Merge branch 'main' into feat/303-create-recent-openings-api

bcgov · Feb 2, 2024 · c177dd8 · c177dd8
2 parents 4ec80d6 + f2d14b2
commit c177dd8
Show file tree

Hide file tree

Showing 27 changed files with 1,127 additions and 232 deletions.
diff --git a/.github/workflows/analysis.yml b/.github/workflows/analysis.yml
@@ -2,7 +2,7 @@ name: Analysis
 
 on:
   pull_request:
-    types: [opened, reopened, synchronize, ready_for_review]
+    types: [opened, reopened, synchronize, ready_for_review, converted_to_draft]
   push:
     branches: [main]
   workflow_dispatch:
@@ -12,8 +12,30 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
-  frontend:
-    name: Frontend Tests
+  tests-backend:
+    name: Tests (Backend)
+    if: github.event_name != 'pull_request' || !github.event.pull_request.draft
+    runs-on: ubuntu-22.04
+    steps:
+      - uses: bcgov-nr/[email protected]
+        with:
+          commands: mvn --no-transfer-progress clean compile verify package checkstyle:checkstyle -P all-tests
+          dir: backend
+          java-cache: maven
+          java-distribution: temurin
+          java-version: 21
+          sonar_args: >
+            -Dsonar.exclusions=**/config/**,*/dto/**,**/entity/**,**/exception/**,**/response/**,**/*$*Builder*,**/RestExceptionEndpoint.*,**/ResultsApplication.*
+            -Dsonar.coverage.jacoco.xmlReportPaths=target/coverage-reports/merged-test-report/jacoco.xml
+            -Dsonar.organization=bcgov-sonarcloud
+            -Dsonar.project.monorepo.enabled=true
+            -Dsonar.projectKey=nr-silva-backend
+          sonar_token: ${{ secrets.SONAR_TOKEN_BACKEND }}
+          # Only use triggers for PRs
+          triggers: ${{ github.event_name == 'pull_request' && '("backend/")' || '' }}
+
+  tests-frontend:
+    name: Tests (Frontend)
     if: github.event_name != 'pull_request' || !github.event.pull_request.draft
     runs-on: ubuntu-22.04
     steps:
@@ -36,73 +58,33 @@ jobs:
           # Only use triggers for PRs
           triggers: ${{ github.event_name == 'pull_request' && '("frontend/")' || '' }}
 
-  backend:
-    name: Backend Tests
-    if: github.event_name != 'pull_request' || !github.event.pull_request.draft
-    runs-on: ubuntu-22.04
-    steps:
-      - uses: bcgov-nr/[email protected]
-        with:
-          commands: mvn --no-transfer-progress clean compile verify package checkstyle:checkstyle -P all-tests
-          dir: backend
-          java-cache: maven
-          java-distribution: temurin
-          java-version: 21
-          sonar_args: >
-            -Dsonar.exclusions=**/config/**,*/dto/**,**/entity/**,**/exception/**,**/response/**,**/*$*Builder*,**/RestExceptionEndpoint.*,**/ResultsApplication.*
-            -Dsonar.coverage.jacoco.xmlReportPaths=target/coverage-reports/merged-test-report/jacoco.xml
-            -Dsonar.organization=bcgov-sonarcloud
-            -Dsonar.project.monorepo.enabled=true
-            -Dsonar.projectKey=nr-silva-backend
-          sonar_token: ${{ secrets.SONAR_TOKEN_BACKEND }}
-          # Only use triggers for PRs
-          triggers: ${{ github.event_name == 'pull_request' && '("backend/")' || '' }}
-
   codeql:
     name: CodeQL
     if: github.event_name != 'pull_request' || !github.event.pull_request.draft
     runs-on: ubuntu-22.04
-    strategy:
-      matrix:
-        language: [java, javascript]
-        include:
-          - language: "java"
-            working-directory: backend
-            build: ./mvnw package -DskipTests
-          - language: "javascript"
     steps:
       - uses: actions/checkout@v4
       - uses: github/codeql-action/init@v3
-        with:
-          languages: ${{ matrix.language }}
-
-      - name: Autobuild
-        if: ${{ ! matrix.build }}
-        uses: github/codeql-action/autobuild@v3
-
       - uses: actions/setup-java@v4
-        if: ${{ matrix.build && matrix.language == 'java' }}
         with:
           distribution: "oracle"
           java-version: "21"
 
-      - uses: actions/cache@v3
-        if: ${{ matrix.build && matrix.language == 'java' }}
+      - uses: actions/cache@v4
         with:
           path: ~/.m2/repository
           key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
           restore-keys: |
             ${{ runner.os }}-maven-
 
-      - name: Build
-        if: ${{ matrix.build }}
-        run: ${{ matrix.build }}
-        working-directory: ${{ matrix.working-directory }}
+      - run: |
+          # Exclude file and build
+          rm InstallCert.java
+          ./mvnw package -DskipTests
+          ls -la
+        working-directory: backend
 
-      - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v3
-        with:
-          category: "/language:${{matrix.language}}"
+      - uses: github/codeql-action/analyze@v3
 
   # https://github.com/marketplace/actions/aqua-security-trivy
   trivy:

diff --git a/.github/workflows/merge.yml b/.github/workflows/merge.yml
@@ -11,48 +11,27 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
-  codeql:
-    name: Semantic Code Analysis
-    runs-on: ubuntu-22.04
-    permissions:
-      actions: read
-      contents: read
-      security-events: write
-    steps:
-      - uses: actions/checkout@v4
-
-      - name: Initialize
-        uses: github/codeql-action/init@v3
-        with:
-          languages: javascript
-
-      # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
-      # If this step fails, then you should remove it and run the build manually (see below)
-      - name: Autobuild
-        uses: github/codeql-action/autobuild@v3
-
-      - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v3
-
   init-test:
     name: TEST Init
     environment: test
     runs-on: ubuntu-22.04
     steps:
       - name: OpenShift Init
-        uses: bcgov-nr/action-deployer-openshift@v2.0.0
+        uses: bcgov-nr/action-deployer-openshift@v2.1.0
         with:
           oc_namespace: ${{ vars.OC_NAMESPACE }}
           oc_server: ${{ vars.OC_SERVER }}
           oc_token: ${{ secrets.OC_TOKEN }}
           file: common/openshift.init.yml
           overwrite: false
           parameters:
-            -p ZONE=test -p NAME=${{ github.event.repository.name }}
             -p AWS_KINESIS_STREAM='${{ secrets.AWS_KINESIS_STREAM }}'
             -p AWS_KINESIS_ROLE_ARN='${{ secrets.AWS_KINESIS_ROLE_ARN }}'
             -p AWS_ACCESS_KEY_ID=${{ secrets.AWS_ACCESS_KEY_ID }}
             -p AWS_ACCESS_KEY_SECRET='${{ secrets.AWS_ACCESS_KEY_SECRET }}'
+            -p ORACLE_DB_USER=${{ secrets.DB_USER }}
+            -p ORACLE_DB_PASSWORD='${{ secrets.DB_PASSWORD }}'
+            -p ZONE=test
 
   deploys-test:
     name: TEST Deployments
@@ -79,7 +58,7 @@ jobs:
             file: common/openshift.fluentbit.yml
             overwrite: true
     steps:
-      - uses: bcgov-nr/action-deployer-openshift@v2.0.0
+      - uses: bcgov-nr/action-deployer-openshift@v2.1.0
         with:
           file: ${{ matrix.file }}
           oc_namespace: ${{ vars.OC_NAMESPACE }}
@@ -88,7 +67,6 @@ jobs:
           overwrite: ${{ matrix.overwrite }}
           parameters:
             -p ZONE=test
-            -p NAME=${{ github.event.repository.name }}
             ${{ matrix.parameters }}
           verification_path: ${{ matrix.verification_path }}
 
@@ -99,19 +77,21 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - name: OpenShift Init
-        uses: bcgov-nr/action-deployer-openshift@v2.0.0
+        uses: bcgov-nr/action-deployer-openshift@v2.1.0
         with:
           oc_namespace: ${{ vars.OC_NAMESPACE }}
           oc_server: ${{ vars.OC_SERVER }}
           oc_token: ${{ secrets.OC_TOKEN }}
           file: common/openshift.init.yml
           overwrite: false
           parameters:
-            -p ZONE=prod -p NAME=${{ github.event.repository.name }}
             -p AWS_KINESIS_STREAM='${{ secrets.AWS_KINESIS_STREAM }}'
             -p AWS_KINESIS_ROLE_ARN='${{ secrets.AWS_KINESIS_ROLE_ARN }}'
             -p AWS_ACCESS_KEY_ID=${{ secrets.AWS_ACCESS_KEY_ID }}
             -p AWS_ACCESS_KEY_SECRET='${{ secrets.AWS_ACCESS_KEY_SECRET }}'
+            -p ORACLE_DB_USER=${{ secrets.DB_USER }}
+            -p ORACLE_DB_PASSWORD='${{ secrets.DB_PASSWORD }}'
+            -p ZONE=prod
 
   image-promotions:
     name: Promote images to PROD
@@ -123,7 +103,7 @@ jobs:
       matrix:
         component: [backend, frontend]
     steps:
-      - uses: shrink/actions-docker-registry-tag@v3
+      - uses: shrink/actions-docker-registry-tag@v4
         with:
           registry: ghcr.io
           repository: ${{ github.repository }}/${{ matrix.component }}
@@ -153,7 +133,7 @@ jobs:
             file: common/openshift.fluentbit.yml
             overwrite: true
     steps:
-      - uses: bcgov-nr/action-deployer-openshift@v2.0.0
+      - uses: bcgov-nr/action-deployer-openshift@v2.1.0
         with:
           file: ${{ matrix.file }}
           oc_namespace: ${{ vars.OC_NAMESPACE }}
@@ -162,6 +142,5 @@ jobs:
           overwrite: ${{ matrix.overwite }}
           parameters:
             -p ZONE=prod
-            -p NAME=${{ github.event.repository.name }}
             ${{ matrix.parameters }}
           verification_path: ${{ matrix.verification_path }}
diff --git a/.github/workflows/pentests.yml b/.github/workflows/pentests.yml
@@ -20,7 +20,7 @@ jobs:
         component: [backend, frontend]
     steps:
       - name: ZAP Scan
-        uses: zaproxy/action-full-scan@v0.8.0
+        uses: zaproxy/action-full-scan@v0.9.0
         with:
           allow_issue_writing: true
           artifact_name: "zap_${{ matrix.component }}"

diff --git a/.github/workflows/pr-close.yml b/.github/workflows/pr-close.yml
@@ -2,10 +2,8 @@ name: PR Closed
 
 on:
   pull_request:
-    branches:
-      - main
-    types:
-      - closed
+    branches: [main]
+    types: [closed]
 
 concurrency:
   # PR open and close use the same group, allowing only one at a time
@@ -22,7 +20,7 @@ jobs:
       - name: Remove OpenShift artifacts
         run: |
           oc login --token=${{ secrets.OC_TOKEN }} --server=${{ vars.OC_SERVER }}
-          oc project ${{ vars.OC_NAMESPACE }}
+          oc project ${{ vars.OC_NAMESPACE }} # Safeguard!
 
           # Remove old build runs, build pods and deployment pods
           oc delete all,pvc,secret,cm -l app=${{ github.event.repository.name }}-${{ github.event.number }}
@@ -38,7 +36,7 @@ jobs:
     permissions:
       packages: write
     steps:
-      - uses: shrink/actions-docker-registry-tag@v3
+      - uses: shrink/actions-docker-registry-tag@v4
         with:
           registry: ghcr.io
           repository: ${{ github.repository }}/${{ matrix.package }}

diff --git a/.github/workflows/pr-open.yml b/.github/workflows/pr-open.yml
@@ -3,32 +3,33 @@ name: PR
 on:
   pull_request:
     branches: [main]
+  workflow_dispatch:
 
 concurrency:
   # PR open and close use the same group, allowing only one at a time
   group: pr-${{ github.workflow }}-${{ github.event.number }}
   cancel-in-progress: true
 
+
 jobs:
   init:
     name: Initialize
     if: "!github.event.pull_request.head.repo.fork"
     outputs:
-      route: ${{ steps.route.outputs.route }}
+      route: ${{ github.event.number }}
     runs-on: ubuntu-22.04
     permissions:
       pull-requests: write
     steps:
-      - name: Get PR Number Mod 50
+      - name: Get FAM Route
         id: route
         run: |
           echo "route=$(( ${{ github.event.number }} % 50 ))" >> $GITHUB_OUTPUT
-          echo "route=$(( ${{ github.event.number }} % 50 ))"
 
       - name: PR Greeting
         env:
           DOMAIN: apps.silver.devops.gov.bc.ca
-          PREFIX: ${{ github.event.repository.name }}-${{ steps.route.outputs.route }}
+          PREFIX: ${{ github.event.repository.name }}
         uses: bcgov-nr/[email protected]
         with:
           github_token: ${{ secrets.GITHUB_TOKEN }}
@@ -38,14 +39,15 @@ jobs:
             Thanks for the PR!
 
             Any successful deployments (not always required) will be available below.
-            [Backend](https://${{ github.event.repository.name }}-${{ github.event.number }}-backend.${{ env.DOMAIN }}/actuator/health)
-            [Frontend](https://${{ github.event.repository.name }}-${{ steps.route.outputs.route }}-frontend.${{ env.DOMAIN }})
+            
+            Backend: https://${{ env.PREFIX }}-${{ github.event.number }}-backend.${{ env.DOMAIN }}/actuator/health
+            Frontend: https://${{ env.PREFIX }}-${{ steps.route.outputs.route }}-frontend.${{ env.DOMAIN }}
 
             Once merged, code will be promoted and handed off to following workflow run.
             [Main Merge Workflow](https://github.com/${{ github.repository }}/actions/workflows/merge-main.yml)
 
       - name: OpenShift Init
-        uses: bcgov-nr/action-deployer-openshift@v2.0.0
+        uses: bcgov-nr/action-deployer-openshift@v2.1.0
         with:
           oc_namespace: ${{ vars.OC_NAMESPACE }}
           oc_server: ${{ vars.OC_SERVER }}
@@ -54,11 +56,12 @@ jobs:
           overwrite: false
           parameters:
             -p ZONE=${{ github.event.number }}
-            -p NAME=${{ github.event.repository.name }}
             -p AWS_KINESIS_STREAM='${{ secrets.AWS_KINESIS_STREAM }}'
             -p AWS_KINESIS_ROLE_ARN='${{ secrets.AWS_KINESIS_ROLE_ARN }}'
             -p AWS_ACCESS_KEY_ID=${{ secrets.AWS_ACCESS_KEY_ID }}
             -p AWS_ACCESS_KEY_SECRET='${{ secrets.AWS_ACCESS_KEY_SECRET }}'
+            -p ORACLE_DB_USER=${{ secrets.DB_USER }}
+            -p ORACLE_DB_PASSWORD='${{ secrets.DB_PASSWORD }}'
           triggers: ('common/' 'backend/' 'frontend/')
 
   builds:
@@ -89,33 +92,29 @@ jobs:
   deploys:
     name: Deploys
     if: "!github.event.pull_request.head.repo.fork"
-    needs: [builds, init]
+    needs: [builds]
     runs-on: ubuntu-22.04
     strategy:
       matrix:
         name: [backend, frontend, fluentbit]
         include:
           - name: backend
             file: backend/openshift.deploy.yml
-            triggers: ('common/' 'backend/' 'frontend/')
             verification_path: /actuator/health
             parameters:
               -p MIN_REPLICAS=1
               -p MAX_REPLICAS=2
           - name: frontend
             file: frontend/openshift.deploy.yml
-            triggers: ('common/' 'backend/' 'frontend/')
             parameters:
               -p VITE_USER_POOLS_WEB_CLIENT_ID=${{ vars.VITE_USER_POOLS_WEB_CLIENT_ID }}
               -p MIN_REPLICAS=1
               -p MAX_REPLICAS=2
-              -p FAM_ROUTE=${{ needs.init.outputs.route }}
+              -p FAM_ROUTE="$(( ${{ github.event.number }} % 50 ))"
           - name: fluentbit
             file: common/openshift.fluentbit.yml
-            overwrite: true
-            triggers: ('common/' 'backend/' 'frontend/')
     steps:
-      - uses: bcgov-nr/action-deployer-openshift@v2.0.0
+      - uses: bcgov-nr/action-deployer-openshift@v2.1.0
         with:
           file: ${{ matrix.file }}
           oc_namespace: ${{ vars.OC_NAMESPACE }}
@@ -124,7 +123,6 @@ jobs:
           overwrite: true
           parameters:
             -p ZONE=${{ github.event.number }}
-            -p NAME=${{ github.event.repository.name }}
             ${{ matrix.parameters }}
-          triggers: ${{ matrix.triggers }}
+          triggers: ('common/' 'backend/' 'frontend/')
           verification_path: ${{ matrix.verification_path }}