diff --git a/.github/workflows/api.yaml b/.github/workflows/api.yaml new file mode 100644 index 00000000..a23b28d0 --- /dev/null +++ b/.github/workflows/api.yaml @@ -0,0 +1,69 @@ +name: API + +on: + workflow_dispatch: +env: + IMAGE_NAME: api + WORKING_DIRECTORY: ./ +jobs: + build: + runs-on: ubuntu-latest + + steps: + + - name: Checkout Repo + uses: actions/checkout@v4 + + - name: Login to Artifactory + uses: docker/login-action@v1 + with: + registry: artifacts.developer.gov.bc.ca + username: ${{ secrets.ARTIFACTORY_USERNAME }} + password: ${{ secrets.ARTIFACTORY_PASSWORD }} + + # Get SHORT_SHA to tag images + - name: Get short SHA + id: short_sha + run: | + echo "::set-output name=SHORT_SHA::$(git rev-parse --short HEAD)" + echo "Short SHA: $SHORT_SHA" + + - name: Docker Build Image + run: | + docker build --tag ${{ env.IMAGE_NAME }} -f api/Dockerfile . + docker tag ${{ env.IMAGE_NAME }} artifacts.developer.gov.bc.ca/sb3c-images/${{ env.IMAGE_NAME }}:dev-${{ steps.short_sha.outputs.SHORT_SHA }} + docker push artifacts.developer.gov.bc.ca/sb3c-images/${{ env.IMAGE_NAME }}:dev-${{ steps.short_sha.outputs.SHORT_SHA }} + + - name: Checkout ArgoCD Repo + id: gitops + uses: actions/checkout@v4 + with: + repository: bcgov-c/tenant-gitops-b3c707 + ref: develop + token: ${{ secrets.GIT_OPS_SSH_KEY }} # `GH_PAT` is a secret that contains your PAT + path: gitops + + - name: Update Helm Values and Commit + id: helm + if: steps.gitops.outcome == 'success' # Only run if the previous step (publish) was successful + run: | + # Clone the GitOps deployment configuration repository + # Navigate to the directory containing your Helm values file for the environment develop -> DEV, test -> test and + cd gitops/charts + + # Update the Helm values file with the new image tag and version + DATETIME=$(date +'%Y-%m-%d %H:%M:%S') # Get current date and time + + sed -i "s/apitag: .*/apitag: dev-${{ steps.short_sha.outputs.SHORT_SHA }} # Image Updated on $DATETIME/" ../deploy/dev_values.yaml + + sed -i "s/apitag: .*/apitag: dev-${{ steps.short_sha.outputs.SHORT_SHA }} # Image Updated on $DATETIME/" api/values.yaml + + # Commit and push the changes + git config --global user.email "actions@github.com" + git config --global user.name "GitHub Actions" + + git add . + + git add ../deploy/dev_values.yaml + git commit -m "Update Dev Web image tag" + git push origin develop # Update the branch name as needed \ No newline at end of file diff --git a/.github/workflows/backup.yaml b/.github/workflows/backup.yaml new file mode 100644 index 00000000..8bd9c4ff --- /dev/null +++ b/.github/workflows/backup.yaml @@ -0,0 +1,33 @@ +name: Backup + +on: + workflow_dispatch: +env: + IMAGE_NAME: backup + WORKING_DIRECTORY: ./ +jobs: + build: + runs-on: ubuntu-latest + + steps: + + - name: Login to Artifactory + uses: docker/login-action@v1 + with: + registry: artifacts.developer.gov.bc.ca + username: ${{ secrets.ARTIFACTORY_USERNAME }} + password: ${{ secrets.ARTIFACTORY_PASSWORD }} + + - name: Checkout Schema Spy Repo + id: gitops + uses: actions/checkout@v4 + with: + repository: BCDevOps/backup-container.git + ref: master + + - name: Docker Build Backup Image + run: | + cd docker + docker build --tag ${{ env.IMAGE_NAME }} . + docker tag ${{ env.IMAGE_NAME }} artifacts.developer.gov.bc.ca/sb3c-images/${{ env.IMAGE_NAME }}:latest + docker push artifacts.developer.gov.bc.ca/sb3c-images/${{ env.IMAGE_NAME }} \ No newline at end of file diff --git a/.github/workflows/owasp_baseline.yaml b/.github/workflows/owasp_baseline.yaml new file mode 100644 index 00000000..cb6b18f6 --- /dev/null +++ b/.github/workflows/owasp_baseline.yaml @@ -0,0 +1,14 @@ +name: OWASP SCAN + +on: + workflow_dispatch: + +jobs: + scan: + runs-on: ubuntu-latest + steps: + - name: OWASP ZAP Baseline Scan + uses: zaproxy/action-baseline@v0.11.0 + with: + token: "" + target: ${{ secrets.OWASP_SCAN_URL }} \ No newline at end of file diff --git a/.github/workflows/schema-spy.yaml b/.github/workflows/schema-spy.yaml new file mode 100644 index 00000000..d6ee16fe --- /dev/null +++ b/.github/workflows/schema-spy.yaml @@ -0,0 +1,32 @@ +name: Schema-Spy + +on: + workflow_dispatch: +env: + IMAGE_NAME: schema-spy + WORKING_DIRECTORY: ./ +jobs: + build: + runs-on: ubuntu-latest + + steps: + + - name: Login to Artifactory + uses: docker/login-action@v1 + with: + registry: artifacts.developer.gov.bc.ca + username: ${{ secrets.ARTIFACTORY_USERNAME }} + password: ${{ secrets.ARTIFACTORY_PASSWORD }} + + - name: Checkout Schema Spy Repo + id: gitops + uses: actions/checkout@v4 + with: + repository: bcgov/SchemaSpy.git + ref: master + + - name: Docker Build Schema Spy Image + run: | + docker build --tag ${{ env.IMAGE_NAME }} . + docker tag ${{ env.IMAGE_NAME }} artifacts.developer.gov.bc.ca/ccb6-images/${{ env.IMAGE_NAME }}:latest + docker push artifacts.developer.gov.bc.ca/ccb6-images/${{ env.IMAGE_NAME }} \ No newline at end of file diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml new file mode 100644 index 00000000..f9cffe7e --- /dev/null +++ b/.github/workflows/sonarcloud.yml @@ -0,0 +1,32 @@ +# This is a basic workflow to help you get started with Actions + +name: SonarCloud Scan + +on: + push: + branches: [ master ] + pull_request: + branches: [ master ] + + workflow_dispatch: + +# A workflow run is made up of one or more jobs that can run sequentially or in parallel +jobs: + # This workflow contains a single job called "build" + build: + # The type of runner that the job will run on + runs-on: ubuntu-latest + + # Steps represent a sequence of tasks that will be executed as part of the job + steps: + # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it + - uses: actions/checkout@v4 + + - name: SonarCloud Scan + uses: SonarSource/sonarcloud-github-action@v2.1 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + with: + # Set the sonar.projectBaseDir analysis property + projectBaseDir: . \ No newline at end of file diff --git a/.github/workflows/web.yml b/.github/workflows/web.yml new file mode 100644 index 00000000..e5c03e3c --- /dev/null +++ b/.github/workflows/web.yml @@ -0,0 +1,72 @@ +name: Web + +on: + workflow_dispatch: +env: + IMAGE_NAME: web + WORKING_DIRECTORY: ./ +jobs: + builds: + runs-on: ubuntu-latest + + steps: + - name: Login to Artifactory + uses: docker/login-action@v1 + with: + registry: artifacts.developer.gov.bc.ca + username: ${{ secrets.ARTIFACTORY_USERNAME }} + password: ${{ secrets.ARTIFACTORY_PASSWORD }} + + - name: Checkout Repo + uses: actions/checkout@v4 + + # Get SHORT_SHA to tag images + - name: Get short SHA + id: short_sha + run: | + echo "::set-output name=SHORT_SHA::$(git rev-parse --short HEAD)" + echo "Short SHA: $SHORT_SHA" + + - name: Docker Build Image + run: | + docker build --tag web-runtime -f docker/nginx-runtime/Dockerfile ./docker/nginx-runtime/ + cd web + docker build --tag web-artifacts -f Dockerfile.node . --build-arg WEB_BASE_HREF=${{ secrets.WEB_BASE_HREF }} + cd .. + docker build --tag ${{ env.IMAGE_NAME }} -f docker/vue-on-nginx/Dockerfile ./docker/vue-on-nginx/ + docker tag ${{ env.IMAGE_NAME }} artifacts.developer.gov.bc.ca/sb3c-images/${{ env.IMAGE_NAME }}:dev-${{ steps.short_sha.outputs.SHORT_SHA }} + docker push artifacts.developer.gov.bc.ca/sb3c-images/${{ env.IMAGE_NAME }}:dev-${{ steps.short_sha.outputs.SHORT_SHA }} + + - name: Checkout ArgoCD Repo + id: gitops + uses: actions/checkout@v4 + with: + repository: bcgov-c/tenant-gitops-b3c707 + ref: develop + token: ${{ secrets.GIT_OPS_SSH_KEY }} # `GH_PAT` is a secret that contains your PAT + path: gitops + + - name: Update Helm Values and Commit + id: helm + if: steps.gitops.outcome == 'success' # Only run if the previous step (publish) was successful + run: | + # Clone the GitOps deployment configuration repository + # Navigate to the directory containing your Helm values file for the environment develop -> DEV, test -> test and + cd gitops/charts + + # Update the Helm values file with the new image tag and version + DATETIME=$(date +'%Y-%m-%d %H:%M:%S') # Get current date and time + + sed -i "s/webtag: .*/webtag: dev-${{ steps.short_sha.outputs.SHORT_SHA }} # Image Updated on $DATETIME/" ../deploy/dev_values.yaml + + sed -i "s/webtag: .*/webtag: dev-${{ steps.short_sha.outputs.SHORT_SHA }} # Image Updated on $DATETIME/" web/values.yaml + + # Commit and push the changes + git config --global user.email "actions@github.com" + git config --global user.name "GitHub Actions" + + git add . + + git add ../deploy/dev_values.yaml + git commit -m "Update Dev Web image tag" + git push origin develop # Update the branch name as needed \ No newline at end of file diff --git a/api/Dockerfile b/api/Dockerfile new file mode 100644 index 00000000..26c14b55 --- /dev/null +++ b/api/Dockerfile @@ -0,0 +1,29 @@ +FROM mcr.microsoft.com/dotnet/aspnet:8.0 AS base +WORKDIR /app +EXPOSE 8080 +ENV ASPNETCORE_URLS=http://*:8080 +ENV ASPNETCORE_FORWARDEDHEADERS_ENABLED=true +ENV DOTNET_gcServer=1 +ARG VERSION +ENV VERSION=$VERSION + +FROM mcr.microsoft.com/dotnet/sdk:8.0 AS build + +WORKDIR /src + +COPY ["api/api.csproj", "api/"] +COPY ["db/db.csproj", "db/"] +RUN dotnet restore api/api.csproj +RUN dotnet restore db/db.csproj +COPY . . +RUN dotnet build "api/api.csproj" -c Release +# build +FROM build AS publish +RUN dotnet publish "api/api.csproj" -c Release -o /app/publish --runtime linux-musl-x64 --no-self-contained + +FROM base AS final + +# copy app +WORKDIR /app +COPY --from=publish /app/publish . +ENTRYPOINT ["dotnet", "api.dll"] \ No newline at end of file diff --git a/api/Helpers/XForwardedForHelper.cs b/api/Helpers/XForwardedForHelper.cs index 11783946..1027da9f 100644 --- a/api/Helpers/XForwardedForHelper.cs +++ b/api/Helpers/XForwardedForHelper.cs @@ -4,7 +4,8 @@ public static class XForwardedForHelper { public static string BuildUrlString(string forwardedHost, string forwardedPort, string baseUrl) { - var portComponent = string.IsNullOrEmpty(forwardedPort) || forwardedPort == "80" || forwardedPort == "443" ? "" : $":{forwardedPort}"; + //var portComponent = string.IsNullOrEmpty(forwardedPort) || forwardedPort == "80" || forwardedPort == "443" ? "" : $":{forwardedPort}"; + var portComponent = string.IsNullOrEmpty(forwardedPort) || forwardedPort == "80" || forwardedPort == "443" || forwardedPort == "8080" ? "" : $":{forwardedPort}"; return $"https://{forwardedHost}{portComponent}{baseUrl}"; } } diff --git a/docker/vue-on-nginx/Dockerfile b/docker/vue-on-nginx/Dockerfile index 0e243744..bccb3124 100644 --- a/docker/vue-on-nginx/Dockerfile +++ b/docker/vue-on-nginx/Dockerfile @@ -12,6 +12,7 @@ COPY ./s2i/bin/fix-base-url /usr/libexec/s2i/fix-base-url # Fix permissions. USER root RUN chmod 674 /usr/libexec/s2i/fix-base-url +RUN chmod -R 674 /tmp/app/dist/ # From nginx-runtime. USER 104 diff --git a/web/Dockerfile.node b/web/Dockerfile.node new file mode 100644 index 00000000..7d95c7b0 --- /dev/null +++ b/web/Dockerfile.node @@ -0,0 +1,10 @@ +FROM centos/nodejs-10-centos7:10 +ARG WEB_BASE_HREF +ENV WEB_BASE_HREF="$WEB_BASE_HREF" +ENV WEB1_BASE_HREF="$WEB_BASE_HREF" +WORKDIR /opt/app-root/src +COPY . . +RUN echo "$WEB1_BASE_HREF" +RUN echo "$WEB_BASE_HREF" +RUN npm install +RUN npm run build \ No newline at end of file diff --git a/web/package.json b/web/package.json index a64f7b5f..a005d3b8 100644 --- a/web/package.json +++ b/web/package.json @@ -3,7 +3,6 @@ "version": "0.1.0", "private": true, "scripts": { - "preinstall": "npx npm-force-resolutions", "serve": "cross-env WEB_BASE_HREF='/' vue-cli-service serve", "build": "vue-cli-service build", "clean": "",