From d6817f7f77f8bdc1a72030203eca32cdee09ffb7 Mon Sep 17 00:00:00 2001 From: Derek Roberts Date: Wed, 13 Nov 2024 13:52:05 -0800 Subject: [PATCH] ci: revise workflows (#1313) --- .github/workflows/merge.yml | 168 ++++++++++++------------- .github/workflows/pr-open.yml | 56 +-------- .github/workflows/reusable-doc-gen.yml | 110 ---------------- .github/workflows/scheduled.yml | 7 +- legacydb/openshift.deploy.yml | 10 +- 5 files changed, 94 insertions(+), 257 deletions(-) delete mode 100644 .github/workflows/reusable-doc-gen.yml diff --git a/.github/workflows/merge.yml b/.github/workflows/merge.yml index db5012bc39..1fa07fd70a 100644 --- a/.github/workflows/merge.yml +++ b/.github/workflows/merge.yml @@ -25,24 +25,8 @@ jobs: id: pr uses: bcgov-nr/action-get-pr@v0.0.1 - images-test: - name: Promote images to TEST - needs: [vars] - runs-on: ubuntu-24.04 - strategy: - matrix: - component: [backend, database, frontend, legacy, processor] - steps: - - uses: shrink/actions-docker-registry-tag@v4 - with: - registry: ghcr.io - repository: ${{ github.repository }}/${{ matrix.component }} - target: ${{ needs.vars.outputs.pr}} - tags: test - test-init: name: TEST Init - needs: [images-test] env: ZONE: test URL: forestclient-tst.nrs.gov.bc.ca @@ -60,7 +44,7 @@ jobs: oc_version: "4.13" overwrite: true parameters: - -p ZONE=${{ env.ZONE }} -p NAME=${{ github.event.repository.name }} + -p ZONE=${{ env.ZONE }} -p ORACLEDB_USER=${{ secrets.ORACLEDB_USERNAME }} -p ORACLEDB_PASSWORD=${{ secrets.ORACLEDB_PASSWORD }} -p ORACLEDB_USER_W=${{ secrets.ORACLEDB_USERNAME_W }} @@ -79,33 +63,11 @@ jobs: -p COGNITO_ENVIRONMENT=TEST -p CHES_MAIL_COPY=${{ secrets.CHES_MAIL_COPY }} - - name: Conventional Changelog Update - uses: TriPSs/conventional-changelog-action@v5 - id: changelog - continue-on-error: true - with: - github-token: ${{ github.token }} - output-file: "CHANGELOG.md" - skip-version-file: "true" - skip-commit: "true" - git-push: "true" - - - name: Create Release - uses: softprops/action-gh-release@v2 - if: ${{ steps.changelog.outputs.tag != '' }} - continue-on-error: true - env: - GITHUB_TOKEN: ${{ github.token }} - with: - token: ${{ github.token }} - tag_name: ${{ steps.changelog.outputs.tag }} - name: ${{ steps.changelog.outputs.tag }} - body: ${{ steps.changelog.outputs.clean_changelog }} - test-deploy: name: TEST Deployment - needs: [test-init] + needs: [test-init, vars] env: + TAG: ${{ needs.vars.outputs.pr }} URL: forestclient-tst.nrs.gov.bc.ca ZONE: test environment: test @@ -123,8 +85,8 @@ jobs: oc_version: "4.13" overwrite: true parameters: - -p ZONE=${{ env.ZONE }} -p NAME=${{ github.event.repository.name }} - -p TAG=${{ env.ZONE }} + -p ZONE=${{ env.ZONE }} + -p TAG=${{ env.TAG }} - name: Backup database before update continue-on-error: true @@ -144,8 +106,8 @@ jobs: oc_version: "4.13" overwrite: false parameters: - -p ZONE=${{ env.ZONE }} -p NAME=${{ github.event.repository.name }} - -p TAG=${{ env.ZONE }} + -p ZONE=${{ env.ZONE }} + -p TAG=${{ env.TAG }} - name: Deploy Legacy uses: bcgov-nr/action-deployer-openshift@v3.0.1 @@ -158,8 +120,8 @@ jobs: overwrite: true verification_path: health parameters: - -p ZONE=${{ env.ZONE }} -p NAME=${{ github.event.repository.name }} - -p TAG=${{ env.ZONE }} + -p ZONE=${{ env.ZONE }} + -p TAG=${{ env.TAG }} -p ENVIRONMENT=${{ secrets.OC_NAMESPACE }} - name: Deploy Processor @@ -173,8 +135,8 @@ jobs: overwrite: true verification_path: health parameters: - -p ZONE=${{ env.ZONE }} -p NAME=${{ github.event.repository.name }} - -p TAG=${{ env.ZONE }} + -p ZONE=${{ env.ZONE }} + -p TAG=${{ env.TAG }} -p BCREGISTRY_URI='https://bcregistry-prod.apigee.net' - name: Deploy Backend ConfigMap @@ -200,8 +162,8 @@ jobs: overwrite: true verification_path: health parameters: - -p ZONE=${{ env.ZONE }} -p NAME=${{ github.event.repository.name }} - -p TAG=${{ env.ZONE }} + -p ZONE=${{ env.ZONE }} + -p TAG=${{ env.TAG }} -p CHES_TOKEN_URL='https://loginproxy.gov.bc.ca/auth/realms/comsvcauth/protocol/openid-connect/token' -p CHES_API_URL='https://ches.api.gov.bc.ca/api/v1' -p BCREGISTRY_URI='https://bcregistry-prod.apigee.net' @@ -217,7 +179,7 @@ jobs: oc_token: ${{ secrets.OC_TOKEN }} oc_version: "4.13" overwrite: true - parameters: -p ZONE=${{ env.ZONE }} -p NAME=${{ github.event.repository.name }} + parameters: -p ZONE=${{ env.ZONE }} - name: Deploy Frontend ConfigMap uses: bcgov-nr/action-deployer-openshift@v3.0.1 @@ -241,8 +203,8 @@ jobs: oc_version: "4.13" overwrite: true parameters: - -p ZONE=${{ env.ZONE }} -p NAME=${{ github.event.repository.name }} - -p TAG=${{ env.ZONE }} + -p ZONE=${{ env.ZONE }} + -p TAG=${{ env.TAG }} -p GREEN_DOMAIN=${{ secrets.GREEN_DOMAIN }} -p VITE_NODE_ENV=openshift-${{ env.ZONE }} -p URL=${{ env.URL }} @@ -254,28 +216,9 @@ jobs: -p LANDING_URL='${{ secrets.COGNITO_LOGOUT_URI }}' -p FRONTEND_URL=${{ env.URL }} - documentation: - name: Generating Documentation - uses: ./.github/workflows/reusable-doc-gen.yml - - images-prod: - name: Promote images to PROD - needs: [test-deploy] - runs-on: ubuntu-24.04 - strategy: - matrix: - component: [backend, frontend, legacy, database, processor] - steps: - - uses: shrink/actions-docker-registry-tag@v4 - with: - registry: ghcr.io - repository: ${{ github.repository }}/${{ matrix.component }} - target: test - tags: prod - prod-init: name: PROD Init - needs: [images-prod] + needs: [test-deploy] env: URL: forestclient.nrs.gov.bc.ca ZONE: prod @@ -293,7 +236,7 @@ jobs: oc_version: "4.13" overwrite: true parameters: - -p ZONE=${{ env.ZONE }} -p NAME=${{ github.event.repository.name }} + -p ZONE=${{ env.ZONE }} -p ORACLEDB_USER=${{ secrets.ORACLEDB_USERNAME }} -p ORACLEDB_PASSWORD=${{ secrets.ORACLEDB_PASSWORD }} -p ORACLEDB_USER_W=${{ secrets.ORACLEDB_USERNAME_W }} @@ -314,11 +257,11 @@ jobs: prod-deploy: name: PROD Deployment - needs: [prod-init] + needs: [prod-init, vars] env: - PREV: test - ZONE: prod + TAG: ${{ needs.vars.outputs.pr }} URL: forestclient.nrs.gov.bc.ca + ZONE: prod environment: prod runs-on: ubuntu-24.04 steps: @@ -334,8 +277,8 @@ jobs: oc_version: "4.13" overwrite: true parameters: - -p ZONE=${{ env.ZONE }} -p NAME=${{ github.event.repository.name }} - -p TAG=${{ env.PREV }} + -p ZONE=${{ env.ZONE }} + -p TAG=${{ env.TAG }} - name: Install CLI tools from OpenShift Mirror uses: redhat-actions/openshift-tools-installer@v1 @@ -361,8 +304,8 @@ jobs: oc_version: "4.13" overwrite: false parameters: - -p ZONE=${{ env.ZONE }} -p NAME=${{ github.event.repository.name }} - -p TAG=${{ env.PREV }} + -p ZONE=${{ env.ZONE }} + -p TAG=${{ env.TAG }} - name: Deploy Legacy uses: bcgov-nr/action-deployer-openshift@v3.0.1 @@ -375,8 +318,8 @@ jobs: overwrite: true verification_path: health parameters: - -p ZONE=${{ env.ZONE }} -p NAME=${{ github.event.repository.name }} - -p TAG=${{ env.PREV }} + -p ZONE=${{ env.ZONE }} + -p TAG=${{ env.TAG }} -p ENVIRONMENT=${{ secrets.OC_NAMESPACE }} - name: Deploy Processor @@ -390,8 +333,8 @@ jobs: overwrite: true verification_path: health parameters: - -p ZONE=${{ env.ZONE }} -p NAME=${{ github.event.repository.name }} - -p TAG=${{ env.PREV }} + -p ZONE=${{ env.ZONE }} + -p TAG=${{ env.TAG }} -p BCREGISTRY_URI='https://bcregistry-prod.apigee.net' - name: Deploy Backend ConfigMap @@ -417,8 +360,8 @@ jobs: overwrite: true verification_path: health parameters: - -p ZONE=${{ env.ZONE }} -p NAME=${{ github.event.repository.name }} - -p TAG=${{ env.PREV }} + -p ZONE=${{ env.ZONE }} + -p TAG=${{ env.TAG }} -p CHES_TOKEN_URL='https://loginproxy.gov.bc.ca/auth/realms/comsvcauth/protocol/openid-connect/token' -p CHES_API_URL='https://ches.api.gov.bc.ca/api/v1' -p BCREGISTRY_URI='https://bcregistry-prod.apigee.net' @@ -447,8 +390,8 @@ jobs: oc_version: "4.13" overwrite: true parameters: - -p ZONE=${{ env.ZONE }} -p NAME=${{ github.event.repository.name }} - -p TAG=${{ env.PREV }} + -p ZONE=${{ env.ZONE }} + -p TAG=${{ env.TAG }} -p GREEN_DOMAIN=${{ secrets.GREEN_DOMAIN }} -p VITE_NODE_ENV=openshift-${{ env.ZONE }} -p URL=${{ env.URL }} @@ -459,3 +402,48 @@ jobs: -p COGNITO_ENVIRONMENT=PROD -p LANDING_URL='${{ secrets.COGNITO_LOGOUT_URI }}' -p FRONTEND_URL=${{ env.URL }} + + images-prod: + name: Promote images to PROD + needs: [prod-deploy] + runs-on: ubuntu-24.04 + strategy: + matrix: + component: [backend, frontend, legacy, database, processor] + steps: + - uses: shrink/actions-docker-registry-tag@v4 + with: + registry: ghcr.io + repository: ${{ github.repository }}/${{ matrix.component }} + target: test + tags: prod + + release: + name: Release + needs: [prod-deploy] + runs-on: ubuntu-24.04 + steps: + - uses: actions/checkout@v4 + + - name: Conventional Changelog Update + uses: TriPSs/conventional-changelog-action@v5 + id: changelog + continue-on-error: true + with: + github-token: ${{ github.token }} + output-file: "CHANGELOG.md" + skip-version-file: "true" + skip-commit: "true" + git-push: "true" + + - name: Create Release + uses: softprops/action-gh-release@v2 + if: ${{ steps.changelog.outputs.tag != '' }} + continue-on-error: true + env: + GITHUB_TOKEN: ${{ github.token }} + with: + token: ${{ github.token }} + tag_name: ${{ steps.changelog.outputs.tag }} + name: ${{ steps.changelog.outputs.tag }} + body: ${{ steps.changelog.outputs.clean_changelog }} diff --git a/.github/workflows/pr-open.yml b/.github/workflows/pr-open.yml index 91bce47ac4..aa64e7b682 100644 --- a/.github/workflows/pr-open.yml +++ b/.github/workflows/pr-open.yml @@ -2,7 +2,6 @@ name: Pull Request Open on: pull_request: - workflow_dispatch: concurrency: # PR open and close use the same group, allowing only one at a time @@ -14,45 +13,23 @@ jobs: name: Variables runs-on: ubuntu-24.04 outputs: - semver: ${{ steps.semver.outputs.tag }} url: ${{ steps.calculate.outputs.url }} steps: - # steps.semver.outputs.tag => needs.vars.outputs.semver - - uses: actions/checkout@v4 - with: - ref: refs/heads/${{ github.event.repository.default_branch }} - - name: Conventional Changelog Update - uses: TriPSs/conventional-changelog-action@v5.4.0 - id: semver - with: - git-branch: refs/heads/${{ github.head_ref }} - git-push: 'false' - skip-commit: 'true' - skip-on-empty: 'false' - skip-version-file: 'true' - # steps.calculate.outputs.url => needs.vars.outputs.url - name: Calculate the deployment number id: calculate run: | echo "url=${{ github.event.repository.name }}-$((${{ github.event.number }} % 50))-frontend.apps.silver.devops.gov.bc.ca" >> $GITHUB_OUTPUT - - run: | - echo "semver=${{ steps.semver.outputs.tag }}" - echo "url=${{ steps.calculate.outputs.url }}" - builds: name: Builds runs-on: ubuntu-24.04 - needs: [vars] permissions: packages: write strategy: matrix: - package: [backend, database, frontend, legacy, processor] + package: [backend, database, frontend, legacy, legacydb, processor] steps: - - uses: actions/checkout@v4 - - uses: bcgov-nr/action-builder-ghcr@v2.2.0 name: Build (${{ matrix.package }}) with: @@ -61,30 +38,11 @@ jobs: tag_fallback: latest triggers: ('${{ matrix.package }}/') build_args: | - APP_VERSION=${{ needs.vars.outputs.semver }}-${{ github.event.number }} - - build-legacydb: - name: Builds (legacydb) - runs-on: ubuntu-24.04 - needs: [vars] - permissions: - packages: write - steps: - - uses: actions/checkout@v4 - - - uses: bcgov-nr/action-builder-ghcr@v2.2.0 - name: Build (Legacy db) - with: - package: legacydb - tag: latest - tag_fallback: latest - triggers: ('legacydb/') - build_args: | - APP_VERSION=${{ needs.vars.outputs.semver }}-${{ github.event.number }} + APP_VERSION=${{ github.event.number }} pre-tools: name: Pre Deploy Tools - needs: [build-legacydb, vars] + needs: [builds, vars] environment: dev runs-on: ubuntu-24.04 steps: @@ -115,11 +73,8 @@ jobs: deploy-tools: name: Deploy Tools - needs: [pre-tools, build-legacydb, vars] + needs: [pre-tools, builds] environment: tools - env: - DOMAIN: apps.silver.devops.gov.bc.ca - PREFIX: ${{ needs.vars.outputs.url }} runs-on: ubuntu-24.04 steps: - uses: actions/checkout@v4 @@ -222,9 +177,6 @@ jobs: name: Deploy Application needs: [deploy-tools, builds, vars] environment: dev - env: - DOMAIN: apps.silver.devops.gov.bc.ca - PREFIX: ${{ needs.vars.outputs.url }} runs-on: ubuntu-24.04 steps: - uses: actions/checkout@v4 diff --git a/.github/workflows/reusable-doc-gen.yml b/.github/workflows/reusable-doc-gen.yml deleted file mode 100644 index 49cdbcf0dc..0000000000 --- a/.github/workflows/reusable-doc-gen.yml +++ /dev/null @@ -1,110 +0,0 @@ -name: Reusable Unit Tests and Analysis - -on: - workflow_call: - -jobs: - vars: - name: Set Variables - outputs: - user: ${{ steps.data.outputs.user }} - pass: ${{ steps.data.outputs.pass }} - runs-on: ubuntu-24.04 - timeout-minutes: 1 - steps: - - name: Generate random username and password - id: data - run: | - USERNAME="user$(shuf -i 1000-9999 -n 1)" - PASSWORD=$(openssl rand -base64 12) - - echo "user=$USERNAME" >> $GITHUB_OUTPUT - echo "pass=$PASSWORD" >> $GITHUB_OUTPUT - - schemaspy: - name: Generate Documentation - runs-on: ubuntu-24.04 - needs: [vars] - services: - postgres: - image: postgis/postgis:16-3.4 - env: - POSTGRES_DB: default - POSTGRES_USER: ${{ needs.vars.outputs.user }} - POSTGRES_PASSWORD: ${{ needs.vars.outputs.pass }} - options: >- - --health-cmd pg_isready - --health-interval 10s - --health-timeout 5s - --health-retries 5 - ports: - - 5432:5432 - timeout-minutes: 10 - steps: - - uses: actions/checkout@v4 - - name: Flyway - uses: docker://flyway/flyway:10 - env: - FLYWAY_URL: jdbc:postgresql://postgres:5432/default - FLYWAY_USER: ${{ needs.vars.outputs.user }} - FLYWAY_PASSWORD: ${{ needs.vars.outputs.pass }} - FLYWAY_LOCATIONS: filesystem:./backend/src/main/resources/db/migration - FLYWAY_DEFAULT_SCHEMA: "nrfc" - with: - args: info migrate info - - - name: Create Output Folder - run: | - mkdir -p output/schema - chmod a+rwx -R output - - - name: Run Schemaspy - run: docker run --network host -v "$PWD/output/schema:/output" schemaspy/schemaspy:6.2.4 -t pgsql11 -db default -host 127.0.0.1 -port 5432 -u ${{ needs.vars.outputs.user }} -p ${{ needs.vars.outputs.pass }} -schemas nrfc - - - name: Convert README.md to index.html - continue-on-error: true - run: | - sudo apt-get install -y pandoc - sed -i 's/README.md/index.html/g' README.md - pandoc README.md -o index.html - mv index.html output/ - - - name: Set up JDK 17 and Caching maven dependencies - uses: actions/setup-java@v4 - with: - distribution: "temurin" - java-version: "17" - cache: "maven" - server-id: "github" - - - name: Generate docs for Backend - continue-on-error: true - working-directory: backend - run: ./mvnw clean javadoc:javadoc - - - name: Copy Backend docs to output - continue-on-error: true - run: mv backend/target/site/apidocs/ output/backend/ - - - name: Generate docs for Legacy - continue-on-error: true - working-directory: legacy - run: ./mvnw clean javadoc:javadoc - - - name: Copy Legacy docs to output - continue-on-error: true - run: mv legacy/target/site/apidocs/ output/legacy/ - - - name: Generate docs for Processor - continue-on-error: true - working-directory: processor - run: ./mvnw clean javadoc:javadoc - - - name: Copy Legacy docs to output - continue-on-error: true - run: mv processor/target/site/apidocs/ output/processor/ - - - name: Deploy to Pages - uses: JamesIves/github-pages-deploy-action@v4 - with: - folder: output \ No newline at end of file diff --git a/.github/workflows/scheduled.yml b/.github/workflows/scheduled.yml index 13c48c4425..219cac72dd 100644 --- a/.github/workflows/scheduled.yml +++ b/.github/workflows/scheduled.yml @@ -9,9 +9,10 @@ concurrency: cancel-in-progress: true jobs: - documentation: - name: Generating Documentation - uses: ./.github/workflows/reusable-doc-gen.yml + # https://github.com/bcgov/quickstart-openshift-helpers + schema-spy: + name: SchemaSpy Documentation + uses: bcgov/quickstart-openshift-helpers/.github/workflows/.schema-spy.yml@v0.9.0 zap_scan: runs-on: ubuntu-24.04 diff --git a/legacydb/openshift.deploy.yml b/legacydb/openshift.deploy.yml index 523d9f5a6b..aa05331c14 100644 --- a/legacydb/openshift.deploy.yml +++ b/legacydb/openshift.deploy.yml @@ -36,6 +36,10 @@ parameters: value: 3.5Gi - name: MEMORY_LIMIT value: 4Gi + - name: RANDOM_EXPRESSION + description: Random expression to make sure deployments update + from: "[a-zA-Z0-9]{32}" + generate: expression objects: - kind: Secret apiVersion: v1 @@ -111,7 +115,9 @@ objects: valueFrom: secretKeyRef: name: ${NAME}-${ZONE} - key: oracle-user-write + key: oracle-user-write + - name: RANDOM_EXPRESSION + value: ${RANDOM_EXPRESSION} terminationMessagePath: /dev/termination-log terminationMessagePolicy: File imagePullPolicy: Always @@ -243,4 +249,4 @@ objects: restartPolicy: OnFailure volumes: - name: data-volume - emptyDir: {} \ No newline at end of file + emptyDir: {}