Main Deploy #25
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Main Deploy | |
concurrency: | |
group: ${{ github.workflow }} | |
cancel-in-progress: true | |
on: | |
workflow_dispatch: | |
jobs: | |
##### TESTS ################################################################## | |
appointment-frontend-cypress: | |
name: Appointment Frontend Cypress | |
uses: ./.github/workflows/tyu-reusable-appointment-frontend-cypress.yaml | |
secrets: | |
bceid-endpoint: ${{ secrets.CYPRESS_BCEID_ENDPOINT }} | |
bceid-password: ${{ secrets.CYPRESS_BCEID_PASSWORD }} | |
bceid-username: ${{ secrets.CYPRESS_BCEID_USERNAME }} | |
cypress-project-id: ${{ secrets.CYPRESS_PROJECT_ID }} | |
cypress-record-key: ${{ secrets.CYPRESS_RECORD_KEY }} | |
keycloak-auth-url: ${{ secrets.KEYCLOAK_AUTH_URL_DEV }}/auth/ | |
keycloak-client: ${{ secrets.KEYCLOAK_APPOINTMENTS_FRONTEND_CLIENT }} | |
keycloak-realm: ${{ secrets.KEYCLOAK_REALM }} | |
##### BUILD ################################################################## | |
appointment-frontend: | |
name: appointment-frontend | |
needs: appointment-frontend-cypress | |
uses: ./.github/workflows/reusable-build-dockerfile.yaml | |
secrets: | |
artifactory-password: ${{ secrets.ARTIFACTORY_PASSWORD }} | |
artifactory-registry: ${{ secrets.ARTIFACTORY_REGISTRY }} | |
artifactory-username: ${{ secrets.ARTIFACTORY_USERNAME }} | |
namespace-theq: ${{ secrets.LICENCE_PLATE_THEQ }}-tools | |
namespace-theq-password: ${{ secrets.SA_PASSWORD_THEQ_TOOLS }} | |
namespace-theq-username: ${{ secrets.SA_USERNAME }} | |
namespace-qms: ${{ secrets.LICENCE_PLATE_QMS }}-tools | |
namespace-qms-password: ${{ secrets.SA_PASSWORD_QMS_TOOLS }} | |
namespace-qms-username: ${{ secrets.SA_USERNAME }} | |
openshift-registry: ${{ secrets.OPENSHIFT_REGISTRY }} | |
with: | |
directory: appointment-frontend | |
image-name: appointment-nginx-frontend | |
image-tags: commit-${GITHUB_SHA::7} latest | |
push-qms: ${{ github.repository_owner == 'bcgov' }} | |
push-theq: ${{ github.repository_owner == 'bcgov' }} | |
feedback-api: | |
name: feedback-api | |
needs: appointment-frontend-cypress | |
uses: ./.github/workflows/reusable-build-s2i.yaml | |
secrets: | |
namespace-theq: ${{ secrets.LICENCE_PLATE_THEQ }}-tools | |
namespace-theq-password: ${{ secrets.SA_PASSWORD_THEQ_TOOLS }} | |
namespace-theq-username: ${{ secrets.SA_USERNAME }} | |
namespace-qms: ${{ secrets.LICENCE_PLATE_QMS }}-tools | |
namespace-qms-password: ${{ secrets.SA_PASSWORD_QMS_TOOLS }} | |
namespace-qms-username: ${{ secrets.SA_USERNAME }} | |
openshift-registry: ${{ secrets.OPENSHIFT_REGISTRY }} | |
with: | |
directory: feedback-api | |
image-name: feedback-api | |
image-tags: commit-${GITHUB_SHA::7} latest | |
push-qms: ${{ github.repository_owner == 'bcgov' }} | |
push-theq: ${{ github.repository_owner == 'bcgov' }} | |
notifications-api: | |
name: notifications-api | |
needs: appointment-frontend-cypress | |
uses: ./.github/workflows/reusable-build-s2i.yaml | |
secrets: | |
namespace-theq: ${{ secrets.LICENCE_PLATE_THEQ }}-tools | |
namespace-theq-password: ${{ secrets.SA_PASSWORD_THEQ_TOOLS }} | |
namespace-theq-username: ${{ secrets.SA_USERNAME }} | |
namespace-qms: ${{ secrets.LICENCE_PLATE_QMS }}-tools | |
namespace-qms-password: ${{ secrets.SA_PASSWORD_QMS_TOOLS }} | |
namespace-qms-username: ${{ secrets.SA_USERNAME }} | |
openshift-registry: ${{ secrets.OPENSHIFT_REGISTRY }} | |
with: | |
directory: notifications-api | |
image-name: notifications-api | |
image-tags: commit-${GITHUB_SHA::7} latest | |
push-qms: ${{ github.repository_owner == 'bcgov' }} | |
push-theq: ${{ github.repository_owner == 'bcgov' }} | |
queue-management-api: | |
name: queue-management-api | |
needs: appointment-frontend-cypress | |
uses: ./.github/workflows/reusable-build-s2i.yaml | |
secrets: | |
artifactory-password: ${{ secrets.ARTIFACTORY_PASSWORD }} | |
artifactory-registry: ${{ secrets.ARTIFACTORY_REGISTRY }} | |
artifactory-username: ${{ secrets.ARTIFACTORY_USERNAME }} | |
namespace-theq: ${{ secrets.LICENCE_PLATE_THEQ }}-tools | |
namespace-theq-password: ${{ secrets.SA_PASSWORD_THEQ_TOOLS }} | |
namespace-theq-username: ${{ secrets.SA_USERNAME }} | |
namespace-qms: ${{ secrets.LICENCE_PLATE_QMS }}-tools | |
namespace-qms-password: ${{ secrets.SA_PASSWORD_QMS_TOOLS }} | |
namespace-qms-username: ${{ secrets.SA_USERNAME }} | |
openshift-registry: ${{ secrets.OPENSHIFT_REGISTRY }} | |
with: | |
directory: api | |
image-name: queue-management-api | |
image-tags: commit-${GITHUB_SHA::7} latest | |
push-qms: ${{ github.repository_owner == 'bcgov' }} | |
push-theq: ${{ github.repository_owner == 'bcgov' }} | |
queue-management-frontend: | |
name: queue-management-frontend | |
needs: appointment-frontend-cypress | |
uses: ./.github/workflows/reusable-build-dockerfile.yaml | |
secrets: | |
artifactory-password: ${{ secrets.ARTIFACTORY_PASSWORD }} | |
artifactory-registry: ${{ secrets.ARTIFACTORY_REGISTRY }} | |
artifactory-username: ${{ secrets.ARTIFACTORY_USERNAME }} | |
namespace-theq: ${{ secrets.LICENCE_PLATE_THEQ }}-tools | |
namespace-theq-password: ${{ secrets.SA_PASSWORD_THEQ_TOOLS }} | |
namespace-theq-username: ${{ secrets.SA_USERNAME }} | |
namespace-qms: ${{ secrets.LICENCE_PLATE_QMS }}-tools | |
namespace-qms-password: ${{ secrets.SA_PASSWORD_QMS_TOOLS }} | |
namespace-qms-username: ${{ secrets.SA_USERNAME }} | |
openshift-registry: ${{ secrets.OPENSHIFT_REGISTRY }} | |
with: | |
directory: frontend | |
image-name: queue-management-nginx-frontend | |
image-tags: commit-${GITHUB_SHA::7} latest | |
push-qms: ${{ github.repository_owner == 'bcgov' }} | |
push-theq: ${{ github.repository_owner == 'bcgov' }} | |
send-appointment-reminder-crond: | |
name: send-appointment-reminder-crond | |
needs: appointment-frontend-cypress | |
uses: ./.github/workflows/reusable-build-dockerfile.yaml | |
secrets: | |
artifactory-password: ${{ secrets.ARTIFACTORY_PASSWORD }} | |
artifactory-registry: ${{ secrets.ARTIFACTORY_REGISTRY }} | |
artifactory-username: ${{ secrets.ARTIFACTORY_USERNAME }} | |
namespace-theq: ${{ secrets.LICENCE_PLATE_THEQ }}-tools | |
namespace-theq-password: ${{ secrets.SA_PASSWORD_THEQ_TOOLS }} | |
namespace-theq-username: ${{ secrets.SA_USERNAME }} | |
namespace-qms: ${{ secrets.LICENCE_PLATE_QMS }}-tools | |
namespace-qms-password: ${{ secrets.SA_PASSWORD_QMS_TOOLS }} | |
namespace-qms-username: ${{ secrets.SA_USERNAME }} | |
openshift-registry: ${{ secrets.OPENSHIFT_REGISTRY }} | |
with: | |
directory: jobs/appointment_reminder | |
image-name: send-appointment-reminder-crond | |
image-tags: commit-${GITHUB_SHA::7} latest | |
push-qms: ${{ github.repository_owner == 'bcgov' }} | |
push-theq: ${{ github.repository_owner == 'bcgov' }} | |
##### DEPLOY THE Q ########################################################### | |
approve-theq-dev: | |
name: Approve Deploy to The Q Dev | |
if: github.repository_owner == 'bcgov' | |
needs: [appointment-frontend, feedback-api, notifications-api, queue-management-api, queue-management-frontend, send-appointment-reminder-crond] | |
environment: The Q Dev | |
runs-on: ubuntu-latest | |
steps: | |
- name: Deployment Approval | |
run: echo Approved | |
tag-theq-dev: | |
name: Tag The Q Dev | |
if: github.repository_owner == 'bcgov' | |
needs: approve-theq-dev | |
uses: ./.github/workflows/reusable-tag-image.yaml | |
secrets: | |
licence-plate: ${{ secrets.LICENCE_PLATE_THEQ }} | |
openshift-api: ${{ secrets.OPENSHIFT_API }} | |
token: ${{ secrets.SA_PASSWORD_THEQ_TOOLS }} | |
with: | |
image-names: appointment-nginx-frontend feedback-api notifications-api queue-management-api queue-management-nginx-frontend send-appointment-reminder-crond | |
tag-from: commit-${GITHUB_SHA::7} | |
tag-to: dev | |
wait-for-rollouts: | |
name: Wait for Rollouts | |
if: github.repository_owner == 'bcgov' | |
needs: tag-theq-dev | |
uses: ./.github/workflows/reusable-wait-for-rollouts.yaml | |
secrets: | |
licence-plate: ${{ secrets.LICENCE_PLATE_THEQ }} | |
openshift-api: ${{ secrets.OPENSHIFT_API }} | |
token: ${{ secrets.SA_PASSWORD_THEQ_DEV }} | |
with: | |
image-names: appointment-nginx-frontend feedback-api notifications-api queue-management-api queue-management-nginx-frontend send-appointment-reminder-crond-dev | |
tag-to: dev | |
newman-theq: | |
name: Newman Tests in The Q Dev | |
needs: wait-for-rollouts | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check out | |
uses: actions/checkout@v2 | |
- name: NPM Install | |
run: | | |
cd api/postman | |
npm install newman | |
- name: Run Newman Tests | |
run: | | |
cd api/postman | |
node_modules/newman/bin/newman.js run API_Test_TheQ_Booking.json \ | |
-e postman_env.json \ | |
--delay-request 250 \ | |
--global-var 'auth_url=${{ vars.POSTMAN_AUTH_URL_DEV }}' \ | |
--global-var 'client_secret=${{ secrets.POSTMAN_CLIENT_SECRET_DEV }}' \ | |
--global-var 'clientid=${{ vars.POSTMAN_CLIENTID_DEV }}' \ | |
--global-var 'password=${{ secrets.POSTMAN_PASSWORD }}' \ | |
--global-var 'password_nonqtxn=${{ secrets.POSTMAN_PASSWORD_NONQTXN }}' \ | |
--global-var 'public_url=${{ vars.POSTMAN_PUBLIC_API_URL_THEQ_DEV }}' \ | |
--global-var 'public_user_id=${{ vars.POSTMAN_PUBLIC_USERID }}' \ | |
--global-var 'public_user_password=${{ secrets.POSTMAN_PASSWORD_PUBLIC_USER }}' \ | |
--global-var 'realm=${{ vars.POSTMAN_REALM }}' \ | |
--global-var 'url=${{ vars.POSTMAN_API_URL_THEQ_DEV }}' \ | |
--global-var 'userid=${{ vars.POSTMAN_USERID }}' \ | |
--global-var 'userid_nonqtxn=${{ vars.POSTMAN_USERID_NONQTXN }}' | |
owasp-staff: | |
name: OWASP ZAP Scan of Staff Frontend | |
needs: wait-for-rollouts | |
runs-on: ubuntu-latest | |
steps: | |
- name: OWASP ZAP Scan | |
uses: zaproxy/[email protected] | |
with: | |
allow_issue_writing: false | |
cmd_options: '-z "-config scanner.threadPerHost=20"' | |
target: ${{ secrets.ZAP_STAFFURL_THEQ_DEV }} | |
- name: Upload Report as Artifact | |
uses: actions/upload-artifact@v3 | |
with: | |
name: OWASP ZAP - Staff Front End Report | |
path: report_html.html | |
owasp-appointment: | |
name: OWASP ZAP Scan of Appointment Frontend | |
needs: wait-for-rollouts | |
runs-on: ubuntu-latest | |
steps: | |
- name: OWASP ZAP Scan | |
uses: zaproxy/[email protected] | |
with: | |
allow_issue_writing: false | |
cmd_options: '-z "-config scanner.threadPerHost=20"' | |
target: ${{ secrets.ZAP_APPTMNTURL_THEQ_DEV }} | |
- name: Upload Report as Artifact | |
uses: actions/upload-artifact@v3 | |
with: | |
name: OWASP ZAP - Appointment Front End Report | |
path: report_html.html | |
approve-theq-test: | |
name: Approve Deploy to The Q Test | |
if: github.repository_owner == 'bcgov' | |
needs: [newman-theq, owasp-staff, owasp-appointment] | |
environment: The Q Test | |
runs-on: ubuntu-latest | |
steps: | |
- name: Deployment Approval | |
run: echo Approved | |
tag-theq-test: | |
name: Tag The Q Test | |
if: github.repository_owner == 'bcgov' | |
needs: approve-theq-test | |
uses: ./.github/workflows/reusable-tag-image.yaml | |
secrets: | |
licence-plate: ${{ secrets.LICENCE_PLATE_THEQ }} | |
openshift-api: ${{ secrets.OPENSHIFT_API }} | |
token: ${{ secrets.SA_PASSWORD_THEQ_TOOLS }} | |
with: | |
image-names: appointment-nginx-frontend feedback-api notifications-api queue-management-api queue-management-nginx-frontend send-appointment-reminder-crond | |
tag-from: commit-${GITHUB_SHA::7} | |
tag-to: test | |
approve-theq-prod: | |
name: Approve Deploy to The Q Prod | |
if: github.repository_owner == 'bcgov' | |
needs: tag-theq-test | |
environment: The Q Prod | |
runs-on: ubuntu-latest | |
steps: | |
- name: Deployment Approval | |
run: echo Approved | |
tag-theq-stable: | |
name: Tag The Q Stable | |
if: github.repository_owner == 'bcgov' | |
needs: approve-theq-prod | |
uses: ./.github/workflows/reusable-tag-image.yaml | |
secrets: | |
licence-plate: ${{ secrets.LICENCE_PLATE_THEQ }} | |
openshift-api: ${{ secrets.OPENSHIFT_API }} | |
token: ${{ secrets.SA_PASSWORD_THEQ_TOOLS }} | |
with: | |
image-names: appointment-nginx-frontend feedback-api notifications-api queue-management-api queue-management-nginx-frontend send-appointment-reminder-crond | |
tag-from: prod | |
tag-to: stable | |
tag-theq-prod: | |
name: Tag The Q Prod | |
if: github.repository_owner == 'bcgov' | |
needs: tag-theq-stable | |
uses: ./.github/workflows/reusable-tag-image.yaml | |
secrets: | |
licence-plate: ${{ secrets.LICENCE_PLATE_THEQ }} | |
openshift-api: ${{ secrets.OPENSHIFT_API }} | |
token: ${{ secrets.SA_PASSWORD_THEQ_TOOLS }} | |
with: | |
image-names: appointment-nginx-frontend feedback-api notifications-api queue-management-api queue-management-nginx-frontend send-appointment-reminder-crond | |
tag-from: commit-${GITHUB_SHA::7} | |
tag-to: prod | |
##### DEPLOY QMS ############################################################# | |
approve-qms-dev: | |
name: Approve Deploy to QMS Dev | |
if: github.repository_owner == 'bcgov' | |
needs: [appointment-frontend, feedback-api, notifications-api, queue-management-api, queue-management-frontend, send-appointment-reminder-crond] | |
environment: QMS Dev | |
runs-on: ubuntu-latest | |
steps: | |
- name: Deployment Approval | |
run: echo Approved | |
tag-qms-dev: | |
name: Tag QMS Dev | |
if: github.repository_owner == 'bcgov' | |
needs: approve-qms-dev | |
uses: ./.github/workflows/reusable-tag-image.yaml | |
secrets: | |
licence-plate: ${{ secrets.LICENCE_PLATE_QMS }} | |
openshift-api: ${{ secrets.OPENSHIFT_API }} | |
token: ${{ secrets.SA_PASSWORD_QMS_TOOLS }} | |
with: | |
image-names: appointment-nginx-frontend feedback-api notifications-api queue-management-api queue-management-nginx-frontend send-appointment-reminder-crond | |
tag-from: commit-${GITHUB_SHA::7} | |
tag-to: dev | |
approve-qms-test: | |
name: Approve Deploy to QMS Test | |
if: github.repository_owner == 'bcgov' | |
needs: tag-qms-dev | |
environment: QMS Test | |
runs-on: ubuntu-latest | |
steps: | |
- name: Deployment Approval | |
run: echo Approved | |
tag-qms-test: | |
name: Tag QMS Test | |
if: github.repository_owner == 'bcgov' | |
needs: approve-qms-test | |
uses: ./.github/workflows/reusable-tag-image.yaml | |
secrets: | |
licence-plate: ${{ secrets.LICENCE_PLATE_QMS }} | |
openshift-api: ${{ secrets.OPENSHIFT_API }} | |
token: ${{ secrets.SA_PASSWORD_QMS_TOOLS }} | |
with: | |
image-names: appointment-nginx-frontend feedback-api notifications-api queue-management-api queue-management-nginx-frontend send-appointment-reminder-crond | |
tag-from: commit-${GITHUB_SHA::7} | |
tag-to: test | |
approve-qms-prod: | |
name: Approve Deploy to QMS Prod | |
if: github.repository_owner == 'bcgov' | |
needs: tag-qms-test | |
environment: QMS Prod | |
runs-on: ubuntu-latest | |
steps: | |
- name: Deployment Approval | |
run: echo Approved | |
tag-qms-stable: | |
name: Tag QMS Stable | |
if: github.repository_owner == 'bcgov' | |
needs: approve-qms-prod | |
uses: ./.github/workflows/reusable-tag-image.yaml | |
secrets: | |
licence-plate: ${{ secrets.LICENCE_PLATE_QMS }} | |
openshift-api: ${{ secrets.OPENSHIFT_API }} | |
token: ${{ secrets.SA_PASSWORD_QMS_TOOLS }} | |
with: | |
image-names: appointment-nginx-frontend feedback-api notifications-api queue-management-api queue-management-nginx-frontend send-appointment-reminder-crond | |
tag-from: prod | |
tag-to: stable | |
tag-qms-prod: | |
name: Tag QMS Prod | |
if: github.repository_owner == 'bcgov' | |
needs: tag-qms-stable | |
uses: ./.github/workflows/reusable-tag-image.yaml | |
secrets: | |
licence-plate: ${{ secrets.LICENCE_PLATE_QMS }} | |
openshift-api: ${{ secrets.OPENSHIFT_API }} | |
token: ${{ secrets.SA_PASSWORD_QMS_TOOLS }} | |
with: | |
image-names: appointment-nginx-frontend feedback-api notifications-api queue-management-api queue-management-nginx-frontend send-appointment-reminder-crond | |
tag-from: commit-${GITHUB_SHA::7} | |
tag-to: prod |