15499 Firebase deployment and convert configmap and keycloak to .env (#…

…529) * 15499 Firebase deployment and convert configmap and keycloak to .env * Replace PaySystemAlert banner to banner text. * Fixed the function name issue. * Remove firebase.json * Fixed for code review. * Fixed missing configs. * Fixed the security header * Fixed the APP Path issue in CD * Fixed the OCP deployment issue.
bcgov · Mar 25, 2023 · bd2956f · bd2956f
1 parent 76ec37b
commit bd2956f
Show file tree

Hide file tree

Showing 20 changed files with 379 additions and 235 deletions.
diff --git a/.env b/.env
diff --git a/.env.example b/.env.example
@@ -0,0 +1,50 @@
+# Base Path Openshift: businesses/create Firebase:
+VUE_APP_PATH=businesses/create
+
+#vaults Shared
+VUE_APP_ADDRESS_COMPLETE_KEY=
+
+#vaults web-url
+VUE_APP_REGISTRY_HOME_URL="https://dev.bcros.ca/"
+VUE_APP_AUTH_WEB_URL="https://dev.bcregistry.ca/business/auth/"
+VUE_APP_BUSINESSES_URL="https://dev.bcregistry.ca/business/auth/"
+VUE_APP_DASHBOARD_URL="https://dev.bcregistry.ca/business/"
+VUE_APP_SITEMINDER_LOGOUT_URL="https://logontest7.gov.bc.ca/clp-cgi/logoff.cgi"
+
+#vaults API
+VUE_APP_AUTH_API_URL="https://auth-api-dev.apps.silver.devops.gov.bc.ca"
+VUE_APP_AUTH_API_VERSION="/api/v1"
+VUE_APP_LEGAL_API_URL="https://legal-api-dev.apps.silver.devops.gov.bc.ca"
+VUE_APP_LEGAL_API_VERSION_2="/api/v2"
+VUE_APP_NAICS_API_URL="https://legal-api-dev.apps.silver.devops.gov.bc.ca"
+VUE_APP_NAICS_API_VERSION_2="/api/v2"
+VUE_APP_STATUS_API_URL="https://status-api-dev.apps.silver.devops.gov.bc.ca"
+VUE_APP_STATUS_API_VERSION="/api/v1"
+VUE_APP_PAY_API_URL="https://pay-api-dev.apps.silver.devops.gov.bc.ca"
+VUE_APP_PAY_API_VERSION="/api/v1"
+VUE_APP_REGISTRIES_SEARCH_API_URL="https://bcregistry-dev.apigee.net/registry-search"
+VUE_APP_REGISTRIES_SEARCH_API_VERSION="/api/v1"
+VUE_APP_REGISTRIES_SEARCH_API_KEY=
+
+#vaults launchdarkly
+VUE_APP_BUSINESS_CREATE_LD_CLIENT_ID=
+
+#vaults keycloak
+VUE_APP_KEYCLOAK_AUTH_URL="https://dev.loginproxy.gov.bc.ca/auth"
+VUE_APP_KEYCLOAK_REALM="bcregistry"
+VUE_APP_KEYCLOAK_CLIENTID="entity-web"
+
+#vaults sentry
+VUE_APP_SENTRY_DSN=
+
+#vaults hotjar
+VUE_APP_HOTJAR_ID=
+VUE_APP_IA_SURVEY_ID=
+
+#vaults webchat
+VUE_APP_GENESYS_ENV=
+VUE_APP_GENESYS_URL=
+VUE_APP_GENESYS_ID=
+VUE_APP_WEBCHAT_URL=
+VUE_APP_WEBCHAT_REASON=
+VUE_APP_WEBCHAT_STATUS_URL=
diff --git a/.env.production b/.env.production
diff --git a/.github/workflows/cd-firebase.yml b/.github/workflows/cd-firebase.yml
@@ -0,0 +1,32 @@
+name: BUSINESS CREATE UI CD - GCP
+
+on:
+  push:
+    branches:
+      - main
+  workflow_dispatch:
+    inputs:
+      environment:
+        description: "Environment"
+        required: true
+        type: choice
+        options:
+        - dev
+        - test
+        - sandbox
+        - prod
+      tagname:
+        description: "Specify a previous version (git tag) to deploy"
+        required: false
+        default: ""
+
+jobs:
+  business-create-ui-cd:
+    uses: bcgov/bcregistry-sre/.github/workflows/ui-cd.yaml@main
+    with:
+      environment: ${{ inputs.environment }}
+      tagname: ${{ inputs.tagname }}
+    secrets:
+      APP_NAME: "business-create"
+      OP_CONNECT_URL: ${{ secrets.OP_CONNECT_URL }}
+      OP_CONNECT_TOKEN: ${{ secrets.OP_CONNECT_TOKEN }}
diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml
@@ -1,4 +1,4 @@
-name: Business Create UI CD
+name: BUSINESS CREATE UI CD - OCP
 
 on:
   push:
@@ -7,104 +7,31 @@ on:
   workflow_dispatch:
     inputs:
       environment:
-        description: "Environment (dev/test/prod)"
+        description: "Environment"
         required: true
-        default: "dev"
-
-defaults:
-  run:
-    shell: bash
-
-env:
-  APP_NAME: "business-create"
-  TAG_NAME: "dev"
+        type: choice
+        options:
+        - dev
+        - test
+        - sandbox
+        - prod
+      tagname:
+        description: "Specify a previous version (git tag) to deploy"
+        required: false
+        default: ""
 
 jobs:
-  business-create-cd-by-push:
-    runs-on: ubuntu-20.04
-
-    if: github.event_name == 'push' && github.repository == 'bcgov/business-create-ui'
-    environment:
-      name: "dev"
-
-    steps:
-      - uses: actions/checkout@v3
-
-      - name: Login Openshift
-        shell: bash
-        run: |
-          oc login --server=${{secrets.OPENSHIFT4_LOGIN_REGISTRY}} --token=${{secrets.OPENSHIFT4_SA_TOKEN}}
-
-      - name: CD Flow
-        shell: bash
-        env:
-          OPS_REPOSITORY: ${{ secrets.OPS_REPOSITORY }}
-          OPENSHIFT_DOCKER_REGISTRY: ${{ secrets.OPENSHIFT4_DOCKER_REGISTRY }}
-          OPENSHIFT_SA_NAME: ${{ secrets.OPENSHIFT4_SA_NAME }}
-          OPENSHIFT_SA_TOKEN: ${{ secrets.OPENSHIFT4_SA_TOKEN }}
-          OPENSHIFT_REPOSITORY: ${{ secrets.OPENSHIFT4_REPOSITORY }}
-          TAG_NAME: ${{ env.TAG_NAME }}
-        run: |
-          make cd
-
-      - name: Watch new rollout (trigger by image change in Openshift)
-        shell: bash
-        run: |
-          oc rollout status dc/${{ env.APP_NAME }}-${{ env.TAG_NAME }} -n ${{ secrets.OPENSHIFT4_REPOSITORY }}-${{ env.TAG_NAME }} -w
-
-      - name: Rocket.Chat Notification
-        uses: RocketChat/Rocket.Chat.GitHub.Action.Notification@master
-        if: failure()
-        with:
-          type: ${{ job.status }}
-          job_name: "*Business Create UI Built and Deployed to ${{env.TAG_NAME}}*"
-          channel: "#registries-bot"
-          url: ${{ secrets.ROCKETCHAT_WEBHOOK }}
-          commit: true
-          token: ${{ secrets.GITHUB_TOKEN }}
-
-  business-create-cd-by-dispatch:
-    runs-on: ubuntu-20.04
-
-    if: github.event_name == 'workflow_dispatch' && github.repository == 'bcgov/business-create-ui'
-    environment:
-      name: "${{ github.event.inputs.environment }}"
-
-    steps:
-      - uses: actions/checkout@v3
-      - name: Set env by input
-        run: |
-          echo "TAG_NAME=${{ github.event.inputs.environment }}" >> $GITHUB_ENV
-
-      - name: Login Openshift
-        shell: bash
-        run: |
-          oc login --server=${{secrets.OPENSHIFT4_LOGIN_REGISTRY}} --token=${{secrets.OPENSHIFT4_SA_TOKEN}}
-
-      - name: CD Flow
-        shell: bash
-        env:
-          OPS_REPOSITORY: ${{ secrets.OPS_REPOSITORY }}
-          OPENSHIFT_DOCKER_REGISTRY: ${{ secrets.OPENSHIFT4_DOCKER_REGISTRY }}
-          OPENSHIFT_SA_NAME: ${{ secrets.OPENSHIFT4_SA_NAME }}
-          OPENSHIFT_SA_TOKEN: ${{ secrets.OPENSHIFT4_SA_TOKEN }}
-          OPENSHIFT_REPOSITORY: ${{ secrets.OPENSHIFT4_REPOSITORY }}
-          TAG_NAME: ${{ env.TAG_NAME }}
-        run: |
-          make cd
-
-      - name: Watch new rollout (trigger by image change in Openshift)
-        shell: bash
-        run: |
-          oc rollout status dc/${{ env.APP_NAME }}-${{ env.TAG_NAME }} -n ${{ secrets.OPENSHIFT4_REPOSITORY }}-${{ env.TAG_NAME }} -w
-
-      - name: Rocket.Chat Notification
-        uses: RocketChat/Rocket.Chat.GitHub.Action.Notification@master
-        if: failure()
-        with:
-          type: ${{ job.status }}
-          job_name: "*Business Create UI Built and Deployed to ${{env.TAG_NAME}}*"
-          channel: "#registries-bot"
-          url: ${{ secrets.ROCKETCHAT_WEBHOOK }}
-          commit: true
-          token: ${{ secrets.GITHUB_TOKEN }}
+  business-create-cd:
+    uses: bcgov/bcregistry-sre/.github/workflows/ui-cd-ocp.yaml@main
+    with:
+      environment: ${{ inputs.environment }}
+      tagname: ${{ inputs.tagname }}
+    secrets:
+      APP_NAME: "business-create"
+      OP_CONNECT_URL: ${{ secrets.OP_CONNECT_URL }}
+      OP_CONNECT_TOKEN: ${{ secrets.OP_CONNECT_TOKEN }}
+      OPENSHIFT_LOGIN_REGISTRY: ${{ secrets.OPENSHIFT4_LOGIN_REGISTRY}}
+      OPENSHIFT_DOCKER_REGISTRY: ${{ secrets.OPENSHIFT4_DOCKER_REGISTRY }}
+      OPENSHIFT_SA_NAME: ${{ secrets.OPENSHIFT4_SA_NAME }}
+      OPENSHIFT_SA_TOKEN: ${{ secrets.OPENSHIFT4_SA_TOKEN }}
+      OPENSHIFT_REPOSITORY: ${{ secrets.OPENSHIFT4_REPOSITORY }}
diff --git a/.gitignore b/.gitignore
@@ -143,3 +143,7 @@ yarn-error.log*
 
 # IDE history
 .history
+
+# Firebase
+.firebase
+*.firebaserc
diff --git a/Makefile b/Makefile
@@ -12,10 +12,6 @@ DOCKER_NAME=business-create
 setup: ## Clean and Install npm dependencies
 	npm ci
 
-create-env: ## create the configration files from dev
-	@oc get configmap $(DOCKER_NAME)-dev-ui-configuration  -n "$(OPENSHIFT_REPOSITORY)-dev" \
-		-o json | jq -r '.data["configuration.json"]' > ./public/config/configuration.json.dev
-
 #################################################################################
 # COMMANDS - CI                                                                 #
 #################################################################################
@@ -35,24 +31,20 @@ test:  ## Unit testing
 # expects export OPENSHIFT_SA_TOKEN="$(oc whoami -t)"
 # expects export OPENSHIFT_REPOSITORY=""
 # expects export TAG_NAME="dev/test"
-# expects export OPS_REPOSITORY=""                                                        #
 #################################################################################
 cd: ## CD flow
 ifeq ($(TAG_NAME), test)
-cd: vault-env
-	oc -n "$(OPENSHIFT_REPOSITORY)-tools" tag $(DOCKER_NAME):dev $(DOCKER_NAME):$(TAG_NAME)
+BUILD_TAG_NAME=test-latest
+cd: build tag
 else ifeq ($(TAG_NAME), prod)
-cd: vault-env
-	oc -n "$(OPENSHIFT_REPOSITORY)-tools" tag $(DOCKER_NAME):$(TAG_NAME) $(DOCKER_NAME):$(TAG_NAME)-$(shell date +%F)
-	oc -n "$(OPENSHIFT_REPOSITORY)-tools" tag $(DOCKER_NAME):test $(DOCKER_NAME):$(TAG_NAME)
+BUILD_TAG_NAME=prod-latest
+cd: build tag-production
 else
+BUILD_TAG_NAME=dev-latest
 TAG_NAME=dev
-cd: build vault-env tag
+cd: build tag
 endif
 
-local-build: ## NPM build
-	npm run build
-
 build: ## Build the docker container
 	docker build . -t $(DOCKER_NAME) \
 		--build-arg VCS_REF=$(shell git rev-parse --short HEAD) \
@@ -64,22 +56,15 @@ build-nc: ## Build the docker container without caching
 REGISTRY_IMAGE=$(OPENSHIFT_DOCKER_REGISTRY)/$(OPENSHIFT_REPOSITORY)-tools/$(DOCKER_NAME)
 push: #build ## Push the docker container to the registry & tag latest
 	@echo "$(OPENSHIFT_SA_TOKEN)" | docker login $(OPENSHIFT_DOCKER_REGISTRY) -u $(OPENSHIFT_SA_NAME) --password-stdin ;\
-    docker tag $(DOCKER_NAME) $(REGISTRY_IMAGE):latest ;\
-    docker push $(REGISTRY_IMAGE):latest
-
-VAULTS=`cat devops/vaults.json`
-vault-env: ## Update env from 1pass
-	oc -n "$(OPS_REPOSITORY)-$(TAG_NAME)" exec "dc/vault-service-$(TAG_NAME)" -- ./scripts/1pass.sh \
-		-m "secret" \
-		-e "$(TAG_NAME)" \
-		-a "$(DOCKER_NAME)-$(TAG_NAME)" \
-		-n "$(OPENSHIFT_REPOSITORY)-$(TAG_NAME)" \
-		-v "$(VAULTS)" \
-		-r "true" \
-		-f "true"
+    docker tag $(DOCKER_NAME) $(REGISTRY_IMAGE):$(BUILD_TAG_NAME) ;\
+    docker push $(REGISTRY_IMAGE):$(BUILD_TAG_NAME)
 
 tag: push ## tag image
-	oc -n "$(OPENSHIFT_REPOSITORY)-tools" tag $(DOCKER_NAME):latest $(DOCKER_NAME):$(TAG_NAME)
+	oc -n "$(OPENSHIFT_REPOSITORY)-tools" tag $(DOCKER_NAME):$(BUILD_TAG_NAME) $(DOCKER_NAME):$(TAG_NAME)
+
+tag-production: push ## tag image
+	oc -n "$(OPENSHIFT_REPOSITORY)-tools" tag $(DOCKER_NAME):$(TAG_NAME) $(DOCKER_NAME):$(TAG_NAME)-$(shell date +%F) ;\
+	oc -n "$(OPENSHIFT_REPOSITORY)-tools" tag $(DOCKER_NAME):$(BUILD_TAG_NAME) $(DOCKER_NAME):$(TAG_NAME)
 
 #################################################################################
 # Self Documenting Commands                                                     #

diff --git a/devops/cloudbuild-cd.yaml b/devops/cloudbuild-cd.yaml
@@ -0,0 +1,30 @@
+steps:
+  # install / setup ci
+  - name: node:$_DEPLOYMENT_NODE_VERSION
+    entrypoint: npm
+    args: ['install']
+
+  #
+  # Generate the static site
+  #
+  - name: node:$_DEPLOYMENT_NODE_VERSION
+    entrypoint: npm
+    args: ['--openssl-legacy-provider', 'run', 'build']
+
+  #
+  # Deploy to firebase channel, using the PR #
+  # store log to /workspace to get the channel URL
+  #
+  - name: gcr.io/$_DEPLOYMENT_PROJECT/firebase
+    entrypoint: bash
+    args: ['-c', 'firebase deploy --project=$_DEPLOYMENT_PROJECT --config=firebase-$_DEPLOYMENT_ENVIRONMENT.json --only hosting:$_DEPLOYMENT_HOST_NAME']
+
+substitutions:
+    _DEPLOYMENT_ENVIRONMENT: '${_DEPLOYMENT_ENVIRONMENT}'
+    _DEPLOYMENT_PROJECT: '${_DEPLOYMENT_PROJECT}'
+    _DEPLOYMENT_NODE_VERSION: '${_DEPLOYMENT_NODE_VERSION}'
+    _DEPLOYMENT_HOST_NAME: '${_DEPLOYMENT_HOST_NAME}'
+
+
+options:
+  logging: CLOUD_LOGGING_ONLY
diff --git a/devops/vaults.env b/devops/vaults.env
@@ -0,0 +1,50 @@
+# Base Path Openshift: businesses/create Firebase:
+VUE_APP_PATH=
+
+#vaults Shared
+VUE_APP_ADDRESS_COMPLETE_KEY="op://canadapost/$APP_ENV/address-key/ADDRESS_COMPLETE_KEY"
+
+#vaults web-url
+VUE_APP_REGISTRY_HOME_URL="op://web-url/$APP_ENV/registry/REGISTRY_HOME_URL"
+VUE_APP_AUTH_WEB_URL="op://web-url/$APP_ENV/auth-web/AUTH_WEB_URL"
+VUE_APP_BUSINESSES_URL="op://web-url/$APP_ENV/business/BUSINESSES_URL"
+VUE_APP_DASHBOARD_URL="op://web-url/$APP_ENV/business/DASHBOARD_URL"
+VUE_APP_SITEMINDER_LOGOUT_URL="op://web-url/$APP_ENV/siteminder/SITEMINDER_LOGOUT_URL"
+
+#vaults API
+VUE_APP_AUTH_API_URL="op://API/$APP_ENV/auth-api/AUTH_API_URL"
+VUE_APP_AUTH_API_VERSION="op://API/$APP_ENV/auth-api/AUTH_API_VERSION"
+VUE_APP_LEGAL_API_URL="op://API/$APP_ENV/legal-api/LEGAL_API_URL"
+VUE_APP_LEGAL_API_VERSION_2="op://API/$APP_ENV/legal-api/LEGAL_API_VERSION_2"
+VUE_APP_NAICS_API_URL="op://API/$APP_ENV/naics-api/NAICS_API_URL"
+VUE_APP_NAICS_API_VERSION_2="op://API/$APP_ENV/naics-api/NAICS_API_VERSION"
+VUE_APP_STATUS_API_URL="op://API/$APP_ENV/status-api/STATUS_API_URL"
+VUE_APP_STATUS_API_VERSION="op://API/$APP_ENV/status-api/STATUS_API_VERSION"
+VUE_APP_PAY_API_URL="op://API/$APP_ENV/pay-api/PAY_API_URL"
+VUE_APP_PAY_API_VERSION="op://API/$APP_ENV/pay-api/PAY_API_VERSION"
+VUE_APP_REGISTRIES_SEARCH_API_URL="op://API/$APP_ENV/registries-search-api/REGISTRIES_SEARCH_API_URL"
+VUE_APP_REGISTRIES_SEARCH_API_VERSION="op://API/$APP_ENV/registries-search-api/REGISTRIES_SEARCH_API_VERSION"
+VUE_APP_REGISTRIES_SEARCH_API_KEY="op://API/$APP_ENV/registries-search-api/REGISTRIES_SEARCH_API_KEY"
+
+#vaults launchdarkly
+VUE_APP_BUSINESS_CREATE_LD_CLIENT_ID="op://launchdarkly/$APP_ENV/business-create/BUSINESS_CREATE_LD_CLIENT_ID"
+
+#vaults keycloak
+VUE_APP_KEYCLOAK_AUTH_URL="op://keycloak/$APP_ENV/base/KEYCLOAK_AUTH_BASE_URL"
+VUE_APP_KEYCLOAK_REALM="op://keycloak/$APP_ENV/base/KEYCLOAK_REALMNAME"
+VUE_APP_KEYCLOAK_CLIENTID="op://keycloak/$APP_ENV/entity-web/UI_KEYCLOAK_RESOURCE_NAME"
+
+#vaults sentry
+VUE_APP_SENTRY_DSN="op://sentry/$APP_ENV/entity/SENTRY_DSN"
+
+#vaults hotjar (hotjar id - ready to use)
+VUE_APP_HOTJAR_ID=
+VUE_APP_IA_SURVEY_ID="op://hotjar/$APP_ENV/shared/IA_SURVEY_ID"
+
+#vaults webchat
+VUE_APP_GENESYS_ENV="op://webchat/$APP_ENV/base/GENESYS_ENV"
+VUE_APP_GENESYS_URL="op://webchat/$APP_ENV/base/GENESYS_URL"
+VUE_APP_GENESYS_ID="op://webchat/$APP_ENV/business-create-ui/GENESYS_ID"
+VUE_APP_WEBCHAT_URL="op://webchat/$APP_ENV/base/WEBCHAT_URL"
+VUE_APP_WEBCHAT_REASON="op://webchat/$APP_ENV/business-create-ui/WEBCHAT_REASON"
+VUE_APP_WEBCHAT_STATUS_URL="op://webchat/$APP_ENV/business-create-ui/WEBCHAT_STATUS_URL"