SCV-459 Added github actions for deploying to the Emerald cluster

bcgov · Aug 19, 2024 · e8c8aa3 · e8c8aa3
1 parent 7a5025a
commit e8c8aa3
Show file tree

Hide file tree

Showing 11 changed files with 294 additions and 2 deletions.
diff --git a/.github/workflows/api.yaml b/.github/workflows/api.yaml
@@ -0,0 +1,69 @@
+name: API
+
+on:
+  workflow_dispatch:
+env:
+  IMAGE_NAME: api
+  WORKING_DIRECTORY: ./
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:      
+
+      - name: Checkout Repo
+        uses: actions/checkout@v4
+
+      - name: Login to Artifactory
+        uses: docker/login-action@v1
+        with:
+          registry: artifacts.developer.gov.bc.ca
+          username: ${{ secrets.ARTIFACTORY_USERNAME }}
+          password: ${{ secrets.ARTIFACTORY_PASSWORD }}
+
+      # Get SHORT_SHA to tag images
+      - name: Get short SHA
+        id: short_sha
+        run: |
+          echo "::set-output name=SHORT_SHA::$(git rev-parse --short HEAD)"
+          echo "Short SHA: $SHORT_SHA"
+
+      - name: Docker Build Image
+        run: |          
+          docker build --tag ${{ env.IMAGE_NAME }} -f api/Dockerfile . 
+          docker tag ${{ env.IMAGE_NAME }} artifacts.developer.gov.bc.ca/sb3c-images/${{ env.IMAGE_NAME }}:dev-${{ steps.short_sha.outputs.SHORT_SHA }}
+          docker push artifacts.developer.gov.bc.ca/sb3c-images/${{ env.IMAGE_NAME }}:dev-${{ steps.short_sha.outputs.SHORT_SHA }}
+
+      - name: Checkout ArgoCD Repo
+        id: gitops
+        uses: actions/checkout@v4
+        with:
+          repository: bcgov-c/tenant-gitops-b3c707
+          ref: develop
+          token: ${{ secrets.GIT_OPS_SSH_KEY }} # `GH_PAT` is a secret that contains your PAT
+          path: gitops
+
+      - name: Update Helm Values and Commit
+        id: helm
+        if: steps.gitops.outcome == 'success'  # Only run if the previous step (publish) was successful
+        run: |
+          # Clone the GitOps deployment configuration repository
+          # Navigate to the directory containing your Helm values file for the environment develop -> DEV, test -> test and 
+          cd gitops/charts
+
+          # Update the Helm values file with the new image tag and version
+          DATETIME=$(date +'%Y-%m-%d %H:%M:%S')  # Get current date and time
+
+          sed -i "s/apitag: .*/apitag: dev-${{ steps.short_sha.outputs.SHORT_SHA }} # Image Updated on $DATETIME/" ../deploy/dev_values.yaml
+
+          sed -i "s/apitag: .*/apitag: dev-${{ steps.short_sha.outputs.SHORT_SHA }} # Image Updated on $DATETIME/" api/values.yaml
+          
+          # Commit and push the changes
+          git config --global user.email "[email protected]"
+          git config --global user.name "GitHub Actions"
+          
+          git add .
+          
+          git add ../deploy/dev_values.yaml
+          git commit -m "Update Dev Web image tag"
+          git push origin develop  # Update the branch name as needed
diff --git a/.github/workflows/backup.yaml b/.github/workflows/backup.yaml
@@ -0,0 +1,33 @@
+name: Backup
+
+on:
+  workflow_dispatch:
+env:
+  IMAGE_NAME: backup
+  WORKING_DIRECTORY: ./
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:      
+
+      - name: Login to Artifactory
+        uses: docker/login-action@v1
+        with:
+          registry: artifacts.developer.gov.bc.ca
+          username: ${{ secrets.ARTIFACTORY_USERNAME }}
+          password: ${{ secrets.ARTIFACTORY_PASSWORD }}
+
+      - name: Checkout Schema Spy Repo
+        id: gitops
+        uses: actions/checkout@v4
+        with:
+          repository: BCDevOps/backup-container.git
+          ref: master                    
+
+      - name: Docker Build Backup Image
+        run: |
+          cd docker
+          docker build --tag ${{ env.IMAGE_NAME }} . 
+          docker tag ${{ env.IMAGE_NAME }} artifacts.developer.gov.bc.ca/sb3c-images/${{ env.IMAGE_NAME }}:latest
+          docker push artifacts.developer.gov.bc.ca/sb3c-images/${{ env.IMAGE_NAME }}
diff --git a/.github/workflows/owasp_baseline.yaml b/.github/workflows/owasp_baseline.yaml
@@ -0,0 +1,14 @@
+name: OWASP SCAN
+
+on:
+  workflow_dispatch:
+
+jobs:
+  scan:
+    runs-on: ubuntu-latest
+    steps:
+        - name: OWASP ZAP Baseline Scan
+          uses: zaproxy/[email protected]
+          with:
+            token: ""
+            target: ${{ secrets.OWASP_SCAN_URL }}
diff --git a/.github/workflows/schema-spy.yaml b/.github/workflows/schema-spy.yaml
@@ -0,0 +1,32 @@
+name: Schema-Spy
+
+on:
+  workflow_dispatch:
+env:
+  IMAGE_NAME: schema-spy
+  WORKING_DIRECTORY: ./
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:      
+
+      - name: Login to Artifactory
+        uses: docker/login-action@v1
+        with:
+          registry: artifacts.developer.gov.bc.ca
+          username: ${{ secrets.ARTIFACTORY_USERNAME }}
+          password: ${{ secrets.ARTIFACTORY_PASSWORD }}
+
+      - name: Checkout Schema Spy Repo
+        id: gitops
+        uses: actions/checkout@v4
+        with:
+          repository: bcgov/SchemaSpy.git
+          ref: master                    
+
+      - name: Docker Build Schema Spy Image
+        run: |
+          docker build --tag ${{ env.IMAGE_NAME }} . 
+          docker tag ${{ env.IMAGE_NAME }} artifacts.developer.gov.bc.ca/ccb6-images/${{ env.IMAGE_NAME }}:latest
+          docker push artifacts.developer.gov.bc.ca/ccb6-images/${{ env.IMAGE_NAME }}
diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml
@@ -0,0 +1,32 @@
+# This is a basic workflow to help you get started with Actions
+
+name: SonarCloud Scan
+
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+    branches: [ master ]
+
+  workflow_dispatch:
+
+# A workflow run is made up of one or more jobs that can run sequentially or in parallel
+jobs:
+  # This workflow contains a single job called "build"
+  build:
+    # The type of runner that the job will run on
+    runs-on: ubuntu-latest
+
+    # Steps represent a sequence of tasks that will be executed as part of the job
+    steps:
+      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
+      - uses: actions/checkout@v4
+
+      - name: SonarCloud Scan
+        uses: SonarSource/[email protected]
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+        with:
+          # Set the sonar.projectBaseDir analysis property
+          projectBaseDir: .
diff --git a/.github/workflows/web.yml b/.github/workflows/web.yml
@@ -0,0 +1,72 @@
+name: Web
+
+on:
+  workflow_dispatch:
+env:
+  IMAGE_NAME: web
+  WORKING_DIRECTORY: ./
+jobs:
+  builds:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Login to Artifactory
+        uses: docker/login-action@v1
+        with:
+          registry: artifacts.developer.gov.bc.ca
+          username: ${{ secrets.ARTIFACTORY_USERNAME }}
+          password: ${{ secrets.ARTIFACTORY_PASSWORD }}
+
+      - name: Checkout Repo        
+        uses: actions/checkout@v4
+
+      # Get SHORT_SHA to tag images
+      - name: Get short SHA
+        id: short_sha
+        run: |
+          echo "::set-output name=SHORT_SHA::$(git rev-parse --short HEAD)"
+          echo "Short SHA: $SHORT_SHA"
+
+      - name: Docker Build Image
+        run: |          
+          docker build --tag web-runtime -f docker/nginx-runtime/Dockerfile ./docker/nginx-runtime/
+          cd web
+          docker build --tag web-artifacts -f Dockerfile.node . --build-arg WEB_BASE_HREF=${{ secrets.WEB_BASE_HREF }}
+          cd ..
+          docker build --tag ${{ env.IMAGE_NAME }} -f docker/vue-on-nginx/Dockerfile ./docker/vue-on-nginx/
+          docker tag ${{ env.IMAGE_NAME }} artifacts.developer.gov.bc.ca/sb3c-images/${{ env.IMAGE_NAME }}:dev-${{ steps.short_sha.outputs.SHORT_SHA }}
+          docker push artifacts.developer.gov.bc.ca/sb3c-images/${{ env.IMAGE_NAME }}:dev-${{ steps.short_sha.outputs.SHORT_SHA }}
+      
+      - name: Checkout ArgoCD Repo
+        id: gitops
+        uses: actions/checkout@v4
+        with:
+          repository: bcgov-c/tenant-gitops-b3c707
+          ref: develop
+          token: ${{ secrets.GIT_OPS_SSH_KEY }} # `GH_PAT` is a secret that contains your PAT
+          path: gitops
+
+      - name: Update Helm Values and Commit
+        id: helm
+        if: steps.gitops.outcome == 'success'  # Only run if the previous step (publish) was successful
+        run: |
+          # Clone the GitOps deployment configuration repository
+          # Navigate to the directory containing your Helm values file for the environment develop -> DEV, test -> test and 
+          cd gitops/charts
+
+          # Update the Helm values file with the new image tag and version
+          DATETIME=$(date +'%Y-%m-%d %H:%M:%S')  # Get current date and time
+
+          sed -i "s/webtag: .*/webtag: dev-${{ steps.short_sha.outputs.SHORT_SHA }} # Image Updated on $DATETIME/" ../deploy/dev_values.yaml
+
+          sed -i "s/webtag: .*/webtag: dev-${{ steps.short_sha.outputs.SHORT_SHA }} # Image Updated on $DATETIME/" web/values.yaml
+          
+          # Commit and push the changes
+          git config --global user.email "[email protected]"
+          git config --global user.name "GitHub Actions"
+          
+          git add .
+          
+          git add ../deploy/dev_values.yaml
+          git commit -m "Update Dev Web image tag"
+          git push origin develop  # Update the branch name as needed
diff --git a/api/Dockerfile b/api/Dockerfile
@@ -0,0 +1,29 @@
+FROM mcr.microsoft.com/dotnet/aspnet:8.0 AS base
+WORKDIR /app
+EXPOSE 8080
+ENV ASPNETCORE_URLS=http://*:8080
+ENV ASPNETCORE_FORWARDEDHEADERS_ENABLED=true
+ENV DOTNET_gcServer=1
+ARG VERSION
+ENV VERSION=$VERSION
+
+FROM mcr.microsoft.com/dotnet/sdk:8.0 AS build
+
+WORKDIR /src
+
+COPY ["api/api.csproj", "api/"]
+COPY ["db/db.csproj", "db/"]
+RUN dotnet restore api/api.csproj
+RUN dotnet restore db/db.csproj
+COPY . .
+RUN dotnet build "api/api.csproj" -c Release
+# build
+FROM build AS publish
+RUN dotnet publish "api/api.csproj" -c Release -o /app/publish --runtime linux-musl-x64 --no-self-contained
+
+FROM base AS final
+
+# copy app
+WORKDIR /app
+COPY --from=publish /app/publish .
+ENTRYPOINT ["dotnet", "api.dll"]
diff --git a/api/Helpers/XForwardedForHelper.cs b/api/Helpers/XForwardedForHelper.cs
@@ -4,7 +4,8 @@ public static class XForwardedForHelper
     {
         public static string BuildUrlString(string forwardedHost, string forwardedPort, string baseUrl)
         {
-            var portComponent = string.IsNullOrEmpty(forwardedPort) || forwardedPort == "80" || forwardedPort == "443" ? "" : $":{forwardedPort}";
+            //var portComponent = string.IsNullOrEmpty(forwardedPort) || forwardedPort == "80" || forwardedPort == "443" ? "" : $":{forwardedPort}";
+            var portComponent = string.IsNullOrEmpty(forwardedPort) || forwardedPort == "80" || forwardedPort == "443" || forwardedPort == "8080" ? "" : $":{forwardedPort}";
             return $"https://{forwardedHost}{portComponent}{baseUrl}";
         }
     }

diff --git a/docker/vue-on-nginx/Dockerfile b/docker/vue-on-nginx/Dockerfile
@@ -12,6 +12,7 @@ COPY ./s2i/bin/fix-base-url /usr/libexec/s2i/fix-base-url
 # Fix permissions.
 USER root
 RUN chmod 674 /usr/libexec/s2i/fix-base-url
+RUN chmod -R 674 /tmp/app/dist/
 
 # From nginx-runtime.
 USER 104

diff --git a/web/Dockerfile.node b/web/Dockerfile.node
@@ -0,0 +1,10 @@
+FROM centos/nodejs-10-centos7:10
+ARG WEB_BASE_HREF
+ENV WEB_BASE_HREF="$WEB_BASE_HREF"
+ENV WEB1_BASE_HREF="$WEB_BASE_HREF"
+WORKDIR /opt/app-root/src
+COPY . .
+RUN echo "$WEB1_BASE_HREF"
+RUN echo "$WEB_BASE_HREF"
+RUN npm install
+RUN npm run build 
diff --git a/web/package.json b/web/package.json
@@ -3,7 +3,6 @@
   "version": "0.1.0",
   "private": true,
   "scripts": {
-    "preinstall": "npx npm-force-resolutions",
     "serve": "cross-env WEB_BASE_HREF='/' vue-cli-service serve",
     "build": "vue-cli-service build",
     "clean": "",