chore(deps): update maven docker tag to v3.9.6 (#672) #458
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Merge to Main | |
on: | |
push: | |
branches: | |
- main | |
paths-ignore: | |
- ".github/ISSUE_TEMPLATE/*" | |
- "**.md" | |
workflow_dispatch: | |
concurrency: | |
group: ${{ github.workflow }} | |
cancel-in-progress: true | |
jobs: | |
tests-java: | |
name: Backend Integrated Tests | |
if: github.event_name != 'pull_request' || !github.event.pull_request.draft | |
runs-on: ubuntu-22.04 | |
steps: | |
- uses: bcgov-nr/[email protected] | |
name: Backend Coverage | |
with: | |
commands: | | |
mvn -B verify -P all-tests checkstyle:checkstyle -Dcheckstyle.skip=false --file pom.xml | |
dir: backend | |
java-cache: maven | |
java-distribution: temurin | |
java-version: "17" | |
sonar_args: > | |
-Dsonar.organization=bcgov-sonarcloud | |
-Dsonar.projectKey=forest-client-backend | |
-Dsonar.coverage.jacoco.xmlReportPaths=target/coverage-reports/merged-test-report/jacoco.xml | |
-Dsonar.java.checkstyle.reportPaths=target/checkstyle-result.xml | |
-Dsonar.coverage.exclusions=**/configuration/**,**/exception/**,**/dto/**,**/entity/**,**/models/**,**/repository/**,**/*$*Builder*,**/BootApplication* | |
sonar_token: ${{ secrets.SONAR_TOKEN_BACKEND }} | |
triggers: ('backend/') | |
- uses: bcgov-nr/[email protected] | |
name: Legacy Coverage | |
with: | |
commands: | | |
mvn -B verify -P all-tests checkstyle:checkstyle -Dcheckstyle.skip=false --file pom.xml | |
dir: legacy | |
java-cache: maven | |
java-distribution: temurin | |
java-version: "17" | |
sonar_args: > | |
-Dsonar.organization=bcgov-sonarcloud | |
-Dsonar.projectKey=forest-client-legacy | |
-Dsonar.coverage.jacoco.xmlReportPaths=target/coverage-reports/merged-test-report/jacoco.xml | |
-Dsonar.java.checkstyle.reportPaths=target/checkstyle-result.xml | |
-Dsonar.coverage.exclusions=**/configuration/**,**/exception/**,**/dto/**,**/entity/**,**/repository/**,**/*$*Builder*,**/LegacyApplication***/ApplicationConstants* | |
sonar_token: ${{ secrets.SONAR_TOKEN_LEGACY }} | |
triggers: ('legacy/') | |
- uses: bcgov-nr/[email protected] | |
name: Processor Coverage | |
with: | |
commands: | | |
mvn -B verify -P all-tests checkstyle:checkstyle -Dcheckstyle.skip=false --file pom.xml | |
dir: processor | |
java-cache: maven | |
java-distribution: temurin | |
java-version: "17" | |
sonar_args: > | |
-Dsonar.organization=bcgov-sonarcloud | |
-Dsonar.projectKey=nr-forest-client_processor | |
-Dsonar.coverage.jacoco.xmlReportPaths=target/coverage-reports/merged-test-report/jacoco.xml | |
-Dsonar.java.checkstyle.reportPaths=target/checkstyle-result.xml | |
-Dsonar.coverage.exclusions=**/configuration/**,**/dto/**,**/entity/**,**/repository/**,**/*$*Builder*,**/ProcessApplication***/ApplicationConstant* | |
sonar_token: ${{ secrets.SONAR_TOKEN_PROCESSOR }} | |
triggers: ('processor/') | |
tests-frontend: | |
name: Frontend Unit Tests | |
runs-on: ubuntu-22.04 | |
steps: | |
- uses: bcgov-nr/[email protected] | |
env: | |
VITE_BACKEND_URL: http://localhost:8080 | |
VITE_FRONTEND_URL: http://localhost:3000 | |
VITE_COVERAGE: true | |
VITE_PORT: 3000 | |
VITE_NODE_ENV: openshift-dev | |
with: | |
node_version: 18 | |
commands: | | |
npm ci | |
npm run coverage | |
dir: frontend | |
sonar_args: > | |
-Dsonar.exclusions=**/coverage/**,**/tests/**,**/stub/**,**/reports/**,**/cypress/**,,**/assets/**,,**/dto/**,**/CoreConstants.ts,**/src/CoreConstants.ts,**/main.ts,**/routes.ts,**/sims-vue.d.ts,**/styles.ts,**/components.d.ts | |
-Dsonar.javascript.lcov.reportPaths=coverage/lcov.info | |
-Dsonar.organization=bcgov-sonarcloud | |
-Dsonar.projectKey=forest-client-frontend | |
sonar_token: ${{ secrets.SONAR_TOKEN_FRONTEND }} | |
triggers: ('frontend/') | |
codeql: | |
name: Semantic Code Analysis | |
runs-on: ubuntu-22.04 | |
needs: | |
- tests-java | |
- tests-frontend | |
permissions: | |
actions: read | |
contents: read | |
security-events: write | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
- name: Initialize | |
uses: github/codeql-action/init@v2 | |
with: | |
languages: javascript,java | |
# Autobuild failed for Java, so building manually | |
- name: Set up JDK 17 and Caching maven dependencies | |
uses: actions/setup-java@v4 | |
with: | |
distribution: "temurin" | |
java-version: "17" | |
cache: "maven" | |
- name: Build Backend | |
run: | | |
cd backend | |
./mvnw clean package | |
- name: Build Legacy | |
run: | | |
cd legacy | |
./mvnw clean package | |
- name: Build Frontend | |
run: | | |
cd frontend | |
npm ci | |
npm run build | |
- name: Perform CodeQL Analysis | |
uses: github/codeql-action/analyze@v2 | |
test-init: | |
name: TEST Init | |
needs: | |
- codeql | |
env: | |
ZONE: test | |
DOMAIN: apps.silver.devops.gov.bc.ca | |
BROKER_URL: https://nr-broker.apps.silver.devops.gov.bc.ca | |
VAULT_ADDR: https://vault-iit.apps.silver.devops.gov.bc.ca | |
PREFIX: ${{ github.event.repository.name }}-test | |
environment: test | |
runs-on: ubuntu-22.04 | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Deploys | |
uses: bcgov-nr/[email protected] | |
with: | |
file: common/openshift.init.yml | |
oc_namespace: ${{ secrets.OC_NAMESPACE }} | |
oc_server: ${{ secrets.OC_SERVER }} | |
oc_token: ${{ secrets.OC_TOKEN }} | |
overwrite: true | |
parameters: | |
-p ZONE=${{ env.ZONE }} -p NAME=${{ github.event.repository.name }} | |
-p ORACLEDB_USER=${{ secrets.ORACLEDB_USERNAME }} | |
-p ORACLEDB_PASSWORD=${{ secrets.ORACLEDB_PASSWORD }} | |
-p ORACLEDB_USER_W=${{ secrets.ORACLEDB_USERNAME_W }} | |
-p ORACLEDB_PASSWORD_W=${{ secrets.ORACLEDB_PASSWORD_W }} | |
-p ORACLEDB_DATABASE=${{ secrets.ORACLEDB_DATABASE }} | |
-p ORACLEDB_HOST=${{ secrets.ORACLEDB_HOST }} | |
-p ORACLEDB_SERVICENAME=${{ secrets.ORACLEDB_SERVICENAME }} | |
-p ORACLEDB_SECRET=${{ secrets.ORACLEDB_SECRET }} | |
-p BCREGISTRY_KEY='${{ secrets.BCREGISTRY_KEY }}' | |
-p BCREGISTRY_ACCOUNT='${{ secrets.BCREGISTRY_ACCOUNT }}' | |
-p CHES_CLIENT_ID=${{ secrets.CHES_CLIENT_ID }} | |
-p CHES_CLIENT_SECRET=${{ secrets.CHES_CLIENT_SECRET }} | |
-p ADDRESS_COMPLETE_KEY=${{ secrets.ADDRESS_COMPLETE_KEY }} | |
-p DB_PASSWORD=${{ secrets.DB_PASSWORD }} | |
-p COGNITO_REGION=${{ secrets.COGNITO_REGION }} | |
-p COGNITO_CLIENT_ID=${{ secrets.COGNITO_CLIENT_ID }} | |
-p COGNITO_USER_POOL=${{ secrets.COGNITO_USER_POOL }} | |
-p COGNITO_DOMAIN=${{ secrets.COGNITO_DOMAIN }} | |
-p COGNITO_ENVIRONMENT=TEST | |
-p COGNITO_REDIRECT_URI=https://${{ env.PREFIX }}-frontend.${{ env.DOMAIN }}/dashboard | |
-p COGNITO_LOGOUT_URI=https://${{ env.PREFIX }}-frontend.${{ env.DOMAIN }} | |
- name: Conventional Changelog Update | |
uses: TriPSs/conventional-changelog-action@v4 | |
id: changelog | |
continue-on-error: true | |
with: | |
github-token: ${{ github.token }} | |
output-file: "CHANGELOG.md" | |
skip-version-file: "true" | |
skip-commit: "true" | |
git-push: "true" | |
- name: Create Release | |
uses: softprops/action-gh-release@v1 | |
if: ${{ steps.changelog.outputs.tag != '' }} | |
continue-on-error: true | |
env: | |
GITHUB_TOKEN: ${{ github.token }} | |
with: | |
token: ${{ github.token }} | |
tag_name: ${{ steps.changelog.outputs.tag }} | |
name: ${{ steps.changelog.outputs.tag }} | |
body: ${{ steps.changelog.outputs.clean_changelog }} | |
test-deploy: | |
name: TEST Deployment | |
needs: | |
- test-init | |
env: | |
ZONE: test | |
DOMAIN: apps.silver.devops.gov.bc.ca | |
environment: test | |
runs-on: ubuntu-22.04 | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Deploy Database | |
uses: bcgov-nr/[email protected] | |
with: | |
file: database/openshift.deploy.yml | |
oc_namespace: ${{ secrets.OC_NAMESPACE }} | |
oc_server: ${{ secrets.OC_SERVER }} | |
oc_token: ${{ secrets.OC_TOKEN }} | |
overwrite: false | |
penetration_test: false | |
parameters: | |
-p ZONE=${{ env.ZONE }} -p NAME=${{ github.event.repository.name }} | |
-p PROMOTE=${{ github.repository }}/database:${{ env.ZONE }} | |
- name: Deploy Backend | |
uses: bcgov-nr/[email protected] | |
with: | |
file: backend/openshift.deploy.yml | |
oc_namespace: ${{ secrets.OC_NAMESPACE }} | |
oc_server: ${{ secrets.OC_SERVER }} | |
oc_token: ${{ secrets.OC_TOKEN }} | |
overwrite: true | |
penetration_test: false | |
verification_path: health | |
parameters: | |
-p ZONE=${{ env.ZONE }} -p NAME=${{ github.event.repository.name }} | |
-p PROMOTE=${{ github.repository }}/backend:${{ env.ZONE }} | |
-p CHES_TOKEN_URL='https://test.loginproxy.gov.bc.ca/auth/realms/comsvcauth/protocol/openid-connect/token' | |
-p CHES_API_URL='https://ches-test.api.gov.bc.ca/api/v1' | |
-p BCREGISTRY_URI='https://bcregistry-prod.apigee.net' | |
-p COGNITO_REGION=ca-central-1 | |
-p COGNITO_COOKIE_DOMAIN=gov.bc.ca | |
-p URL_ZONE=${{ env.ZONE }} | |
- name: Deploy Legacy | |
uses: bcgov-nr/[email protected] | |
with: | |
file: legacy/openshift.deploy.yml | |
oc_namespace: ${{ secrets.OC_NAMESPACE }} | |
oc_server: ${{ secrets.OC_SERVER }} | |
oc_token: ${{ secrets.OC_TOKEN }} | |
overwrite: true | |
penetration_test: false | |
verification_path: health | |
parameters: | |
-p ZONE=${{ env.ZONE }} -p NAME=${{ github.event.repository.name }} | |
-p PROMOTE=${{ github.repository }}/legacy:${{ env.ZONE }} | |
-p URL_ZONE=${{ env.ZONE }} | |
- name: Deploy Frontend | |
uses: bcgov-nr/[email protected] | |
with: | |
file: frontend/openshift.deploy.yml | |
oc_namespace: ${{ secrets.OC_NAMESPACE }} | |
oc_server: ${{ secrets.OC_SERVER }} | |
oc_token: ${{ secrets.OC_TOKEN }} | |
overwrite: true | |
penetration_test: false | |
parameters: | |
-p ZONE=${{ env.ZONE }} -p NAME=${{ github.event.repository.name }} | |
-p PROMOTE=${{ github.repository }}/frontend:${{ env.ZONE }} | |
-p GREEN_DOMAIN=${{ secrets.GREEN_DOMAIN }} | |
-p VITE_NODE_ENV=openshift-${{ env.ZONE }} | |
-p URL_ZONE=${{ env.ZONE }} | |
- name: Deploy Processor | |
uses: bcgov-nr/[email protected] | |
with: | |
file: processor/openshift.deploy.yml | |
oc_namespace: ${{ secrets.OC_NAMESPACE }} | |
oc_server: ${{ secrets.OC_SERVER }} | |
oc_token: ${{ secrets.OC_TOKEN }} | |
overwrite: true | |
penetration_test: false | |
verification_path: health | |
parameters: | |
-p ZONE=${{ env.ZONE }} -p NAME=${{ github.event.repository.name }} | |
-p PROMOTE=${{ github.repository }}/processor:${{ env.ZONE }} | |
-p URL_ZONE=${{ env.ZONE }} | |
-p BCREGISTRY_URI='https://bcregistry-prod.apigee.net' | |
image-promotions: | |
name: Promote images to PROD | |
needs: | |
- test-deploy | |
runs-on: ubuntu-22.04 | |
strategy: | |
matrix: | |
component: [backend, frontend, legacy, database, common, processor] | |
steps: | |
- uses: shrink/actions-docker-registry-tag@v3 | |
with: | |
registry: ghcr.io | |
repository: ${{ github.repository }}/${{ matrix.component }} | |
target: test | |
tags: prod | |
prod-init: | |
name: PROD Init | |
needs: | |
- image-promotions | |
env: | |
ZONE: prod | |
DOMAIN: apps.silver.devops.gov.bc.ca | |
PREFIX: ${{ github.event.repository.name }}-prod | |
environment: prod | |
runs-on: ubuntu-22.04 | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Deploys | |
uses: bcgov-nr/[email protected] | |
with: | |
file: common/openshift.init.yml | |
oc_namespace: ${{ secrets.OC_NAMESPACE }} | |
oc_server: ${{ secrets.OC_SERVER }} | |
oc_token: ${{ secrets.OC_TOKEN }} | |
overwrite: true | |
parameters: | |
-p ZONE=${{ env.ZONE }} -p NAME=${{ github.event.repository.name }} | |
-p ORACLEDB_USER=${{ secrets.ORACLEDB_USERNAME }} | |
-p ORACLEDB_PASSWORD=${{ secrets.ORACLEDB_PASSWORD }} | |
-p ORACLEDB_USER_W=${{ secrets.ORACLEDB_USERNAME_W }} | |
-p ORACLEDB_PASSWORD_W=${{ secrets.ORACLEDB_PASSWORD_W }} | |
-p ORACLEDB_DATABASE=${{ secrets.ORACLEDB_DATABASE }} | |
-p ORACLEDB_HOST=${{ secrets.ORACLEDB_HOST }} | |
-p ORACLEDB_SERVICENAME=${{ secrets.ORACLEDB_SERVICENAME }} | |
-p ORACLEDB_SECRET=${{ secrets.ORACLEDB_SECRET }} | |
-p BCREGISTRY_KEY='${{ secrets.BCREGISTRY_KEY }}' | |
-p BCREGISTRY_ACCOUNT='${{ secrets.BCREGISTRY_ACCOUNT }}' | |
-p CHES_CLIENT_ID=${{ secrets.CHES_CLIENT_ID }} | |
-p CHES_CLIENT_SECRET=${{ secrets.CHES_CLIENT_SECRET }} | |
-p ADDRESS_COMPLETE_KEY=${{ secrets.ADDRESS_COMPLETE_KEY }} | |
-p DB_PASSWORD=${{ secrets.DB_PASSWORD }} | |
-p COGNITO_REGION=${{ secrets.COGNITO_REGION }} | |
-p COGNITO_CLIENT_ID=${{ secrets.COGNITO_CLIENT_ID }} | |
-p COGNITO_USER_POOL=${{ secrets.COGNITO_USER_POOL }} | |
-p COGNITO_DOMAIN=${{ secrets.COGNITO_DOMAIN }} | |
-p COGNITO_ENVIRONMENT=PROD | |
-p COGNITO_REDIRECT_URI=https://${{ env.PREFIX }}-frontend.${{ env.DOMAIN }}/dashboard | |
-p COGNITO_LOGOUT_URI=https://${{ env.PREFIX }}-frontend.${{ env.DOMAIN }} | |
prod-deploy: | |
name: PROD Deployment | |
needs: | |
- prod-init | |
env: | |
PREV: test | |
ZONE: prod | |
DOMAIN: apps.silver.devops.gov.bc.ca | |
environment: prod | |
runs-on: ubuntu-22.04 | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Deploy Database | |
uses: bcgov-nr/[email protected] | |
with: | |
file: database/openshift.deploy.yml | |
oc_namespace: ${{ secrets.OC_NAMESPACE }} | |
oc_server: ${{ secrets.OC_SERVER }} | |
oc_token: ${{ secrets.OC_TOKEN }} | |
overwrite: false | |
penetration_test: false | |
parameters: | |
-p ZONE=${{ env.ZONE }} -p NAME=${{ github.event.repository.name }} | |
-p PROMOTE=${{ github.repository }}/database:${{ env.PREV }} | |
- name: Deploy Backend | |
uses: bcgov-nr/[email protected] | |
with: | |
file: backend/openshift.deploy.yml | |
oc_namespace: ${{ secrets.OC_NAMESPACE }} | |
oc_server: ${{ secrets.OC_SERVER }} | |
oc_token: ${{ secrets.OC_TOKEN }} | |
overwrite: true | |
penetration_test: false | |
verification_path: health | |
parameters: | |
-p ZONE=${{ env.ZONE }} -p NAME=${{ github.event.repository.name }} | |
-p PROMOTE=${{ github.repository }}/backend:${{ env.PREV }} | |
-p CHES_TOKEN_URL='https://loginproxy.gov.bc.ca/auth/realms/comsvcauth/protocol/openid-connect/token' | |
-p CHES_API_URL='https://ches.api.gov.bc.ca/api/v1' | |
-p BCREGISTRY_URI='https://bcregistry-prod.apigee.net' | |
-p COGNITO_REGION=ca-central-1 | |
-p COGNITO_COOKIE_DOMAIN=gov.bc.ca | |
-p URL_ZONE=${{ env.ZONE }} | |
- name: Deploy Legacy | |
uses: bcgov-nr/[email protected] | |
with: | |
file: legacy/openshift.deploy.yml | |
oc_namespace: ${{ secrets.OC_NAMESPACE }} | |
oc_server: ${{ secrets.OC_SERVER }} | |
oc_token: ${{ secrets.OC_TOKEN }} | |
overwrite: true | |
penetration_test: false | |
verification_path: health | |
parameters: | |
-p ZONE=${{ env.ZONE }} -p NAME=${{ github.event.repository.name }} | |
-p PROMOTE=${{ github.repository }}/legacy:${{ env.PREV }} | |
-p URL_ZONE=${{ env.ZONE }} | |
- name: Deploy Frontend | |
uses: bcgov-nr/[email protected] | |
with: | |
file: frontend/openshift.deploy.yml | |
oc_namespace: ${{ secrets.OC_NAMESPACE }} | |
oc_server: ${{ secrets.OC_SERVER }} | |
oc_token: ${{ secrets.OC_TOKEN }} | |
overwrite: true | |
penetration_test: false | |
parameters: | |
-p ZONE=${{ env.ZONE }} -p NAME=${{ github.event.repository.name }} | |
-p PROMOTE=${{ github.repository }}/frontend:${{ env.PREV }} | |
-p GREEN_DOMAIN=${{ secrets.GREEN_DOMAIN }} | |
-p VITE_NODE_ENV=openshift-${{ env.ZONE }} | |
-p URL_ZONE=${{ env.ZONE }} | |
- name: Deploy Processor | |
uses: bcgov-nr/[email protected] | |
with: | |
file: processor/openshift.deploy.yml | |
oc_namespace: ${{ secrets.OC_NAMESPACE }} | |
oc_server: ${{ secrets.OC_SERVER }} | |
oc_token: ${{ secrets.OC_TOKEN }} | |
overwrite: true | |
penetration_test: false | |
verification_path: health | |
parameters: | |
-p ZONE=${{ env.ZONE }} -p NAME=${{ github.event.repository.name }} | |
-p PROMOTE=${{ github.repository }}/processor:${{ env.PREV }} | |
-p URL_ZONE=${{ env.ZONE }} | |
-p BCREGISTRY_URI='https://bcregistry-prod.apigee.net' |