Merge #15
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Merge | |
| on: | |
| workflow_run: | |
| workflows: [PR Closed] | |
| types: [completed] | |
| workflow_dispatch: | |
| concurrency: | |
| group: ${{ github.workflow }} | |
| cancel-in-progress: true | |
| jobs: | |
| codeql: | |
| name: Semantic Code Analysis | |
| runs-on: ubuntu-22.04 | |
| permissions: | |
| actions: read | |
| contents: read | |
| security-events: write | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Initialize | |
| uses: github/codeql-action/init@v2 | |
| with: | |
| debug: true | |
| languages: java,javascript | |
| - name: Set up JDK 17 | |
| uses: actions/setup-java@v3 | |
| with: | |
| java-version: "17" | |
| distribution: "temurin" | |
| # Build Java apps, JavaScript doesn't require | |
| - name: Java Builds | |
| run: | | |
| cd backend | |
| mvn --update-snapshots -P prod clean package -Dmaven.test.skip | |
| cd ../oracle-api | |
| mvn --update-snapshots package -Dmaven.test.skip | |
| - name: Perform CodeQL Analysis | |
| uses: github/codeql-action/analyze@v2 | |
| init-test: | |
| name: TEST Init | |
| environment: test | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - name: OpenShift Init | |
| uses: bcgov-nr/[email protected] | |
| with: | |
| oc_namespace: ${{ vars.OC_NAMESPACE }} | |
| oc_server: ${{ vars.OC_SERVER }} | |
| oc_token: ${{ secrets.OC_TOKEN }} | |
| file: common/openshift.init.yml | |
| overwrite: false | |
| parameters: | |
| -p ZONE=test -p NAME=${{ github.event.repository.name }} | |
| -p ORACLE_DB_USER=${{ secrets.DB_USER }} | |
| -p ORACLE_DB_PASSWORD='${{ secrets.DB_PASSWORD }}' | |
| -p FORESTCLIENTAPI_KEY='${{ secrets.FORESTCLIENTAPI_KEY }}' | |
| -p AWS_KINESIS_STREAM='${{ secrets.AWS_KINESIS_STREAM }}' | |
| -p AWS_KINESIS_ROLE_ARN='${{ secrets.AWS_KINESIS_ROLE_ARN }}' | |
| -p AWS_ACCESS_KEY_ID=${{ secrets.AWS_ACCESS_KEY_ID }} | |
| -p AWS_ACCESS_KEY_SECRET='${{ secrets.AWS_ACCESS_KEY_SECRET }}' | |
| deploy-test: | |
| name: TEST Deployment | |
| needs: [init-test] | |
| environment: test | |
| runs-on: ubuntu-22.04 | |
| strategy: | |
| matrix: | |
| name: [database, backend, fluentbit, frontend, oracle-api] | |
| include: | |
| - name: database | |
| file: database/openshift.deploy.yml | |
| overwrite: false | |
| - name: backend | |
| file: backend/openshift.deploy.yml | |
| overwrite: true | |
| verification_path: "actuator/health" | |
| parameters: | |
| -p BUILD=test | |
| -p NR_SPAR_BACKEND_ENV_OPENSEARCH=test | |
| - name: fluentbit | |
| file: backend/openshift.fluentbit.yml | |
| overwrite: true | |
| - name: frontend | |
| file: frontend/openshift.deploy.yml | |
| overwrite: true | |
| parameters: | |
| -p VITE_SPAR_BUILD_VERSION=snapshot-test | |
| -p VITE_NRSPARWEBAPP_VERSION=test | |
| -p VITE_KC_URL=https://test.loginproxy.gov.bc.ca/auth | |
| -p VITE_KC_REALM=standard | |
| -p VITE_KC_CLIENT_ID=seed-planning-test-4296 | |
| - name: oracle-api | |
| file: oracle-api/openshift.deploy.yml | |
| overwrite: true | |
| verification_path: "actuator/health" | |
| parameters: | |
| -p NR_SPAR_ORACLE_API_VERSION=snapshot-test | |
| -p SERVICE_NAME=dbq01.nrs.bcgov | |
| steps: | |
| - uses: bcgov-nr/[email protected] | |
| with: | |
| file: ${{ matrix.file }} | |
| oc_namespace: ${{ vars.OC_NAMESPACE }} | |
| oc_server: ${{ vars.OC_SERVER }} | |
| oc_token: ${{ secrets.OC_TOKEN }} | |
| overwrite: ${{ matrix.overwrite }} | |
| penetration_test: false | |
| verification_path: "actuator/health" | |
| parameters: | |
| -p ZONE=test -p NAME=${{ github.event.repository.name }} | |
| ${{ matrix.parameters }} | |
| # api-tests: | |
| # name: Newman API tests runner | |
| # needs: | |
| # - deploy-test | |
| # runs-on: ubuntu-latest | |
| # steps: | |
| # - name: Checkout | |
| # uses: actions/checkout@v4 | |
| # - name: Install Node | |
| # uses: actions/setup-node@v3 | |
| # with: | |
| # node-version: 16 | |
| # - name: Install newman | |
| # run: | | |
| # npm install -g newman | |
| # npm install -g newman-reporter-htmlextra | |
| # - name: Make Directory for Test Results | |
| # run: mkdir -p testArtifacts | |
| # - name: Run Postman Collection | |
| # run: | | |
| # newman run test/postman/starting-api.postman_collection.json -e test/postman/starting-api.postman_environment.json \ | |
| # --env-var "releaseVer=test=${{ env.NR_SPAR_BACKEND_VERSION }}" \ | |
| # --env-var "authServer=${{ secrets.KEYCLOAK_SERVER_REALM }}" \ | |
| # --env-var "authClient=${{ secrets.KC_SERVICE_ACCOUNT_NAME }}" \ | |
| # --env-var "authClient=${{ secrets.KC_SERVICE_ACCOUNT_PASS }}" \ | |
| # --suppress-exit-code -r htmlextra --reporter-htmlextra-export testArtifacts/api-tests-report.html | |
| # - name: Output the results | |
| # uses: actions/upload-artifact@v3 | |
| # with: | |
| # name: API test report | |
| # path: testArtifacts | |
| init-prod: | |
| name: PROD Init | |
| needs: | |
| - deploy-test | |
| environment: prod | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - name: OpenShift Init | |
| uses: bcgov-nr/[email protected] | |
| with: | |
| oc_namespace: ${{ vars.OC_NAMESPACE }} | |
| oc_server: ${{ vars.OC_SERVER }} | |
| oc_token: ${{ secrets.OC_TOKEN }} | |
| file: common/openshift.init.yml | |
| overwrite: false | |
| parameters: | |
| -p ZONE=prod -p NAME=${{ github.event.repository.name }} | |
| -p ORACLE_DB_USER=${{ secrets.DB_USER }} | |
| -p ORACLE_DB_PASSWORD='${{ secrets.DB_PASSWORD }}' | |
| -p FORESTCLIENTAPI_KEY='${{ secrets.FORESTCLIENTAPI_KEY }}' | |
| -p AWS_KINESIS_STREAM='${{ secrets.AWS_KINESIS_STREAM }}' | |
| -p AWS_KINESIS_ROLE_ARN='${{ secrets.AWS_KINESIS_ROLE_ARN }}' | |
| -p AWS_ACCESS_KEY_ID=${{ secrets.AWS_ACCESS_KEY_ID }} | |
| -p AWS_ACCESS_KEY_SECRET='${{ secrets.AWS_ACCESS_KEY_SECRET }}' | |
| deploy-prod: | |
| name: PROD Deployment | |
| needs: | |
| - init-prod | |
| environment: prod | |
| runs-on: ubuntu-22.04 | |
| strategy: | |
| matrix: | |
| name: [database, backend, fluentbit, frontend, oracle-api] | |
| include: | |
| - name: database | |
| file: database/openshift.deploy.yml | |
| overwrite: false | |
| - name: backend | |
| file: backend/openshift.deploy.yml | |
| overwrite: true | |
| verification_path: "actuator/health" | |
| parameters: | |
| -p BUILD=prod | |
| -p ORACLE_SERVER_URL=https://nr-spar-prod-oracle-api.apps.silver.devops.gov.bc.ca | |
| -p NR_SPAR_BACKEND_ENV_OPENSEARCH=production | |
| -p KEYCLOAK_REALM_URL=https://loginproxy.gov.bc.ca/auth/realms/standard | |
| - name: fluentbit | |
| file: backend/openshift.fluentbit.yml | |
| overwrite: true | |
| - name: frontend | |
| file: frontend/openshift.deploy.yml | |
| overwrite: true | |
| parameters: | |
| -p VITE_SPAR_BUILD_VERSION=snapshot-prod | |
| -p VITE_NRSPARWEBAPP_VERSION=prod | |
| -p VITE_KC_URL=https://loginproxy.gov.bc.ca/auth | |
| -p VITE_KC_REALM=standard | |
| -p VITE_KC_CLIENT_ID=seed-planning-test-4296 | |
| -p VITE_ORACLE_SERVER_URL=https://nr-spar-prod-oracle-api.apps.silver.devops.gov.bc.ca | |
| - name: oracle-api | |
| file: oracle-api/openshift.deploy.yml | |
| overwrite: true | |
| verification_path: "actuator/health" | |
| parameters: | |
| -p NR_SPAR_ORACLE_API_VERSION=snapshot-prod | |
| -p SERVICE_NAME=dbq01.nrs.bcgov | |
| steps: | |
| - uses: bcgov-nr/[email protected] | |
| with: | |
| file: ${{ matrix.file }} | |
| oc_namespace: ${{ vars.OC_NAMESPACE }} | |
| oc_server: ${{ vars.OC_SERVER }} | |
| oc_token: ${{ secrets.OC_TOKEN }} | |
| overwrite: ${{ matrix.overwrite }} | |
| penetration_test: false | |
| verification_path: "actuator/health" | |
| parameters: | |
| -p ZONE=prod -p NAME=${{ github.event.repository.name }} | |
| ${{ matrix.parameters }} | |
| image-promotions: | |
| name: Promote Images to PROD | |
| needs: | |
| - deploy-prod | |
| runs-on: ubuntu-22.04 | |
| strategy: | |
| matrix: | |
| component: [backend, database, frontend, oracle-api] | |
| steps: | |
| - uses: shrink/actions-docker-registry-tag@v3 | |
| with: | |
| registry: ghcr.io | |
| repository: ${{ github.repository }}/${{ matrix.component }} | |
| target: test | |
| tags: prod |