ci: backend

.github/workflows/unit-tests.yml → .github/workflows/analysis.yml

@@ -1,40 +1,21 @@
-name: Unit Tests and Analysis
+name: Analysis
 
 on:
   pull_request:
-    types:
-      - opened
-      - reopened
-      - synchronize
-      - ready_for_review
+    types: [opened, reopened, synchronize, ready_for_review]
   push:
-    branches:
-      - main
+    branches: [main]
   workflow_dispatch:
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
 
 jobs:
-  # Note: uncomment code below once a backend is written
-  tests:
-    name: Unit Tests
+  frontend:
+    name: Frontend Tests
     if: github.event_name != 'pull_request' || !github.event.pull_request.draft
     runs-on: ubuntu-22.04
-    strategy:
-      matrix:
-        # dir: [backend, frontend]
-        dir: [frontend]
-        include:
-          # - dir: backend
-          #   sonar_projectKey: nr-silva-backend
-          #   token: SONAR_TOKEN_BACKEND
-          #   triggers: ('backend/')
-          - dir: frontend
-            sonar_projectKey: nr-silva-frontend
-            token: SONAR_TOKEN_FRONTEND
-            triggers: ('frontend/')
     steps:
       - uses: bcgov-nr/[email protected]
         with:
@@ -47,13 +28,34 @@ jobs:
             -Dsonar.exclusions=**/coverage/**,**/node_modules/**,**/*spec.ts
             -Dsonar.organization=bcgov-sonarcloud
             -Dsonar.project.monorepo.enabled=true
-            -Dsonar.projectKey=${{ matrix.sonar_projectKey }}
+            -Dsonar.projectKey=nr-silva-frontend
             -Dsonar.sources=src
             -Dsonar.tests.inclusions=**/*spec.ts
             -Dsonar.javascript.lcov.reportPaths=./coverage/lcov.info
-          sonar_token: ${{ secrets[matrix.token] }}
+          sonar_token: ${{ secrets.SONAR_TOKEN_FRONTEND }}
           # Only use triggers for PRs
-          triggers: ${{ github.event_name == 'pull_request' && matrix.triggers || '' }}
+          triggers: ${{ github.event_name == 'pull_request' && '("frontend/")' || '' }}
+
+  backend:
+    name: Backend Tests
+    if: github.event_name != 'pull_request' || !github.event.pull_request.draft
+    runs-on: ubuntu-22.04
+    steps:
+      - uses: bcgov-nr/[email protected]
+        with:
+          commands: mvn clean package
+          dir: backend
+          java-cache: maven
+          java-distribution: temurin
+          java-version: 17
+          sonar_args: >
+            -Dsonar.exclusions=**/coverage/**,**/node_modules/**,**/*spec.ts
+            -Dsonar.organization=bcgov-sonarcloud
+            -Dsonar.project.monorepo.enabled=true
+            -Dsonar.projectKey=nr-silva-backend
+            -Dsonar.sources=src
+          sonar_token: ${{ secrets.SONAR_TOKEN_BACKEND }}
+          triggers: ${{ github.event_name == 'pull_request' && '("backend/")' || '' }}
 
   # https://github.com/marketplace/actions/aqua-security-trivy
   trivy:

.github/workflows/merge-main.yml → .github/workflows/merge.yml

@@ -1,10 +1,9 @@
-name: Merge to Main
+name: Merge
 
 on:
   workflow_run:
     workflows: [ "Pull Request Closed" ]
-    types:
-      - completed
+    types: [completed]
   workflow_dispatch:
 
 concurrency:
@@ -41,49 +40,62 @@ jobs:
     runs-on: ubuntu-22.04
     permissions:
       issues: write
+    strategy:
+      matrix:
+        name: [backend, frontend]
+        include:
+          - name: backend
+          - name: frontend
+            parameters:
+              -p VITE_USER_POOLS_ID=${{ vars.VITE_USER_POOLS_ID }}
+              -p VITE_USER_POOLS_WEB_CLIENT_ID=${{ vars.VITE_USER_POOLS_WEB_CLIENT_ID }}
     steps:
       - uses: bcgov-nr/[email protected]
         with:
-          file: frontend/openshift.deploy.yml
+          file: ${{ matrix.name }}/openshift.deploy.yml
           oc_namespace: ${{ vars.OC_NAMESPACE }}
           oc_server: ${{ vars.OC_SERVER }}
           oc_token: ${{ secrets.OC_TOKEN }}
           overwrite: true
           parameters:
-            -p ZONE=test -p PROMOTE=${{ github.repository }}/frontend:test
+            -p ZONE=test -p PROMOTE=${{ github.repository }}/${{ matrix.name }}:test
             -p NAME=${{ github.event.repository.name }}
-            -p VITE_USER_POOLS_ID=${{ vars.VITE_USER_POOLS_ID }}
-            -p VITE_USER_POOLS_WEB_CLIENT_ID=${{ vars.VITE_USER_POOLS_WEB_CLIENT_ID }}
+            ${{ matrix.parameters }}
           penetration_test: true
-          penetration_test_artifact: frontend
-          penetration_test_issue: frontend
+          penetration_test_artifact: ${{ matrix.name }}
+          penetration_test_issue: ${{ matrix.name }}
           penetration_test_token: ${{ secrets.GITHUB_SECRET }}
 
   deploys-prod:
     name: PROD Deployments
-    needs:
-      - deploys-test
+    needs: [deploys-test]
     environment: prod
     runs-on: ubuntu-22.04
+    strategy:
+      matrix:
+        name: [backend, frontend]
+        include:
+          - name: backend
+            paratemeters:
+              -p VITE_USER_POOLS_ID=${{ vars.VITE_USER_POOLS_ID }}
+              -p VITE_USER_POOLS_WEB_CLIENT_ID=${{ vars.VITE_USER_POOLS_WEB_CLIENT_ID }}
+              -p VITE_REDIRECT_SIGN_OUT="${{ vars.VITE_REDIRECT_SIGN_OUT }}"
+          - name: frontend
     steps:
       - uses: bcgov-nr/[email protected]
         with:
-          file: frontend/openshift.deploy.yml
+          file: ${{ matrix.name }}/openshift.deploy.yml
           oc_namespace: ${{ vars.OC_NAMESPACE }}
           oc_server: ${{ vars.OC_SERVER }}
           oc_token: ${{ secrets.OC_TOKEN }}
           overwrite: true
           parameters:
-            -p ZONE=prod -p PROMOTE=${{ github.repository }}/frontend:test
+            -p ZONE=prod -p PROMOTE=${{ github.repository }}/${{ matrix.name }}:test
             -p NAME=${{ github.event.repository.name }}
-            -p VITE_USER_POOLS_ID=${{ vars.VITE_USER_POOLS_ID }}
-            -p VITE_USER_POOLS_WEB_CLIENT_ID=${{ vars.VITE_USER_POOLS_WEB_CLIENT_ID }}
-            -p VITE_REDIRECT_SIGN_OUT="${{ vars.VITE_REDIRECT_SIGN_OUT }}"
 
   image-promotions:
     name: Promote images to PROD
-    needs:
-      - deploys-prod
+    needs: [deploys-prod]
     runs-on: ubuntu-22.04
     permissions:
       packages: write

.github/workflows/pr-open.yml

@@ -2,8 +2,7 @@ name: Pull Request
 
 on:
   pull_request:
-    branches:
-      - main
+    branches: [main]
 
 concurrency:
   # PR open and close use the same group, allowing only one at a time
@@ -32,6 +31,7 @@ jobs:
             Thanks for the PR!
 
             Any successful deployments (not always required) will be available below.
+            [Backend](https://${{ env.PREFIX }}-backend.${{ env.DOMAIN }})
             [Frontend](https://${{ env.PREFIX }}-frontend.${{ env.DOMAIN }})
 
             Once merged, code will be promoted and handed off to following workflow run.
@@ -43,34 +43,55 @@ jobs:
     runs-on: ubuntu-22.04
     permissions:
       packages: write
+    strategy:
+      matrix:
+        name: [backend, frontend]
+        include:
+          - name: backend
+            triggers: ('backend/')
+          - name: frontend
+            triggers: ('frontend/')
     steps:
       - uses: actions/checkout@v4
       - uses: bcgov-nr/[email protected]
         with:
-          package: frontend
+          package: ${{ matrix.name }}
           tag: ${{ github.event.number }}
           tag_fallback: test
           token: ${{ secrets.GITHUB_TOKEN }}
-          triggers: ('frontend/')
+          triggers: ${{ matrix.triggers }}
 
   deploys:
     name: Deploys
     if: "!github.event.pull_request.head.repo.fork"
-    needs:
-      - builds
+    needs: [builds]
     runs-on: ubuntu-22.04
+    strategy:
+      matrix:
+        name: [backend, frontend]
+        include:
+          - name: backend
+            file: backend/openshift.deploy.yml
+            triggers: ('backend/' 'frontend/')
+            verification_path: /actuator/health
+          - name: frontend
+            file: frontend/openshift.deploy.yml
+            triggers: ('backend/' 'frontend/')
+            parameters:
+              -p VITE_USER_POOLS_ID=${{ vars.VITE_USER_POOLS_ID }}
+              -p VITE_USER_POOLS_WEB_CLIENT_ID=${{ vars.VITE_USER_POOLS_WEB_CLIENT_ID }}
     steps:
       - uses: bcgov-nr/[email protected]
         with:
-          file: frontend/openshift.deploy.yml
+          file: ${{ matrix.name }}/openshift.deploy.yml
           oc_namespace: ${{ vars.OC_NAMESPACE }}
           oc_server: ${{ vars.OC_SERVER }}
           oc_token: ${{ secrets.OC_TOKEN }}
           overwrite: true
           parameters:
             -p ZONE=${{ github.event.number }} -p NAME=${{ github.event.repository.name }}
-            -p PROMOTE=${{ github.repository }}/frontend:${{ github.event.number }}
-            -p VITE_USER_POOLS_ID=${{ vars.VITE_USER_POOLS_ID }}
-            -p VITE_USER_POOLS_WEB_CLIENT_ID=${{ vars.VITE_USER_POOLS_WEB_CLIENT_ID }}
+            -p PROMOTE=${{ github.repository }}/${{ matrix.name }}:${{ github.event.number }}
             -p MIN_REPLICAS=1 -p MAX_REPLICAS=2
-          triggers: ('frontend/')
+            ${{ matrix.parameters }}
+          triggers: ${{ matrix.triggers }}
+          verification_path: ${{ matrix.verification_path }}

backend/.dockerignore

@@ -0,0 +1,6 @@
+.env
+Dockerfile
+*.yml
+*.yaml
+*.md
+**/target/

backend/Dockerfile

@@ -0,0 +1,21 @@
+# Quarkus Images
+# https://github.com/quarkusio/quarkus-images
+
+# "Provides the native-image executable. Used by the Maven and Gradle plugin from Quarkus to build linux64 executables"
+FROM quay.io/quarkus/ubi-quarkus-graalvmce-builder-image:jdk-21 AS build
+
+# Image defaults to /project; copy controlled by .dockerignore
+COPY --chown=quarkus:quarkus . ./
+RUN ./mvnw package -Pnative -DskipTests
+
+# "A base image to run Quarkus native application using UBI Micro"
+FROM quay.io/quarkus/quarkus-micro-image:2.0
+
+# Port and health check
+EXPOSE 8080
+HEALTHCHECK --interval=300s --timeout=3s CMD curl -f http://localhost:8080
+
+# Startup
+COPY --chown=1001:root --from=build /project/target/results /app
+USER 1001
+CMD ["/app", "-Dquarkus.http.host=0.0.0.0"]