From e438c7b33d0d059525d52f6c42226ccef0857eab Mon Sep 17 00:00:00 2001 From: josekudiyirippil <70599126+josekudiyirippil@users.noreply.github.com> Date: Mon, 12 Aug 2024 14:55:23 -0700 Subject: [PATCH 01/24] Create main.yml --- .github/workflows/main.yml | 346 +++++++++++++++++++++++++++++++++++++ 1 file changed, 346 insertions(+) create mode 100644 .github/workflows/main.yml diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml new file mode 100644 index 000000000..549269401 --- /dev/null +++ b/.github/workflows/main.yml @@ -0,0 +1,346 @@ +name: Pull Request Deploy +on: + pull_request: + push: + workflow_dispatch: + inputs: + pr-number: + description: "Pull Request Number:" + type: string + required: true + namespace: + description: "Deploy To:" + type: choice + required: true + options: + - The Q Dev + - QMS Dev + - The Q Test + +jobs: + + ##### SETUP ################################################################## + + parse-inputs: + name: refs/pull/$${{ github.event.number }}/head to ${{ github.event.inputs.namespace }} + runs-on: ubuntu-latest + outputs: + environment: ${{ steps.parse.outputs.environment }} + image-tag: ${{ steps.parse.outputs.image-tag }} + push-qms: ${{ steps.parse.outputs.push-qms }} + push-theq: ${{ steps.parse.outputs.push-theq }} + ref: ${{ steps.parse.outputs.ref }} + + steps: + # Use the input values to create more coding-friendly values. + - name: Parse Inputs + id: parse + run: | + # Gets "dev" or "test". + ENVIRONMENT=$(echo ${{ github.event.inputs.namespace }} | \ + awk -F' ' '{print $NF}' | tr '[:upper:]' '[:lower:]') + echo ENVIRONMENT:$ENVIRONMENT + echo "environment=$ENVIRONMENT" >> $GITHUB_OUTPUT + + IMAGE_TAG=pr${{ github.event.inputs.pr-number }} + echo IMAGE_TAG:$IMAGE_TAG + echo "image-tag=$IMAGE_TAG" >> $GITHUB_OUTPUT + + if [ $GITHUB_REPOSITORY_OWNER != "bcgov" ]; then + # Never push in forks - useful and safer for development. + PUSH_QMS=false + PUSH_THEQ=false + elif [[ "${{ github.event.inputs.namespace }}" == QMS* ]]; then + PUSH_QMS=true + PUSH_THEQ=false + else + PUSH_QMS=false + PUSH_THEQ=true + fi + + echo PUSH_QMS:$PUSH_QMS + echo "push-qms=$PUSH_QMS" >> $GITHUB_OUTPUT + + echo PUSH_THEQ:$PUSH_THEQ + echo "push-theq=$PUSH_THEQ" >> $GITHUB_OUTPUT + + REF=refs/pull/${{ github.event.inputs.pr-number }}/head + echo REF:$REF + echo "ref=$REF" >> $GITHUB_OUTPUT + + + ##### TEST ################################################################### + + appointment-frontend-cypress: + name: Appointment Frontend Cypress + needs: parse-inputs + uses: ./.github/workflows/tyu-reusable-appointment-frontend-cypress.yaml + secrets: + bceid-endpoint: ${{ secrets.CYPRESS_BCEID_ENDPOINT }} + bceid-password: ${{ secrets.CYPRESS_BCEID_PASSWORD }} + bceid-username: ${{ secrets.CYPRESS_BCEID_USERNAME }} + cypress-project-id: ${{ secrets.CYPRESS_PROJECT_ID }} + cypress-record-key: ${{ secrets.CYPRESS_RECORD_KEY }} + keycloak-auth-url: ${{ secrets.KEYCLOAK_AUTH_URL_DEV }}/auth/ + keycloak-client: ${{ secrets.KEYCLOAK_APPOINTMENTS_FRONTEND_CLIENT }} + keycloak-realm: ${{ secrets.KEYCLOAK_REALM }} + with: + ref: ${{ needs.parse-inputs.outputs.ref }} + + ##### BUILD ################################################################## + + appointment-frontend: + name: appointment-frontend + needs: [parse-inputs, appointment-frontend-cypress] + uses: ./.github/workflows/reusable-build-dockerfile.yaml + secrets: + artifactory-password: ${{ secrets.ARTIFACTORY_PASSWORD }} + artifactory-registry: ${{ secrets.ARTIFACTORY_REGISTRY }} + artifactory-username: ${{ secrets.ARTIFACTORY_USERNAME }} + namespace-theq: ${{ secrets.LICENCE_PLATE_THEQ }}-tools + namespace-theq-password: ${{ secrets.SA_PASSWORD_THEQ_TOOLS }} + namespace-theq-username: ${{ secrets.SA_USERNAME }} + namespace-qms: ${{ secrets.LICENCE_PLATE_QMS }}-tools + namespace-qms-password: ${{ secrets.SA_PASSWORD_QMS_TOOLS }} + namespace-qms-username: ${{ secrets.SA_USERNAME }} + openshift-registry: ${{ secrets.OPENSHIFT_REGISTRY }} + with: + ref: ${{ needs.parse-inputs.outputs.ref }} + directory: appointment-frontend + image-name: appointment-nginx-frontend + image-tags: ${{ needs.parse-inputs.outputs.image-tag }} + push-qms: ${{ needs.parse-inputs.outputs.push-qms == 'true' }} + push-theq: ${{ needs.parse-inputs.outputs.push-theq == 'true' }} + + feedback-api: + name: feedback-api + needs: [parse-inputs, appointment-frontend-cypress] + uses: ./.github/workflows/reusable-build-s2i.yaml + secrets: + namespace-theq: ${{ secrets.LICENCE_PLATE_THEQ }}-tools + namespace-theq-password: ${{ secrets.SA_PASSWORD_THEQ_TOOLS }} + namespace-theq-username: ${{ secrets.SA_USERNAME }} + namespace-qms: ${{ secrets.LICENCE_PLATE_QMS }}-tools + namespace-qms-password: ${{ secrets.SA_PASSWORD_QMS_TOOLS }} + namespace-qms-username: ${{ secrets.SA_USERNAME }} + openshift-registry: ${{ secrets.OPENSHIFT_REGISTRY }} + with: + ref: ${{ needs.parse-inputs.outputs.ref }} + directory: feedback-api + image-name: feedback-api + image-tags: ${{ needs.parse-inputs.outputs.image-tag }} + push-qms: ${{ needs.parse-inputs.outputs.push-qms == 'true' }} + push-theq: ${{ needs.parse-inputs.outputs.push-theq == 'true' }} + + notifications-api: + name: notifications-api + needs: [parse-inputs, appointment-frontend-cypress] + uses: ./.github/workflows/reusable-build-s2i.yaml + secrets: + namespace-theq: ${{ secrets.LICENCE_PLATE_THEQ }}-tools + namespace-theq-password: ${{ secrets.SA_PASSWORD_THEQ_TOOLS }} + namespace-theq-username: ${{ secrets.SA_USERNAME }} + namespace-qms: ${{ secrets.LICENCE_PLATE_QMS }}-tools + namespace-qms-password: ${{ secrets.SA_PASSWORD_QMS_TOOLS }} + namespace-qms-username: ${{ secrets.SA_USERNAME }} + openshift-registry: ${{ secrets.OPENSHIFT_REGISTRY }} + with: + ref: ${{ needs.parse-inputs.outputs.ref }} + directory: notifications-api + image-name: notifications-api + image-tags: ${{ needs.parse-inputs.outputs.image-tag }} + push-qms: ${{ needs.parse-inputs.outputs.push-qms == 'true' }} + push-theq: ${{ needs.parse-inputs.outputs.push-theq == 'true' }} + + queue-management-api: + name: queue-management-api + needs: [parse-inputs, appointment-frontend-cypress] + uses: ./.github/workflows/reusable-build-s2i.yaml + secrets: + artifactory-password: ${{ secrets.ARTIFACTORY_PASSWORD }} + artifactory-registry: ${{ secrets.ARTIFACTORY_REGISTRY }} + artifactory-username: ${{ secrets.ARTIFACTORY_USERNAME }} + namespace-theq: ${{ secrets.LICENCE_PLATE_THEQ }}-tools + namespace-theq-password: ${{ secrets.SA_PASSWORD_THEQ_TOOLS }} + namespace-theq-username: ${{ secrets.SA_USERNAME }} + namespace-qms: ${{ secrets.LICENCE_PLATE_QMS }}-tools + namespace-qms-password: ${{ secrets.SA_PASSWORD_QMS_TOOLS }} + namespace-qms-username: ${{ secrets.SA_USERNAME }} + openshift-registry: ${{ secrets.OPENSHIFT_REGISTRY }} + with: + ref: ${{ needs.parse-inputs.outputs.ref }} + directory: api + image-name: queue-management-api + image-tags: ${{ needs.parse-inputs.outputs.image-tag }} + push-qms: ${{ needs.parse-inputs.outputs.push-qms == 'true' }} + push-theq: ${{ needs.parse-inputs.outputs.push-theq == 'true' }} + + queue-management-frontend: + name: queue-management-frontend + needs: [parse-inputs, appointment-frontend-cypress] + uses: ./.github/workflows/reusable-build-dockerfile.yaml + secrets: + artifactory-password: ${{ secrets.ARTIFACTORY_PASSWORD }} + artifactory-registry: ${{ secrets.ARTIFACTORY_REGISTRY }} + artifactory-username: ${{ secrets.ARTIFACTORY_USERNAME }} + namespace-theq: ${{ secrets.LICENCE_PLATE_THEQ }}-tools + namespace-theq-password: ${{ secrets.SA_PASSWORD_THEQ_TOOLS }} + namespace-theq-username: ${{ secrets.SA_USERNAME }} + namespace-qms: ${{ secrets.LICENCE_PLATE_QMS }}-tools + namespace-qms-password: ${{ secrets.SA_PASSWORD_QMS_TOOLS }} + namespace-qms-username: ${{ secrets.SA_USERNAME }} + openshift-registry: ${{ secrets.OPENSHIFT_REGISTRY }} + with: + ref: ${{ needs.parse-inputs.outputs.ref }} + directory: frontend + image-name: queue-management-nginx-frontend + image-tags: ${{ needs.parse-inputs.outputs.image-tag }} + push-qms: ${{ needs.parse-inputs.outputs.push-qms == 'true' }} + push-theq: ${{ needs.parse-inputs.outputs.push-theq == 'true' }} + + send-appointment-reminder-crond: + name: send-appointment-reminder-crond + needs: [parse-inputs, appointment-frontend-cypress] + uses: ./.github/workflows/reusable-build-dockerfile.yaml + secrets: + artifactory-password: ${{ secrets.ARTIFACTORY_PASSWORD }} + artifactory-registry: ${{ secrets.ARTIFACTORY_REGISTRY }} + artifactory-username: ${{ secrets.ARTIFACTORY_USERNAME }} + namespace-theq: ${{ secrets.LICENCE_PLATE_THEQ }}-tools + namespace-theq-password: ${{ secrets.SA_PASSWORD_THEQ_TOOLS }} + namespace-theq-username: ${{ secrets.SA_USERNAME }} + namespace-qms: ${{ secrets.LICENCE_PLATE_QMS }}-tools + namespace-qms-password: ${{ secrets.SA_PASSWORD_QMS_TOOLS }} + namespace-qms-username: ${{ secrets.SA_USERNAME }} + openshift-registry: ${{ secrets.OPENSHIFT_REGISTRY }} + with: + ref: ${{ needs.parse-inputs.outputs.ref }} + directory: jobs/appointment_reminder + image-name: send-appointment-reminder-crond + image-tags: ${{ needs.parse-inputs.outputs.image-tag }} + push-qms: ${{ needs.parse-inputs.outputs.push-qms == 'true' }} + push-theq: ${{ needs.parse-inputs.outputs.push-theq == 'true' }} + + ##### DEPLOY ################################################################# + + tag: + name: Tag + if: github.repository_owner == 'bcgov' + needs: [parse-inputs, appointment-frontend, feedback-api, notifications-api, queue-management-api, queue-management-frontend, send-appointment-reminder-crond] + uses: ./.github/workflows/reusable-tag-image.yaml + secrets: + licence-plate: ${{ needs.parse-inputs.outputs.push-qms == 'true' && secrets.LICENCE_PLATE_QMS || secrets.LICENCE_PLATE_THEQ }} + openshift-api: ${{ secrets.OPENSHIFT_API }} + token: ${{ needs.parse-inputs.outputs.push-qms == 'true' && secrets.SA_PASSWORD_QMS_TOOLS || secrets.SA_PASSWORD_THEQ_TOOLS }} + with: + image-names: appointment-nginx-frontend feedback-api notifications-api queue-management-api queue-management-nginx-frontend send-appointment-reminder-crond + tag-from: ${{ needs.parse-inputs.outputs.image-tag }} + tag-to: ${{ needs.parse-inputs.outputs.environment }} + + wait-for-rollouts: + name: Wait for Rollouts + if: github.repository_owner == 'bcgov' + needs: [parse-inputs, tag] + uses: ./.github/workflows/reusable-wait-for-rollouts.yaml + secrets: + licence-plate: ${{ needs.parse-inputs.outputs.push-qms == 'true' && secrets.LICENCE_PLATE_QMS || secrets.LICENCE_PLATE_THEQ }} + openshift-api: ${{ secrets.OPENSHIFT_API }} + token: ${{ needs.parse-inputs.outputs.push-qms == 'true' && secrets.SA_PASSWORD_QMS_DEV || ( needs.parse-inputs.outputs.environment == 'dev' && secrets.SA_PASSWORD_THEQ_DEV || secrets.SA_PASSWORD_THEQ_TEST ) }} + with: + image-names: appointment-nginx-frontend feedback-api notifications-api queue-management-api queue-management-nginx-frontend send-appointment-reminder-crond-${{ needs.parse-inputs.outputs.environment }} + tag-to: ${{ needs.parse-inputs.outputs.environment }} + + ##### TEST ################################################################### + + # Only run Newman for The Q dev - other environments will fail due to data. + newman-theq-dev: + name: Newman Tests + if: github.event.inputs.namespace == 'The Q Dev' + needs: [parse-inputs, wait-for-rollouts] + runs-on: ubuntu-latest + + steps: + - name: Check out + uses: actions/checkout@v2 + + - name: NPM Install + run: | + cd api/postman + npm install newman + + - name: Run Newman Tests + run: | + cd api/postman + node_modules/newman/bin/newman.js run API_Test_TheQ_Booking.json \ + -e postman_env.json \ + --delay-request 250 \ + --global-var 'auth_url=${{ vars.POSTMAN_AUTH_URL_DEV }}' \ + --global-var 'client_secret=${{ secrets.POSTMAN_CLIENT_SECRET_DEV }}' \ + --global-var 'clientid=${{ vars.POSTMAN_CLIENTID_DEV }}' \ + --global-var 'password=${{ secrets.POSTMAN_PASSWORD }}' \ + --global-var 'password_nonqtxn=${{ secrets.POSTMAN_PASSWORD_NONQTXN }}' \ + --global-var 'public_url=${{ vars.POSTMAN_PUBLIC_API_URL_THEQ_DEV }}' \ + --global-var 'public_user_id=${{ vars.POSTMAN_PUBLIC_USERID }}' \ + --global-var 'public_user_password=${{ secrets.POSTMAN_PASSWORD_PUBLIC_USER }}' \ + --global-var 'realm=${{ vars.POSTMAN_REALM }}' \ + --global-var 'url=${{ vars.POSTMAN_API_URL_THEQ_DEV }}' \ + --global-var 'userid=${{ vars.POSTMAN_USERID }}' \ + --global-var 'userid_nonqtxn=${{ vars.POSTMAN_USERID_NONQTXN }}' + + owasp-staff: + name: OWASP ZAP Scan of Staff Frontend + needs: [parse-inputs, wait-for-rollouts] + runs-on: ubuntu-latest + + steps: + - name: Get Parameters + run: | + if [ ${{ needs.parse-inputs.outputs.push-qms }} == true ]; then + echo "ZAP_URL=${{ secrets.ZAP_STAFFURL_QMS_DEV }}" >> $GITHUB_ENV + elif [ ${{ needs.parse-inputs.outputs.environment }} == dev ]; then + echo "ZAP_URL=${{ secrets.ZAP_STAFFURL_THEQ_DEV }}" >> $GITHUB_ENV + else + echo "ZAP_URL=${{ secrets.ZAP_STAFFURL_THEQ_TEST }}" >> $GITHUB_ENV + fi + + - name: OWASP ZAP Scan + uses: zaproxy/action-full-scan@v0.10.0 + with: + allow_issue_writing: false + cmd_options: '-z "-config scanner.threadPerHost=20"' + target: ${{ env.ZAP_URL }} + + - name: Upload Report as Artifact + uses: actions/upload-artifact@v3 + with: + name: OWASP ZAP - Staff Front End Report + path: report_html.html + + owasp-appointment: + name: OWASP ZAP Scan of Appointment Frontend + needs: [parse-inputs, wait-for-rollouts] + runs-on: ubuntu-latest + + steps: + - name: Get Parameters + run: | + if [ ${{ needs.parse-inputs.outputs.push-qms }} == true ]; then + echo "ZAP_URL=${{ secrets.ZAP_APPTMNTURL_QMS_DEV }}" >> $GITHUB_ENV + elif [ ${{ needs.parse-inputs.outputs.environment }} == dev ]; then + echo "ZAP_URL=${{ secrets.ZAP_APPTMNTURL_THEQ_DEV }}" >> $GITHUB_ENV + else + echo "ZAP_URL=${{ secrets.ZAP_APPTMNTURL_THEQ_TEST }}" >> $GITHUB_ENV + fi + + - name: OWASP ZAP Scan + uses: zaproxy/action-full-scan@v0.10.0 + with: + allow_issue_writing: false + cmd_options: '-z "-config scanner.threadPerHost=20"' + target: ${{ env.ZAP_URL }} + + - name: Upload Report as Artifact + uses: actions/upload-artifact@v3 + with: + name: OWASP ZAP - Appointment Front End Report + path: report_html.html From 445d07d6e18d0c44a479454f2eefce92a4cf7f4b Mon Sep 17 00:00:00 2001 From: josekudiyirippil <70599126+josekudiyirippil@users.noreply.github.com> Date: Mon, 12 Aug 2024 14:56:09 -0700 Subject: [PATCH 02/24] Update main.yml --- .github/workflows/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 549269401..174e0168b 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -1,4 +1,4 @@ -name: Pull Request Deploy +name: Pull Request Deploy auto on: pull_request: push: From ae8d838abe1b5011e7259b3b2d1f2781cdef9947 Mon Sep 17 00:00:00 2001 From: josekudiyirippil <70599126+josekudiyirippil@users.noreply.github.com> Date: Mon, 12 Aug 2024 15:17:34 -0700 Subject: [PATCH 03/24] Update main.yml --- .github/workflows/main.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 174e0168b..170669ff5 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -20,10 +20,12 @@ on: jobs: ##### SETUP ################################################################## - - parse-inputs: + + parse-inputs: name: refs/pull/$${{ github.event.number }}/head to ${{ github.event.inputs.namespace }} runs-on: ubuntu-latest + env: + PR_NUMBER: ${{ github.event.number }} outputs: environment: ${{ steps.parse.outputs.environment }} image-tag: ${{ steps.parse.outputs.image-tag }} From d938cf6b03b0478c6633e8cfa6aac25edc0bc892 Mon Sep 17 00:00:00 2001 From: josekudiyirippil <70599126+josekudiyirippil@users.noreply.github.com> Date: Mon, 12 Aug 2024 15:19:45 -0700 Subject: [PATCH 04/24] Update main.yml --- .github/workflows/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 170669ff5..920ccf71d 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -73,7 +73,7 @@ jobs: ##### TEST ################################################################### - appointment-frontend-cypress: +appointment-frontend-cypress: name: Appointment Frontend Cypress needs: parse-inputs uses: ./.github/workflows/tyu-reusable-appointment-frontend-cypress.yaml From 22ae120373370e6cbb392cb2dee7699e4d936b2d Mon Sep 17 00:00:00 2001 From: josekudiyirippil <70599126+josekudiyirippil@users.noreply.github.com> Date: Mon, 12 Aug 2024 15:25:02 -0700 Subject: [PATCH 05/24] Update main.yml --- .github/workflows/main.yml | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 920ccf71d..2ba5313c8 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -1,4 +1,4 @@ -name: Pull Request Deploy auto +name: Pull Request Deploy on: pull_request: push: @@ -19,13 +19,14 @@ on: jobs: + ##### SETUP ################################################################## - - parse-inputs: - name: refs/pull/$${{ github.event.number }}/head to ${{ github.event.inputs.namespace }} + + parse-inputs: + name: refs/pull/${{ github.event.inputs.pr-number }}/head to ${{ github.event.inputs.namespace }} + env: + prnumber: ${{ github.event.inputs.pr-number }} runs-on: ubuntu-latest - env: - PR_NUMBER: ${{ github.event.number }} outputs: environment: ${{ steps.parse.outputs.environment }} image-tag: ${{ steps.parse.outputs.image-tag }} @@ -73,7 +74,7 @@ jobs: ##### TEST ################################################################### -appointment-frontend-cypress: + appointment-frontend-cypress: name: Appointment Frontend Cypress needs: parse-inputs uses: ./.github/workflows/tyu-reusable-appointment-frontend-cypress.yaml From c9f266b25a75ceb0245b1c9511e5c0d91c5e691d Mon Sep 17 00:00:00 2001 From: josekudiyirippil <70599126+josekudiyirippil@users.noreply.github.com> Date: Mon, 12 Aug 2024 15:27:22 -0700 Subject: [PATCH 06/24] Update main.yml --- .github/workflows/main.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 2ba5313c8..a2bb8d79b 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -24,11 +24,9 @@ jobs: parse-inputs: name: refs/pull/${{ github.event.inputs.pr-number }}/head to ${{ github.event.inputs.namespace }} - env: - prnumber: ${{ github.event.inputs.pr-number }} runs-on: ubuntu-latest outputs: - environment: ${{ steps.parse.outputs.environment }} + environment: ${{ github.event.inputs.pr-number }} image-tag: ${{ steps.parse.outputs.image-tag }} push-qms: ${{ steps.parse.outputs.push-qms }} push-theq: ${{ steps.parse.outputs.push-theq }} From 9512a8fb972211c7feddaed3f894feaa10f95221 Mon Sep 17 00:00:00 2001 From: josekudiyirippil <70599126+josekudiyirippil@users.noreply.github.com> Date: Mon, 12 Aug 2024 15:28:47 -0700 Subject: [PATCH 07/24] Update main.yml --- .github/workflows/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index a2bb8d79b..521b32d08 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -1,4 +1,4 @@ -name: Pull Request Deploy +name: Pull Request Deployauto on: pull_request: push: @@ -28,7 +28,7 @@ jobs: outputs: environment: ${{ github.event.inputs.pr-number }} image-tag: ${{ steps.parse.outputs.image-tag }} - push-qms: ${{ steps.parse.outputs.push-qms }} + push-qms: ${{ github.event.number }} push-theq: ${{ steps.parse.outputs.push-theq }} ref: ${{ steps.parse.outputs.ref }} From 26f16a5086cc1ad70bc46068414a84ba8ff0abee Mon Sep 17 00:00:00 2001 From: josekudiyirippil <70599126+josekudiyirippil@users.noreply.github.com> Date: Mon, 12 Aug 2024 15:32:09 -0700 Subject: [PATCH 08/24] Update main.yml --- .github/workflows/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 521b32d08..917ddbb7d 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -22,7 +22,7 @@ jobs: ##### SETUP ################################################################## - parse-inputs: + parse-inpuuts: name: refs/pull/${{ github.event.inputs.pr-number }}/head to ${{ github.event.inputs.namespace }} runs-on: ubuntu-latest outputs: From 76bfe4cb315d57288602c9bee8470dba612de248 Mon Sep 17 00:00:00 2001 From: josekudiyirippil <70599126+josekudiyirippil@users.noreply.github.com> Date: Mon, 12 Aug 2024 15:32:52 -0700 Subject: [PATCH 09/24] Update main.yml --- .github/workflows/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 917ddbb7d..fb419667b 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -22,13 +22,13 @@ jobs: ##### SETUP ################################################################## - parse-inpuuts: + parse-inputs: name: refs/pull/${{ github.event.inputs.pr-number }}/head to ${{ github.event.inputs.namespace }} runs-on: ubuntu-latest outputs: environment: ${{ github.event.inputs.pr-number }} image-tag: ${{ steps.parse.outputs.image-tag }} - push-qms: ${{ github.event.number }} + push-qmsssssss: ${{ github.event.number }} push-theq: ${{ steps.parse.outputs.push-theq }} ref: ${{ steps.parse.outputs.ref }} From 4f65512973497a18793e8a2b577bf82983b80ee2 Mon Sep 17 00:00:00 2001 From: josekudiyirippil <70599126+josekudiyirippil@users.noreply.github.com> Date: Mon, 12 Aug 2024 15:34:13 -0700 Subject: [PATCH 10/24] Update main.yml --- .github/workflows/main.yml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index fb419667b..16a23c22e 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -1,4 +1,4 @@ -name: Pull Request Deployauto +name: Pull Request Deploy on: pull_request: push: @@ -19,16 +19,15 @@ on: jobs: - ##### SETUP ################################################################## parse-inputs: name: refs/pull/${{ github.event.inputs.pr-number }}/head to ${{ github.event.inputs.namespace }} runs-on: ubuntu-latest outputs: - environment: ${{ github.event.inputs.pr-number }} + environment: ${{ steps.parse.outputs.environment }} image-tag: ${{ steps.parse.outputs.image-tag }} - push-qmsssssss: ${{ github.event.number }} + push-qmssssss: ${{ steps.parse.outputs.push-qms }} push-theq: ${{ steps.parse.outputs.push-theq }} ref: ${{ steps.parse.outputs.ref }} From e81494fad1abce132eea73ae260131d812b67fb8 Mon Sep 17 00:00:00 2001 From: josekudiyirippil <70599126+josekudiyirippil@users.noreply.github.com> Date: Mon, 12 Aug 2024 15:36:05 -0700 Subject: [PATCH 11/24] Update main.yml --- .github/workflows/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 16a23c22e..cc9d70c26 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -27,7 +27,7 @@ jobs: outputs: environment: ${{ steps.parse.outputs.environment }} image-tag: ${{ steps.parse.outputs.image-tag }} - push-qmssssss: ${{ steps.parse.outputs.push-qms }} + push-qms: ${{ steps.parse.outputs.push-qms }} push-theq: ${{ steps.parse.outputs.push-theq }} ref: ${{ steps.parse.outputs.ref }} @@ -42,7 +42,7 @@ jobs: echo ENVIRONMENT:$ENVIRONMENT echo "environment=$ENVIRONMENT" >> $GITHUB_OUTPUT - IMAGE_TAG=pr${{ github.event.inputs.pr-number }} + IMAGE_TAG=pr${{ github.event.number }} echo IMAGE_TAG:$IMAGE_TAG echo "image-tag=$IMAGE_TAG" >> $GITHUB_OUTPUT From fc9a304bf361ebed84b59ecc44684c422c87f948 Mon Sep 17 00:00:00 2001 From: josekudiyirippil <70599126+josekudiyirippil@users.noreply.github.com> Date: Mon, 12 Aug 2024 15:38:01 -0700 Subject: [PATCH 12/24] Update main.yml --- .github/workflows/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index cc9d70c26..54eef4971 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -42,7 +42,7 @@ jobs: echo ENVIRONMENT:$ENVIRONMENT echo "environment=$ENVIRONMENT" >> $GITHUB_OUTPUT - IMAGE_TAG=pr${{ github.event.number }} + IMAGE_TAG=${{ github.event.pull_request.number }} echo IMAGE_TAG:$IMAGE_TAG echo "image-tag=$IMAGE_TAG" >> $GITHUB_OUTPUT From 72eb66a7fcfa5f959b3794f4806ec6bc0fedd311 Mon Sep 17 00:00:00 2001 From: josekudiyirippil <70599126+josekudiyirippil@users.noreply.github.com> Date: Mon, 12 Aug 2024 15:55:38 -0700 Subject: [PATCH 13/24] Update main.yml --- .github/workflows/main.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 54eef4971..0c6b7c6e6 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -32,6 +32,9 @@ jobs: ref: ${{ steps.parse.outputs.ref }} steps: + - name: Checkout repository + uses: actions/checkout@v2 + # Use the input values to create more coding-friendly values. - name: Parse Inputs id: parse From dec2f7f369e5b37d5b67ce42a707121442a7e04d Mon Sep 17 00:00:00 2001 From: josekudiyirippil <70599126+josekudiyirippil@users.noreply.github.com> Date: Mon, 12 Aug 2024 16:07:23 -0700 Subject: [PATCH 14/24] Update main.yml --- .github/workflows/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 0c6b7c6e6..349cfd2e0 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -22,7 +22,7 @@ jobs: ##### SETUP ################################################################## parse-inputs: - name: refs/pull/${{ github.event.inputs.pr-number }}/head to ${{ github.event.inputs.namespace }} + name: refs/pull/${{ github.event.pull_request.number }}/head to ${{ github.event.inputs.namespace }} runs-on: ubuntu-latest outputs: environment: ${{ steps.parse.outputs.environment }} From eeb93f7f5c3aed61f4201e608c71a5f860c32b44 Mon Sep 17 00:00:00 2001 From: josekudiyirippil <70599126+josekudiyirippil@users.noreply.github.com> Date: Mon, 12 Aug 2024 16:14:37 -0700 Subject: [PATCH 15/24] Update main.yml --- .github/workflows/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 349cfd2e0..146280518 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -67,7 +67,7 @@ jobs: echo PUSH_THEQ:$PUSH_THEQ echo "push-theq=$PUSH_THEQ" >> $GITHUB_OUTPUT - REF=refs/pull/${{ github.event.inputs.pr-number }}/head + REF=refs/pull/${{ github.event.pull_request.number }}/head echo REF:$REF echo "ref=$REF" >> $GITHUB_OUTPUT From 76819eb07ac487c2f214d03914555880853bea81 Mon Sep 17 00:00:00 2001 From: Rajandeep98 Date: Mon, 26 Aug 2024 10:17:18 -0700 Subject: [PATCH 16/24] SBCQ180_Sonar_Reliability --- appointment-frontend/cypress/plugins/index.ts | 8 +++++++- appointment-frontend/package-lock.json | 4 ++-- appointment-frontend/package.json | 2 +- 3 files changed, 10 insertions(+), 4 deletions(-) diff --git a/appointment-frontend/cypress/plugins/index.ts b/appointment-frontend/cypress/plugins/index.ts index fa26fb19f..06ade5f25 100644 --- a/appointment-frontend/cypress/plugins/index.ts +++ b/appointment-frontend/cypress/plugins/index.ts @@ -24,6 +24,8 @@ export default (on: any, config: any) => { bceidLogin({ url, username, password }) { return (async () => { let bceidLogin: BceidLogin | null = null; + const maxRetries = 3; + let attempt = 0; while (true) { try { bceidLogin = new BceidLogin() @@ -35,6 +37,7 @@ export default (on: any, config: any) => { return sessionItems } catch (exception) { + attempt++; console.error('Login attempt failed:', exception); if (bceidLogin) { try { @@ -43,7 +46,10 @@ export default (on: any, config: any) => { console.error('Failed to close the browser:', closeError); } } - throw exception; + if (attempt >= maxRetries) { + console.error('Max login attempts reached. Aborting.'); + throw exception; + } } } })() diff --git a/appointment-frontend/package-lock.json b/appointment-frontend/package-lock.json index b42761ae4..9f1f75b12 100644 --- a/appointment-frontend/package-lock.json +++ b/appointment-frontend/package-lock.json @@ -1,12 +1,12 @@ { "name": "sbcappointmentbooking", - "version": "2.1.5", + "version": "2.1.6", "lockfileVersion": 2, "requires": true, "packages": { "": { "name": "sbcappointmentbooking", - "version": "2.1.5", + "version": "2.1.6", "hasInstallScript": true, "dependencies": { "vuex-class": "^0.3.2", diff --git a/appointment-frontend/package.json b/appointment-frontend/package.json index 2227e7ed9..747e3171b 100644 --- a/appointment-frontend/package.json +++ b/appointment-frontend/package.json @@ -1,6 +1,6 @@ { "name": "sbcappointmentbooking", - "version": "2.1.5", + "version": "2.1.6", "private": true, "scripts": { "serve": "vue-cli-service serve", From 24db01546d4e569f50560885d4713aba6a4bace0 Mon Sep 17 00:00:00 2001 From: Rajandeep98 Date: Mon, 26 Aug 2024 15:04:00 -0700 Subject: [PATCH 17/24] while condition updated --- appointment-frontend/cypress/plugins/index.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/appointment-frontend/cypress/plugins/index.ts b/appointment-frontend/cypress/plugins/index.ts index 06ade5f25..718942331 100644 --- a/appointment-frontend/cypress/plugins/index.ts +++ b/appointment-frontend/cypress/plugins/index.ts @@ -26,7 +26,7 @@ export default (on: any, config: any) => { let bceidLogin: BceidLogin | null = null; const maxRetries = 3; let attempt = 0; - while (true) { + while (attempt < maxRetries) { try { bceidLogin = new BceidLogin() await bceidLogin.init() From c41284c895ede834dc238bbc0dc806578fcd7142 Mon Sep 17 00:00:00 2001 From: Rajandeep98 Date: Thu, 5 Sep 2024 09:11:15 -0700 Subject: [PATCH 18/24] arranged function --- appointment-frontend/cypress/plugins/index.ts | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/appointment-frontend/cypress/plugins/index.ts b/appointment-frontend/cypress/plugins/index.ts index 718942331..89b9a8132 100644 --- a/appointment-frontend/cypress/plugins/index.ts +++ b/appointment-frontend/cypress/plugins/index.ts @@ -24,9 +24,7 @@ export default (on: any, config: any) => { bceidLogin({ url, username, password }) { return (async () => { let bceidLogin: BceidLogin | null = null; - const maxRetries = 3; - let attempt = 0; - while (attempt < maxRetries) { + try { bceidLogin = new BceidLogin() await bceidLogin.init() @@ -37,7 +35,6 @@ export default (on: any, config: any) => { return sessionItems } catch (exception) { - attempt++; console.error('Login attempt failed:', exception); if (bceidLogin) { try { @@ -45,13 +42,10 @@ export default (on: any, config: any) => { } catch (closeError) { console.error('Failed to close the browser:', closeError); } - } - if (attempt >= maxRetries) { - console.error('Max login attempts reached. Aborting.'); throw exception; } } - } + })() } }) From 21c7d9430f4797f9dd718f505ee2966107aa448f Mon Sep 17 00:00:00 2001 From: Rajandeep98 Date: Thu, 5 Sep 2024 09:18:08 -0700 Subject: [PATCH 19/24] rethrow after closing the browser --- appointment-frontend/cypress/plugins/index.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/appointment-frontend/cypress/plugins/index.ts b/appointment-frontend/cypress/plugins/index.ts index 89b9a8132..64715d05e 100644 --- a/appointment-frontend/cypress/plugins/index.ts +++ b/appointment-frontend/cypress/plugins/index.ts @@ -42,8 +42,8 @@ export default (on: any, config: any) => { } catch (closeError) { console.error('Failed to close the browser:', closeError); } - throw exception; } + throw exception; } })() From 3e3a235ed07dbd10a370c310e424b22b4d86eaa5 Mon Sep 17 00:00:00 2001 From: Midhun Jisha Manoj Date: Thu, 12 Sep 2024 21:46:43 +0000 Subject: [PATCH 20/24] Fixed BCEID login failure --- appointment-frontend/cypress/plugins/bceidLogin.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/appointment-frontend/cypress/plugins/bceidLogin.ts b/appointment-frontend/cypress/plugins/bceidLogin.ts index 21900d63c..af3aa57cd 100644 --- a/appointment-frontend/cypress/plugins/bceidLogin.ts +++ b/appointment-frontend/cypress/plugins/bceidLogin.ts @@ -67,7 +67,7 @@ class BceidLogin { await this.page.type(BceidLogin.SELECTOR_BCEID_INPUT_USER_ID, username) await this.page.type(BceidLogin.SELECTOR_BCEID_INPUT_PASSWORD, password) await this.page.click(BceidLogin.SELECTOR_BCEID_BUTTON_SUBMIT) - + await this.page.waitForTimeout(3000) await this.page.waitForNavigation({ waitUntil: 'networkidle2' }) } From 38e7510803f55e4f2dc608b72737f4501f343e2a Mon Sep 17 00:00:00 2001 From: josekudiyirippil Date: Thu, 12 Sep 2024 14:51:16 -0700 Subject: [PATCH 21/24] workflow update --- .github/workflows/Vue3cicd.yaml | 167 ++++++++++++++++++++++++++++++++ 1 file changed, 167 insertions(+) create mode 100644 .github/workflows/Vue3cicd.yaml diff --git a/.github/workflows/Vue3cicd.yaml b/.github/workflows/Vue3cicd.yaml new file mode 100644 index 000000000..03a0fb029 --- /dev/null +++ b/.github/workflows/Vue3cicd.yaml @@ -0,0 +1,167 @@ +name: Vue3 cicd +on: + workflow_dispatch: + inputs: + pr-number: + description: "Pull Request Number:" + type: string + required: true + namespace: + description: "Deploy To:" + type: choice + required: true + options: + - The Q Dev + +jobs: + + ##### SETUP ################################################################## + + parse-inputs: + name: refs/pull/${{ github.event.inputs.pr-number }}/head to ${{ github.event.inputs.namespace }} + runs-on: ubuntu-latest + outputs: + environment: ${{ steps.parse.outputs.environment }} + image-tag: ${{ steps.parse.outputs.image-tag }} + push-qms: ${{ steps.parse.outputs.push-qms }} + push-theq: ${{ steps.parse.outputs.push-theq }} + ref: ${{ steps.parse.outputs.ref }} + + steps: + # Use the input values to create more coding-friendly values. + - name: Parse Inputs + id: parse + run: | + # Gets "dev" or "test". + ENVIRONMENT=$(echo ${{ github.event.inputs.namespace }} | \ + awk -F' ' '{print $NF}' | tr '[:upper:]' '[:lower:]') + echo ENVIRONMENT:$ENVIRONMENT + echo "environment=$ENVIRONMENT" >> $GITHUB_OUTPUT + IMAGE_TAG=pr${{ github.event.inputs.pr-number }} + echo IMAGE_TAG:$IMAGE_TAG + echo "image-tag=$IMAGE_TAG" >> $GITHUB_OUTPUT + if [ $GITHUB_REPOSITORY_OWNER != "bcgov" ]; then + # Never push in forks - useful and safer for development. + PUSH_QMS=false + PUSH_THEQ=false + elif [[ "${{ github.event.inputs.namespace }}" == QMS* ]]; then + PUSH_QMS=true + PUSH_THEQ=false + else + PUSH_QMS=false + PUSH_THEQ=true + fi + echo PUSH_QMS:$PUSH_QMS + echo "push-qms=$PUSH_QMS" >> $GITHUB_OUTPUT + echo PUSH_THEQ:$PUSH_THEQ + echo "push-theq=$PUSH_THEQ" >> $GITHUB_OUTPUT + REF=refs/pull/${{ github.event.inputs.pr-number }}/head + echo REF:$REF + echo "ref=$REF" >> $GITHUB_OUTPUT + + + ##### TEST ################################################################### + + # queue-management-frontend-cypress: + # name: Queue Management Frontend Cypress + # needs: parse-inputs + # uses: ./.github/workflows/reusable-queue-management-frontend-cypress.yaml + # secrets: + # cypress-project-id: ${{ secrets.CYPRESS_PROJECT_ID }} + # cypress-record-key: ${{ secrets.CYPRESS_RECORD_KEY }} + # keycloak-auth-url: ${{ secrets.KEYCLOAK_AUTH_URL_DEV }}/auth/ + # keycloak-client: ${{ secrets.KEYCLOAK_APPOINTMENTS_FRONTEND_CLIENT }} + # keycloak-realm: ${{ secrets.KEYCLOAK_REALM }} + # with: + # ref: ${{ needs.parse-inputs.outputs.ref }} + + ##### BUILD ################################################################## + + queue-management-frontend: + name: queue-management-frontend + needs: [parse-inputs, queue-management-frontend-cypress, appointment-frontend-cypress] + uses: ./.github/workflows/reusable-build-dockerfile.yaml + secrets: + artifactory-password: ${{ secrets.ARTIFACTORY_PASSWORD }} + artifactory-registry: ${{ secrets.ARTIFACTORY_REGISTRY }} + artifactory-username: ${{ secrets.ARTIFACTORY_USERNAME }} + namespace-theq: ${{ secrets.LICENCE_PLATE_THEQ }}-tools + namespace-theq-password: ${{ secrets.SA_PASSWORD_THEQ_TOOLS }} + namespace-theq-username: ${{ secrets.SA_USERNAME }} + namespace-qms: ${{ secrets.LICENCE_PLATE_QMS }}-tools + namespace-qms-password: ${{ secrets.SA_PASSWORD_QMS_TOOLS }} + namespace-qms-username: ${{ secrets.SA_USERNAME }} + openshift-registry: ${{ secrets.OPENSHIFT_REGISTRY }} + with: + ref: ${{ needs.parse-inputs.outputs.ref }} + directory: frontend + image-name: queue-management-nginx-frontend-vue3 + image-tags: ${{ needs.parse-inputs.outputs.image-tag }} + push-qms: ${{ needs.parse-inputs.outputs.push-qms == 'true' }} + push-theq: ${{ needs.parse-inputs.outputs.push-theq == 'true' }} + + + ##### DEPLOY ################################################################# + + tag: + name: Tag + if: github.repository_owner == 'bcgov' + needs: [parse-inputs, appointment-frontend, feedback-api, notifications-api, queue-management-api, queue-management-frontend, send-appointment-reminder-crond] + uses: ./.github/workflows/reusable-tag-image.yaml + secrets: + licence-plate: ${{ needs.parse-inputs.outputs.push-qms == 'true' && secrets.LICENCE_PLATE_QMS || secrets.LICENCE_PLATE_THEQ }} + openshift-api: ${{ secrets.OPENSHIFT_API }} + token: ${{ needs.parse-inputs.outputs.push-qms == 'true' && secrets.SA_PASSWORD_QMS_TOOLS || secrets.SA_PASSWORD_THEQ_TOOLS }} + with: + image-names: queue-management-nginx-frontend-vue3 + tag-from: ${{ needs.parse-inputs.outputs.image-tag }} + tag-to: ${{ needs.parse-inputs.outputs.environment }} + + wait-for-rollouts: + name: Wait for Rollouts + if: github.repository_owner == 'bcgov' + needs: [parse-inputs, tag] + uses: ./.github/workflows/reusable-wait-for-rollouts.yaml + secrets: + licence-plate: ${{ needs.parse-inputs.outputs.push-qms == 'true' && secrets.LICENCE_PLATE_QMS || secrets.LICENCE_PLATE_THEQ }} + openshift-api: ${{ secrets.OPENSHIFT_API }} + token: ${{ needs.parse-inputs.outputs.push-qms == 'true' && secrets.SA_PASSWORD_QMS_DEV || ( needs.parse-inputs.outputs.environment == 'dev' && secrets.SA_PASSWORD_THEQ_DEV || secrets.SA_PASSWORD_THEQ_TEST ) }} + with: + image-names: queue-management-nginx-frontend-vue3 + tag-to: ${{ needs.parse-inputs.outputs.environment }} + + ##### TEST ################################################################### + + owasp-staff: + name: OWASP ZAP Scan of Staff Frontend + needs: [parse-inputs, wait-for-rollouts] + runs-on: ubuntu-latest + + steps: + - name: Get Parameters + run: | + if [ ${{ needs.parse-inputs.outputs.push-qms }} == true ]; then + echo "ZAP_URL=${{ secrets.ZAP_STAFFURL_QMS_DEV }}" >> $GITHUB_ENV + elif [ ${{ needs.parse-inputs.outputs.environment }} == dev ]; then + echo "ZAP_URL=${{ secrets.ZAP_STAFFURL_THEQ_DEV }}" >> $GITHUB_ENV + else + echo "ZAP_URL=${{ secrets.ZAP_STAFFURL_THEQ_TEST }}" >> $GITHUB_ENV + fi + - name: OWASP ZAP Scan + uses: zaproxy/action-full-scan@v0.10.0 + with: + allow_issue_writing: false + cmd_options: '-z "-config scanner.threadPerHost=20"' + target: ${{ env.ZAP_URL }} + + - name: Upload Report as Artifact + uses: actions/upload-artifact@v3 + with: + name: OWASP ZAP - Staff Front End Report + path: report_html.html + + - name: Upload Report as Artifact + uses: actions/upload-artifact@v3 + with: + name: OWASP ZAP - Appointment Front End Report + path: report_html.html \ No newline at end of file From cab36ac73763d8e2c72fed240d5cf0836b6845e1 Mon Sep 17 00:00:00 2001 From: josekudiyirippil Date: Thu, 12 Sep 2024 15:01:24 -0700 Subject: [PATCH 22/24] testing workflow --- .github/workflows/pull-request-deployNew.yaml | 357 ++++++++++++++++++ 1 file changed, 357 insertions(+) create mode 100644 .github/workflows/pull-request-deployNew.yaml diff --git a/.github/workflows/pull-request-deployNew.yaml b/.github/workflows/pull-request-deployNew.yaml new file mode 100644 index 000000000..ade95ae22 --- /dev/null +++ b/.github/workflows/pull-request-deployNew.yaml @@ -0,0 +1,357 @@ +name: Pull Request Deploynew +on: + workflow_dispatch: + inputs: + pr-number: + description: "Pull Request Number:" + type: string + required: true + namespace: + description: "Deploy To:" + type: choice + required: true + options: + - The Q Dev + - QMS Dev + - The Q Test + +jobs: + + ##### SETUP ################################################################## + + parse-inputs: + name: refs/pull/${{ github.event.inputs.pr-number }}/head to ${{ github.event.inputs.namespace }} + runs-on: ubuntu-latest + outputs: + environment: ${{ steps.parse.outputs.environment }} + image-tag: ${{ steps.parse.outputs.image-tag }} + push-qms: ${{ steps.parse.outputs.push-qms }} + push-theq: ${{ steps.parse.outputs.push-theq }} + ref: ${{ steps.parse.outputs.ref }} + + steps: + # Use the input values to create more coding-friendly values. + - name: Parse Inputs + id: parse + run: | + # Gets "dev" or "test". + ENVIRONMENT=$(echo ${{ github.event.inputs.namespace }} | \ + awk -F' ' '{print $NF}' | tr '[:upper:]' '[:lower:]') + echo ENVIRONMENT:$ENVIRONMENT + echo "environment=$ENVIRONMENT" >> $GITHUB_OUTPUT + + IMAGE_TAG=pr${{ github.event.inputs.pr-number }} + echo IMAGE_TAG:$IMAGE_TAG + echo "image-tag=$IMAGE_TAG" >> $GITHUB_OUTPUT + + if [ $GITHUB_REPOSITORY_OWNER != "bcgov" ]; then + # Never push in forks - useful and safer for development. + PUSH_QMS=false + PUSH_THEQ=false + elif [[ "${{ github.event.inputs.namespace }}" == QMS* ]]; then + PUSH_QMS=true + PUSH_THEQ=false + else + PUSH_QMS=false + PUSH_THEQ=true + fi + + echo PUSH_QMS:$PUSH_QMS + echo "push-qms=$PUSH_QMS" >> $GITHUB_OUTPUT + + echo PUSH_THEQ:$PUSH_THEQ + echo "push-theq=$PUSH_THEQ" >> $GITHUB_OUTPUT + + REF=refs/pull/${{ github.event.inputs.pr-number }}/head + echo REF:$REF + echo "ref=$REF" >> $GITHUB_OUTPUT + + + ##### TEST ################################################################### + + appointment-frontend-cypress: + name: Appointment Frontend Cypress + needs: parse-inputs + uses: ./.github/workflows/tyu-reusable-appointment-frontend-cypress.yaml + secrets: + bceid-endpoint: ${{ secrets.CYPRESS_BCEID_ENDPOINT }} + bceid-password: ${{ secrets.CYPRESS_BCEID_PASSWORD }} + bceid-username: ${{ secrets.CYPRESS_BCEID_USERNAME }} + cypress-project-id: ${{ secrets.CYPRESS_PROJECT_ID }} + cypress-record-key: ${{ secrets.CYPRESS_RECORD_KEY }} + keycloak-auth-url: ${{ secrets.KEYCLOAK_AUTH_URL_DEV }}/auth/ + keycloak-client: ${{ secrets.KEYCLOAK_APPOINTMENTS_FRONTEND_CLIENT }} + keycloak-realm: ${{ secrets.KEYCLOAK_REALM }} + with: + ref: ${{ needs.parse-inputs.outputs.ref }} + + queue-management-frontend-cypress: + name: Queue Management Frontend Cypress + needs: parse-inputs + uses: ./.github/workflows/reusable-queue-management-frontend-cypress.yaml + secrets: + cypress-project-id: ${{ secrets.CYPRESS_PROJECT_ID }} + cypress-record-key: ${{ secrets.CYPRESS_RECORD_KEY }} + keycloak-auth-url: ${{ secrets.KEYCLOAK_AUTH_URL_DEV }}/auth/ + keycloak-client: ${{ secrets.KEYCLOAK_APPOINTMENTS_FRONTEND_CLIENT }} + keycloak-realm: ${{ secrets.KEYCLOAK_REALM }} + with: + ref: ${{ needs.parse-inputs.outputs.ref }} + + ##### BUILD ################################################################## + + appointment-frontend: + name: appointment-frontend + needs: [parse-inputs, queue-management-frontend-cypress, appointment-frontend-cypress] + uses: ./.github/workflows/reusable-build-dockerfile.yaml + secrets: + artifactory-password: ${{ secrets.ARTIFACTORY_PASSWORD }} + artifactory-registry: ${{ secrets.ARTIFACTORY_REGISTRY }} + artifactory-username: ${{ secrets.ARTIFACTORY_USERNAME }} + namespace-theq: ${{ secrets.LICENCE_PLATE_THEQ }}-tools + namespace-theq-password: ${{ secrets.SA_PASSWORD_THEQ_TOOLS }} + namespace-theq-username: ${{ secrets.SA_USERNAME }} + namespace-qms: ${{ secrets.LICENCE_PLATE_QMS }}-tools + namespace-qms-password: ${{ secrets.SA_PASSWORD_QMS_TOOLS }} + namespace-qms-username: ${{ secrets.SA_USERNAME }} + openshift-registry: ${{ secrets.OPENSHIFT_REGISTRY }} + with: + ref: ${{ needs.parse-inputs.outputs.ref }} + directory: appointment-frontend + image-name: appointment-nginx-frontend + image-tags: ${{ needs.parse-inputs.outputs.image-tag }} + push-qms: ${{ needs.parse-inputs.outputs.push-qms == 'true' }} + push-theq: ${{ needs.parse-inputs.outputs.push-theq == 'true' }} + + feedback-api: + name: feedback-api + needs: [parse-inputs, queue-management-frontend-cypress, appointment-frontend-cypress] + uses: ./.github/workflows/reusable-build-s2i.yaml + secrets: + namespace-theq: ${{ secrets.LICENCE_PLATE_THEQ }}-tools + namespace-theq-password: ${{ secrets.SA_PASSWORD_THEQ_TOOLS }} + namespace-theq-username: ${{ secrets.SA_USERNAME }} + namespace-qms: ${{ secrets.LICENCE_PLATE_QMS }}-tools + namespace-qms-password: ${{ secrets.SA_PASSWORD_QMS_TOOLS }} + namespace-qms-username: ${{ secrets.SA_USERNAME }} + openshift-registry: ${{ secrets.OPENSHIFT_REGISTRY }} + with: + ref: ${{ needs.parse-inputs.outputs.ref }} + directory: feedback-api + image-name: feedback-api + image-tags: ${{ needs.parse-inputs.outputs.image-tag }} + push-qms: ${{ needs.parse-inputs.outputs.push-qms == 'true' }} + push-theq: ${{ needs.parse-inputs.outputs.push-theq == 'true' }} + + notifications-api: + name: notifications-api + needs: [parse-inputs, queue-management-frontend-cypress, appointment-frontend-cypress] + uses: ./.github/workflows/reusable-build-s2i.yaml + secrets: + namespace-theq: ${{ secrets.LICENCE_PLATE_THEQ }}-tools + namespace-theq-password: ${{ secrets.SA_PASSWORD_THEQ_TOOLS }} + namespace-theq-username: ${{ secrets.SA_USERNAME }} + namespace-qms: ${{ secrets.LICENCE_PLATE_QMS }}-tools + namespace-qms-password: ${{ secrets.SA_PASSWORD_QMS_TOOLS }} + namespace-qms-username: ${{ secrets.SA_USERNAME }} + openshift-registry: ${{ secrets.OPENSHIFT_REGISTRY }} + with: + ref: ${{ needs.parse-inputs.outputs.ref }} + directory: notifications-api + image-name: notifications-api + image-tags: ${{ needs.parse-inputs.outputs.image-tag }} + push-qms: ${{ needs.parse-inputs.outputs.push-qms == 'true' }} + push-theq: ${{ needs.parse-inputs.outputs.push-theq == 'true' }} + + queue-management-api: + name: queue-management-api + needs: [parse-inputs, queue-management-frontend-cypress, appointment-frontend-cypress] + uses: ./.github/workflows/reusable-build-s2i.yaml + secrets: + artifactory-password: ${{ secrets.ARTIFACTORY_PASSWORD }} + artifactory-registry: ${{ secrets.ARTIFACTORY_REGISTRY }} + artifactory-username: ${{ secrets.ARTIFACTORY_USERNAME }} + namespace-theq: ${{ secrets.LICENCE_PLATE_THEQ }}-tools + namespace-theq-password: ${{ secrets.SA_PASSWORD_THEQ_TOOLS }} + namespace-theq-username: ${{ secrets.SA_USERNAME }} + namespace-qms: ${{ secrets.LICENCE_PLATE_QMS }}-tools + namespace-qms-password: ${{ secrets.SA_PASSWORD_QMS_TOOLS }} + namespace-qms-username: ${{ secrets.SA_USERNAME }} + openshift-registry: ${{ secrets.OPENSHIFT_REGISTRY }} + with: + ref: ${{ needs.parse-inputs.outputs.ref }} + directory: api + image-name: queue-management-api + image-tags: ${{ needs.parse-inputs.outputs.image-tag }} + push-qms: ${{ needs.parse-inputs.outputs.push-qms == 'true' }} + push-theq: ${{ needs.parse-inputs.outputs.push-theq == 'true' }} + + queue-management-frontend: + name: queue-management-frontend + needs: [parse-inputs, queue-management-frontend-cypress, appointment-frontend-cypress] + uses: ./.github/workflows/reusable-build-dockerfile.yaml + secrets: + artifactory-password: ${{ secrets.ARTIFACTORY_PASSWORD }} + artifactory-registry: ${{ secrets.ARTIFACTORY_REGISTRY }} + artifactory-username: ${{ secrets.ARTIFACTORY_USERNAME }} + namespace-theq: ${{ secrets.LICENCE_PLATE_THEQ }}-tools + namespace-theq-password: ${{ secrets.SA_PASSWORD_THEQ_TOOLS }} + namespace-theq-username: ${{ secrets.SA_USERNAME }} + namespace-qms: ${{ secrets.LICENCE_PLATE_QMS }}-tools + namespace-qms-password: ${{ secrets.SA_PASSWORD_QMS_TOOLS }} + namespace-qms-username: ${{ secrets.SA_USERNAME }} + openshift-registry: ${{ secrets.OPENSHIFT_REGISTRY }} + with: + ref: ${{ needs.parse-inputs.outputs.ref }} + directory: frontend + image-name: queue-management-nginx-frontend + image-tags: ${{ needs.parse-inputs.outputs.image-tag }} + push-qms: ${{ needs.parse-inputs.outputs.push-qms == 'true' }} + push-theq: ${{ needs.parse-inputs.outputs.push-theq == 'true' }} + + send-appointment-reminder-crond: + name: send-appointment-reminder-crond + needs: [parse-inputs, queue-management-frontend-cypress, appointment-frontend-cypress] + uses: ./.github/workflows/reusable-build-dockerfile.yaml + secrets: + artifactory-password: ${{ secrets.ARTIFACTORY_PASSWORD }} + artifactory-registry: ${{ secrets.ARTIFACTORY_REGISTRY }} + artifactory-username: ${{ secrets.ARTIFACTORY_USERNAME }} + namespace-theq: ${{ secrets.LICENCE_PLATE_THEQ }}-tools + namespace-theq-password: ${{ secrets.SA_PASSWORD_THEQ_TOOLS }} + namespace-theq-username: ${{ secrets.SA_USERNAME }} + namespace-qms: ${{ secrets.LICENCE_PLATE_QMS }}-tools + namespace-qms-password: ${{ secrets.SA_PASSWORD_QMS_TOOLS }} + namespace-qms-username: ${{ secrets.SA_USERNAME }} + openshift-registry: ${{ secrets.OPENSHIFT_REGISTRY }} + with: + ref: ${{ needs.parse-inputs.outputs.ref }} + directory: jobs/appointment_reminder + image-name: send-appointment-reminder-crond + image-tags: ${{ needs.parse-inputs.outputs.image-tag }} + push-qms: ${{ needs.parse-inputs.outputs.push-qms == 'true' }} + push-theq: ${{ needs.parse-inputs.outputs.push-theq == 'true' }} + + ##### DEPLOY ################################################################# + + tag: + name: Tag + if: github.repository_owner == 'bcgov' + needs: [parse-inputs, appointment-frontend, feedback-api, notifications-api, queue-management-api, queue-management-frontend, send-appointment-reminder-crond] + uses: ./.github/workflows/reusable-tag-image.yaml + secrets: + licence-plate: ${{ needs.parse-inputs.outputs.push-qms == 'true' && secrets.LICENCE_PLATE_QMS || secrets.LICENCE_PLATE_THEQ }} + openshift-api: ${{ secrets.OPENSHIFT_API }} + token: ${{ needs.parse-inputs.outputs.push-qms == 'true' && secrets.SA_PASSWORD_QMS_TOOLS || secrets.SA_PASSWORD_THEQ_TOOLS }} + with: + image-names: appointment-nginx-frontend feedback-api notifications-api queue-management-api queue-management-nginx-frontend send-appointment-reminder-crond + tag-from: ${{ needs.parse-inputs.outputs.image-tag }} + tag-to: ${{ needs.parse-inputs.outputs.environment }} + + wait-for-rollouts: + name: Wait for Rollouts + if: github.repository_owner == 'bcgov' + needs: [parse-inputs, tag] + uses: ./.github/workflows/reusable-wait-for-rollouts.yaml + secrets: + licence-plate: ${{ needs.parse-inputs.outputs.push-qms == 'true' && secrets.LICENCE_PLATE_QMS || secrets.LICENCE_PLATE_THEQ }} + openshift-api: ${{ secrets.OPENSHIFT_API }} + token: ${{ needs.parse-inputs.outputs.push-qms == 'true' && secrets.SA_PASSWORD_QMS_DEV || ( needs.parse-inputs.outputs.environment == 'dev' && secrets.SA_PASSWORD_THEQ_DEV || secrets.SA_PASSWORD_THEQ_TEST ) }} + with: + image-names: appointment-nginx-frontend feedback-api notifications-api queue-management-api queue-management-nginx-frontend send-appointment-reminder-crond-${{ needs.parse-inputs.outputs.environment }} + tag-to: ${{ needs.parse-inputs.outputs.environment }} + + ##### TEST ################################################################### + + # Only run Newman for The Q dev - other environments will fail due to data. + newman-theq-dev: + name: Newman Tests + if: github.event.inputs.namespace == 'The Q Dev' + needs: [parse-inputs, wait-for-rollouts] + runs-on: ubuntu-latest + + steps: + - name: Check out + uses: actions/checkout@v2 + + - name: NPM Install + run: | + cd api/postman + npm install newman + + - name: Run Newman Tests + run: | + cd api/postman + node_modules/newman/bin/newman.js run API_Test_TheQ_Booking.json \ + -e postman_env.json \ + --delay-request 250 \ + --global-var 'auth_url=${{ vars.POSTMAN_AUTH_URL_DEV }}' \ + --global-var 'client_secret=${{ secrets.POSTMAN_CLIENT_SECRET_DEV }}' \ + --global-var 'clientid=${{ vars.POSTMAN_CLIENTID_DEV }}' \ + --global-var 'password=${{ secrets.POSTMAN_PASSWORD }}' \ + --global-var 'password_nonqtxn=${{ secrets.POSTMAN_PASSWORD_NONQTXN }}' \ + --global-var 'public_url=${{ vars.POSTMAN_PUBLIC_API_URL_THEQ_DEV }}' \ + --global-var 'public_user_id=${{ vars.POSTMAN_PUBLIC_USERID }}' \ + --global-var 'public_user_password=${{ secrets.POSTMAN_PASSWORD_PUBLIC_USER }}' \ + --global-var 'realm=${{ vars.POSTMAN_REALM }}' \ + --global-var 'url=${{ vars.POSTMAN_API_URL_THEQ_DEV }}' \ + --global-var 'userid=${{ vars.POSTMAN_USERID }}' \ + --global-var 'userid_nonqtxn=${{ vars.POSTMAN_USERID_NONQTXN }}' + + owasp-staff: + name: OWASP ZAP Scan of Staff Frontend + needs: [parse-inputs, wait-for-rollouts] + runs-on: ubuntu-latest + + steps: + - name: Get Parameters + run: | + if [ ${{ needs.parse-inputs.outputs.push-qms }} == true ]; then + echo "ZAP_URL=${{ secrets.ZAP_STAFFURL_QMS_DEV }}" >> $GITHUB_ENV + elif [ ${{ needs.parse-inputs.outputs.environment }} == dev ]; then + echo "ZAP_URL=${{ secrets.ZAP_STAFFURL_THEQ_DEV }}" >> $GITHUB_ENV + else + echo "ZAP_URL=${{ secrets.ZAP_STAFFURL_THEQ_TEST }}" >> $GITHUB_ENV + fi + + - name: OWASP ZAP Scan + uses: zaproxy/action-full-scan@v0.10.0 + with: + allow_issue_writing: false + cmd_options: '-z "-config scanner.threadPerHost=20"' + target: ${{ env.ZAP_URL }} + + - name: Upload Report as Artifact + uses: actions/upload-artifact@v3 + with: + name: OWASP ZAP - Staff Front End Report + path: report_html.html + + owasp-appointment: + name: OWASP ZAP Scan of Appointment Frontend + needs: [parse-inputs, wait-for-rollouts] + runs-on: ubuntu-latest + + steps: + - name: Get Parameters + run: | + if [ ${{ needs.parse-inputs.outputs.push-qms }} == true ]; then + echo "ZAP_URL=${{ secrets.ZAP_APPTMNTURL_QMS_DEV }}" >> $GITHUB_ENV + elif [ ${{ needs.parse-inputs.outputs.environment }} == dev ]; then + echo "ZAP_URL=${{ secrets.ZAP_APPTMNTURL_THEQ_DEV }}" >> $GITHUB_ENV + else + echo "ZAP_URL=${{ secrets.ZAP_APPTMNTURL_THEQ_TEST }}" >> $GITHUB_ENV + fi + + - name: OWASP ZAP Scan + uses: zaproxy/action-full-scan@v0.10.0 + with: + allow_issue_writing: false + cmd_options: '-z "-config scanner.threadPerHost=20"' + target: ${{ env.ZAP_URL }} + + - name: Upload Report as Artifact + uses: actions/upload-artifact@v3 + with: + name: OWASP ZAP - Appointment Front End Report + path: report_html.html From 97a36a113a2da37490b1437d5715d15641b7252c Mon Sep 17 00:00:00 2001 From: josekudiyirippil Date: Thu, 12 Sep 2024 15:14:30 -0700 Subject: [PATCH 23/24] workflow update --- .github/workflows/Vue3cicd.yaml | 2 +- .github/workflows/pull-request-deployNew.yaml | 357 ------------------ 2 files changed, 1 insertion(+), 358 deletions(-) delete mode 100644 .github/workflows/pull-request-deployNew.yaml diff --git a/.github/workflows/Vue3cicd.yaml b/.github/workflows/Vue3cicd.yaml index 03a0fb029..3a012aa03 100644 --- a/.github/workflows/Vue3cicd.yaml +++ b/.github/workflows/Vue3cicd.yaml @@ -79,7 +79,7 @@ jobs: queue-management-frontend: name: queue-management-frontend - needs: [parse-inputs, queue-management-frontend-cypress, appointment-frontend-cypress] + needs: [parse-inputs] uses: ./.github/workflows/reusable-build-dockerfile.yaml secrets: artifactory-password: ${{ secrets.ARTIFACTORY_PASSWORD }} diff --git a/.github/workflows/pull-request-deployNew.yaml b/.github/workflows/pull-request-deployNew.yaml deleted file mode 100644 index ade95ae22..000000000 --- a/.github/workflows/pull-request-deployNew.yaml +++ /dev/null @@ -1,357 +0,0 @@ -name: Pull Request Deploynew -on: - workflow_dispatch: - inputs: - pr-number: - description: "Pull Request Number:" - type: string - required: true - namespace: - description: "Deploy To:" - type: choice - required: true - options: - - The Q Dev - - QMS Dev - - The Q Test - -jobs: - - ##### SETUP ################################################################## - - parse-inputs: - name: refs/pull/${{ github.event.inputs.pr-number }}/head to ${{ github.event.inputs.namespace }} - runs-on: ubuntu-latest - outputs: - environment: ${{ steps.parse.outputs.environment }} - image-tag: ${{ steps.parse.outputs.image-tag }} - push-qms: ${{ steps.parse.outputs.push-qms }} - push-theq: ${{ steps.parse.outputs.push-theq }} - ref: ${{ steps.parse.outputs.ref }} - - steps: - # Use the input values to create more coding-friendly values. - - name: Parse Inputs - id: parse - run: | - # Gets "dev" or "test". - ENVIRONMENT=$(echo ${{ github.event.inputs.namespace }} | \ - awk -F' ' '{print $NF}' | tr '[:upper:]' '[:lower:]') - echo ENVIRONMENT:$ENVIRONMENT - echo "environment=$ENVIRONMENT" >> $GITHUB_OUTPUT - - IMAGE_TAG=pr${{ github.event.inputs.pr-number }} - echo IMAGE_TAG:$IMAGE_TAG - echo "image-tag=$IMAGE_TAG" >> $GITHUB_OUTPUT - - if [ $GITHUB_REPOSITORY_OWNER != "bcgov" ]; then - # Never push in forks - useful and safer for development. - PUSH_QMS=false - PUSH_THEQ=false - elif [[ "${{ github.event.inputs.namespace }}" == QMS* ]]; then - PUSH_QMS=true - PUSH_THEQ=false - else - PUSH_QMS=false - PUSH_THEQ=true - fi - - echo PUSH_QMS:$PUSH_QMS - echo "push-qms=$PUSH_QMS" >> $GITHUB_OUTPUT - - echo PUSH_THEQ:$PUSH_THEQ - echo "push-theq=$PUSH_THEQ" >> $GITHUB_OUTPUT - - REF=refs/pull/${{ github.event.inputs.pr-number }}/head - echo REF:$REF - echo "ref=$REF" >> $GITHUB_OUTPUT - - - ##### TEST ################################################################### - - appointment-frontend-cypress: - name: Appointment Frontend Cypress - needs: parse-inputs - uses: ./.github/workflows/tyu-reusable-appointment-frontend-cypress.yaml - secrets: - bceid-endpoint: ${{ secrets.CYPRESS_BCEID_ENDPOINT }} - bceid-password: ${{ secrets.CYPRESS_BCEID_PASSWORD }} - bceid-username: ${{ secrets.CYPRESS_BCEID_USERNAME }} - cypress-project-id: ${{ secrets.CYPRESS_PROJECT_ID }} - cypress-record-key: ${{ secrets.CYPRESS_RECORD_KEY }} - keycloak-auth-url: ${{ secrets.KEYCLOAK_AUTH_URL_DEV }}/auth/ - keycloak-client: ${{ secrets.KEYCLOAK_APPOINTMENTS_FRONTEND_CLIENT }} - keycloak-realm: ${{ secrets.KEYCLOAK_REALM }} - with: - ref: ${{ needs.parse-inputs.outputs.ref }} - - queue-management-frontend-cypress: - name: Queue Management Frontend Cypress - needs: parse-inputs - uses: ./.github/workflows/reusable-queue-management-frontend-cypress.yaml - secrets: - cypress-project-id: ${{ secrets.CYPRESS_PROJECT_ID }} - cypress-record-key: ${{ secrets.CYPRESS_RECORD_KEY }} - keycloak-auth-url: ${{ secrets.KEYCLOAK_AUTH_URL_DEV }}/auth/ - keycloak-client: ${{ secrets.KEYCLOAK_APPOINTMENTS_FRONTEND_CLIENT }} - keycloak-realm: ${{ secrets.KEYCLOAK_REALM }} - with: - ref: ${{ needs.parse-inputs.outputs.ref }} - - ##### BUILD ################################################################## - - appointment-frontend: - name: appointment-frontend - needs: [parse-inputs, queue-management-frontend-cypress, appointment-frontend-cypress] - uses: ./.github/workflows/reusable-build-dockerfile.yaml - secrets: - artifactory-password: ${{ secrets.ARTIFACTORY_PASSWORD }} - artifactory-registry: ${{ secrets.ARTIFACTORY_REGISTRY }} - artifactory-username: ${{ secrets.ARTIFACTORY_USERNAME }} - namespace-theq: ${{ secrets.LICENCE_PLATE_THEQ }}-tools - namespace-theq-password: ${{ secrets.SA_PASSWORD_THEQ_TOOLS }} - namespace-theq-username: ${{ secrets.SA_USERNAME }} - namespace-qms: ${{ secrets.LICENCE_PLATE_QMS }}-tools - namespace-qms-password: ${{ secrets.SA_PASSWORD_QMS_TOOLS }} - namespace-qms-username: ${{ secrets.SA_USERNAME }} - openshift-registry: ${{ secrets.OPENSHIFT_REGISTRY }} - with: - ref: ${{ needs.parse-inputs.outputs.ref }} - directory: appointment-frontend - image-name: appointment-nginx-frontend - image-tags: ${{ needs.parse-inputs.outputs.image-tag }} - push-qms: ${{ needs.parse-inputs.outputs.push-qms == 'true' }} - push-theq: ${{ needs.parse-inputs.outputs.push-theq == 'true' }} - - feedback-api: - name: feedback-api - needs: [parse-inputs, queue-management-frontend-cypress, appointment-frontend-cypress] - uses: ./.github/workflows/reusable-build-s2i.yaml - secrets: - namespace-theq: ${{ secrets.LICENCE_PLATE_THEQ }}-tools - namespace-theq-password: ${{ secrets.SA_PASSWORD_THEQ_TOOLS }} - namespace-theq-username: ${{ secrets.SA_USERNAME }} - namespace-qms: ${{ secrets.LICENCE_PLATE_QMS }}-tools - namespace-qms-password: ${{ secrets.SA_PASSWORD_QMS_TOOLS }} - namespace-qms-username: ${{ secrets.SA_USERNAME }} - openshift-registry: ${{ secrets.OPENSHIFT_REGISTRY }} - with: - ref: ${{ needs.parse-inputs.outputs.ref }} - directory: feedback-api - image-name: feedback-api - image-tags: ${{ needs.parse-inputs.outputs.image-tag }} - push-qms: ${{ needs.parse-inputs.outputs.push-qms == 'true' }} - push-theq: ${{ needs.parse-inputs.outputs.push-theq == 'true' }} - - notifications-api: - name: notifications-api - needs: [parse-inputs, queue-management-frontend-cypress, appointment-frontend-cypress] - uses: ./.github/workflows/reusable-build-s2i.yaml - secrets: - namespace-theq: ${{ secrets.LICENCE_PLATE_THEQ }}-tools - namespace-theq-password: ${{ secrets.SA_PASSWORD_THEQ_TOOLS }} - namespace-theq-username: ${{ secrets.SA_USERNAME }} - namespace-qms: ${{ secrets.LICENCE_PLATE_QMS }}-tools - namespace-qms-password: ${{ secrets.SA_PASSWORD_QMS_TOOLS }} - namespace-qms-username: ${{ secrets.SA_USERNAME }} - openshift-registry: ${{ secrets.OPENSHIFT_REGISTRY }} - with: - ref: ${{ needs.parse-inputs.outputs.ref }} - directory: notifications-api - image-name: notifications-api - image-tags: ${{ needs.parse-inputs.outputs.image-tag }} - push-qms: ${{ needs.parse-inputs.outputs.push-qms == 'true' }} - push-theq: ${{ needs.parse-inputs.outputs.push-theq == 'true' }} - - queue-management-api: - name: queue-management-api - needs: [parse-inputs, queue-management-frontend-cypress, appointment-frontend-cypress] - uses: ./.github/workflows/reusable-build-s2i.yaml - secrets: - artifactory-password: ${{ secrets.ARTIFACTORY_PASSWORD }} - artifactory-registry: ${{ secrets.ARTIFACTORY_REGISTRY }} - artifactory-username: ${{ secrets.ARTIFACTORY_USERNAME }} - namespace-theq: ${{ secrets.LICENCE_PLATE_THEQ }}-tools - namespace-theq-password: ${{ secrets.SA_PASSWORD_THEQ_TOOLS }} - namespace-theq-username: ${{ secrets.SA_USERNAME }} - namespace-qms: ${{ secrets.LICENCE_PLATE_QMS }}-tools - namespace-qms-password: ${{ secrets.SA_PASSWORD_QMS_TOOLS }} - namespace-qms-username: ${{ secrets.SA_USERNAME }} - openshift-registry: ${{ secrets.OPENSHIFT_REGISTRY }} - with: - ref: ${{ needs.parse-inputs.outputs.ref }} - directory: api - image-name: queue-management-api - image-tags: ${{ needs.parse-inputs.outputs.image-tag }} - push-qms: ${{ needs.parse-inputs.outputs.push-qms == 'true' }} - push-theq: ${{ needs.parse-inputs.outputs.push-theq == 'true' }} - - queue-management-frontend: - name: queue-management-frontend - needs: [parse-inputs, queue-management-frontend-cypress, appointment-frontend-cypress] - uses: ./.github/workflows/reusable-build-dockerfile.yaml - secrets: - artifactory-password: ${{ secrets.ARTIFACTORY_PASSWORD }} - artifactory-registry: ${{ secrets.ARTIFACTORY_REGISTRY }} - artifactory-username: ${{ secrets.ARTIFACTORY_USERNAME }} - namespace-theq: ${{ secrets.LICENCE_PLATE_THEQ }}-tools - namespace-theq-password: ${{ secrets.SA_PASSWORD_THEQ_TOOLS }} - namespace-theq-username: ${{ secrets.SA_USERNAME }} - namespace-qms: ${{ secrets.LICENCE_PLATE_QMS }}-tools - namespace-qms-password: ${{ secrets.SA_PASSWORD_QMS_TOOLS }} - namespace-qms-username: ${{ secrets.SA_USERNAME }} - openshift-registry: ${{ secrets.OPENSHIFT_REGISTRY }} - with: - ref: ${{ needs.parse-inputs.outputs.ref }} - directory: frontend - image-name: queue-management-nginx-frontend - image-tags: ${{ needs.parse-inputs.outputs.image-tag }} - push-qms: ${{ needs.parse-inputs.outputs.push-qms == 'true' }} - push-theq: ${{ needs.parse-inputs.outputs.push-theq == 'true' }} - - send-appointment-reminder-crond: - name: send-appointment-reminder-crond - needs: [parse-inputs, queue-management-frontend-cypress, appointment-frontend-cypress] - uses: ./.github/workflows/reusable-build-dockerfile.yaml - secrets: - artifactory-password: ${{ secrets.ARTIFACTORY_PASSWORD }} - artifactory-registry: ${{ secrets.ARTIFACTORY_REGISTRY }} - artifactory-username: ${{ secrets.ARTIFACTORY_USERNAME }} - namespace-theq: ${{ secrets.LICENCE_PLATE_THEQ }}-tools - namespace-theq-password: ${{ secrets.SA_PASSWORD_THEQ_TOOLS }} - namespace-theq-username: ${{ secrets.SA_USERNAME }} - namespace-qms: ${{ secrets.LICENCE_PLATE_QMS }}-tools - namespace-qms-password: ${{ secrets.SA_PASSWORD_QMS_TOOLS }} - namespace-qms-username: ${{ secrets.SA_USERNAME }} - openshift-registry: ${{ secrets.OPENSHIFT_REGISTRY }} - with: - ref: ${{ needs.parse-inputs.outputs.ref }} - directory: jobs/appointment_reminder - image-name: send-appointment-reminder-crond - image-tags: ${{ needs.parse-inputs.outputs.image-tag }} - push-qms: ${{ needs.parse-inputs.outputs.push-qms == 'true' }} - push-theq: ${{ needs.parse-inputs.outputs.push-theq == 'true' }} - - ##### DEPLOY ################################################################# - - tag: - name: Tag - if: github.repository_owner == 'bcgov' - needs: [parse-inputs, appointment-frontend, feedback-api, notifications-api, queue-management-api, queue-management-frontend, send-appointment-reminder-crond] - uses: ./.github/workflows/reusable-tag-image.yaml - secrets: - licence-plate: ${{ needs.parse-inputs.outputs.push-qms == 'true' && secrets.LICENCE_PLATE_QMS || secrets.LICENCE_PLATE_THEQ }} - openshift-api: ${{ secrets.OPENSHIFT_API }} - token: ${{ needs.parse-inputs.outputs.push-qms == 'true' && secrets.SA_PASSWORD_QMS_TOOLS || secrets.SA_PASSWORD_THEQ_TOOLS }} - with: - image-names: appointment-nginx-frontend feedback-api notifications-api queue-management-api queue-management-nginx-frontend send-appointment-reminder-crond - tag-from: ${{ needs.parse-inputs.outputs.image-tag }} - tag-to: ${{ needs.parse-inputs.outputs.environment }} - - wait-for-rollouts: - name: Wait for Rollouts - if: github.repository_owner == 'bcgov' - needs: [parse-inputs, tag] - uses: ./.github/workflows/reusable-wait-for-rollouts.yaml - secrets: - licence-plate: ${{ needs.parse-inputs.outputs.push-qms == 'true' && secrets.LICENCE_PLATE_QMS || secrets.LICENCE_PLATE_THEQ }} - openshift-api: ${{ secrets.OPENSHIFT_API }} - token: ${{ needs.parse-inputs.outputs.push-qms == 'true' && secrets.SA_PASSWORD_QMS_DEV || ( needs.parse-inputs.outputs.environment == 'dev' && secrets.SA_PASSWORD_THEQ_DEV || secrets.SA_PASSWORD_THEQ_TEST ) }} - with: - image-names: appointment-nginx-frontend feedback-api notifications-api queue-management-api queue-management-nginx-frontend send-appointment-reminder-crond-${{ needs.parse-inputs.outputs.environment }} - tag-to: ${{ needs.parse-inputs.outputs.environment }} - - ##### TEST ################################################################### - - # Only run Newman for The Q dev - other environments will fail due to data. - newman-theq-dev: - name: Newman Tests - if: github.event.inputs.namespace == 'The Q Dev' - needs: [parse-inputs, wait-for-rollouts] - runs-on: ubuntu-latest - - steps: - - name: Check out - uses: actions/checkout@v2 - - - name: NPM Install - run: | - cd api/postman - npm install newman - - - name: Run Newman Tests - run: | - cd api/postman - node_modules/newman/bin/newman.js run API_Test_TheQ_Booking.json \ - -e postman_env.json \ - --delay-request 250 \ - --global-var 'auth_url=${{ vars.POSTMAN_AUTH_URL_DEV }}' \ - --global-var 'client_secret=${{ secrets.POSTMAN_CLIENT_SECRET_DEV }}' \ - --global-var 'clientid=${{ vars.POSTMAN_CLIENTID_DEV }}' \ - --global-var 'password=${{ secrets.POSTMAN_PASSWORD }}' \ - --global-var 'password_nonqtxn=${{ secrets.POSTMAN_PASSWORD_NONQTXN }}' \ - --global-var 'public_url=${{ vars.POSTMAN_PUBLIC_API_URL_THEQ_DEV }}' \ - --global-var 'public_user_id=${{ vars.POSTMAN_PUBLIC_USERID }}' \ - --global-var 'public_user_password=${{ secrets.POSTMAN_PASSWORD_PUBLIC_USER }}' \ - --global-var 'realm=${{ vars.POSTMAN_REALM }}' \ - --global-var 'url=${{ vars.POSTMAN_API_URL_THEQ_DEV }}' \ - --global-var 'userid=${{ vars.POSTMAN_USERID }}' \ - --global-var 'userid_nonqtxn=${{ vars.POSTMAN_USERID_NONQTXN }}' - - owasp-staff: - name: OWASP ZAP Scan of Staff Frontend - needs: [parse-inputs, wait-for-rollouts] - runs-on: ubuntu-latest - - steps: - - name: Get Parameters - run: | - if [ ${{ needs.parse-inputs.outputs.push-qms }} == true ]; then - echo "ZAP_URL=${{ secrets.ZAP_STAFFURL_QMS_DEV }}" >> $GITHUB_ENV - elif [ ${{ needs.parse-inputs.outputs.environment }} == dev ]; then - echo "ZAP_URL=${{ secrets.ZAP_STAFFURL_THEQ_DEV }}" >> $GITHUB_ENV - else - echo "ZAP_URL=${{ secrets.ZAP_STAFFURL_THEQ_TEST }}" >> $GITHUB_ENV - fi - - - name: OWASP ZAP Scan - uses: zaproxy/action-full-scan@v0.10.0 - with: - allow_issue_writing: false - cmd_options: '-z "-config scanner.threadPerHost=20"' - target: ${{ env.ZAP_URL }} - - - name: Upload Report as Artifact - uses: actions/upload-artifact@v3 - with: - name: OWASP ZAP - Staff Front End Report - path: report_html.html - - owasp-appointment: - name: OWASP ZAP Scan of Appointment Frontend - needs: [parse-inputs, wait-for-rollouts] - runs-on: ubuntu-latest - - steps: - - name: Get Parameters - run: | - if [ ${{ needs.parse-inputs.outputs.push-qms }} == true ]; then - echo "ZAP_URL=${{ secrets.ZAP_APPTMNTURL_QMS_DEV }}" >> $GITHUB_ENV - elif [ ${{ needs.parse-inputs.outputs.environment }} == dev ]; then - echo "ZAP_URL=${{ secrets.ZAP_APPTMNTURL_THEQ_DEV }}" >> $GITHUB_ENV - else - echo "ZAP_URL=${{ secrets.ZAP_APPTMNTURL_THEQ_TEST }}" >> $GITHUB_ENV - fi - - - name: OWASP ZAP Scan - uses: zaproxy/action-full-scan@v0.10.0 - with: - allow_issue_writing: false - cmd_options: '-z "-config scanner.threadPerHost=20"' - target: ${{ env.ZAP_URL }} - - - name: Upload Report as Artifact - uses: actions/upload-artifact@v3 - with: - name: OWASP ZAP - Appointment Front End Report - path: report_html.html From 2de3dcfdf5786e7bc39846cadcdeb427062fbb54 Mon Sep 17 00:00:00 2001 From: josekudiyirippil Date: Thu, 12 Sep 2024 15:25:57 -0700 Subject: [PATCH 24/24] update --- .github/workflows/Vue3cicd.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/Vue3cicd.yaml b/.github/workflows/Vue3cicd.yaml index 3a012aa03..33eabb539 100644 --- a/.github/workflows/Vue3cicd.yaml +++ b/.github/workflows/Vue3cicd.yaml @@ -106,7 +106,7 @@ jobs: tag: name: Tag if: github.repository_owner == 'bcgov' - needs: [parse-inputs, appointment-frontend, feedback-api, notifications-api, queue-management-api, queue-management-frontend, send-appointment-reminder-crond] + needs: [parse-inputs, queue-management-frontend] uses: ./.github/workflows/reusable-tag-image.yaml secrets: licence-plate: ${{ needs.parse-inputs.outputs.push-qms == 'true' && secrets.LICENCE_PLATE_QMS || secrets.LICENCE_PLATE_THEQ }}