bcgov · Elson9 · Mar 13, 2026 · Feb 25, 2026 · Feb 25, 2026 · Mar 4, 2026
diff --git a/.dockerignore b/.dockerignore
@@ -1,9 +1,10 @@
-src/node_modules
 src/.npm
 src/_tmp
 src/.cache
 src/.config
 src/.nyc_output
 src/dist
 **/.next
-_data
+_data
+**/node_modules
+__coverage__
diff --git a/.env.local b/.env.local
@@ -20,9 +20,16 @@ GWA_RES_SVR_CLIENT_ID=gwa-api
 GWA_RES_SVR_CLIENT_SECRET=18900468-3db1-43f7-a8af-e75f079eb742
 KEYCLOAK_AUTH_URL=http://keycloak.localtest.me:9081/auth
 KEYCLOAK_REALM=master
-EMAIL_ENABLED=false
+EMAIL_ENABLED=true
+EMAIL_HOST=mailpit.localtest.me
+EMAIL_PORT=1025
+EMAIL_SECURE=false
+EMAIL_FROM=noreply@api.gov.bc.ca
+EMAIL_USER=
+EMAIL_PASS=
 EXTERNAL_URL=http://oauth2proxy.localtest.me:4180
 OIDC_ISSUER=http://keycloak.localtest.me:9081/auth/realms/master
+OIDC_CLIENT_ID=aps-portal
 LOCAL_ENV=true
 WORKING_PATH=/tmp
 DESTINATION_URL=

diff --git a/.github/workflows/aps-cypress-e2e.yaml b/.github/workflows/aps-cypress-e2e.yaml
@@ -25,7 +25,7 @@ jobs:
     steps:
       - name: Build GWA API Image
         run: |
-          git clone https://github.com/bcgov/gwa-api.git --branch v1.0.47
+          git clone https://github.com/bcgov/gwa-api.git --branch dev
           cd gwa-api/microservices/gatewayApi
           docker build -t gwa-api:e2e .
 

diff --git a/.github/workflows/ci-build-deploy.yaml b/.github/workflows/ci-build-deploy.yaml
@@ -54,7 +54,7 @@ jobs:
           username: ${{ env.REGISTRY_USERNAME }}
           password: ${{ env.REGISTRY_PASSWORD }}
 
-      - uses: actions/cache@v3
+      - uses: actions/cache@v4
         with:
           path: /tmp/.buildx-cache
           key: ${{ runner.os }}-buildx-${{ github.sha }}
@@ -318,6 +318,9 @@ jobs:
                     - name: X-Forwarded-Access-Token
                       values:
                         - claim: access_token
+                    - name: X-Forwarded-Id-Token
+                      values:
+                        - claim: IDToken
                   injectResponseHeaders: []
                   metricsServer:
                     BindAddress: ""
@@ -394,6 +397,8 @@ jobs:
               secure: true
             OIDC_ISSUER:  
               value: '${{ secrets.OIDC_ISSUER }}'
+            OIDC_CLIENT_ID:
+              value: '${{ secrets.OIDC_CLIENT_ID }}'
             JWKS_URL:
               value: '${{ secrets.OIDC_ISSUER }}/protocol/openid-connect/certs'
             EXTERNAL_URL:

diff --git a/.github/workflows/ci-build-feeders.yaml b/.github/workflows/ci-build-feeders.yaml
@@ -38,7 +38,7 @@ jobs:
           username: ${{ env.REGISTRY_USERNAME }}
           password: ${{ env.REGISTRY_PASSWORD }}
 
-      - uses: actions/cache@v3
+      - uses: actions/cache@v4
         with:
           path: /tmp/.buildx-cache
           key: ${{ runner.os }}-buildx-${{ github.sha }}

diff --git a/.github/workflows/ci-build-only.yaml b/.github/workflows/ci-build-only.yaml
@@ -46,7 +46,7 @@ jobs:
           username: ${{ env.REGISTRY_USERNAME }}
           password: ${{ env.REGISTRY_PASSWORD }}
 
-      - uses: actions/cache@v3
+      - uses: actions/cache@v4
         with:
           path: /tmp/.buildx-cache
           key: ${{ runner.os }}-buildx-${{ github.sha }}

diff --git a/.github/workflows/ci-feat-sonar.yaml b/.github/workflows/ci-feat-sonar.yaml
@@ -48,7 +48,14 @@ jobs:
           docker compose down
 
       - name: SonarCloud Scan
-        uses: sonarsource/sonarqube-scan-action@master
+        uses: sonarsource/sonarqube-scan-action@v6
+        with:
+          args: >
+            -Dsonar.organization=bcgov-sonarcloud
+            -Dsonar.projectKey=bcgov_api-services-portal
+            -Dsonar.sources=src/auth,src/authz,src/batch,src/services
+            -Dsonar.javascript.lcov.reportPaths=./src/__coverage__/lcov.info
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+          SONAR_HOST_URL: https://sonarcloud.io
diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml
@@ -44,7 +44,7 @@ jobs:
           echo "::set-output name=APP_REVISION::${GITHUB_SHA}"
         id: set-deploy-id
 
-      - uses: actions/cache@v3
+      - uses: actions/cache@v4
         with:
           path: /tmp/.buildx-cache
           key: ${{ runner.os }}-buildx-${{ github.sha }}

diff --git a/.nvmrc b/.nvmrc
@@ -1 +1 @@
-v16.15.1
+v22.21.1
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -11,39 +11,52 @@ secrets:
 
 services:
   keycloak:
-    image: quay.io/keycloak/keycloak:15.1.1
+    image: keycloak-quarkus:e2e
     container_name: keycloak
-    hostname: keycloak
+    build:
+      context: local/keycloak
+      dockerfile: Dockerfile
+      args:
+        - KC_VERSION=${KC_VERSION:-26.5.3}
     depends_on:
       kong-db:
         condition: service_healthy
+    environment:
+      KC_BOOTSTRAP_ADMIN_USERNAME: admin
+      KC_BOOTSTRAP_ADMIN_PASSWORD: local
+    # Keycloak 26 Hostname v2: --hostname accepts full URL (host + port + path).
     command:
       [
-        '-b',
-        '0.0.0.0',
-        '-Djboss.socket.binding.port-offset=1001',
-        '-Dkeycloak.migration.action=import',
-        '-Dkeycloak.migration.provider=singleFile',
-        '-Dkeycloak.migration.file=/tmp/realm-config/master-realm.json',
-        '-Dkeycloak.migration.strategy=OVERWRITE_EXISTING',
-        '-Dkeycloak.profile.feature.upload_scripts=enabled',
+        "start",
+        "--optimized",
+        "--hostname",
+        "http://keycloak.localtest.me:9081/auth",
+        "--db-url",
+        "jdbc:postgresql://kong-db/${KEYCLOAK_DB_NAME:-keycloak}",
+        "--db-username",
+        "keycloakuser",
+        "--db-password",
+        "keycloakuser",
+        "--http-enabled",
+        "true",
+        "--http-port",
+        "9081",
+        "--import-realm",
       ]
-    ports:
-      - 9081:9081/tcp
-    environment:
-      #KEYCLOAK_USER: local
-      #KEYCLOAK_PASSWORD: local
-      DB_VENDOR: POSTGRES
-      DB_SCHEMA: public
-      DB_ADDR: kong-db:5432
-      DB_USER: keycloakuser
-      DB_PASSWORD: keycloakuser
     volumes:
-      - ./local/keycloak/master-realm.json:/tmp/realm-config/master-realm.json
+      - ./local/keycloak/master-realm.json:/opt/keycloak/data/import/master-realm.json
+    ports:
+      - 9081:9081
+      - 9000:9000
     networks:
       aps-net:
         aliases:
           - keycloak.localtest.me
+    healthcheck:
+      test: timeout 10s bash -c ':> /dev/tcp/localhost/9081'
+      interval: 5s
+      timeout: 5s
+      retries: 5
   oauth2-proxy:
     image: quay.io/oauth2-proxy/oauth2-proxy:v7.8.1
     container_name: oauth2-proxy
@@ -62,7 +75,7 @@ services:
           - oauth2proxy.localtest.me
   apsportal:
     container_name: apsportal
-    image: apsportal:latest
+    image: apsportal:${APSPORTAL_TAG:-latest}
     depends_on:
       - keycloak
     build:
@@ -198,7 +211,7 @@ services:
         aliases:
           - redis-master
   gwa-api:
-    image: gwa-api:e2e
+    image: gwa-api:${GWA_API_TAG:-e2e}
     container_name: gwa-api
     entrypoint: sh -c "chmod +x /tmp/gwa/entrypoint.sh && sh /tmp/gwa/entrypoint.sh"
     ports:
@@ -289,5 +302,17 @@ services:
     profiles:
       - testsuite
 
+  mailpit:
+    image: axllent/mailpit:latest
+    container_name: mailpit
+    restart: unless-stopped
+    ports:
+      - '1025:1025'  # SMTP port for receiving emails
+      - '8025:8025'  # Web UI for viewing emails
+    networks:
+      aps-net:
+        aliases:
+          - mailpit.localtest.me
+
 networks:
   aps-net: {}
diff --git a/e2e/Dockerfile b/e2e/Dockerfile
@@ -26,7 +26,7 @@ COPY e2e/*.yml /e2e
 COPY e2e/entrypoint.sh /tmp
 ADD e2e/cypress /e2e/cypress
 
-RUN curl -v -L -O https://github.com/bcgov/gwa-cli/releases/download/v3.0.6/gwa_Linux_x86_64.tgz \
+RUN curl -v -L -O https://github.com/bcgov/gwa-cli/releases/latest/download/gwa_Linux_x86_64.tgz \
  && tar -xzf gwa_Linux_x86_64.tgz \
  && mv gwa /usr/local/bin/.
 

diff --git a/e2e/cypress.config.ts b/e2e/cypress.config.ts
@@ -43,6 +43,7 @@ export default defineConfig({
         './cypress/tests/18-*/*.ts',
         './cypress/tests/19-*/*.ts',
         './cypress/tests/20-*/*.ts',
+        './cypress/tests/21-*/*.ts',
       ]
       return config
     },

diff --git a/e2e/cypress/fixtures/apiowner.json b/e2e/cypress/fixtures/apiowner.json
@@ -72,11 +72,23 @@
     },
     "Wendy": {
       "userName": "wendy",
+      "keycloakUsername": "wendy@idir",
       "email": "wendy@test.com",
       "accessRole": [
         "CredentialIssuer.Admin"
       ]
     },
+    "Janis": {
+      "userName": "Janis Smith",
+      "email": "janis@testmail.com",
+      "accessRole": [
+        "CredentialIssuer.Admin",
+        "Gateway.Manage",
+        "Gateway.View",
+        "GatewayConfig.Publish",
+        "Access.Manage"
+      ]
+    },
     "jwtKeyPair": {
       "authProfile": {
         "name": "cy-jwt-kp-auth",
@@ -552,7 +564,8 @@
       "email": "janis@testmail.com",
       "accessRole": [
         "CredentialIssuer.Admin",
-        "Gateway.Manage"
+        "Gateway.Manage",
+        "Gateway.View"
       ]
     },
     "OldUser": {

diff --git a/e2e/cypress/pageObjects/keycloakClientScopes.ts b/e2e/cypress/pageObjects/keycloakClientScopes.ts
@@ -3,19 +3,21 @@ import { Assertion } from "chai"
 class keycloakClientScopesPage {
   path: string = '/'
 
-  clientTab: string = '[data-ng-controller="ClientTabCtrl"]'
+  clientTabs: string = '[data-testid="client-tabs"]'
+  tableSearchInput: string = '[data-testid="table-search-input"]'
 
   selectTab(tabName: string){
-    cy.get(this.clientTab).contains('a',tabName).click()
+    cy.get(this.clientTabs).contains('a',tabName).click({ force: true })
   }
 
   verifyAssignedScope(scope: string, expResult:boolean)
   {
+    cy.get(this.tableSearchInput).clear().type(scope).type('{enter}');
     if(expResult){
-      cy.get('[id="assigned"]').find('[title="'+scope+'"]').should('exist');
+      cy.get('.pf-v5-c-table__tbody > .pf-v5-c-table__tr > :nth-child(2)').contains(scope).should('exist');
     }
     else{
-      cy.get('[id="assigned"]').find('[title="'+scope+'"]').should('not.exist');
+      cy.get('[data-testid="empty-state"]').should('exist');
     }
   }
 }

diff --git a/e2e/cypress/pageObjects/keycloakClients.ts b/e2e/cypress/pageObjects/keycloakClients.ts
@@ -1,23 +1,26 @@
 class keycloakClientsPage {
   path: string = '/'
 
-  clientTab: string = '[data-ng-controller="ClientTabCtrl"]'
-  roleNameTextField: string = '[id="name"]'
+  clientTabs: string = '[data-testid="client-tabs"]'
+  createRoleBtn: string = '[data-testid="create-role"]'
+  roleNameTextField: string = '[data-testid="name"]'
+  saveBtn: string = '[data-testid="save"]'
   addAttributeBtn: string = '[data-ng-click="addAttribute()"]'
 
   selectTab(tabName: string){
-    cy.get(this.clientTab).contains('a',tabName).click()
+    cy.get(this.clientTabs).contains('a',tabName).click({ force: true })
   }
 
   setRoles(roleName: string, clientName: string){
-    cy.wait(2000)
+    cy.get('[id=nav-toggle').click()
     cy.contains('Clients').click()
-    cy.contains(clientName).click()
+    cy.get('[id=nav-toggle').click()
+    cy.get('input[placeholder="Search for client"]').type(clientName).type('{enter}')
+    cy.get('a').contains(clientName).click({ force: true })
     this.selectTab('Roles')
-    cy.contains('Add Role').click()
+    cy.get(this.createRoleBtn).click()
     cy.get(this.roleNameTextField).type(roleName)
-    cy.contains('Save').click()
-    cy.wait(4000)
+    cy.get(this.saveBtn).click()
   }
 }
 

diff --git a/e2e/cypress/pageObjects/keycloakGroup.ts b/e2e/cypress/pageObjects/keycloakGroup.ts
@@ -3,24 +3,20 @@ class keycloakGroupPage {
   path: string = '/'
 
   groupTab: string = '[data-ng-controller="GroupTabCtrl"]'
-  attributeKey: string = '[ng-model="newAttribute.key"]'
-  attributeValue: string = '[ng-model="newAttribute.value"]'
-  addAttributeBtn: string = '[data-ng-click="addAttribute()"]'
+  addAttributeKey: string = '[data-testid="attributes-add-row"]'
+  attributeKey: string = '[data-testid="attributes-key"]'
+  attributeValue: string = '[data-testid="attributes-value"]'
+  saveBtn: string = '[data-testid="attributes-save"]'
 
   selectTab(tabName: string){
     cy.get(this.groupTab).contains('a',tabName).click()
   }
 
   setAttribute(attKey: string, attValue: string){
-    cy.wait(2000)
-    cy.get(this.attributeKey).type(attKey)
-    cy.get(this.attributeValue).type(attValue)
-    cy.get(this.addAttributeBtn).click()
-    cy.contains('button','Save').click()
-  }
-
-  navigateToUserGroups() {
-    cy.contains('Groups').click()
+    cy.get(this.addAttributeKey).click()
+    cy.get(this.attributeKey).last().type(attKey)
+    cy.get(this.attributeValue).last().type(attValue)
+    cy.get(this.saveBtn).click()
   }
 }
 

diff --git a/e2e/cypress/pageObjects/keycloakUserGroup.ts b/e2e/cypress/pageObjects/keycloakUserGroup.ts
@@ -1,17 +1,8 @@
 class KeycloakUserGroupPage {
   path: string = '/'
 
-  editButton: string = '[id="editGroup"]'
-  groupTab: string = '[data-ng-controller="GroupTabCtrl"]'
+  attributeTab: string = '[data-testid="attributesTab"]'
 
-  selectTab(tabName: string){
-    cy.get(this.groupTab).contains('a',tabName).click()
-  }
-
-  clickOnEditButton()
-  {
-    cy.get(this.editButton).click()
-  }
 }
 
 export default KeycloakUserGroupPage