Skip to content

Commit b78f202

Browse files
ikethecoderikethecoder
authored
Merge branch 'dev' into feature/sdx-service
2 parents c47fce4 + b11084f commit b78f202

File tree

116 files changed

+33164
-54028
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

116 files changed

+33164
-54028
lines changed

.dockerignore

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,9 +1,10 @@
1-
src/node_modules
21
src/.npm
32
src/_tmp
43
src/.cache
54
src/.config
65
src/.nyc_output
76
src/dist
87
**/.next
9-
_data
8+
_data
9+
**/node_modules
10+
__coverage__

.env.local

Lines changed: 9 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -20,9 +20,16 @@ GWA_RES_SVR_CLIENT_ID=gwa-api
2020
GWA_RES_SVR_CLIENT_SECRET=18900468-3db1-43f7-a8af-e75f079eb742
2121
KEYCLOAK_AUTH_URL=http://keycloak.localtest.me:9081/auth
2222
KEYCLOAK_REALM=master
23-
EMAIL_ENABLED=false
23+
EMAIL_ENABLED=true
24+
EMAIL_HOST=mailpit.localtest.me
25+
EMAIL_PORT=1025
26+
EMAIL_SECURE=false
27+
EMAIL_FROM=noreply@api.gov.bc.ca
28+
EMAIL_USER=
29+
EMAIL_PASS=
2430
EXTERNAL_URL=http://oauth2proxy.localtest.me:4180
2531
OIDC_ISSUER=http://keycloak.localtest.me:9081/auth/realms/master
32+
OIDC_CLIENT_ID=aps-portal
2633
LOCAL_ENV=true
2734
WORKING_PATH=/tmp
2835
DESTINATION_URL=
@@ -36,7 +43,7 @@ NEXT_PUBLIC_HELP_ISSUE_URL=https://github.com/bcgov/api-services-portal/issues
3643
NEXT_PUBLIC_HELP_API_DOCS_URL=/ds/api/v3/console/
3744
NEXT_PUBLIC_HELP_SUPPORT_URL=https://dev.developer.gov.bc.ca/docs/default/component/aps-infra-platform-docs/
3845
NEXT_PUBLIC_HELP_RELEASE_URL=https://dev.developer.gov.bc.ca/docs/default/component/aps-infra-platform-docs/reference/releases/
39-
NEXT_PUBLIC_HELP_STATUS_URL=https://uptime.com/s/bcgov-dss
46+
NEXT_PUBLIC_HELP_STATUS_URL=https://status.api.gov.bc.ca/
4047
NEXT_PUBLIC_DEVELOPER_IDS=idir,bceid,bcsc,github
4148
NEXT_PUBLIC_PROVIDER_IDS=idir
4249
NEXT_PUBLIC_ACCOUNT_BCEID_URL=https://www.test.bceid.ca/logon.aspx?returnUrl=/profile_management

.github/workflows/aps-cypress-e2e.yaml

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -16,14 +16,16 @@ env:
1616
GIT_COMMIT_AUTHOR: ${{ github.actor }}
1717
GIT_COMMIT_MESSAGE: ${{ github.event.head_commit.message }}
1818
GIT_REPO_URL: ${{ github.repository }}
19+
# Optional: avoids npm 403 from registry when multiple images run npm install in parallel
20+
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
1921

2022
jobs:
2123
cypress-run:
2224
runs-on: ubuntu-latest
2325
steps:
2426
- name: Build GWA API Image
2527
run: |
26-
git clone https://github.com/bcgov/gwa-api.git --branch v1.0.47
28+
git clone https://github.com/bcgov/gwa-api.git --branch dev
2729
cd gwa-api/microservices/gatewayApi
2830
docker build -t gwa-api:e2e .
2931

.github/workflows/ci-build-deploy.yaml

Lines changed: 155 additions & 67 deletions
Original file line numberDiff line numberDiff line change
@@ -54,7 +54,7 @@ jobs:
5454
username: ${{ env.REGISTRY_USERNAME }}
5555
password: ${{ env.REGISTRY_PASSWORD }}
5656

57-
- uses: actions/cache@v3
57+
- uses: actions/cache@v4
5858
with:
5959
path: /tmp/.buildx-cache
6060
key: ${{ runner.os }}-buildx-${{ github.sha }}
@@ -92,65 +92,142 @@ jobs:
9292
if: github.ref != 'refs/heads/dev'
9393
run: |
9494
export PATH=$PATH:`pwd`/linux-amd64
95-
96-
echo '
97-
image:
98-
registry: docker.pkg.github.com
99-
repository: bcgov-dss/api-serv-infra/mongodb
100-
tag: 5.0-7a639fba
101-
pullPolicy: IfNotPresent
102-
pullSecrets:
103-
- dev-github-read-packages-creds
104-
105-
auth:
106-
rootPassword: "s3cr3t"
107-
108-
serviceAccount:
109-
create: false
110-
name: asp-service-account
111-
112-
arbiter:
113-
enabled: false
114-
115-
rbac:
116-
create: true
117-
118-
updateStrategy:
119-
type: RollingUpdate
120-
rollingUpdate:
121-
maxSurge: 0
122-
maxUnavailable: 100%
123-
124-
readinessProbe:
125-
timeoutSeconds: 30
126-
periodSeconds: 120
127-
128-
livenessProbe:
129-
timeoutSeconds: 30
130-
periodSeconds: 120
131-
132-
persistence:
133-
enabled: true
134-
size: 2Gi
135-
136-
resources:
137-
requests:
138-
cpu: 85m
139-
memory: 480M
140-
limits:
141-
cpu: 300m
142-
memory: 720M
143-
144-
podSecurityContext:
145-
enabled: true
146-
fsGroup: ${{ secrets.RUNNING_UID_GID }}
147-
148-
containerSecurityContext:
149-
enabled: true
150-
runAsUser: ${{ secrets.RUNNING_UID_GID }}
151-
' > values.yaml
152-
helm repo add bitnami https://charts.bitnami.com/bitnami
153-
helm upgrade --install proto-asp-${{ steps.set-deploy-id.outputs.DEPLOY_ID }}-db --version 12.1.31 -f values.yaml --history-max 3 bitnami/mongodb
95+
DEPLOY_ID="${{ steps.set-deploy-id.outputs.DEPLOY_ID }}"
96+
DB_NAME="proto-asp-${DEPLOY_ID}-db"
97+
98+
# ConfigMap to create Keystone user and database on first Postgres start
99+
oc create configmap "${DB_NAME}-init" --from-literal=1-init.sql="CREATE ROLE keystonejsuser WITH LOGIN PASSWORD 'keystonejsuser'; CREATE DATABASE keystonejs OWNER keystonejsuser;" --dry-run=client -o yaml | oc apply -f -
100+
101+
# ConfigMap with Keystone schema (run by Job after Postgres is up)
102+
oc create configmap "${DB_NAME}-keystone-schema" --from-file=keystone-init.sql=local/db/keystone-init.sql --dry-run=client -o yaml | oc apply -f -
103+
104+
# PVC for Postgres data (persistence)
105+
cat <<EOF | oc apply -f -
106+
apiVersion: v1
107+
kind: PersistentVolumeClaim
108+
metadata:
109+
name: ${DB_NAME}-data
110+
spec:
111+
accessModes: [ReadWriteOnce]
112+
resources:
113+
requests:
114+
storage: ${{ startsWith(github.ref_name, 'feature/') && '1Gi' || '2Gi' }}
115+
EOF
116+
117+
# Postgres 15 Deployment (public image)
118+
cat <<EOF | oc apply -f -
119+
apiVersion: apps/v1
120+
kind: Deployment
121+
metadata:
122+
name: ${DB_NAME}
123+
spec:
124+
replicas: 1
125+
selector:
126+
matchLabels:
127+
app: ${DB_NAME}
128+
strategy:
129+
type: Recreate
130+
template:
131+
metadata:
132+
labels:
133+
app: ${DB_NAME}
134+
spec:
135+
containers:
136+
- name: postgres
137+
image: postgres:15
138+
ports:
139+
- containerPort: 5432
140+
env:
141+
- name: POSTGRES_USER
142+
value: postgres
143+
- name: POSTGRES_PASSWORD
144+
value: "s3cr3t"
145+
- name: PGDATA
146+
value: /var/lib/postgresql/data/pgdata
147+
volumeMounts:
148+
- name: data
149+
mountPath: /var/lib/postgresql/data
150+
- name: init
151+
mountPath: /docker-entrypoint-initdb.d
152+
resources:
153+
requests:
154+
cpu: 50m
155+
memory: 128Mi
156+
limits:
157+
memory: 256Mi
158+
volumes:
159+
- name: data
160+
persistentVolumeClaim:
161+
claimName: ${DB_NAME}-data
162+
- name: init
163+
configMap:
164+
name: ${DB_NAME}-init
165+
readinessProbe:
166+
exec:
167+
command: [pg_isready, -U, postgres]
168+
initialDelaySeconds: 5
169+
periodSeconds: 5
170+
timeoutSeconds: 5
171+
livenessProbe:
172+
exec:
173+
command: [pg_isready, -U, postgres]
174+
initialDelaySeconds: 30
175+
periodSeconds: 10
176+
timeoutSeconds: 5
177+
EOF
178+
179+
# Service for Postgres
180+
cat <<EOF | oc apply -f -
181+
apiVersion: v1
182+
kind: Service
183+
metadata:
184+
name: ${DB_NAME}
185+
spec:
186+
ports:
187+
- port: 5432
188+
targetPort: 5432
189+
name: postgres
190+
selector:
191+
app: ${DB_NAME}
192+
EOF
193+
194+
# Wait for Postgres to be ready
195+
oc rollout status deployment/${DB_NAME} --timeout=300s
196+
197+
# Run Keystone schema (Job)
198+
cat <<EOF | oc apply -f -
199+
apiVersion: batch/v1
200+
kind: Job
201+
metadata:
202+
name: ${DB_NAME}-keystone-init
203+
spec:
204+
ttlSecondsAfterFinished: 300
205+
backoffLimit: 5
206+
template:
207+
spec:
208+
restartPolicy: OnFailure
209+
containers:
210+
- name: run-schema
211+
image: postgres:15
212+
command:
213+
- /bin/sh
214+
- -c
215+
- |
216+
until PGPASSWORD=keystonejsuser psql -h ${DB_NAME} -U keystonejsuser -d keystonejs -c '\q' 2>/dev/null; do echo "Waiting for DB..."; sleep 2; done
217+
PGPASSWORD=keystonejsuser psql -h ${DB_NAME} -U keystonejsuser -d keystonejs -f /schema/keystone-init.sql
218+
env:
219+
- name: PGPASSWORD
220+
value: "keystonejsuser"
221+
volumeMounts:
222+
- name: schema
223+
mountPath: /schema
224+
volumes:
225+
- name: schema
226+
configMap:
227+
name: ${DB_NAME}-keystone-schema
228+
EOF
229+
230+
oc wait --for=condition=complete job/${DB_NAME}-keystone-init --timeout=300s
154231
155232
- name: 'Deploy Backend'
156233
if: github.ref != 'refs/heads/dev'
@@ -241,6 +318,9 @@ jobs:
241318
- name: X-Forwarded-Access-Token
242319
values:
243320
- claim: access_token
321+
- name: X-Forwarded-Id-Token
322+
values:
323+
- claim: IDToken
244324
injectResponseHeaders: []
245325
metricsServer:
246326
BindAddress: ""
@@ -296,21 +376,29 @@ jobs:
296376
value: Oauth2Proxy
297377
KONG_URL:
298378
value: '${{ secrets.KONG_URL_DEV}}'
299-
MONGO_URL:
300-
value: 'mongodb://proto-asp-${{ steps.set-deploy-id.outputs.DEPLOY_ID }}-db-mongodb:27017'
301-
MONGO_USER:
302-
value: root
379+
ADAPTER:
380+
value: knex
381+
KNEX_HOST:
382+
value: 'proto-asp-${{ steps.set-deploy-id.outputs.DEPLOY_ID }}-db'
383+
KNEX_PORT:
384+
value: '5432'
385+
KNEX_USER:
386+
value: keystonejsuser
303387
secure: true
304-
MONGO_PASSWORD:
305-
value: s3cr3t
388+
KNEX_PASSWORD:
389+
value: keystonejsuser
306390
secure: true
391+
KNEX_DATABASE:
392+
value: keystonejs
307393
FEEDER_URL:
308394
value: 'http://proto-asp-${{ steps.set-deploy-id.outputs.DEPLOY_ID }}-feeder-generic-api'
309395
GITHUB_API_TOKEN:
310396
value: '${{ secrets.GH_TOKEN_FOR_CONTENT}}'
311397
secure: true
312398
OIDC_ISSUER:
313399
value: '${{ secrets.OIDC_ISSUER }}'
400+
OIDC_CLIENT_ID:
401+
value: '${{ secrets.OIDC_CLIENT_ID }}'
314402
JWKS_URL:
315403
value: '${{ secrets.OIDC_ISSUER }}/protocol/openid-connect/certs'
316404
EXTERNAL_URL:
@@ -336,7 +424,7 @@ jobs:
336424
NEXT_PUBLIC_HELP_RELEASE_URL:
337425
value: 'https://developer.gov.bc.ca/docs/default/component/aps-infra-platform-docs/reference/releases/'
338426
NEXT_PUBLIC_HELP_STATUS_URL:
339-
value: 'https://uptime.com/s/bcgov-dss'
427+
value: 'https://status.api.gov.bc.ca/'
340428
NEXT_PUBLIC_DEVELOPER_IDS:
341429
value: 'idir,bceid,bcsc,github'
342430
NEXT_PUBLIC_PROVIDER_IDS:

.github/workflows/ci-build-feeders.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -38,7 +38,7 @@ jobs:
3838
username: ${{ env.REGISTRY_USERNAME }}
3939
password: ${{ env.REGISTRY_PASSWORD }}
4040

41-
- uses: actions/cache@v3
41+
- uses: actions/cache@v4
4242
with:
4343
path: /tmp/.buildx-cache
4444
key: ${{ runner.os }}-buildx-${{ github.sha }}

.github/workflows/ci-build-only.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -46,7 +46,7 @@ jobs:
4646
username: ${{ env.REGISTRY_USERNAME }}
4747
password: ${{ env.REGISTRY_PASSWORD }}
4848

49-
- uses: actions/cache@v3
49+
- uses: actions/cache@v4
5050
with:
5151
path: /tmp/.buildx-cache
5252
key: ${{ runner.os }}-buildx-${{ github.sha }}

.github/workflows/ci-feat-sonar.yaml

Lines changed: 7 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -19,6 +19,10 @@ jobs:
1919
with:
2020
fetch-depth: 0
2121

22+
- name: Install deps
23+
run: |
24+
sudo apt update
25+
2226
- uses: actions/setup-node@v2
2327
with:
2428
node-version: '22'
@@ -36,7 +40,7 @@ jobs:
3640
3741
cd src
3842
39-
npm i
43+
npm i --legacy-peer-deps
4044
npm run intg-build
4145
npm test
4246
@@ -47,8 +51,8 @@ jobs:
4751
uses: sonarsource/sonarqube-scan-action@v6
4852
with:
4953
args: >
50-
-Dsonar.organization=bcgov-oss
51-
-Dsonar.projectKey=aps-portal
54+
-Dsonar.organization=bcgov-sonarcloud
55+
-Dsonar.projectKey=bcgov_api-services-portal
5256
-Dsonar.sources=src/auth,src/authz,src/batch,src/services
5357
-Dsonar.javascript.lcov.reportPaths=./src/__coverage__/lcov.info
5458
env:

0 commit comments

Comments
 (0)