-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #7 from bcgov/feature/InitialCode
GEO-36 SSO Keycloak Authentication Integration
- Loading branch information
Showing
29 changed files
with
2,172 additions
and
101 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,12 +1,10 @@ | ||
name: Merge to Main | ||
|
||
on: | ||
push: | ||
branches: | ||
- main | ||
paths-ignore: | ||
- ".github/ISSUE_TEMPLATE/*" | ||
- "**.md" | ||
workflow_run: | ||
workflows: [ "Pull Request Closed" ] | ||
types: | ||
- completed | ||
workflow_dispatch: | ||
|
||
concurrency: | ||
|
@@ -15,24 +13,46 @@ concurrency: | |
|
||
jobs: | ||
|
||
deploy-init: | ||
name: Deploy Init to OpenShift | ||
environment: dev | ||
runs-on: ubuntu-22.04 | ||
steps: | ||
- uses: bcgov-nr/[email protected] | ||
with: | ||
file: common/openshift.init.yml | ||
oc_namespace: ${{ vars.OC_NAMESPACE }} | ||
oc_server: ${{ vars.OC_SERVER }} | ||
oc_token: ${{ secrets.OC_TOKEN }} | ||
overwrite: false | ||
parameters: | ||
-p ZONE=dev -p NAME=${{ github.event.repository.name }} | ||
-p PROMOTE=${{ github.repository }}/${{ matrix.name }}:dev | ||
-p KEYCLOAK_CLIENT_ID=${{ secrets.KEYCLOAK_CLIENT_ID }} -p KEYCLOAK_CLIENT_SECRET=${{ secrets.KEYCLOAK_CLIENT_SECRET }} | ||
-p KEYCLOAK_URL=${{ secrets.KEYCLOAK_URL }} | ||
|
||
deploys-dev: | ||
name: Dev Deployments | ||
environment: dev | ||
needs: | ||
- deploy-init | ||
runs-on: ubuntu-22.04 | ||
strategy: | ||
matrix: | ||
name: [backend, database, frontend, init] | ||
include: | ||
- name: backend | ||
file: backend/openshift.deploy.yml | ||
parameters: -p PROMOTE_MIGRATION=${{ github.repository }}/database-migrations:dev | ||
parameters: -p PROMOTE_MIGRATION=${{ github.repository }}/database-migrations:dev -p CPU_REQUEST=30m -p MEMORY_REQUEST=50Mi -p CPU_LIMIT=100m -p MEMORY_LIMIT=150Mi -p MIN_REPLICAS=3 -p MAX_REPLICAS=5 | ||
overwrite: true | ||
- name: database | ||
file: database/openshift.deploy.yml | ||
overwrite: false | ||
parameters: -p CPU_REQUEST=100m -p MEMORY_REQUEST=150Mi -p CPU_LIMIT=250m -p MEMORY_LIMIT=250Mi | ||
- name: frontend | ||
file: frontend/openshift.deploy.yml | ||
overwrite: true | ||
parameters: -p CPU_REQUEST=25m -p MEMORY_REQUEST=40Mi -p CPU_LIMIT=75m -p MEMORY_LIMIT=80Mi -p MIN_REPLICAS=3 -p MAX_REPLICAS=5 | ||
- name: init | ||
file: common/openshift.init.yml | ||
overwrite: false | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -23,9 +23,30 @@ jobs: | |
repository: ${{ github.repository }}/${{ matrix.package }} | ||
target: test | ||
tags: prod | ||
deploy-init: | ||
name: Deploy Init to OpenShift | ||
environment: prod | ||
needs: | ||
- image-promotions-to-prod | ||
runs-on: ubuntu-22.04 | ||
steps: | ||
- uses: bcgov-nr/[email protected] | ||
with: | ||
file: common/openshift.init.yml | ||
oc_namespace: ${{ vars.OC_NAMESPACE }} | ||
oc_server: ${{ vars.OC_SERVER }} | ||
oc_token: ${{ secrets.OC_TOKEN }} | ||
overwrite: false | ||
parameters: | ||
-p ZONE=prod -p NAME=${{ github.event.repository.name }} | ||
-p PROMOTE=${{ github.repository }}/${{ matrix.name }}:prod | ||
-p KEYCLOAK_CLIENT_ID=${{ secrets.KEYCLOAK_CLIENT_ID }} -p KEYCLOAK_CLIENT_SECRET=${{ secrets.KEYCLOAK_CLIENT_SECRET }} | ||
-p KEYCLOAK_URL=${{ secrets.KEYCLOAK_URL }} | ||
deploys-prod: | ||
name: Prod Deployments | ||
needs: image-promotions-to-prod | ||
needs: | ||
- image-promotions-to-prod | ||
- deploy-init | ||
environment: prod | ||
runs-on: ubuntu-22.04 | ||
strategy: | ||
|
@@ -34,14 +55,16 @@ jobs: | |
include: | ||
- name: backend | ||
file: backend/openshift.deploy.yml | ||
parameters: -p PROMOTE_MIGRATION=${{ github.repository }}/database-migrations:prod | ||
parameters: -p PROMOTE_MIGRATION=${{ github.repository }}/database-migrations:prod -p CPU_REQUEST=30m -p MEMORY_REQUEST=50Mi -p CPU_LIMIT=100m -p MEMORY_LIMIT=150Mi -p MIN_REPLICAS=3 -p MAX_REPLICAS=5 | ||
overwrite: true | ||
- name: database | ||
file: database/openshift.deploy.yml | ||
overwrite: false | ||
parameters: -p CPU_REQUEST=100m -p MEMORY_REQUEST=150Mi -p CPU_LIMIT=250m -p MEMORY_LIMIT=250Mi -p PVC_SIZE=256Mi -p DB_PVC_SIZE=512Mi | ||
- name: frontend | ||
file: frontend/openshift.deploy.yml | ||
overwrite: true | ||
parameters: -p CPU_REQUEST=25m -p MEMORY_REQUEST=40Mi -p CPU_LIMIT=75m -p MEMORY_LIMIT=80Mi -p MIN_REPLICAS=3 -p MAX_REPLICAS=5 | ||
- name: init | ||
file: common/openshift.init.yml | ||
overwrite: false | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -23,9 +23,31 @@ jobs: | |
repository: ${{ github.repository }}/${{ matrix.package }} | ||
target: dev | ||
tags: test | ||
deploy-init: | ||
name: Deploy Init to OpenShift | ||
environment: test | ||
needs: | ||
- image-promotions-to-test | ||
runs-on: ubuntu-22.04 | ||
steps: | ||
- uses: bcgov-nr/[email protected] | ||
with: | ||
file: common/openshift.init.yml | ||
oc_namespace: ${{ vars.OC_NAMESPACE }} | ||
oc_server: ${{ vars.OC_SERVER }} | ||
oc_token: ${{ secrets.OC_TOKEN }} | ||
overwrite: false | ||
parameters: | ||
-p ZONE=test -p NAME=${{ github.event.repository.name }} | ||
-p PROMOTE=${{ github.repository }}/${{ matrix.name }}:test | ||
-p KEYCLOAK_CLIENT_ID=${{ secrets.KEYCLOAK_CLIENT_ID }} -p KEYCLOAK_CLIENT_SECRET=${{ secrets.KEYCLOAK_CLIENT_SECRET }} | ||
-p KEYCLOAK_URL=${{ secrets.KEYCLOAK_URL }} | ||
|
||
deploys-test: | ||
name: Test Deployments | ||
needs: image-promotions-to-test | ||
needs: | ||
- image-promotions-to-test | ||
- deploy-init | ||
environment: test | ||
runs-on: ubuntu-22.04 | ||
strategy: | ||
|
@@ -34,14 +56,16 @@ jobs: | |
include: | ||
- name: backend | ||
file: backend/openshift.deploy.yml | ||
parameters: -p PROMOTE_MIGRATION=${{ github.repository }}/database-migrations:test | ||
parameters: -p PROMOTE_MIGRATION=${{ github.repository }}/database-migrations:test -p CPU_REQUEST=30m -p MEMORY_REQUEST=50Mi -p CPU_LIMIT=100m -p MEMORY_LIMIT=150Mi -p MIN_REPLICAS=3 -p MAX_REPLICAS=5 | ||
overwrite: true | ||
- name: database | ||
file: database/openshift.deploy.yml | ||
overwrite: false | ||
parameters: -p CPU_REQUEST=100m -p MEMORY_REQUEST=150Mi -p CPU_LIMIT=250m -p MEMORY_LIMIT=250Mi -p PVC_SIZE=256Mi -p DB_PVC_SIZE=512Mi | ||
- name: frontend | ||
file: frontend/openshift.deploy.yml | ||
overwrite: true | ||
parameters: -p CPU_REQUEST=25m -p MEMORY_REQUEST=40Mi -p CPU_LIMIT=75m -p MEMORY_LIMIT=80Mi -p MIN_REPLICAS=3 -p MAX_REPLICAS=5 | ||
- name: init | ||
file: common/openshift.init.yml | ||
overwrite: false | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -2,6 +2,8 @@ name: Build And Deploy to Sandbox in Dev namespace | |
|
||
on: | ||
pull_request: | ||
branches: | ||
- main | ||
|
||
concurrency: | ||
# PR open and close use the same group, allowing only one at a time | ||
|
@@ -10,6 +12,7 @@ concurrency: | |
|
||
jobs: | ||
builds: | ||
if: '!github.event.pull_request.head.repo.fork' | ||
name: Build Containers for OpenShift Deployment | ||
runs-on: ubuntu-22.04 | ||
permissions: | ||
|
@@ -48,34 +51,68 @@ jobs: | |
build_context: ${{ matrix.build_context }} | ||
|
||
|
||
deploy-init: | ||
if: '!github.event.pull_request.head.repo.fork' | ||
name: Deploy Init to OpenShift | ||
environment: dev | ||
runs-on: ubuntu-22.04 | ||
steps: | ||
- name: generate private and public key | ||
id: generateKey | ||
shell: bash | ||
run: | | ||
EOF=" " | ||
ssh-keygen -t rsa -b 4096 -m PEM -f jwtRS256.key -q -N "" | ||
openssl rsa -in jwtRS256.key -pubout -outform PEM -out jwtRS256.key.pub | ||
UI_PRIVATE_KEY_VAL=$(cat jwtRS256.key) | ||
UI_PUBLIC_KEY_VAL=$(cat jwtRS256.key.pub) | ||
echo "UI_PUBLIC_KEY<<$EOF" >> $GITHUB_OUTPUT | ||
echo "$UI_PUBLIC_KEY_VAL" >> $GITHUB_OUTPUT | ||
echo "$EOF" >> $GITHUB_OUTPUT | ||
echo "UI_PRIVATE_KEY<<$EOF" >> $GITHUB_OUTPUT | ||
echo "$UI_PRIVATE_KEY_VAL" >> $GITHUB_OUTPUT | ||
echo "$EOF" >> $GITHUB_OUTPUT | ||
- uses: bcgov-nr/[email protected] | ||
with: | ||
file: common/openshift.init.yml | ||
oc_namespace: ${{ vars.OC_NAMESPACE }} | ||
oc_server: ${{ vars.OC_SERVER }} | ||
oc_token: ${{ secrets.OC_TOKEN }} | ||
overwrite: false | ||
parameters: | ||
-p ZONE=${{ github.event.number }} -p NAME=${{ github.event.repository.name }} | ||
-p PROMOTE=${{ github.repository }}/${{ matrix.name }}:${{ github.event.number }} | ||
-p KEYCLOAK_CLIENT_ID=${{ secrets.KEYCLOAK_CLIENT_ID }} -p KEYCLOAK_CLIENT_SECRET=${{ secrets.KEYCLOAK_CLIENT_SECRET }} | ||
-p KEYCLOAK_URL=${{ secrets.KEYCLOAK_URL }} -p UI_PRIVATE_KEY="${{ steps.generateKey.outputs.UI_PRIVATE_KEY }}" | ||
-p UI_PUBLIC_KEY="${{ steps.generateKey.outputs.UI_PUBLIC_KEY }}" | ||
|
||
|
||
deploys: | ||
name: Deploy Containers to OpenShift | ||
environment: dev | ||
needs: | ||
- deploy-init | ||
- builds | ||
runs-on: ubuntu-22.04 | ||
strategy: | ||
matrix: | ||
name: [backend, database, init, frontend] | ||
name: [database, backend, frontend] | ||
include: | ||
- name: database | ||
file: database/openshift.deploy.yml | ||
overwrite: false | ||
- name: backend | ||
file: backend/openshift.deploy.yml | ||
overwrite: true | ||
parameters: | ||
-p MIN_REPLICAS=1 -p MAX_REPLICAS=2 | ||
-p PROMOTE_MIGRATION=${{ github.repository }}/database-migrations:${{ github.event.number }} | ||
triggers: ('database/', 'backend/', 'frontend/') | ||
verification_path: /api | ||
- name: database | ||
file: database/openshift.deploy.yml | ||
overwrite: false | ||
parameters: -p PROMOTE_MIGRATION=${{ github.repository }}/database-migrations:${{ github.event.number }} | ||
- name: frontend | ||
file: frontend/openshift.deploy.yml | ||
overwrite: true | ||
parameters: -p MIN_REPLICAS=1 -p MAX_REPLICAS=2 | ||
triggers: ('database/', 'backend/', 'frontend/') | ||
- name: init | ||
file: common/openshift.init.yml | ||
overwrite: false | ||
steps: | ||
- uses: bcgov-nr/[email protected] | ||
with: | ||
|
@@ -90,3 +127,4 @@ jobs: | |
${{ matrix.parameters }} | ||
triggers: ${{ matrix.triggers }} | ||
verification_path: ${{ matrix.verification_path }} | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.