Merge pull request #7 from bcgov/feature/InitialCode

GEO-36 SSO Keycloak Authentication Integration
bcgov · Aug 8, 2023 · d34bf4f · d34bf4f
2 parents dbaa5e8 + 680fba0
commit d34bf4f
Show file tree

Hide file tree

Showing 29 changed files with 2,172 additions and 101 deletions.
diff --git a/.github/workflows/cd-to-dev-on-merge-to-main.yml b/.github/workflows/cd-to-dev-on-merge-to-main.yml
@@ -1,12 +1,10 @@
 name: Merge to Main
 
 on:
- push:
- branches:
- - main
- paths-ignore:
- - ".github/ISSUE_TEMPLATE/*"
- - "**.md"
+ workflow_run:
+ workflows: [ "Pull Request Closed" ]
+ types:
+ - completed
  workflow_dispatch:
 
 concurrency:
@@ -15,24 +13,46 @@ concurrency:
 
 jobs:
 
+ deploy-init:
+ name: Deploy Init to OpenShift
+ environment: dev
+ runs-on: ubuntu-22.04
+ steps:
+ - uses: bcgov-nr/[email protected]
+ with:
+ file: common/openshift.init.yml
+ oc_namespace: ${{ vars.OC_NAMESPACE }}
+ oc_server: ${{ vars.OC_SERVER }}
+ oc_token: ${{ secrets.OC_TOKEN }}
+ overwrite: false
+ parameters:
+ -p ZONE=dev -p NAME=${{ github.event.repository.name }}
+ -p PROMOTE=${{ github.repository }}/${{ matrix.name }}:dev
+ -p KEYCLOAK_CLIENT_ID=${{ secrets.KEYCLOAK_CLIENT_ID }} -p KEYCLOAK_CLIENT_SECRET=${{ secrets.KEYCLOAK_CLIENT_SECRET }}
+ -p KEYCLOAK_URL=${{ secrets.KEYCLOAK_URL }}
+
  deploys-dev:
  name: Dev Deployments
  environment: dev
+ needs:
+ - deploy-init
  runs-on: ubuntu-22.04
  strategy:
  matrix:
  name: [backend, database, frontend, init]
  include:
  - name: backend
  file: backend/openshift.deploy.yml
- parameters: -p PROMOTE_MIGRATION=${{ github.repository }}/database-migrations:dev
+ parameters: -p PROMOTE_MIGRATION=${{ github.repository }}/database-migrations:dev -p CPU_REQUEST=30m -p MEMORY_REQUEST=50Mi -p CPU_LIMIT=100m -p MEMORY_LIMIT=150Mi -p MIN_REPLICAS=3 -p MAX_REPLICAS=5
  overwrite: true
  - name: database
  file: database/openshift.deploy.yml
  overwrite: false
+ parameters: -p CPU_REQUEST=100m -p MEMORY_REQUEST=150Mi -p CPU_LIMIT=250m -p MEMORY_LIMIT=250Mi
  - name: frontend
  file: frontend/openshift.deploy.yml
  overwrite: true
+ parameters: -p CPU_REQUEST=25m -p MEMORY_REQUEST=40Mi -p CPU_LIMIT=75m -p MEMORY_LIMIT=80Mi -p MIN_REPLICAS=3 -p MAX_REPLICAS=5
  - name: init
  file: common/openshift.init.yml
  overwrite: false

diff --git a/.github/workflows/cd-to-prod-on-workflow-dispatch.yml b/.github/workflows/cd-to-prod-on-workflow-dispatch.yml
@@ -23,9 +23,30 @@ jobs:
  repository: ${{ github.repository }}/${{ matrix.package }}
  target: test
  tags: prod
+ deploy-init:
+ name: Deploy Init to OpenShift
+ environment: prod
+ needs:
+ - image-promotions-to-prod
+ runs-on: ubuntu-22.04
+ steps:
+ - uses: bcgov-nr/[email protected]
+ with:
+ file: common/openshift.init.yml
+ oc_namespace: ${{ vars.OC_NAMESPACE }}
+ oc_server: ${{ vars.OC_SERVER }}
+ oc_token: ${{ secrets.OC_TOKEN }}
+ overwrite: false
+ parameters:
+ -p ZONE=prod -p NAME=${{ github.event.repository.name }}
+ -p PROMOTE=${{ github.repository }}/${{ matrix.name }}:prod
+ -p KEYCLOAK_CLIENT_ID=${{ secrets.KEYCLOAK_CLIENT_ID }} -p KEYCLOAK_CLIENT_SECRET=${{ secrets.KEYCLOAK_CLIENT_SECRET }}
+ -p KEYCLOAK_URL=${{ secrets.KEYCLOAK_URL }}
  deploys-prod:
  name: Prod Deployments
- needs: image-promotions-to-prod
+ needs:
+ - image-promotions-to-prod
+ - deploy-init
  environment: prod
  runs-on: ubuntu-22.04
  strategy:
@@ -34,14 +55,16 @@ jobs:
  include:
  - name: backend
  file: backend/openshift.deploy.yml
- parameters: -p PROMOTE_MIGRATION=${{ github.repository }}/database-migrations:prod
+ parameters: -p PROMOTE_MIGRATION=${{ github.repository }}/database-migrations:prod -p CPU_REQUEST=30m -p MEMORY_REQUEST=50Mi -p CPU_LIMIT=100m -p MEMORY_LIMIT=150Mi -p MIN_REPLICAS=3 -p MAX_REPLICAS=5
  overwrite: true
  - name: database
  file: database/openshift.deploy.yml
  overwrite: false
+ parameters: -p CPU_REQUEST=100m -p MEMORY_REQUEST=150Mi -p CPU_LIMIT=250m -p MEMORY_LIMIT=250Mi -p PVC_SIZE=256Mi -p DB_PVC_SIZE=512Mi
  - name: frontend
  file: frontend/openshift.deploy.yml
  overwrite: true
+ parameters: -p CPU_REQUEST=25m -p MEMORY_REQUEST=40Mi -p CPU_LIMIT=75m -p MEMORY_LIMIT=80Mi -p MIN_REPLICAS=3 -p MAX_REPLICAS=5
  - name: init
  file: common/openshift.init.yml
  overwrite: false

diff --git a/.github/workflows/cd-to-test-on-workflow-dispatch.yml b/.github/workflows/cd-to-test-on-workflow-dispatch.yml
@@ -23,9 +23,31 @@ jobs:
  repository: ${{ github.repository }}/${{ matrix.package }}
  target: dev
  tags: test
+ deploy-init:
+ name: Deploy Init to OpenShift
+ environment: test
+ needs:
+ - image-promotions-to-test
+ runs-on: ubuntu-22.04
+ steps:
+ - uses: bcgov-nr/[email protected]
+ with:
+ file: common/openshift.init.yml
+ oc_namespace: ${{ vars.OC_NAMESPACE }}
+ oc_server: ${{ vars.OC_SERVER }}
+ oc_token: ${{ secrets.OC_TOKEN }}
+ overwrite: false
+ parameters:
+ -p ZONE=test -p NAME=${{ github.event.repository.name }}
+ -p PROMOTE=${{ github.repository }}/${{ matrix.name }}:test
+ -p KEYCLOAK_CLIENT_ID=${{ secrets.KEYCLOAK_CLIENT_ID }} -p KEYCLOAK_CLIENT_SECRET=${{ secrets.KEYCLOAK_CLIENT_SECRET }}
+ -p KEYCLOAK_URL=${{ secrets.KEYCLOAK_URL }}
+
  deploys-test:
  name: Test Deployments
- needs: image-promotions-to-test
+ needs:
+ - image-promotions-to-test
+ - deploy-init
  environment: test
  runs-on: ubuntu-22.04
  strategy:
@@ -34,14 +56,16 @@ jobs:
  include:
  - name: backend
  file: backend/openshift.deploy.yml
- parameters: -p PROMOTE_MIGRATION=${{ github.repository }}/database-migrations:test
+ parameters: -p PROMOTE_MIGRATION=${{ github.repository }}/database-migrations:test -p CPU_REQUEST=30m -p MEMORY_REQUEST=50Mi -p CPU_LIMIT=100m -p MEMORY_LIMIT=150Mi -p MIN_REPLICAS=3 -p MAX_REPLICAS=5
  overwrite: true
  - name: database
  file: database/openshift.deploy.yml
  overwrite: false
+ parameters: -p CPU_REQUEST=100m -p MEMORY_REQUEST=150Mi -p CPU_LIMIT=250m -p MEMORY_LIMIT=250Mi -p PVC_SIZE=256Mi -p DB_PVC_SIZE=512Mi
  - name: frontend
  file: frontend/openshift.deploy.yml
  overwrite: true
+ parameters: -p CPU_REQUEST=25m -p MEMORY_REQUEST=40Mi -p CPU_LIMIT=75m -p MEMORY_LIMIT=80Mi -p MIN_REPLICAS=3 -p MAX_REPLICAS=5
  - name: init
  file: common/openshift.init.yml
  overwrite: false

diff --git a/.github/workflows/ci_cd_on_pr_dev_sandbox.yml b/.github/workflows/ci_cd_on_pr_dev_sandbox.yml
@@ -2,6 +2,8 @@ name: Build And Deploy to Sandbox in Dev namespace
 
 on:
  pull_request:
+ branches:
+ - main
 
 concurrency:
  # PR open and close use the same group, allowing only one at a time
@@ -10,6 +12,7 @@ concurrency:
 
 jobs:
  builds:
+ if: '!github.event.pull_request.head.repo.fork'
  name: Build Containers for OpenShift Deployment
  runs-on: ubuntu-22.04
  permissions:
@@ -48,34 +51,68 @@ jobs:
  build_context: ${{ matrix.build_context }}
 
 
+ deploy-init:
+ if: '!github.event.pull_request.head.repo.fork'
+ name: Deploy Init to OpenShift
+ environment: dev
+ runs-on: ubuntu-22.04
+ steps:
+ - name: generate private and public key
+ id: generateKey
+ shell: bash
+ run: |
+ EOF=" "
+ ssh-keygen -t rsa -b 4096 -m PEM -f jwtRS256.key -q -N ""
+ openssl rsa -in jwtRS256.key -pubout -outform PEM -out jwtRS256.key.pub
+ UI_PRIVATE_KEY_VAL=$(cat jwtRS256.key)
+ UI_PUBLIC_KEY_VAL=$(cat jwtRS256.key.pub)
+ echo "UI_PUBLIC_KEY<<$EOF" >> $GITHUB_OUTPUT
+ echo "$UI_PUBLIC_KEY_VAL" >> $GITHUB_OUTPUT
+ echo "$EOF" >> $GITHUB_OUTPUT
+ 
+ echo "UI_PRIVATE_KEY<<$EOF" >> $GITHUB_OUTPUT
+ echo "$UI_PRIVATE_KEY_VAL" >> $GITHUB_OUTPUT
+ echo "$EOF" >> $GITHUB_OUTPUT
+
+ - uses: bcgov-nr/[email protected]
+ with:
+ file: common/openshift.init.yml
+ oc_namespace: ${{ vars.OC_NAMESPACE }}
+ oc_server: ${{ vars.OC_SERVER }}
+ oc_token: ${{ secrets.OC_TOKEN }}
+ overwrite: false
+ parameters:
+ -p ZONE=${{ github.event.number }} -p NAME=${{ github.event.repository.name }}
+ -p PROMOTE=${{ github.repository }}/${{ matrix.name }}:${{ github.event.number }} 
+ -p KEYCLOAK_CLIENT_ID=${{ secrets.KEYCLOAK_CLIENT_ID }} -p KEYCLOAK_CLIENT_SECRET=${{ secrets.KEYCLOAK_CLIENT_SECRET }} 
+ -p KEYCLOAK_URL=${{ secrets.KEYCLOAK_URL }} -p UI_PRIVATE_KEY="${{ steps.generateKey.outputs.UI_PRIVATE_KEY }}"
+ -p UI_PUBLIC_KEY="${{ steps.generateKey.outputs.UI_PUBLIC_KEY }}"
+
+
  deploys:
  name: Deploy Containers to OpenShift
+ environment: dev
  needs:
+ - deploy-init
  - builds
  runs-on: ubuntu-22.04
  strategy:
  matrix:
- name: [backend, database, init, frontend]
+ name: [database, backend, frontend]
  include:
+ - name: database
+ file: database/openshift.deploy.yml
+ overwrite: false
  - name: backend
  file: backend/openshift.deploy.yml
  overwrite: true
- parameters:
- -p MIN_REPLICAS=1 -p MAX_REPLICAS=2
- -p PROMOTE_MIGRATION=${{ github.repository }}/database-migrations:${{ github.event.number }}
  triggers: ('database/', 'backend/', 'frontend/')
  verification_path: /api
- - name: database
- file: database/openshift.deploy.yml
- overwrite: false
+ parameters: -p PROMOTE_MIGRATION=${{ github.repository }}/database-migrations:${{ github.event.number }}
  - name: frontend
  file: frontend/openshift.deploy.yml
  overwrite: true
- parameters: -p MIN_REPLICAS=1 -p MAX_REPLICAS=2
  triggers: ('database/', 'backend/', 'frontend/')
- - name: init
- file: common/openshift.init.yml
- overwrite: false
  steps:
  - uses: bcgov-nr/[email protected]
  with:
@@ -90,3 +127,4 @@ jobs:
  ${{ matrix.parameters }}
  triggers: ${{ matrix.triggers }}
  verification_path: ${{ matrix.verification_path }}
+
diff --git a/.github/workflows/promote-images-on-pr-close.yml b/.github/workflows/promote-images-on-pr-close.yml
@@ -2,6 +2,8 @@ name: Pull Request Closed
 
 on:
  pull_request:
+ branches:
+ - main
  types:
  - closed
 
@@ -13,6 +15,7 @@ concurrency:
 jobs:
  # Clean up OpenShift when PR closed, no conditions
  cleanup-openshift:
+ if: '!github.event.pull_request.head.repo.fork'
  name: Cleanup OpenShift
  runs-on: ubuntu-22.04
  steps:

diff --git a/backend/Dockerfile b/backend/Dockerfile
@@ -7,15 +7,16 @@ COPY ./src ./src
 RUN npm ci --ignore-scripts && \
  npm run build
 
+RUN mkdir -p /app/sessions
 
 # Deployment container
 FROM gcr.io/distroless/nodejs:18
 ENV NODE_ENV production
-
 # Copy over app.ts
 WORKDIR /app
 COPY --from=build /app/node_modules ./node_modules
 COPY --from=build /app/dist ./dist
+COPY --from=build /app/sessions ./sessions
 
 # Port and health check
 EXPOSE 3000
@@ -24,5 +25,5 @@ HEALTHCHECK --interval=30s --timeout=3s CMD curl -f http://localhost/:3000
 # Non-privileged user
 USER app
 
-# Start up command with 50MB of heap size, each application needs to determine what is the best value. DONT use default as it is 4GB.
-CMD ["--max-old-space-size=50", "/app/dist/server"]
+# Start up command with 150MB of heap size, each application needs to determine what is the best value. DONT use default as it is 4GB.
+CMD ["--max-old-space-size=150", "/app/dist/server"]