Merge branch 'main' into present_proof_2

openwallet-foundation · Jul 26, 2024 · 19bd25c · 19bd25c
2 parents 11b81a2 + cbc44e5
commit 19bd25c
Show file tree

Hide file tree

Showing 3 changed files with 183 additions and 10 deletions.
diff --git a/.github/workflows/chart_release.yaml b/.github/workflows/chart_release.yaml
@@ -7,7 +7,7 @@ on:
 
 jobs:
   chart-release:
-    name: Create chart release
+    name: Create and Publish Chart Release
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
@@ -27,3 +27,75 @@ jobs:
           config: .github/actions/chart_releaser/cr.yaml
         env:
           CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
+
+  update-configs-and-sync:
+    runs-on: ubuntu-latest
+    name: Update Configs and Sync
+    needs:
+      - chart-release
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Git
+        run: |
+          git config --global user.name "github-actions[bot]"
+          git config --global user.email "github-actions[bot]@users.noreply.github.com"
+
+      - name: Checkout services directory from the trust-over-ip-configurations repo
+        uses: actions/checkout@v4
+        with:
+          repository: bcgov/trust-over-ip-configurations
+          ssh-key: ${{ secrets.DITP_CONFIGS_REPO_SECRET }}
+          sparse-checkout: |
+            services
+          path: trust-over-ip-configurations
+
+      - name: Lookup latest chart
+        id: chart_version
+        run: |
+          helm repo add vc-authn-oidc https://bcgov.github.io/vc-authn-oidc
+          helm repo update
+          echo "APP_VERSION=$(helm search repo vc-authn-oidc -ojson | jq '.[0].app_version')" >> $GITHUB_OUTPUT
+          echo "CHART_VERSION=$(helm search repo vc-authn-oidc -ojson | jq '.[0].version')" >> $GITHUB_OUTPUT
+
+      - name: Update test
+        env:
+          APP_VERSION: ${{ steps.chart_version.outputs.APP_VERSION }}
+          CHART_VERSION: ${{ steps.chart_version.outputs.CHART_VERSION }}
+        run: |
+          cd trust-over-ip-configurations
+          yq e -i '.appVersion = env(APP_VERSION)' services/vc-authn-oidc/charts/test/Chart.yaml
+          yq e -i '.version = env(CHART_VERSION)' services/vc-authn-oidc/charts/test/Chart.yaml
+
+      - name: Update prod
+        env:
+          APP_VERSION: ${{ steps.chart_version.outputs.APP_VERSION }}
+          CHART_VERSION: ${{ steps.chart_version.outputs.CHART_VERSION }}
+        run: |
+          cd trust-over-ip-configurations
+          yq e -i '.appVersion = env(APP_VERSION)' services/vc-authn-oidc/charts/prod/Chart.yaml
+          yq e -i '.version = env(CHART_VERSION)' services/vc-authn-oidc/charts/prod/Chart.yaml
+
+      - name: Commit and Push to trust-over-ip-configurations Repo
+        run: |
+          cd trust-over-ip-configurations
+          git add services/vc-authn-oidc/charts/test/Chart.yaml services/vc-authn-oidc/charts/prod/Chart.yaml
+          git commit -m "Update chart and app versions" || echo "No changes to commit"
+          git push origin main
+
+      - name: Trigger and wait for GitOps sync workflow
+        uses: convictional/[email protected]
+        id: workflow-trigger
+        with:
+          owner: bcgov
+          repo: trust-over-ip-configurations
+          github_token: ${{ secrets.DITP_CONFIGS_REPO_TOKEN }}
+          workflow_file_name: gitops_sync.yaml
+
+      - name: Trigger ArgoCD Sync of e79518-test-vc-authn-oidc
+        uses: OpsVerseIO/[email protected]
+        with:
+          address: gitops-shared.apps.silver.devops.gov.bc.ca
+          token: ${{ secrets.DITP_GITOPS_ARGO_SECRET}}
+          action: sync
+          appName: "e79518-test-vc-authn-oidc"
diff --git a/.github/workflows/on_push_main.yaml b/.github/workflows/on_push_main.yaml
@@ -1,4 +1,4 @@
-name: Build & Deploy Development
+name: Build, Update Config, and Deploy Development
 on:
   workflow_dispatch:
   push:
@@ -14,31 +14,129 @@ jobs:
       ref: "main"
       platforms: "linux/amd64"
 
+  check_helm_changes:
+    runs-on: ubuntu-latest
+    name: Check for Helm Chart changes
+    outputs:
+      helm_changed: ${{ steps.list-changed.outputs.changed }}
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up chart-testing
+        uses: helm/[email protected]
+
+      - name: Run chart-testing (list-changed)
+        id: list-changed
+        run: |
+          changed=$(ct list-changed --target-branch ${{ github.event.repository.default_branch }})
+          if [[ -n "$changed" ]]; then
+            echo "changed=true" >> "$GITHUB_OUTPUT"
+
+  update_configs_repo:
+    runs-on: ubuntu-latest
+    name: Update Configurations Repo
+    needs:
+      - build
+      - check_helm_changes
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Checkout services directory from the trust-over-ip-configurations repo
+        uses: actions/checkout@v4
+        with:
+          repository: bcgov/trust-over-ip-configurations
+          ssh-key: ${{ secrets.DITP_CONFIGS_REPO_SECRET }}
+          sparse-checkout: |
+            services
+          path: trust-over-ip-configurations
+
+      - name: Lookup Helm Chart and App versions
+        id: chart_version
+        run: |
+          helm repo add vc-authn-oidc https://bcgov.github.io/vc-authn-oidc
+          helm repo update
+          if [[ "${{ needs.check_helm_changes.outputs.helm_changed }}" == "true" ]]; then
+            echo "APP_VERSION=$(yq e .appVersion charts/vc-authn-oidc/Chart.yaml)" >> $GITHUB_OUTPUT
+            echo "CHART_VERSION=$(yq e .version charts/vc-authn-oidc/Chart.yaml)" >> $GITHUB_OUTPUT
+          else
+            echo "APP_VERSION=$(helm search repo vc-authn-oidc -ojson | jq -r '.[0].app_version')" >> $GITHUB_OUTPUT
+            echo "CHART_VERSION=$(helm search repo vc-authn-oidc -ojson | jq -r '.[0].version')" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Update versions
+        env:
+          APP_VERSION: ${{ steps.chart_version.outputs.APP_VERSION }}
+          CHART_VERSION: ${{ steps.chart_version.outputs.CHART_VERSION }}
+          IMAGE_TAG: ${{ needs.build.outputs.image_version }}
+        run: |
+          cd trust-over-ip-configurations
+
+          yq e -i '.appVersion = env(APP_VERSION)' services/vc-authn-oidc/charts/dev/Chart.yaml
+          yq e -i '.version = env(CHART_VERSION)' services/vc-authn-oidc/charts/dev/Chart.yaml
+          yq e -i '.dependencies[0].version = env(CHART_VERSION)' services/vc-authn-oidc/charts/dev/Chart.yaml
+          yq e -i '.vc-authn-oidc.image.tag = env(IMAGE_TAG)' services/vc-authn-oidc/charts/dev/values.yaml
+
+      - name: Commit and Push to trust-over-ip-configurations Repo
+        run: |
+          cd trust-over-ip-configurations
+          git config user.name "github-actions[bot]"
+          git config user.email "github-actions[bot]@users.noreply.github.com"
+          git add services/vc-authn-oidc/charts/dev/values.yaml services/vc-authn-oidc/charts/dev/Chart.yaml
+          git commit -m "Update chart version and image tag" || echo "No changes to commit"
+          git push origin main
+
+      - uses: convictional/[email protected]
+        id: workflow-trigger
+        with:
+          owner: bcgov
+          repo: trust-over-ip-configurations
+          github_token: ${{ secrets.DITP_CONFIGS_REPO_TOKEN }}
+          workflow_file_name: gitops_sync.yaml
+
+      - name: Trigger ArgoCD Sync of e79518-test-vc-authn-oidc
+        uses: OpsVerseIO/[email protected]
+        if: needs.check_helm_changes.outputs.helm_changed != 'true' && steps.workflow-trigger.outputs.conclusion == 'success'
+        with:
+          address: gitops-shared.apps.silver.devops.gov.bc.ca
+          token: ${{ secrets.DITP_GITOPS_ARGO_SECRET}}
+          action: sync
+          appName: "e79518-test-vc-authn-oidc"
+
   # Build vc-authn
-  deploy:
+  deploy_dev:
     name: Deploy VC-AuthN to Dev
     environment: dev
     runs-on: ubuntu-latest
     needs:
       - build
-    if: ${{ always() && !(contains(needs.*.result, 'failed')) && (github.repository_owner == 'bcgov') }}
+      - check_helm_changes
+    if: ${{ needs.check_helm_changes.outputs.helm_changed == 'true' && contains(needs.*.result, 'success') && !(contains(needs.*.result, 'failure')) && (github.repository_owner == 'bcgov') }}
 
     steps:
       - uses: actions/checkout@v4
 
+      - name: Checkout services directory from the trust-over-ip-configurations repo
+        uses: actions/checkout@v4
+        with:
+          repository: bcgov/trust-over-ip-configurations
+          ssh-key: ${{ secrets.DITP_CONFIGS_REPO_SECRET }}
+          sparse-checkout: |
+            services
+          path: trust-over-ip-configurations
+
       - name: Authenticate and set context
         uses: redhat-actions/oc-login@v1
         with:
           openshift_server_url: ${{ secrets.OPENSHIFT_SERVER }}
           openshift_token: ${{ secrets.OPENSHIFT_TOKEN }}
           namespace: ${{ secrets.OPENSHIFT_NAMESPACE }}
 
-      - name: VC-Authn Dev Helm
+      - name: Deploy VC-Authn-OIDC to Development
         run: |
-          helm upgrade --install vc-authn-oidc \
-          -f https://raw.githubusercontent.com/bcgov/trust-over-ip-configurations/main/helm-values/vc-authn-oidc/dev.yaml \
-          --set image.tag=${{ needs.build.outputs.image_version }} \
-          ./charts/vc-authn-oidc --wait
+          cp trust-over-ip-configurations/services/vc-authn-oidc/charts/dev/values.yaml ./dev-values.yaml
+          yq e -i 'del(.vc-authn-oidc) | . *= load("trust-over-ip-configurations/services/vc-authn-oidc/charts/dev/values.yaml").vc-authn-oidc' ./dev-values.yaml
+          helm upgrade --install vc-authn-oidc -f ./dev-values.yaml --set image.tag=${{ needs.build.outputs.image_version }} ./charts/vc-authn-oidc --wait
+
       - name: Restart Deployments
         run: |
           oc rollout restart deployment/vc-authn-oidc-agent

diff --git a/docker/agent/config/ledgers.yaml b/docker/agent/config/ledgers.yaml
@@ -1,5 +1,6 @@
 - id: BCovrinTest
   is_production: true
+  is_write: true
   genesis_url: "http://test.bcovrin.vonx.io/genesis"
 # - id: SovrinStagingNet
 #   is_production: true
@@ -9,5 +10,7 @@
   genesis_url: "https://raw.githubusercontent.com/ICCS-ISAC/dtrust-reconu/main/CANdy/dev/pool_transactions_genesis"
 - id: CANdyTest
   is_production: true
-  is_write: true
   genesis_url: "https://raw.githubusercontent.com/ICCS-ISAC/dtrust-reconu/main/CANdy/test/pool_transactions_genesis"
+- id: CANdyProd
+  is_production: true
+  genesis_url: "https://raw.githubusercontent.com/ICCS-ISAC/dtrust-reconu/main/CANdy/prod/pool_transactions_genesis"