From e096f91dd5cff83c271eb4a1de6b2db655180f93 Mon Sep 17 00:00:00 2001
From: SoLetsDev <74216496+SoLetsDev@users.noreply.github.com>
Date: Tue, 15 Aug 2023 15:42:53 -0700
Subject: [PATCH 1/5] upgrade to springboot 3.0.2 and github actions.
---
.../{api.yml => ci-api-build.and.test.yml} | 37 ++--
.github/workflows/deploy-to.openshift-dev.yml | 175 ++++++++++++++++++
.../workflows/deploy-to.openshift-prod.yml | 136 ++++++++++++++
.../workflows/deploy-to.openshift-test.yml | 137 ++++++++++++++
.../tag-create.git.and.imagestream.tag.yml | 63 +++++++
Dockerfile | 4 +-
api/pom.xml | 43 ++---
...raxNotificationApiResourceApplication.java | 38 ++--
.../trax/messaging/jetstream/Subscriber.java | 2 +-
.../ca/bc/gov/educ/api/trax/model/Event.java | 6 +-
.../schedulers/PurgeOldRecordsScheduler.java | 2 +-
.../gov/educ/api/trax/struct/BaseRequest.java | 4 +-
.../gov/educ/api/trax/struct/BaseStudent.java | 8 +-
.../educ/api/trax/struct/StudentMerge.java | 2 +-
.../gov/educ/api/trax/struct/TraxStudent.java | 4 +-
api/src/main/resources/application.properties | 4 +-
tools/{jenkins => config}/update-configmap.sh | 24 +--
tools/jenkins/Jenkinsfile | 106 -----------
tools/openshift/api.bc.yaml | 73 --------
.../trax-notification-api-pipeline.yaml | 19 --
20 files changed, 603 insertions(+), 284 deletions(-)
rename .github/workflows/{api.yml => ci-api-build.and.test.yml} (50%)
create mode 100644 .github/workflows/deploy-to.openshift-dev.yml
create mode 100644 .github/workflows/deploy-to.openshift-prod.yml
create mode 100644 .github/workflows/deploy-to.openshift-test.yml
create mode 100644 .github/workflows/tag-create.git.and.imagestream.tag.yml
rename tools/{jenkins => config}/update-configmap.sh (84%)
delete mode 100644 tools/jenkins/Jenkinsfile
delete mode 100644 tools/openshift/api.bc.yaml
delete mode 100644 tools/openshift/trax-notification-api-pipeline.yaml
diff --git a/.github/workflows/api.yml b/.github/workflows/ci-api-build.and.test.yml
similarity index 50%
rename from .github/workflows/api.yml
rename to .github/workflows/ci-api-build.and.test.yml
index 72a5153..374e7b7 100644
--- a/.github/workflows/api.yml
+++ b/.github/workflows/ci-api-build.and.test.yml
@@ -1,9 +1,10 @@
name: API CI
on:
+ workflow_dispatch:
push:
branches:
- - master
+ - main
- 'feature/**'
- 'Feature/**'
- 'fix/*'
@@ -11,40 +12,54 @@ on:
paths:
- 'api/**'
pull_request:
- branches: [ master ]
+ branches: [ main ]
paths:
- 'api/**'
jobs:
quality_profile:
- runs-on: ubuntu-latest
+ runs-on: ubuntu-20.04
defaults:
run:
working-directory: api
steps:
- - uses: actions/checkout@v2
+ - uses: actions/checkout@v3
with:
fetch-depth: 0
- - uses: actions/setup-java@v1
+ - uses: actions/setup-java@v3
with:
- java-version: 11
- - uses: actions/cache@v1
+ java-version: 17
+ distribution: oracle
+ - uses: actions/cache@v3
with:
path: ~/.m2/repository
- key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
+ key: ${{ runner.os }}-maven-5Jun-${{ hashFiles('**/pom.xml') }}
restore-keys: |
- ${{ runner.os }}-maven-
+ ${{ runner.os }}-maven-5Jun-
- name: Run unit tests
- run: mvn -f pom.xml clean test
+ run: mvn -f pom.xml clean package
+ - name: Run Trivy vulnerability scanner in repo mode
+ uses: aquasecurity/trivy-action@0.2.5
+ with:
+ scan-type: 'fs'
+ ignore-unfixed: true
+ format: 'sarif'
+ output: 'trivy-results.sarif'
+ severity: 'CRITICAL'
+
+ - name: Upload Trivy scan results to GitHub Security tab
+ uses: github/codeql-action/upload-sarif@v2
+ with:
+ sarif_file: 'trivy-results.sarif'
- name: Cache SonarCloud packages
uses: actions/cache@v1
with:
path: ~/.sonar/cache
key: ${{ runner.os }}-sonar
- name: Run Sonar Analysis
- run: mvn -f pom.xml sonar:sonar
+ run: mvn sonar:sonar
-Dsonar.login=${{ secrets.SONAR_TOKEN }}
-Dsonar.host.url=https://sonarcloud.io
-Dsonar.organization=bcgov-sonarcloud
diff --git a/.github/workflows/deploy-to.openshift-dev.yml b/.github/workflows/deploy-to.openshift-dev.yml
new file mode 100644
index 0000000..2033616
--- /dev/null
+++ b/.github/workflows/deploy-to.openshift-dev.yml
@@ -0,0 +1,175 @@
+name: Build & Deploy to DEV
+
+env:
+ # 🖊️ EDIT your repository secrets to log into your OpenShift cluster and set up the context.
+ # See https://github.com/redhat-actions/oc-login#readme for how to retrieve these values.
+ # To get a permanent token, refer to https://github.com/redhat-actions/oc-login/wiki/Using-a-Service-Account-for-GitHub-Actions
+ OPENSHIFT_SERVER: ${{ secrets.OPENSHIFT_SERVER }}
+ OPENSHIFT_TOKEN: ${{ secrets.OPENSHIFT_TOKEN }}
+ OPENSHIFT_NAMESPACE_DEV: ${{ secrets.COMMON_NAMESPACE_NO_ENV }}-dev
+
+ DB_JDBC_CONNECT_STRING: ${{ secrets.DB_JDBC_CONNECT_STRING }}
+ DB_PWD: ${{ secrets.DB_PWD }}
+ DB_USER: ${{ secrets.DB_USER }}
+ SPLUNK_TOKEN: ${{ secrets.SPLUNK_TOKEN }}
+
+ CHES_CLIENT_ID: ${{ secrets.CHES_CLIENT_ID }}
+ CHES_CLIENT_SECRET: ${{ secrets.CHES_CLIENT_SECRET }}
+ CHES_TOKEN_URL: ${{ secrets.CHES_TOKEN_URL }}
+ CHES_ENDPOINT_URL: ${{ secrets.CHES_ENDPOINT_URL }}
+
+ # 🖊️ EDIT to change the image registry settings.
+ # Registries such as GHCR, Quay.io, and Docker Hub are supported.
+ IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }}
+ IMAGE_REGISTRY_USER: ${{ github.actor }}
+ IMAGE_REGISTRY_PASSWORD: ${{ github.token }}
+
+ # 🖊️ EDIT to specify custom tags for the container image, or default tags will be generated below.
+ IMAGE_TAGS: ""
+
+ SPRING_BOOT_IMAGE_NAME: trax-notification-api-main
+ DOCKER_ARTIFACTORY_REPO: artifacts.developer.gov.bc.ca/docker-remote
+ ARTIFACTORY_REPO: artifacts.developer.gov.bc.ca
+
+ APP_NAME: 'trax-notification-api'
+ REPO_NAME: "educ-trax-notification-api"
+ BRANCH: "main"
+ APP_NAME_FULL: "trax-notification-api-main"
+ NAMESPACE: ${{ secrets.COMMON_NAMESPACE_NO_ENV }}
+ COMMON_NAMESPACE: ${{ secrets.COMMON_NAMESPACE_NO_ENV }}
+ TAG: "latest"
+ MIN_REPLICAS_DEV: "1"
+ MAX_REPLICAS_DEV: "1"
+ MIN_CPU: "10m"
+ MAX_CPU: "150m"
+ MIN_MEM: "400Mi"
+ MAX_MEM: "750Mi"
+
+on:
+ push:
+ branches:
+ - main
+ workflow_dispatch:
+
+jobs:
+ build-and-deploy-dev:
+ name: Build and deploy to OpenShift DEV
+ # ubuntu-20.04 can also be used.
+ runs-on: ubuntu-20.04
+ environment: dev
+
+ outputs:
+ ROUTE: ${{ steps.deploy-and-expose.outputs.route }}
+ SELECTOR: ${{ steps.deploy-and-expose.outputs.selector }}
+
+ steps:
+ - name: Check for required secrets
+ uses: actions/github-script@v6
+ with:
+ script: |
+ const secrets = {
+ OPENSHIFT_SERVER: `${{ secrets.OPENSHIFT_SERVER }}`,
+ OPENSHIFT_TOKEN: `${{ secrets.OPENSHIFT_TOKEN }}`,
+ };
+ const GHCR = "ghcr.io";
+ if (`${{ env.IMAGE_REGISTRY }}`.startsWith(GHCR)) {
+ core.info(`Image registry is ${GHCR} - no registry password required`);
+ }
+ else {
+ core.info("A registry password is required");
+ secrets["IMAGE_REGISTRY_PASSWORD"] = `${{ secrets.IMAGE_REGISTRY_PASSWORD }}`;
+ }
+ const missingSecrets = Object.entries(secrets).filter(([ name, value ]) => {
+ if (value.length === 0) {
+ core.error(`Secret "${name}" is not set`);
+ return true;
+ }
+ core.info(`✔️ Secret "${name}" is set`);
+ return false;
+ });
+ if (missingSecrets.length > 0) {
+ core.setFailed(`❌ At least one required secret is not set in the repository. \n` +
+ "You can add it using:\n" +
+ "GitHub UI: https://docs.github.com/en/actions/reference/encrypted-secrets#creating-encrypted-secrets-for-a-repository \n" +
+ "GitHub CLI: https://cli.github.com/manual/gh_secret_set \n" +
+ "Also, refer to https://github.com/redhat-actions/oc-login#getting-started-with-the-action-or-see-example");
+ }
+ else {
+ core.info(`✅ All the required secrets are set`);
+ }
+ - name: Check out repository
+ uses: actions/checkout@v3
+
+ - name: Determine image tags
+ if: env.IMAGE_TAGS == ''
+ run: |
+ echo "IMAGE_TAGS=latest ${GITHUB_SHA::12}" | tee -a $GITHUB_ENV
+ - name: Login to Docker Hub
+ uses: docker/login-action@v2
+ with:
+ registry: ${{ env.DOCKER_ARTIFACTORY_REPO }}
+ username: ${{ secrets.DOCKER_HUB_USERNAME }}
+ password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
+
+ # https://github.com/redhat-actions/buildah-build#readme
+ - name: Build from Dockerfile
+ id: build-image
+ uses: redhat-actions/buildah-build@v2
+ with:
+ image: ${{ env.APP_NAME_FULL }}
+ tags: ${{ env.IMAGE_TAGS }}
+
+ # If you don't have a Dockerfile/Containerfile, refer to https://github.com/redhat-actions/buildah-build#scratch-build-inputs
+ # Or, perform a source-to-image build using https://github.com/redhat-actions/s2i-build
+ # Otherwise, point this to your Dockerfile/Containerfile relative to the repository root.
+ dockerfiles: |
+ ./Dockerfile
+ # https://github.com/redhat-actions/push-to-registry#readme
+ - name: Push to registry
+ id: push-image
+ uses: redhat-actions/push-to-registry@v2
+ with:
+ image: ${{ steps.build-image.outputs.image }}
+ tags: ${{ steps.build-image.outputs.tags }}
+ registry: ${{ env.IMAGE_REGISTRY }}
+ username: ${{ env.IMAGE_REGISTRY_USER }}
+ password: ${{ env.IMAGE_REGISTRY_PASSWORD }}
+
+ # The path the image was pushed to is now stored in ${{ steps.push-image.outputs.registry-path }}
+
+ - name: Install oc
+ uses: redhat-actions/openshift-tools-installer@v1
+ with:
+ oc: 4
+
+ # https://github.com/redhat-actions/oc-login#readme
+ - uses: actions/checkout@v3
+
+ - name: Deploy API
+ run: |
+ set -eu
+ # Login to OpenShift and select project
+ oc login --token=${{ env.OPENSHIFT_TOKEN }} --server=${{ env.OPENSHIFT_SERVER }}
+ oc project ${{ env.OPENSHIFT_NAMESPACE_DEV }}
+ # Cancel any rollouts in progress
+ oc rollout cancel dc/${{ env.SPRING_BOOT_IMAGE_NAME }} 2> /dev/null \
+ || true && echo "No rollout in progress"
+
+ oc tag ${{ steps.push-image.outputs.registry-path }} ${{ env.REPO_NAME }}-${{ env.BRANCH }}:${{ env.TAG }}
+
+ # Process and apply deployment template
+ oc process -f tools/openshift/api.dc.yaml -p APP_NAME=${{ env.APP_NAME }} -p REPO_NAME=${{ env.REPO_NAME }} -p BRANCH=${{ env.BRANCH }} -p NAMESPACE=${{ env.OPENSHIFT_NAMESPACE_DEV }} -p TAG=${{ env.TAG }} -p MIN_REPLICAS=${{ env.MIN_REPLICAS_DEV }} -p MAX_REPLICAS=${{ env.MAX_REPLICAS_DEV }} -p MIN_CPU=${{ env.MIN_CPU }} -p MAX_CPU=${{ env.MAX_CPU }} -p MIN_MEM=${{ env.MIN_MEM }} -p MAX_MEM=${{ env.MAX_MEM }} \
+ | oc apply -f -
+
+ curl -s https://raw.githubusercontent.com/bcgov/${{ env.REPO_NAME }}/main/tools/config/update-configmap.sh | bash /dev/stdin dev ${{ env.APP_NAME }} ${{ env.NAMESPACE }} ${{ env.COMMON_NAMESPACE }} ${{ env.DB_JDBC_CONNECT_STRING }} ${{ env.DB_PWD }} ${{ env.DB_USER }} ${{ env.SPLUNK_TOKEN }} ${{ env.CHES_CLIENT_ID }} ${{ env.CHES_CLIENT_SECRET }} ${{ env.CHES_TOKEN_URL }} ${{ env.CHES_ENDPOINT_URL }}
+
+ # Start rollout (if necessary) and follow it
+ oc rollout latest dc/${{ env.SPRING_BOOT_IMAGE_NAME }} 2> /dev/null \
+ || true && echo "Rollout in progress"
+ oc logs -f dc/${{ env.SPRING_BOOT_IMAGE_NAME }}
+ # Get status, returns 0 if rollout is successful
+ oc rollout status dc/${{ env.SPRING_BOOT_IMAGE_NAME }}
+ - name: ZAP Scan
+ uses: zaproxy/action-api-scan@v0.1.1
+ with:
+ target: 'https://${{ env.APP_NAME }}-${{ env.OPENSHIFT_NAMESPACE_DEV }}.apps.silver.devops.gov.bc.ca/v3/api-docs'
\ No newline at end of file
diff --git a/.github/workflows/deploy-to.openshift-prod.yml b/.github/workflows/deploy-to.openshift-prod.yml
new file mode 100644
index 0000000..ac44d52
--- /dev/null
+++ b/.github/workflows/deploy-to.openshift-prod.yml
@@ -0,0 +1,136 @@
+name: Deploy to PROD
+
+env:
+ # 🖊️ EDIT your repository secrets to log into your OpenShift cluster and set up the context.
+ # See https://github.com/redhat-actions/oc-login#readme for how to retrieve these values.
+ # To get a permanent token, refer to https://github.com/redhat-actions/oc-login/wiki/Using-a-Service-Account-for-GitHub-Actions
+ # Added this comment
+ OPENSHIFT_SERVER: ${{ secrets.OPENSHIFT_SERVER }}
+ OPENSHIFT_TOKEN: ${{ secrets.OPENSHIFT_TOKEN }}
+ OPENSHIFT_NAMESPACE: ${{ secrets.COMMON_NAMESPACE_NO_ENV }}-prod
+
+ DB_JDBC_CONNECT_STRING: ${{ secrets.DB_JDBC_CONNECT_STRING }}
+ DB_PWD: ${{ secrets.DB_PWD }}
+ DB_USER: ${{ secrets.DB_USER }}
+ SPLUNK_TOKEN: ${{ secrets.SPLUNK_TOKEN }}
+
+ CHES_CLIENT_ID: ${{ secrets.CHES_CLIENT_ID }}
+ CHES_CLIENT_SECRET: ${{ secrets.CHES_CLIENT_SECRET }}
+ CHES_TOKEN_URL: ${{ secrets.CHES_TOKEN_URL }}
+ CHES_ENDPOINT_URL: ${{ secrets.CHES_ENDPOINT_URL }}
+
+ # 🖊️ EDIT to change the image registry settings.
+ # Registries such as GHCR, Quay.io, and Docker Hub are supported.
+ IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }}
+ IMAGE_REGISTRY_USER: ${{ github.actor }}
+ IMAGE_REGISTRY_PASSWORD: ${{ github.token }}
+
+ SPRING_BOOT_IMAGE_NAME: trax-notification-api-main
+
+ APP_NAME: 'trax-notification-api'
+ REPO_NAME: "educ-trax-notification-api"
+ BRANCH: "main"
+ NAMESPACE: ${{ secrets.COMMON_NAMESPACE_NO_ENV }}
+ COMMON_NAMESPACE: ${{ secrets.COMMON_NAMESPACE_NO_ENV }}
+ TAG: "latest"
+ TARGET_ENV: "prod"
+ MIN_REPLICAS: "3"
+ MAX_REPLICAS: "3"
+ MIN_CPU: "25m"
+ MAX_CPU: "300m"
+ MIN_MEM: "650Mi"
+ MAX_MEM: "750Mi"
+
+on:
+ # https://docs.github.com/en/actions/reference/events-that-trigger-workflows
+ workflow_dispatch:
+
+jobs:
+ openshift-ci-cd:
+ name: Deploy to OpenShift PROD
+ # ubuntu-20.04 can also be used.
+ runs-on: ubuntu-20.04
+ environment: production
+
+ outputs:
+ ROUTE: ${{ steps.deploy-and-expose.outputs.route }}
+ SELECTOR: ${{ steps.deploy-and-expose.outputs.selector }}
+
+ steps:
+ - name: Check for required secrets
+ uses: actions/github-script@v6
+ with:
+ script: |
+ const secrets = {
+ OPENSHIFT_SERVER: `${{ secrets.OPENSHIFT_SERVER }}`,
+ OPENSHIFT_TOKEN: `${{ secrets.OPENSHIFT_TOKEN }}`,
+ };
+
+ const GHCR = "ghcr.io";
+ if (`${{ env.IMAGE_REGISTRY }}`.startsWith(GHCR)) {
+ core.info(`Image registry is ${GHCR} - no registry password required`);
+ }
+ else {
+ core.info("A registry password is required");
+ secrets["IMAGE_REGISTRY_PASSWORD"] = `${{ secrets.IMAGE_REGISTRY_PASSWORD }}`;
+ }
+
+ const missingSecrets = Object.entries(secrets).filter(([ name, value ]) => {
+ if (value.length === 0) {
+ core.error(`Secret "${name}" is not set`);
+ return true;
+ }
+ core.info(`✔️ Secret "${name}" is set`);
+ return false;
+ });
+
+ if (missingSecrets.length > 0) {
+ core.setFailed(`❌ At least one required secret is not set in the repository. \n` +
+ "You can add it using:\n" +
+ "GitHub UI: https://docs.github.com/en/actions/reference/encrypted-secrets#creating-encrypted-secrets-for-a-repository \n" +
+ "GitHub CLI: https://cli.github.com/manual/gh_secret_set \n" +
+ "Also, refer to https://github.com/redhat-actions/oc-login#getting-started-with-the-action-or-see-example");
+ }
+ else {
+ core.info(`✅ All the required secrets are set`);
+ }
+
+ - name: Check out repository
+ uses: actions/checkout@v3
+
+ - name: Get latest tag
+ uses: actions-ecosystem/action-get-latest-tag@v1
+ id: get-latest-tag
+
+ - name: Install oc
+ uses: redhat-actions/openshift-tools-installer@v1
+ with:
+ oc: 4
+
+ # https://github.com/redhat-actions/oc-login#readme
+ - uses: actions/checkout@v3
+
+ - name: Deploy
+ run: |
+ set -eux
+ # Login to OpenShift and select project
+ oc login --token=${{ env.OPENSHIFT_TOKEN }} --server=${{ env.OPENSHIFT_SERVER }}
+ oc project ${{ env.OPENSHIFT_NAMESPACE }}
+ # Cancel any rollouts in progress
+ oc rollout cancel dc/${{ env.SPRING_BOOT_IMAGE_NAME }} 2> /dev/null \
+ || true && echo "No rollout in progress"
+
+ oc tag ${{ env.NAMESPACE }}-dev/${{ env.REPO_NAME }}-${{ env.BRANCH }}:${{ steps.get-latest-tag.outputs.tag }} ${{ env.NAMESPACE }}-prod/${{ env.REPO_NAME }}-${{ env.BRANCH }}:${{ steps.get-latest-tag.outputs.tag }}
+
+ # Process and apply deployment template
+ oc process -f tools/openshift/api.dc.yaml -p APP_NAME=${{ env.APP_NAME }} -p REPO_NAME=${{ env.REPO_NAME }} -p BRANCH=${{ env.BRANCH }} -p NAMESPACE=${{ env.OPENSHIFT_NAMESPACE }} -p TAG=${{ steps.get-latest-tag.outputs.tag }} -p MIN_REPLICAS=${{ env.MIN_REPLICAS }} -p MAX_REPLICAS=${{ env.MAX_REPLICAS }} -p MIN_CPU=${{ env.MIN_CPU }} -p MAX_CPU=${{ env.MAX_CPU }} -p MIN_MEM=${{ env.MIN_MEM }} -p MAX_MEM=${{ env.MAX_MEM }} \
+ | oc apply -f -
+
+ curl -s https://raw.githubusercontent.com/bcgov/${{ env.REPO_NAME }}/${{ steps.get-latest-tag.outputs.tag }}/tools/config/update-configmap.sh | bash /dev/stdin ${{ env.TARGET_ENV }} ${{ env.APP_NAME }} ${{ env.NAMESPACE }} ${{ env.COMMON_NAMESPACE }} ${{ env.DB_JDBC_CONNECT_STRING }} ${{ env.DB_PWD }} ${{ env.DB_USER }} ${{ env.SPLUNK_TOKEN }} ${{ env.CHES_CLIENT_ID }} ${{ env.CHES_CLIENT_SECRET }} ${{ env.CHES_TOKEN_URL }} ${{ env.CHES_ENDPOINT_URL }}
+
+ # Start rollout (if necessary) and follow it
+ oc rollout latest dc/${{ env.SPRING_BOOT_IMAGE_NAME }} 2> /dev/null \
+ || true && echo "Rollout in progress"
+ oc logs -f dc/${{ env.SPRING_BOOT_IMAGE_NAME }}
+ # Get status, returns 0 if rollout is successful
+ oc rollout status dc/${{ env.SPRING_BOOT_IMAGE_NAME }}
\ No newline at end of file
diff --git a/.github/workflows/deploy-to.openshift-test.yml b/.github/workflows/deploy-to.openshift-test.yml
new file mode 100644
index 0000000..07f00d7
--- /dev/null
+++ b/.github/workflows/deploy-to.openshift-test.yml
@@ -0,0 +1,137 @@
+name: Build & Deploy to TEST
+
+env:
+ # 🖊️ EDIT your repository secrets to log into your OpenShift cluster and set up the context.
+ # See https://github.com/redhat-actions/oc-login#readme for how to retrieve these values.
+ # To get a permanent token, refer to https://github.com/redhat-actions/oc-login/wiki/Using-a-Service-Account-for-GitHub-Actions
+ OPENSHIFT_SERVER: ${{ secrets.OPENSHIFT_SERVER }}
+ OPENSHIFT_TOKEN: ${{ secrets.OPENSHIFT_TOKEN }}
+ OPENSHIFT_NAMESPACE_TEST: ${{ secrets.COMMON_NAMESPACE_NO_ENV }}-test
+
+ DB_JDBC_CONNECT_STRING: ${{ secrets.DB_JDBC_CONNECT_STRING }}
+ DB_PWD: ${{ secrets.DB_PWD }}
+ DB_USER: ${{ secrets.DB_USER }}
+ SPLUNK_TOKEN: ${{ secrets.SPLUNK_TOKEN }}
+
+ CHES_CLIENT_ID: ${{ secrets.CHES_CLIENT_ID }}
+ CHES_CLIENT_SECRET: ${{ secrets.CHES_CLIENT_SECRET }}
+ CHES_TOKEN_URL: ${{ secrets.CHES_TOKEN_URL }}
+ CHES_ENDPOINT_URL: ${{ secrets.CHES_ENDPOINT_URL }}
+
+ # 🖊️ EDIT to change the image registry settings.
+ # Registries such as GHCR, Quay.io, and Docker Hub are supported.
+ IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }}
+ IMAGE_REGISTRY_USER: ${{ github.actor }}
+ IMAGE_REGISTRY_PASSWORD: ${{ github.token }}
+
+ # 🖊️ EDIT to specify custom tags for the container image, or default tags will be generated below.
+ IMAGE_TAGS: ""
+
+ SPRING_BOOT_IMAGE_NAME: trax-notification-api-main
+ DOCKER_ARTIFACTORY_REPO: artifacts.developer.gov.bc.ca/docker-remote
+ ARTIFACTORY_REPO: artifacts.developer.gov.bc.ca
+
+ APP_NAME: 'trax-notification-api'
+ REPO_NAME: "educ-trax-notification-api"
+ BRANCH: "main"
+ APP_NAME_FULL: "trax-notification-api-main"
+ NAMESPACE: ${{ secrets.COMMON_NAMESPACE_NO_ENV }}
+ COMMON_NAMESPACE: ${{ secrets.COMMON_NAMESPACE_NO_ENV }}
+ TAG: "latest"
+ MIN_REPLICAS_TEST: "2"
+ MAX_REPLICAS_TEST: "2"
+ MIN_CPU: "10m"
+ MAX_CPU: "150m"
+ MIN_MEM: "375Mi"
+ MAX_MEM: "750Mi"
+
+on:
+ workflow_dispatch:
+
+jobs:
+
+ deploy-test:
+ name: Deploy to OpenShift TEST
+ runs-on: ubuntu-20.04
+ environment: test
+
+ outputs:
+ ROUTE: ${{ steps.deploy-and-expose.outputs.route }}
+ SELECTOR: ${{ steps.deploy-and-expose.outputs.selector }}
+
+ steps:
+ - name: Check for required secrets
+ uses: actions/github-script@v6
+ with:
+ script: |
+ const secrets = {
+ OPENSHIFT_SERVER: `${{ secrets.OPENSHIFT_SERVER }}`,
+ OPENSHIFT_TOKEN: `${{ secrets.OPENSHIFT_TOKEN }}`,
+ };
+
+ const GHCR = "ghcr.io";
+ if (`${{ env.IMAGE_REGISTRY }}`.startsWith(GHCR)) {
+ core.info(`Image registry is ${GHCR} - no registry password required`);
+ }
+ else {
+ core.info("A registry password is required");
+ secrets["IMAGE_REGISTRY_PASSWORD"] = `${{ secrets.IMAGE_REGISTRY_PASSWORD }}`;
+ }
+
+ const missingSecrets = Object.entries(secrets).filter(([ name, value ]) => {
+ if (value.length === 0) {
+ core.error(`Secret "${name}" is not set`);
+ return true;
+ }
+ core.info(`✔️ Secret "${name}" is set`);
+ return false;
+ });
+
+ if (missingSecrets.length > 0) {
+ core.setFailed(`❌ At least one required secret is not set in the repository. \n` +
+ "You can add it using:\n" +
+ "GitHub UI: https://docs.github.com/en/actions/reference/encrypted-secrets#creating-encrypted-secrets-for-a-repository \n" +
+ "GitHub CLI: https://cli.github.com/manual/gh_secret_set \n" +
+ "Also, refer to https://github.com/redhat-actions/oc-login#getting-started-with-the-action-or-see-example");
+ }
+ else {
+ core.info(`✅ All the required secrets are set`);
+ }
+
+ - name: Check out repository
+ uses: actions/checkout@v3
+
+ - name: Install oc
+ uses: redhat-actions/openshift-tools-installer@v1
+ with:
+ oc: 4
+
+ - name: Deploy API
+ run: |
+ set -eu
+ # Login to OpenShift and select project
+ oc login --token=${{ env.OPENSHIFT_TOKEN }} --server=${{ env.OPENSHIFT_SERVER }}
+ oc project ${{ env.OPENSHIFT_NAMESPACE_TEST }}
+ # Cancel any rollouts in progress
+ oc rollout cancel dc/${{ env.SPRING_BOOT_IMAGE_NAME }} 2> /dev/null \
+ || true && echo "No rollout in progress"
+
+ oc tag ${{ env.NAMESPACE }}-dev/${{ env.REPO_NAME }}-${{ env.BRANCH }}:${{ env.TAG }} ${{ env.NAMESPACE }}-test/${{ env.REPO_NAME }}-${{ env.BRANCH }}:${{ env.TAG }}
+
+ # Process and apply deployment template
+ oc process -f tools/openshift/api.dc.yaml -p APP_NAME=${{ env.APP_NAME }} -p REPO_NAME=${{ env.REPO_NAME }} -p BRANCH=${{ env.BRANCH }} -p NAMESPACE=${{ env.OPENSHIFT_NAMESPACE_TEST }} -p TAG=${{ env.TAG }} -p MIN_REPLICAS=${{ env.MIN_REPLICAS_TEST }} -p MAX_REPLICAS=${{ env.MAX_REPLICAS_TEST }} -p MIN_CPU=${{ env.MIN_CPU }} -p MAX_CPU=${{ env.MAX_CPU }} -p MIN_MEM=${{ env.MIN_MEM }} -p MAX_MEM=${{ env.MAX_MEM }} \
+ | oc apply -f -
+
+ curl -s https://raw.githubusercontent.com/bcgov/${{ env.REPO_NAME }}/main/tools/config/update-configmap.sh | bash /dev/stdin test ${{ env.APP_NAME }} ${{ env.NAMESPACE }} ${{ env.COMMON_NAMESPACE }} ${{ env.DB_JDBC_CONNECT_STRING }} ${{ env.DB_PWD }} ${{ env.DB_USER }} ${{ env.SPLUNK_TOKEN }} ${{ env.CHES_CLIENT_ID }} ${{ env.CHES_CLIENT_SECRET }} ${{ env.CHES_TOKEN_URL }} ${{ env.CHES_ENDPOINT_URL }}
+
+ # Start rollout (if necessary) and follow it
+ oc rollout latest dc/${{ env.SPRING_BOOT_IMAGE_NAME }} 2> /dev/null \
+ || true && echo "Rollout in progress"
+ oc logs -f dc/${{ env.SPRING_BOOT_IMAGE_NAME }}
+ # Get status, returns 0 if rollout is successful
+ oc rollout status dc/${{ env.SPRING_BOOT_IMAGE_NAME }}
+
+ - name: ZAP Scan
+ uses: zaproxy/action-api-scan@v0.1.1
+ with:
+ target: 'https://${{ env.APP_NAME }}-${{ env.OPENSHIFT_NAMESPACE_TEST }}.apps.silver.devops.gov.bc.ca/v3/api-docs'
\ No newline at end of file
diff --git a/.github/workflows/tag-create.git.and.imagestream.tag.yml b/.github/workflows/tag-create.git.and.imagestream.tag.yml
new file mode 100644
index 0000000..1e95aef
--- /dev/null
+++ b/.github/workflows/tag-create.git.and.imagestream.tag.yml
@@ -0,0 +1,63 @@
+name: Create Tag
+
+env:
+ # 🖊️ EDIT your repository secrets to log into your OpenShift cluster and set up the context.
+ # See https://github.com/redhat-actions/oc-login#readme for how to retrieve these values.
+ # To get a permanent token, refer to https://github.com/redhat-actions/oc-login/wiki/Using-a-Service-Account-for-GitHub-Actions
+ OPENSHIFT_SERVER: ${{ secrets.OPENSHIFT_SERVER }}
+ OPENSHIFT_TOKEN: ${{ secrets.OPENSHIFT_TOKEN }}
+ OPENSHIFT_NAMESPACE: ${{ secrets.COMMON_NAMESPACE_NO_ENV }}-dev
+
+ REPO_NAME: "educ-trax-notification-api"
+ BRANCH: "main"
+ NAMESPACE: ${{ secrets.COMMON_NAMESPACE_NO_ENV }}
+
+on:
+ # https://docs.github.com/en/actions/reference/events-that-trigger-workflows
+ workflow_dispatch:
+ inputs:
+ version:
+ description: 'Version Number'
+ required: true
+
+jobs:
+ openshift-ci-cd:
+ name: Tag Image
+ # ubuntu-latest can also be used.
+ runs-on: ubuntu-22.04
+ environment: dev
+
+ outputs:
+ ROUTE: ${{ steps.deploy-and-expose.outputs.route }}
+ SELECTOR: ${{ steps.deploy-and-expose.outputs.selector }}
+
+ steps:
+ - name: Check out repository
+ uses: actions/checkout@v3
+
+ - name: Create tag
+ uses: actions/github-script@v6
+ with:
+ script: |
+ github.rest.git.createRef({
+ owner: context.repo.owner,
+ repo: context.repo.repo,
+ ref: 'refs/tags/${{ github.event.inputs.version }}',
+ sha: context.sha
+ })
+
+ - name: Install oc
+ uses: redhat-actions/openshift-tools-installer@v1
+ with:
+ oc: 4
+
+ # https://github.com/redhat-actions/oc-login#readme
+ - uses: actions/checkout@v3
+ - name: Tag in OpenShift
+ run: |
+ set -eux
+ # Login to OpenShift and select project
+ oc login --token=${{ env.OPENSHIFT_TOKEN }} --server=${{ env.OPENSHIFT_SERVER }}
+ oc project ${{ env.OPENSHIFT_NAMESPACE }}
+
+ oc tag ${{ env.NAMESPACE }}-dev/${{ env.REPO_NAME }}-${{ env.BRANCH }}:latest ${{ env.NAMESPACE }}-dev/${{ env.REPO_NAME }}-${{ env.BRANCH }}:${{ github.event.inputs.version }}
diff --git a/Dockerfile b/Dockerfile
index e16df50..38053d0 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM artifacts.developer.gov.bc.ca/docker-remote/maven:3-jdk-11 as build
+FROM artifacts.developer.gov.bc.ca/docker-remote/maven:3.8.5-openjdk-17 as build
WORKDIR /workspace/app
COPY api/pom.xml .
@@ -6,7 +6,7 @@ COPY api/src src
RUN mvn package -DskipTests
RUN mkdir -p target/dependency && (cd target/dependency; jar -xf ../*.jar)
-FROM artifacts.developer.gov.bc.ca/docker-remote/openjdk:11-jdk
+FROM artifacts.developer.gov.bc.ca/docker-remote/openjdk:17.0.2-jdk-oracle
RUN useradd -ms /bin/bash spring
RUN mkdir -p /logs
RUN chown -R spring:spring /logs
diff --git a/api/pom.xml b/api/pom.xml
index cf87492..ebfb125 100644
--- a/api/pom.xml
+++ b/api/pom.xml
@@ -22,17 +22,17 @@
src/main/java/ca/bc/gov/educ/api/trax/helpers/**,
src/main/java/ca/bc/gov/educ/api/trax/TraxNotificationApiResourceApplication.java,
- 11
+ 17
- 3.8.0
+ 3.10.1
${java.version}
${java.version}
- 1.4.1.Final
+ 1.5.3.Final
4.20.0
- 1.5.4
- 1.18.12
+ 1.6.8
+ 1.18.24
2.11.0
- 12.2.0.1
+ 21.3.0.0
30.1.1-jre
2.17.1
@@ -40,7 +40,7 @@
org.springframework.boot
spring-boot-starter-parent
- 2.4.3
+ 3.0.2
@@ -91,8 +91,8 @@
spring-boot-starter-validation
- javax.persistence
- javax.persistence-api
+ jakarta.persistence
+ jakarta.persistence-api
org.springframework.boot
@@ -110,19 +110,14 @@
flyway-core
- com.oracle.jdbc
- ojdbc8
+ com.oracle.database.jdbc
+ ojdbc11
${ojdbc.version}
org.springdoc
- springdoc-openapi-webmvc-core
- ${springdoc.version}
-
-
- org.springdoc
- springdoc-openapi-ui
- ${springdoc.version}
+ springdoc-openapi-starter-webmvc-ui
+ 2.0.4
org.mapstruct
@@ -222,7 +217,7 @@
org.jacoco
jacoco-maven-plugin
- 0.8.4
+ 0.8.8
org.hibernate.orm.tooling
@@ -277,16 +272,16 @@
${java.version}
${java.version}
-
- org.mapstruct
- mapstruct-processor
- ${org.mapstruct.version}
-
org.projectlombok
lombok
${lombok.version}
+
+ org.mapstruct
+ mapstruct-processor
+ ${org.mapstruct.version}
+
org.springframework
spring-context-indexer
diff --git a/api/src/main/java/ca/bc/gov/educ/api/trax/TraxNotificationApiResourceApplication.java b/api/src/main/java/ca/bc/gov/educ/api/trax/TraxNotificationApiResourceApplication.java
index 8eca211..0ff15fd 100644
--- a/api/src/main/java/ca/bc/gov/educ/api/trax/TraxNotificationApiResourceApplication.java
+++ b/api/src/main/java/ca/bc/gov/educ/api/trax/TraxNotificationApiResourceApplication.java
@@ -12,18 +12,18 @@
import org.springframework.jdbc.core.JdbcTemplate;
import org.springframework.retry.annotation.EnableRetry;
import org.springframework.scheduling.annotation.EnableScheduling;
-import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
+import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.builders.WebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
-import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
+import org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer;
+import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.web.SecurityFilterChain;
import org.springframework.transaction.PlatformTransactionManager;
/**
* The type Trax notification api resource application.
*/
@SpringBootApplication
-@EnableGlobalMethodSecurity(prePostEnabled = true)
@EnableCaching
@EnableScheduling
@EnableRetry
@@ -55,29 +55,29 @@ public LockProvider lockProvider(@Autowired final JdbcTemplate jdbcTemplate, @Au
* The type Web security configuration.
*/
@Configuration
+ @EnableMethodSecurity
static
- class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
+ class WebSecurityConfiguration {
/**
* Instantiates a new Web security configuration.
*/
public WebSecurityConfiguration() {
super();
- SecurityContextHolder.setStrategyName(SecurityContextHolder.MODE_INHERITABLETHREADLOCAL);
}
- @Override
- public void configure(final WebSecurity web) {
- web.ignoring().antMatchers("/v3/api-docs/**",
- "/actuator/health", "/actuator/prometheus",
- "/swagger-ui/**", "/health");
- }
-
- @Override
- protected void configure(final HttpSecurity http) throws Exception {
+ @Bean
+ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http
- .authorizeRequests()
- .anyRequest().authenticated().and()
- .oauth2ResourceServer().jwt();
+ .csrf(AbstractHttpConfigurer::disable)
+ .authorizeHttpRequests(auth -> auth
+ .requestMatchers("/v3/api-docs/**",
+ "/actuator/health", "/actuator/prometheus","/actuator/**",
+ "/swagger-ui/**").permitAll()
+ .anyRequest().authenticated()
+ )
+ .sessionManagement(sess -> sess.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
+ .oauth2ResourceServer(OAuth2ResourceServerConfigurer::jwt);
+ return http.build();
}
}
}
diff --git a/api/src/main/java/ca/bc/gov/educ/api/trax/messaging/jetstream/Subscriber.java b/api/src/main/java/ca/bc/gov/educ/api/trax/messaging/jetstream/Subscriber.java
index 9f2296d..ae8be66 100644
--- a/api/src/main/java/ca/bc/gov/educ/api/trax/messaging/jetstream/Subscriber.java
+++ b/api/src/main/java/ca/bc/gov/educ/api/trax/messaging/jetstream/Subscriber.java
@@ -18,7 +18,7 @@
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
-import javax.annotation.PostConstruct;
+import jakarta.annotation.PostConstruct;
import java.io.IOException;
import java.util.*;
diff --git a/api/src/main/java/ca/bc/gov/educ/api/trax/model/Event.java b/api/src/main/java/ca/bc/gov/educ/api/trax/model/Event.java
index 5b04a6b..ecd6795 100644
--- a/api/src/main/java/ca/bc/gov/educ/api/trax/model/Event.java
+++ b/api/src/main/java/ca/bc/gov/educ/api/trax/model/Event.java
@@ -4,9 +4,9 @@
import org.hibernate.annotations.DynamicUpdate;
import org.hibernate.annotations.GenericGenerator;
-import javax.persistence.*;
-import javax.validation.constraints.NotNull;
-import javax.validation.constraints.PastOrPresent;
+import jakarta.persistence.*;
+import jakarta.validation.constraints.NotNull;
+import jakarta.validation.constraints.PastOrPresent;
import java.nio.charset.StandardCharsets;
import java.time.LocalDateTime;
import java.util.UUID;
diff --git a/api/src/main/java/ca/bc/gov/educ/api/trax/schedulers/PurgeOldRecordsScheduler.java b/api/src/main/java/ca/bc/gov/educ/api/trax/schedulers/PurgeOldRecordsScheduler.java
index a0b2dfd..f3c1cb8 100644
--- a/api/src/main/java/ca/bc/gov/educ/api/trax/schedulers/PurgeOldRecordsScheduler.java
+++ b/api/src/main/java/ca/bc/gov/educ/api/trax/schedulers/PurgeOldRecordsScheduler.java
@@ -10,7 +10,7 @@
import org.springframework.scheduling.annotation.Scheduled;
import org.springframework.stereotype.Component;
-import javax.transaction.Transactional;
+import jakarta.transaction.Transactional;
import java.time.LocalDateTime;
import static lombok.AccessLevel.PRIVATE;
diff --git a/api/src/main/java/ca/bc/gov/educ/api/trax/struct/BaseRequest.java b/api/src/main/java/ca/bc/gov/educ/api/trax/struct/BaseRequest.java
index 3827618..ce27536 100644
--- a/api/src/main/java/ca/bc/gov/educ/api/trax/struct/BaseRequest.java
+++ b/api/src/main/java/ca/bc/gov/educ/api/trax/struct/BaseRequest.java
@@ -4,8 +4,8 @@
import lombok.Data;
import lombok.NoArgsConstructor;
-import javax.validation.constraints.Null;
-import javax.validation.constraints.Size;
+import jakarta.validation.constraints.Null;
+import jakarta.validation.constraints.Size;
/**
* The type Base request.
diff --git a/api/src/main/java/ca/bc/gov/educ/api/trax/struct/BaseStudent.java b/api/src/main/java/ca/bc/gov/educ/api/trax/struct/BaseStudent.java
index 9ae4f27..f2a3b48 100644
--- a/api/src/main/java/ca/bc/gov/educ/api/trax/struct/BaseStudent.java
+++ b/api/src/main/java/ca/bc/gov/educ/api/trax/struct/BaseStudent.java
@@ -5,10 +5,10 @@
import lombok.EqualsAndHashCode;
import lombok.NoArgsConstructor;
-import javax.validation.constraints.Email;
-import javax.validation.constraints.NotNull;
-import javax.validation.constraints.Pattern;
-import javax.validation.constraints.Size;
+import jakarta.validation.constraints.Email;
+import jakarta.validation.constraints.NotNull;
+import jakarta.validation.constraints.Pattern;
+import jakarta.validation.constraints.Size;
/**
* The type Base student.
diff --git a/api/src/main/java/ca/bc/gov/educ/api/trax/struct/StudentMerge.java b/api/src/main/java/ca/bc/gov/educ/api/trax/struct/StudentMerge.java
index 035c4d4..08388c5 100644
--- a/api/src/main/java/ca/bc/gov/educ/api/trax/struct/StudentMerge.java
+++ b/api/src/main/java/ca/bc/gov/educ/api/trax/struct/StudentMerge.java
@@ -6,7 +6,7 @@
import lombok.EqualsAndHashCode;
import lombok.NoArgsConstructor;
-import javax.validation.constraints.NotNull;
+import jakarta.validation.constraints.NotNull;
import java.io.Serializable;
/**
diff --git a/api/src/main/java/ca/bc/gov/educ/api/trax/struct/TraxStudent.java b/api/src/main/java/ca/bc/gov/educ/api/trax/struct/TraxStudent.java
index 5a413e6..f7970c6 100644
--- a/api/src/main/java/ca/bc/gov/educ/api/trax/struct/TraxStudent.java
+++ b/api/src/main/java/ca/bc/gov/educ/api/trax/struct/TraxStudent.java
@@ -6,8 +6,8 @@
import lombok.Data;
import lombok.NoArgsConstructor;
-import javax.validation.constraints.NotNull;
-import javax.validation.constraints.Size;
+import jakarta.validation.constraints.NotNull;
+import jakarta.validation.constraints.Size;
import java.io.Serializable;
/**
diff --git a/api/src/main/resources/application.properties b/api/src/main/resources/application.properties
index f886ceb..88c06b8 100644
--- a/api/src/main/resources/application.properties
+++ b/api/src/main/resources/application.properties
@@ -8,14 +8,14 @@ spring.mvc.log-request-details=${SPRING_SHOW_REQUEST_DETAILS}
spring.datasource.url=${JDBC_URL}
spring.datasource.username=${ORACLE_USERNAME}
spring.datasource.password=${ORACLE_PASSWORD}
-spring.jpa.database-platform=org.hibernate.dialect.Oracle12cDialect
+spring.jpa.database-platform=org.hibernate.dialect.OracleDialect
spring.jpa.hibernate.ddl-auto=none
#So that unexpected request body parameters cause error
spring.jackson.deserialization.fail-on-unknown-properties=false
management.endpoint.metrics.enabled=true
management.endpoints.web.exposure.include=*
management.endpoint.prometheus.enabled=true
-management.metrics.export.prometheus.enabled=true
+management.prometheus.metrics.export.enabled=true
spring.datasource.hikari.max-lifetime=120000
spring.jmx.enabled=false
logging.file.name=/logs/app.log
diff --git a/tools/jenkins/update-configmap.sh b/tools/config/update-configmap.sh
similarity index 84%
rename from tools/jenkins/update-configmap.sh
rename to tools/config/update-configmap.sh
index c6c7b32..b609c4a 100644
--- a/tools/jenkins/update-configmap.sh
+++ b/tools/config/update-configmap.sh
@@ -1,7 +1,15 @@
envValue=$1
APP_NAME=$2
OPENSHIFT_NAMESPACE=$3
-APP_NAME_UPPER=${APP_NAME^^}
+COMMON_NAMESPACE=$4
+DB_JDBC_CONNECT_STRING=$5
+DB_PWD=$6
+DB_USER=$7
+SPLUNK_TOKEN=$8
+CHES_CLIENT_ID=$9
+CHES_CLIENT_SECRET=${10}
+CHES_TOKEN_URL=${11}
+CHES_ENDPOINT_URL=${12}
TZVALUE="America/Vancouver"
SOAM_KC_REALM_ID="master"
@@ -9,14 +17,7 @@ SOAM_KC_REALM_ID="master"
SOAM_KC=soam-$envValue.apps.silver.devops.gov.bc.ca
SOAM_KC_LOAD_USER_ADMIN=$(oc -n "$OPENSHIFT_NAMESPACE"-"$envValue" -o json get secret sso-admin-${envValue} | sed -n 's/.*"username": "\(.*\)"/\1/p' | base64 --decode)
SOAM_KC_LOAD_USER_PASS=$(oc -n "$OPENSHIFT_NAMESPACE"-"$envValue" -o json get secret sso-admin-${envValue} | sed -n 's/.*"password": "\(.*\)",/\1/p' | base64 --decode)
-CHES_CLIENT_ID=$(oc -n "$OPENSHIFT_NAMESPACE"-"$envValue" -o json get configmaps ${APP_NAME}-${envValue}-setup-config | sed -n "s/.*\"CHES_CLIENT_ID\": \"\(.*\)\",/\1/p")
-CHES_CLIENT_SECRET=$(oc -n "$OPENSHIFT_NAMESPACE"-"$envValue" -o json get configmaps ${APP_NAME}-${envValue}-setup-config | sed -n "s/.*\"CHES_CLIENT_SECRET\": \"\(.*\)\",/\1/p")
-CHES_TOKEN_URL=$(oc -n "$OPENSHIFT_NAMESPACE"-"$envValue" -o json get configmaps ${APP_NAME}-${envValue}-setup-config | sed -n "s/.*\"CHES_TOKEN_URL\": \"\(.*\)\",/\1/p")
-CHES_ENDPOINT_URL=$(oc -n "$OPENSHIFT_NAMESPACE"-"$envValue" -o json get configmaps ${APP_NAME}-${envValue}-setup-config | sed -n "s/.*\"CHES_ENDPOINT_URL\": \"\(.*\)\",/\1/p")
-DB_JDBC_CONNECT_STRING=$(oc -n "$OPENSHIFT_NAMESPACE"-"$envValue" -o json get configmaps ${APP_NAME}-${envValue}-setup-config | sed -n 's/.*"DB_JDBC_CONNECT_STRING": "\(.*\)",/\1/p')
-DB_PWD=$(oc -n "$OPENSHIFT_NAMESPACE"-"$envValue" -o json get configmaps ${APP_NAME}-${envValue}-setup-config | sed -n "s/.*\"DB_PWD_${APP_NAME_UPPER}\": \"\(.*\)\",/\1/p")
-DB_USER=$(oc -n "$OPENSHIFT_NAMESPACE"-"$envValue" -o json get configmaps "${APP_NAME}"-"${envValue}"-setup-config | sed -n "s/.*\"DB_USER_${APP_NAME_UPPER}\": \"\(.*\)\",/\1/p")
-SPLUNK_TOKEN=$(oc -n "$OPENSHIFT_NAMESPACE"-"$envValue" -o json get configmaps "${APP_NAME}"-"${envValue}"-setup-config | sed -n "s/.*\"SPLUNK_TOKEN_${APP_NAME_UPPER}\": \"\(.*\)\"/\1/p")
+
NATS_CLUSTER=educ_nats_cluster
NATS_URL="nats://nats.${OPENSHIFT_NAMESPACE}-${envValue}.svc.cluster.local:4222"
@@ -101,11 +102,6 @@ PARSER_CONFIG="
Name docker
Format json
"
-if [ "$envValue" = "tools" ]; then
- PEN_COORDINATOR_EMAIL=om@gmail.com
- TO_EMAIL=aditya.sharma@gov.bc.ca
-fi
-
if [ "$envValue" = "dev" ]; then
PEN_COORDINATOR_EMAIL=om@gmail.com
TO_EMAIL=aditya.sharma@gov.bc.ca
diff --git a/tools/jenkins/Jenkinsfile b/tools/jenkins/Jenkinsfile
deleted file mode 100644
index 62571a3..0000000
--- a/tools/jenkins/Jenkinsfile
+++ /dev/null
@@ -1,106 +0,0 @@
-pipeline{
- agent any
- environment{
- extJSHelper = '';
- DEBUG_OUTPUT = 'false'
-
- NAMESPACE='75e61b'
- TOOLS = "${NAMESPACE}-tools"
- DEV = "${NAMESPACE}-dev"
-
- APP_NAME = 'trax-notification-api'
- REPO_NAME = "educ-${APP_NAME}"
- OWNER = 'bcgov'
- JOB_NAME = 'main'
- TAG = 'latest'
- TARGET_ENV = 'dev'
- STAGING_ENV = 'Dev'
- TARGET_ENVIRONMENT = "${NAMESPACE}-${TARGET_ENV}"
-
- APP_DOMAIN = 'apps.silver.devops.gov.bc.ca'
- SOURCE_REPO_REF = 'main'
- SOURCE_REPO_URL = 'https://github.com/${OWNER}/${REPO_NAME}.git'
- DC_URL = "https://raw.githubusercontent.com/${OWNER}/${REPO_NAME}/${SOURCE_REPO_REF}/tools/openshift/api.dc.yaml"
- MIN_REPLICAS = "1"
- MAX_REPLICAS = "1"
- MIN_CPU = "50m"
- MAX_CPU = "150m"
- MIN_MEM = "400Mi"
- MAX_MEM = "750Mi"
- }
- stages{
- stage('Initialize') {
- steps {
- script {
- if(DEBUG_OUTPUT.equalsIgnoreCase('true')) {
- // Force OpenShift Plugin directives to be verbose
- openshift.logLevel(1)
-
- // Print all environment variables
- echo 'DEBUG - All pipeline environment variables:'
- echo sh(returnStdout: true, script: 'env')
- }
- sh "wget -O - https://raw.githubusercontent.com/bcgov/EDUC-INFRA-COMMON/master/openshift/common-deployment/deployHelpers.js > deployHelpers.js"
- extJSHelper = evaluate readFile('deployHelpers.js')
- }
- }
- }
- stage('Build App') {
- steps {
- script {
- openshift.withCluster() {
- openshift.withProject(TOOLS) {
- try {
- echo "Building API..."
- def bcBackend = openshift.process('-f', 'https://raw.githubusercontent.com/${OWNER}/${REPO_NAME}/main/tools/openshift/api.bc.yaml', "REPO_NAME=${REPO_NAME}-${JOB_NAME}", "JOB_NAME=${JOB_NAME}", "SOURCE_REPO_URL=${SOURCE_REPO_URL}", "SOURCE_REPO_REF=${SOURCE_REPO_REF}")
- openshift.apply(bcBackend).narrow('bc').startBuild('-w').logs('-f')
-
- openshift.tag("${REPO_NAME}-${JOB_NAME}:latest", "${REPO_NAME}-${JOB_NAME}:${JOB_NAME}")
- } catch (e) {
- echo "API build failed"
- throw e
- }
- }
- }
- }
- }
- post {
- success {
- echo 'Cleanup BuildConfigs'
- script {
- openshift.withCluster() {
- openshift.withProject(TOOLS) {
- def bcApi = openshift.selector('bc', "${REPO_NAME}-${JOB_NAME}")
-
- if(bcApi.exists()) {
- echo "Removing BuildConfig ${REPO_NAME}-${JOB_NAME}"
- bcApi.delete()
- }
- }
- }
- }
- }
- failure {
- echo 'Build stage failed'
- }
- }
- }
- stage('Promote and configure DEV') {
- steps{
- script{
- extJSHelper.performTraxNotificationApiDeploy(STAGING_ENV, TARGET_ENVIRONMENT, REPO_NAME, APP_NAME, JOB_NAME, TAG, TOOLS, TARGET_ENVIRONMENT, APP_DOMAIN, DC_URL, MIN_REPLICAS, MAX_REPLICAS, MIN_CPU, MAX_CPU, MIN_MEM, MAX_MEM, TARGET_ENV, NAMESPACE)
- }
- }
- post{
- success{
- echo 'Deployment to Dev was successful'
- }
- failure{
- echo 'Deployment to Dev failed'
- }
- }
- }
- }
-}
-
-
diff --git a/tools/openshift/api.bc.yaml b/tools/openshift/api.bc.yaml
deleted file mode 100644
index d4048bf..0000000
--- a/tools/openshift/api.bc.yaml
+++ /dev/null
@@ -1,73 +0,0 @@
----
-apiVersion: template.openshift.io/v1
-kind: Template
-labels:
- template: '${REPO_NAME}-template'
-metadata:
- name: '${REPO_NAME}-bc'
-objects:
- - apiVersion: v1
- kind: ImageStream
- metadata:
- annotations:
- openshift.io/generated-by: OpenShiftNewBuild
- creationTimestamp:
- labels:
- build: "${REPO_NAME}"
- name: "${REPO_NAME}"
- spec:
- lookupPolicy:
- local: false
- - apiVersion: v1
- kind: BuildConfig
- metadata:
- annotations:
- openshift.io/generated-by: OpenShiftNewBuild
- creationTimestamp:
- labels:
- build: "${REPO_NAME}"
- name: "${REPO_NAME}"
- spec:
- completionDeadlineSeconds: 1200
- successfulBuildsHistoryLimit: 3
- failedBuildsHistoryLimit: 3
- nodeSelector:
- output:
- to:
- kind: ImageStreamTag
- name: "${REPO_NAME}:latest"
- postCommit: { }
- resources:
- requests:
- cpu: 500m
- memory: 2Gi
- limits:
- cpu: 4000m
- memory: 4Gi
- runPolicy: SerialLatestOnly
- source:
- git:
- ref: "${SOURCE_REPO_REF}"
- uri: "${SOURCE_REPO_URL}"
- type: Git
- strategy:
- dockerStrategy:
- pullSecret:
- name: artifactory-creds
- env:
- - name: BUILD_LOGLEVEL
- value: '2'
- type: Docker
-parameters:
- - name: REPO_NAME
- description: Application repository name
- required: true
- - name: JOB_NAME
- description: Job identifier (i.e. 'pr-5' OR 'master')
- required: true
- - name: SOURCE_REPO_REF
- description: Git Pull Request Reference (i.e. 'pull/CHANGE_ID/head')
- required: true
- - name: SOURCE_REPO_URL
- description: Git Repository URL
- required: true
diff --git a/tools/openshift/trax-notification-api-pipeline.yaml b/tools/openshift/trax-notification-api-pipeline.yaml
deleted file mode 100644
index c873d17..0000000
--- a/tools/openshift/trax-notification-api-pipeline.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
----
-apiVersion: template.openshift.io/v1
-kind: Template
-labels:
- template: trax-notification-api-pipeline
-metadata:
- name: trax-notification-api-pipeline
-objects:
- - apiVersion: v1
- kind: BuildConfig
- metadata:
- name: "trax-notification-api-pipeline"
- spec:
- source:
- git:
- uri: "https://github.com/bcgov/EDUC-TRAX-NOTIFICATION-API"
- strategy:
- jenkinsPipelineStrategy:
- jenkinsfilePath: tools/jenkins/Jenkinsfile
From 2d2232a1869e682702429f628d657cd8c3b08f20 Mon Sep 17 00:00:00 2001
From: SoLetsDev <74216496+SoLetsDev@users.noreply.github.com>
Date: Tue, 15 Aug 2023 15:51:22 -0700
Subject: [PATCH 2/5] changing back to master branch to fix ci/cd
---
.github/workflows/ci-api-build.and.test.yml | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/.github/workflows/ci-api-build.and.test.yml b/.github/workflows/ci-api-build.and.test.yml
index 374e7b7..9838b54 100644
--- a/.github/workflows/ci-api-build.and.test.yml
+++ b/.github/workflows/ci-api-build.and.test.yml
@@ -4,7 +4,7 @@ on:
workflow_dispatch:
push:
branches:
- - main
+ - master
- 'feature/**'
- 'Feature/**'
- 'fix/*'
@@ -12,7 +12,7 @@ on:
paths:
- 'api/**'
pull_request:
- branches: [ main ]
+ branches: [ master ]
paths:
- 'api/**'
jobs:
From d6deb4ba95604476c4f79c26455e9fab655100a5 Mon Sep 17 00:00:00 2001
From: SoLetsDev <74216496+SoLetsDev@users.noreply.github.com>
Date: Wed, 16 Aug 2023 08:06:01 -0700
Subject: [PATCH 3/5] reverting back to main from master fro ci/cd
---
.github/workflows/ci-api-build.and.test.yml | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/.github/workflows/ci-api-build.and.test.yml b/.github/workflows/ci-api-build.and.test.yml
index 9838b54..374e7b7 100644
--- a/.github/workflows/ci-api-build.and.test.yml
+++ b/.github/workflows/ci-api-build.and.test.yml
@@ -4,7 +4,7 @@ on:
workflow_dispatch:
push:
branches:
- - master
+ - main
- 'feature/**'
- 'Feature/**'
- 'fix/*'
@@ -12,7 +12,7 @@ on:
paths:
- 'api/**'
pull_request:
- branches: [ master ]
+ branches: [ main ]
paths:
- 'api/**'
jobs:
From b9e337421c485512f346a4101d5a529273e3ab5a Mon Sep 17 00:00:00 2001
From: SoLetsDev <74216496+SoLetsDev@users.noreply.github.com>
Date: Wed, 16 Aug 2023 08:32:04 -0700
Subject: [PATCH 4/5] removing 5jun from ci-api-build.and.test.yml. Copied this
example https://github.com/actions/cache/blob/main/examples.md#java---maven
---
.github/workflows/ci-api-build.and.test.yml | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/.github/workflows/ci-api-build.and.test.yml b/.github/workflows/ci-api-build.and.test.yml
index 374e7b7..127cc56 100644
--- a/.github/workflows/ci-api-build.and.test.yml
+++ b/.github/workflows/ci-api-build.and.test.yml
@@ -35,9 +35,9 @@ jobs:
- uses: actions/cache@v3
with:
path: ~/.m2/repository
- key: ${{ runner.os }}-maven-5Jun-${{ hashFiles('**/pom.xml') }}
+ key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
restore-keys: |
- ${{ runner.os }}-maven-5Jun-
+ ${{ runner.os }}-maven-
- name: Run unit tests
run: mvn -f pom.xml clean package
- name: Run Trivy vulnerability scanner in repo mode
From 3b126c9b9097c7f1949a644e323478783cb74fe0 Mon Sep 17 00:00:00 2001
From: SoLetsDev <74216496+SoLetsDev@users.noreply.github.com>
Date: Thu, 17 Aug 2023 14:41:14 -0700
Subject: [PATCH 5/5] changing outdated emails in updateconfigmap
---
tools/config/update-configmap.sh | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/tools/config/update-configmap.sh b/tools/config/update-configmap.sh
index b609c4a..baa7eb6 100644
--- a/tools/config/update-configmap.sh
+++ b/tools/config/update-configmap.sh
@@ -103,13 +103,13 @@ PARSER_CONFIG="
Format json
"
if [ "$envValue" = "dev" ]; then
- PEN_COORDINATOR_EMAIL=om@gmail.com
- TO_EMAIL=aditya.sharma@gov.bc.ca
+ PEN_COORDINATOR_EMAIL=dev.pens.coordinator@no-reply.gov.bc.ca
+ TO_EMAIL=EDUCDO@Victoria1.gov.bc.ca
fi
if [ "$envValue" = "test" ]; then
- PEN_COORDINATOR_EMAIL=om@gmail.com
- TO_EMAIL=aditya.sharma@gov.bc.ca
+ PEN_COORDINATOR_EMAIL=test.pens.coordinator@no-reply.gov.bc.ca
+ TO_EMAIL=EDUCDO@Victoria1.gov.bc.ca
fi
if [ "$envValue" = "prod" ]; then