feat: envars II (#29)

* Yaml spacing correction * Clean up duplicate envars * Add CSP
bcgov · Sep 23, 2023 · d0198a8 · d0198a8
1 parent 704f0a5
commit d0198a8
Show file tree

Hide file tree

Showing 4 changed files with 160 additions and 19 deletions.
diff --git a/.github/workflows/merge.yml b/.github/workflows/merge.yml
@@ -28,9 +28,9 @@ jobs:
           - name: frontend
             file: frontend/openshift.deploy.yml
             overwrite: true
-          parameters:
-            -p VITE_USER_POOLS_ID=${{ vars.VITE_USER_POOLS_ID }}
-            -p VITE_USER_POOLS_WEB_CLIENT_ID=${{ vars.VITE_USER_POOLS_WEB_CLIENT_ID }}
+            parameters:
+              -p VITE_USER_POOLS_ID=${{ vars.VITE_USER_POOLS_ID }}
+              -p VITE_USER_POOLS_WEB_CLIENT_ID=${{ vars.VITE_USER_POOLS_WEB_CLIENT_ID }}
     steps:
       - uses: bcgov-nr/[email protected]
         with:
@@ -61,10 +61,10 @@ jobs:
           - name: frontend
             file: frontend/openshift.deploy.yml
             overwrite: true
-          parameters:
-            -p VITE_USER_POOLS_ID=${{ vars.VITE_USER_POOLS_ID }}
-            -p VITE_USER_POOLS_WEB_CLIENT_ID=${{ vars.VITE_USER_POOLS_WEB_CLIENT_ID }}
-            -p VITE_REDIRECT_SIGN_OUT="${{ vars.VITE_REDIRECT_SIGN_OUT }}"
+            parameters:
+              -p VITE_USER_POOLS_ID=${{ vars.VITE_USER_POOLS_ID }}
+              -p VITE_USER_POOLS_WEB_CLIENT_ID=${{ vars.VITE_USER_POOLS_WEB_CLIENT_ID }}
+              -p VITE_REDIRECT_SIGN_OUT="${{ vars.VITE_REDIRECT_SIGN_OUT }}"
     steps:
       - uses: bcgov-nr/[email protected]
         with:

diff --git a/frontend/Caddyfile b/frontend/Caddyfile
@@ -23,10 +23,10 @@
 		Cache-Control "no-store, no-cache, must-revalidate, proxy-revalidate"
 		X-Content-Type-Options "nosniff"
 		Strict-Transport-Security "max-age=31536000"
-		Content-Security-Policy "base-uri 'self'; connect-src 'self' https://*.gov.bc.ca https://*.amazoncognito.com https://cognito-idp.ca-central-1.amazonaws.com; default-src 'self'; font-src 'self'; frame-src 'self' https://*.gov.bc.ca; img-src 'self'; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'unsafe-inline' 'report-sample' 'self' https://cdn.jsdelivr.net/npm/[email protected]/dist/js/bootstrap.bundle.min.js https://cdn.jsdelivr.net/npm/@popperjs/[email protected]/dist/umd/popper.min.js https://cdn.jsdelivr.net/npm/[email protected]/dist/js/bootstrap.min.js; style-src 'report-sample' 'self' https://cdn.jsdelivr.net/npm/[email protected]/dist/css/bootstrap.min.css; worker-src 'none';"
+		Content-Security-Policy "base-uri 'self'; connect-src 'self' https://*.gov.bc.ca https://*.amazoncognito.com https://*.cloudfront.net https://cognito-idp.ca-central-1.amazonaws.com; default-src 'self'; font-src 'self'; frame-src 'self' https://*.gov.bc.ca; img-src 'self'; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'unsafe-inline' 'report-sample' 'self' https://cdn.jsdelivr.net/npm/[email protected]/dist/js/bootstrap.bundle.min.js https://cdn.jsdelivr.net/npm/@popperjs/[email protected]/dist/umd/popper.min.js https://cdn.jsdelivr.net/npm/[email protected]/dist/js/bootstrap.min.js; style-src 'report-sample' 'self' https://cdn.jsdelivr.net/npm/[email protected]/dist/css/bootstrap.min.css; worker-src 'none';"
 		Referrer-Policy "same-origin"
 	}
-
+	
 	handle /env.js {
 		header Content-Type "text/javascript"
     respond `window.config = {"VITE_USER_POOLS_ID":"{$VITE_USER_POOLS_ID}","VITE_USER_POOLS_WEB_CLIENT_ID":"{$VITE_USER_POOLS_WEB_CLIENT_ID}","VITE_REDIRECT_SIGN_OUT":"{$VITE_REDIRECT_SIGN_OUT}","VITE_ZONE":"{$VITE_ZONE}","VITE_CHES_FROM_EMAIL":"{$VITE_CHES_FROM_EMAIL}","VITE_CHES_ADMIN_EMAIL":"{$VITE_CHES_ADMIN_EMAIL}"};`

diff --git a/frontend/openshift.deploy.yml b/frontend/openshift.deploy.yml
@@ -113,28 +113,22 @@ objects:
               env:
                 - name: BACKEND_URL
                   value: "https://${NAME}-${ZONE}-backend.${DOMAIN}:443"
+                - name: LOG_LEVEL
+                  value: "${LOG_LEVEL}"
                 - name: VITE_AWS_DOMAIN
                   value: "${VITE_AWS_DOMAIN}"
                 - name: VITE_CHES_FROM_EMAIL
                   value: "${VITE_CHES_FROM_EMAIL}"
                 - name: VITE_CHES_ADMIN_EMAIL
                   value: "${VITE_CHES_ADMIN_EMAIL}"
+                - name: VITE_REDIRECT_SIGN_OUT
+                  value: "${VITE_REDIRECT_SIGN_OUT}"
                 - name: VITE_USER_POOLS_ID
                   value: "${VITE_USER_POOLS_ID}"
                 - name: VITE_USER_POOLS_WEB_CLIENT_ID
                   value: "${VITE_USER_POOLS_WEB_CLIENT_ID}"
                 - name: VITE_ZONE
                   value: "${ZONE}"
-                - name: LOG_LEVEL
-                  value: "${LOG_LEVEL}"
-                - name: VITE_USER_POOLS_ID
-                  value: "${VITE_USER_POOLS_ID}"
-                - name: VITE_USER_POOLS_WEB_CLIENT_ID
-                  value: "${VITE_USER_POOLS_WEB_CLIENT_ID}"
-                - name: VITE_REDIRECT_SIGN_OUT
-                  value: "${VITE_REDIRECT_SIGN_OUT}"
-                - name: VITE_ZONE
-                  value: "${ZONE}"
               ports:
                 - containerPort: 3000
                   protocol: TCP

diff --git a/test.out b/test.out
@@ -0,0 +1,147 @@
+{
+    "apiVersion": "apps.openshift.io/v1",
+    "kind": "DeploymentConfig",
+    "metadata": {
+        "labels": {
+            "app": "nr-results-exam-test"
+        },
+        "name": "nr-results-exam-test-frontend"
+    },
+    "spec": {
+        "replicas": 1,
+        "selector": {
+            "deploymentconfig": "nr-results-exam-test-frontend"
+        },
+        "strategy": {
+            "type": "Rolling"
+        },
+        "template": {
+            "metadata": {
+                "labels": {
+                    "app": "nr-results-exam-test",
+                    "deploymentconfig": "nr-results-exam-test-frontend"
+                }
+            },
+            "spec": {
+                "containers": [
+                    {
+                        "env": [
+                            {
+                                "name": "BACKEND_URL",
+                                "value": "https://nr-results-exam-test-backend.apps.silver.devops.gov.bc.ca:443"
+                            },
+                            {
+                                "name": "VITE_AWS_DOMAIN",
+                                "value": "test-fam-user-pool-domain.auth.ca-central-1.amazoncognito.com"
+                            },
+                            {
+                                "name": "VITE_CHES_FROM_EMAIL",
+                                "value": "[email protected]"
+                            },
+                            {
+                                "name": "VITE_CHES_ADMIN_EMAIL",
+                                "value": "[email protected]"
+                            },
+                            {
+                                "name": "VITE_USER_POOLS_ID",
+                                "value": "ca-central-1_t2HSZBHur"
+                            },
+                            {
+                                "name": "VITE_USER_POOLS_WEB_CLIENT_ID",
+                                "value": "3g6n2ha1loi4kp1jhaq359vrvb"
+                            },
+                            {
+                                "name": "LOG_LEVEL",
+                                "value": "info"
+                            },
+                            {
+                                "name": "VITE_USER_POOLS_ID",
+                                "value": "ca-central-1_t2HSZBHur"
+                            },
+                            {
+                                "name": "VITE_USER_POOLS_WEB_CLIENT_ID",
+                                "value": "3g6n2ha1loi4kp1jhaq359vrvb"
+                            },
+                            {
+                                "name": "VITE_REDIRECT_SIGN_OUT",
+                                "value": "43hjhdf5dvi17opb0jgucfpvm7"
+                            },
+                            {
+                                "name": "VITE_ZONE",
+                                "value": "test"
+                            }
+                        ],
+                        "image": "nr-results-exam-test-frontend:latest",
+                        "imagePullPolicy": "Always",
+                        "livenessProbe": {
+                            "failureThreshold": 3,
+                            "httpGet": {
+                                "path": "/",
+                                "port": 3000,
+                                "scheme": "HTTP"
+                            },
+                            "initialDelaySeconds": 15,
+                            "periodSeconds": 30,
+                            "successThreshold": 1,
+                            "timeoutSeconds": 5
+                        },
+                        "name": "nr-results-exam",
+                        "ports": [
+                            {
+                                "containerPort": 3000,
+                                "protocol": "TCP"
+                            }
+                        ],
+                        "readinessProbe": {
+                            "failureThreshold": 30,
+                            "httpGet": {
+                                "path": "/",
+                                "port": 3000,
+                                "scheme": "HTTP"
+                            },
+                            "initialDelaySeconds": 5,
+                            "periodSeconds": 2,
+                            "successThreshold": 1,
+                            "timeoutSeconds": 2
+                        },
+                        "resources": {
+                            "limits": {
+                                "cpu": "75m",
+                                "memory": "150Mi"
+                            },
+                            "requests": {
+                                "cpu": "25m",
+                                "memory": "50Mi"
+                            }
+                        },
+                        "securityContext": {
+                            "capabilities": {
+                                "add": [
+                                    "NET_BIND_SERVICE"
+                                ]
+                            }
+                        }
+                    }
+                ]
+            }
+        },
+        "triggers": [
+            {
+                "type": "ConfigChange"
+            },
+            {
+                "imageChangeParams": {
+                    "automatic": true,
+                    "containerNames": [
+                        "nr-results-exam"
+                    ],
+                    "from": {
+                        "kind": "ImageStreamTag",
+                        "name": "nr-results-exam-test-frontend:latest"
+                    }
+                },
+                "type": "ImageChange"
+            }
+        ]
+    }
+}