Skip to content

fix(FSADT1-1241): adding csrf support #3297

fix(FSADT1-1241): adding csrf support

fix(FSADT1-1241): adding csrf support #3297

Workflow file for this run

name: Pull Request Open
on:
pull_request:
workflow_dispatch:
concurrency:
# PR open and close use the same group, allowing only one at a time
group: ${{ github.event.number }}
cancel-in-progress: true
jobs:
vars:
name: Variables
runs-on: ubuntu-latest
outputs:
semver: ${{ steps.semver.outputs.tag }}
url: ${{ steps.calculate.outputs.url }}
steps:
# steps.semver.outputs.tag => needs.vars.outputs.semver
- uses: actions/checkout@v4
with:
ref: refs/heads/${{ github.event.repository.default_branch }}
- name: Conventional Changelog Update
uses: TriPSs/[email protected]
id: semver
with:
git-branch: refs/heads/${{ github.head_ref }}
git-push: 'false'
skip-commit: 'true'
skip-on-empty: 'false'
skip-version-file: 'true'
# steps.calculate.outputs.url => needs.vars.outputs.url
- name: Calculate the deployment number
id: calculate
run: |
echo "url=${{ github.event.repository.name }}-$((${{ github.event.number }} % 50))-frontend.apps.silver.devops.gov.bc.ca" >> $GITHUB_OUTPUT
- run: |
echo "semver=${{ steps.semver.outputs.tag }}"
echo "url=${{ steps.calculate.outputs.url }}"
builds:
name: Builds
runs-on: ubuntu-22.04
needs: [vars]
permissions:
packages: write
strategy:
matrix:
package: [backend, common, database, frontend, legacy, processor]
steps:
- uses: actions/checkout@v4
- uses: bcgov-nr/[email protected]
name: Build (${{ matrix.package }})
with:
package: ${{ matrix.package }}
tag: ${{ github.event.number }}
tag_fallback: test
triggers: ('${{ matrix.package }}/')
build_args: |
APP_VERSION=${{ needs.vars.outputs.semver }}-${{ github.event.number }}
deploy:
name: Deploy Application
needs: [builds, vars]
environment: dev
env:
DOMAIN: apps.silver.devops.gov.bc.ca
PREFIX: ${{ needs.vars.outputs.url }}
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
- name: Initializing Deployment
uses: bcgov-nr/[email protected]
with:
file: common/openshift.init.yml
oc_namespace: ${{ secrets.OC_NAMESPACE }}
oc_server: ${{ secrets.OC_SERVER }}
oc_token: ${{ secrets.OC_TOKEN }}
overwrite: true
parameters:
-p ZONE=${{ github.event.number }}
-p ORACLEDB_USER=${{ secrets.ORACLEDB_USERNAME }}
-p ORACLEDB_PASSWORD=${{ secrets.ORACLEDB_PASSWORD }}
-p ORACLEDB_USER_W=${{ secrets.ORACLEDB_USERNAME_W }}
-p ORACLEDB_PASSWORD_W=${{ secrets.ORACLEDB_PASSWORD_W }}
-p ORACLEDB_DATABASE=${{ secrets.ORACLEDB_DATABASE }}
-p ORACLEDB_HOST=${{ secrets.ORACLEDB_HOST }}
-p ORACLEDB_SERVICENAME=${{ secrets.ORACLEDB_SERVICENAME }}
-p ORACLEDB_SECRET=${{ secrets.ORACLEDB_SECRET }}
-p BCREGISTRY_KEY=${{ secrets.BCREGISTRY_KEY }}
-p BCREGISTRY_ACCOUNT=${{ secrets.BCREGISTRY_ACCOUNT }}
-p CHES_CLIENT_ID=${{ secrets.CHES_CLIENT_ID }}
-p CHES_CLIENT_SECRET=${{ secrets.CHES_CLIENT_SECRET }}
-p ADDRESS_COMPLETE_KEY=${{ secrets.ADDRESS_COMPLETE_KEY }}
-p DB_PASSWORD=$(echo ${{github.ref}}${{github.event.number}}|md5sum|cut -d' ' -f1)
-p COGNITO_USER_POOL=${{ secrets.COGNITO_USER_POOL }}
-p COGNITO_ENVIRONMENT=DEV
-p CHES_MAIL_COPY=${{ secrets.CHES_MAIL_COPY }}
- name: Deploy Database Backup
uses: bcgov-nr/[email protected]
with:
file: database/openshift.backup.yml
oc_namespace: ${{ secrets.OC_NAMESPACE }}
oc_server: ${{ secrets.OC_SERVER }}
oc_token: ${{ secrets.OC_TOKEN }}
overwrite: true
parameters:
-p ZONE=${{ github.event.number }}
-p PROMOTE=${{ github.repository }}/database:${{ github.event.number }}
- name: Backup database before update
continue-on-error: true
run: |
oc login --token=${{ secrets.OC_TOKEN }} --server=${{ secrets.OC_SERVER }}
oc project ${{ secrets.OC_NAMESPACE }} # Safeguard!
# Run a backup before deploying a new version
oc create job --from=cronjob/${{ github.event.repository.name }}-${{ github.event.number }}-database-backup \
${{ github.event.repository.name }}-${{ github.event.number }}-database-backup-$(date +%Y%m%d%H%M%S)
- name: Deploy Database
uses: bcgov-nr/[email protected]
with:
file: database/openshift.deploy.yml
oc_namespace: ${{ secrets.OC_NAMESPACE }}
oc_server: ${{ secrets.OC_SERVER }}
oc_token: ${{ secrets.OC_TOKEN }}
overwrite: false
parameters:
-p ZONE=${{ github.event.number }}
-p PROMOTE=${{ github.repository }}/database:${{ github.event.number }}
- name: Deploy Backend
uses: bcgov-nr/[email protected]
with:
file: backend/openshift.deploy.yml
oc_namespace: ${{ secrets.OC_NAMESPACE }}
oc_server: ${{ secrets.OC_SERVER }}
oc_token: ${{ secrets.OC_TOKEN }}
overwrite: true
verification_path: health
parameters:
-p ZONE=${{ github.event.number }}
-p PROMOTE=${{ github.repository }}/backend:${{ github.event.number }}
-p CHES_TOKEN_URL='https://loginproxy.gov.bc.ca/auth/realms/comsvcauth/protocol/openid-connect/token'
-p CHES_API_URL='https://ches.api.gov.bc.ca/api/v1/email'
-p BCREGISTRY_URI='https://bcregistry-prod.apigee.net'
-p COGNITO_REGION=ca-central-1
-p FRONTEND_URL=${{ needs.vars.outputs.url }}
- name: Dev data replacement
uses: bcgov-nr/[email protected]
with:
file: database/openshift.dev.yml
oc_namespace: ${{ secrets.OC_NAMESPACE }}
oc_server: ${{ secrets.OC_SERVER }}
oc_token: ${{ secrets.OC_TOKEN }}
overwrite: true
parameters: -p ZONE=${{ github.event.number }}
- name: Deploy Legacy
uses: bcgov-nr/[email protected]
with:
file: legacy/openshift.deploy.yml
oc_namespace: ${{ secrets.OC_NAMESPACE }}
oc_server: ${{ secrets.OC_SERVER }}
oc_token: ${{ secrets.OC_TOKEN }}
overwrite: true
verification_path: health
parameters:
-p ZONE=${{ github.event.number }}
-p PROMOTE=${{ github.repository }}/legacy:${{ github.event.number }}
- name: Deploy Frontend
uses: bcgov-nr/[email protected]
with:
file: frontend/openshift.deploy.yml
oc_namespace: ${{ secrets.OC_NAMESPACE }}
oc_server: ${{ secrets.OC_SERVER }}
oc_token: ${{ secrets.OC_TOKEN }}
overwrite: true
parameters:
-p ZONE=${{ github.event.number }}
-p PROMOTE=${{ github.repository }}/frontend:${{ github.event.number }}
-p VITE_NODE_ENV=openshift-dev
-p URL=${{ needs.vars.outputs.url }}
-p GREEN_DOMAIN=${{ secrets.GREEN_DOMAIN }}
-p COGNITO_REGION=${{ secrets.COGNITO_REGION }}
-p COGNITO_CLIENT_ID=${{ secrets.COGNITO_CLIENT_ID }}
-p COGNITO_USER_POOL=${{ secrets.COGNITO_USER_POOL }}
-p COGNITO_DOMAIN=${{ secrets.COGNITO_DOMAIN }}
-p COGNITO_ENVIRONMENT=DEV
-p LANDING_URL=${{ needs.vars.outputs.url }}
-p FRONTEND_URL=${{ needs.vars.outputs.url }}
- name: Deploy Processor
uses: bcgov-nr/[email protected]
with:
file: processor/openshift.deploy.yml
oc_namespace: ${{ secrets.OC_NAMESPACE }}
oc_server: ${{ secrets.OC_SERVER }}
oc_token: ${{ secrets.OC_TOKEN }}
overwrite: true
verification_path: health
parameters:
-p ZONE=${{ github.event.number }}
-p PROMOTE=${{ github.repository }}/processor:${{ github.event.number }}
-p BCREGISTRY_URI='https://bcregistry-prod.apigee.net'
cypress-run:
name: "User flow test"
runs-on: ubuntu-22.04
needs: [deploy, vars]
environment: dev
env:
URL: ${{ needs.vars.outputs.url }}
steps:
- name: Checkout
uses: actions/checkout@v4
- uses: actions/setup-node@v4
name: Start node
with:
node-version: 18
- name: Run Cypress End-to-End
uses: cypress-io/github-action@v5
with:
working-directory: cypress
env:
CYPRESS_baseUrl: https://${{ env.URL }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Publish Cypress Results
uses: mikepenz/action-junit-report@v4
continue-on-error: true
if: always()
with:
report_paths: cypress/result.xml
commit: ${{ github.event.pull_request.head.sha }}
summary: Cypress Test Results
detailed_summary: true
job_name: User Journeys
- uses: actions/upload-artifact@v4
name: Upload Cypress Screenshots with error
if: failure()
with:
name: cypress-screenshots
path: cypress/cypress/screenshots
retention-days: 7
- uses: actions/upload-artifact@v4
name: Upload Cypress Videos with error
if: failure()
with:
name: cypress-videos
path: cypress/cypress/videos
retention-days: 7