Merge branch 'main' into renovate/major-vite

bcgov · Jan 4, 2024 · b1bf4b6 · b1bf4b6
2 parents ef39109 + 55a127c
commit b1bf4b6
Show file tree

Hide file tree

Showing 37 changed files with 15,244 additions and 8,102 deletions.
diff --git a/.github/codeowners b/.github/codeowners
@@ -0,0 +1,7 @@
+# Matched against repo root (asterisk)
+# *                         @mishraomp @DerekRoberts
+
+# Matched against directories
+# /.github/workflows/       @mishraomp @DerekRoberts
+
+# See https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners
diff --git a/.github/workflows/.deploy.yml b/.github/workflows/.deploy.yml
@@ -1,29 +1,37 @@
-name: Deploy Workflow
+name: .Deploys
 
 on:
   workflow_call:
     inputs:
       ### Required
-      target:
-        description: 'PR number, test or prod.'
+      release:
+        description: Deployment release; usually PR number, test or prod
         required: true
         type: string
 
       ### Typical / recommended
       autoscaling:
-        description: 'Autoscaling enabled or not for the deployments'
+        description: Autoscaling enabled or not for the deployments
         required: false
-        type: boolean
+        type: string
         default: true
+      environment:
+        description: Environment name; omit for PRs
+        required: false
+        type: string
       tag:
-        description: 'Docker tag; e.g. PR number, tag, test or prod'
+        description: Container tag; usually PR number
         required: false
         type: string
         default: ${{ github.event.number }}
+      triggers:
+        description: Paths to trigger a deploy; omit=always; e.g. ('backend/' 'frontend/')
+        required: false
+        type: string
 
       ### Usually a bad idea / not recommended
       directory:
-        description: 'Chart directory.'
+        description: 'Chart directory'
         default: 'charts/${{ github.event.repository.name }}'
         required: false
         type: string
@@ -33,49 +41,92 @@ on:
         required: false
         type: number
       values:
-        description: 'Values file.'
+        description: 'Values file'
         default: 'values.yaml'
         required: false
         type: string
+      params:
+        description: 'Extra parameters to pass to helm upgrade'
+        default: ''
+        required: false
+        type: string
+
+env:
+  repo_release: ${{ github.event.repository.name }}-${{ inputs.release }}
+  package_tag: ${{ inputs.tag }}
 
 jobs:
-  # https://github.com/bcgov-nr/action-deployer-openshift
   deploys:
     name: Helm
-    environment: ${{ github.event.number || github.event.release.tag_name }}
+    environment: ${{ inputs.environment }}
     runs-on: ubuntu-22.04
     timeout-minutes: ${{ inputs.timeout-minutes }}
     steps:
       - uses: actions/checkout@v4
-      - name: Deploy
+      - name: Check Deployment Triggers
+        id: triggers
+        run: |
+          # Expand for trigger processing
+
+          # Always deploy if no triggers are provided
+          if [ -z "${{ inputs.triggers }}" ]; then
+            echo "Always deploy when no triggers are provided"
+            echo "triggered=true" >> $GITHUB_OUTPUT
+            exit 0
+          fi
+
+          # Deploy if changed files (git diff) match triggers
+          TRIGGERS=${{ inputs.triggers }}
+          git fetch origin ${{ github.event.repository.default_branch }}
+          while read -r check; do
+            for t in "${TRIGGERS[@]}"; do
+              if [[ "${check}" =~ "${t}" ]]; then
+                  echo "Build triggered based on git diff"
+                  echo -e "${t}\n --> ${check}"
+                  echo "triggered=true" >> $GITHUB_OUTPUT
+                  exit 0
+              fi
+            done
+          done < <(git diff origin/${{ github.event.repository.default_branch }} --name-only)
+
+          # If here skip deployment
+          echo "No triggers have fired, deployment skipped"
+
+      - name: Deploy if Triggers Fired
+        if: ${{ steps.triggers.outputs.triggered == 'true' }}
         working-directory: ${{ inputs.directory }}
         shell: bash
         run: |
-          # Login to OpenShift (NOTE: project command is a safeguard)
           oc login --token=${{ secrets.oc_token }} --server=${{ vars.oc_server }}
-          oc project ${{ vars.oc_namespace }}
+          oc project ${{ vars.OC_NAMESPACE }} # Safeguard!
 
           # Interrupt any previous jobs (status = pending-upgrade)
-          PREVIOUS=$(helm status ${{ github.event.repository.name }}-${{ inputs.target }} -o json | jq .info.status || true)
+          PREVIOUS=$(helm status ${{ env.repo_release }} -o json | jq .info.status || true)
           if [[ ${PREVIOUS} =~ pending ]]; then
             echo "Rollback triggered"
-            helm rollback ${{ github.event.repository.name }}-${{ inputs.target }} || \
-              helm uninstall ${{ github.event.repository.name }}-${{ inputs.target }}
+            helm rollback ${{ env.repo_release }} || \
+              helm uninstall ${{ env.repo_release }}
           fi
 
           # Deploy Helm Chart
           helm dependency update
+          helm package --app-version="${{ env.package_tag }}" --version=${{ inputs.tag }} .
+          
           helm upgrade \
             --set global.autoscaling=${{ inputs.autoscaling }} \
             --set-string global.repository=${{ github.repository }} \
             --set-string global.secrets.databasePassword=${{ secrets.DB_PASSWORD }} \
-            --set-string global.tag="${{ inputs.target }}" \
-            --set-string backend.containers[0].tag="${{ inputs.target }}" \
-            --set-string backend.initContainers[0].tag="${{ inputs.target }}" \
-            --set-string frontend.containers[0].tag="${{ inputs.target }}" \
-            --install --wait --atomic ${{ github.event.repository.name }}-${{ inputs.target }} \
+            --set-string backend.containers[0].tag="${{ env.package_tag }}" \
+            --set-string backend.initContainers[0].tag="${{ env.package_tag }}" \
+            --set-string frontend.containers[0].tag="${{ env.package_tag }}" \
+            ${{ inputs.params }} \
+            --install --wait --atomic  ${{ env.repo_release }} \
             --timeout ${{ inputs.timeout-minutes }}m \
-            --values ${{ inputs.values }} .
+            --values ${{ inputs.values }} \
+            ./${{ github.event.repository.name }}-${{ inputs.tag }}.tgz
 
+          # print history 
+          helm history ${{ env.repo_release }}
+          
           # Remove old build runs, build pods and deployment pods
           oc delete po --field-selector=status.phase==Succeeded
diff --git a/.github/workflows/.tests.yml b/.github/workflows/.tests.yml
@@ -1,11 +1,11 @@
-name: Test Workflow
+name: .Tests
 
 on:
   workflow_call:
     inputs:
       ### Required
       target:
-        description: 'PR number, test or prod.'
+        description: PR number, test or prod
         required: true
         type: string
 
@@ -66,7 +66,7 @@ jobs:
           working-directory: ./frontend
           browser: ${{ matrix.browser }}
 
-      - uses: actions/upload-artifact@v3
+      - uses: actions/upload-artifact@v4
         if: failure()
         with:
           name: cypress-screenshots

diff --git a/.github/workflows/analysis.yml b/.github/workflows/analysis.yml
@@ -3,6 +3,7 @@ name: Analysis
 on:
   push:
     branches: [main]
+  merge_group:
   pull_request:
     types: [opened, reopened, synchronize, ready_for_review]
   schedule:
@@ -16,30 +17,30 @@ concurrency:
 jobs:
   codeql:
     name: CodeQL
-    if: github.event_name != 'pull_request' || !github.event.pull_request.draft
+    if: ${{ ! github.event.pull_request.draft }}
     runs-on: ubuntu-22.04
     timeout-minutes: 5
     steps:
       - uses: actions/checkout@v4
-      - uses: github/codeql-action/init@v2
+      - uses: github/codeql-action/init@v3
         with:
           languages: javascript
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v2
+        uses: github/codeql-action/analyze@v3
         with:
           category: "/language:javascript"
 
   # https://github.com/marketplace/actions/aqua-security-trivy
   trivy:
     name: Trivy Security Scan
-    if: github.event_name != 'pull_request' || !github.event.pull_request.draft
+    if: ${{ ! github.event.pull_request.draft }}
     runs-on: ubuntu-22.04
     timeout-minutes: 1
     steps:
       - uses: actions/checkout@v4
       - name: Run Trivy vulnerability scanner in repo mode
-        uses: aquasecurity/trivy-action@0.14.0
+        uses: aquasecurity/trivy-action@0.16.1
         with:
           format: "sarif"
           output: "trivy-results.sarif"
@@ -49,21 +50,19 @@ jobs:
           severity: "CRITICAL,HIGH"
 
       - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@v3
         with:
           sarif_file: "trivy-results.sarif"
 
   tests:
     name: Tests
-    if: github.event_name != 'pull_request' || !github.event.pull_request.draft
+    if: ${{ ! github.event.pull_request.draft }}
     runs-on: ubuntu-22.04
     timeout-minutes: 5
     services:
       postgres:
         image: postgres
         env:
-          POSTGRES_DB: postgres
-          POSTGRES_USER: postgres
           POSTGRES_PASSWORD: postgres
         options: >-
           --health-cmd pg_isready
@@ -77,13 +76,9 @@ jobs:
         dir: [backend, frontend]
         include:
           - dir: backend
-            sonar_projectKey: quickstart-openshift_backend
             token: SONAR_TOKEN_BACKEND
-            triggers: ('backend/')
           - dir: frontend
-            sonar_projectKey: quickstart-openshift_frontend
             token: SONAR_TOKEN_FRONTEND
-            triggers: ('frontend/')
     steps:
       - uses: bcgov-nr/action-test-and-analyse@v1.1.0
         with:
@@ -95,9 +90,17 @@ jobs:
           sonar_args: >
             -Dsonar.exclusions=**/coverage/**,**/node_modules/**,**/*spec.ts
             -Dsonar.organization=bcgov-sonarcloud
-            -Dsonar.projectKey=${{ matrix.sonar_projectKey }}
+            -Dsonar.projectKey=quickstart-openshift_${{ matrix.dir }}
             -Dsonar.sources=src
             -Dsonar.tests.inclusions=**/*spec.ts
             -Dsonar.javascript.lcov.reportPaths=./coverage/lcov.info
           sonar_token: ${{ secrets[matrix.token] }}
-          triggers: ${{ matrix.triggers }}
+          triggers: ('${{ matrix.dir }}/')
+
+  results:
+    name: Results
+    needs: [codeql, trivy, tests]
+    runs-on: ubuntu-22.04
+    timeout-minutes: 1
+    steps:
+      - run: echo "Success!"
diff --git a/.github/workflows/load-test.yml b/.github/workflows/load-test.yml
@@ -0,0 +1,42 @@
+# Run the Load Test with manual workflow dispatch.
+name: Load Test
+
+on:
+  workflow_dispatch:
+    inputs:
+      vu:
+        description: 'Number of virtual users to simulate'
+        required: false
+        type: number
+        default: 10
+      duration:
+        description: 'Duration of the test in seconds'
+        required: false
+        type: number
+        default: 30
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  load-test:
+    runs-on: ubuntu-latest
+    name: Load Test
+    env:
+      DOMAIN: apps.silver.devops.gov.bc.ca
+      PREFIX: ${{ github.event.repository.name }}-test
+    strategy:
+      matrix:
+        name: [backend, frontend]
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Run k6 local test
+        uses: grafana/k6-action@v0.3.1
+        with:
+          filename: ./load-test/${{ matrix.name }}-test.js
+          flags: --vus ${{ github.event.inputs.vu }} --duration ${{ github.event.inputs.duration }}s
+        env:
+          BACKEND_URL: https://${{ env.PREFIX }}-frontend.${{ env.DOMAIN }}/api
+          FRONTEND_URL: https://${{ env.PREFIX }}-frontend.${{ env.DOMAIN }}