Merge branch 'dev' into feature/518-public-keys #2256

Summary
Jobs
- build
Run details
- Usage
- Workflow file

Workflow file for this run

.github/workflows/ci-build-deploy.yaml at 296c7e1

	name: Build and Deploy

	on:
	push:
	branches: [feature/*, dev, test]

	env:
	REGISTRY: ghcr.io
	REGISTRY_USERNAME: ${{ secrets.CONTAINER_REGISTRY_USERNAME }}
	REGISTRY_PASSWORD: ${{ secrets.CONTAINER_REGISTRY_PASSWORD }}

	jobs:
	build:
	runs-on: ubuntu-latest
	steps:
	- name: Docker meta
	id: docker_meta
	uses: docker/metadata-action@v3
	with:
	images: ${{ env.REGISTRY }}/bcgov/api-services-portal/api-services-portal

	- name: Set DEPLOY_ID which will deploy a custom deploy to 'dev' environment
	run: \|
	echo '::set-output name=DEPLOY_ID::${{ steps.docker_meta.outputs.version }}'
	echo '::set-output name=APP_VERSION::${{ fromJSON(steps.docker_meta.outputs.json).labels['org.opencontainers.image.version'] }}'
	echo '::set-output name=APP_REVISION::${{ fromJSON(steps.docker_meta.outputs.json).labels['org.opencontainers.image.revision'] }}'
	id: set-deploy-id

	- name: Get deploy ID
	run: echo "The DEPLOY_ID is ${{ steps.set-deploy-id.outputs.DEPLOY_ID }}"

	- uses: actions/checkout@v2

	- name: Install oc
	uses: redhat-actions/oc-installer@v1
	with:
	version: '4.6'

	- name: Authenticate to silver and set context
	uses: redhat-actions/oc-login@v1
	with:
	openshift_server_url: ${{ secrets.OPENSHIFT_SERVER }}
	openshift_token: ${{ secrets.OPENSHIFT_TOKEN }}

	# Disables SSL cert checking. Use this if you don't have the certificate authority data.
	insecure_skip_tls_verify: true

	namespace: ${{ env.OPENSHIFT_NAMESPACE }}

	- name: Login to DockerHub
	uses: docker/login-action@v1
	with:
	registry: ${{ env.REGISTRY }}
	username: ${{ env.REGISTRY_USERNAME }}
	password: ${{ env.REGISTRY_PASSWORD }}

	- uses: actions/cache@v2
	with:
	path: /tmp/.buildx-cache
	key: ${{ runner.os }}-buildx-${{ github.sha }}
	restore-keys: \|
	${{ runner.os }}-buildx-

	- name: Set up Docker Buildx
	id: buildx
	uses: docker/setup-buildx-action@v1

	- name: Build
	uses: docker/build-push-action@v2
	with:
	cache-from: type=local,src=/tmp/.buildx-cache
	cache-to: type=local,dest=/tmp/.buildx-cache
	context: .
	file: Dockerfile
	tags: ${{ steps.docker_meta.outputs.tags }}
	load: true
	build-args: \|
	GITHUB_API_TOKEN=${{ secrets.CONTAINER_REGISTRY_PASSWORD }}
	APP_VERSION=${{ steps.set-deploy-id.outputs.APP_VERSION }}
	APP_REVISION=${{ steps.set-deploy-id.outputs.APP_REVISION }}

	- name: Push
	run: docker push ${{ steps.docker_meta.outputs.tags }}

	- name: 'Get Helm'
	if: github.ref != 'refs/heads/dev'
	run: \|
	curl -L -O https://get.helm.sh/helm-v3.4.2-linux-amd64.tar.gz
	tar -xf helm-v3.4.2-linux-amd64.tar.gz

	- name: 'Deploy Database'
	if: github.ref != 'refs/heads/dev'
	run: \|
	export PATH=$PATH:`pwd`/linux-amd64

	echo '
	image:
	registry: docker.pkg.github.com
	repository: bcgov-dss/api-serv-infra/mongodb
	tag: 5.0-7a639fba
	pullPolicy: IfNotPresent
	pullSecrets:
	- dev-github-read-packages-creds

	auth:
	rootPassword: "s3cr3t"

	serviceAccount:
	create: false
	name: asp-service-account

	arbiter:
	enabled: false

	rbac:
	create: true

	updateStrategy:
	type: RollingUpdate
	rollingUpdate:
	maxSurge: 0
	maxUnavailable: 100%

	readinessProbe:
	timeoutSeconds: 30
	periodSeconds: 120

	livenessProbe:
	timeoutSeconds: 30
	periodSeconds: 120

	persistence:
	enabled: true
	size: 2Gi

	resources:
	requests:
	cpu: 85m
	memory: 480M
	limits:
	cpu: 300m
	memory: 720M

	podSecurityContext:
	enabled: true
	fsGroup: ${{ secrets.RUNNING_UID_GID }}

	containerSecurityContext:
	enabled: true
	runAsUser: ${{ secrets.RUNNING_UID_GID }}
	' > values.yaml
	helm repo add bitnami https://charts.bitnami.com/bitnami
	helm upgrade --install proto-asp-${{ steps.set-deploy-id.outputs.DEPLOY_ID }}-db --version 12.1.31 -f values.yaml --history-max 3 bitnami/mongodb

	- name: 'Deploy Backend'
	if: github.ref != 'refs/heads/dev'
	run: \|
	export PATH=$PATH:`pwd`/linux-amd64

	echo "
	podAnnotations:
	sha: $GITHUB_SHA

	replicaCount: 1

	rollingUpdate:
	maxUnavailable: 100%
	maxSurge: 0%

	image:
	repository: ${{ env.REGISTRY }}/bcgov/api-services-portal/api-services-portal
	tag: ${{ steps.set-deploy-id.outputs.DEPLOY_ID }}
	pullPolicy: Always

	imagePullSecrets:
	- name: dev-github-read-packages-creds

	podSecurityContext:
	fsGroup: ${{ secrets.RUNNING_UID_GID }}

	securityContext:
	runAsUser: ${{ secrets.RUNNING_UID_GID }}

	containerPort: 3000

	resources:
	requests:
	cpu: 20m
	memory: 400M
	limits:
	cpu: 100m
	memory: 800M

	serviceAccount:
	create: false
	name: asp-service-account

	oauthProxy:
	enabled: true
	image:
	repository: ${{ env.REGISTRY }}/bcgov-dss/api-serv-infra/oauth2-proxy
	tag: 7.2.1-8c743f0c
	pullPolicy: IfNotPresent

	config:
	upstream: http://127.0.0.1:3000
	client-id: ${{ secrets.OIDC_CLIENT_ID }}
	client-secret: ${{ secrets.OIDC_CLIENT_SECRET }}
	oidc-issuer-url: ${{ secrets.OIDC_ISSUER }}
	redirect-url: https://api-services-portal-${{ steps.set-deploy-id.outputs.DEPLOY_ID }}.apps.silver.devops.gov.bc.ca/oauth2/callback
	skip-auth-regex: '/login\|/health\|/public\|/docs\|/redirect\|/_next\|/images\|/devportal\|/manager\|/about\|/maintenance\|/admin/session\|/ds/api\|/feed/\|/signout\|/content\|^[/]$'
	whitelist-domain: authz-apps-gov-bc-ca.dev.api.gov.bc.ca
	skip-provider-button: 'true'
	profile-url: ${{ secrets.OIDC_ISSUER }}/protocol/openid-connect/userinfo
	insecure-oidc-allow-unverified-email: 'true'
	oidc-email-claim: 'sub'
	pass-basic-auth: 'false'
	pass-access-token: 'true'
	set-xauthrequest: 'true'
	skip-jwt-bearer-tokens: 'false'
	set-authorization-header: 'false'
	pass-authorization-header: 'false'
	env:
	SESSION_SECRET:
	value: '234873290483290'
	secure: true
	AUTH_STRATEGY:
	value: Oauth2Proxy
	KONG_URL:
	value: '${{ secrets.KONG_URL_DEV}}'
	MONGO_URL:
	value: 'mongodb://proto-asp-${{ steps.set-deploy-id.outputs.DEPLOY_ID }}-db-mongodb:27017'
	MONGO_USER:
	value: root
	secure: true
	MONGO_PASSWORD:
	value: s3cr3t
	secure: true
	FEEDER_URL:
	value: 'http://proto-asp-${{ steps.set-deploy-id.outputs.DEPLOY_ID }}-feeder-generic-api'
	GITHUB_API_TOKEN:
	value: '${{ secrets.GH_TOKEN_FOR_CONTENT}}'
	secure: true
	OIDC_ISSUER:
	value: '${{ secrets.OIDC_ISSUER }}'
	JWKS_URL:
	value: '${{ secrets.OIDC_ISSUER }}/protocol/openid-connect/certs'
	EXTERNAL_URL:
	value: 'https://api-services-portal-${{ steps.set-deploy-id.outputs.DEPLOY_ID }}.apps.silver.devops.gov.bc.ca'
	SSR_API_ROOT:
	value: 'http://localhost:7999'
	NEXT_PUBLIC_API_ROOT:
	value: 'https://api-services-portal-${{ steps.set-deploy-id.outputs.DEPLOY_ID }}.apps.silver.devops.gov.bc.ca'
	NEXT_PUBLIC_GRAFANA_URL:
	value: 'https://grafana-apps-gov-bc-ca.dev.api.gov.bc.ca'
	NEXT_PUBLIC_KUBE_CLUSTER:
	value: 'feature-silver'
	NEXT_PUBLIC_HELP_DESK_URL:
	value: 'https://dpdd.atlassian.net/servicedesk/customer/portal/1/group/2'
	NEXT_PUBLIC_HELP_CHAT_URL:
	value: 'https://chat.developer.gov.bc.ca/channel/aps-ops'
	NEXT_PUBLIC_HELP_ISSUE_URL:
	value: 'https://github.com/bcgov/api-services-portal/issues'
	NEXT_PUBLIC_HELP_API_DOCS_URL:
	value: '/ds/api/v2/console/'
	NEXT_PUBLIC_HELP_SUPPORT_URL:
	value: 'https://bcgov.github.io/aps-infra-platform/'
	NEXT_PUBLIC_HELP_RELEASE_URL:
	value: 'https://bcgov.github.io/aps-infra-platform/releases/'
	NEXT_PUBLIC_HELP_STATUS_URL:
	value: 'https://uptime.com/s/bcgov-dss'
	NEXT_PUBLIC_DEVELOPER_IDS:
	value: 'idir,bceid,bcsc,github'
	NEXT_PUBLIC_PROVIDER_IDS:
	value: 'idir'
	NEXT_PUBLIC_ACCOUNT_BCEID_URL:
	value: 'https://www.test.bceid.ca/logon.aspx?returnUrl=/profile_management'
	NEXT_PUBLIC_ACCOUNT_BCSC_URL:
	value: 'https://id.gov.bc.ca/account/'
	GWA_API_URL:
	value: 'https://gwa-api-gov-bc-ca.dev.api.gov.bc.ca'
	GWA_PROD_ENV_SLUG:
	value: 'FB000000'
	GWA_RES_SVR_CLIENT_ID:
	value: '${{ secrets.OIDC_CLIENT_ID }}'
	secure: true
	GWA_RES_SVR_CLIENT_SECRET:
	value: '${{ secrets.OIDC_CLIENT_SECRET }}'
	secure: true
	KEYCLOAK_AUTH_URL:
	value: '${{ secrets.KEYCLOAK_AUTH }}'
	KEYCLOAK_REALM:
	value: '${{ secrets.KEYCLOAK_REALM }}'
	COOKIE_SECURE:
	value: 'true'
	LOG_LEVEL:
	value: 'debug'
	DISABLE_LOGGING:
	value: 'true'
	EMAIL_ENABLED:
	value: 'true'
	EMAIL_FROM:
	value: 'API.Services.Portal@gov.bc.ca'
	EMAIL_HOST:
	value: 'apps.smtp.gov.bc.ca'

	readinessProbe:
	exec:
	command:
	- sh
	- -c
	- 'state=\$(curl -XGET -m 2 --silent -f -H \"Accept: application/json\" http://localhost:3000/health \| jq -r \".status \| ascii_downcase\"); if [ ! \"\$state\" == \"ready\" ]; then exit 1; fi'
	timeoutSeconds: 3
	periodSeconds: 10

	" > values.yaml

	helm repo add bcgov http://bcgov.github.io/helm-charts
	helm upgrade --install proto-asp-${{ steps.set-deploy-id.outputs.DEPLOY_ID }} -f values.yaml --history-max 3 bcgov/generic-api

	- name: 'Deploy Routes'
	if: github.ref != 'refs/heads/dev'
	run: \|
	export PATH=$PATH:`pwd`/linux-amd64

	echo "
	routes:
	- host: api-services-portal-${{ steps.set-deploy-id.outputs.DEPLOY_ID }}.apps.silver.devops.gov.bc.ca
	targetPort: http
	service: proto-asp-${{ steps.set-deploy-id.outputs.DEPLOY_ID }}-generic-api
	wildcardPolicy: None
	tls:
	termination: edge
	" > values.yaml
	helm repo add bcgov http://bcgov.github.io/helm-charts
	helm upgrade --install proto-asp-${{ steps.set-deploy-id.outputs.DEPLOY_ID }}-routes -f values.yaml --history-max 3 bcgov/ocp-route

	- name: 'Seed Data'
	if: github.ref != 'refs/heads/dev'
	run: \|
	export PATH=$PATH:`pwd`/linux-amd64

	cd .github/workflows
	SERVICE=proto-asp-${{ steps.set-deploy-id.outputs.DEPLOY_ID }}-feeder-generic-api \
	PORTAL_URL=https://api-services-portal-${{ steps.set-deploy-id.outputs.DEPLOY_ID }}.apps.silver.devops.gov.bc.ca \
	OIDC_ISSUER=${{ secrets.OIDC_ISSUER }} \
	OIDC_CLIENT_ID=${{ secrets.OIDC_CLIENT_ID }} \
	OIDC_CLIENT_SECRET=${{ secrets.OIDC_CLIENT_SECRET }} \
	./scripts/init.sh

	- name: Authenticate to Gold and set context
	if: github.ref == 'refs/heads/test'
	uses: redhat-actions/oc-login@v1
	with:
	openshift_server_url: ${{ secrets.OPENSHIFT_GOLD_SERVER }}
	openshift_token: ${{ secrets.OPENSHIFT_GOLD_TOKEN }}
	insecure_skip_tls_verify: true
	namespace: ${{ secrets.OPENSHIFT_GOLD_TEST_NAMESPACE }}

	- name: 'Restart Portal in Gold Test Namespace'
	if: github.ref == 'refs/heads/test'
	run: \|
	oc rollout restart deployment/bcgov-aps-portal-generic-api -n ${{ secrets.OPENSHIFT_GOLD_TEST_NAMESPACE }}

	- name: 'Create Pull Request for Release'
	if: github.ref == 'refs/heads/test'
	uses: actions/github-script@v6
	with:
	script: \|
	const { repo, owner } = context.repo;
	const openPrs = await github.rest.pulls.list({
	owner,
	repo,
	head: '${{ github.ref_name }}',
	base: 'main',
	state: 'open'
	})

	if(openPrs.data.length === 0){
	await github.rest.pulls.create({
	title: 'Create Latest Release',
	owner,
	repo,
	head: '${{ github.ref_name }}',
	base: 'main',
	body: [
	'This Pull Request is auto-created by [actions/github-script](https://github.com/actions/github-script).',
	'Please update this PR with appropriate labels to target specific type of release'
	].join('\n\n'),
	draft: true
	});
	} else {
	console.log("There is already an open Pull Request in place.\n")
	openPrs.data.forEach((item) => {
	console.log(item.html_url)
	})
	}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Merge branch 'dev' into feature/518-public-keys #2256

Workflow file

Merge branch 'dev' into feature/518-public-keys #2256

Jobs

Run details

Workflow file for this run