From 0218eca76ed4beb9b144eaef5154fb9e738ea00c Mon Sep 17 00:00:00 2001 From: SoLetsDev <74216496+SoLetsDev@users.noreply.github.com> Date: Wed, 20 Sep 2023 10:16:34 -0700 Subject: [PATCH 1/2] Adding workflows for deploy to TEST, PROD and tagging. --- .github/workflows/deploy-to.openshift-dev.yml | 16 +- .../workflows/deploy-to.openshift-prod.yml | 145 +++++++++++++++++ .../workflows/deploy-to.openshift-test.yml | 151 ++++++++++++++++++ .../tag-create.git.and.imagestream.tag.yml | 63 ++++++++ 4 files changed, 369 insertions(+), 6 deletions(-) create mode 100644 .github/workflows/deploy-to.openshift-prod.yml create mode 100644 .github/workflows/deploy-to.openshift-test.yml create mode 100644 .github/workflows/tag-create.git.and.imagestream.tag.yml diff --git a/.github/workflows/deploy-to.openshift-dev.yml b/.github/workflows/deploy-to.openshift-dev.yml index 3ee463b..ac46868 100644 --- a/.github/workflows/deploy-to.openshift-dev.yml +++ b/.github/workflows/deploy-to.openshift-dev.yml @@ -36,10 +36,14 @@ env: TAG: "latest" MIN_REPLICAS_DEV: "1" MAX_REPLICAS_DEV: "1" - MIN_CPU: "10m" - MAX_CPU: "300m" - MIN_MEM: "250Mi" - MAX_MEM: "500Mi" + MIN_CPU_BACKEND: "10m" + MAX_CPU_BACKEND: "100m" + MIN_MEM_BACKEND: "125Mi" + MAX_MEM_BACKEND: "250Mi" + MIN_CPU_FRONTEND: "10m" + MAX_CPU_FRONTEND: "50m" + MIN_MEM_FRONTEND: "50Mi" + MAX_MEM_FRONTEND: "100Mi" # SITE_URL should have no scheme or port. It will be prepended with https:// HOST_ROUTE: ${{ secrets.SITE_URL }} @@ -196,11 +200,11 @@ jobs: oc tag ${{ steps.push-image-frontend.outputs.registry-path }} ${{ env.REPO_NAME }}-frontend-static:${{ env.TAG }} # Process and apply backend deployment template - oc process -f tools/openshift/backend.dc.yaml -p APP_NAME=${{ env.APP_NAME }} -p REPO_NAME=${{ env.REPO_NAME }} -p BRANCH=${{ env.BRANCH }} -p NAMESPACE=${{ env.OPENSHIFT_NAMESPACE_DEV }} -p TAG=${{ env.TAG }} -p MIN_REPLICAS=${{ env.MIN_REPLICAS_DEV }} -p MAX_REPLICAS=${{ env.MAX_REPLICAS_DEV }} -p MIN_CPU=${{ env.MIN_CPU }} -p MAX_CPU=${{ env.MAX_CPU }} -p MIN_MEM=${{ env.MIN_MEM }} -p MAX_MEM=${{ env.MAX_MEM }} -p HOST_ROUTE=${{ env.HOST_ROUTE }}\ + oc process -f tools/openshift/backend.dc.yaml -p APP_NAME=${{ env.APP_NAME }} -p REPO_NAME=${{ env.REPO_NAME }} -p BRANCH=${{ env.BRANCH }} -p NAMESPACE=${{ env.OPENSHIFT_NAMESPACE_DEV }} -p TAG=${{ env.TAG }} -p MIN_REPLICAS=${{ env.MIN_REPLICAS_DEV }} -p MAX_REPLICAS=${{ env.MAX_REPLICAS_DEV }} -p MIN_CPU=${{ env.MIN_CPU_BACKEND }} -p MAX_CPU=${{ env.MAX_CPU_BACKEND }} -p MIN_MEM=${{ env.MIN_MEM_BACKEND }} -p MAX_MEM=${{ env.MAX_MEM_BACKEND }} -p HOST_ROUTE=${{ env.HOST_ROUTE }}\ | oc apply -f - # Process and apply frontend deployment template - oc process -f tools/openshift/frontend-static.dc.yaml -p APP_NAME=${{ env.APP_NAME }} -p REPO_NAME=${{ env.REPO_NAME }} -p BRANCH=${{ env.BRANCH }} -p NAMESPACE=${{ env.OPENSHIFT_NAMESPACE_DEV }} -p TAG=${{ env.TAG }} -p MIN_REPLICAS=${{ env.MIN_REPLICAS_DEV }} -p MAX_REPLICAS=${{ env.MAX_REPLICAS_DEV }} -p MIN_CPU=${{ env.MIN_CPU }} -p MAX_CPU=${{ env.MAX_CPU }} -p MIN_MEM=${{ env.MIN_MEM }} -p MAX_MEM=${{ env.MAX_MEM }} -p HOST_ROUTE=${{ env.HOST_ROUTE }} -p CA_CERT="${{ env.CA_CERT }}" -p CERTIFICATE="${{ env.CERTIFICATE }}" -p PRIVATE_KEY="${{ env.PRIVATE_KEY }}"\ + oc process -f tools/openshift/frontend-static.dc.yaml -p APP_NAME=${{ env.APP_NAME }} -p REPO_NAME=${{ env.REPO_NAME }} -p BRANCH=${{ env.BRANCH }} -p NAMESPACE=${{ env.OPENSHIFT_NAMESPACE_DEV }} -p TAG=${{ env.TAG }} -p MIN_REPLICAS=${{ env.MIN_REPLICAS_DEV }} -p MAX_REPLICAS=${{ env.MAX_REPLICAS_DEV }} -p MIN_CPU=${{ env.MIN_CPU_FRONTEND }} -p MAX_CPU=${{ env.MAX_CPU_FRONTEND }} -p MIN_MEM=${{ env.MIN_MEM_FRONTEND }} -p MAX_MEM=${{ env.MAX_MEM_FRONTEND }} -p HOST_ROUTE=${{ env.HOST_ROUTE }} -p CA_CERT="${{ env.CA_CERT }}" -p CERTIFICATE="${{ env.CERTIFICATE }}" -p PRIVATE_KEY="${{ env.PRIVATE_KEY }}"\ | oc apply -f - curl -s https://raw.githubusercontent.com/bcgov/${{ env.REPO_NAME }}/master/tools/config/update-configmap.sh | bash /dev/stdin dev ${{ env.APP_NAME }} ${{ env.NAMESPACE }} ${{ env.COMMON_NAMESPACE }} ${{ env.SPLUNK_TOKEN }} diff --git a/.github/workflows/deploy-to.openshift-prod.yml b/.github/workflows/deploy-to.openshift-prod.yml new file mode 100644 index 0000000..63db28c --- /dev/null +++ b/.github/workflows/deploy-to.openshift-prod.yml @@ -0,0 +1,145 @@ +name: Build & Deploy to PROD + +env: + # 🖊️ EDIT your repository secrets to log into your OpenShift cluster and set up the context. + # See https://github.com/redhat-actions/oc-login#readme for how to retrieve these values. + # To get a permanent token, refer to https://github.com/redhat-actions/oc-login/wiki/Using-a-Service-Account-for-GitHub-Actions + OPENSHIFT_SERVER: ${{ secrets.OPENSHIFT_SERVER }} + OPENSHIFT_TOKEN: ${{ secrets.OPENSHIFT_TOKEN }} + OPENSHIFT_NAMESPACE_PROD: ${{ secrets.PEN_NAMESPACE_NO_ENV }}-prod + + SPLUNK_TOKEN: ${{ secrets.SPLUNK_TOKEN }} + CA_CERT: ${{ secrets.CA_CERT }} + CERTIFICATE: ${{ secrets.CERT }} + PRIVATE_KEY: ${{ secrets.PRIV_KEY }} + + # 🖊️ EDIT to change the image registry settings. + # Registries such as GHCR, Quay.io, and Docker Hub are supported. + IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }} + IMAGE_REGISTRY_USER: ${{ github.actor }} + IMAGE_REGISTRY_PASSWORD: ${{ github.token }} + + IMAGE_NAME: student-profile-master + + APP_NAME: "student-profile" + REPO_NAME: "educ-student-profile" + BRANCH: "master" + APP_NAME_BACKEND: "student-profile-backend-master" + APP_NAME_FRONTEND: "student-profile-frontend-master" + NAMESPACE: ${{ secrets.PEN_NAMESPACE_NO_ENV }} + COMMON_NAMESPACE: ${{ secrets.COMMON_NAMESPACE_NO_ENV }} + TAG: "latest" + MIN_REPLICAS_TEST: "2" + MAX_REPLICAS_TEST: "2" + MIN_CPU_BACKEND: "20m" + MAX_CPU_BACKEND: "400m" + MIN_MEM_BACKEND: "500Mi" + MAX_MEM_BACKEND: "750Mi" + MIN_CPU_FRONTEND: "20m" + MAX_CPU_FRONTEND: "400m" + MIN_MEM_FRONTEND: "250Mi" + MAX_MEM_FRONTEND: "500Mi" + +on: + push: + branches: + - master + workflow_dispatch: + +jobs: + build-and-deploy-prod: + name: Build and deploy to OpenShift PROD + # ubuntu-20.04 can also be used. + runs-on: ubuntu-20.04 + environment: production + + outputs: + ROUTE: ${{ steps.deploy-and-expose.outputs.route }} + SELECTOR: ${{ steps.deploy-and-expose.outputs.selector }} + + steps: + - name: Check for required secrets + uses: actions/github-script@v6 + with: + script: | + const secrets = { + OPENSHIFT_SERVER: `${{ secrets.OPENSHIFT_SERVER }}`, + OPENSHIFT_TOKEN: `${{ secrets.OPENSHIFT_TOKEN }}`, + }; + const GHCR = "ghcr.io"; + if (`${{ env.IMAGE_REGISTRY }}`.startsWith(GHCR)) { + core.info(`Image registry is ${GHCR} - no registry password required`); + } + else { + core.info("A registry password is required"); + secrets["IMAGE_REGISTRY_PASSWORD"] = `${{ secrets.IMAGE_REGISTRY_PASSWORD }}`; + } + const missingSecrets = Object.entries(secrets).filter(([ name, value ]) => { + if (value.length === 0) { + core.error(`Secret "${name}" is not set`); + return true; + } + core.info(`✔️ Secret "${name}" is set`); + return false; + }); + if (missingSecrets.length > 0) { + core.setFailed(`❌ At least one required secret is not set in the repository. \n` + + "You can add it using:\n" + + "GitHub UI: https://docs.github.com/en/actions/reference/encrypted-secrets#creating-encrypted-secrets-for-a-repository \n" + + "GitHub CLI: https://cli.github.com/manual/gh_secret_set \n" + + "Also, refer to https://github.com/redhat-actions/oc-login#getting-started-with-the-action-or-see-example"); + } + else { + core.info(`✅ All the required secrets are set`); + } + - name: Check out repository + uses: actions/checkout@v3 + + - name: Install oc + uses: redhat-actions/openshift-tools-installer@v1 + with: + oc: 4 + + # https://github.com/redhat-actions/oc-login#readme + - uses: actions/checkout@v3 + + - name: Deploy + run: | + set -eux + # Login to OpenShift and select project + oc login --token=${{ env.OPENSHIFT_TOKEN }} --server=${{ env.OPENSHIFT_SERVER }} + oc project ${{ env.OPENSHIFT_NAMESPACE_PROD }} + # Cancel any rollouts in progress + oc rollout cancel dc/${{ env.APP_NAME_BACKEND }} 2> /dev/null \ + || true && echo "No backend rollout in progress" + oc rollout cancel dc/${{ env.APP_NAME_FRONTEND }} 2> /dev/null \ + || true && echo "No frontend rollout in progress" + + # Create the image stream if it doesn't exist + oc create imagestream ${{ env.REPO_NAME }}-backend-${{ env.BRANCH }} 2> /dev/null || true && echo "Backend image stream in place" + oc create imagestream ${{ env.REPO_NAME }}-frontend-static 2> /dev/null || true && echo "Frontend image stream in place" + + oc tag ${{ env.NAMESPACE }}-dev/${{ env.REPO_NAME }}-backend-${{ env.BRANCH }}:${{ env.TAG }} ${{ env.NAMESPACE }}-prod/${{ env.REPO_NAME }}-backend-${{ env.BRANCH }}:${{ env.TAG }} + oc tag ${{ env.NAMESPACE }}-dev/${{ env.REPO_NAME }}-frontend-static:${{ env.TAG }} ${{ env.NAMESPACE }}-prod/${{ env.REPO_NAME }}-frontend-static:${{ env.TAG }} + + # Process and apply backend deployment template + oc process -f tools/openshift/backend.dc.yaml -p APP_NAME=${{ env.APP_NAME }} -p REPO_NAME=${{ env.REPO_NAME }} -p BRANCH=${{ env.BRANCH }} -p NAMESPACE=${{ env.OPENSHIFT_NAMESPACE_PROD }} -p TAG=${{ env.TAG }} -p MIN_REPLICAS=${{ env.MIN_REPLICAS_TEST }} -p MAX_REPLICAS=${{ env.MAX_REPLICAS_TEST }} -p MIN_CPU=${{ env.MIN_CPU_BACKEND }} -p MAX_CPU=${{ env.MAX_CPU_BACKEND }} -p MIN_MEM=${{ env.MIN_MEM_BACKEND }} -p MAX_MEM=${{ env.MAX_MEM_BACKEND }} -p HOST_ROUTE=${{ env.HOST_ROUTE }}\ + | oc apply -f - + + # Process and apply frontend deployment template + oc process -f tools/openshift/frontend-static.dc.yaml -p APP_NAME=${{ env.APP_NAME }} -p REPO_NAME=${{ env.REPO_NAME }} -p BRANCH=${{ env.BRANCH }} -p NAMESPACE=${{ env.OPENSHIFT_NAMESPACE_PROD }} -p TAG=${{ env.TAG }} -p MIN_REPLICAS=${{ env.MIN_REPLICAS_TEST }} -p MAX_REPLICAS=${{ env.MAX_REPLICAS_TEST }} -p MIN_CPU=${{ env.MIN_CPU_FRONTEND }} -p MAX_CPU=${{ env.MAX_CPU_FRONTEND }} -p MIN_MEM=${{ env.MIN_MEM_FRONTEND }} -p MAX_MEM=${{ env.MAX_MEM_FRONTEND }} -p HOST_ROUTE=${{ env.HOST_ROUTE }} -p CA_CERT="${{ env.CA_CERT }}" -p CERTIFICATE="${{ env.CERTIFICATE }}" -p PRIVATE_KEY="${{ env.PRIVATE_KEY }}"\ + | oc apply -f - + + curl -s https://raw.githubusercontent.com/bcgov/${{ env.REPO_NAME }}/master/tools/config/update-configmap.sh | bash /dev/stdin prod ${{ env.APP_NAME }} ${{ env.NAMESPACE }} ${{ env.COMMON_NAMESPACE }} ${{ env.SPLUNK_TOKEN }} + + # Start rollout (if necessary) and follow it + oc rollout latest dc/${{ env.APP_NAME_BACKEND }} 2> /dev/null \ + || true && echo "Rollout in progress" + oc logs -f dc/${{ env.APP_NAME_BACKEND }} + + oc rollout latest dc/${{ env.APP_NAME_FRONTEND }} 2> /dev/null \ + || true && echo "Rollout in progress" + + # Get status, returns 0 if rollout is successful + oc rollout status dc/${{ env.APP_NAME_BACKEND }} + oc rollout status dc/${{ env.APP_NAME_FRONTEND }} \ No newline at end of file diff --git a/.github/workflows/deploy-to.openshift-test.yml b/.github/workflows/deploy-to.openshift-test.yml new file mode 100644 index 0000000..e7cf957 --- /dev/null +++ b/.github/workflows/deploy-to.openshift-test.yml @@ -0,0 +1,151 @@ +name: Build & Deploy to TEST + +env: + # 🖊️ EDIT your repository secrets to log into your OpenShift cluster and set up the context. + # See https://github.com/redhat-actions/oc-login#readme for how to retrieve these values. + # To get a permanent token, refer to https://github.com/redhat-actions/oc-login/wiki/Using-a-Service-Account-for-GitHub-Actions + OPENSHIFT_SERVER: ${{ secrets.OPENSHIFT_SERVER }} + OPENSHIFT_TOKEN: ${{ secrets.OPENSHIFT_TOKEN }} + OPENSHIFT_NAMESPACE_TEST: ${{ secrets.PEN_NAMESPACE_NO_ENV }}-test + + SPLUNK_TOKEN: ${{ secrets.SPLUNK_TOKEN }} + CA_CERT: ${{ secrets.CA_CERT }} + CERTIFICATE: ${{ secrets.CERT }} + PRIVATE_KEY: ${{ secrets.PRIV_KEY }} + + # 🖊️ EDIT to change the image registry settings. + # Registries such as GHCR, Quay.io, and Docker Hub are supported. + IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }} + IMAGE_REGISTRY_USER: ${{ github.actor }} + IMAGE_REGISTRY_PASSWORD: ${{ github.token }} + + IMAGE_NAME: student-profile-master + + APP_NAME: "student-profile" + REPO_NAME: "educ-student-profile" + BRANCH: "master" + APP_NAME_BACKEND: "student-profile-backend-master" + APP_NAME_FRONTEND: "student-profile-frontend-master" + NAMESPACE: ${{ secrets.PEN_NAMESPACE_NO_ENV }} + COMMON_NAMESPACE: ${{ secrets.COMMON_NAMESPACE_NO_ENV }} + TAG: "latest" + MIN_REPLICAS_TEST: "2" + MAX_REPLICAS_TEST: "2" + MIN_CPU_BACKEND: "10m" + MAX_CPU_BACKEND: "100m" + MIN_MEM_BACKEND: "125Mi" + MAX_MEM_BACKEND: "250Mi" + MIN_CPU_FRONTEND: "10m" + MAX_CPU_FRONTEND: "50m" + MIN_MEM_FRONTEND: "50Mi" + MAX_MEM_FRONTEND: "100Mi" + # SITE_URL should have no scheme or port. It will be prepended with https:// + HOST_ROUTE: ${{ secrets.SITE_URL }} + +on: + push: + branches: + - master + workflow_dispatch: + +jobs: + build-and-deploy-test: + name: Build and deploy to OpenShift TEST + # ubuntu-20.04 can also be used. + runs-on: ubuntu-20.04 + environment: test + + outputs: + ROUTE: ${{ steps.deploy-and-expose.outputs.route }} + SELECTOR: ${{ steps.deploy-and-expose.outputs.selector }} + + steps: + - name: Check for required secrets + uses: actions/github-script@v6 + with: + script: | + const secrets = { + OPENSHIFT_SERVER: `${{ secrets.OPENSHIFT_SERVER }}`, + OPENSHIFT_TOKEN: `${{ secrets.OPENSHIFT_TOKEN }}`, + }; + const GHCR = "ghcr.io"; + if (`${{ env.IMAGE_REGISTRY }}`.startsWith(GHCR)) { + core.info(`Image registry is ${GHCR} - no registry password required`); + } + else { + core.info("A registry password is required"); + secrets["IMAGE_REGISTRY_PASSWORD"] = `${{ secrets.IMAGE_REGISTRY_PASSWORD }}`; + } + const missingSecrets = Object.entries(secrets).filter(([ name, value ]) => { + if (value.length === 0) { + core.error(`Secret "${name}" is not set`); + return true; + } + core.info(`✔️ Secret "${name}" is set`); + return false; + }); + if (missingSecrets.length > 0) { + core.setFailed(`❌ At least one required secret is not set in the repository. \n` + + "You can add it using:\n" + + "GitHub UI: https://docs.github.com/en/actions/reference/encrypted-secrets#creating-encrypted-secrets-for-a-repository \n" + + "GitHub CLI: https://cli.github.com/manual/gh_secret_set \n" + + "Also, refer to https://github.com/redhat-actions/oc-login#getting-started-with-the-action-or-see-example"); + } + else { + core.info(`✅ All the required secrets are set`); + } + - name: Check out repository + uses: actions/checkout@v3 + + - name: Install oc + uses: redhat-actions/openshift-tools-installer@v1 + with: + oc: 4 + + # https://github.com/redhat-actions/oc-login#readme + - uses: actions/checkout@v3 + + - name: Deploy + run: | + set -eux + # Login to OpenShift and select project + oc login --token=${{ env.OPENSHIFT_TOKEN }} --server=${{ env.OPENSHIFT_SERVER }} + oc project ${{ env.OPENSHIFT_NAMESPACE_TEST }} + # Cancel any rollouts in progress + oc rollout cancel dc/${{ env.APP_NAME_BACKEND }} 2> /dev/null \ + || true && echo "No backend rollout in progress" + oc rollout cancel dc/${{ env.APP_NAME_FRONTEND }} 2> /dev/null \ + || true && echo "No frontend rollout in progress" + + # Create the image stream if it doesn't exist + oc create imagestream ${{ env.REPO_NAME }}-backend-${{ env.BRANCH }} 2> /dev/null || true && echo "Backend image stream in place" + oc create imagestream ${{ env.REPO_NAME }}-frontend-static 2> /dev/null || true && echo "Frontend image stream in place" + + oc tag ${{ env.NAMESPACE }}-dev/${{ env.REPO_NAME }}-backend-${{ env.BRANCH }}:${{ env.TAG }} ${{ env.NAMESPACE }}-test/${{ env.REPO_NAME }}-backend-${{ env.BRANCH }}:${{ env.TAG }} + oc tag ${{ env.NAMESPACE }}-dev/${{ env.REPO_NAME }}-frontend-static:${{ env.TAG }} ${{ env.NAMESPACE }}-test/${{ env.REPO_NAME }}-frontend-static:${{ env.TAG }} + + # Process and apply backend deployment template + oc process -f tools/openshift/backend.dc.yaml -p APP_NAME=${{ env.APP_NAME }} -p REPO_NAME=${{ env.REPO_NAME }} -p BRANCH=${{ env.BRANCH }} -p NAMESPACE=${{ env.OPENSHIFT_NAMESPACE_TEST }} -p TAG=${{ env.TAG }} -p MIN_REPLICAS=${{ env.MIN_REPLICAS_TEST }} -p MAX_REPLICAS=${{ env.MAX_REPLICAS_TEST }} -p MIN_CPU=${{ env.MIN_CPU_BACKEND }} -p MAX_CPU=${{ env.MAX_CPU_BACKEND }} -p MIN_MEM=${{ env.MIN_MEM_BACKEND }} -p MAX_MEM=${{ env.MAX_MEM_BACKEND }} -p HOST_ROUTE=${{ env.HOST_ROUTE }}\ + | oc apply -f - + + # Process and apply frontend deployment template + oc process -f tools/openshift/frontend-static.dc.yaml -p APP_NAME=${{ env.APP_NAME }} -p REPO_NAME=${{ env.REPO_NAME }} -p BRANCH=${{ env.BRANCH }} -p NAMESPACE=${{ env.OPENSHIFT_NAMESPACE_TEST }} -p TAG=${{ env.TAG }} -p MIN_REPLICAS=${{ env.MIN_REPLICAS_TEST }} -p MAX_REPLICAS=${{ env.MAX_REPLICAS_TEST }} -p MIN_CPU=${{ env.MIN_CPU_FRONTEND }} -p MAX_CPU=${{ env.MAX_CPU_FRONTEND }} -p MIN_MEM=${{ env.MIN_MEM_FRONTEND }} -p MAX_MEM=${{ env.MAX_MEM_FRONTEND }} -p HOST_ROUTE=${{ env.HOST_ROUTE }} -p CA_CERT="${{ env.CA_CERT }}" -p CERTIFICATE="${{ env.CERTIFICATE }}" -p PRIVATE_KEY="${{ env.PRIVATE_KEY }}"\ + | oc apply -f - + + curl -s https://raw.githubusercontent.com/bcgov/${{ env.REPO_NAME }}/master/tools/config/update-configmap.sh | bash /dev/stdin test ${{ env.APP_NAME }} ${{ env.NAMESPACE }} ${{ env.COMMON_NAMESPACE }} ${{ env.SPLUNK_TOKEN }} + + # Start rollout (if necessary) and follow it + oc rollout latest dc/${{ env.APP_NAME_BACKEND }} 2> /dev/null \ + || true && echo "Rollout in progress" + oc logs -f dc/${{ env.APP_NAME_BACKEND }} + + oc rollout latest dc/${{ env.APP_NAME_FRONTEND }} 2> /dev/null \ + || true && echo "Rollout in progress" + + # Get status, returns 0 if rollout is successful + oc rollout status dc/${{ env.APP_NAME_BACKEND }} + oc rollout status dc/${{ env.APP_NAME_FRONTEND }} + - name: ZAP Scan + uses: zaproxy/action-api-scan@v0.3.0 + with: + target: 'https://${{ env.HOST_ROUTE }}' \ No newline at end of file diff --git a/.github/workflows/tag-create.git.and.imagestream.tag.yml b/.github/workflows/tag-create.git.and.imagestream.tag.yml new file mode 100644 index 0000000..91144d1 --- /dev/null +++ b/.github/workflows/tag-create.git.and.imagestream.tag.yml @@ -0,0 +1,63 @@ +name: Create Tag + +env: + # 🖊️ EDIT your repository secrets to log into your OpenShift cluster and set up the context. + # See https://github.com/redhat-actions/oc-login#readme for how to retrieve these values. + # To get a permanent token, refer to https://github.com/redhat-actions/oc-login/wiki/Using-a-Service-Account-for-GitHub-Actions + OPENSHIFT_SERVER: ${{ secrets.OPENSHIFT_SERVER }} + OPENSHIFT_TOKEN: ${{ secrets.OPENSHIFT_TOKEN }} + OPENSHIFT_NAMESPACE: ${{ secrets.PEN_NAMESPACE_NO_ENV }}-dev + + REPO_NAME: "educ-student-profile" + BRANCH: "master" + NAMESPACE: ${{ secrets.PEN_NAMESPACE_NO_ENV }} + +on: + # https://docs.github.com/en/actions/reference/events-that-trigger-workflows + workflow_dispatch: + inputs: + version: + description: 'Version Number' + required: true + +jobs: + openshift-ci-cd: + name: Tag Image + # ubuntu-latest can also be used. + runs-on: ubuntu-22.04 + environment: dev + + outputs: + ROUTE: ${{ steps.deploy-and-expose.outputs.route }} + SELECTOR: ${{ steps.deploy-and-expose.outputs.selector }} + + steps: + - name: Check out repository + uses: actions/checkout@v3 + + - name: Create tag + uses: actions/github-script@v6 + with: + script: | + github.rest.git.createRef({ + owner: context.repo.owner, + repo: context.repo.repo, + ref: 'refs/tags/${{ github.event.inputs.version }}', + sha: context.sha + }) + + - name: Install oc + uses: redhat-actions/openshift-tools-installer@v1 + with: + oc: 4 + + # https://github.com/redhat-actions/oc-login#readme + - uses: actions/checkout@v3 + - name: Tag in OpenShift + run: | + set -eux + # Login to OpenShift and select project + oc login --token=${{ env.OPENSHIFT_TOKEN }} --server=${{ env.OPENSHIFT_SERVER }} + oc project ${{ env.OPENSHIFT_NAMESPACE }} + + oc tag ${{ env.NAMESPACE }}-dev/${{ env.REPO_NAME }}-${{ env.BRANCH }}:latest ${{ env.NAMESPACE }}-dev/${{ env.REPO_NAME }}-${{ env.BRANCH }}:${{ github.event.inputs.version }} From ab2babcf52b0b17a8c954449c63dd85c17c5e051 Mon Sep 17 00:00:00 2001 From: SoLetsDev <74216496+SoLetsDev@users.noreply.github.com> Date: Wed, 20 Sep 2023 10:27:25 -0700 Subject: [PATCH 2/2] Changed replicas and also removed jenkins files. --- .../workflows/deploy-to.openshift-prod.yml | 8 +- tools/jenkins/Jenkinsfile | 172 -------------- tools/jenkins/Jenkinsfile-build | 143 ------------ tools/jenkins/Jenkinsfile-ocp4 | 171 -------------- tools/jenkins/e2e-Jenkinsfile | 36 --- tools/jenkins/sonar-projects.properties | 23 -- tools/jenkins/update-configmap.sh | 216 ------------------ 7 files changed, 4 insertions(+), 765 deletions(-) delete mode 100644 tools/jenkins/Jenkinsfile delete mode 100644 tools/jenkins/Jenkinsfile-build delete mode 100644 tools/jenkins/Jenkinsfile-ocp4 delete mode 100644 tools/jenkins/e2e-Jenkinsfile delete mode 100644 tools/jenkins/sonar-projects.properties delete mode 100644 tools/jenkins/update-configmap.sh diff --git a/.github/workflows/deploy-to.openshift-prod.yml b/.github/workflows/deploy-to.openshift-prod.yml index 63db28c..1fde4c1 100644 --- a/.github/workflows/deploy-to.openshift-prod.yml +++ b/.github/workflows/deploy-to.openshift-prod.yml @@ -29,8 +29,8 @@ env: NAMESPACE: ${{ secrets.PEN_NAMESPACE_NO_ENV }} COMMON_NAMESPACE: ${{ secrets.COMMON_NAMESPACE_NO_ENV }} TAG: "latest" - MIN_REPLICAS_TEST: "2" - MAX_REPLICAS_TEST: "2" + MIN_REPLICAS: "3" + MAX_REPLICAS: "3" MIN_CPU_BACKEND: "20m" MAX_CPU_BACKEND: "400m" MIN_MEM_BACKEND: "500Mi" @@ -123,11 +123,11 @@ jobs: oc tag ${{ env.NAMESPACE }}-dev/${{ env.REPO_NAME }}-frontend-static:${{ env.TAG }} ${{ env.NAMESPACE }}-prod/${{ env.REPO_NAME }}-frontend-static:${{ env.TAG }} # Process and apply backend deployment template - oc process -f tools/openshift/backend.dc.yaml -p APP_NAME=${{ env.APP_NAME }} -p REPO_NAME=${{ env.REPO_NAME }} -p BRANCH=${{ env.BRANCH }} -p NAMESPACE=${{ env.OPENSHIFT_NAMESPACE_PROD }} -p TAG=${{ env.TAG }} -p MIN_REPLICAS=${{ env.MIN_REPLICAS_TEST }} -p MAX_REPLICAS=${{ env.MAX_REPLICAS_TEST }} -p MIN_CPU=${{ env.MIN_CPU_BACKEND }} -p MAX_CPU=${{ env.MAX_CPU_BACKEND }} -p MIN_MEM=${{ env.MIN_MEM_BACKEND }} -p MAX_MEM=${{ env.MAX_MEM_BACKEND }} -p HOST_ROUTE=${{ env.HOST_ROUTE }}\ + oc process -f tools/openshift/backend.dc.yaml -p APP_NAME=${{ env.APP_NAME }} -p REPO_NAME=${{ env.REPO_NAME }} -p BRANCH=${{ env.BRANCH }} -p NAMESPACE=${{ env.OPENSHIFT_NAMESPACE_PROD }} -p TAG=${{ env.TAG }} -p MIN_REPLICAS=${{ env.MIN_REPLICAS }} -p MAX_REPLICAS=${{ env.MAX_REPLICAS }} -p MIN_CPU=${{ env.MIN_CPU_BACKEND }} -p MAX_CPU=${{ env.MAX_CPU_BACKEND }} -p MIN_MEM=${{ env.MIN_MEM_BACKEND }} -p MAX_MEM=${{ env.MAX_MEM_BACKEND }} -p HOST_ROUTE=${{ env.HOST_ROUTE }}\ | oc apply -f - # Process and apply frontend deployment template - oc process -f tools/openshift/frontend-static.dc.yaml -p APP_NAME=${{ env.APP_NAME }} -p REPO_NAME=${{ env.REPO_NAME }} -p BRANCH=${{ env.BRANCH }} -p NAMESPACE=${{ env.OPENSHIFT_NAMESPACE_PROD }} -p TAG=${{ env.TAG }} -p MIN_REPLICAS=${{ env.MIN_REPLICAS_TEST }} -p MAX_REPLICAS=${{ env.MAX_REPLICAS_TEST }} -p MIN_CPU=${{ env.MIN_CPU_FRONTEND }} -p MAX_CPU=${{ env.MAX_CPU_FRONTEND }} -p MIN_MEM=${{ env.MIN_MEM_FRONTEND }} -p MAX_MEM=${{ env.MAX_MEM_FRONTEND }} -p HOST_ROUTE=${{ env.HOST_ROUTE }} -p CA_CERT="${{ env.CA_CERT }}" -p CERTIFICATE="${{ env.CERTIFICATE }}" -p PRIVATE_KEY="${{ env.PRIVATE_KEY }}"\ + oc process -f tools/openshift/frontend-static.dc.yaml -p APP_NAME=${{ env.APP_NAME }} -p REPO_NAME=${{ env.REPO_NAME }} -p BRANCH=${{ env.BRANCH }} -p NAMESPACE=${{ env.OPENSHIFT_NAMESPACE_PROD }} -p TAG=${{ env.TAG }} -p MIN_REPLICAS=${{ env.MIN_REPLICAS }} -p MAX_REPLICAS=${{ env.MAX_REPLICAS }} -p MIN_CPU=${{ env.MIN_CPU_FRONTEND }} -p MAX_CPU=${{ env.MAX_CPU_FRONTEND }} -p MIN_MEM=${{ env.MIN_MEM_FRONTEND }} -p MAX_MEM=${{ env.MAX_MEM_FRONTEND }} -p HOST_ROUTE=${{ env.HOST_ROUTE }} -p CA_CERT="${{ env.CA_CERT }}" -p CERTIFICATE="${{ env.CERTIFICATE }}" -p PRIVATE_KEY="${{ env.PRIVATE_KEY }}"\ | oc apply -f - curl -s https://raw.githubusercontent.com/bcgov/${{ env.REPO_NAME }}/master/tools/config/update-configmap.sh | bash /dev/stdin prod ${{ env.APP_NAME }} ${{ env.NAMESPACE }} ${{ env.COMMON_NAMESPACE }} ${{ env.SPLUNK_TOKEN }} diff --git a/tools/jenkins/Jenkinsfile b/tools/jenkins/Jenkinsfile deleted file mode 100644 index 2b04a11..0000000 --- a/tools/jenkins/Jenkinsfile +++ /dev/null @@ -1,172 +0,0 @@ -pipeline{ - agent any - environment{ - DEBUG_OUTPUT = 'false' - - extJSHelper = ''; - NAMESPACE='c2mvws' - COMMON_NAMESPACE='mvubjx' - STAGING_ENV = 'Dev' - TOOLS = 'c2mvws-tools' - DEV = 'c2mvws-dev' - TEST = 'c2mvws-test' - PROD = 'c2mvws-prod' - REPO_NAME = 'educ-student-profile' - TESTS_REPO_NAME = 'educ-pen-reg-automation' - OWNER = 'bcgov' - JOB_NAME = 'master' - TAG = 'latest' - TARGET_ENV = 'dev' - TARGET_ENVIRONMENT = "${NAMESPACE}-${TARGET_ENV}" - - APP_NAME = 'student-profile' - APP_DOMAIN = 'pathfinder.gov.bc.ca' - - SOURCE_REPO_RAW = 'https://github.com/${OWNER}/${REPO_NAME}/master' - SOURCE_REPO_REF = 'master' - SOURCE_REPO_URL = 'https://github.com/${OWNER}/${REPO_NAME}.git' - - TOOLS_HOST_ROUTE = "tools.getmypen.gov.bc.ca" - DEV_HOST_ROUTE = "dev.getmypen.gov.bc.ca" - TEST_HOST_ROUTE = "test.getmypen.gov.bc.ca" - PROD_HOST_ROUTE = "getmypen.gov.bc.ca" - MIN_REPLICAS_FE = "1" - MAX_REPLICAS_FE = "1" - MIN_CPU_FE = "25m" - MAX_CPU_FE = "50m" - MIN_MEM_FE = "50Mi" - MAX_MEM_FE = "100Mi" - MIN_REPLICAS_BE = "1" - MAX_REPLICAS_BE = "1" - MIN_CPU_BE = "50m" - MAX_CPU_BE = "100m" - MIN_MEM_BE = "200Mi" - MAX_MEM_BE = "250Mi" - DC_URL_FRONTEND = "https://raw.githubusercontent.com/${OWNER}/${REPO_NAME}/master/tools/openshift/frontend-static.dc.yaml" - DC_URL_BACKEND = "https://raw.githubusercontent.com/${OWNER}/${REPO_NAME}/master/tools/openshift/backend.dc.yaml" - CA_CERT = ""; - CERT = ""; - PRIV_KEY = ""; - } - - stages { - stage('Initialize') { - steps { - script { - if(DEBUG_OUTPUT.equalsIgnoreCase('true')) { - // Force OpenShift Plugin directives to be verbose - openshift.logLevel(1) - - // Print all environment variables - echo 'DEBUG - All pipeline environment variables:' - echo sh(returnStdout: true, script: 'env') - } - sh "wget -O - https://raw.githubusercontent.com/bcgov/EDUC-INFRA-COMMON/master/openshift/common-deployment/deployHelpers.js > deployHelpers.js" - extJSHelper = evaluate readFile('deployHelpers.js') - } - } - } - stage('Build'){ - steps{ - script { - openshift.withCluster(){ - openshift.withProject(TOOLS){ - parallel( - Backend: { - try{ - echo "Building backend..." - def bcBackend = openshift.process('-f', 'tools/openshift/backend.bc.yaml', "REPO_NAME=${REPO_NAME}", "JOB_NAME=${JOB_NAME}", "SOURCE_REPO_URL=${SOURCE_REPO_URL}", "SOURCE_REPO_REF=${SOURCE_REPO_REF}") - openshift.apply(bcBackend).narrow('bc').startBuild('-w').logs('-f') - - openshift.tag("${REPO_NAME}-backend:latest", "${REPO_NAME}-backend:${JOB_NAME}") - } catch(e) { - echo "Backend build failed" - throw e - } - }, - Frontend: { - try { - echo "Building frontend..." - def bcFrontend = openshift.process('-f', 'tools/openshift/frontend.bc.yaml', "REPO_NAME=${REPO_NAME}", "JOB_NAME=${JOB_NAME}", "SOURCE_REPO_URL=${SOURCE_REPO_URL}", "SOURCE_REPO_REF=${SOURCE_REPO_REF}") - - openshift.apply(bcFrontend).narrow('bc').startBuild('-w').logs('-f') - openshift.tag("${REPO_NAME}-frontend:latest", "${REPO_NAME}-frontend:${JOB_NAME}") - - def bcFrontendStatic = openshift.process('-f', 'tools/openshift/frontend-static.bc.yaml', "REPO_NAME=${REPO_NAME}", "JOB_NAME=${JOB_NAME}", "NAMESPACE=${TOOLS}") - openshift.apply(bcFrontendStatic).narrow('bc').startBuild('-w').logs('-f') - openshift.tag("${REPO_NAME}-frontend-static:latest", "${REPO_NAME}-frontend-static:${JOB_NAME}") - } catch(e) { - echo "Frontend build failed" - throw e - } - }) - } - } - } - } - post { - success { - echo 'Cleanup BuildConfigs...' - script { - openshift.withCluster() { - openshift.withProject(TOOLS) { - if(DEBUG_OUTPUT.equalsIgnoreCase('true')) { - echo "DEBUG - Using project: ${openshift.project()}" - } else { - def bcBackend = openshift.selector('bc', "${REPO_NAME}-backend-${JOB_NAME}") - def bcFrontend = openshift.selector('bc', "${REPO_NAME}-frontend-${JOB_NAME}") - def bcFrontendStatic = openshift.selector('bc', "${REPO_NAME}-frontend-static-${JOB_NAME}") - - if(bcBackend.exists()){ - echo "Removing BuildConfig ${REPO_NAME}-backend-${JOB_NAME}..." - bcBackend.delete() - } - if(bcFrontend.exists()) { - echo "Removing BuildConfig ${REPO_NAME}-frontend-${JOB_NAME}..." - bcFrontend.delete() - } - if(bcFrontendStatic.exists()) { - echo "Removing BuildConfig ${REPO_NAME}-frontend-static-${JOB_NAME}..." - bcFrontendStatic.delete() - } - } - } - } - } - } - failure { - echo 'Build stage failed' - } - } - } - stage('Promote and configure DEV') { - steps{ - script{ - CA_CERT = sh( script: "oc -n ${DEV} -o json get secret dev-certs-ssl | sed -n 's/.*\"ca-certificate-l1k\": \"\\(.*\\)\",/\\1/p' | base64 --decode", returnStdout: true); - CERT = sh( script: "oc -n ${DEV} -o json get secret dev-certs-ssl | sed -n 's/.*\"certificate\": \"\\(.*\\)\",/\\1/p' | base64 --decode", returnStdout: true); - PRIV_KEY = sh( script: "oc -n ${DEV} -o json get secret dev-certs-ssl | sed -n 's/.*\"private-key\": \"\\(.*\\)\"/\\1/p' | base64 --decode", returnStdout: true); - - extJSHelper.performUIDeploy(DEV_HOST_ROUTE, STAGING_ENV, TARGET_ENVIRONMENT, REPO_NAME, APP_NAME, JOB_NAME, TAG, TOOLS, TARGET_ENVIRONMENT, APP_DOMAIN, DC_URL_FRONTEND, DC_URL_BACKEND, MIN_REPLICAS_FE, MAX_REPLICAS_FE, MIN_CPU_FE, MAX_CPU_FE, MIN_MEM_FE, MAX_MEM_FE, MIN_REPLICAS_BE, MAX_REPLICAS_BE, MIN_CPU_BE, MAX_CPU_BE, MIN_MEM_BE, MAX_MEM_BE, TARGET_ENV, NAMESPACE, COMMON_NAMESPACE, CA_CERT, CERT, PRIV_KEY) - } - } - post{ - success{ - echo 'Deployment to Dev was successful' - } - failure{ - echo 'Deployment to Dev failed' - } - } - } - stage('e2e tests'){ - steps { - script { - withCredentials([string(credentialsId: 'c2mvws-tools-github-actions-token', variable: 'TOKEN')]) { - extJSHelper.triggerWorkflow(TOKEN, 'smoke-test-student-profile-dev-environment') - extJSHelper.waitForWorkflowRunComplete(TOKEN) - } - } - } - } - } -} diff --git a/tools/jenkins/Jenkinsfile-build b/tools/jenkins/Jenkinsfile-build deleted file mode 100644 index 39cc899..0000000 --- a/tools/jenkins/Jenkinsfile-build +++ /dev/null @@ -1,143 +0,0 @@ -pipeline{ - agent any - environment{ - DEBUG_OUTPUT = 'false' - - extJSHelper = ''; - NAMESPACE='c2mvws' - COMMON_NAMESPACE='mvubjx' - STAGING_ENV = 'Dev' - TOOLS = 'c2mvws-tools' - DEV = 'c2mvws-dev' - TEST = 'c2mvws-test' - PROD = 'c2mvws-prod' - REPO_NAME = 'educ-student-profile' - TESTS_REPO_NAME = 'educ-pen-reg-automation' - OWNER = 'bcgov' - JOB_NAME = 'master' - TAG = 'latest' - TARGET_ENV = 'dev' - TARGET_ENVIRONMENT = "${NAMESPACE}-${TARGET_ENV}" - - APP_NAME = 'student-profile' - APP_DOMAIN = 'pathfinder.gov.bc.ca' - - SOURCE_REPO_RAW = 'https://github.com/${OWNER}/${REPO_NAME}/master' - SOURCE_REPO_REF = 'master' - SOURCE_REPO_URL = 'https://github.com/${OWNER}/${REPO_NAME}.git' - - TOOLS_HOST_ROUTE = "tools.getmypen.gov.bc.ca" - DEV_HOST_ROUTE = "dev.getmypen.gov.bc.ca" - TEST_HOST_ROUTE = "test.getmypen.gov.bc.ca" - PROD_HOST_ROUTE = "getmypen.gov.bc.ca" - MIN_REPLICAS_FE = "1" - MAX_REPLICAS_FE = "1" - MIN_CPU_FE = "25m" - MAX_CPU_FE = "50m" - MIN_MEM_FE = "50Mi" - MAX_MEM_FE = "100Mi" - MIN_REPLICAS_BE = "1" - MAX_REPLICAS_BE = "1" - MIN_CPU_BE = "50m" - MAX_CPU_BE = "100m" - MIN_MEM_BE = "200Mi" - MAX_MEM_BE = "250Mi" - DC_URL_FRONTEND = "https://raw.githubusercontent.com/${OWNER}/${REPO_NAME}/master/tools/openshift/frontend-static.dc.yaml" - DC_URL_BACKEND = "https://raw.githubusercontent.com/${OWNER}/${REPO_NAME}/master/tools/openshift/backend.dc.yaml" - CA_CERT = ""; - CERT = ""; - PRIV_KEY = ""; - } - - stages { - stage('Initialize') { - steps { - script { - if(DEBUG_OUTPUT.equalsIgnoreCase('true')) { - // Force OpenShift Plugin directives to be verbose - openshift.logLevel(1) - - // Print all environment variables - echo 'DEBUG - All pipeline environment variables:' - echo sh(returnStdout: true, script: 'env') - } - sh "wget -O - https://raw.githubusercontent.com/bcgov/EDUC-INFRA-COMMON/master/openshift/common-deployment/deployHelpers.js > deployHelpers.js" - extJSHelper = evaluate readFile('deployHelpers.js') - } - } - } - stage('Build'){ - steps{ - script { - openshift.withCluster(){ - openshift.withProject(TOOLS){ - parallel( - Backend: { - try{ - echo "Building backend..." - def bcBackend = openshift.process('-f', 'tools/openshift/backend.bc.yaml', "REPO_NAME=${REPO_NAME}", "JOB_NAME=${JOB_NAME}", "SOURCE_REPO_URL=${SOURCE_REPO_URL}", "SOURCE_REPO_REF=${SOURCE_REPO_REF}") - openshift.apply(bcBackend).narrow('bc').startBuild('-w').logs('-f') - - openshift.tag("${REPO_NAME}-backend:latest", "${REPO_NAME}-backend:${JOB_NAME}") - } catch(e) { - echo "Backend build failed" - throw e - } - }, - Frontend: { - try { - echo "Building frontend..." - def bcFrontend = openshift.process('-f', 'tools/openshift/frontend.bc.yaml', "REPO_NAME=${REPO_NAME}", "JOB_NAME=${JOB_NAME}", "SOURCE_REPO_URL=${SOURCE_REPO_URL}", "SOURCE_REPO_REF=${SOURCE_REPO_REF}") - - openshift.apply(bcFrontend).narrow('bc').startBuild('-w').logs('-f') - openshift.tag("${REPO_NAME}-frontend:latest", "${REPO_NAME}-frontend:${JOB_NAME}") - - def bcFrontendStatic = openshift.process('-f', 'tools/openshift/frontend-static.bc.yaml', "REPO_NAME=${REPO_NAME}", "JOB_NAME=${JOB_NAME}", "NAMESPACE=${TOOLS}") - openshift.apply(bcFrontendStatic).narrow('bc').startBuild('-w').logs('-f') - openshift.tag("${REPO_NAME}-frontend-static:latest", "${REPO_NAME}-frontend-static:${JOB_NAME}") - } catch(e) { - echo "Frontend build failed" - throw e - } - }) - } - } - } - } - post { - success { - echo 'Cleanup BuildConfigs...' - script { - openshift.withCluster() { - openshift.withProject(TOOLS) { - if(DEBUG_OUTPUT.equalsIgnoreCase('true')) { - echo "DEBUG - Using project: ${openshift.project()}" - } else { - def bcBackend = openshift.selector('bc', "${REPO_NAME}-backend-${JOB_NAME}") - def bcFrontend = openshift.selector('bc', "${REPO_NAME}-frontend-${JOB_NAME}") - def bcFrontendStatic = openshift.selector('bc', "${REPO_NAME}-frontend-static-${JOB_NAME}") - - if(bcBackend.exists()){ - echo "Removing BuildConfig ${REPO_NAME}-backend-${JOB_NAME}..." - bcBackend.delete() - } - if(bcFrontend.exists()) { - echo "Removing BuildConfig ${REPO_NAME}-frontend-${JOB_NAME}..." - bcFrontend.delete() - } - if(bcFrontendStatic.exists()) { - echo "Removing BuildConfig ${REPO_NAME}-frontend-static-${JOB_NAME}..." - bcFrontendStatic.delete() - } - } - } - } - } - } - failure { - echo 'Build stage failed' - } - } - } - } -} diff --git a/tools/jenkins/Jenkinsfile-ocp4 b/tools/jenkins/Jenkinsfile-ocp4 deleted file mode 100644 index 53c9047..0000000 --- a/tools/jenkins/Jenkinsfile-ocp4 +++ /dev/null @@ -1,171 +0,0 @@ -pipeline{ - agent any - environment{ - DEBUG_OUTPUT = 'false' - - extJSHelper = ''; - NAMESPACE='8878b4' - COMMON_NAMESPACE='75e61b' - STAGING_ENV = 'Dev' - TOOLS = '8878b4-tools' - DEV = '8878b4-dev' - TEST = '8878b4-test' - PROD = '8878b4-prod' - REPO_NAME = 'educ-student-profile' - TESTS_REPO_NAME = 'educ-pen-reg-automation' - OWNER = 'bcgov' - JOB_NAME = 'master' - TAG = 'latest' - TARGET_ENV = 'dev' - TARGET_ENVIRONMENT = "${NAMESPACE}-${TARGET_ENV}" - - APP_NAME = 'student-profile' - APP_DOMAIN = 'apps.silver.devops.gov.bc.ca' - - SOURCE_REPO_RAW = 'https://github.com/${OWNER}/${REPO_NAME}/master' - SOURCE_REPO_REF = 'master' - SOURCE_REPO_URL = 'https://github.com/${OWNER}/${REPO_NAME}.git' - - TOOLS_HOST_ROUTE = "tools.getmypen.gov.bc.ca" - DEV_HOST_ROUTE = "dev.getmypen.gov.bc.ca" - TEST_HOST_ROUTE = "test.getmypen.gov.bc.ca" - PROD_HOST_ROUTE = "getmypen.gov.bc.ca" - MIN_REPLICAS_FE = "1" - MAX_REPLICAS_FE = "1" - MIN_CPU_FE = "125m" - MAX_CPU_FE = "250m" - MIN_MEM_FE = "150Mi" - MAX_MEM_FE = "300Mi" - MIN_REPLICAS_BE = "1" - MAX_REPLICAS_BE = "1" - MIN_CPU_BE = "150m" - MAX_CPU_BE = "300m" - MIN_MEM_BE = "250Mi" - MAX_MEM_BE = "500Mi" - DC_URL_FRONTEND = "https://raw.githubusercontent.com/${OWNER}/${REPO_NAME}/master/tools/openshift/frontend-static.dc.ocp4.yaml" - DC_URL_BACKEND = "https://raw.githubusercontent.com/${OWNER}/${REPO_NAME}/master/tools/openshift/backend.dc.ocp4.yaml" - CA_CERT = ""; - CERT = ""; - PRIV_KEY = ""; - } - - stages { - stage('Initialize') { - steps { - script { - if(DEBUG_OUTPUT.equalsIgnoreCase('true')) { - // Force OpenShift Plugin directives to be verbose - openshift.logLevel(1) - - // Print all environment variables - echo 'DEBUG - All pipeline environment variables:' - echo sh(returnStdout: true, script: 'env') - } - sh "wget -O - https://raw.githubusercontent.com/bcgov/EDUC-INFRA-COMMON/master/openshift/common-deployment/deployHelpers.js > deployHelpers.js" - extJSHelper = evaluate readFile('deployHelpers.js') - } - } - } - stage('Build'){ - steps{ - script { - openshift.withCluster(){ - openshift.withProject(TOOLS){ - parallel( - Backend: { - try{ - echo "Building backend..." - def bcBackend = openshift.process('-f', 'https://raw.githubusercontent.com/${OWNER}/${REPO_NAME}/master/tools/openshift/backend.bc.yaml', "REPO_NAME=${REPO_NAME}", "JOB_NAME=${JOB_NAME}", "SOURCE_REPO_URL=${SOURCE_REPO_URL}", "SOURCE_REPO_REF=${SOURCE_REPO_REF}") - openshift.apply(bcBackend).narrow('bc').startBuild('-w').logs('-f') - - openshift.tag("${REPO_NAME}-backend:latest", "${REPO_NAME}-backend:${JOB_NAME}") - } catch(e) { - echo "Backend build failed" - throw e - } - }, - Frontend: { - try { - echo "Building frontend..." - def bcFrontend = openshift.process('-f', 'https://raw.githubusercontent.com/${OWNER}/${REPO_NAME}/master/tools/openshift/frontend.bc.yaml', "REPO_NAME=${REPO_NAME}", "JOB_NAME=${JOB_NAME}", "SOURCE_REPO_URL=${SOURCE_REPO_URL}", "SOURCE_REPO_REF=${SOURCE_REPO_REF}") - - openshift.apply(bcFrontend).narrow('bc').startBuild('-w').logs('-f') - openshift.tag("${REPO_NAME}-frontend:latest", "${REPO_NAME}-frontend:${JOB_NAME}") - - def bcFrontendStatic = openshift.process('-f', 'https://raw.githubusercontent.com/${OWNER}/${REPO_NAME}/master/tools/openshift/frontend-static.bc.yaml', "REPO_NAME=${REPO_NAME}", "JOB_NAME=${JOB_NAME}", "NAMESPACE=${TOOLS}") - openshift.apply(bcFrontendStatic).narrow('bc').startBuild('-w').logs('-f') - openshift.tag("${REPO_NAME}-frontend-static:latest", "${REPO_NAME}-frontend-static:${JOB_NAME}") - } catch(e) { - echo "Frontend build failed" - throw e - } - }) - } - } - } - } - post { - success { - echo 'Cleanup BuildConfigs...' - script { - openshift.withCluster() { - openshift.withProject(TOOLS) { - if(DEBUG_OUTPUT.equalsIgnoreCase('true')) { - echo "DEBUG - Using project: ${openshift.project()}" - } else { - def bcBackend = openshift.selector('bc', "${REPO_NAME}-backend-${JOB_NAME}") - def bcFrontend = openshift.selector('bc', "${REPO_NAME}-frontend-${JOB_NAME}") - def bcFrontendStatic = openshift.selector('bc', "${REPO_NAME}-frontend-static-${JOB_NAME}") - - if(bcBackend.exists()){ - echo "Removing BuildConfig ${REPO_NAME}-backend-${JOB_NAME}..." - bcBackend.delete() - } - if(bcFrontend.exists()) { - echo "Removing BuildConfig ${REPO_NAME}-frontend-${JOB_NAME}..." - bcFrontend.delete() - } - if(bcFrontendStatic.exists()) { - echo "Removing BuildConfig ${REPO_NAME}-frontend-static-${JOB_NAME}..." - bcFrontendStatic.delete() - } - } - } - } - } - } - failure { - echo 'Build stage failed' - } - } - } - stage('Promote and configure DEV') { - steps{ - script{ - CA_CERT = sh( script: "oc -n ${TOOLS} -o json get secret dev-certs-ssl | sed -n 's/.*\"ca-certificate-l1k\": \"\\(.*\\)\",/\\1/p' | base64 --decode", returnStdout: true); - CERT = sh( script: "oc -n ${TOOLS} -o json get secret dev-certs-ssl | sed -n 's/.*\"certificate\": \"\\(.*\\)\",/\\1/p' | base64 --decode", returnStdout: true); - PRIV_KEY = sh( script: "oc -n ${TOOLS} -o json get secret dev-certs-ssl | sed -n 's/.*\"private-key\": \"\\(.*\\)\"/\\1/p' | base64 --decode", returnStdout: true); - - extJSHelper.performUIDeploy(DEV_HOST_ROUTE, STAGING_ENV, TARGET_ENVIRONMENT, REPO_NAME, APP_NAME, JOB_NAME, TAG, TOOLS, TARGET_ENVIRONMENT, APP_DOMAIN, DC_URL_FRONTEND, DC_URL_BACKEND, MIN_REPLICAS_FE, MAX_REPLICAS_FE, MIN_CPU_FE, MAX_CPU_FE, MIN_MEM_FE, MAX_MEM_FE, MIN_REPLICAS_BE, MAX_REPLICAS_BE, MIN_CPU_BE, MAX_CPU_BE, MIN_MEM_BE, MAX_MEM_BE, TARGET_ENV, NAMESPACE, COMMON_NAMESPACE, CA_CERT, CERT, PRIV_KEY) - } - } - post{ - success{ - echo 'Deployment to Dev was successful' - } - failure{ - echo 'Deployment to Dev failed' - } - } - } - stage('e2e tests'){ - steps { - script { - TOKEN = sh( script: "oc -n ${TOOLS} -o json get secret github-actions-token | sed -n 's/.*\"token\": \"\\(.*\\)\"/\\1/p' | base64 --decode", returnStdout: true); - extJSHelper.triggerWorkflow(TOKEN, 'smoke-test-student-profile-dev-environment') - extJSHelper.waitForWorkflowRunComplete(TOKEN) - } - } - } - } -} diff --git a/tools/jenkins/e2e-Jenkinsfile b/tools/jenkins/e2e-Jenkinsfile deleted file mode 100644 index df0fa67..0000000 --- a/tools/jenkins/e2e-Jenkinsfile +++ /dev/null @@ -1,36 +0,0 @@ -pipeline{ - agent any - - tools{ - nodejs "nodejs" - } - - environment{ - REPO_NAME = 'educ-student-profile' - JOB_NAME = 'master' - OWNER = 'bcgov' - - SOURCE_REPO_REF = 'master' - SOURCE_REPO_URL = 'https://github.com/${OWNER}/${REPO_NAME}.git' - } - - stages{ - stage('e2e tests'){ - steps{ - script{ - openshift.withCluster(){ - openshift.withProject('c2mvws-tools'){ - try { - def bcE2E = openshift.process('-f', 'tools/openshift/e2e.bc.yaml', "REPO_NAME=${REPO_NAME}", "JOB_NAME=${JOB_NAME}", "SOURCE_REPO_URL=${SOURCE_REPO_URL}", "SOURCE_REPO_REF=${SOURCE_REPO_REF}") - openshift.apply(bcE2E).narrow('bc').startBuild('-w').logs('-f') - } catch(e) { - echo "e2e testing failed" - throw e - } - } - } - } - } - } - } -} \ No newline at end of file diff --git a/tools/jenkins/sonar-projects.properties b/tools/jenkins/sonar-projects.properties deleted file mode 100644 index 04d5804..0000000 --- a/tools/jenkins/sonar-projects.properties +++ /dev/null @@ -1,23 +0,0 @@ -#SonarQube Host Url -sonar.host.url=https://sonarqube-c2mvws-tools.pathfinder.gov.bc.ca - -# Must be unique in a given SonarQube instance -sonar.projectKey=student-profile - -# This is the name and version displayed in the SonarQube UI. Was mandatory prior to SonarQube 6.1. -sonar.projectName=Student Profile -sonar.projectVersion=1.0.0 - -# Encoding of the source code. Default is default system encoding -sonar.sourceEncoding=UTF-8 -sonar.exclusions=**/node_modules/**, **/coverage/** -sonar.verbose=false - -# Path is relative to the sonar-project.properties file. Replace "\" by "/" on Windows. -sonar.sources=../../backend/src, ../../frontend/src - -# Test configurations -sonar.tests=frontend/tests, backend/tests -sonar.test.inclusions=**/tests/**/*.spec.** -sonar.javascript.lcov.reportPaths=backend/coverage/lcov.info, frontend/coverage/lcov.info -sonar.testExecutionReportPaths=backend/coverage/test-report.xml, frontend/coverage/test-report.xml \ No newline at end of file diff --git a/tools/jenkins/update-configmap.sh b/tools/jenkins/update-configmap.sh deleted file mode 100644 index 0ac6d7c..0000000 --- a/tools/jenkins/update-configmap.sh +++ /dev/null @@ -1,216 +0,0 @@ -envValue=$1 -APP_NAME=$2 -PEN_NAMESPACE=$3 -COMMON_NAMESPACE=$4 -APP_NAME_UPPER=${APP_NAME^^} - -TZVALUE="America/Vancouver" -SOAM_KC_REALM_ID="master" -SOAM_KC=soam-$envValue.apps.silver.devops.gov.bc.ca -siteMinderLogoutUrl="" -HOST_ROUTE="${envValue}.getmypen.gov.bc.ca" -SERVER_FRONTEND="https://${envValue}.getmypen.gov.bc.ca" -if [ "$envValue" != "prod" ] -then - siteMinderLogoutUrl="https://logontest7.gov.bc.ca/clp-cgi/logoff.cgi?retnow=1&returl=" -else - SERVER_FRONTEND="https://getmypen.gov.bc.ca" - HOST_ROUTE="getmypen.gov.bc.ca" - siteMinderLogoutUrl="https://logon7.gov.bc.ca/clp-cgi/logoff.cgi?retnow=1&returl=" -fi -NATS_CLUSTER=educ_nats_cluster -NATS_URL="nats://nats.${COMMON_NAMESPACE}-${envValue}.svc.cluster.local:4222" -SOAM_KC_LOAD_USER_ADMIN=$(oc -n $COMMON_NAMESPACE-$envValue -o json get secret sso-admin-${envValue} | sed -n 's/.*"username": "\(.*\)"/\1/p' | base64 --decode) -SOAM_KC_LOAD_USER_PASS=$(oc -n $COMMON_NAMESPACE-$envValue -o json get secret sso-admin-${envValue} | sed -n 's/.*"password": "\(.*\)",/\1/p' | base64 --decode) -SPLUNK_TOKEN=$(oc -n $PEN_NAMESPACE-$envValue -o json get configmaps ${APP_NAME}-${envValue}-setup-config | sed -n "s/.*\"SPLUNK_TOKEN_${APP_NAME_UPPER}\": \"\(.*\)\"/\1/p") - -echo Fetching SOAM token -TKN=$(curl -s \ - -d "client_id=admin-cli" \ - -d "username=$SOAM_KC_LOAD_USER_ADMIN" \ - -d "password=$SOAM_KC_LOAD_USER_PASS" \ - -d "grant_type=password" \ - "https://$SOAM_KC/auth/realms/$SOAM_KC_REALM_ID/protocol/openid-connect/token" | jq -r '.access_token') - -echo -echo Retrieving client ID for student-profile-soam -studentProfileClientID=$(curl -sX GET "https://$SOAM_KC/auth/admin/realms/$SOAM_KC_REALM_ID/clients" \ - -H "Content-Type: application/json" \ - -H "Authorization: Bearer $TKN" \ - | jq '.[] | select(.clientId=="student-profile-soam")' | jq -r '.id') - -echo -echo Retrieving client secret for student-profile-soam -studentProfileServiceClientSecret=$(curl -sX GET "https://$SOAM_KC/auth/admin/realms/$SOAM_KC_REALM_ID/clients/$studentProfileClientID/client-secret" \ - -H "Content-Type: application/json" \ - -H "Authorization: Bearer $TKN" \ - | jq -r '.value') - -echo -echo Removing student-profile-soam if exists -curl -sX DELETE "https://$SOAM_KC/auth/admin/realms/$SOAM_KC_REALM_ID/clients/$studentProfileClientID" \ - -H "Authorization: Bearer $TKN" - -if [ "$studentProfileServiceClientSecret" != "" ] && [ "$envValue" = "tools" ] -then - echo - echo Creating client student-profile-soam with secret - curl -sX POST "https://$SOAM_KC/auth/admin/realms/$SOAM_KC_REALM_ID/clients" \ - -H "Content-Type: application/json" \ - -H "Authorization: Bearer $TKN" \ - -d "{\"clientId\" : \"student-profile-soam\",\"secret\" : \"$studentProfileServiceClientSecret\", \"name\" : \"Student Profile SOAM\", \"description\" : \"Connect user from Student Profile backend to the SOAM\", \"surrogateAuthRequired\" : false, \"enabled\" : true, \"clientAuthenticatorType\" : \"client-secret\", \"redirectUris\" : [ \"http://localhost*\", \"$SERVER_FRONTEND\", \"$SERVER_FRONTEND/api/auth/callback_bcsc\", \"$SERVER_FRONTEND/api/auth/callback_bcsc_gmp\", \"$SERVER_FRONTEND/api/auth/callback_bcsc_ump\" , \"$SERVER_FRONTEND/logout\", \"$SERVER_FRONTEND/session-expired\", \"$SERVER_FRONTEND/api/auth/callback_bceid\", \"$SERVER_FRONTEND/api/auth/callback_bceid_gmp\", \"$SERVER_FRONTEND/api/auth/callback_bceid_ump\", \"$SERVER_FRONTEND/login-error\", \"$SERVER_FRONTEND/api/auth/login_bcsc\", \"$SERVER_FRONTEND/api/auth/login_bcsc_gmp\", \"$SERVER_FRONTEND/api/auth/login_bcsc_ump\", \"$SERVER_FRONTEND/api/auth/login_bceid\", \"$SERVER_FRONTEND/api/auth/login_bceid_gmp\", \"$SERVER_FRONTEND/api/auth/login_bceid_ump\" ], \"webOrigins\" : [ ], \"notBefore\" : 0, \"bearerOnly\" : false, \"consentRequired\" : false, \"standardFlowEnabled\" : true, \"implicitFlowEnabled\" : false, \"directAccessGrantsEnabled\" : false, \"serviceAccountsEnabled\" : true, \"publicClient\" : false, \"frontchannelLogout\" : false, \"protocol\" : \"openid-connect\", \"attributes\" : { \"saml.assertion.signature\" : \"false\", \"saml.multivalued.roles\" : \"false\", \"saml.force.post.binding\" : \"false\", \"saml.encrypt\" : \"false\", \"saml.server.signature\" : \"false\", \"saml.server.signature.keyinfo.ext\" : \"false\", \"exclude.session.state.from.auth.response\" : \"false\", \"saml_force_name_id_format\" : \"false\", \"saml.client.signature\" : \"false\", \"tls.client.certificate.bound.access.tokens\" : \"false\", \"saml.authnstatement\" : \"false\", \"display.on.consent.screen\" : \"false\", \"saml.onetimeuse.condition\" : \"false\" }, \"authenticationFlowBindingOverrides\" : { }, \"fullScopeAllowed\" : true, \"nodeReRegistrationTimeout\" : -1, \"protocolMappers\" : [ { \"name\" : \"last_name\", \"protocol\" : \"openid-connect\", \"protocolMapper\" : \"oidc-usermodel-attribute-mapper\", \"consentRequired\" : false, \"config\" : {\"userinfo.token.claim\" : \"true\",\"user.attribute\" : \"last_name\",\"id.token.claim\" : \"true\",\"access.token.claim\" : \"true\",\"claim.name\" : \"last_name\",\"jsonType.label\" : \"String\" } }, { \"name\" : \"first_name\", \"protocol\" : \"openid-connect\", \"protocolMapper\" : \"oidc-usermodel-attribute-mapper\", \"consentRequired\" : false, \"config\" : {\"userinfo.token.claim\" : \"true\",\"user.attribute\" : \"first_name\",\"id.token.claim\" : \"true\",\"access.token.claim\" : \"true\",\"claim.name\" : \"first_name\",\"jsonType.label\" : \"String\" } }, { \"name\" : \"middle_names\", \"protocol\" : \"openid-connect\", \"protocolMapper\" : \"oidc-usermodel-attribute-mapper\", \"consentRequired\" : false, \"config\" : {\"userinfo.token.claim\" : \"true\",\"user.attribute\" : \"middle_names\",\"id.token.claim\" : \"true\",\"access.token.claim\" : \"true\",\"claim.name\" : \"middle_names\",\"jsonType.label\" : \"String\" } }, { \"name\" : \"SOAM Mapper\", \"protocol\" : \"openid-connect\", \"protocolMapper\" : \"oidc-soam-mapper\", \"consentRequired\" : false, \"config\" : {\"id.token.claim\" : \"true\",\"access.token.claim\" : \"true\",\"userinfo.token.claim\" : \"true\" } }, { \"name\" : \"user_guid\", \"protocol\" : \"openid-connect\", \"protocolMapper\" : \"oidc-usermodel-attribute-mapper\", \"consentRequired\" : false, \"config\" : {\"userinfo.token.claim\" : \"true\",\"user.attribute\" : \"user_guid\",\"id.token.claim\" : \"true\",\"access.token.claim\" : \"true\",\"claim.name\" : \"user_guid\",\"jsonType.label\" : \"String\" } }, { \"name\" : \"idir_guid\", \"protocol\" : \"openid-connect\", \"protocolMapper\" : \"oidc-usermodel-attribute-mapper\", \"consentRequired\" : false, \"config\" : {\"userinfo.token.claim\" : \"true\",\"user.attribute\" : \"idir_guid\",\"id.token.claim\" : \"true\",\"access.token.claim\" : \"true\",\"claim.name\" : \"idir_guid\",\"jsonType.label\" : \"String\" } }, { \"name\" : \"bceid_guid\", \"protocol\" : \"openid-connect\", \"protocolMapper\" : \"oidc-usermodel-attribute-mapper\", \"consentRequired\" : false, \"config\" : {\"userinfo.token.claim\" : \"true\",\"user.attribute\" : \"bceid_guid\",\"id.token.claim\" : \"true\",\"access.token.claim\" : \"true\",\"claim.name\" : \"bceid_guid\",\"jsonType.label\" : \"String\" } }, { \"name\" : \"email_address\", \"protocol\" : \"openid-connect\", \"protocolMapper\" : \"oidc-usermodel-attribute-mapper\", \"consentRequired\" : false, \"config\" : {\"userinfo.token.claim\" : \"true\",\"user.attribute\" : \"email_address\",\"id.token.claim\" : \"true\",\"access.token.claim\" : \"true\",\"claim.name\" : \"email_address\",\"jsonType.label\" : \"String\" } } ], \"defaultClientScopes\" : [ \"web-origins\", \"role_list\", \"READ_STUDENT_CODES\", \"READ_STUDENT_PROFILE_CODES\", \"WRITE_STUDENT_PROFILE\", \"profile\", \"roles\", \"email\", \"READ_STUDENT_PROFILE\", \"READ_DIGITALID\", \"READ_STUDENT\", \"SEND_STUDENT_PROFILE_EMAIL\", \"DELETE_DOCUMENT_STUDENT_PROFILE\", \"READ_DOCUMENT_STUDENT_PROFILE\", \"READ_DOCUMENT_REQUIREMENTS_STUDENT_PROFILE\", \"WRITE_DOCUMENT_STUDENT_PROFILE\", \"READ_DOCUMENT_TYPES_STUDENT_PROFILE\", \"SEND_STUDENT_PROFILE_EMAIL\", \"READ_DIGITALID_CODETABLE\", \"READ_STUDENT_PROFILE_STATUSES\", \"READ_PEN_DEMOGRAPHICS\", \"READ_PEN_REQUEST_CODES\", \"WRITE_PEN_REQUEST\", \"READ_PEN_REQUEST\", \"SEND_PEN_REQUEST_EMAIL\", \"DELETE_DOCUMENT\", \"READ_DOCUMENT\", \"READ_DOCUMENT_REQUIREMENTS\", \"WRITE_DOCUMENT\", \"READ_DOCUMENT_TYPES\", \"READ_PEN_REQUEST_STATUSES\",\"PEN_REQUEST_COMMENT_SAGA\",\"STUDENT_PROFILE_COMMENT_SAGA\",\"STUDENT_PROFILE_READ_SAGA\"], \"optionalClientScopes\" : [ \"address\", \"phone\"], \"access\" : { \"view\" : true, \"configure\" : true, \"manage\" : true }}" -else - echo - echo Creating client student-profile-soam without secret - curl -sX POST "https://$SOAM_KC/auth/admin/realms/$SOAM_KC_REALM_ID/clients" \ - -H "Content-Type: application/json" \ - -H "Authorization: Bearer $TKN" \ - -d "{\"clientId\" : \"student-profile-soam\", \"name\" : \"Student Profile SOAM\", \"description\" : \"Connect user from Student Profile backend to the SOAM\", \"surrogateAuthRequired\" : false, \"enabled\" : true, \"clientAuthenticatorType\" : \"client-secret\", \"redirectUris\" : [ \"$SERVER_FRONTEND\", \"$SERVER_FRONTEND/api/auth/callback_bcsc\", \"$SERVER_FRONTEND/api/auth/callback_bcsc_gmp\", \"$SERVER_FRONTEND/api/auth/callback_bcsc_ump\" , \"$SERVER_FRONTEND/logout\", \"$SERVER_FRONTEND/session-expired\", \"$SERVER_FRONTEND/api/auth/callback_bceid\", \"$SERVER_FRONTEND/api/auth/callback_bceid_gmp\", \"$SERVER_FRONTEND/api/auth/callback_bceid_ump\", \"$SERVER_FRONTEND/login-error\", \"$SERVER_FRONTEND/api/auth/login_bcsc\", \"$SERVER_FRONTEND/api/auth/login_bcsc_gmp\", \"$SERVER_FRONTEND/api/auth/login_bcsc_ump\", \"$SERVER_FRONTEND/api/auth/login_bceid\", \"$SERVER_FRONTEND/api/auth/login_bceid_gmp\", \"$SERVER_FRONTEND/api/auth/login_bceid_ump\" ], \"webOrigins\" : [ ], \"notBefore\" : 0, \"bearerOnly\" : false, \"consentRequired\" : false, \"standardFlowEnabled\" : true, \"implicitFlowEnabled\" : false, \"directAccessGrantsEnabled\" : false, \"serviceAccountsEnabled\" : true, \"publicClient\" : false, \"frontchannelLogout\" : false, \"protocol\" : \"openid-connect\", \"attributes\" : { \"saml.assertion.signature\" : \"false\", \"saml.multivalued.roles\" : \"false\", \"saml.force.post.binding\" : \"false\", \"saml.encrypt\" : \"false\", \"saml.server.signature\" : \"false\", \"saml.server.signature.keyinfo.ext\" : \"false\", \"exclude.session.state.from.auth.response\" : \"false\", \"saml_force_name_id_format\" : \"false\", \"saml.client.signature\" : \"false\", \"tls.client.certificate.bound.access.tokens\" : \"false\", \"saml.authnstatement\" : \"false\", \"display.on.consent.screen\" : \"false\", \"saml.onetimeuse.condition\" : \"false\" }, \"authenticationFlowBindingOverrides\" : { }, \"fullScopeAllowed\" : true, \"nodeReRegistrationTimeout\" : -1, \"protocolMappers\" : [ { \"name\" : \"last_name\", \"protocol\" : \"openid-connect\", \"protocolMapper\" : \"oidc-usermodel-attribute-mapper\", \"consentRequired\" : false, \"config\" : {\"userinfo.token.claim\" : \"true\",\"user.attribute\" : \"last_name\",\"id.token.claim\" : \"true\",\"access.token.claim\" : \"true\",\"claim.name\" : \"last_name\",\"jsonType.label\" : \"String\" } }, { \"name\" : \"first_name\", \"protocol\" : \"openid-connect\", \"protocolMapper\" : \"oidc-usermodel-attribute-mapper\", \"consentRequired\" : false, \"config\" : {\"userinfo.token.claim\" : \"true\",\"user.attribute\" : \"first_name\",\"id.token.claim\" : \"true\",\"access.token.claim\" : \"true\",\"claim.name\" : \"first_name\",\"jsonType.label\" : \"String\" } }, { \"name\" : \"middle_names\", \"protocol\" : \"openid-connect\", \"protocolMapper\" : \"oidc-usermodel-attribute-mapper\", \"consentRequired\" : false, \"config\" : {\"userinfo.token.claim\" : \"true\",\"user.attribute\" : \"middle_names\",\"id.token.claim\" : \"true\",\"access.token.claim\" : \"true\",\"claim.name\" : \"middle_names\",\"jsonType.label\" : \"String\" } }, { \"name\" : \"SOAM Mapper\", \"protocol\" : \"openid-connect\", \"protocolMapper\" : \"oidc-soam-mapper\", \"consentRequired\" : false, \"config\" : {\"id.token.claim\" : \"true\",\"access.token.claim\" : \"true\",\"userinfo.token.claim\" : \"true\" } }, { \"name\" : \"user_guid\", \"protocol\" : \"openid-connect\", \"protocolMapper\" : \"oidc-usermodel-attribute-mapper\", \"consentRequired\" : false, \"config\" : {\"userinfo.token.claim\" : \"true\",\"user.attribute\" : \"user_guid\",\"id.token.claim\" : \"true\",\"access.token.claim\" : \"true\",\"claim.name\" : \"user_guid\",\"jsonType.label\" : \"String\" } }, { \"name\" : \"idir_guid\", \"protocol\" : \"openid-connect\", \"protocolMapper\" : \"oidc-usermodel-attribute-mapper\", \"consentRequired\" : false, \"config\" : {\"userinfo.token.claim\" : \"true\",\"user.attribute\" : \"idir_guid\",\"id.token.claim\" : \"true\",\"access.token.claim\" : \"true\",\"claim.name\" : \"idir_guid\",\"jsonType.label\" : \"String\" } }, { \"name\" : \"bceid_guid\", \"protocol\" : \"openid-connect\", \"protocolMapper\" : \"oidc-usermodel-attribute-mapper\", \"consentRequired\" : false, \"config\" : {\"userinfo.token.claim\" : \"true\",\"user.attribute\" : \"bceid_guid\",\"id.token.claim\" : \"true\",\"access.token.claim\" : \"true\",\"claim.name\" : \"bceid_guid\",\"jsonType.label\" : \"String\" } }, { \"name\" : \"email_address\", \"protocol\" : \"openid-connect\", \"protocolMapper\" : \"oidc-usermodel-attribute-mapper\", \"consentRequired\" : false, \"config\" : {\"userinfo.token.claim\" : \"true\",\"user.attribute\" : \"email_address\",\"id.token.claim\" : \"true\",\"access.token.claim\" : \"true\",\"claim.name\" : \"email_address\",\"jsonType.label\" : \"String\" } } ], \"defaultClientScopes\" : [ \"web-origins\", \"role_list\", \"READ_STUDENT_CODES\", \"READ_STUDENT_PROFILE_CODES\", \"WRITE_STUDENT_PROFILE\", \"profile\", \"roles\", \"email\", \"READ_STUDENT_PROFILE\", \"READ_DIGITALID\", \"READ_STUDENT\", \"SEND_STUDENT_PROFILE_EMAIL\", \"DELETE_DOCUMENT_STUDENT_PROFILE\", \"READ_DOCUMENT_STUDENT_PROFILE\", \"READ_DOCUMENT_REQUIREMENTS_STUDENT_PROFILE\", \"WRITE_DOCUMENT_STUDENT_PROFILE\", \"READ_DOCUMENT_TYPES_STUDENT_PROFILE\", \"SEND_STUDENT_PROFILE_EMAIL\", \"READ_DIGITALID_CODETABLE\", \"READ_STUDENT_PROFILE_STATUSES\", \"READ_PEN_DEMOGRAPHICS\", \"READ_PEN_REQUEST_CODES\", \"WRITE_PEN_REQUEST\", \"READ_PEN_REQUEST\", \"SEND_PEN_REQUEST_EMAIL\", \"DELETE_DOCUMENT\", \"READ_DOCUMENT\", \"READ_DOCUMENT_REQUIREMENTS\", \"WRITE_DOCUMENT\", \"READ_DOCUMENT_TYPES\", \"READ_PEN_REQUEST_STATUSES\",\"PEN_REQUEST_COMMENT_SAGA\",\"STUDENT_PROFILE_COMMENT_SAGA\",\"STUDENT_PROFILE_READ_SAGA\"], \"optionalClientScopes\" : [ \"address\", \"phone\"], \"access\" : { \"view\" : true, \"configure\" : true, \"manage\" : true }}" -fi - -echo Fetching public key from SOAM -fullKey=$(curl -sX GET "https://$SOAM_KC/auth/admin/realms/$SOAM_KC_REALM_ID/keys" \ - -H "Content-Type: application/json" \ - -H "Authorization: Bearer $TKN" \ - | jq -r '.keys | .[] | select(has("publicKey")) | .publicKey') - -echo Fetching public key from SOAM -soamFullPublicKey="-----BEGIN PUBLIC KEY----- $fullKey -----END PUBLIC KEY-----" -newline=$'\n' -formattedPublicKey="${soamFullPublicKey:0:26}${newline}${soamFullPublicKey:27:64}${newline}${soamFullPublicKey:91:64}${newline}${soamFullPublicKey:155:64}${newline}${soamFullPublicKey:219:64}${newline}${soamFullPublicKey:283:64}${newline}${soamFullPublicKey:347:64}${newline}${soamFullPublicKey:411:9}${newline}${soamFullPublicKey:420}" - -getSecret(){ -head /dev/urandom | tr -dc A-Za-z0-9 | head -c 5000 | base64 -} -JWT_SECRET_KEY=$(getSecret) - -echo -echo Retrieving client ID for student-profile-soam -studentProfileClientID=$(curl -sX GET "https://$SOAM_KC/auth/admin/realms/$SOAM_KC_REALM_ID/clients" \ - -H "Content-Type: application/json" \ - -H "Authorization: Bearer $TKN" \ - | jq '.[] | select(.clientId=="student-profile-soam")' | jq -r '.id') - -echo -echo Retrieving client secret for student-profile-soam -studentProfileServiceClientSecret=$(curl -sX GET "https://$SOAM_KC/auth/admin/realms/$SOAM_KC_REALM_ID/clients/$studentProfileClientID/client-secret" \ - -H "Content-Type: application/json" \ - -H "Authorization: Bearer $TKN" \ - | jq -r '.value') - -echo Generating private and public keys -ssh-keygen -b 4096 -t rsa -f tempPenBackendkey -q -N "" -UI_PRIVATE_KEY_VAL="$(cat tempPenBackendkey)" -UI_PUBLIC_KEY_VAL="$(ssh-keygen -f tempPenBackendkey -e -m pem)" -echo Removing key files -rm tempPenBackendkey -rm tempPenBackendkey.pub -echo Creating config map $APP_NAME-backend-config-map -oc create -n $PEN_NAMESPACE-$envValue configmap $APP_NAME-backend-config-map --from-literal=TZ=$TZVALUE --from-literal=UI_PRIVATE_KEY="$UI_PRIVATE_KEY_VAL" --from-literal=UI_PUBLIC_KEY="$UI_PUBLIC_KEY_VAL" --from-literal=SOAM_CLIENT_ID=$APP_NAME-soam --from-literal=SOAM_CLIENT_SECRET=$studentProfileServiceClientSecret --from-literal=SERVER_FRONTEND="$SERVER_FRONTEND" --from-literal=ISSUER=PEN_Retrieval_Application --from-literal=STUDENT_PROFILE_API_ENDPOINT="http://student-profile-api-master.$COMMON_NAMESPACE-$envValue.svc.cluster.local:8080/api/v1/student-profile" --from-literal=SOAM_PUBLIC_KEY="$formattedPublicKey" --from-literal=SOAM_DISCOVERY=https://$SOAM_KC/auth/realms/$SOAM_KC_REALM_ID/.well-known/openid-configuration --from-literal=SOAM_URL=https://$SOAM_KC --from-literal=STUDENT_API_ENDPOINT="http://student-api-master.$COMMON_NAMESPACE-$envValue.svc.cluster.local:8080/api/v1/student" --from-literal=DIGITALID_API_ENDPOINT="http://digitalid-api-master.$COMMON_NAMESPACE-$envValue.svc.cluster.local:8080/api/v1/digital-id" --from-literal=STUDENT_PROFILE_EMAIL_API_ENDPOINT="http://student-profile-email-api-master.$PEN_NAMESPACE-$envValue.svc.cluster.local:8080" --from-literal=STUDENT_PROFILE_EMAIL_SECRET_KEY="$JWT_SECRET_KEY" --from-literal=SITEMINDER_LOGOUT_ENDPOINT="$siteMinderLogoutUrl" --from-literal=STUDENT_DEMOG_API_ENDPOINT="http://pen-demographics-api-master.$COMMON_NAMESPACE-$envValue.svc.cluster.local:8080" --from-literal=LOG_LEVEL=info --from-literal=REDIS_HOST=redis --from-literal=REDIS_PORT=6379 --from-literal=TOKEN_TTL_MINUTES=1440 --from-literal=SCHEDULER_CRON_PROFILE_REQUEST_DRAFT="0 0 0 * * *" --from-literal=NUM_DAYS_ALLOWED_IN_DRAFT_STATUS=7 --from-literal=EXPECTED_DRAFT_REQUESTS=200 --from-literal=NUM_DAYS_ALLOWED_IN_RETURN_STATUS_BEFORE_EMAIL=5 --from-literal=NUM_DAYS_ALLOWED_IN_RETURN_STATUS_BEFORE_ABANDONED=7 --from-literal=PEN_REQUEST_API_ENDPOINT="http://pen-request-api-master.$COMMON_NAMESPACE-$envValue.svc.cluster.local:8080/api/v1/pen-request" --from-literal=NATS_URL="$NATS_URL" --from-literal=NATS_CLUSTER="$NATS_CLUSTER" --from-literal=SCHEDULER_CRON_STALE_SAGA_RECORD_REDIS="0 0/5 * * * *" --from-literal=MIN_TIME_BEFORE_SAGA_IS_STALE_IN_MINUTES=5 --from-literal=PROFILE_REQUEST_SAGA_API_URL="http://student-profile-saga-api-master.$PEN_NAMESPACE-$envValue.svc.cluster.local:8080/api/v1/student-profile-saga" --from-literal=NODE_ENV="openshift" --dry-run -o yaml | oc apply -f - -echo -echo Setting environment variables for $APP_NAME-backend-$SOAM_KC_REALM_ID application -oc -n $PEN_NAMESPACE-$envValue set env --from=configmap/$APP_NAME-backend-config-map dc/$APP_NAME-backend-$SOAM_KC_REALM_ID - -bceid_reg_url="" -journey_builder_url="" -if [ "$envValue" = "tools" ] || [ "$envValue" = "dev" ] || [ "$envValue" = "test" ] -then - bceid_reg_url="https://www.test.bceid.ca/os/?7081&SkipTo=Basic#action" - journey_builder_url="https://www2.qa.gov.bc.ca/gov/content/education-training/k-12/support/pen" -else - bceid_reg_url="https://www.bceid.ca/os/?7081&SkipTo=Basic#action" - journey_builder_url="https://www2.gov.bc.ca/gov/content?id=74E29C67215B4988ABCD778F453A3129" -fi - -if [ "$envValue" = "dev" ] -then - bannerEnvironment="DEV" - bannerColor="#dba424" -elif [ "$envValue" = "test" ] -then - bannerEnvironment="TEST" - bannerColor="#8d28d7" -fi - -snowplow=" -// -;(function(p,l,o,w,i,n,g){if(!p[i]){p.GlobalSnowplowNamespace=p.GlobalSnowplowNamespace||[]; - p.GlobalSnowplowNamespace.push(i);p[i]=function(){(p[i].q=p[i].q||[]).push(arguments) - };p[i].q=p[i].q||[];n=l.createElement(o);g=l.getElementsByTagName(o)[0];n.async=1; - n.src=w;g.parentNode.insertBefore(n,g)}}(window,document,\"script\",\"https://www2.gov.bc.ca/StaticWebResources/static/sp/sp-2-14-0.js\",\"snowplow\")); -var collector = 'spt.apps.gov.bc.ca'; - window.snowplow('newTracker','rt',collector, { - appId: \"Snowplow_standalone\", - cookieLifetime: 86400 * 548, - platform: 'web', - post: true, - forceSecureTracker: true, - contexts: { - webPage: true, - performanceTiming: true - } - }); - window.snowplow('enableActivityTracking', 30, 30); // Ping every 30 seconds after 30 seconds - window.snowplow('enableLinkClickTracking'); - window.snowplow('trackPageView'); -// -" - -regConfig="var config = (function() { - return { - \"VUE_APP_BCEID_REG_URL\" : \"$bceid_reg_url\", - \"BANNER_ENVIRONMENT\" : \"$bannerEnvironment\", - \"BANNER_COLOR\" : \"$bannerColor\", - \"VUE_APP_JOURNEY_BUILDER\" : \"$journey_builder_url\", - \"VUE_APP_IDLE_TIMEOUT_IN_MILLIS\" : \"1800000\" - }; -})();" - -echo Creating config map $APP_NAME-frontend-config-map -oc create -n $PEN_NAMESPACE-$envValue configmap $APP_NAME-frontend-config-map --from-literal=TZ=$TZVALUE --from-literal=HOST_ROUTE=$HOST_ROUTE --from-literal=config.js="$regConfig" --from-literal=snowplow.js="$snowplow" --dry-run -o yaml | oc apply -f - -echo -echo Setting environment variables for $APP_NAME-frontend-$SOAM_KC_REALM_ID application -oc -n $PEN_NAMESPACE-$envValue set env --from=configmap/$APP_NAME-frontend-config-map dc/$APP_NAME-frontend-$SOAM_KC_REALM_ID - -SPLUNK_URL="gww.splunk.educ.gov.bc.ca" -FLB_CONFIG="[SERVICE] - Flush 1 - Daemon Off - Log_Level debug - HTTP_Server On - HTTP_Listen 0.0.0.0 - Parsers_File parsers.conf -[INPUT] - Name tail - Path /mnt/log/* - Parser docker - Mem_Buf_Limit 20MB -[FILTER] - Name record_modifier - Match * - Record hostname \${HOSTNAME} -[OUTPUT] - Name stdout - Match * -[OUTPUT] - Name splunk - Match * - Host $SPLUNK_URL - Port 443 - TLS On - TLS.Verify Off - Message_Key $APP_NAME - Splunk_Token $SPLUNK_TOKEN -" -PARSER_CONFIG=" -[PARSER] - Name docker - Format json -" - -echo Creating config map $APP_NAME-flb-sc-config-map -oc create -n $PEN_NAMESPACE-$envValue configmap $APP_NAME-flb-sc-config-map --from-literal=fluent-bit.conf="$FLB_CONFIG" --from-literal=parsers.conf="$PARSER_CONFIG" --dry-run -o yaml | oc apply -f - - -echo Removing un-needed config entries -oc -n "$PEN_NAMESPACE"-"$envValue" set env dc/$APP_NAME-backend-$SOAM_KC_REALM_ID STUDENT_PROFILE_CLIENT_ID- -oc -n "$PEN_NAMESPACE"-"$envValue" set env dc/$APP_NAME-backend-$SOAM_KC_REALM_ID STUDENT_PROFILE_CLIENT_SECRET-