diff --git a/.github/workflows/test-ci-dc-2-d.yaml b/.github/workflows/test-ci-dc-2-d.yaml new file mode 100644 index 000000000..fab967f53 --- /dev/null +++ b/.github/workflows/test-ci-dc-2-d.yaml @@ -0,0 +1,332 @@ +name: TFRS replace DC with D on Test 2.21.1 + +on: + workflow_dispatch: + +env: + GIT_URL: https://github.com/bcgov/tfrs.git + TOOLS_NAMESPACE: ${{ secrets.OPENSHIFT_NAMESPACE_PLATE }}-tools + TEST_NAMESPACE: ${{ secrets.OPENSHIFT_NAMESPACE_PLATE }}-test + GIT_REF: "release-2.21.1" + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +jobs: + get-version: + name: Get the version + runs-on: ubuntu-latest + + outputs: + VERSION: ${{ steps.get-version.outputs.VERSION }} + + steps: + - id: get-version + run: | + echo "VERSION=2.21.1" >> $GITHUB_OUTPUT + + build-backend: + name: Build tfrs Backend + runs-on: ubuntu-latest + timeout-minutes: 60 + needs: [get-version] + + env: + BUILD_SUFFIX: ${{ needs.get-version.outputs.VERSION }} + + steps: + - name: Check out repository + uses: actions/checkout@v4.1.1 + with: + ref: ${{ env.GIT_REF }} + + - name: Log in to Openshift + uses: redhat-actions/oc-login@v1.3 + with: + openshift_server_url: ${{ secrets.OPENSHIFT_SERVER }} + openshift_token: ${{ secrets.OPENSHIFT_TOKEN }} + insecure_skip_tls_verify: true + namespace: ${{ env.TOOLS_NAMESPACE }} + + - name: Build tfrs Backend + run: | + cd openshift-v4/templates/backend + oc process -f ./backend-bc-docker.yaml NAME=tfrs SUFFIX=-${{ env.BUILD_SUFFIX }} VERSION=${{ env.BUILD_SUFFIX }} GIT_URL=${{ env.GIT_URL }} GIT_REF=${{ env.GIT_REF }} | oc apply --wait=true -f - -n ${{ env.TOOLS_NAMESPACE }} + sleep 2s + for build in $(oc -n ${{ env.TOOLS_NAMESPACE }} get builds -l buildconfig=tfrs-backend-${{ env.BUILD_SUFFIX }} -o jsonpath='{.items[?(@.status.phase=="Running")].metadata.name}'); do + echo "canceling $build" + oc -n ${{ env.TOOLS_NAMESPACE }} cancel-build $build + done + sleep 2s + oc -n ${{ env.TOOLS_NAMESPACE }} start-build tfrs-backend-${{ env.BUILD_SUFFIX }} --wait=true + + build-frontend: + name: Build TFRS Frontend + runs-on: ubuntu-latest + timeout-minutes: 60 + needs: [get-version] + + env: + BUILD_SUFFIX: ${{ needs.get-version.outputs.VERSION }} + + steps: + - name: Check out repository + uses: actions/checkout@v4.1.1 + with: + ref: ${{ env.GIT_REF }} + + - name: Log in to Openshift + uses: redhat-actions/oc-login@v1.3 + with: + openshift_server_url: ${{ secrets.OPENSHIFT_SERVER }} + openshift_token: ${{ secrets.OPENSHIFT_TOKEN }} + insecure_skip_tls_verify: true + namespace: ${{ env.TOOLS_NAMESPACE }} + + - name: Build TFRS Frontend + run: | + cd openshift-v4/templates/frontend + oc process -f ./frontend-bc-docker.yaml NAME=tfrs SUFFIX=-${{ env.BUILD_SUFFIX }} VERSION=${{ env.BUILD_SUFFIX }} GIT_URL=${{ env.GIT_URL }} GIT_REF=${{ env.GIT_REF }} | oc apply --wait=true -f - -n ${{ env.TOOLS_NAMESPACE }} + sleep 2s + for build in $(oc -n ${{ env.TOOLS_NAMESPACE }} get builds -l buildconfig=tfrs-frontend-${{ env.BUILD_SUFFIX }} -o jsonpath='{.items[?(@.status.phase=="Running")].metadata.name}'); do + echo "canceling $build" + oc -n ${{ env.TOOLS_NAMESPACE }} cancel-build $build + done + sleep 2s + oc -n ${{ env.TOOLS_NAMESPACE }} start-build tfrs-frontend-${{ env.BUILD_SUFFIX }} --wait=true + + build-scan-coordinator: + name: Build TFRS scan-coordinator + runs-on: ubuntu-latest + timeout-minutes: 60 + needs: [get-version] + + env: + BUILD_SUFFIX: ${{ needs.get-version.outputs.VERSION }} + + steps: + - name: Check out repository + uses: actions/checkout@v4.1.1 + with: + ref: ${{ env.GIT_REF }} + + - name: Log in to Openshift + uses: redhat-actions/oc-login@v1.3 + with: + openshift_server_url: ${{ secrets.OPENSHIFT_SERVER }} + openshift_token: ${{ secrets.OPENSHIFT_TOKEN }} + insecure_skip_tls_verify: true + namespace: ${{ env.TOOLS_NAMESPACE }} + + - name: Build TFRS scan-coordinator + run: | + cd openshift-v4/templates/scan-coordinator + oc process -f ./scan-coordinator-bc.yaml NAME=tfrs SUFFIX=-${{ env.BUILD_SUFFIX }} VERSION=${{ env.BUILD_SUFFIX }} GIT_URL=${{ env.GIT_URL }} GIT_REF=${{ env.GIT_REF }} | oc apply --wait=true -f - -n ${{ env.TOOLS_NAMESPACE }} + sleep 2s + for build in $(oc -n ${{ env.TOOLS_NAMESPACE }} get builds -l buildconfig=tfrs-scan-coordinator-${{ env.BUILD_SUFFIX }} -o jsonpath='{.items[?(@.status.phase=="Running")].metadata.name}'); do + echo "canceling $build" + oc -n ${{ env.TOOLS_NAMESPACE }} cancel-build $build + done + sleep 2s + oc -n ${{ env.TOOLS_NAMESPACE }} start-build tfrs-scan-coordinator-${{ env.BUILD_SUFFIX }} --wait=true + + build-celery: + name: Build TFRS Celery + runs-on: ubuntu-latest + timeout-minutes: 60 + needs: [get-version, build-backend, build-frontend, build-scan-coordinator] + + env: + BUILD_SUFFIX: ${{ needs.get-version.outputs.VERSION }} + + steps: + - name: Check out repository + uses: actions/checkout@v4.1.1 + with: + ref: ${{ env.GIT_REF }} + + - name: Log in to Openshift + uses: redhat-actions/oc-login@v1.3 + with: + openshift_server_url: ${{ secrets.OPENSHIFT_SERVER }} + openshift_token: ${{ secrets.OPENSHIFT_TOKEN }} + insecure_skip_tls_verify: true + namespace: ${{ env.TOOLS_NAMESPACE }} + + - name: Build TFRS Celery + run: | + cd openshift-v4/templates/celery + oc process -f ./celery-bc-docker.yaml NAME=tfrs SUFFIX=-${{ env.BUILD_SUFFIX }} VERSION=${{ env.BUILD_SUFFIX }} GIT_URL=${{ env.GIT_URL }} GIT_REF=${{ env.GIT_REF }} | oc apply --wait=true -f - -n ${{ env.TOOLS_NAMESPACE }} + sleep 2s + for build in $(oc -n ${{ env.TOOLS_NAMESPACE }} get builds -l buildconfig=tfrs-celery-${{ env.BUILD_SUFFIX }} -o jsonpath='{.items[?(@.status.phase=="Running")].metadata.name}'); do + echo "canceling $build" + oc -n ${{ env.TOOLS_NAMESPACE }} cancel-build $build + done + sleep 2s + oc -n ${{ env.TOOLS_NAMESPACE }} start-build tfrs-celery-${{ env.BUILD_SUFFIX }} --wait=true + + build-scan-handler: + name: Build TFRS scan-handler + runs-on: ubuntu-latest + timeout-minutes: 60 + needs: [get-version, build-backend, build-frontend, build-scan-coordinator] + + env: + BUILD_SUFFIX: ${{ needs.get-version.outputs.VERSION }} + + steps: + - name: Check out repository + uses: actions/checkout@v4.1.1 + with: + ref: ${{ env.GIT_REF }} + + - name: Log in to Openshift + uses: redhat-actions/oc-login@v1.3 + with: + openshift_server_url: ${{ secrets.OPENSHIFT_SERVER }} + openshift_token: ${{ secrets.OPENSHIFT_TOKEN }} + insecure_skip_tls_verify: true + namespace: ${{ env.TOOLS_NAMESPACE }} + + - name: Build TFRS scan-handler + run: | + cd openshift-v4/templates/scan-handler + oc process -f ./scan-handler-bc-docker.yaml NAME=tfrs SUFFIX=-${{ env.BUILD_SUFFIX }} VERSION=${{ env.BUILD_SUFFIX }} GIT_URL=${{ env.GIT_URL }} GIT_REF=${{ env.GIT_REF }} | oc apply --wait=true -f - -n ${{ env.TOOLS_NAMESPACE }} + sleep 2s + for build in $(oc -n ${{ env.TOOLS_NAMESPACE }} get builds -l buildconfig=tfrs-scan-handler-${{ env.BUILD_SUFFIX }} -o jsonpath='{.items[?(@.status.phase=="Running")].metadata.name}'); do + echo "canceling $build" + oc -n ${{ env.TOOLS_NAMESPACE }} cancel-build $build + done + sleep 2s + oc -n ${{ env.TOOLS_NAMESPACE }} start-build tfrs-scan-handler-${{ env.BUILD_SUFFIX }} --wait=true + + build-notification-server: + name: Build TFRS Notification Server + runs-on: ubuntu-latest + timeout-minutes: 60 + needs: [get-version, build-backend, build-frontend, build-scan-coordinator] + + env: + BUILD_SUFFIX: ${{ needs.get-version.outputs.VERSION }} + + steps: + - name: Check out repository + uses: actions/checkout@v4.1.1 + with: + ref: ${{ env.GIT_REF }} + + - name: Log in to Openshift + uses: redhat-actions/oc-login@v1.3 + with: + openshift_server_url: ${{ secrets.OPENSHIFT_SERVER }} + openshift_token: ${{ secrets.OPENSHIFT_TOKEN }} + insecure_skip_tls_verify: true + namespace: ${{ env.TOOLS_NAMESPACE }} + + - name: Build TFRS Notification Server + run: | + cd openshift-v4/templates/notification + oc process -f ./notification-server-bc.yaml NAME=tfrs SUFFIX=-${{ env.BUILD_SUFFIX }} VERSION=${{ env.BUILD_SUFFIX }} GIT_URL=${{ env.GIT_URL }} GIT_REF=${{ env.GIT_REF }} | oc apply --wait=true -f - -n ${{ env.TOOLS_NAMESPACE }} + sleep 2s + for build in $(oc -n ${{ env.TOOLS_NAMESPACE }} get builds -l buildconfig=tfrs-notification-server-${{ env.BUILD_SUFFIX }} -o jsonpath='{.items[?(@.status.phase=="Running")].metadata.name}'); do + echo "canceling $build" + oc -n ${{ env.TOOLS_NAMESPACE }} cancel-build $build + done + sleep 2s + oc -n ${{ env.TOOLS_NAMESPACE }} start-build tfrs-notification-server-${{ env.BUILD_SUFFIX }} --wait=true + + deploy: + name: Deploy on Dev + runs-on: ubuntu-latest + timeout-minutes: 60 + # needs: [get-version] + needs: + [ + get-version, + build-backend, + build-frontend, + build-celery, + build-scan-handler, + build-scan-coordinator, + build-notification-server, + ] + + env: + BUILD_SUFFIX: ${{ needs.get-version.outputs.VERSION }} + VERSION: ${{ needs.get-version.outputs.VERSION }} + + steps: + - name: Ask for approval for TFRS Test deployment + uses: trstringer/manual-approval@v1.6.0 + with: + secret: ${{ github.TOKEN }} + approvers: AlexZorkin,kuanfandevops,prv-proton,JulianForeman,kevin-hashimoto,dhaselhan + minimum-approvals: 1 + issue-title: "TFRS ${{ env.GIT_REF }} Test Deployment" + + - name: Checkout Manifest repository + uses: actions/checkout@v4.1.1 + with: + repository: bcgov-c/tenant-gitops-0ab226 + ref: main + ssh-key: ${{ secrets.MANIFEST_REPO_DEPLOY_KEY }} + + - name: Update tags + uses: mikefarah/yq@v4.40.5 + with: + cmd: | + yq -i '.image.tag = "${{ env.BUILD_SUFFIX }}"' tfrs/charts/backend/values-test.yaml + yq -i '.image.tag = "${{ env.BUILD_SUFFIX }}"' tfrs/charts/frontend/values-test.yaml + yq -i '.image.tag = "${{ env.BUILD_SUFFIX }}"' tfrs/charts/notification-server/values-test.yaml + yq -i '.image.tag = "${{ env.BUILD_SUFFIX }}"' tfrs/charts/celery/values-test.yaml + yq -i '.image.tag = "${{ env.BUILD_SUFFIX }}"' tfrs/charts/scan-coordinator/values-test.yaml + yq -i '.image.tag = "${{ env.BUILD_SUFFIX }}"' tfrs/charts/scan-handler/values-test.yaml + + - name: GitHub Commit & Push + shell: bash {0} + run: | + git config --global user.email "actions@github.com" + git config --global user.name "GitHub Actions" + git add -A + git commit -m "Update the image tag to ${{ env.BUILD_SUFFIX }} on Test" + git push + + - name: Log in to Openshift + uses: redhat-actions/oc-login@v1.3 + with: + openshift_server_url: ${{ secrets.OPENSHIFT_SERVER }} + openshift_token: ${{ secrets.OPENSHIFT_TOKEN }} + insecure_skip_tls_verify: true + namespace: ${{ env.TOOLS_NAMESPACE }} + + - name: Tag and deploy to Test + run: | + helm -n ${{ env.TEST_NAMESPACE }} list + oc tag ${{ env.TOOLS_NAMESPACE }}/tfrs-backend:${{ env.BUILD_SUFFIX }} ${{ env.TEST_NAMESPACE }}/tfrs-backend:${{ env.BUILD_SUFFIX }} + oc tag ${{ env.TOOLS_NAMESPACE }}/tfrs-frontend:${{ env.BUILD_SUFFIX }} ${{ env.TEST_NAMESPACE }}/tfrs-frontend:${{ env.BUILD_SUFFIX }} + oc tag ${{ env.TOOLS_NAMESPACE }}/tfrs-celery:${{ env.BUILD_SUFFIX }} ${{ env.TEST_NAMESPACE }}/tfrs-celery:${{ env.BUILD_SUFFIX }} + oc tag ${{ env.TOOLS_NAMESPACE }}/tfrs-scan-coordinator:${{ env.BUILD_SUFFIX }} ${{ env.TEST_NAMESPACE }}/tfrs-scan-coordinator:${{ env.BUILD_SUFFIX }} + oc tag ${{ env.TOOLS_NAMESPACE }}/tfrs-scan-handler:${{ env.BUILD_SUFFIX }} ${{ env.TEST_NAMESPACE }}/tfrs-scan-handler:${{ env.BUILD_SUFFIX }} + oc tag ${{ env.TOOLS_NAMESPACE }}/tfrs-notification-server:${{ env.BUILD_SUFFIX }} ${{ env.TEST_NAMESPACE }}/tfrs-notification-server:${{ env.BUILD_SUFFIX }} + + - name: Helm Deployment + run: | + cd tfrs/charts/backend + helm -n ${{ env.TEST_NAMESPACE }} -f ./values-test.yaml upgrade --install tfrs-backend-test . \ + --set podAnnotations.rolloutTriggered="A$(date +%s)E" + cd ../frontend + helm -n ${{ env.TEST_NAMESPACE }} -f ./values-test.yaml upgrade --install tfrs-frontend-test . \ + --set podAnnotations.rolloutTriggered="A$(date +%s)E" + cd ../notification-server + helm -n ${{ env.TEST_NAMESPACE }} -f ./values-test.yaml upgrade --install tfrs-notification-server-test . \ + --set podAnnotations.rolloutTriggered="A$(date +%s)E" + cd ../celery + helm -n ${{ env.TEST_NAMESPACE }} -f ./values-test.yaml upgrade --install tfrs-celery-test . \ + --set podAnnotations.rolloutTriggered="A$(date +%s)E" + cd ../scan-coordinator + helm -n ${{ env.TEST_NAMESPACE }} -f ./values-test.yaml upgrade --install tfrs-scan-coordinator-test . \ + --set podAnnotations.rolloutTriggered="A$(date +%s)E" + cd ../scan-handler + helm -n ${{ env.TEST_NAMESPACE }} -f ./values-test.yaml upgrade --install tfrs-scan-handler-test . \ + --set podAnnotations.rolloutTriggered="A$(date +%s)E" diff --git a/backend/Dockerfile-Openshift b/backend/Dockerfile-Openshift new file mode 100644 index 000000000..b2d259e9f --- /dev/null +++ b/backend/Dockerfile-Openshift @@ -0,0 +1,30 @@ +# Use an official Python runtime as a parent image +FROM artifacts.developer.gov.bc.ca/docker-remote/python:3.9.20-bullseye + +# Set environment variables +ENV PYTHONDONTWRITEBYTECODE=1 +ENV PYTHONUNBUFFERED=1 + +# Set the working directory in the container +WORKDIR /app + +# Install system dependencies +RUN apt-get update && apt-get install -y \ + build-essential \ + libpq-dev \ + && rm -rf /var/lib/apt/lists/* + +# Install Python dependencies +COPY . /app/ + +RUN pwd && \ + ls -l + +RUN pip install --upgrade pip==24.0 && \ + pip install --no-cache-dir -r requirements.txt + +# Expose the port the app runs on +EXPOSE 8080 + +# Start the Django server +CMD ["gunicorn", "wsgi", "--config", "gunicorn.cfg.py"] diff --git a/frontend/package.json b/frontend/package.json index 7af5661d9..5bd339de8 100644 --- a/frontend/package.json +++ b/frontend/package.json @@ -1,6 +1,6 @@ { "name": "tfrs", - "version": "2.21.0", + "version": "2.21.1", "dependencies": { "@babel/eslint-parser": "^7.19.1", "@babel/plugin-proposal-object-rest-spread": "^7.20.7", diff --git a/openshift-v4/templates/backend/backend-bc-docker.yaml b/openshift-v4/templates/backend/backend-bc-docker.yaml new file mode 100644 index 000000000..37e16d0e8 --- /dev/null +++ b/openshift-v4/templates/backend/backend-bc-docker.yaml @@ -0,0 +1,78 @@ +--- +kind: Template +apiVersion: template.openshift.io/v1 +metadata: + name: tfrs-bc-docker + creationTimestamp: +parameters: + - name: NAME + displayName: + description: the module name entered when run yo bcdk:pipeline, which is tfrs + required: true + - name: SUFFIX + displayName: + description: sample is -pr-0 + required: true + - name: VERSION + displayName: + description: image tag name for output + required: true + - name: GIT_URL + displayName: + description: tfrs repo + required: true + - name: GIT_REF + displayName: + description: tfrs branch name of the pr + required: true +objects: + - apiVersion: image.openshift.io/v1 + kind: ImageStream + metadata: + annotations: + description: Keeps track of changes in the backend image + labels: + shared: "true" + creationTimestamp: null + name: ${NAME}-backend + spec: + lookupPolicy: + local: false + status: + dockerImageRepository: "" + - kind: BuildConfig + apiVersion: build.openshift.io/v1 + metadata: + name: ${NAME}-backend${SUFFIX} + creationTimestamp: + annotations: + description: Defines how to build the application + spec: + runPolicy: SerialLatestOnly + source: + type: Git + git: + uri: ${GIT_URL} + ref: ${GIT_REF} + contextDir: backend + strategy: + dockerStrategy: + dockerfilePath: ./Dockerfile-Openshift + pullSecret: + name: artifacts-default-mogbga + type: Docker + output: + to: + kind: ImageStreamTag + name: ${NAME}-backend:${VERSION} + resources: + limits: + cpu: 1000m + memory: 2Gi + requests: + cpu: 500m + memory: 1Gi + postCommit: {} + nodeSelector: + status: + lastVersion: 0 diff --git a/openshift-v4/templates/scan-handler/Dockerfile b/openshift-v4/templates/scan-handler/Dockerfile index c57fb5c7b..f818ab0c7 100644 --- a/openshift-v4/templates/scan-handler/Dockerfile +++ b/openshift-v4/templates/scan-handler/Dockerfile @@ -5,7 +5,7 @@ RUN apt-get update \ WORKDIR /app/tfrs COPY . . COPY security-scan/scan-handler/scan-handler.conf /etc/supervisor/conf.d -RUN pip install --upgrade pip \ +RUN pip install --upgrade pip==24.0 \ && pip install -r backend/requirements.txt \ && chgrp -R root /var/log/supervisor \ && chmod -R g+w /var/log/supervisor \