This is the primary repository for the BC Gov DevHub application. This is a mono repo holding multiple services that are coupled together. More details can be found in the schematic
The Devhub has a ton of components that are stiched together that need to be deployed in a specific order. The best way to accomplish is is to first deploy the CI/CD pipelines (deploy-tron) to perform the work for you.
- Obtain a Openshift Project Set (dev, test, tools, prod)
- Apply for a realm in the 3 SSO instances (dev, test, prod)
- Setup Network Policies for each namespace
oc process -f openshift/templates/supporting-infrastructure/networkpolicy.yaml -p APP_NAME=platform-services -p NAMESPACE=<namespace> -p ENVIRONMENT=dev | oc apply -f - -n <namespace>-dev - Create a Service Account in the Dev SSO instance to perform the automated client creation in the CI/CD workflow. Ensure you have enough priviledges to
manage clientswith this service account!- when you have the service account user those credentials to create a secret in the
toolsnamespace.oc process -f openshift/supporting-infrastructure/keycloak.secret.yaml -p KEYCLOAK_CLIENT_ID=... -p KEYCLOAK_CLIENT_SECRET=... | oc apply -f -This is for long term storage.
- when you have the service account user those credentials to create a secret in the
- Setup an Algolia Production Account (this costs moolah) and collect your application id, search key and admin api key.
oc process -f openshift/templates/web/algolia-build.secret.yaml \ -p ALGOLIA_ADMIN_KEY= \ -p GATSBY_ALGOLIA_APP_ID= \ -p GATSBY_ALGOLIA_SEARCH_KEY= | oc apply -f - - Create the CI/CD service account that the Github Actions will utilize
oc process -f openshift/templates/supporting-infrastructure/cicd.yaml -p TOOLS_NAMESPACE=<namespace> -p PROD_NAMESPACE=<namespace> -p TEST_NAMESPACE=<namespace> -p DEV_NAMESPACE=<namespace> | oc apply -f -
-
Obtain the SA Name and Credentials
-
Setup your GITHUB secrets so that the CI/CD workflows work correctly. These are the following secrets you will need to add.
ALGOLIA_API_KEY
ALGOLIA_APP_ID
ALGOLIA_SEARCH_KEY
DEV_NAMESPACE
TEST_NAMESPACE
TOOLS_NAMESPACE
PROD_NAMESPACE
# event brite key is optional
EVENT_BRITE_API_KEY
# your key cloack service accout client id
KC_SA_CLIENT_ID
KC_SA_CLIENT_SECRET
# you can obtain the server url by inspecting the --server flag when copy and pasting your oc
# login command
OPENSHIFT_SERVER_URL
OPENSHIFT_SA_NAME
# this is the openshift service account secret token
OPENSHIFT_SA_PASSWORD
# optional as described in schematic.md recommended not to use searchgate
SEARCHGATE_API_URL
SSO_REALM
# please note that your test and prod instances of the SSO_CLIENT should be exactly the same, the dev clients are created dynamically
SSO_CLIENT
- Deploy deploy-tron and setup a Github App for your repository.
deploy tron will be your interface for CD with the devhub front end component
- In order to deploy the Devhub Front End Component you will need to create the s2i builder image in your tools namespace. You can do that easily by
oc process -f https://raw.githubusercontent.com/bcgov/s2i-caddy-nodejs/master/openshift/templates/build.yaml |
oc apply -f -
It's as easy as creating a PR and running them command in your PR @deploy-tron deploy web to dev!