WIP maint page

.github/workflows/build-push-maintenance.yml

@@ -0,0 +1,117 @@
+name: diam-webapi
+
+on:
+  push:
+    branches: [develop,test,main]
+    paths:
+      - "maintenance/**"
+      - ".github/workflows/build-push-maintenance.yml"
+  workflow_dispatch:
+env:
+  IMAGE_NAME: diam-maintenance
+  WORKING_DIRECTORY: ./maintenance
+  BRANCH_NAME: develop
+  VALUES_FILE: dev
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    if: github.event_name == 'push'
+
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Set environment for branch
+        run: |
+          if [[ ${{ github.ref_name }} == 'main' ]]; then
+              echo "BRANCH_NAME=main" >> "$GITHUB_ENV"
+              echo "VALUES_FILE=prod" >> "$GITHUB_ENV"
+          fi
+
+          if [[ ${{ github.ref_name }} == 'test' ]]; then
+              echo "BRANCH_NAME=test" >> "$GITHUB_ENV"
+              echo "VALUES_FILE=test" >> "$GITHUB_ENV"
+          fi
+
+          if [[ ${{ github.ref_name }} == 'develop' ]]; then
+              echo "BRANCH_NAME=develop" >> "$GITHUB_ENV"
+              echo "VALUES_FILE=dev" >> "$GITHUB_ENV"
+          fi
+
+      - name: Extract branch name
+        shell: bash
+        run: echo "branch=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" >> $GITHUB_OUTPUT
+        id: extract_branch
+
+      - name: Branch name
+        run: echo running on branch ${GITHUB_REF##*/}
+
+      - name: Login to Artifactory 
+        uses: docker/login-action@v1
+        with:
+          registry: artifacts.developer.gov.bc.ca
+          username: ${{ secrets.ARTIFACTORY_USERNAME }}
+          password: ${{ secrets.ARTIFACTORY_PASSWORD }}
+
+      - name: Build Image
+        working-directory: ${{env.WORKING_DIRECTORY}}
+        run: |
+          docker build -t artifacts.developer.gov.bc.ca/de27-general-docker/${{env.IMAGE_NAME}}:${GITHUB_REF##*/} .
+     
+      - name: Docker Push to Artifactory
+        id: publish   
+        run: |
+          docker push artifacts.developer.gov.bc.ca/de27-general-docker/${{env.IMAGE_NAME}}:${GITHUB_REF##*/}          
+
+      - name: Checkout ArgoCD Repo
+        id: gitops
+        if: steps.publish.outcome == 'success'
+        uses: actions/checkout@v4
+        with:
+          repository: bcgov-c/tenant-gitops-e27db1
+          ref: ${{ env.BRANCH_NAME }}
+          token: ${{ secrets.ARGO_PAT }} # access token
+          path: gitops
+
+      - name: Get short SHA
+        id: short_sha
+        run: |
+          echo "::set-output name=SHORT_SHA::$(git rev-parse --short HEAD)"
+          echo "Short SHA: $SHORT_SHA"
+  
+      - name: Update Helm Values and Commit
+        id: helm
+        if: steps.gitops.outcome == 'success' # Only run if the previous step (publish) was successful
+        run: |
+
+          echo "Updating ${{ env.BRANCH_NAME }} helm values to trigger ArgoCD deployment "
+            
+          # Navigate to the directory containing your Helm values file for the environment develop -> DEV, test -> test
+          cd gitops/charts
+            
+          # Update the Helm values file with the new image tag and version
+          DATETIME=$(date +'%Y-%m-%d %H:%M:%S')  # Get current date and time
+          echo "Updating tag apitag: to ${{ steps.short_sha.outputs.SHORT_SHA }}"
+  
+          sed -i "s/apitag: .*/apitag: ${{ env.VALUES_FILE }}-${{ steps.short_sha.outputs.SHORT_SHA }} # Image Updated on $DATETIME/" maintenance/values.yaml
+
+          # Commit and push the changes
+          git config --global user.email "[email protected]"
+          git config --global user.name "GitHub Actions"
+
+          git add .
+
+          git add ../deploy/${{ env.VALUES_FILE }}_values.yaml
+
+          # Repackage Helm Chart      
+
+          cd maintenance
+
+          helm dependency build
+
+          git add .
+
+          git commit -m "Update ${{ env.BRANCH_NAME }} API image tag"
+          git push origin ${{ env.BRANCH_NAME }}  # Update the branch name as needed       
+
+

maintenance/Dockerfile

@@ -0,0 +1,6 @@
+FROM nginx:1.27.0-alpine
+
+COPY static /usr/share/nginx/html
+COPY nginx.conf /etc/nginx/nginx.conf
+
+EXPOSE 8080

maintenance/nginx.conf

@@ -0,0 +1,59 @@
+# see https://hub.docker.com/_/nginx `Running nginx as a non-root user`
+worker_processes  auto;
+
+pid        /tmp/nginx.pid;
+
+events {
+    worker_connections  1024;
+}
+
+http {
+    include       /etc/nginx/mime.types;
+    default_type  application/octet-stream;
+
+    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                      '$status $body_bytes_sent "$http_referer" '
+                      '"$http_user_agent" "$http_x_forwarded_for"';
+
+    client_body_temp_path /tmp/client_temp;
+    proxy_temp_path       /tmp/proxy_temp_path;
+    fastcgi_temp_path     /tmp/fastcgi_temp;
+    uwsgi_temp_path       /tmp/uwsgi_temp;
+    scgi_temp_path        /tmp/scgi_temp;
+
+    sendfile        on;
+    #tcp_nopush     on;
+
+    keepalive_timeout  65;
+
+    #gzip  on;
+
+    server {
+        listen       8080;
+        server_name  localhost;
+
+        access_log   off;
+        error_log   /dev/null;
+
+        add_header cross-origin-embedder-policy "require-corp";
+        add_header cross-origin-opener-policy "same-origin";
+        add_header cross-origin-resource-policy "same-origin";
+        add_header x-dns-prefetch-control "off";
+        add_header expect-ct "max-age=0";
+        add_header x-frame-options "SAMEORIGIN";
+        add_header strict-transport-security "max-age=15552000; includeSubDomains";
+        add_header x-download-options "noopen";
+        add_header x-content-type-options "nosniff";
+        add_header origin-agent-cluster "?1";
+        add_header x-permitted-cross-domain-policies "none";
+        add_header referrer-policy "strict-origin";
+        add_header x-xss-protection "0";
+        add_header permissions-policy "midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()";
+
+        location / {
+            root   /usr/share/nginx/html;
+            index  index.html index.htm;
+            try_files $uri $uri.html $uri/index.html /index.html;
+        }
+    }
+}

maintenance/static/index.html

@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+  <link href="https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/5.3.3/css/bootstrap-reboot.min.css"
+        rel="stylesheet" />
+
+  <link rel="stylesheet" href="/style.css" />
+  <title>AG DIAM</title>
+  <meta name="viewport" content="width=device-width, initial-scale=1">
+  <meta charset="utf-8">
+
+</head>
+<body style="display: flex; flex-direction: column; height: 100vh">
+  <header>
+    <div class="banner">
+        <img src="/img/logo-banner.svg" alt="Go to the Government of British Columbia website" height="40" />
+      <h1>Justice &amp; Public Safety Sector</h1>
+    </div>
+    <div class="other">&nbsp;</div>
+  </header>
+  <article>
+    <h1>Digital Identity &amp; Access Management (DIAM)</h1>
+    <h2>We&rsquo;ll be back soon</h2>
+    <div>
+      <p>
+        Sorry for the inconvenience but we&rsquo;re performing some maintenance at the moment. We&rsquo;ll be back
+        online shortly.
+      </p>
+    </div>
+    <div>
+      <p>
+        For urgent matters, please contact the DIAM team at<br/>
+        <a href="mailto:[email protected]">[email protected]</a><br/>
+  <br/>or via RocketChat:<br />
+        <a href="https://chat.developer.gov.bc.ca/channel/ag-diam-requests">https://chat.developer.gov.bc.ca/channel/ag-diam-requests</a>
+</p>
+    </div>
+  </article>
+</body>
+</html>