feat: Modernize deployment and configuration system

Major updates:
- Analytics telemetry integration with penguin-analytics
- Reactive configuration system using Angular signals
- Multi-stage Dockerfile for consistent deployments
- Simplified GitHub Actions workflows

Configuration System:
- New env.js pattern with configEndpoint flag
- ConfigService with signal-based reactivity
- Dynamic banner and environment display
- Local dev uses proxy, deployed uses /api/config
- All services (analytics, auth, API) use config() signal

Deployment Modernization:
- Multi-stage Dockerfile (Node 22 + nginx 1.27)
- Embedded nginx config (no OpenShift base image dependency)
- Simplified workflows: checkout, login, build/push
- Removed Helm complexity for test/prod deploys
- Consistent with eagle-public deployment pattern

nginx Configuration:
- Alias /tmp/app/dist/ to handle /admin/* prefix from rproxy
- Analytics proxy removed (use direct penguin-analytics URL)
- CSP allows Material Icons, BC Gov scripts, Typekit
- Health check endpoint at /health

Developer Experience:
- Local development with configEndpoint=false
- Deployed environments fetch config from API
- Proxy configuration for local API/analytics
- Comprehensive architecture and deployment docs

Testing:
- 43 unit tests passing
- Lint clean
- Workflows validated

This represents a complete modernization matching eagle-public's
deployment architecture and configuration management.

Author: danieltruong

.github/CODEOWNERS

@@ -1,4 +1,4 @@
 # These owners will be the default owners for everything in
 # the repo. Unless a later match takes precedence,
 # they will be requested for review when someone opens a pull request.
-*       @marklise @tom0827 @Ckoelewyn @tolkamps1 @danieltruong
+*       @tom0827 @Ckoelewyn @tolkamps1 @danieltruong

.github/workflows/deploy-to-dev.yaml

@@ -1,4 +1,4 @@
-name: Deploy to Dev
+name: CI - Build and Deploy to Dev
 
 on:
   push:
@@ -19,63 +19,17 @@ env:
 
 jobs:
   build:
-    name: Build
+    name: Build and Push Image
     runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        node-version: [22.x]
     outputs:
       SHORT_SHA: ${{ steps.short-sha.outputs.SHA }}
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4
-        with:
-          fetch-depth: 2  # Need at least 2 commits to compare changes
-
-      - name: Enable Corepack
-        run: corepack enable
-
-      - name: Use Node.js 22
-        uses: actions/setup-node@v4
-        with:
-          node-version: ${{ matrix.node-version }}
-          cache: "yarn"
-      - run: yarn install --immutable
-
-      - name: Angular Build
-        run: yarn build
-  
-      - name: Install OpenShift CLI
-        run: |
-          curl -LO "https://mirror.openshift.com/pub/openshift-v4/clients/ocp/latest/openshift-client-linux.tar.gz"
-          tar -xvzf openshift-client-linux.tar.gz
-          sudo mv oc /usr/local/bin/
-          rm -f openshift-client-linux.tar.gz
-
-      - name: Log into OpenShift
-        uses: redhat-actions/oc-login@v1
-        with:
-          openshift_server_url: ${{ secrets.OPENSHIFT_URL }}
-          openshift_token: ${{ secrets.OPENSHIFT_TOKEN }}
-          namespace: ${{ env.OPENSHIFT_NAMESPACE }}
-
-      - name: Check if nginx config changed
-        id: nginx-check
-        run: |
-          # Check if nginx-runtime config files changed in this commit
-          if git diff --name-only HEAD~1 HEAD 2>/dev/null | grep -q "openshift/templates/nginx-runtime/"; then
-            echo "Nginx config files changed"
-            echo "changed=true" >> $GITHUB_OUTPUT
-          else
-            echo "No nginx config changes detected"
-            echo "changed=false" >> $GITHUB_OUTPUT
-          fi
 
-      - name: Rebuild nginx-runtime image
-        if: steps.nginx-check.outputs.changed == 'true'
-        run: |
-          echo "Nginx config changed, rebuilding nginx-runtime image..."
-          oc start-build eagle-admin-nginx-runtime -n ${{ env.OPENSHIFT_NAMESPACE }} --wait --follow
+      - name: Get Short SHA
+        id: short-sha
+        run: echo "SHA=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
 
       - name: Login to OpenShift registry
         uses: docker/login-action@v3
@@ -84,17 +38,15 @@ jobs:
           username: ${{ secrets.OPENSHIFT_REPOSITORY_USERNAME }}
           password: ${{ secrets.OPENSHIFT_REPOSITORY_PASSWORD }}
 
-      - name: Get Short SHA
-        id: short-sha
-        run: echo "SHA=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
-
       - name: Build and push Docker image
         uses: docker/build-push-action@v6
         with:
           context: .
           push: true
-          tags: ${{ secrets.OPENSHIFT_REPOSITORY }}/${{ env.OPENSHIFT_NAMESPACE }}/${{ env.IMAGE_NAME }}:ci-latest
-          file: Dockerfile.Github
+          tags: |
+            ${{ secrets.OPENSHIFT_REPOSITORY }}/${{ env.OPENSHIFT_NAMESPACE }}/${{ env.IMAGE_NAME }}:dev
+            ${{ secrets.OPENSHIFT_REPOSITORY }}/${{ env.OPENSHIFT_NAMESPACE }}/${{ env.IMAGE_NAME }}:ci-latest
+            ${{ secrets.OPENSHIFT_REPOSITORY }}/${{ env.OPENSHIFT_NAMESPACE }}/${{ env.IMAGE_NAME }}:${{ steps.short-sha.outputs.SHA }}
           labels: |
             commit.author=${{ github.event.head_commit.author.email }}
             commit.id=${{ github.event.head_commit.id }}
@@ -115,6 +67,7 @@ jobs:
         with:
           ref: "${{ env.TEST_PROMO_BRANCH }}"
       - name: Update state.json
+        id: update-state
         run: |
           git config --global user.name "${{ github.actor }}"
           git config --global user.email "${{github.actor}}@users.noreply.github.com"
@@ -124,9 +77,17 @@ jobs:
 
           echo $(jq '.commit="${{ needs.build.outputs.SHORT_SHA }}"' state.json) > state.json
 
-          git commit -am "Promote commit ${{ needs.build.outputs.SHORT_SHA }} to Test"
-          git push --force origin ${{ env.TEST_PROMO_PR_BRANCH }}
+          # Only commit if there are changes
+          if git diff --quiet state.json; then
+            echo "No changes to state.json, skipping commit"
+            echo "has_changes=false" >> $GITHUB_OUTPUT
+          else
+            git commit -am "Promote commit ${{ needs.build.outputs.SHORT_SHA }} to Test"
+            git push --force origin ${{ env.TEST_PROMO_PR_BRANCH }}
+            echo "has_changes=true" >> $GITHUB_OUTPUT
+          fi
       - name: Create or Update Pull Request
+        if: steps.update-state.outputs.has_changes == 'true'
         run: |
           # Check if PR exists
           PR_URL=$(gh pr list --base "${{ env.TEST_PROMO_BRANCH }}" --head "${{ env.TEST_PROMO_PR_BRANCH }}" --json url --jq '.[0].url')

.github/workflows/deploy-to-prod.yaml

@@ -1,9 +1,7 @@
 name: Deploy to Prod
 
 on:
-  repository_dispatch:
-    # Trigger from repository dispatch workflow in promotion/prod branch
-    types: [trigger-prod-deploy]
+  workflow_dispatch:
 
 permissions: write-all
 
@@ -12,50 +10,32 @@ env:
   IMAGE_NAME: eagle-admin
 
 jobs:
-  deploy:
-    name: Deploy to Prod
+  build:
+    name: Build and Push Image
     runs-on: ubuntu-latest
-    outputs:
-      COMMIT_SHA: ${{ steps.read-hash.outputs.SHA }}
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v3
-        with:
-          ref: "promotion/prod"
-
-      - name: Retrieve previous commit hash
-        id: read-hash
-        run: echo "SHA=$(jq -r '.commit' state.json)" >> $GITHUB_OUTPUT
+        uses: actions/checkout@v4
 
-      - name: Install OpenShift CLI
-        run: |
-          curl -LO "https://mirror.openshift.com/pub/openshift-v4/clients/ocp/latest/openshift-client-linux.tar.gz"
-          tar -xvzf openshift-client-linux.tar.gz
-          sudo mv oc /usr/local/bin/
-          rm -f openshift-client-linux.tar.gz
+      - name: Get Short SHA
+        id: short-sha
+        run: echo "SHA=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
 
-      - name: Log into OpenShift
-        uses: redhat-actions/oc-login@v1
+      - name: Login to OpenShift registry
+        uses: docker/login-action@v3
         with:
-          openshift_server_url: ${{ secrets.OPENSHIFT_URL }}
-          openshift_token: ${{ secrets.OPENSHIFT_TOKEN }}
-          namespace: ${{ env.OPENSHIFT_NAMESPACE }}
-
-      - name: Tag image
-        run: |
-          oc -n ${{ env.OPENSHIFT_NAMESPACE }} tag --reference-policy='local' ${{ env.IMAGE_NAME }}:prod ${{ env.IMAGE_NAME }}:prod-backup
-          oc -n ${{ env.OPENSHIFT_NAMESPACE }} tag --reference-policy='local' ${{ env.IMAGE_NAME }}:test ${{ env.IMAGE_NAME }}:prod
+          registry: ${{ secrets.OPENSHIFT_REPOSITORY }}
+          username: ${{ secrets.OPENSHIFT_REPOSITORY_USERNAME }}
+          password: ${{ secrets.OPENSHIFT_REPOSITORY_PASSWORD }}
 
-  sync-main-branch:
-    name: Rebase Prod
-    needs: deploy
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v3
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v6
         with:
-          ref: "main"
-      - run: |
-          git fetch origin test
-          git rebase ${{needs.deploy.outputs.COMMIT_SHA}} main
-          git push origin main
+          context: .
+          push: true
+          tags: |
+            ${{ secrets.OPENSHIFT_REPOSITORY }}/${{ env.OPENSHIFT_NAMESPACE }}/${{ env.IMAGE_NAME }}:prod
+            ${{ secrets.OPENSHIFT_REPOSITORY }}/${{ env.OPENSHIFT_NAMESPACE }}/${{ env.IMAGE_NAME }}:${{ steps.short-sha.outputs.SHA }}
+          labels: |
+            commit.id=${{ github.sha }}
+            commit.timestamp=${{ github.event.head_commit.timestamp }}

.github/workflows/deploy-to-test.yaml

@@ -1,105 +1,41 @@
 name: Deploy to Test
 
 on:
-  repository_dispatch:
-    # Trigger from repository dispatch workflow in promotion/test branch
-    types: [trigger-test-deploy]
+  workflow_dispatch:
 
 permissions: write-all
 
 env:
   OPENSHIFT_NAMESPACE: 6cdc9e-tools
   IMAGE_NAME: eagle-admin
-  PROD_PROMO_BRANCH: promotion/prod
-  PROD_PROMO_PR_BRANCH: promotion/prod-pr
 
 jobs:
-  deploy:
-    name: Deploy to Test
+  build:
+    name: Build and Push Image
     runs-on: ubuntu-latest
-    outputs:
-      COMMIT_SHA: ${{ steps.read-hash.outputs.SHA }}
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v3
-        with:
-          ref: "promotion/test"
-
-      - name: Retrieve previous commit hash
-        id: read-hash
-        run: echo "SHA=$(jq -r '.commit' state.json)" >> $GITHUB_OUTPUT
+        uses: actions/checkout@v4
 
-      - name: Install OpenShift CLI
-        run: |
-          curl -LO "https://mirror.openshift.com/pub/openshift-v4/clients/ocp/latest/openshift-client-linux.tar.gz"
-          tar -xvzf openshift-client-linux.tar.gz
-          sudo mv oc /usr/local/bin/
-          rm -f openshift-client-linux.tar.gz
+      - name: Get Short SHA
+        id: short-sha
+        run: echo "SHA=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
 
-      - name: Log into OpenShift
-        uses: redhat-actions/oc-login@v1
+      - name: Login to OpenShift registry
+        uses: docker/login-action@v3
         with:
-          openshift_server_url: ${{ secrets.OPENSHIFT_URL }}
-          openshift_token: ${{ secrets.OPENSHIFT_TOKEN }}
-          namespace: ${{ env.OPENSHIFT_NAMESPACE }}
-
-      - name: Tag image
-        run: |
-          oc -n ${{ env.OPENSHIFT_NAMESPACE }} tag --reference-policy='local' ${{ env.IMAGE_NAME }}:test ${{ env.IMAGE_NAME }}:test-backup
-          oc -n ${{ env.OPENSHIFT_NAMESPACE }} tag --reference-policy='local' ${{ env.IMAGE_NAME }}:ci-latest ${{ env.IMAGE_NAME }}:test
+          registry: ${{ secrets.OPENSHIFT_REPOSITORY }}
+          username: ${{ secrets.OPENSHIFT_REPOSITORY_USERNAME }}
+          password: ${{ secrets.OPENSHIFT_REPOSITORY_PASSWORD }}
 
-  sync-test-branch:
-    name: Rebase test branch from develop
-    needs: deploy
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v3
-        with:
-          ref: "test"
-      - run: |
-          git fetch origin develop
-          git rebase ${{needs.deploy.outputs.COMMIT_SHA}} test
-          git push origin test
-  
-  promotion:
-    name: Create Promotion Pull Request
-    needs: [deploy, sync-test-branch]
-    runs-on: ubuntu-latest
-    steps:
-      # Update promotion/prod-pr with new commit hash
-      - name: Checkout promotion/prod
-        uses: actions/checkout@v3
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v6
         with:
-          ref: "${{ env.PROD_PROMO_BRANCH }}"
-      - name: Update state.json
-        run: |
-          git config --global user.name "${{ github.actor }}"
-          git config --global user.email "${{github.actor}}@users.noreply.github.com"
-          git checkout -B ${{ env.PROD_PROMO_PR_BRANCH }}
-          git reset --hard ${{ env.PROD_PROMO_BRANCH }}
-          echo $(jq '.commit="${{ needs.deploy.outputs.COMMIT_SHA }}"' state.json) > state.json
-          git commit -am "Promote commit ${{ needs.deploy.outputs.COMMIT_SHA }} to Production"
-          git push --force origin ${{ env.PROD_PROMO_PR_BRANCH }}
-      - name: Create or Update Pull Request
-        run: |
-          # Check if PR exists
-          PR_URL=$(gh pr list --base "${{ env.PROD_PROMO_BRANCH }}" --head "${{ env.PROD_PROMO_PR_BRANCH }}" --json url --jq '.[0].url')
-          if [ -z "$PR_URL" ]; then
-          # Create PR if it doesn't exist
-          gh pr create \
-            --base "${{ env.PROD_PROMO_BRANCH }}" \
-            --head "${{ env.PROD_PROMO_PR_BRANCH }}" \
-            --title "Deploy to Prod Environment" \
-            --body ":crown: *An automated PR*\n\nThis PR triggers a deployment to Production once it's fully merged." \
-            --label "auto-pr,prod env,pipeline" \
-            --draft
-            else
-          # Update PR if it exists
-          gh pr edit "$PR_URL" \
-            --title "Deploy to Prod Environment" \
-            --body ":crown: *An automated PR*\n\nThis PR triggers a deployment to Production once it's fully merged." \
-            --add-label "auto-pr,prod env,pipeline"
-            fi
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          context: .
+          push: true
+          tags: |
+            ${{ secrets.OPENSHIFT_REPOSITORY }}/${{ env.OPENSHIFT_NAMESPACE }}/${{ env.IMAGE_NAME }}:test
+            ${{ secrets.OPENSHIFT_REPOSITORY }}/${{ env.OPENSHIFT_NAMESPACE }}/${{ env.IMAGE_NAME }}:${{ steps.short-sha.outputs.SHA }}
+          labels: |
+            commit.id=${{ github.sha }}
+            commit.timestamp=${{ github.event.head_commit.timestamp }}