uat \ - ${{ env.APP_NAME }} \ - ${{ env.NAMESPACE }} \ - ${{ env.SPLUNK_TOKEN }} + | bash /dev/stdin \ + ${{ env.APP_ENVIRONMENT }} \ + ${{ env.APP_NAME }} \ + ${{ secrets.CCOF_NAMESPACE_NO_ENV }} \ + ${{ secrets.COMMON_NAMESPACE_NO_ENV }} \ + ${{ secrets.SOAM_CLIENT_ID }} \ + ${{ secrets.SOAM_CLIENT_ID_IDIR }} \ + ${{ secrets.SOAM_CLIENT_SECRET }} \ + ${{ secrets.SOAM_CLIENT_SECRET_IDIR }} \ + ${{ secrets.SPLUNK_TOKEN }} \ + ${{ secrets.REDIS_PASSWORD }} \ + ${{ secrets.D365_API_PREFIX }} # Start rollout (if necessary) and follow it oc rollout latest dc/${{ env.APP_NAME }}-${{ env.IMAGE_NAME }}-${{ env.APP_ENVIRONMENT }}} 2> /dev/null \ From 964a0a382a8f3571afa186d7fe445b2fddb028bf Mon Sep 17 00:00:00 2001 From: Trevor Richards Date: Tue, 22 Oct 2024 21:03:34 -0700 Subject: [PATCH 11/15] fix: incorrect frontend configmap data --- .../deploy-to-openshift-frontend-dev.yml | 3 +++ .../deploy-to-openshift-frontend-prod.yml | 15 +++++++++------ .../deploy-to-openshift-frontend-qa.yml | 15 +++++++++------ .../deploy-to-openshift-frontend-uat.yml | 15 +++++++++------ tools/openshift/frontend.dc.yaml | 16 +++++++++++++--- 5 files changed, 43 insertions(+), 21 deletions(-) diff --git a/.github/workflows/deploy-to-openshift-frontend-dev.yml b/.github/workflows/deploy-to-openshift-frontend-dev.yml index 9ef0122e3..ab1143faf 100644 --- a/.github/workflows/deploy-to-openshift-frontend-dev.yml +++ b/.github/workflows/deploy-to-openshift-frontend-dev.yml @@ -177,6 +177,9 @@ jobs: -p MAX_MEM=${{ env.MAX_MEM }} \ -p HOST_ROUTE=${{ env.HOST_ROUTE }} \ -p APP_ENVIRONMENT=${{ env.APP_ENVIRONMENT }} \ + -p BANNER_COLOR=${{ vars.BANNER_COLOR }} \ + -p BANNER_ENVIRONMENT=${{ vars.BANNER_ENVIRONMENT }} \ + -p VUE_APP_BCEID_REG_URL=${{ secrets.VUE_APP_BCEID_REG_URL }} \ | oc apply -f - # Start rollout (if necessary) and follow it diff --git a/.github/workflows/deploy-to-openshift-frontend-prod.yml b/.github/workflows/deploy-to-openshift-frontend-prod.yml index b7fede45a..f69283c73 100644 --- a/.github/workflows/deploy-to-openshift-frontend-prod.yml +++ b/.github/workflows/deploy-to-openshift-frontend-prod.yml @@ -1,17 +1,17 @@ name: 4 PROD - Deploy Frontend env: - # 🖊️ EDIT your repository secrets to log into your OpenShift cluster and set up the context. + # EDIT your repository secrets to log into your OpenShift cluster and set up the context. # See https://github.com/redhat-actions/oc-login#readme for how to retrieve these values. # To get a permanent token, refer to https://github.com/redhat-actions/oc-login/wiki/Using-a-Service-Account-for-GitHub-Actions OPENSHIFT_SERVER: ${{ secrets.OPENSHIFT_SERVER }} OPENSHIFT_TOKEN: ${{ secrets.OPENSHIFT_TOKEN }} - # 🖊️ EDIT to set the kube context's namespace after login. Leave blank to use your user's default namespace. + # EDIT to set the kube context's namespace after login. Leave blank to use your user's default namespace. OPENSHIFT_NAMESPACE: ${{ secrets.CCOF_NAMESPACE_NO_ENV }}-prod # SPLUNK_TOKEN: ${{ secrets.SPLUNK_TOKEN }} - # 🖊️ EDIT to change the image registry settings. + # EDIT to change the image registry settings. # Registries such as GHCR, Quay.io, and Docker Hub are supported. IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }} IMAGE_REGISTRY_USER: ${{ github.actor }} @@ -80,19 +80,19 @@ jobs: core.error(`Secret "${name}" is not set`); return true; } - core.info(`✔️ Secret "${name}" is set`); + core.info(`Secret "${name}" is set`); return false; }); if (missingSecrets.length > 0) { - core.setFailed(`❌ At least one required secret is not set in the repository. \n` + + core.setFailed(`At least one required secret is not set in the repository. \n` + "You can add it using:\n" + "GitHub UI: https://docs.github.com/en/actions/reference/encrypted-secrets#creating-encrypted-secrets-for-a-repository \n" + "GitHub CLI: https://cli.github.com/manual/gh_secret_set \n" + "Also, refer to https://github.com/redhat-actions/oc-login#getting-started-with-the-action-or-see-example"); } else { - core.info(`✅ All the required secrets are set`); + core.info(`All the required secrets are set`); } - name: Check out repository @@ -143,6 +143,9 @@ jobs: -p CERTIFICATE="${{ env.CERTIFICATE }}" \ -p PRIVATE_KEY="${{ env.PRIVATE_KEY }}" \ -p APP_ENVIRONMENT=${{ env.APP_ENVIRONMENT }} \ + -p BANNER_COLOR=${{ vars.BANNER_COLOR }} \ + -p BANNER_ENVIRONMENT=${{ vars.BANNER_ENVIRONMENT }} \ + -p VUE_APP_BCEID_REG_URL=${{ secrets.VUE_APP_BCEID_REG_URL }} \ | oc apply -f - # Start rollout (if necessary) and follow it diff --git a/.github/workflows/deploy-to-openshift-frontend-qa.yml b/.github/workflows/deploy-to-openshift-frontend-qa.yml index fd8e55873..3b570d76a 100644 --- a/.github/workflows/deploy-to-openshift-frontend-qa.yml +++ b/.github/workflows/deploy-to-openshift-frontend-qa.yml @@ -1,17 +1,17 @@ name: 2 QA - Deploy Frontend env: - # 🖊️ EDIT your repository secrets to log into your OpenShift cluster and set up the context. + # EDIT your repository secrets to log into your OpenShift cluster and set up the context. # See https://github.com/redhat-actions/oc-login#readme for how to retrieve these values. # To get a permanent token, refer to https://github.com/redhat-actions/oc-login/wiki/Using-a-Service-Account-for-GitHub-Actions OPENSHIFT_SERVER: ${{ secrets.OPENSHIFT_SERVER }} OPENSHIFT_TOKEN: ${{ secrets.OPENSHIFT_TOKEN }} - # 🖊️ EDIT to set the kube context's namespace after login. Leave blank to use your user's default namespace. + # EDIT to set the kube context's namespace after login. Leave blank to use your user's default namespace. OPENSHIFT_NAMESPACE: ${{ secrets.CCOF_NAMESPACE_NO_ENV }}-dev # SPLUNK_TOKEN: ${{ secrets.SPLUNK_TOKEN }} - # 🖊️ EDIT to change the image registry settings. + # EDIT to change the image registry settings. # Registries such as GHCR, Quay.io, and Docker Hub are supported. IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }} IMAGE_REGISTRY_USER: ${{ github.actor }} @@ -78,19 +78,19 @@ jobs: core.error(`Secret "${name}" is not set`); return true; } - core.info(`✔️ Secret "${name}" is set`); + core.info(`Secret "${name}" is set`); return false; }); if (missingSecrets.length > 0) { - core.setFailed(`❌ At least one required secret is not set in the repository. \n` + + core.setFailed(`At least one required secret is not set in the repository. \n` + "You can add it using:\n" + "GitHub UI: https://docs.github.com/en/actions/reference/encrypted-secrets#creating-encrypted-secrets-for-a-repository \n" + "GitHub CLI: https://cli.github.com/manual/gh_secret_set \n" + "Also, refer to https://github.com/redhat-actions/oc-login#getting-started-with-the-action-or-see-example"); } else { - core.info(`✅ All the required secrets are set`); + core.info(`All the required secrets are set`); } - name: Check out repository @@ -136,6 +136,9 @@ jobs: -p CERTIFICATE="${{ env.CERTIFICATE }}" \ -p PRIVATE_KEY="${{ env.PRIVATE_KEY }}" \ -p APP_ENVIRONMENT=${{ env.APP_ENVIRONMENT }} \ + -p BANNER_COLOR=${{ vars.BANNER_COLOR }} \ + -p BANNER_ENVIRONMENT=${{ vars.BANNER_ENVIRONMENT }} \ + -p VUE_APP_BCEID_REG_URL=${{ secrets.VUE_APP_BCEID_REG_URL }} \ | oc apply -f - # Start rollout (if necessary) and follow it diff --git a/.github/workflows/deploy-to-openshift-frontend-uat.yml b/.github/workflows/deploy-to-openshift-frontend-uat.yml index fd12cbd09..3bc5abb4a 100644 --- a/.github/workflows/deploy-to-openshift-frontend-uat.yml +++ b/.github/workflows/deploy-to-openshift-frontend-uat.yml @@ -1,17 +1,17 @@ name: 3 UAT - Deploy Frontend env: - # 🖊️ EDIT your repository secrets to log into your OpenShift cluster and set up the context. + # EDIT your repository secrets to log into your OpenShift cluster and set up the context. # See https://github.com/redhat-actions/oc-login#readme for how to retrieve these values. # To get a permanent token, refer to https://github.com/redhat-actions/oc-login/wiki/Using-a-Service-Account-for-GitHub-Actions OPENSHIFT_SERVER: ${{ secrets.OPENSHIFT_SERVER }} OPENSHIFT_TOKEN: ${{ secrets.OPENSHIFT_TOKEN }} - # 🖊️ EDIT to set the kube context's namespace after login. Leave blank to use your user's default namespace. + # EDIT to set the kube context's namespace after login. Leave blank to use your user's default namespace. OPENSHIFT_NAMESPACE: ${{ secrets.CCOF_NAMESPACE_NO_ENV }}-test # SPLUNK_TOKEN: ${{ secrets.SPLUNK_TOKEN }} - # 🖊️ EDIT to change the image registry settings. + # EDIT to change the image registry settings. # Registries such as GHCR, Quay.io, and Docker Hub are supported. IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }} IMAGE_REGISTRY_USER: ${{ github.actor }} @@ -80,19 +80,19 @@ jobs: core.error(`Secret "${name}" is not set`); return true; } - core.info(`✔️ Secret "${name}" is set`); + core.info(`Secret "${name}" is set`); return false; }); if (missingSecrets.length > 0) { - core.setFailed(`❌ At least one required secret is not set in the repository. \n` + + core.setFailed(`At least one required secret is not set in the repository. \n` + "You can add it using:\n" + "GitHub UI: https://docs.github.com/en/actions/reference/encrypted-secrets#creating-encrypted-secrets-for-a-repository \n" + "GitHub CLI: https://cli.github.com/manual/gh_secret_set \n" + "Also, refer to https://github.com/redhat-actions/oc-login#getting-started-with-the-action-or-see-example"); } else { - core.info(`✅ All the required secrets are set`); + core.info(`All the required secrets are set`); } - name: Check out repository @@ -143,6 +143,9 @@ jobs: -p CERTIFICATE="${{ env.CERTIFICATE }}" \ -p PRIVATE_KEY="${{ env.PRIVATE_KEY }}" \ -p APP_ENVIRONMENT=${{ env.APP_ENVIRONMENT }} \ + -p BANNER_COLOR=${{ vars.BANNER_COLOR }} \ + -p BANNER_ENVIRONMENT=${{ vars.BANNER_ENVIRONMENT }} \ + -p VUE_APP_BCEID_REG_URL=${{ secrets.VUE_APP_BCEID_REG_URL }} \ | oc apply -f - # Start rollout (if necessary) and follow it diff --git a/tools/openshift/frontend.dc.yaml b/tools/openshift/frontend.dc.yaml index fbbf3ba26..ca63abd95 100644 --- a/tools/openshift/frontend.dc.yaml +++ b/tools/openshift/frontend.dc.yaml @@ -150,10 +150,11 @@ data: config.js: | const config = { - BANNER_ENVIRONMENT: '${BANNER_ENVIRONMENT}', + VUE_APP_META_DATA: [ { name: 'robots', content: 'noindex,nofollow' } ], BANNER_COLOR: '${BANNER_COLOR}', - TDAD_CONTACT_EMAIL: '${TDAD_CONTACT_EMAIL}', - IRREGULAR_EXPENSE_FORM_URL: '${IRREGULAR_EXPENSE_FORM_URL}' + BANNER_ENVIRONMENT: '${BANNER_ENVIRONMENT}', + VUE_APP_BCEID_REG_URL: '${VUE_APP_BCEID_REG_URL}', + DECB_VALIDATION_BYPASS: true, }; snowplow.js: |- // @@ -223,6 +224,15 @@ - name: PRIVATE_KEY description: The private key required: true + - name: BANNER_ENVIRONMENT + description: Environment label for the portal banner + required: true + - name: BANNER_COLOR + description: The color for the environment label in the portal + required: true + - name: VUE_APP_BCEID_REG_URL + description: The bceid registration URL + required: true - name: APP_ENVIRONMENT description: The environment being created ('dev', 'qa', 'uat', 'prod') required: true From fdbf48cde63ddb602421b00ed7aa2532379683fe Mon Sep 17 00:00:00 2001 From: Trevor Richards Date: Tue, 22 Oct 2024 21:09:28 -0700 Subject: [PATCH 12/15] fix: missing https protocol --- tools/config/update-configmap.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tools/config/update-configmap.sh b/tools/config/update-configmap.sh index 5368189c9..40cb4828d 100644 --- a/tools/config/update-configmap.sh +++ b/tools/config/update-configmap.sh @@ -36,11 +36,11 @@ fi readonly SITE_MINDER_LOGOUT_URL SOAM_KC="loginproxy.gov.bc.ca" -SERVER_FRONTEND='mychildcareservices.gov.bc.ca' +SERVER_FRONTEND='https://mychildcareservices.gov.bc.ca' if [ "$ENV_VAL" != "prod" ] then SOAM_KC="$NAMESPACE_SUFFIX.loginproxy.gov.bc.ca" - SERVER_FRONTEND="$ENV_VAL.$SERVER_FRONTEND" + SERVER_FRONTEND="https://$ENV_VAL.$SERVER_FRONTEND" fi readonly SOAM_KC readonly SERVER_FRONTEND From c9ccd7804b0fd6fdf3b8b64e8d1586f984790aa4 Mon Sep 17 00:00:00 2001 From: Trevor Richards Date: Tue, 22 Oct 2024 21:28:47 -0700 Subject: [PATCH 13/15] fix: url not string wrapped --- .../deploy-to-openshift-frontend-dev.yml | 42 +++++++++---------- .../deploy-to-openshift-frontend-prod.yml | 42 +++++++++---------- .../deploy-to-openshift-frontend-qa.yml | 42 +++++++++---------- .../deploy-to-openshift-frontend-uat.yml | 42 +++++++++---------- 4 files changed, 84 insertions(+), 84 deletions(-) diff --git a/.github/workflows/deploy-to-openshift-frontend-dev.yml b/.github/workflows/deploy-to-openshift-frontend-dev.yml index ab1143faf..8dd75bf29 100644 --- a/.github/workflows/deploy-to-openshift-frontend-dev.yml +++ b/.github/workflows/deploy-to-openshift-frontend-dev.yml @@ -160,27 +160,27 @@ jobs: # Process and apply deployment template oc process \ - -f tools/openshift/frontend.dc.yaml \ - -p APP_NAME=${{ env.APP_NAME }} \ - -p REPO_NAME=${{ env.REPO_NAME }} \ - -p BRANCH=${{ env.BRANCH }} \ - -p CA_CERT="${{ env.CA_CERT }}" \ - -p CERTIFICATE="${{ env.CERTIFICATE }}" \ - -p PRIVATE_KEY="${{ env.PRIVATE_KEY }}" \ - -p NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} \ - -p TAG=${{ env.TAG }} \ - -p MIN_REPLICAS=${{ env.MIN_REPLICAS }} \ - -p MAX_REPLICAS=${{ env.MAX_REPLICAS }} \ - -p MIN_CPU=${{ env.MIN_CPU }} \ - -p MAX_CPU=${{ env.MAX_CPU }} \ - -p MIN_MEM=${{ env.MIN_MEM }} \ - -p MAX_MEM=${{ env.MAX_MEM }} \ - -p HOST_ROUTE=${{ env.HOST_ROUTE }} \ - -p APP_ENVIRONMENT=${{ env.APP_ENVIRONMENT }} \ - -p BANNER_COLOR=${{ vars.BANNER_COLOR }} \ - -p BANNER_ENVIRONMENT=${{ vars.BANNER_ENVIRONMENT }} \ - -p VUE_APP_BCEID_REG_URL=${{ secrets.VUE_APP_BCEID_REG_URL }} \ - | oc apply -f - + -f tools/openshift/frontend.dc.yaml \ + -p APP_NAME=${{ env.APP_NAME }} \ + -p REPO_NAME=${{ env.REPO_NAME }} \ + -p BRANCH=${{ env.BRANCH }} \ + -p CA_CERT="${{ env.CA_CERT }}" \ + -p CERTIFICATE="${{ env.CERTIFICATE }}" \ + -p PRIVATE_KEY="${{ env.PRIVATE_KEY }}" \ + -p NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} \ + -p TAG=${{ env.TAG }} \ + -p MIN_REPLICAS=${{ env.MIN_REPLICAS }} \ + -p MAX_REPLICAS=${{ env.MAX_REPLICAS }} \ + -p MIN_CPU=${{ env.MIN_CPU }} \ + -p MAX_CPU=${{ env.MAX_CPU }} \ + -p MIN_MEM=${{ env.MIN_MEM }} \ + -p MAX_MEM=${{ env.MAX_MEM }} \ + -p HOST_ROUTE=${{ env.HOST_ROUTE }} \ + -p APP_ENVIRONMENT=${{ env.APP_ENVIRONMENT }} \ + -p BANNER_COLOR=${{ vars.BANNER_COLOR }} \ + -p BANNER_ENVIRONMENT=${{ vars.BANNER_ENVIRONMENT }} \ + -p VUE_APP_BCEID_REG_URL='${{ secrets.VUE_APP_BCEID_REG_URL }}' \ + | oc apply -f - # Start rollout (if necessary) and follow it oc rollout latest dc/${{ env.APP_NAME }}-${{ env.IMAGE_NAME }}-${{ env.APP_ENVIRONMENT }} 2> /dev/null \ diff --git a/.github/workflows/deploy-to-openshift-frontend-prod.yml b/.github/workflows/deploy-to-openshift-frontend-prod.yml index f69283c73..a97b6e249 100644 --- a/.github/workflows/deploy-to-openshift-frontend-prod.yml +++ b/.github/workflows/deploy-to-openshift-frontend-prod.yml @@ -126,27 +126,27 @@ jobs: # Process and apply deployment template oc process \ - -f tools/openshift/frontend.dc.yaml \ - -p APP_NAME=${{ env.APP_NAME }} \ - -p REPO_NAME=${{ env.REPO_NAME }} \ - -p BRANCH=${{ env.BRANCH }} \ - -p NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} \ - -p TAG=${{ steps.get-latest-tag.outputs.tag }} \ - -p MIN_REPLICAS=${{ env.MIN_REPLICAS }} \ - -p MAX_REPLICAS=${{ env.MAX_REPLICAS }} \ - -p MIN_CPU=${{ env.MIN_CPU }} \ - -p MAX_CPU=${{ env.MAX_CPU }} \ - -p MIN_MEM=${{ env.MIN_MEM }} \ - -p MAX_MEM=${{ env.MAX_MEM }} \ - -p HOST_ROUTE=${{ env.HOST_ROUTE }} \ - -p CA_CERT="${{ env.CA_CERT }}" \ - -p CERTIFICATE="${{ env.CERTIFICATE }}" \ - -p PRIVATE_KEY="${{ env.PRIVATE_KEY }}" \ - -p APP_ENVIRONMENT=${{ env.APP_ENVIRONMENT }} \ - -p BANNER_COLOR=${{ vars.BANNER_COLOR }} \ - -p BANNER_ENVIRONMENT=${{ vars.BANNER_ENVIRONMENT }} \ - -p VUE_APP_BCEID_REG_URL=${{ secrets.VUE_APP_BCEID_REG_URL }} \ - | oc apply -f - + -f tools/openshift/frontend.dc.yaml \ + -p APP_NAME=${{ env.APP_NAME }} \ + -p REPO_NAME=${{ env.REPO_NAME }} \ + -p BRANCH=${{ env.BRANCH }} \ + -p NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} \ + -p TAG=${{ steps.get-latest-tag.outputs.tag }} \ + -p MIN_REPLICAS=${{ env.MIN_REPLICAS }} \ + -p MAX_REPLICAS=${{ env.MAX_REPLICAS }} \ + -p MIN_CPU=${{ env.MIN_CPU }} \ + -p MAX_CPU=${{ env.MAX_CPU }} \ + -p MIN_MEM=${{ env.MIN_MEM }} \ + -p MAX_MEM=${{ env.MAX_MEM }} \ + -p HOST_ROUTE=${{ env.HOST_ROUTE }} \ + -p CA_CERT="${{ env.CA_CERT }}" \ + -p CERTIFICATE="${{ env.CERTIFICATE }}" \ + -p PRIVATE_KEY="${{ env.PRIVATE_KEY }}" \ + -p APP_ENVIRONMENT=${{ env.APP_ENVIRONMENT }} \ + -p BANNER_COLOR=${{ vars.BANNER_COLOR }} \ + -p BANNER_ENVIRONMENT=${{ vars.BANNER_ENVIRONMENT }} \ + -p VUE_APP_BCEID_REG_URL='${{ secrets.VUE_APP_BCEID_REG_URL }}' \ + | oc apply -f - # Start rollout (if necessary) and follow it oc rollout latest dc/${{ env.APP_NAME }}-${{ env.IMAGE_NAME }}-${{ env.APP_ENVIRONMENT }} 2> /dev/null \ diff --git a/.github/workflows/deploy-to-openshift-frontend-qa.yml b/.github/workflows/deploy-to-openshift-frontend-qa.yml index 3b570d76a..1cf043cab 100644 --- a/.github/workflows/deploy-to-openshift-frontend-qa.yml +++ b/.github/workflows/deploy-to-openshift-frontend-qa.yml @@ -119,27 +119,27 @@ jobs: # Process and apply deployment template oc process \ - -f tools/openshift/frontend.dc.yaml \ - -p APP_NAME=${{ env.APP_NAME }} \ - -p REPO_NAME=${{ env.REPO_NAME }} \ - -p BRANCH=${{ env.BRANCH }} \ - -p NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} \ - -p TAG=${{ steps.get-latest-tag.outputs.tag }} \ - -p MIN_REPLICAS=${{ env.MIN_REPLICAS }} \ - -p MAX_REPLICAS=${{ env.MAX_REPLICAS }} \ - -p MIN_CPU=${{ env.MIN_CPU }} \ - -p MAX_CPU=${{ env.MAX_CPU }} \ - -p MIN_MEM=${{ env.MIN_MEM }} \ - -p MAX_MEM=${{ env.MAX_MEM }} \ - -p HOST_ROUTE=${{ env.HOST_ROUTE }} \ - -p CA_CERT="${{ env.CA_CERT }}" \ - -p CERTIFICATE="${{ env.CERTIFICATE }}" \ - -p PRIVATE_KEY="${{ env.PRIVATE_KEY }}" \ - -p APP_ENVIRONMENT=${{ env.APP_ENVIRONMENT }} \ - -p BANNER_COLOR=${{ vars.BANNER_COLOR }} \ - -p BANNER_ENVIRONMENT=${{ vars.BANNER_ENVIRONMENT }} \ - -p VUE_APP_BCEID_REG_URL=${{ secrets.VUE_APP_BCEID_REG_URL }} \ - | oc apply -f - + -f tools/openshift/frontend.dc.yaml \ + -p APP_NAME=${{ env.APP_NAME }} \ + -p REPO_NAME=${{ env.REPO_NAME }} \ + -p BRANCH=${{ env.BRANCH }} \ + -p NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} \ + -p TAG=${{ steps.get-latest-tag.outputs.tag }} \ + -p MIN_REPLICAS=${{ env.MIN_REPLICAS }} \ + -p MAX_REPLICAS=${{ env.MAX_REPLICAS }} \ + -p MIN_CPU=${{ env.MIN_CPU }} \ + -p MAX_CPU=${{ env.MAX_CPU }} \ + -p MIN_MEM=${{ env.MIN_MEM }} \ + -p MAX_MEM=${{ env.MAX_MEM }} \ + -p HOST_ROUTE=${{ env.HOST_ROUTE }} \ + -p CA_CERT="${{ env.CA_CERT }}" \ + -p CERTIFICATE="${{ env.CERTIFICATE }}" \ + -p PRIVATE_KEY="${{ env.PRIVATE_KEY }}" \ + -p APP_ENVIRONMENT=${{ env.APP_ENVIRONMENT }} \ + -p BANNER_COLOR=${{ vars.BANNER_COLOR }} \ + -p BANNER_ENVIRONMENT=${{ vars.BANNER_ENVIRONMENT }} \ + -p VUE_APP_BCEID_REG_URL='${{ secrets.VUE_APP_BCEID_REG_URL }}' \ + | oc apply -f - # Start rollout (if necessary) and follow it oc rollout latest dc/${{ env.APP_NAME }}-${{ env.IMAGE_NAME }}-${{ env.APP_ENVIRONMENT }} 2> /dev/null \ diff --git a/.github/workflows/deploy-to-openshift-frontend-uat.yml b/.github/workflows/deploy-to-openshift-frontend-uat.yml index 3bc5abb4a..462d34035 100644 --- a/.github/workflows/deploy-to-openshift-frontend-uat.yml +++ b/.github/workflows/deploy-to-openshift-frontend-uat.yml @@ -126,27 +126,27 @@ jobs: # Process and apply deployment template oc process \ - -f tools/openshift/frontend.dc.yaml \ - -p APP_NAME=${{ env.APP_NAME }} \ - -p REPO_NAME=${{ env.REPO_NAME }} \ - -p BRANCH=${{ env.BRANCH }} \ - -p NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} \ - -p TAG=${{ steps.get-latest-tag.outputs.tag }} \ - -p MIN_REPLICAS=${{ env.MIN_REPLICAS }} \ - -p MAX_REPLICAS=${{ env.MAX_REPLICAS }} \ - -p MIN_CPU=${{ env.MIN_CPU }} \ - -p MAX_CPU=${{ env.MAX_CPU }} \ - -p MIN_MEM=${{ env.MIN_MEM }} \ - -p MAX_MEM=${{ env.MAX_MEM }} \ - -p HOST_ROUTE=${{ env.HOST_ROUTE }} \ - -p CA_CERT="${{ env.CA_CERT }}" \ - -p CERTIFICATE="${{ env.CERTIFICATE }}" \ - -p PRIVATE_KEY="${{ env.PRIVATE_KEY }}" \ - -p APP_ENVIRONMENT=${{ env.APP_ENVIRONMENT }} \ - -p BANNER_COLOR=${{ vars.BANNER_COLOR }} \ - -p BANNER_ENVIRONMENT=${{ vars.BANNER_ENVIRONMENT }} \ - -p VUE_APP_BCEID_REG_URL=${{ secrets.VUE_APP_BCEID_REG_URL }} \ - | oc apply -f - + -f tools/openshift/frontend.dc.yaml \ + -p APP_NAME=${{ env.APP_NAME }} \ + -p REPO_NAME=${{ env.REPO_NAME }} \ + -p BRANCH=${{ env.BRANCH }} \ + -p NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} \ + -p TAG=${{ steps.get-latest-tag.outputs.tag }} \ + -p MIN_REPLICAS=${{ env.MIN_REPLICAS }} \ + -p MAX_REPLICAS=${{ env.MAX_REPLICAS }} \ + -p MIN_CPU=${{ env.MIN_CPU }} \ + -p MAX_CPU=${{ env.MAX_CPU }} \ + -p MIN_MEM=${{ env.MIN_MEM }} \ + -p MAX_MEM=${{ env.MAX_MEM }} \ + -p HOST_ROUTE=${{ env.HOST_ROUTE }} \ + -p CA_CERT="${{ env.CA_CERT }}" \ + -p CERTIFICATE="${{ env.CERTIFICATE }}" \ + -p PRIVATE_KEY="${{ env.PRIVATE_KEY }}" \ + -p APP_ENVIRONMENT=${{ env.APP_ENVIRONMENT }} \ + -p BANNER_COLOR=${{ vars.BANNER_COLOR }} \ + -p BANNER_ENVIRONMENT=${{ vars.BANNER_ENVIRONMENT }} \ + -p VUE_APP_BCEID_REG_URL='${{ secrets.VUE_APP_BCEID_REG_URL }}' \ + | oc apply -f - # Start rollout (if necessary) and follow it oc rollout latest dc/${{ env.APP_NAME }}-${{ env.IMAGE_NAME }}-${{ env.APP_ENVIRONMENT }} 2> /dev/null \ From 2ae74bc14c180f3b5977f473ca38f7a0eb049dc9 Mon Sep 17 00:00:00 2001 From: Trevor Richards Date: Tue, 22 Oct 2024 21:30:44 -0700 Subject: [PATCH 14/15] fix: empty values for frontend --- .github/workflows/deploy-to-openshift-frontend-prod.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/deploy-to-openshift-frontend-prod.yml b/.github/workflows/deploy-to-openshift-frontend-prod.yml index a97b6e249..24a105766 100644 --- a/.github/workflows/deploy-to-openshift-frontend-prod.yml +++ b/.github/workflows/deploy-to-openshift-frontend-prod.yml @@ -143,9 +143,9 @@ jobs: -p CERTIFICATE="${{ env.CERTIFICATE }}" \ -p PRIVATE_KEY="${{ env.PRIVATE_KEY }}" \ -p APP_ENVIRONMENT=${{ env.APP_ENVIRONMENT }} \ - -p BANNER_COLOR=${{ vars.BANNER_COLOR }} \ - -p BANNER_ENVIRONMENT=${{ vars.BANNER_ENVIRONMENT }} \ - -p VUE_APP_BCEID_REG_URL='${{ secrets.VUE_APP_BCEID_REG_URL }}' \ + -p BANNER_COLOR='' \ + -p BANNER_ENVIRONMENT='' \ + -p VUE_APP_BCEID_REG_URL='' \ | oc apply -f - # Start rollout (if necessary) and follow it From ceb4a49efb023521e4e678ffa7ce731bad09debe Mon Sep 17 00:00:00 2001 From: Trevor Richards Date: Tue, 22 Oct 2024 21:40:04 -0700 Subject: [PATCH 15/15] fix: server frontend --- tools/config/update-configmap.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/config/update-configmap.sh b/tools/config/update-configmap.sh index 40cb4828d..366c58892 100644 --- a/tools/config/update-configmap.sh +++ b/tools/config/update-configmap.sh @@ -40,7 +40,7 @@ SERVER_FRONTEND='https://mychildcareservices.gov.bc.ca' if [ "$ENV_VAL" != "prod" ] then SOAM_KC="$NAMESPACE_SUFFIX.loginproxy.gov.bc.ca" - SERVER_FRONTEND="https://$ENV_VAL.$SERVER_FRONTEND" + SERVER_FRONTEND="https://$ENV_VAL.mychildcareservices.gov.bc.ca" fi readonly SOAM_KC readonly SERVER_FRONTEND