Merge pull request #1361 from bcgov/test

Create Latest Release

Author: rustyjux

.env.local

@@ -36,7 +36,7 @@ NEXT_PUBLIC_HELP_ISSUE_URL=https://github.com/bcgov/api-services-portal/issues
 NEXT_PUBLIC_HELP_API_DOCS_URL=/ds/api/v3/console/
 NEXT_PUBLIC_HELP_SUPPORT_URL=https://dev.developer.gov.bc.ca/docs/default/component/aps-infra-platform-docs/
 NEXT_PUBLIC_HELP_RELEASE_URL=https://dev.developer.gov.bc.ca/docs/default/component/aps-infra-platform-docs/reference/releases/
-NEXT_PUBLIC_HELP_STATUS_URL=https://uptime.com/s/bcgov-dss
+NEXT_PUBLIC_HELP_STATUS_URL=https://status.api.gov.bc.ca/
 NEXT_PUBLIC_DEVELOPER_IDS=idir,bceid,bcsc,github
 NEXT_PUBLIC_PROVIDER_IDS=idir
 NEXT_PUBLIC_ACCOUNT_BCEID_URL=https://www.test.bceid.ca/logon.aspx?returnUrl=/profile_management

.github/workflows/aps-cypress-e2e.yaml

@@ -16,14 +16,16 @@ env:
   GIT_COMMIT_AUTHOR: ${{ github.actor }}
   GIT_COMMIT_MESSAGE: ${{ github.event.head_commit.message }}
   GIT_REPO_URL: ${{ github.repository }}
+  # Optional: avoids npm 403 from registry when multiple images run npm install in parallel
+  NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
 
 jobs:
   cypress-run:
     runs-on: ubuntu-latest
     steps:
       - name: Build GWA API Image
         run: |
-          git clone https://github.com/bcgov/gwa-api.git --branch v1.0.40
+          git clone https://github.com/bcgov/gwa-api.git --branch v1.0.47
           cd gwa-api/microservices/gatewayApi
           docker build -t gwa-api:e2e .
 

.github/workflows/ci-build-deploy.yaml

@@ -92,65 +92,142 @@ jobs:
         if: github.ref != 'refs/heads/dev'
         run: |
           export PATH=$PATH:`pwd`/linux-amd64
-
-          echo '
-          image:
-            registry: docker.pkg.github.com
-            repository: bcgov-dss/api-serv-infra/mongodb
-            tag: 5.0-7a639fba
-            pullPolicy: IfNotPresent
-            pullSecrets:
-              - dev-github-read-packages-creds
-
-          auth:
-              rootPassword: "s3cr3t"
-
-          serviceAccount:
-              create: false
-              name: asp-service-account
-
-          arbiter:
-              enabled: false
-
-          rbac:
-              create: true
-
-          updateStrategy:
-            type: RollingUpdate
-            rollingUpdate:
-              maxSurge: 0
-              maxUnavailable: 100%
-              
-          readinessProbe:
-            timeoutSeconds: 30
-            periodSeconds: 120
-            
-          livenessProbe:
-            timeoutSeconds: 30
-            periodSeconds: 120
-            
-          persistence:
-              enabled: true
-              size: 2Gi
-
-          resources:
-            requests:
-              cpu: 85m
-              memory: 480M
-            limits:
-              cpu: 300m
-              memory: 720M
-
-          podSecurityContext:
-              enabled: true
-              fsGroup: ${{ secrets.RUNNING_UID_GID }}
-
-          containerSecurityContext:
-              enabled: true
-              runAsUser: ${{ secrets.RUNNING_UID_GID }}
-          ' > values.yaml
-          helm repo add bitnami https://charts.bitnami.com/bitnami
-          helm upgrade --install proto-asp-${{ steps.set-deploy-id.outputs.DEPLOY_ID }}-db --version 12.1.31 -f values.yaml --history-max 3 bitnami/mongodb
+          DEPLOY_ID="${{ steps.set-deploy-id.outputs.DEPLOY_ID }}"
+          DB_NAME="proto-asp-${DEPLOY_ID}-db"
+
+          # ConfigMap to create Keystone user and database on first Postgres start
+          oc create configmap "${DB_NAME}-init" --from-literal=1-init.sql="CREATE ROLE keystonejsuser WITH LOGIN PASSWORD 'keystonejsuser'; CREATE DATABASE keystonejs OWNER keystonejsuser;" --dry-run=client -o yaml | oc apply -f -
+
+          # ConfigMap with Keystone schema (run by Job after Postgres is up)
+          oc create configmap "${DB_NAME}-keystone-schema" --from-file=keystone-init.sql=local/db/keystone-init.sql --dry-run=client -o yaml | oc apply -f -
+
+          # PVC for Postgres data (persistence)
+          cat <<EOF | oc apply -f -
+          apiVersion: v1
+          kind: PersistentVolumeClaim
+          metadata:
+            name: ${DB_NAME}-data
+          spec:
+            accessModes: [ReadWriteOnce]
+            resources:
+              requests:
+                storage: ${{ startsWith(github.ref_name, 'feature/') && '1Gi' || '2Gi' }}
+          EOF
+
+          # Postgres 15 Deployment (public image)
+          cat <<EOF | oc apply -f -
+          apiVersion: apps/v1
+          kind: Deployment
+          metadata:
+            name: ${DB_NAME}
+          spec:
+            replicas: 1
+            selector:
+              matchLabels:
+                app: ${DB_NAME}
+            strategy:
+              type: Recreate
+            template:
+              metadata:
+                labels:
+                  app: ${DB_NAME}
+              spec:
+                containers:
+                  - name: postgres
+                    image: postgres:15
+                    ports:
+                      - containerPort: 5432
+                    env:
+                      - name: POSTGRES_USER
+                        value: postgres
+                      - name: POSTGRES_PASSWORD
+                        value: "s3cr3t"
+                      - name: PGDATA
+                        value: /var/lib/postgresql/data/pgdata
+                    volumeMounts:
+                      - name: data
+                        mountPath: /var/lib/postgresql/data
+                      - name: init
+                        mountPath: /docker-entrypoint-initdb.d
+                    resources:
+                      requests:
+                        cpu: 50m
+                        memory: 128Mi
+                      limits:
+                        memory: 256Mi
+                volumes:
+                  - name: data
+                    persistentVolumeClaim:
+                      claimName: ${DB_NAME}-data
+                  - name: init
+                    configMap:
+                      name: ${DB_NAME}-init
+                readinessProbe:
+                  exec:
+                    command: [pg_isready, -U, postgres]
+                  initialDelaySeconds: 5
+                  periodSeconds: 5
+                  timeoutSeconds: 5
+                livenessProbe:
+                  exec:
+                    command: [pg_isready, -U, postgres]
+                  initialDelaySeconds: 30
+                  periodSeconds: 10
+                  timeoutSeconds: 5
+          EOF
+
+          # Service for Postgres
+          cat <<EOF | oc apply -f -
+          apiVersion: v1
+          kind: Service
+          metadata:
+            name: ${DB_NAME}
+          spec:
+            ports:
+              - port: 5432
+                targetPort: 5432
+                name: postgres
+            selector:
+              app: ${DB_NAME}
+          EOF
+
+          # Wait for Postgres to be ready
+          oc rollout status deployment/${DB_NAME} --timeout=300s
+
+          # Run Keystone schema (Job)
+          cat <<EOF | oc apply -f -
+          apiVersion: batch/v1
+          kind: Job
+          metadata:
+            name: ${DB_NAME}-keystone-init
+          spec:
+            ttlSecondsAfterFinished: 300
+            backoffLimit: 5
+            template:
+              spec:
+                restartPolicy: OnFailure
+                containers:
+                  - name: run-schema
+                    image: postgres:15
+                    command:
+                      - /bin/sh
+                      - -c
+                      - |
+                        until PGPASSWORD=keystonejsuser psql -h ${DB_NAME} -U keystonejsuser -d keystonejs -c '\q' 2>/dev/null; do echo "Waiting for DB..."; sleep 2; done
+                        PGPASSWORD=keystonejsuser psql -h ${DB_NAME} -U keystonejsuser -d keystonejs -f /schema/keystone-init.sql
+                    env:
+                      - name: PGPASSWORD
+                        value: "keystonejsuser"
+                    volumeMounts:
+                      - name: schema
+                        mountPath: /schema
+                volumes:
+                  - name: schema
+                    configMap:
+                      name: ${DB_NAME}-keystone-schema
+          EOF
+
+          oc wait --for=condition=complete job/${DB_NAME}-keystone-init --timeout=300s
 
       - name: 'Deploy Backend'
         if: github.ref != 'refs/heads/dev'
@@ -296,14 +373,20 @@ jobs:
               value: Oauth2Proxy
             KONG_URL:
               value: '${{ secrets.KONG_URL_DEV}}'
-            MONGO_URL:
-              value: 'mongodb://proto-asp-${{ steps.set-deploy-id.outputs.DEPLOY_ID }}-db-mongodb:27017'
-            MONGO_USER:
-              value: root
+            ADAPTER:
+              value: knex
+            KNEX_HOST:
+              value: 'proto-asp-${{ steps.set-deploy-id.outputs.DEPLOY_ID }}-db'
+            KNEX_PORT:
+              value: '5432'
+            KNEX_USER:
+              value: keystonejsuser
               secure: true
-            MONGO_PASSWORD:
-              value: s3cr3t
+            KNEX_PASSWORD:
+              value: keystonejsuser
               secure: true
+            KNEX_DATABASE:
+              value: keystonejs
             FEEDER_URL:
               value: 'http://proto-asp-${{ steps.set-deploy-id.outputs.DEPLOY_ID }}-feeder-generic-api'
             GITHUB_API_TOKEN:
@@ -336,7 +419,7 @@ jobs:
             NEXT_PUBLIC_HELP_RELEASE_URL:
               value: 'https://developer.gov.bc.ca/docs/default/component/aps-infra-platform-docs/reference/releases/'
             NEXT_PUBLIC_HELP_STATUS_URL:
-              value: 'https://uptime.com/s/bcgov-dss'
+              value: 'https://status.api.gov.bc.ca/'
             NEXT_PUBLIC_DEVELOPER_IDS:
               value: 'idir,bceid,bcsc,github'
             NEXT_PUBLIC_PROVIDER_IDS:

.github/workflows/ci-feat-sonar.yaml

@@ -19,9 +19,13 @@ jobs:
         with:
           fetch-depth: 0
 
+      - name: Install deps
+        run: |
+          sudo apt update
+
       - uses: actions/setup-node@v2
         with:
-          node-version: '14'
+          node-version: '22'
 
       - name: Run Tests
         run: |
@@ -36,7 +40,7 @@ jobs:
 
           cd src
 
-          npm i
+          npm i --legacy-peer-deps
           npm run intg-build
           npm test
 
@@ -45,13 +49,6 @@ jobs:
 
       - name: SonarCloud Scan
         uses: sonarsource/sonarqube-scan-action@master
-        with:
-          args: >
-            -Dsonar.organization=bcgov-oss
-            -Dsonar.projectKey=aps-portal
-            -Dsonar.host.url=https://sonarcloud.io
-            -Dsonar.sources=src/auth,src/authz,src/batch,src/services
-            -Dsonar.javascript.lcov.reportPaths=./src/__coverage__/lcov.info
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

.github/workflows/ci-remove.yaml

@@ -2,10 +2,11 @@ name: Delete Deployment
 
 on:
   delete:
-    branches: [dev, main, feature/*]
 
 jobs:
   delete:
+    name: Delete deployment
+    if: github.event.ref_type == 'branch' && (startsWith(github.event.ref, 'refs/heads/feature/') || startsWith(github.event.ref, 'feature/'))
     runs-on: ubuntu-latest
     steps:
       - name: Set DEPLOY_ID which will delete a custom deploy from 'dev' environment
@@ -41,11 +42,23 @@ jobs:
           curl -L -O https://get.helm.sh/helm-v3.4.2-linux-amd64.tar.gz
           tar -xf helm-v3.4.2-linux-amd64.tar.gz
 
-      - name: 'Delete ALL'
+      - name: 'Delete DB (Postgres k8s resources)'
+        run: |
+          DEPLOY_ID="${{ steps.set-deploy-id.outputs.DEPLOY_ID }}"
+          DB_NAME="proto-asp-${DEPLOY_ID}-db"
+          oc delete deployment "${DB_NAME}" --ignore-not-found=true
+          oc delete service "${DB_NAME}" --ignore-not-found=true
+          oc delete pvc "${DB_NAME}-data" --ignore-not-found=true
+          oc delete configmap "${DB_NAME}-init" "${DB_NAME}-keystone-schema" --ignore-not-found=true
+          oc delete job "${DB_NAME}-keystone-init" --ignore-not-found=true
+
+      - name: 'Delete ALL (Helm releases)'
         run: |
           export PATH=$PATH:`pwd`/linux-amd64
 
-          helm delete proto-asp-${{ steps.set-deploy-id.outputs.DEPLOY_ID }}-db
+          # for old MongoDB Helm releases
+          helm delete proto-asp-${{ steps.set-deploy-id.outputs.DEPLOY_ID }}-db --ignore-not-found
+
           helm delete proto-asp-${{ steps.set-deploy-id.outputs.DEPLOY_ID }}
           helm delete proto-asp-${{ steps.set-deploy-id.outputs.DEPLOY_ID }}-routes
           helm delete proto-asp-${{ steps.set-deploy-id.outputs.DEPLOY_ID }}-feeder

README.md

@@ -72,8 +72,12 @@ Use the following configuration to run the Portal locally (outside of Docker) ag
 1. Start the OAuth2 Proxy locally:
 
 ```sh
+# mac
 hostip=$(ifconfig en0 | awk '$1 == "inet" {print $2}')
 
+# WSL
+hostip=$(hostname -I | awk '{print $1}')
+
 docker run -ti --rm --name proxy --net=host \
   --add-host portal.localtest.me:$hostip \
   -v `pwd`/local/oauth2-proxy/oauth2-proxy-dev.yaml:/oauth2.yaml \