Skip to content

Main Deploy

Main Deploy #50

Workflow file for this run

name: Main Deploy
concurrency:
group: ${{ github.workflow }}
cancel-in-progress: true
on:
workflow_dispatch:
jobs:
##### TESTS ##################################################################
appointment-frontend-cypress:
name: Appointment Frontend Cypress
uses: ./.github/workflows/tyu-reusable-appointment-frontend-cypress.yaml
secrets:
bceid-endpoint: ${{ secrets.CYPRESS_BCEID_ENDPOINT }}
bceid-password: ${{ secrets.CYPRESS_BCEID_PASSWORD }}
bceid-username: ${{ secrets.CYPRESS_BCEID_USERNAME }}
cypress-project-id: ${{ secrets.CYPRESS_PROJECT_ID }}
cypress-record-key: ${{ secrets.CYPRESS_RECORD_KEY }}
keycloak-auth-url: ${{ secrets.KEYCLOAK_AUTH_URL_DEV }}/auth/
keycloak-client: ${{ secrets.KEYCLOAK_APPOINTMENTS_FRONTEND_CLIENT }}
keycloak-realm: ${{ secrets.KEYCLOAK_REALM }}
##### BUILD ##################################################################
appointment-frontend:
name: appointment-frontend
needs: appointment-frontend-cypress
uses: ./.github/workflows/reusable-build-dockerfile.yaml
secrets:
artifactory-password: ${{ secrets.ARTIFACTORY_PASSWORD }}
artifactory-registry: ${{ secrets.ARTIFACTORY_REGISTRY }}
artifactory-username: ${{ secrets.ARTIFACTORY_USERNAME }}
namespace-theq: ${{ secrets.LICENCE_PLATE_THEQ }}-tools
namespace-theq-password: ${{ secrets.SA_PASSWORD_THEQ_TOOLS }}
namespace-theq-username: ${{ secrets.SA_USERNAME }}
namespace-qms: ${{ secrets.LICENCE_PLATE_QMS }}-tools
namespace-qms-password: ${{ secrets.SA_PASSWORD_QMS_TOOLS }}
namespace-qms-username: ${{ secrets.SA_USERNAME }}
openshift-registry: ${{ secrets.OPENSHIFT_REGISTRY }}
with:
directory: appointment-frontend
image-name: appointment-nginx-frontend
image-tags: commit-${GITHUB_SHA::7} latest
push-qms: ${{ github.repository_owner == 'bcgov' }}
push-theq: ${{ github.repository_owner == 'bcgov' }}
feedback-api:
name: feedback-api
needs: appointment-frontend-cypress
uses: ./.github/workflows/reusable-build-s2i.yaml
secrets:
namespace-theq: ${{ secrets.LICENCE_PLATE_THEQ }}-tools
namespace-theq-password: ${{ secrets.SA_PASSWORD_THEQ_TOOLS }}
namespace-theq-username: ${{ secrets.SA_USERNAME }}
namespace-qms: ${{ secrets.LICENCE_PLATE_QMS }}-tools
namespace-qms-password: ${{ secrets.SA_PASSWORD_QMS_TOOLS }}
namespace-qms-username: ${{ secrets.SA_USERNAME }}
openshift-registry: ${{ secrets.OPENSHIFT_REGISTRY }}
with:
directory: feedback-api
image-name: feedback-api
image-tags: commit-${GITHUB_SHA::7} latest
push-qms: ${{ github.repository_owner == 'bcgov' }}
push-theq: ${{ github.repository_owner == 'bcgov' }}
notifications-api:
name: notifications-api
needs: appointment-frontend-cypress
uses: ./.github/workflows/reusable-build-s2i.yaml
secrets:
namespace-theq: ${{ secrets.LICENCE_PLATE_THEQ }}-tools
namespace-theq-password: ${{ secrets.SA_PASSWORD_THEQ_TOOLS }}
namespace-theq-username: ${{ secrets.SA_USERNAME }}
namespace-qms: ${{ secrets.LICENCE_PLATE_QMS }}-tools
namespace-qms-password: ${{ secrets.SA_PASSWORD_QMS_TOOLS }}
namespace-qms-username: ${{ secrets.SA_USERNAME }}
openshift-registry: ${{ secrets.OPENSHIFT_REGISTRY }}
with:
directory: notifications-api
image-name: notifications-api
image-tags: commit-${GITHUB_SHA::7} latest
push-qms: ${{ github.repository_owner == 'bcgov' }}
push-theq: ${{ github.repository_owner == 'bcgov' }}
queue-management-api:
name: queue-management-api
needs: appointment-frontend-cypress
uses: ./.github/workflows/reusable-build-s2i.yaml
secrets:
artifactory-password: ${{ secrets.ARTIFACTORY_PASSWORD }}
artifactory-registry: ${{ secrets.ARTIFACTORY_REGISTRY }}
artifactory-username: ${{ secrets.ARTIFACTORY_USERNAME }}
namespace-theq: ${{ secrets.LICENCE_PLATE_THEQ }}-tools
namespace-theq-password: ${{ secrets.SA_PASSWORD_THEQ_TOOLS }}
namespace-theq-username: ${{ secrets.SA_USERNAME }}
namespace-qms: ${{ secrets.LICENCE_PLATE_QMS }}-tools
namespace-qms-password: ${{ secrets.SA_PASSWORD_QMS_TOOLS }}
namespace-qms-username: ${{ secrets.SA_USERNAME }}
openshift-registry: ${{ secrets.OPENSHIFT_REGISTRY }}
with:
directory: api
image-name: queue-management-api
image-tags: commit-${GITHUB_SHA::7} latest
push-qms: ${{ github.repository_owner == 'bcgov' }}
push-theq: ${{ github.repository_owner == 'bcgov' }}
queue-management-frontend:
name: queue-management-frontend
needs: appointment-frontend-cypress
uses: ./.github/workflows/reusable-build-dockerfile.yaml
secrets:
artifactory-password: ${{ secrets.ARTIFACTORY_PASSWORD }}
artifactory-registry: ${{ secrets.ARTIFACTORY_REGISTRY }}
artifactory-username: ${{ secrets.ARTIFACTORY_USERNAME }}
namespace-theq: ${{ secrets.LICENCE_PLATE_THEQ }}-tools
namespace-theq-password: ${{ secrets.SA_PASSWORD_THEQ_TOOLS }}
namespace-theq-username: ${{ secrets.SA_USERNAME }}
namespace-qms: ${{ secrets.LICENCE_PLATE_QMS }}-tools
namespace-qms-password: ${{ secrets.SA_PASSWORD_QMS_TOOLS }}
namespace-qms-username: ${{ secrets.SA_USERNAME }}
openshift-registry: ${{ secrets.OPENSHIFT_REGISTRY }}
with:
directory: frontend
image-name: queue-management-nginx-frontend
image-tags: commit-${GITHUB_SHA::7} latest
push-qms: ${{ github.repository_owner == 'bcgov' }}
push-theq: ${{ github.repository_owner == 'bcgov' }}
send-appointment-reminder-crond:
name: send-appointment-reminder-crond
needs: appointment-frontend-cypress
uses: ./.github/workflows/reusable-build-dockerfile.yaml
secrets:
artifactory-password: ${{ secrets.ARTIFACTORY_PASSWORD }}
artifactory-registry: ${{ secrets.ARTIFACTORY_REGISTRY }}
artifactory-username: ${{ secrets.ARTIFACTORY_USERNAME }}
namespace-theq: ${{ secrets.LICENCE_PLATE_THEQ }}-tools
namespace-theq-password: ${{ secrets.SA_PASSWORD_THEQ_TOOLS }}
namespace-theq-username: ${{ secrets.SA_USERNAME }}
namespace-qms: ${{ secrets.LICENCE_PLATE_QMS }}-tools
namespace-qms-password: ${{ secrets.SA_PASSWORD_QMS_TOOLS }}
namespace-qms-username: ${{ secrets.SA_USERNAME }}
openshift-registry: ${{ secrets.OPENSHIFT_REGISTRY }}
with:
directory: jobs/appointment_reminder
image-name: send-appointment-reminder-crond
image-tags: commit-${GITHUB_SHA::7} latest
push-qms: ${{ github.repository_owner == 'bcgov' }}
push-theq: ${{ github.repository_owner == 'bcgov' }}
##### DEPLOY THE Q ###########################################################
approve-theq-dev:
name: Approve Deploy to The Q Dev
if: github.repository_owner == 'bcgov'
needs: [appointment-frontend, feedback-api, notifications-api, queue-management-api, queue-management-frontend, send-appointment-reminder-crond]
environment: The Q Dev
runs-on: ubuntu-latest
steps:
- name: Deployment Approval
run: echo Approved
tag-theq-dev:
name: Tag The Q Dev
if: github.repository_owner == 'bcgov'
needs: approve-theq-dev
uses: ./.github/workflows/reusable-tag-image.yaml
secrets:
licence-plate: ${{ secrets.LICENCE_PLATE_THEQ }}
openshift-api: ${{ secrets.OPENSHIFT_API }}
token: ${{ secrets.SA_PASSWORD_THEQ_TOOLS }}
with:
image-names: appointment-nginx-frontend feedback-api notifications-api queue-management-api queue-management-nginx-frontend send-appointment-reminder-crond
tag-from: commit-${GITHUB_SHA::7}
tag-to: dev
wait-for-rollouts:
name: Wait for Rollouts
if: github.repository_owner == 'bcgov'
needs: tag-theq-dev
uses: ./.github/workflows/reusable-wait-for-rollouts.yaml
secrets:
licence-plate: ${{ secrets.LICENCE_PLATE_THEQ }}
openshift-api: ${{ secrets.OPENSHIFT_API }}
token: ${{ secrets.SA_PASSWORD_THEQ_DEV }}
with:
image-names: appointment-nginx-frontend feedback-api notifications-api queue-management-api queue-management-nginx-frontend send-appointment-reminder-crond-dev
tag-to: dev
newman-theq:
name: Newman Tests in The Q Dev
needs: wait-for-rollouts
runs-on: ubuntu-latest
steps:
- name: Check out
uses: actions/checkout@v2
- name: NPM Install
run: |
cd api/postman
npm install newman
- name: Run Newman Tests
run: |
cd api/postman
node_modules/newman/bin/newman.js run API_Test_TheQ_Booking.json \
-e postman_env.json \
--delay-request 250 \
--global-var 'auth_url=${{ vars.POSTMAN_AUTH_URL_DEV }}' \
--global-var 'client_secret=${{ secrets.POSTMAN_CLIENT_SECRET_DEV }}' \
--global-var 'clientid=${{ vars.POSTMAN_CLIENTID_DEV }}' \
--global-var 'password=${{ secrets.POSTMAN_PASSWORD }}' \
--global-var 'password_nonqtxn=${{ secrets.POSTMAN_PASSWORD_NONQTXN }}' \
--global-var 'public_url=${{ vars.POSTMAN_PUBLIC_API_URL_THEQ_DEV }}' \
--global-var 'public_user_id=${{ vars.POSTMAN_PUBLIC_USERID }}' \
--global-var 'public_user_password=${{ secrets.POSTMAN_PASSWORD_PUBLIC_USER }}' \
--global-var 'realm=${{ vars.POSTMAN_REALM }}' \
--global-var 'url=${{ vars.POSTMAN_API_URL_THEQ_DEV }}' \
--global-var 'userid=${{ vars.POSTMAN_USERID }}' \
--global-var 'userid_nonqtxn=${{ vars.POSTMAN_USERID_NONQTXN }}'
owasp-staff:
name: OWASP ZAP Scan of Staff Frontend
needs: wait-for-rollouts
runs-on: ubuntu-latest
steps:
- name: OWASP ZAP Scan
uses: zaproxy/[email protected]
with:
allow_issue_writing: false
cmd_options: '-z "-config scanner.threadPerHost=20"'
target: ${{ secrets.ZAP_STAFFURL_THEQ_DEV }}
- name: Upload Report as Artifact
uses: actions/upload-artifact@v3
with:
name: OWASP ZAP - Staff Front End Report
path: report_html.html
owasp-appointment:
name: OWASP ZAP Scan of Appointment Frontend
needs: wait-for-rollouts
runs-on: ubuntu-latest
steps:
- name: OWASP ZAP Scan
uses: zaproxy/[email protected]
with:
allow_issue_writing: false
cmd_options: '-z "-config scanner.threadPerHost=20"'
target: ${{ secrets.ZAP_APPTMNTURL_THEQ_DEV }}
- name: Upload Report as Artifact
uses: actions/upload-artifact@v3
with:
name: OWASP ZAP - Appointment Front End Report
path: report_html.html
approve-theq-test:
name: Approve Deploy to The Q Test
if: github.repository_owner == 'bcgov'
needs: [newman-theq, owasp-staff, owasp-appointment]
environment: The Q Test
runs-on: ubuntu-latest
steps:
- name: Deployment Approval
run: echo Approved
tag-theq-test:
name: Tag The Q Test
if: github.repository_owner == 'bcgov'
needs: approve-theq-test
uses: ./.github/workflows/reusable-tag-image.yaml
secrets:
licence-plate: ${{ secrets.LICENCE_PLATE_THEQ }}
openshift-api: ${{ secrets.OPENSHIFT_API }}
token: ${{ secrets.SA_PASSWORD_THEQ_TOOLS }}
with:
image-names: appointment-nginx-frontend feedback-api notifications-api queue-management-api queue-management-nginx-frontend send-appointment-reminder-crond
tag-from: commit-${GITHUB_SHA::7}
tag-to: test
approve-theq-prod:
name: Approve Deploy to The Q Prod
if: github.repository_owner == 'bcgov'
needs: tag-theq-test
environment: The Q Prod
runs-on: ubuntu-latest
steps:
- name: Deployment Approval
run: echo Approved
tag-theq-stable:
name: Tag The Q Stable
if: github.repository_owner == 'bcgov'
needs: approve-theq-prod
uses: ./.github/workflows/reusable-tag-image.yaml
secrets:
licence-plate: ${{ secrets.LICENCE_PLATE_THEQ }}
openshift-api: ${{ secrets.OPENSHIFT_API }}
token: ${{ secrets.SA_PASSWORD_THEQ_TOOLS }}
with:
image-names: appointment-nginx-frontend feedback-api notifications-api queue-management-api queue-management-nginx-frontend send-appointment-reminder-crond
tag-from: prod
tag-to: stable
tag-theq-prod:
name: Tag The Q Prod
if: github.repository_owner == 'bcgov'
needs: tag-theq-stable
uses: ./.github/workflows/reusable-tag-image.yaml
secrets:
licence-plate: ${{ secrets.LICENCE_PLATE_THEQ }}
openshift-api: ${{ secrets.OPENSHIFT_API }}
token: ${{ secrets.SA_PASSWORD_THEQ_TOOLS }}
with:
image-names: appointment-nginx-frontend feedback-api notifications-api queue-management-api queue-management-nginx-frontend send-appointment-reminder-crond
tag-from: commit-${GITHUB_SHA::7}
tag-to: prod
##### DEPLOY QMS #############################################################
approve-qms-dev:
name: Approve Deploy to QMS Dev
if: github.repository_owner == 'bcgov'
needs: [appointment-frontend, feedback-api, notifications-api, queue-management-api, queue-management-frontend, send-appointment-reminder-crond]
environment: QMS Dev
runs-on: ubuntu-latest
steps:
- name: Deployment Approval
run: echo Approved
tag-qms-dev:
name: Tag QMS Dev
if: github.repository_owner == 'bcgov'
needs: approve-qms-dev
uses: ./.github/workflows/reusable-tag-image.yaml
secrets:
licence-plate: ${{ secrets.LICENCE_PLATE_QMS }}
openshift-api: ${{ secrets.OPENSHIFT_API }}
token: ${{ secrets.SA_PASSWORD_QMS_TOOLS }}
with:
image-names: appointment-nginx-frontend feedback-api notifications-api queue-management-api queue-management-nginx-frontend send-appointment-reminder-crond
tag-from: commit-${GITHUB_SHA::7}
tag-to: dev
approve-qms-test:
name: Approve Deploy to QMS Test
if: github.repository_owner == 'bcgov'
needs: tag-qms-dev
environment: QMS Test
runs-on: ubuntu-latest
steps:
- name: Deployment Approval
run: echo Approved
tag-qms-test:
name: Tag QMS Test
if: github.repository_owner == 'bcgov'
needs: approve-qms-test
uses: ./.github/workflows/reusable-tag-image.yaml
secrets:
licence-plate: ${{ secrets.LICENCE_PLATE_QMS }}
openshift-api: ${{ secrets.OPENSHIFT_API }}
token: ${{ secrets.SA_PASSWORD_QMS_TOOLS }}
with:
image-names: appointment-nginx-frontend feedback-api notifications-api queue-management-api queue-management-nginx-frontend send-appointment-reminder-crond
tag-from: commit-${GITHUB_SHA::7}
tag-to: test
approve-qms-prod:
name: Approve Deploy to QMS Prod
if: github.repository_owner == 'bcgov'
needs: tag-qms-test
environment: QMS Prod
runs-on: ubuntu-latest
steps:
- name: Deployment Approval
run: echo Approved
tag-qms-stable:
name: Tag QMS Stable
if: github.repository_owner == 'bcgov'
needs: approve-qms-prod
uses: ./.github/workflows/reusable-tag-image.yaml
secrets:
licence-plate: ${{ secrets.LICENCE_PLATE_QMS }}
openshift-api: ${{ secrets.OPENSHIFT_API }}
token: ${{ secrets.SA_PASSWORD_QMS_TOOLS }}
with:
image-names: appointment-nginx-frontend feedback-api notifications-api queue-management-api queue-management-nginx-frontend send-appointment-reminder-crond
tag-from: prod
tag-to: stable
tag-qms-prod:
name: Tag QMS Prod
if: github.repository_owner == 'bcgov'
needs: tag-qms-stable
uses: ./.github/workflows/reusable-tag-image.yaml
secrets:
licence-plate: ${{ secrets.LICENCE_PLATE_QMS }}
openshift-api: ${{ secrets.OPENSHIFT_API }}
token: ${{ secrets.SA_PASSWORD_QMS_TOOLS }}
with:
image-names: appointment-nginx-frontend feedback-api notifications-api queue-management-api queue-management-nginx-frontend send-appointment-reminder-crond
tag-from: commit-${GITHUB_SHA::7}
tag-to: prod