Main Deploy #66

Workflow file for this run

.github/workflows/main-deploy.yaml at 9490937

	name: Main Deploy
	concurrency:
	group: ${{ github.workflow }}
	cancel-in-progress: true
	on:
	workflow_dispatch:

	jobs:

	##### TESTS ##################################################################

	appointment-frontend-cypress:
	name: Appointment Frontend Cypress
	uses: ./.github/workflows/tyu-reusable-appointment-frontend-cypress.yaml
	secrets:
	bceid-endpoint: ${{ secrets.CYPRESS_BCEID_ENDPOINT }}
	bceid-password: ${{ secrets.CYPRESS_BCEID_PASSWORD }}
	bceid-username: ${{ secrets.CYPRESS_BCEID_USERNAME }}
	cypress-project-id: ${{ secrets.CYPRESS_PROJECT_ID }}
	cypress-record-key: ${{ secrets.CYPRESS_RECORD_KEY }}
	keycloak-auth-url: ${{ secrets.KEYCLOAK_AUTH_URL_DEV }}/auth/
	keycloak-client: ${{ secrets.KEYCLOAK_APPOINTMENTS_FRONTEND_CLIENT }}
	keycloak-realm: ${{ secrets.KEYCLOAK_REALM }}

	queue-management-frontend-cypress:
	name: Queue Management Frontend Cypress
	uses: ./.github/workflows/reusable-queue-management-frontend-cypress.yaml
	secrets:
	cypress-project-id: ${{ secrets.CYPRESS_PROJECT_ID }}
	cypress-record-key: ${{ secrets.CYPRESS_RECORD_KEY }}
	keycloak-auth-url: ${{ secrets.KEYCLOAK_AUTH_URL_DEV }}/auth/
	keycloak-client: ${{ secrets.KEYCLOAK_APPOINTMENTS_FRONTEND_CLIENT }}
	keycloak-realm: ${{ secrets.KEYCLOAK_REALM }}

	##### BUILD ##################################################################

	appointment-frontend:
	name: appointment-frontend
	needs: [appointment-frontend-cypress, queue-management-frontend-cypress]
	uses: ./.github/workflows/reusable-build-dockerfile.yaml
	secrets:
	artifactory-password: ${{ secrets.ARTIFACTORY_PASSWORD }}
	artifactory-registry: ${{ secrets.ARTIFACTORY_REGISTRY }}
	artifactory-username: ${{ secrets.ARTIFACTORY_USERNAME }}
	namespace-theq: ${{ secrets.LICENCE_PLATE_THEQ }}-tools
	namespace-theq-password: ${{ secrets.SA_PASSWORD_THEQ_TOOLS }}
	namespace-theq-username: ${{ secrets.SA_USERNAME }}
	namespace-qms: ${{ secrets.LICENCE_PLATE_QMS }}-tools
	namespace-qms-password: ${{ secrets.SA_PASSWORD_QMS_TOOLS }}
	namespace-qms-username: ${{ secrets.SA_USERNAME }}
	openshift-registry: ${{ secrets.OPENSHIFT_REGISTRY }}
	with:
	directory: appointment-frontend
	image-name: appointment-nginx-frontend
	image-tags: commit-${GITHUB_SHA::7} latest
	push-qms: ${{ github.repository_owner == 'bcgov' }}
	push-theq: ${{ github.repository_owner == 'bcgov' }}

	feedback-api:
	name: feedback-api
	needs: [appointment-frontend-cypress, queue-management-frontend-cypress]
	uses: ./.github/workflows/reusable-build-s2i.yaml
	secrets:
	namespace-theq: ${{ secrets.LICENCE_PLATE_THEQ }}-tools
	namespace-theq-password: ${{ secrets.SA_PASSWORD_THEQ_TOOLS }}
	namespace-theq-username: ${{ secrets.SA_USERNAME }}
	namespace-qms: ${{ secrets.LICENCE_PLATE_QMS }}-tools
	namespace-qms-password: ${{ secrets.SA_PASSWORD_QMS_TOOLS }}
	namespace-qms-username: ${{ secrets.SA_USERNAME }}
	openshift-registry: ${{ secrets.OPENSHIFT_REGISTRY }}
	with:
	directory: feedback-api
	image-name: feedback-api
	image-tags: commit-${GITHUB_SHA::7} latest
	push-qms: ${{ github.repository_owner == 'bcgov' }}
	push-theq: ${{ github.repository_owner == 'bcgov' }}

	notifications-api:
	name: notifications-api
	needs: [appointment-frontend-cypress, queue-management-frontend-cypress]
	uses: ./.github/workflows/reusable-build-s2i.yaml
	secrets:
	namespace-theq: ${{ secrets.LICENCE_PLATE_THEQ }}-tools
	namespace-theq-password: ${{ secrets.SA_PASSWORD_THEQ_TOOLS }}
	namespace-theq-username: ${{ secrets.SA_USERNAME }}
	namespace-qms: ${{ secrets.LICENCE_PLATE_QMS }}-tools
	namespace-qms-password: ${{ secrets.SA_PASSWORD_QMS_TOOLS }}
	namespace-qms-username: ${{ secrets.SA_USERNAME }}
	openshift-registry: ${{ secrets.OPENSHIFT_REGISTRY }}
	with:
	directory: notifications-api
	image-name: notifications-api
	image-tags: commit-${GITHUB_SHA::7} latest
	push-qms: ${{ github.repository_owner == 'bcgov' }}
	push-theq: ${{ github.repository_owner == 'bcgov' }}

	queue-management-api:
	name: queue-management-api
	needs: [appointment-frontend-cypress, queue-management-frontend-cypress]
	uses: ./.github/workflows/reusable-build-s2i.yaml
	secrets:
	artifactory-password: ${{ secrets.ARTIFACTORY_PASSWORD }}
	artifactory-registry: ${{ secrets.ARTIFACTORY_REGISTRY }}
	artifactory-username: ${{ secrets.ARTIFACTORY_USERNAME }}
	namespace-theq: ${{ secrets.LICENCE_PLATE_THEQ }}-tools
	namespace-theq-password: ${{ secrets.SA_PASSWORD_THEQ_TOOLS }}
	namespace-theq-username: ${{ secrets.SA_USERNAME }}
	namespace-qms: ${{ secrets.LICENCE_PLATE_QMS }}-tools
	namespace-qms-password: ${{ secrets.SA_PASSWORD_QMS_TOOLS }}
	namespace-qms-username: ${{ secrets.SA_USERNAME }}
	openshift-registry: ${{ secrets.OPENSHIFT_REGISTRY }}
	with:
	directory: api
	image-name: queue-management-api
	image-tags: commit-${GITHUB_SHA::7} latest
	push-qms: ${{ github.repository_owner == 'bcgov' }}
	push-theq: ${{ github.repository_owner == 'bcgov' }}

	queue-management-frontend:
	name: queue-management-frontend
	needs: [appointment-frontend-cypress, queue-management-frontend-cypress]
	uses: ./.github/workflows/reusable-build-dockerfile.yaml
	secrets:
	artifactory-password: ${{ secrets.ARTIFACTORY_PASSWORD }}
	artifactory-registry: ${{ secrets.ARTIFACTORY_REGISTRY }}
	artifactory-username: ${{ secrets.ARTIFACTORY_USERNAME }}
	namespace-theq: ${{ secrets.LICENCE_PLATE_THEQ }}-tools
	namespace-theq-password: ${{ secrets.SA_PASSWORD_THEQ_TOOLS }}
	namespace-theq-username: ${{ secrets.SA_USERNAME }}
	namespace-qms: ${{ secrets.LICENCE_PLATE_QMS }}-tools
	namespace-qms-password: ${{ secrets.SA_PASSWORD_QMS_TOOLS }}
	namespace-qms-username: ${{ secrets.SA_USERNAME }}
	openshift-registry: ${{ secrets.OPENSHIFT_REGISTRY }}
	with:
	directory: frontend
	image-name: queue-management-nginx-frontend
	image-tags: commit-${GITHUB_SHA::7} latest
	push-qms: ${{ github.repository_owner == 'bcgov' }}
	push-theq: ${{ github.repository_owner == 'bcgov' }}

	send-appointment-reminder-crond:
	name: send-appointment-reminder-crond
	needs: [appointment-frontend-cypress, queue-management-frontend-cypress]
	uses: ./.github/workflows/reusable-build-dockerfile.yaml
	secrets:
	artifactory-password: ${{ secrets.ARTIFACTORY_PASSWORD }}
	artifactory-registry: ${{ secrets.ARTIFACTORY_REGISTRY }}
	artifactory-username: ${{ secrets.ARTIFACTORY_USERNAME }}
	namespace-theq: ${{ secrets.LICENCE_PLATE_THEQ }}-tools
	namespace-theq-password: ${{ secrets.SA_PASSWORD_THEQ_TOOLS }}
	namespace-theq-username: ${{ secrets.SA_USERNAME }}
	namespace-qms: ${{ secrets.LICENCE_PLATE_QMS }}-tools
	namespace-qms-password: ${{ secrets.SA_PASSWORD_QMS_TOOLS }}
	namespace-qms-username: ${{ secrets.SA_USERNAME }}
	openshift-registry: ${{ secrets.OPENSHIFT_REGISTRY }}
	with:
	directory: jobs/appointment_reminder
	image-name: send-appointment-reminder-crond
	image-tags: commit-${GITHUB_SHA::7} latest
	push-qms: ${{ github.repository_owner == 'bcgov' }}
	push-theq: ${{ github.repository_owner == 'bcgov' }}

	##### DEPLOY THE Q ###########################################################

	approve-theq-dev:
	name: Approve Deploy to The Q Dev
	if: github.repository_owner == 'bcgov'
	needs: [appointment-frontend, feedback-api, notifications-api, queue-management-api, queue-management-frontend, send-appointment-reminder-crond]
	environment: The Q Dev
	runs-on: ubuntu-latest

	steps:
	- name: Deployment Approval
	run: echo Approved

	tag-theq-dev:
	name: Tag The Q Dev
	if: github.repository_owner == 'bcgov'
	needs: approve-theq-dev
	uses: ./.github/workflows/reusable-tag-image.yaml
	secrets:
	licence-plate: ${{ secrets.LICENCE_PLATE_THEQ }}
	openshift-api: ${{ secrets.OPENSHIFT_API }}
	token: ${{ secrets.SA_PASSWORD_THEQ_TOOLS }}
	with:
	image-names: appointment-nginx-frontend feedback-api notifications-api queue-management-api queue-management-nginx-frontend send-appointment-reminder-crond
	tag-from: commit-${GITHUB_SHA::7}
	tag-to: dev

	wait-for-rollouts:
	name: Wait for Rollouts
	if: github.repository_owner == 'bcgov'
	needs: tag-theq-dev
	uses: ./.github/workflows/reusable-wait-for-rollouts.yaml
	secrets:
	licence-plate: ${{ secrets.LICENCE_PLATE_THEQ }}
	openshift-api: ${{ secrets.OPENSHIFT_API }}
	token: ${{ secrets.SA_PASSWORD_THEQ_DEV }}
	with:
	image-names: appointment-nginx-frontend feedback-api notifications-api queue-management-api queue-management-nginx-frontend send-appointment-reminder-crond-dev
	tag-to: dev

	newman-theq:
	name: Newman Tests in The Q Dev
	needs: wait-for-rollouts
	runs-on: ubuntu-latest

	steps:
	- name: Check out
	uses: actions/checkout@v2

	- name: NPM Install
	run: \|
	cd api/postman
	npm install newman

	- name: Run Newman Tests
	run: \|
	cd api/postman
	node_modules/newman/bin/newman.js run API_Test_TheQ_Booking.json \
	-e postman_env.json \
	--delay-request 250 \
	--global-var 'auth_url=${{ vars.POSTMAN_AUTH_URL_DEV }}' \
	--global-var 'client_secret=${{ secrets.POSTMAN_CLIENT_SECRET_DEV }}' \
	--global-var 'clientid=${{ vars.POSTMAN_CLIENTID_DEV }}' \
	--global-var 'password=${{ secrets.POSTMAN_PASSWORD }}' \
	--global-var 'password_nonqtxn=${{ secrets.POSTMAN_PASSWORD_NONQTXN }}' \
	--global-var 'public_url=${{ vars.POSTMAN_PUBLIC_API_URL_THEQ_DEV }}' \
	--global-var 'public_user_id=${{ vars.POSTMAN_PUBLIC_USERID }}' \
	--global-var 'public_user_password=${{ secrets.POSTMAN_PASSWORD_PUBLIC_USER }}' \
	--global-var 'realm=${{ vars.POSTMAN_REALM }}' \
	--global-var 'url=${{ vars.POSTMAN_API_URL_THEQ_DEV }}' \
	--global-var 'userid=${{ vars.POSTMAN_USERID }}' \
	--global-var 'userid_nonqtxn=${{ vars.POSTMAN_USERID_NONQTXN }}'

	owasp-staff:
	name: OWASP ZAP Scan of Staff Frontend
	needs: wait-for-rollouts
	runs-on: ubuntu-latest

	steps:
	- name: OWASP ZAP Scan
	uses: zaproxy/[email protected]
	with:
	allow_issue_writing: false
	cmd_options: '-z "-config scanner.threadPerHost=20"'
	target: ${{ secrets.ZAP_STAFFURL_THEQ_DEV }}

	- name: Upload Report as Artifact
	uses: actions/upload-artifact@v3
	with:
	name: OWASP ZAP - Staff Front End Report
	path: report_html.html

	owasp-appointment:
	name: OWASP ZAP Scan of Appointment Frontend
	needs: wait-for-rollouts
	runs-on: ubuntu-latest

	steps:
	- name: OWASP ZAP Scan
	uses: zaproxy/[email protected]
	with:
	allow_issue_writing: false
	cmd_options: '-z "-config scanner.threadPerHost=20"'
	target: ${{ secrets.ZAP_APPTMNTURL_THEQ_DEV }}

	- name: Upload Report as Artifact
	uses: actions/upload-artifact@v3
	with:
	name: OWASP ZAP - Appointment Front End Report
	path: report_html.html

	approve-theq-test:
	name: Approve Deploy to The Q Test
	if: github.repository_owner == 'bcgov'
	needs: [newman-theq, owasp-staff, owasp-appointment]
	environment: The Q Test
	runs-on: ubuntu-latest

	steps:
	- name: Deployment Approval
	run: echo Approved

	tag-theq-test:
	name: Tag The Q Test
	if: github.repository_owner == 'bcgov'
	needs: approve-theq-test
	uses: ./.github/workflows/reusable-tag-image.yaml
	secrets:
	licence-plate: ${{ secrets.LICENCE_PLATE_THEQ }}
	openshift-api: ${{ secrets.OPENSHIFT_API }}
	token: ${{ secrets.SA_PASSWORD_THEQ_TOOLS }}
	with:
	image-names: appointment-nginx-frontend feedback-api notifications-api queue-management-api queue-management-nginx-frontend send-appointment-reminder-crond
	tag-from: commit-${GITHUB_SHA::7}
	tag-to: test

	approve-theq-prod:
	name: Approve Deploy to The Q Prod
	if: github.repository_owner == 'bcgov'
	needs: tag-theq-test
	environment: The Q Prod
	runs-on: ubuntu-latest

	steps:
	- name: Deployment Approval
	run: echo Approved

	tag-theq-stable:
	name: Tag The Q Stable
	if: github.repository_owner == 'bcgov'
	needs: approve-theq-prod
	uses: ./.github/workflows/reusable-tag-image.yaml
	secrets:
	licence-plate: ${{ secrets.LICENCE_PLATE_THEQ }}
	openshift-api: ${{ secrets.OPENSHIFT_API }}
	token: ${{ secrets.SA_PASSWORD_THEQ_TOOLS }}
	with:
	image-names: appointment-nginx-frontend feedback-api notifications-api queue-management-api queue-management-nginx-frontend send-appointment-reminder-crond
	tag-from: prod
	tag-to: stable

	tag-theq-prod:
	name: Tag The Q Prod
	if: github.repository_owner == 'bcgov'
	needs: tag-theq-stable
	uses: ./.github/workflows/reusable-tag-image.yaml
	secrets:
	licence-plate: ${{ secrets.LICENCE_PLATE_THEQ }}
	openshift-api: ${{ secrets.OPENSHIFT_API }}
	token: ${{ secrets.SA_PASSWORD_THEQ_TOOLS }}
	with:
	image-names: appointment-nginx-frontend feedback-api notifications-api queue-management-api queue-management-nginx-frontend send-appointment-reminder-crond
	tag-from: commit-${GITHUB_SHA::7}
	tag-to: prod

	##### DEPLOY QMS #############################################################

	approve-qms-dev:
	name: Approve Deploy to QMS Dev
	if: github.repository_owner == 'bcgov'
	needs: [appointment-frontend, feedback-api, notifications-api, queue-management-api, queue-management-frontend, send-appointment-reminder-crond]
	environment: QMS Dev
	runs-on: ubuntu-latest

	steps:
	- name: Deployment Approval
	run: echo Approved

	tag-qms-dev:
	name: Tag QMS Dev
	if: github.repository_owner == 'bcgov'
	needs: approve-qms-dev
	uses: ./.github/workflows/reusable-tag-image.yaml
	secrets:
	licence-plate: ${{ secrets.LICENCE_PLATE_QMS }}
	openshift-api: ${{ secrets.OPENSHIFT_API }}
	token: ${{ secrets.SA_PASSWORD_QMS_TOOLS }}
	with:
	image-names: appointment-nginx-frontend feedback-api notifications-api queue-management-api queue-management-nginx-frontend send-appointment-reminder-crond
	tag-from: commit-${GITHUB_SHA::7}
	tag-to: dev

	approve-qms-test:
	name: Approve Deploy to QMS Test
	if: github.repository_owner == 'bcgov'
	needs: tag-qms-dev
	environment: QMS Test
	runs-on: ubuntu-latest

	steps:
	- name: Deployment Approval
	run: echo Approved

	tag-qms-test:
	name: Tag QMS Test
	if: github.repository_owner == 'bcgov'
	needs: approve-qms-test
	uses: ./.github/workflows/reusable-tag-image.yaml
	secrets:
	licence-plate: ${{ secrets.LICENCE_PLATE_QMS }}
	openshift-api: ${{ secrets.OPENSHIFT_API }}
	token: ${{ secrets.SA_PASSWORD_QMS_TOOLS }}
	with:
	image-names: appointment-nginx-frontend feedback-api notifications-api queue-management-api queue-management-nginx-frontend send-appointment-reminder-crond
	tag-from: commit-${GITHUB_SHA::7}
	tag-to: test

	approve-qms-prod:
	name: Approve Deploy to QMS Prod
	if: github.repository_owner == 'bcgov'
	needs: tag-qms-test
	environment: QMS Prod
	runs-on: ubuntu-latest

	steps:
	- name: Deployment Approval
	run: echo Approved

	tag-qms-stable:
	name: Tag QMS Stable
	if: github.repository_owner == 'bcgov'
	needs: approve-qms-prod
	uses: ./.github/workflows/reusable-tag-image.yaml
	secrets:
	licence-plate: ${{ secrets.LICENCE_PLATE_QMS }}
	openshift-api: ${{ secrets.OPENSHIFT_API }}
	token: ${{ secrets.SA_PASSWORD_QMS_TOOLS }}
	with:
	image-names: appointment-nginx-frontend feedback-api notifications-api queue-management-api queue-management-nginx-frontend send-appointment-reminder-crond
	tag-from: prod
	tag-to: stable

	tag-qms-prod:
	name: Tag QMS Prod
	if: github.repository_owner == 'bcgov'
	needs: tag-qms-stable
	uses: ./.github/workflows/reusable-tag-image.yaml
	secrets:
	licence-plate: ${{ secrets.LICENCE_PLATE_QMS }}
	openshift-api: ${{ secrets.OPENSHIFT_API }}
	token: ${{ secrets.SA_PASSWORD_QMS_TOOLS }}
	with:
	image-names: appointment-nginx-frontend feedback-api notifications-api queue-management-api queue-management-nginx-frontend send-appointment-reminder-crond
	tag-from: commit-${GITHUB_SHA::7}
	tag-to: prod

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Main Deploy #66

Workflow file

Main Deploy #66

Jobs

Run details

Workflow file for this run