Merge pull request #1377 from bcgov/dev

KC26, Cypress tests for email notifications

Author: Elson9

.dockerignore

@@ -1,9 +1,10 @@
-src/node_modules
 src/.npm
 src/_tmp
 src/.cache
 src/.config
 src/.nyc_output
 src/dist
 **/.next
-_data
+_data
+**/node_modules
+__coverage__

.env.local

@@ -20,9 +20,16 @@ GWA_RES_SVR_CLIENT_ID=gwa-api
 GWA_RES_SVR_CLIENT_SECRET=18900468-3db1-43f7-a8af-e75f079eb742
 KEYCLOAK_AUTH_URL=http://keycloak.localtest.me:9081/auth
 KEYCLOAK_REALM=master
-EMAIL_ENABLED=false
+EMAIL_ENABLED=true
+EMAIL_HOST=mailpit.localtest.me
+EMAIL_PORT=1025
+EMAIL_SECURE=false
+EMAIL_FROM=noreply@api.gov.bc.ca
+EMAIL_USER=
+EMAIL_PASS=
 EXTERNAL_URL=http://oauth2proxy.localtest.me:4180
 OIDC_ISSUER=http://keycloak.localtest.me:9081/auth/realms/master
+OIDC_CLIENT_ID=aps-portal
 LOCAL_ENV=true
 WORKING_PATH=/tmp
 DESTINATION_URL=

.github/workflows/aps-cypress-e2e.yaml

@@ -25,7 +25,7 @@ jobs:
     steps:
       - name: Build GWA API Image
         run: |
-          git clone https://github.com/bcgov/gwa-api.git --branch v1.0.47
+          git clone https://github.com/bcgov/gwa-api.git --branch dev
           cd gwa-api/microservices/gatewayApi
           docker build -t gwa-api:e2e .
 

.github/workflows/ci-build-deploy.yaml

@@ -54,7 +54,7 @@ jobs:
           username: ${{ env.REGISTRY_USERNAME }}
           password: ${{ env.REGISTRY_PASSWORD }}
 
-      - uses: actions/cache@v3
+      - uses: actions/cache@v4
         with:
           path: /tmp/.buildx-cache
           key: ${{ runner.os }}-buildx-${{ github.sha }}
@@ -318,6 +318,9 @@ jobs:
                     - name: X-Forwarded-Access-Token
                       values:
                         - claim: access_token
+                    - name: X-Forwarded-Id-Token
+                      values:
+                        - claim: IDToken
                   injectResponseHeaders: []
                   metricsServer:
                     BindAddress: ""
@@ -394,6 +397,8 @@ jobs:
               secure: true
             OIDC_ISSUER:  
               value: '${{ secrets.OIDC_ISSUER }}'
+            OIDC_CLIENT_ID:
+              value: '${{ secrets.OIDC_CLIENT_ID }}'
             JWKS_URL:
               value: '${{ secrets.OIDC_ISSUER }}/protocol/openid-connect/certs'
             EXTERNAL_URL:

.github/workflows/ci-build-feeders.yaml

@@ -38,7 +38,7 @@ jobs:
           username: ${{ env.REGISTRY_USERNAME }}
           password: ${{ env.REGISTRY_PASSWORD }}
 
-      - uses: actions/cache@v3
+      - uses: actions/cache@v4
         with:
           path: /tmp/.buildx-cache
           key: ${{ runner.os }}-buildx-${{ github.sha }}

.github/workflows/ci-build-only.yaml

@@ -46,7 +46,7 @@ jobs:
           username: ${{ env.REGISTRY_USERNAME }}
           password: ${{ env.REGISTRY_PASSWORD }}
 
-      - uses: actions/cache@v3
+      - uses: actions/cache@v4
         with:
           path: /tmp/.buildx-cache
           key: ${{ runner.os }}-buildx-${{ github.sha }}

.github/workflows/ci-feat-sonar.yaml

@@ -48,7 +48,14 @@ jobs:
           docker compose down
 
       - name: SonarCloud Scan
-        uses: sonarsource/sonarqube-scan-action@master
+        uses: sonarsource/sonarqube-scan-action@v6
+        with:
+          args: >
+            -Dsonar.organization=bcgov-sonarcloud
+            -Dsonar.projectKey=bcgov_api-services-portal
+            -Dsonar.sources=src/auth,src/authz,src/batch,src/services
+            -Dsonar.javascript.lcov.reportPaths=./src/__coverage__/lcov.info
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+          SONAR_HOST_URL: https://sonarcloud.io

.github/workflows/main.yaml

@@ -44,7 +44,7 @@ jobs:
           echo "::set-output name=APP_REVISION::${GITHUB_SHA}"
         id: set-deploy-id
 
-      - uses: actions/cache@v3
+      - uses: actions/cache@v4
         with:
           path: /tmp/.buildx-cache
           key: ${{ runner.os }}-buildx-${{ github.sha }}

.nvmrc

@@ -1 +1 @@
-v16.15.1
+v22.21.1

docker-compose.yml

@@ -11,39 +11,52 @@ secrets:
 
 services:
   keycloak:
-    image: quay.io/keycloak/keycloak:15.1.1
+    image: keycloak-quarkus:e2e
     container_name: keycloak
-    hostname: keycloak
+    build:
+      context: local/keycloak
+      dockerfile: Dockerfile
+      args:
+        - KC_VERSION=${KC_VERSION:-26.5.3}
     depends_on:
       kong-db:
         condition: service_healthy
+    environment:
+      KC_BOOTSTRAP_ADMIN_USERNAME: admin
+      KC_BOOTSTRAP_ADMIN_PASSWORD: local
+    # Keycloak 26 Hostname v2: --hostname accepts full URL (host + port + path).
     command:
       [
-        '-b',
-        '0.0.0.0',
-        '-Djboss.socket.binding.port-offset=1001',
-        '-Dkeycloak.migration.action=import',
-        '-Dkeycloak.migration.provider=singleFile',
-        '-Dkeycloak.migration.file=/tmp/realm-config/master-realm.json',
-        '-Dkeycloak.migration.strategy=OVERWRITE_EXISTING',
-        '-Dkeycloak.profile.feature.upload_scripts=enabled',
+        "start",
+        "--optimized",
+        "--hostname",
+        "http://keycloak.localtest.me:9081/auth",
+        "--db-url",
+        "jdbc:postgresql://kong-db/${KEYCLOAK_DB_NAME:-keycloak}",
+        "--db-username",
+        "keycloakuser",
+        "--db-password",
+        "keycloakuser",
+        "--http-enabled",
+        "true",
+        "--http-port",
+        "9081",
+        "--import-realm",
       ]
-    ports:
-      - 9081:9081/tcp
-    environment:
-      #KEYCLOAK_USER: local
-      #KEYCLOAK_PASSWORD: local
-      DB_VENDOR: POSTGRES
-      DB_SCHEMA: public
-      DB_ADDR: kong-db:5432
-      DB_USER: keycloakuser
-      DB_PASSWORD: keycloakuser
     volumes:
-      - ./local/keycloak/master-realm.json:/tmp/realm-config/master-realm.json
+      - ./local/keycloak/master-realm.json:/opt/keycloak/data/import/master-realm.json
+    ports:
+      - 9081:9081
+      - 9000:9000
     networks:
       aps-net:
         aliases:
           - keycloak.localtest.me
+    healthcheck:
+      test: timeout 10s bash -c ':> /dev/tcp/localhost/9081'
+      interval: 5s
+      timeout: 5s
+      retries: 5
   oauth2-proxy:
     image: quay.io/oauth2-proxy/oauth2-proxy:v7.8.1
     container_name: oauth2-proxy
@@ -62,7 +75,7 @@ services:
           - oauth2proxy.localtest.me
   apsportal:
     container_name: apsportal
-    image: apsportal:latest
+    image: apsportal:${APSPORTAL_TAG:-latest}
     depends_on:
       - keycloak
     build:
@@ -198,7 +211,7 @@ services:
         aliases:
           - redis-master
   gwa-api:
-    image: gwa-api:e2e
+    image: gwa-api:${GWA_API_TAG:-e2e}
     container_name: gwa-api
     entrypoint: sh -c "chmod +x /tmp/gwa/entrypoint.sh && sh /tmp/gwa/entrypoint.sh"
     ports:
@@ -289,5 +302,17 @@ services:
     profiles:
       - testsuite
 
+  mailpit:
+    image: axllent/mailpit:latest
+    container_name: mailpit
+    restart: unless-stopped
+    ports:
+      - '1025:1025'  # SMTP port for receiving emails
+      - '8025:8025'  # Web UI for viewing emails
+    networks:
+      aps-net:
+        aliases:
+          - mailpit.localtest.me
+
 networks:
   aps-net: {}