Merge branch 'main' into 21-sentry-auth-token

Author: alishaevn

.env.local.example renamed to .env.development.example

@@ -1,78 +1,24 @@
-# we are running the build in vercel now so we don't need this github action
-# commenting this out because this action kept failing on https://github.com/scientist-softserv/webstore/pull/268
-# TODO(alishaevn): figure out the sentry error if we switch from vercel to an in house deploy infrastructure
+name: "Build Docker Images"
+run-name: Build of ${{ github.ref_name }} by @${{ github.actor }}
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
+  workflow_dispatch:
+    inputs:
+      debug_enabled:
+        type: boolean
+        description: 'Run the build with tmate debugging enabled (https://github.com/marketplace/actions/debugging-with-tmate)'
+        required: false
+        default: false
 
-# name: "Build Docker Images"
-# run-name: Build of ${{ github.ref_name }} by @${{ github.actor }}
-# on:
-#   push:
-#     branches:
-#       - main
-#   pull_request:
-#     branches:
-#       - main
-#   workflow_dispatch:
-#     inputs:
-#       debug_enabled:
-#         type: boolean
-#         description: 'Run the build with tmate debugging enabled (https://github.com/marketplace/actions/debugging-with-tmate)'
-#         required: false
-#         default: false
-
-# env:
-#   REGISTRY: ghcr.io
-
-# jobs:
-#   build:
-#     runs-on: ubuntu-latest
-#     permissions:
-#       contents: read
-#       packages: write
-#     steps:
-#       - id: setup
-#         name: Setup
-#         uses: scientist-softserv/actions/[email protected]
-#         with:
-#           tag: ${{ inputs.tag }}
-#           image_name: ${{ inputs.image_name }}
-#           token: ${{ secrets.CHECKOUT_TOKEN || secrets.GITHUB_TOKEN }}
-#       - uses: actions/setup-node@v3
-#         with:
-#           registry-url: 'https://npm.pkg.github.com'
-#           # Defaults to the user or organization that owns the workflow file
-#           scope: '@scientist-softserv'
-#           node-version-file: package.json
-#       - name: GPR authToken
-#         run: echo "//npm.pkg.github.com/:_authToken=${{ secrets.GITHUB_TOKEN }}" > $NPM_CONFIG_USERCONFIG
-#       - name: GPR alias
-#         run: echo "@scientist-softserv:registry=https://npm.pkg.github.com" >> $NPM_CONFIG_USERCONFIG
-#       - run: yarn install
-#       - run: yarn test
-
-#       - name: Login to GitHub Container Registry
-#         uses: docker/login-action@v2
-#         with:
-#           registry: ${{ env.REGISTRY }}
-#           username: ${{ github.actor }}
-#           password: ${{ secrets.GITHUB_TOKEN }}
-
-#       - name: Retag action for Docker image
-#         id: meta-docker-image
-#         uses: docker/[email protected]
-#         with:
-#           images: |
-#             name=${{ env.REGISTRY }}/${{ env.REPO_LOWER }}
-#           tags: |
-#             type=raw,value=latest,enable={{is_default_branch}}
-
-#       - run: cp $NPM_CONFIG_USERCONFIG .npmrc; cat .npmrc
-
-#       - name: Build and push Docker image
-#         uses: docker/build-push-action@v3
-#         with:
-#           cache-from: type=registry,ref=${{ env.REGISTRY }}/${{ env.REPO_LOWER }}:${{ env.TAG }}
-#           context: .
-#           push: true
-#           tags: |
-#             ${{ steps.meta-docker-image.outputs.tags }}
-#             ${{ env.REGISTRY }}/${{ env.REPO_LOWER }}:${{ env.TAG }}
+jobs:
+  build:
+    uses: scientist-softserv/actions/.github/workflows/[email protected]
+    secrets: inherit
+    with:
+      platforms: "linux/amd64"
+      webTarget: web

.github/workflows/build.yml

@@ -1,5 +1,8 @@
-# we are running the deploy through vercel now so we don't need this github action
-# TODO(alishaevn): fix any potential sentry error's if we switch from vercel to an in house deploy infrastructure
+# This webstore instance is currently deployed to: https://webstore-staging.vercel.app
+# In order to deploy via github actions instead, please update/confirm the following files:
+# - ops/production-deploy.tmpl.yaml
+# - ops/staging-deploy.tmpl.yaml
+# Next, uncomment the following lines
 
 # name: "Deploy"
 # run-name: Deploy (${{ github.ref_name }} -> ${{ inputs.environment }}) by @${{ github.actor }}
@@ -13,6 +16,7 @@
 #         type: choice
 #         options:
 #           - staging
+#           - production
 #       debug_enabled:
 #         type: boolean
 #         description: 'Run the build with tmate debugging enabled (https://github.com/marketplace/actions/debugging-with-tmate)'
@@ -21,5 +25,5 @@
 
 # jobs:
 #   deploy:
-#     uses: scientist-softserv/actions/.github/workflows/[email protected].10
+#     uses: scientist-softserv/actions/.github/workflows/[email protected].16
 #     secrets: inherit

.github/workflows/deploy.yml

@@ -4,12 +4,16 @@ node_modules/
 # Next.js build output
 .next
 
-# Where ENV secrets are stored. refer to the "Note" at the link below for details on the use of this file
-# https://nextjs.org/docs/basic-features/environment-variables#default-environment-variables
-.env.local
+# Where ENV secrets are stored. although NextJS uses `.env.local`
+# (https://nextjs.org/docs/basic-features/environment-variables#default-environment-variables), we are using `.env.development`
+# for consistency with other projects. this also ensures our CICD and docker processes work.
+.env.development
 
 # we want the default npmrc but sometimes folks put in the gh tokens, don't commit those
 .npmrc
 
 # Sentry
 .sentryclirc
+
+# Emacs
+*.~undo-tree~

.gitignore

@@ -1,30 +1,14 @@
-FROM node:18-alpine AS builder
-
-ENV NODE_ENV=production \
-    NEXT_TELEMETRY_DISABLED=1
-
-WORKDIR /home/node/app
-
-ADD . /home/node/app
-
-# https://github.com/vercel/next.js/discussions/22149#discussioncomment-366180
-RUN yarn install && yarn build && npm prune --omit=dev
-
-FROM node:18-alpine
+FROM node:18-alpine as web
 
 ENV NODE_ENV="production" \
     NEXT_TELEMETRY_DISABLED=1
 
 WORKDIR /home/node/app
+RUN yarn add --dev eslint
 
-# https://javascript.plainenglish.io/reduce-docker-image-size-for-your-next-js-app-bcb65d322222
-# and
-# https://nextjs.org/docs/advanced-features/output-file-tracing
-COPY --from=builder /home/node/app/package.json       /home/node/app/
-COPY --from=builder /home/node/app/yarn.lock          /home/node/app/
-COPY --from=builder /home/node/app/next.config.js     /home/node/app/
-COPY --from=builder /home/node/app/public             /home/node/app/public
-COPY --from=builder /home/node/app/.next/standalone   /home/node/app/
-COPY --from=builder /home/node/app/.next/static       /home/node/app/.next/static
+COPY package.json yarn.lock /home/node/app/
+RUN  yarn
 
-CMD ["node", "server.js"]
+COPY . /home/node/app
+RUN yarn build
+CMD ["yarn", "start"]

Dockerfile

@@ -84,7 +84,7 @@ All API endpoints in this app require some form of authentication. A logged out
 
 ##### User Credentials
 ``` bash
-# .env.local
+# .env.development
 NEXTAUTH_SECRET # create this by running `openssl rand -base64 32` in your terminal
 CLIENT_ID # retrieved from the provider storefront
 CLIENT_SECRET # retrieved from the provider storefront
@@ -104,7 +104,7 @@ curl -X POST -H 'Authorization: Basic THISISAREALLYLONGALPHANUMERICSTRING' -d 'g
 The curl command will return a JSON object that has an `access_token` property. Store the value of that property as shown below:
 
 ``` bash
-# .env.local
+# .env.development
 NEXT_PUBLIC_TOKEN
 ```
 
@@ -149,14 +149,14 @@ There are 2 types of Cypress tests, e2e & component.
 If you are creating an e2e test, it will live in the `cypress/e2e` directory. Component tests will need to be created in a directory called `cypress/component `
 
 #### Setup your Cypress env variables
-- the Cypress suite requires an environment variable that should be stored in your `.env.local` and not committed to git.
+- the Cypress suite requires an environment variable that should be stored in your `.env.development` and not committed to git.
   - TEST_SESSION_COOKIE=
     - to get the value for this variable, open your browser to your running app at `localhost:3000`.
     - inspect the page
     - click the "Application" tab
     - click "Cookies"
     - find the value for `next-auth.session-token`
-    - copy that value and paste it in the `TEST_SESSION_COOKIE` variable in your .env.local
+    - copy that value and paste it in the `TEST_SESSION_COOKIE` variable in your .env.development
     - do not ever commit this value
     - this value will need to be updated whenever the cookie expires, approximately once per month
 

README.md

@@ -29,4 +29,4 @@ helm upgrade \
     --namespace="$namespace" \
     --create-namespace \
     "$release_name" \
-    ./charts/webstore
+    ./charts/webstore

bin/helm_deploy

@@ -0,0 +1,33 @@
+#!/bin/sh
+
+# This script wraps up helm deployment. It is meant as a clear starting point for
+# commandline deployment or CI based deployment. It requires the following ENV vars be set
+#
+# CHART_VERSION: this is the version of the hyrax chart you want to deploy. default - 0.22.0
+# DEPLOY_IMAGE: this is the build image that runs the rails application. Typically this would run puma or passenger. eg: samvera/hyrax or ghcr.io/samvera/hyku. Defaults to gcrh.io/samvera/hyku
+# DEPLOY_TAG: name of of the tag you want to deploy for deploy image. eg: "latest" or "v3.0.1" or "f123asdf1". Defaults to latest
+# HELM_EXTRA_ARGS: any additional arguments you'd like passed to helm upgrade directly. can be blank.
+
+if [ -z "$1" ] || [ -z "$2" ]
+then
+    echo './bin/helm_deploy RELEASE_NAME NAMESPACE'
+    exit 1
+fi
+release_name="${1}"
+namespace="${2}"
+
+HELM_EXTRA_ARGS="${HELM_EXTRA_ARGS}:---values ops/production-deploy.yaml"
+DEPLOY_IMAGE="${DEPLOY_IMAGE:-ghcr.io/scientist-softserv/webstore}"
+DEPLOY_TAG="${DEPLOY_TAG:-latest}"
+
+helm upgrade \
+    --install \
+    --atomic \
+    --timeout 15m0s \
+    --set image.repository="$DEPLOY_IMAGE" \
+    --set image.tag="$DEPLOY_TAG" \
+    --values ops/production-deploy.yaml \
+    --namespace="$namespace" \
+    --create-namespace \
+    "$release_name" \
+    ./charts/webstore

bin/helm_deploy_local

@@ -34,33 +34,47 @@ spec:
           image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           env:
+            - name: CLIENT_SECRET
+              value: "{{ .Values.clientSecret }}"
+            - name: CLIENT_ID
+              value: "{{ .Values.clientId }}"
+            - name: NEXTAUTH_SECRET
+              value: "{{ .Values.nextAuthSecret }}"
             - name: NEXTAUTH_URL
               value: "{{ .Values.nextAuthUrl }}"
-            - name: NEXT_PUBLIC_PROVIDER_NAME
-              value: "{{ .Values.providerName }}"
+            - name: NEXT_PUBLIC_APP_BASE_URL
+              value: "{{ .Values.appBaseUrl }}"
             - name: NEXT_PUBLIC_PROVIDER_ID
               value: "{{ .Values.providerId }}"
+            - name: NEXT_PUBLIC_PROVIDER_NAME
+              value: "{{ .Values.providerName }}"
             - name: NEXT_PUBLIC_SCIENTIST_API_VERSION
               value: "{{ .Values.scientistApiVersion }}"
             - name: NEXT_PUBLIC_TOKEN
               value: "{{ .Values.nextPublicToken }}"
-            - name: NEXTAUTH_SECRET
-              value: "{{ .Values.nextAuthSecret }}"
-            - name: CLIENT_SECRET
-              value: "{{ .Values.clientSecret }}"
-            - name: CLIENT_ID
-              value: "{{ .Values.clientId }}"
+            - name: NEXT_PUBLIC_WEBHOOK_URL
+              value: "{{ .Values.webhookUrl }}"
+            - name: SENTRY_AUTH_TOKEN
+              value: "{{ .Values.sentryAuthToken }}"
             - name: SENTRY_DSN
               value: "{{ .Values.sentryDsn }}"
+            - name: SENTRY_ORG
+              value: "{{ .Values.sentryOrg }}"
+            - name: SENTRY_PROJECT
+              value: "{{ .Values.sentryProject }}"
+            - name: SENTRY_URL
+              value: "{{ .Values.sentryUrl }}"
           ports:
             - name: http
               containerPort: {{ .Values.service.port }}
               protocol: TCP
           livenessProbe:
+            initialDelaySeconds: 60
             httpGet:
               path: /
               port: http
           readinessProbe:
+            initialDelaySeconds: 60
             httpGet:
               path: /
               port: http

charts/webstore/templates/deployment.yaml

@@ -8,16 +8,27 @@ image:
   repository: ghcr.io/scientist-softserv/webstore
   pullPolicy: IfNotPresent
   # Overrides the image tag whose default is the chart appVersion.
-  tag: "0.0.2"
+  tag: '0.0.2'
 
+appBaseUrl: ''
+clientId: ''
+clientSecret: ''
+fullnameOverride: ''
 imagePullSecrets: []
-nameOverride: ""
-fullnameOverride: ""
-apiTokenConfigSecret: ""
-nextAuthUrl: ""
-providerName: ""
-providerId: ""
-scientistApiVersion: ""
+nameOverride: ''
+nextAuthSecret: ''
+nextAuthUrl: ''
+nextPublicToken: ''
+providerId: ''
+providerName: ''
+replicaCount: ''
+scientistApiVersion: ''
+sentryAuthToken: ''
+sentryDsn: ''
+sentryOrg: ''
+sentryProject: ''
+sentryUrl: ''
+webhookUrl: ''
 
 serviceAccount:
   # Specifies whether a service account should be created
@@ -26,7 +37,7 @@ serviceAccount:
   annotations: {}
   # The name of the service account to use.
   # If not set and create is true, a name is generated using the fullname template
-  name: ""
+  name: ''
 
 podAnnotations: {}
 
@@ -47,7 +58,7 @@ service:
 
 ingress:
   enabled: false
-  className: ""
+  className: ''
   annotations: {}
     # kubernetes.io/ingress.class: nginx
     # kubernetes.io/tls-acme: "true"