Skip to content

Commit

Permalink
Merge pull request #4508 from bcgov/test
Browse files Browse the repository at this point in the history 
Release 5.6
  • Loading branch information
@devinleighsmith
devinleighsmith authored Nov 28, 2024
2 parents 647a6a3 + d5019db commit 9939f5f
Show file tree
Hide file tree
Showing 1,375 changed files with 302,087 additions and 16,283 deletions.
23 changes: 9 additions & 14 deletions .github/workflows/api-dotnetcore.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -104,21 +104,16 @@ jobs:
cd ..
head TestResults/coverage.opencover.xml
- name: Codecov
uses: codecov/[email protected]
env:
CODECOV_TOKEN: ${{ secrets.CODECOV }}
- name: Save PR number and scan results
run: |
mkdir -p ./pr
echo ${{ github.event.pull_request.number }} > ./pr/NR
cp ${{env.working-directory}}/tests/unit/TestResults/coverage.opencover.xml ./pr
- uses: actions/upload-artifact@v4
with:
# User defined upload name. Visible in Codecov UI
name: PIMS
# Path to coverage file to upload
file: ${{env.working-directory}}/tests/unit/TestResults/coverage.opencover.xml
# Flag upload to group coverage metrics (e.g. unittests | integration | ui,chrome)
flags: unittests
# Environment variables to tag the upload with (e.g. PYTHON | OS,PYTHON)
env_vars: C#
# Specify whether or not CI build should fail if Codecov runs into an error during upload
fail_ci_if_error: false
name: pr-codecov
path: pr/

- name: SonarScanner for .NET 8 with pull request decoration support
id: scan
Expand Down
32 changes: 13 additions & 19 deletions .github/workflows/app-react.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,36 +57,30 @@ jobs:
env:
REACT_APP_TENANT: MOTI

- name: Codecov
uses: codecov/[email protected]
env:
CODECOV_TOKEN: ${{ secrets.CODECOV }}
- name: Save PR number and scan results
run: |
mkdir -p ./pr
echo ${{ github.event.pull_request.number }} > ./pr/NR
cp ${{env.working-directory}}/coverage/coverage-final.json ./pr
- uses: actions/upload-artifact@v4
with:
# User defined upload name. Visible in Codecov UI
name: PIMS
# Path to coverage file to upload
file: ${{env.working-directory}}/coverage/coverage-final.json
# Flag upload to group coverage metrics (e.g. unittests | integration | ui,chrome)
flags: unittests
# Environment variables to tag the upload with (e.g. PYTHON | OS,PYTHON)
env_vars: javascript
# Specify whether or not CI build should fail if Codecov runs into an error during upload
fail_ci_if_error: false
name: pr-codecov
path: pr/

- name: SonarQube Scan
id: scan
uses: sonarsource/sonarqube-scan-action@master
if: false
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
SONAR_HOST_URL: ${{ secrets.SONAR_URL }}
PROJECT_KEY: ${{secrets.PROJECT_KEY_APP}}
SONAR_HOST_URL: https://sonarqube-3cd915-tools.apps.silver.devops.gov.bc.ca/
PROJECT_KEY: 21faa627-fe70-4a67-89e3-1262a32d2e2c
PROJECT_NAME: PIMS-APP
with:
projectBaseDir: ${{env.working-directory}}
args: >
-Dsonar.projectKey=${{env.PROJECT_KEY}}
-Dsonar.projectName=${{env.PROJECT_NAME}}
-Dsonar.projectKey=21faa627-fe70-4a67-89e3-1262a32d2e2c
-Dsonar.projectName=PIMS-APP
-Dsonar.qualitygate.wait=true
# Send notifications only if MS_TEAMS_NOTIFY_URL secret has been set
Expand Down
48 changes: 21 additions & 27 deletions .github/workflows/ci-cd-pims-dev.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,6 @@ env:
MS_TEAMS_WEBHOOK_BUILD_CHANNEL: ${{ secrets.MS_TEAMS_WEBHOOK_URI_BUILD_CHANNEL }}
AUTH__KEYCLOAK__SECRET: ${{ secrets.KEYCLOAK_SECRET }}
AUTH__KEYCLOAK__SERVICEACCOUNT__SECRET: ${{ secrets.KEYCLOAK_SERVICEACCOUNT_SECRET }}
sync-directory: ./tools/keycloak/sync
ASPNETCORE_ENVIRONMENT: "Development"

## variables for scripts under git\openshift\4.0\scripts\oc-*.sh
Expand Down Expand Up @@ -101,6 +100,7 @@ jobs:
run: |
./openshift/4.0/player.sh deploy api $DESTINATION -apply
./openshift/4.0/player.sh deploy app $DESTINATION -apply
oc tag mayan-bcgov:latest-$DESTINATION mayan-bcgov:$DESTINATION
# the command:
# 1) creates an openshift job with generated name to avoid name conflict, substituting the variables in the template.
Expand All @@ -127,31 +127,6 @@ jobs:
oc wait --for=condition=complete job/$JOB_NAME --timeout=120s
oc get pods -o custom-columns=POD:.metadata.name --no-headers | grep -Eo $JOB_NAME-[^\s].* | (read POD_NAME; oc logs $POD_NAME)
sync-keycloak:
name: Sync Keycloak
needs: database-upgrade
runs-on: ubuntu-latest
steps:
- name: Checkout Source Code
uses: actions/checkout@v4

- name: Setup .NET 8
uses: actions/setup-dotnet@v3
with:
dotnet-version: "8.0.x"

- name: Install dependencies for keycloak sync
run: dotnet restore
working-directory: ${{env.sync-directory}}

- name: Build keycloak sync
run: dotnet build
working-directory: ${{env.sync-directory}}

- name: Start keycloak sync
run: dotnet run
working-directory: ${{env.sync-directory}}

## Call the mayan sync task three times, once for each mayan sync endpoint. The task will wait for the job to complete before exiting.
## Note: this depends on the mayan-sync configmap for the target namespace being up to date.
mayan-sync:
Expand All @@ -175,11 +150,30 @@ jobs:
oc process -f ./openshift/4.0/templates/jobs/mayan-sync.yaml -p NAMESPACE=3cd915-dev -p TOKEN_URL=https://dev.loginproxy.gov.bc.ca:443/auth/realms/standard/protocol/openid-connect/token -p CLIENT_ID=property-services-project-api-dev-only-4700 -p MAYAN_SYNC_URL=https://pims-app-3cd915-dev.apps.silver.devops.gov.bc.ca:443/api/documents/sync/documenttype -p KEYCLOAK_SECRET_NAME=pims-api-sso | oc create -f - | grep -oP "(?<=\/)[^\s]*" | (read TASK_NAME; oc wait --for=condition=succeeded taskruns/$TASK_NAME --timeout=80s)
oc process -f ./openshift/4.0/templates/jobs/mayan-sync.yaml -p NAMESPACE=3cd915-dev -p TOKEN_URL=https://dev.loginproxy.gov.bc.ca:443/auth/realms/standard/protocol/openid-connect/token -p CLIENT_ID=property-services-project-api-dev-only-4700 -p MAYAN_SYNC_URL=https://pims-app-3cd915-dev.apps.silver.devops.gov.bc.ca:443/api/documents/sync/mayan -p KEYCLOAK_SECRET_NAME=pims-api-sso | oc create -f - | grep -oP "(?<=\/)[^\s]*" | (read TASK_NAME; oc wait --for=condition=succeeded taskruns/$TASK_NAME --timeout=80s)
## Call the tekton pipeline that executes the keycloak sync. Dependent on the pims-api being accessible. Can run in parallel with the mayan sync.
keycloak-sync:
name: sync keycloak
needs: database-upgrade
runs-on: ubuntu-latest
steps:
- name: Checkout Source Code
uses: actions/checkout@v4
- name: Login to OpenShift
uses: redhat-actions/oc-login@v1
with:
openshift_server_url: ${{ env.OPENSHIFT_SERVER }}
openshift_token: ${{ env.OPENSHIFT_TOKEN }}
insecure_skip_tls_verify: true
namespace: 3cd915-dev
- name: call scripts to sync keycloak
shell: bash
run: |
oc process -f ./openshift/4.0/templates/jobs/keycloak-sync-pipeline-run.yaml -p ASPNETCORE_ENVIRONMENT=$ASPNETCORE_ENVIRONMENT -p NAMESPACE=3cd915-dev -p BRANCH=$DESTINATION -p API_URL=http://pims-api:8080/api | oc create -f - | grep -oP "(?<=\/)[^\s]*" | (read PIPELINE_NAME; oc wait --for=condition=succeeded pipelineruns/$PIPELINE_NAME --timeout=500s)
ci-cd-end-notification:
name: CI-CD End Notification to Teams Channel
runs-on: ubuntu-latest
needs: sync-keycloak
needs: keycloak-sync
if: ${{ always() && github.event.pull_request.merged == true }}
steps:
- name: check workflow status
Expand Down
93 changes: 93 additions & 0 deletions .github/workflows/codecov-comment-pr.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,93 @@
name: Codecov Comment on PR

# read-write repo token
# access to secrets
on:
workflow_run:
workflows: ["API (.NET 8)", "APP (React)"]
types:
- completed

jobs:
upload:
runs-on: ubuntu-latest
if: >
github.event.workflow_run.event == 'pull_request' &&
github.event.workflow_run.conclusion == 'success'
steps:
- uses: actions/checkout@v4
with:
repository: ${{ github.event.workflow_run.head_repository.full_name }}
ref: ${{ github.event.workflow_run.head_branch }}
fetch-depth: 0
- name: "Download artifact"
uses: actions/github-script@v7
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
var artifacts = await github.rest.actions.listWorkflowRunArtifacts({
owner: context.repo.owner,
repo: context.repo.repo,
run_id: ${{github.event.workflow_run.id }},
});
var matchArtifact = artifacts.data.artifacts.filter((artifact) => {
return artifact.name == "pr-codecov"
})[0];
var download = await github.rest.actions.downloadArtifact({
owner: context.repo.owner,
repo: context.repo.repo,
artifact_id: matchArtifact.id,
archive_format: 'zip',
});
var fs = require('fs');
fs.writeFileSync('${{github.workspace}}/pr.zip', Buffer.from(download.data));
- run: unzip pr.zip
- name: "Comment on PR"
id: create-comment
uses: actions/github-script@v7
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
var fs = require('fs');
var issue_number = Number(fs.readFileSync('./NR'));
await github.rest.issues.createComment({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: issue_number,
body: 'See CodeCov Report Here: https://app.codecov.io/github/bcgov/psp/pull/' + issue_number
});
return issue_number;
result-encoding: string
- name: Codecov(API)
if: ${{ github.event.workflow_run.name == 'API (.NET 8)' }}
uses: codecov/[email protected]
env:
CODECOV_TOKEN: ${{ secrets.CODECOV }}
with:
# User defined upload name. Visible in Codecov UI
name: PIMS
# Path to coverage file to upload
file: ./coverage.opencover.xml
# Flag upload to group coverage metrics (e.g. unittests | integration | ui,chrome)
flags: unittests
env_vars: C#
# Specify whether or not CI build should fail if Codecov runs into an error during upload
fail_ci_if_error: false
override_pr: ${{steps.create-comment.outputs.result}}
- name: Codecov(APP)
if: ${{ github.event.workflow_run.name == 'APP (React)' }}
uses: codecov/[email protected]
env:
CODECOV_TOKEN: ${{ secrets.CODECOV }}
with:
# User defined upload name. Visible in Codecov UI
name: PIMS
# Path to coverage file to upload
file: ./coverage-final.json
# Flag upload to group coverage metrics (e.g. unittests | integration | ui,chrome)
flags: unittests
# Environment variables to tag the upload with (e.g. PYTHON | OS,PYTHON)
env_vars: javascript
# Specify whether or not CI build should fail if Codecov runs into an error during upload
fail_ci_if_error: false
override_pr: ${{steps.create-comment.outputs.result}}
32 changes: 14 additions & 18 deletions .github/workflows/deploy-prod-start.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,6 @@ env:
MS_TEAMS_WEBHOOK_BUILD_CHANNEL: ${{ secrets.MS_TEAMS_WEBHOOK_URI_BUILD_CHANNEL }}
AUTH__KEYCLOAK__SECRET: ${{ secrets.KEYCLOAK_SECRET_PROD }}
AUTH__KEYCLOAK__SERVICEACCOUNT__SECRET: ${{ secrets.KEYCLOAK_SERVICEACCOUNT_SECRET }}
sync-directory: ./tools/keycloak/sync
ASPNETCORE_ENVIRONMENT: "prod"

APP_PORT: 8080
Expand Down Expand Up @@ -74,6 +73,7 @@ jobs:
[[ -z ${{github.event.inputs.OVERRIDE_VERSION}} ]] && RELEASE_VERSION=${{steps.previoustag.outputs.tag}}-master || RELEASE_VERSION=${{github.event.inputs.OVERRIDE_VERSION}}-master
RELEASE_TAG=$RELEASE_VERSION ./openshift/4.0/player.sh deploy api $DESTINATION -apply
RELEASE_TAG=$RELEASE_VERSION ./openshift/4.0/player.sh deploy app $DESTINATION -apply
oc tag mayan-bcgov:$RELEASE_VERSION mayan-bcgov:master
# the command:
# 1) creates an openshift job with generated name to avoid name conflict, substituting the variables in the template.
Expand Down Expand Up @@ -123,27 +123,23 @@ jobs:
oc process -f ./openshift/4.0/templates/jobs/mayan-sync.yaml -p NAMESPACE=3cd915-prod -p TOKEN_URL=https://loginproxy.gov.bc.ca:443/auth/realms/standard/protocol/openid-connect/token -p CLIENT_ID=property-services-project-api-4380 -p MAYAN_SYNC_URL=https://pims-app-3cd915-prod.apps.silver.devops.gov.bc.ca/documents/sync/documenttype -p KEYCLOAK_SECRET_NAME=pims-api-sso | oc create -f - | grep -oP "(?<=\/)[^\s]*" | (read TASK_NAME; oc wait --for=condition=succeeded taskruns/$TASK_NAME --timeout=80s)
oc process -f ./openshift/4.0/templates/jobs/mayan-sync.yaml -p NAMESPACE=3cd915-prod -p TOKEN_URL=https://loginproxy.gov.bc.ca:443/auth/realms/standard/protocol/openid-connect/token -p CLIENT_ID=property-services-project-api-4380 -p MAYAN_SYNC_URL=https://pims-app-3cd915-prod.apps.silver.devops.gov.bc.ca/api/documents/sync/mayan -p KEYCLOAK_SECRET_NAME=pims-api-sso | oc create -f - | grep -oP "(?<=\/)[^\s]*" | (read TASK_NAME; oc wait --for=condition=succeeded taskruns/$TASK_NAME --timeout=80s)
sync-keycloak:
name: Sync Keycloak
## Call the tekton pipeline that executes the keycloak sync. Dependent on the pims-api being accessible. Can run in parallel with the mayan sync.
keycloak-sync:
name: sync keycloak
needs: database-upgrade
runs-on: ubuntu-latest
steps:
- name: Checkout Source Code
uses: actions/checkout@v4

- name: Setup .NET 8
uses: actions/setup-dotnet@v3
- name: Login to OpenShift
uses: redhat-actions/oc-login@v1
with:
dotnet-version: "8.0.x"

- name: Install dependencies for keycloak sync
run: dotnet restore
working-directory: ${{env.sync-directory}}

- name: Build keycloak sync
run: dotnet build
working-directory: ${{env.sync-directory}}
openshift_server_url: ${{ env.OPENSHIFT_SERVER }}
openshift_token: ${{ env.OPENSHIFT_TOKEN }}
insecure_skip_tls_verify: true
namespace: 3cd915-prod
- name: call scripts to sync keycloak
shell: bash
run: |
oc process -f ./openshift/4.0/templates/jobs/keycloak-sync-pipeline-run.yaml -p ASPNETCORE_ENVIRONMENT=$ASPNETCORE_ENVIRONMENT -p NAMESPACE=3cd915-prod -p BRANCH=$DESTINATION -p API_URL=http://pims-api:8080/api | oc create -f - | grep -oP "(?<=\/)[^\s]*" | (read PIPELINE_NAME; oc wait --for=condition=succeeded pipelineruns/$PIPELINE_NAME --timeout=500s)
- name: Start keycloak sync
run: dotnet run
working-directory: ${{env.sync-directory}}
49 changes: 23 additions & 26 deletions .github/workflows/retag-dev-to-test.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -63,6 +63,7 @@ jobs:
run: |
./openshift/4.0/player.sh deploy api $DESTINATION -apply
./openshift/4.0/player.sh deploy app $DESTINATION -apply
oc tag mayan-bcgov:dev mayan-bcgov:$DESTINATION
# the command:
# 1) creates an openshift job with generated name to avoid name conflict, substituting the variables in the template.
Expand All @@ -89,31 +90,6 @@ jobs:
oc wait --for=condition=complete job/$JOB_NAME --timeout=120s
oc get pods -o custom-columns=POD:.metadata.name --no-headers | grep -Eo $JOB_NAME-[^\s].* | (read POD_NAME; oc logs $POD_NAME)
sync-keycloak:
name: Sync Keycloak
needs: database-upgrade
runs-on: ubuntu-latest
steps:
- name: Checkout Source Code
uses: actions/checkout@v4

- name: Setup .NET 8
uses: actions/setup-dotnet@v3
with:
dotnet-version: "8.0.x"

- name: Install dependencies for keycloak sync
run: dotnet restore
working-directory: ${{env.sync-directory}}

- name: Build keycloak sync
run: dotnet build
working-directory: ${{env.sync-directory}}

- name: Start keycloak sync
run: dotnet run
working-directory: ${{env.sync-directory}}
## Call the mayan sync task three times, once for each mayan sync endpoint. The task will wait for the job to complete before exiting.
## Note: this depends on the mayan-sync configmap for the target namespace being up to date.
mayan-sync:
Expand All @@ -137,10 +113,31 @@ jobs:
oc process -f ./openshift/4.0/templates/jobs/mayan-sync.yaml -p NAMESPACE=3cd915-dev -p TOKEN_URL=https://dev.loginproxy.gov.bc.ca:443/auth/realms/standard/protocol/openid-connect/token -p CLIENT_ID=property-services-project-api-4380 -p MAYAN_SYNC_URL=https://pims-app-test-3cd915-dev.apps.silver.devops.gov.bc.ca:443/api/documents/sync/documenttype -p KEYCLOAK_SECRET_NAME=pims-api-sso-test | oc create -f - | grep -oP "(?<=\/)[^\s]*" | (read TASK_NAME; oc wait --for=condition=succeeded taskruns/$TASK_NAME --timeout=80s)
oc process -f ./openshift/4.0/templates/jobs/mayan-sync.yaml -p NAMESPACE=3cd915-dev -p TOKEN_URL=https://dev.loginproxy.gov.bc.ca:443/auth/realms/standard/protocol/openid-connect/token -p CLIENT_ID=property-services-project-api-4380 -p MAYAN_SYNC_URL=https://pims-app-test-3cd915-dev.apps.silver.devops.gov.bc.ca:443/api/documents/sync/mayan -p KEYCLOAK_SECRET_NAME=pims-api-sso-test | oc create -f - | grep -oP "(?<=\/)[^\s]*" | (read TASK_NAME; oc wait --for=condition=succeeded taskruns/$TASK_NAME --timeout=80s)
## Call the tekton pipeline that executes the keycloak sync. Dependent on the pims-api being accessible. Can run in parallel with the mayan sync.
keycloak-sync:
name: sync keycloak
needs: database-upgrade
runs-on: ubuntu-latest
steps:
- name: Checkout Source Code
uses: actions/checkout@v4
- name: Login to OpenShift
uses: redhat-actions/oc-login@v1
with:
openshift_server_url: ${{ env.OPENSHIFT_SERVER }}
openshift_token: ${{ env.OPENSHIFT_TOKEN }}
insecure_skip_tls_verify: true
namespace: ${{ env.NAMESPACE_OVERRIDE }}
- name: call scripts to sync keycloak
shell: bash
run: |
oc process -f ./openshift/4.0/templates/jobs/keycloak-sync-pipeline-run.yaml -p ASPNETCORE_ENVIRONMENT=$ASPNETCORE_ENVIRONMENT -p NAMESPACE=$NAMESPACE_OVERRIDE -p BRANCH=dev -p KEYCLOAK_SECRET_NAME=pims-api-sso-test -p KEYCLOAK_SERVICE_ACCOUNT_SECRET_NAME=pims-api-sso-test -p API_URL=http://pims-api-test:8080/api | oc create -f - | grep -oP "(?<=\/)[^\s]*" | (read PIPELINE_NAME; oc wait --for=condition=succeeded pipelineruns/$PIPELINE_NAME --timeout=600s)
ci-cd-end-notification:
name: CI-CD End Notification to Teams Channel
runs-on: ubuntu-latest
needs: sync-keycloak
needs: keycloak-sync
steps:
- name: check workflow status
uses: martialonline/workflow-status@v4
Expand Down
Loading

0 comments on commit 9939f5f

Please sign in to comment.