diff --git a/.github/workflows/dev-build-endorsement-reminder-gold.yaml b/.github/workflows/dev-build-endorsement-reminder-gold.yaml deleted file mode 100644 index c56c5a856..000000000 --- a/.github/workflows/dev-build-endorsement-reminder-gold.yaml +++ /dev/null @@ -1,38 +0,0 @@ -name: Build Endorsement Reminder - GOLD Dev - -on: - push: - branches: [develop] - paths: - - "backend/**" - workflow_dispatch: - -# This will terminate builds that are previously, but continuing to run. Saves GHA hours. -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true - -jobs: - build-endorsement-reminder-gold: - name: Endorsement Reminder Build - runs-on: ubuntu-latest - steps: - - name: "Checkout Code" - uses: actions/checkout@master - - - name: "Docker Build" - working-directory: "./backend" - run: | - docker build -f ./services.endorsement-reminder/Dockerfile -t image-registry.apps.gold.devops.gov.bc.ca/f088b1-tools/endorsement-reminder:develop . - - # Uses the Artifactory service account's username and password - - name: "Docker Login to GOLD OCP" - uses: docker/login-action@master - with: - registry: image-registry.apps.gold.devops.gov.bc.ca - username: builder - password: ${{ secrets.GOLD_TOOLS_BUILDER_TOKEN }} - - - name: "Push image" - run: | - docker push image-registry.apps.gold.devops.gov.bc.ca/f088b1-tools/endorsement-reminder:develop \ No newline at end of file diff --git a/.github/workflows/dev-build-frontend-gold.yaml b/.github/workflows/dev-build-frontend-gold.yaml deleted file mode 100644 index e936d5e55..000000000 --- a/.github/workflows/dev-build-frontend-gold.yaml +++ /dev/null @@ -1,70 +0,0 @@ -name: Build Frontend - GOLD Dev - -on: - push: - branches: [develop] - paths: - - "workspace/**" - workflow_dispatch: - - -# This will terminate builds that are previously, but continuing to run. Saves GHA hours. -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true - -jobs: - build-frontend: - name: Frontend Build - runs-on: ubuntu-latest - defaults: - run: - working-directory: "./workspace" - steps: - - name: "Checkout Code" - uses: actions/checkout@master - - - name: Use Node.js 18.x - uses: actions/setup-node@v3 - with: - node-version: 18.x - - - name: YARN Install - run: | - yarn install - - - name: YARN Build - run: | - yarn build - - - name: "Docker Build GOLD" - run: | - docker build -t image-registry.apps.gold.devops.gov.bc.ca/f088b1-tools/pidp-frontend:develop . - - # Uses the Artifactory service account's username and password - - name: "Docker Login to GOLD OCP" - uses: docker/login-action@v2 - with: - registry: image-registry.apps.gold.devops.gov.bc.ca - username: builder - password: ${{ secrets.GOLD_TOOLS_BUILDER_TOKEN }} - - - name: "Push image to GOLD OCP" - run: | - docker push image-registry.apps.gold.devops.gov.bc.ca/f088b1-tools/pidp-frontend:develop - - - name: "Docker Build GOLDDR" - run: | - docker tag image-registry.apps.gold.devops.gov.bc.ca/f088b1-tools/pidp-frontend:develop image-registry.apps.golddr.devops.gov.bc.ca/f088b1-tools/pidp-frontend:develop . - - # Uses the Artifactory service account's username and password - - name: "Docker Login to GOLDDR OCP" - uses: docker/login-action@v2 - with: - registry: image-registry.apps.golddr.devops.gov.bc.ca - username: builder - password: ${{ secrets.GOLDDR_TOOLS_BUILDER_TOKEN }} - - - name: "Push image to GOLDDR OCP" - run: | - docker push image-registry.apps.golddr.devops.gov.bc.ca/f088b1-tools/pidp-frontend:develop \ No newline at end of file diff --git a/.github/workflows/dev-build-frontend.yaml b/.github/workflows/dev-build-frontend.yaml index 9d7683d91..6e8fe9bd0 100644 --- a/.github/workflows/dev-build-frontend.yaml +++ b/.github/workflows/dev-build-frontend.yaml @@ -13,8 +13,8 @@ concurrency: cancel-in-progress: true jobs: - build-and-deploy-frontend: - name: Frontend Build and Deploy + build-frontend-silver: + name: Frontend Build - Silver runs-on: ubuntu-latest defaults: run: @@ -38,7 +38,8 @@ jobs: - name: "Docker Build" run: | - docker build -t image-registry.apps.silver.devops.gov.bc.ca/d8a8f9-tools/pidp-frontend:develop . + docker build -t pidp-frontend:develop . + docker tag pidp-frontend:develop image-registry.apps.silver.devops.gov.bc.ca/d8a8f9-tools/pidp-frontend:develop # Uses the builder service account token - name: "Docker Login to Silver OCP" @@ -51,3 +52,44 @@ jobs: - name: "Push image" run: | docker push image-registry.apps.silver.devops.gov.bc.ca/d8a8f9-tools/pidp-frontend:develop + build-frontend-gold: + name: Frontend Build - Gold + runs-on: ubuntu-latest + defaults: + run: + working-directory: "./workspace" + steps: + - name: "Checkout Code" + uses: actions/checkout@master + + - name: "Docker Build GOLD" + run: | + docker tag pidp-frontend:develop image-registry.apps.gold.devops.gov.bc.ca/f088b1-tools/pidp-frontend:develop + + # Uses the Artifactory service account's username and password + - name: "Docker Login to GOLD OCP" + uses: docker/login-action@v2 + with: + registry: image-registry.apps.gold.devops.gov.bc.ca + username: builder + password: ${{ secrets.GOLD_TOOLS_BUILDER_TOKEN }} + + - name: "Push image to GOLD OCP" + run: | + docker push image-registry.apps.gold.devops.gov.bc.ca/f088b1-tools/pidp-frontend:develop + + - name: "Docker Build GOLDDR" + run: | + docker tag image-registry.apps.gold.devops.gov.bc.ca/f088b1-tools/pidp-frontend:develop image-registry.apps.golddr.devops.gov.bc.ca/f088b1-tools/pidp-frontend:develop . + + # Uses the Artifactory service account's username and password + - name: "Docker Login to GOLDDR OCP" + uses: docker/login-action@v2 + with: + registry: image-registry.apps.golddr.devops.gov.bc.ca + username: builder + password: ${{ secrets.GOLDDR_TOOLS_BUILDER_TOKEN }} + + - name: "Push image to GOLDDR OCP" + run: | + docker push image-registry.apps.golddr.devops.gov.bc.ca/f088b1-tools/pidp-frontend:develop \ No newline at end of file diff --git a/.github/workflows/dev-build-plr-intake-gold.yaml b/.github/workflows/dev-build-plr-intake-gold.yaml deleted file mode 100644 index a269a2a66..000000000 --- a/.github/workflows/dev-build-plr-intake-gold.yaml +++ /dev/null @@ -1,60 +0,0 @@ -name: Build PLR-Intake Backend - GOLD Dev - -on: - push: - branches: [develop] - paths: - - "backend/services.plr-intake/**" - - "backend/services.plr-intake.tests/**" - workflow_dispatch: - -# This will terminate builds that are previously, but continuing to run. Saves GHA hours. -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true - -jobs: - build-plr-intake: - name: PLR Intake Backend Build - runs-on: ubuntu-latest - defaults: - run: - working-directory: "./backend/services.plr-intake" - steps: - - name: "Checkout Code" - uses: actions/checkout@master - - - name: "Docker Build GOLD image" - run: | - docker build -t image-registry.apps.gold.devops.gov.bc.ca/f088b1-tools/pidp-plr-intake:develop . - - # Uses the builder service account token - - name: "Docker Login to GOLD OCP" - uses: docker/login-action@master - with: - registry: image-registry.apps.gold.devops.gov.bc.ca - username: builder - password: ${{ secrets.GOLD_TOOLS_BUILDER_TOKEN }} - - - name: "Push image" - run: | - docker push image-registry.apps.gold.devops.gov.bc.ca/f088b1-tools/pidp-plr-intake:develop - - - name: "Docker Build GOLDDR image" - run: | - docker tag image-registry.apps.gold.devops.gov.bc.ca/f088b1-tools/pidp-plr-intake:develop image-registry.apps.golddr.devops.gov.bc.ca/f088b1-tools/pidp-plr-intake:develop - - # Uses the builder service account token - - name: "Docker Login to GOLD OCP" - uses: docker/login-action@master - with: - registry: image-registry.apps.golddr.devops.gov.bc.ca - username: builder - password: ${{ secrets.GOLDDR_TOOLS_BUILDER_TOKEN }} - - - name: "Push image" - run: | - docker push image-registry.apps.golddr.devops.gov.bc.ca/f088b1-tools/pidp-plr-intake:develop - - - diff --git a/.github/workflows/dev-build-plr-intake.yaml b/.github/workflows/dev-build-plr-intake.yaml index 1f34065e9..3d94d8a1f 100644 --- a/.github/workflows/dev-build-plr-intake.yaml +++ b/.github/workflows/dev-build-plr-intake.yaml @@ -14,8 +14,8 @@ concurrency: cancel-in-progress: true jobs: - build-and-deploy-plr-intake: - name: PLR Intake Backend Build and Deploy + build-plr-intake-silver: + name: PLR Intake Backend Build - Silver runs-on: ubuntu-latest defaults: run: @@ -26,7 +26,8 @@ jobs: - name: "Docker Build" run: | - docker build -t image-registry.apps.silver.devops.gov.bc.ca/d8a8f9-tools/pidp-plr-intake:develop . + docker build -t pidp-plr-intake:develop . + docker tag pidp-plr-intake:develop image-registry.apps.silver.devops.gov.bc.ca/d8a8f9-tools/pidp-plr-intake:develop # Uses the builder service account token - name: "Docker Login to Silver OCP" @@ -39,3 +40,44 @@ jobs: - name: "Push image" run: | docker push image-registry.apps.silver.devops.gov.bc.ca/d8a8f9-tools/pidp-plr-intake:develop + + build-plr-intake-gold: + name: PLR Intake Backend Build - Gold + runs-on: ubuntu-latest + defaults: + run: + working-directory: "./backend/services.plr-intake" + steps: + - name: "Checkout Code" + uses: actions/checkout@master + + + # Uses the builder service account token + - name: "Docker Login to GOLD OCP" + uses: docker/login-action@master + with: + registry: image-registry.apps.gold.devops.gov.bc.ca + username: builder + password: ${{ secrets.GOLD_TOOLS_BUILDER_TOKEN }} + + - name: "Push image" + run: | + docker tag pidp-plr-intake:develop image-registry.apps.gold.devops.gov.bc.ca/f088b1-tools/pidp-plr-intake:develop + docker push image-registry.apps.gold.devops.gov.bc.ca/f088b1-tools/pidp-plr-intake:develop + + - name: "Docker Build GOLDDR image" + run: | + docker tag image-registry.apps.gold.devops.gov.bc.ca/f088b1-tools/pidp-plr-intake:develop image-registry.apps.golddr.devops.gov.bc.ca/f088b1-tools/pidp-plr-intake:develop + + # Uses the builder service account token + - name: "Docker Login to GOLDDR OCP" + uses: docker/login-action@master + with: + registry: image-registry.apps.golddr.devops.gov.bc.ca + username: builder + password: ${{ secrets.GOLDDR_TOOLS_BUILDER_TOKEN }} + + - name: "Push image" + run: | + docker tag pidp-plr-intake:develop image-registry.apps.golddr.devops.gov.bc.ca/f088b1-tools/pidp-plr-intake:develop + docker push image-registry.apps.golddr.devops.gov.bc.ca/f088b1-tools/pidp-plr-intake:develop \ No newline at end of file diff --git a/.github/workflows/dev-build-webapi-gold.yaml b/.github/workflows/dev-build-webapi-gold.yaml deleted file mode 100644 index 702db4da1..000000000 --- a/.github/workflows/dev-build-webapi-gold.yaml +++ /dev/null @@ -1,59 +0,0 @@ -name: Build WebAPI - GOLD Dev - -on: - push: - branches: [develop] - paths: - - "backend/webapi/**" - - "backend/webapi.tests/**" - workflow_dispatch: - -# This will terminate builds that are previously, but continuing to run. Saves GHA hours. -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true - -jobs: - build-webapi: - name: WebAPI Backend Build - runs-on: ubuntu-latest - defaults: - run: - working-directory: "./backend/webapi" - steps: - - name: "Checkout Code" - uses: actions/checkout@master - - - name: "Docker Build" - run: | - docker build -t image-registry.apps.gold.devops.gov.bc.ca/f088b1-tools/pidp-webapi:develop . - - # Uses the builder service account token - - name: "Docker Login to GOLD OCP" - uses: docker/login-action@master - with: - registry: image-registry.apps.gold.devops.gov.bc.ca - username: builder - password: ${{ secrets.GOLD_TOOLS_BUILDER_TOKEN }} - - - name: "Push image to GOLD OCP" - run: | - docker push image-registry.apps.gold.devops.gov.bc.ca/f088b1-tools/pidp-webapi:develop - - - name: "Docker Build GOLDDR image" - run: | - docker tag image-registry.apps.gold.devops.gov.bc.ca/f088b1-tools/pidp-webapi:develop image-registry.apps.golddr.devops.gov.bc.ca/f088b1-tools/pidp-webapi:develop - - # Uses the builder service account token - - name: "Docker Login to GOLD OCP" - uses: docker/login-action@master - with: - registry: image-registry.apps.golddr.devops.gov.bc.ca - username: builder - password: ${{ secrets.GOLDDR_TOOLS_BUILDER_TOKEN }} - - - name: "Push image" - run: | - docker push image-registry.apps.golddr.devops.gov.bc.ca/f088b1-tools/pidp-webapi:develop - - \ No newline at end of file diff --git a/.github/workflows/dev-build-webapi.yaml b/.github/workflows/dev-build-webapi.yaml index a46f90ba7..41546518a 100644 --- a/.github/workflows/dev-build-webapi.yaml +++ b/.github/workflows/dev-build-webapi.yaml @@ -14,8 +14,8 @@ concurrency: cancel-in-progress: true jobs: - build-and-deploy-webapi: - name: WebAPI Backend Build and Deploy + build-webapi-silver: + name: WebAPI Backend Build - Silver runs-on: ubuntu-latest defaults: run: @@ -39,3 +39,44 @@ jobs: - name: "Push image" run: | docker push image-registry.apps.silver.devops.gov.bc.ca/d8a8f9-tools/pidp-webapi:develop + build-webapi-gold: + name: WebAPI Backend Build - Gold + runs-on: ubuntu-latest + defaults: + run: + working-directory: "./backend/webapi" + steps: + - name: "Checkout Code" + uses: actions/checkout@master + + # Uses the builder service account token + - name: "Docker Login to GOLD OCP" + uses: docker/login-action@master + with: + registry: image-registry.apps.gold.devops.gov.bc.ca + username: builder + password: ${{ secrets.GOLD_TOOLS_BUILDER_TOKEN }} + + - name: "Docker Build GOLD image" + run: | + docker tag pidp-webapi:develop image-registry.apps.gold.devops.gov.bc.ca/f088b1-tools/pidp-webapi:develop + + - name: "Push Docker image to GOLD OCP" + run: | + docker push image-registry.apps.gold.devops.gov.bc.ca/f088b1-tools/pidp-webapi:develop + + # Uses the builder service account token + - name: "Docker Login to GOLDDR OCP" + uses: docker/login-action@master + with: + registry: image-registry.apps.golddr.devops.gov.bc.ca + username: builder + password: ${{ secrets.GOLDDR_TOOLS_BUILDER_TOKEN }} + + - name: "Docker Build GOLDDR image" + run: | + docker tag pidp-webapi:develop image-registry.apps.golddr.devops.gov.bc.ca/f088b1-tools/pidp-webapi:develop + + - name: "Push image" + run: | + docker push image-registry.apps.golddr.devops.gov.bc.ca/f088b1-tools/pidp-webapi:develop \ No newline at end of file diff --git a/.github/workflows/dev-deploy-endorsement-reminder-gold.yaml b/.github/workflows/dev-deploy-endorsement-reminder-gold.yaml deleted file mode 100644 index 401981ddf..000000000 --- a/.github/workflows/dev-deploy-endorsement-reminder-gold.yaml +++ /dev/null @@ -1,34 +0,0 @@ -name: Deploy Dev Helm Charts - Endorsement Reminder - -on: - push: - branches: [develop] - paths: - - "infra/endorsement_reminder/**" - workflow_dispatch: - -# This will terminate builds that are previously, but continuing to run. Saves GHA hours. -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true - -jobs: - - helm-deployment-endorsement-reminder: - runs-on: 'ubuntu-latest' - steps: - - uses: actions/checkout@v4 - - - name: Authenticate and set context - uses: redhat-actions/oc-login@v1.2 - with: - openshift_server_url: ${{secrets.GOLD_OPENSHIFT_CLUSTER_URL}} - openshift_token: ${{secrets.GOLD_DEV_SERVICE_TOKEN}} - - - name: Helm Deploy Upgrade - run: | - echo current installed helm releases - helm list --namespace f088b1-dev - - echo installing helm chart... - helm upgrade --wait --namespace f088b1-dev --values infra/endorsement_reminder/values.yaml --set env=dev global.image.registry=image-registry.openshift-image-registry.svc:5000/f088b1-tools global.image.tag=develop endorsement-reminder infra/endorsement_reminder diff --git a/.github/workflows/dev-deploy-endorsement-reminder.yaml b/.github/workflows/dev-deploy-endorsement-reminder.yaml index 418b456c8..2f4ac156e 100644 --- a/.github/workflows/dev-deploy-endorsement-reminder.yaml +++ b/.github/workflows/dev-deploy-endorsement-reminder.yaml @@ -13,8 +13,7 @@ concurrency: cancel-in-progress: true jobs: - - helm-deployment-endorsement-reminder: + helm-deployment-endorsement-reminder-silver: runs-on: 'ubuntu-latest' steps: - uses: actions/checkout@v4 @@ -31,4 +30,23 @@ jobs: helm list --namespace d8a8f9-dev echo installing helm chart... - helm upgrade --wait --namespace d8a8f9-dev --values infra/endorsement_reminder/values-dev.yaml endorsement-reminder infra/endorsement_reminder + helm upgrade --wait --namespace d8a8f9-dev --values infra/endorsement_reminder/values.yaml endorsement-reminder infra/endorsement_reminder + + helm-deployment-endorsement-reminder-gold: + runs-on: 'ubuntu-latest' + steps: + - uses: actions/checkout@v4 + + - name: Authenticate and set context + uses: redhat-actions/oc-login@v1.2 + with: + openshift_server_url: ${{secrets.GOLD_OPENSHIFT_CLUSTER_URL}} + openshift_token: ${{secrets.GOLD_PIPELINE_SERVICE_ACCOUNT_TOKEN}} + + - name: Helm Deploy Upgrade + run: | + echo current installed helm releases + helm list --namespace f088b1-dev + + echo installing helm chart... + helm upgrade --wait --namespace f088b1-dev --values infra/endorsement_reminder/values.yaml --set global.image.registry=image-registry.openshift-image-registry.svc:5000/f088b1-tools endorsement-reminder infra/endorsement_reminder diff --git a/.github/workflows/dev-deploy-helm_chart-gold.yaml b/.github/workflows/dev-deploy-helm_chart-gold.yaml deleted file mode 100644 index 1e6151de0..000000000 --- a/.github/workflows/dev-deploy-helm_chart-gold.yaml +++ /dev/null @@ -1,54 +0,0 @@ -name: Deploy Helm Charts - GOLD Dev - -on: - push: - branches: [develop] - paths: - - "charts/**" - - "./deploy/dev_values.yaml" - workflow_dispatch: - -# This will terminate builds that are previously, but continuing to run. Saves GHA hours. -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true - -jobs: - helm-deployment-gold: - runs-on: 'ubuntu-latest' - steps: - - uses: actions/checkout@master - - - name: Authenticate and set context - uses: redhat-actions/oc-login@v1.3 - with: - openshift_server_url: ${{secrets.GOLD_OPENSHIFT_CLUSTER_URL}} - openshift_token: ${{secrets.GOLD_PIPELINE_SERVICE_ACCOUNT_TOKEN}} - - - name: Helm Deploy / install command - run: | - echo current installed helm releases - helm list --namespace f088b1-dev - - echo installing helm chart... - helm upgrade --wait --values ./deploy/dev_values.yaml --namespace f088b1-dev --set global.image.registry=image-registry.openshift-image-registry.svc:5000/f088b1-tools dev charts/pidp --debug - - helm-deployment-goldDR: - runs-on: 'ubuntu-latest' - steps: - - uses: actions/checkout@master - - - name: Authenticate and set context - uses: redhat-actions/oc-login@v1.3 - with: - openshift_server_url: ${{secrets.GOLDDR_OPENSHIFT_CLUSTER_URL}} - openshift_token: ${{secrets.GOLDDR_PIPELINE_SERVICE_ACCOUNT_TOKEN}} - - - name: Helm Deploy / install command - run: | - echo current installed helm releases - oc project f088b1-dev - helm list --namespace f088b1-dev - - echo installing helm chart... - helm upgrade --wait --values ./deploy/dev_values.yaml --namespace f088b1-dev --set global.image.registry=image-registry.openshift-image-registry.svc:5000/f088b1-tools dev charts/pidp --debug diff --git a/.github/workflows/dev-deploy-helm_chart.yaml b/.github/workflows/dev-deploy-helm_chart.yaml index fc77e058b..2f4554d7f 100644 --- a/.github/workflows/dev-deploy-helm_chart.yaml +++ b/.github/workflows/dev-deploy-helm_chart.yaml @@ -15,7 +15,7 @@ concurrency: jobs: - helm-deployment: + helm-deployment-silver: runs-on: 'ubuntu-latest' steps: - uses: actions/checkout@v1 @@ -33,3 +33,43 @@ jobs: echo installing helm chart... helm upgrade --wait --values ./deploy/dev_values.yaml --namespace d8a8f9-dev dev charts/pidp --debug + + helm-deployment-gold: + runs-on: 'ubuntu-latest' + steps: + - uses: actions/checkout@master + + - name: Authenticate and set context + uses: redhat-actions/oc-login@v1.3 + with: + openshift_server_url: ${{secrets.GOLD_OPENSHIFT_CLUSTER_URL}} + openshift_token: ${{secrets.GOLD_PIPELINE_SERVICE_ACCOUNT_TOKEN}} + + - name: Helm Deploy / install command + run: | + echo current installed helm releases + helm list --namespace f088b1-dev + + echo installing helm chart... + helm upgrade --wait --values ./deploy/dev_values.yaml --set global.image.registry=image-registry.openshift-image-registry.svc:5000/f088b1-tools --namespace f088b1-dev dev charts/pidp --debug + + helm-deployment-goldDR: + runs-on: 'ubuntu-latest' + steps: + - uses: actions/checkout@master + + - name: Authenticate and set context + uses: redhat-actions/oc-login@v1.3 + with: + openshift_server_url: ${{secrets.GOLDDR_OPENSHIFT_CLUSTER_URL}} + openshift_token: ${{secrets.GOLDDR_PIPELINE_SERVICE_ACCOUNT_TOKEN}} + + - name: Helm Deploy / install command + run: | + echo current installed helm releases + oc project f088b1-dev + helm list --namespace f088b1-dev + + echo installing helm chart... + helm upgrade --wait --values ./deploy/dev_values.yaml --set global.image.registry=image-registry.openshift-image-registry.svc:5000/f088b1-tools --namespace f088b1-dev dev charts/pidp --debug + diff --git a/.github/workflows/main-build-endorsement-reminder.yaml b/.github/workflows/main-build-endorsement-reminder.yaml index a199c6650..03d7dc139 100644 --- a/.github/workflows/main-build-endorsement-reminder.yaml +++ b/.github/workflows/main-build-endorsement-reminder.yaml @@ -17,8 +17,8 @@ concurrency: cancel-in-progress: true jobs: - promote-image-to-prod: - name: WebAPI Backend Promote to prod + promote-image-to-prod-silver: + name: WebAPI Backend Promote to prod - Silver runs-on: ubuntu-latest steps: - name: Install oc @@ -35,3 +35,21 @@ jobs: oc -n d8a8f9-tools tag \ d8a8f9-tools/endorsement-reminder:${{ env.ORIG_TAG }} \ d8a8f9-tools/endorsement-reminder:${{ env.PROMOTE_TAG }} + promote-image-to-prod-gold: + name: WebAPI Backend Promote to prod - Gold + runs-on: ubuntu-latest + steps: + - name: Install oc + uses: redhat-actions/openshift-tools-installer@v1 + with: + oc: "4.9" + + - name: oc login + run: | + oc login --token=${{ secrets.GOLD_PIPELINE_SERVICE_ACCOUNT_TOKEN }} --server=${{ secrets.GOLD_OPENSHIFT_CLUSTER_URL }} + + - name: Promote webapi from test to prod + run: | + oc -n f088b1-tools tag \ + f088b1-tools/endorsement-reminder:${{ env.ORIG_TAG }} \ + f088b1-tools/endorsement-reminder:${{ env.PROMOTE_TAG }} \ No newline at end of file diff --git a/.github/workflows/main-build-frontend.yaml b/.github/workflows/main-build-frontend.yaml index 28ca770cc..dbdaf904c 100644 --- a/.github/workflows/main-build-frontend.yaml +++ b/.github/workflows/main-build-frontend.yaml @@ -17,8 +17,8 @@ concurrency: cancel-in-progress: true jobs: - promote-image-to-prod: - name: WebAPI Backend Promote to prod + promote-image-to-prod-silver: + name: WebAPI Backend Promote to prod- Silver runs-on: ubuntu-latest steps: - name: Install oc @@ -35,3 +35,32 @@ jobs: oc -n d8a8f9-tools tag \ d8a8f9-tools/pidp-frontend:${{ env.ORIG_TAG }} \ d8a8f9-tools/pidp-frontend:${{ env.PROMOTE_TAG }} + + promote-image-to-prod-gold: + name: WebAPI Backend Promote to prod- Gold + runs-on: ubuntu-latest + steps: + - name: Install oc + uses: redhat-actions/openshift-tools-installer@v1 + with: + oc: "4.9" + + - name: oc login - Gold + run: | + oc login --token=${{ secrets.GOLD_PIPELINE_SERVICE_ACCOUNT_TOKEN }} --server=${{ secrets.GOLD_OPENSHIFT_CLUSTER_URL }} + + - name: Promote frontend from test to main - Gold + run: | + oc -n f088b1-tools tag \ + f088b1-tools/pidp-frontend:${{ env.ORIG_TAG }} \ + f088b1-tools/pidp-frontend:${{ env.PROMOTE_TAG }} + + - name: oc login - Golddr + run: | + oc login --token=${{ secrets.GOLDDR_PIPELINE_SERVICE_ACCOUNT_TOKEN }} --server=${{ secrets.GOLDDR_OPENSHIFT_CLUSTER_URL }} + + - name: Promote frontend from test to main - Golddr + run: | + oc -n f088b1-tools tag \ + f088b1-tools/pidp-frontend:${{ env.ORIG_TAG }} \ + f088b1-tools/pidp-frontend:${{ env.PROMOTE_TAG }} diff --git a/.github/workflows/main-build-plr-intake.yaml b/.github/workflows/main-build-plr-intake.yaml index aab3caff5..53dd83e83 100644 --- a/.github/workflows/main-build-plr-intake.yaml +++ b/.github/workflows/main-build-plr-intake.yaml @@ -19,8 +19,8 @@ concurrency: cancel-in-progress: true jobs: - promote-image-to-prod: - name: WebAPI Backend Promote to prod + promote-image-to-prod-silver: + name: WebAPI Backend Promote to prod - Silver runs-on: ubuntu-latest steps: - name: Install oc @@ -37,3 +37,31 @@ jobs: oc -n d8a8f9-tools tag \ d8a8f9-tools/pidp-plr-intake:${{ env.ORIG_TAG }} \ d8a8f9-tools/pidp-plr-intake:${{ env.PROMOTE_TAG }} + promote-image-to-prod-gold: + name: WebAPI Backend Promote to prod - Gold + runs-on: ubuntu-latest + steps: + - name: Install oc + uses: redhat-actions/openshift-tools-installer@v1 + with: + oc: "4.7" + + - name: oc login - Gold + run: | + oc login --token=${{ secrets.GOLD_PIPELINE_SERVICE_ACCOUNT_TOKEN }} --server=${{ secrets.GOLD_OPENSHIFT_CLUSTER_URL }} + + - name: Promote plr-intake from test to main - Gold + run: | + oc -n f088b1-tools tag \ + f088b1-tools/pidp-plr-intake:${{ env.ORIG_TAG }} \ + f088b1-tools/pidp-plr-intake:${{ env.PROMOTE_TAG }} + + - name: oc login - Golddr + run: | + oc login --token=${{ secrets.GOLDDR_PIPELINE_SERVICE_ACCOUNT_TOKEN }} --server=${{ secrets.GOLDDR_OPENSHIFT_CLUSTER_URL }} + + - name: Promote plr-intake from test to main - Golddr + run: | + oc -n f088b1-tools tag \ + f088b1-tools/pidp-plr-intake:${{ env.ORIG_TAG }} \ + f088b1-tools/pidp-plr-intake:${{ env.PROMOTE_TAG }} \ No newline at end of file diff --git a/.github/workflows/main-build-webapi.yaml b/.github/workflows/main-build-webapi.yaml index 06f6e88f9..8d923d8f3 100644 --- a/.github/workflows/main-build-webapi.yaml +++ b/.github/workflows/main-build-webapi.yaml @@ -18,8 +18,8 @@ concurrency: cancel-in-progress: true jobs: - promote-image-to-prod: - name: WebAPI Backend Promote to prod + promote-image-to-prod-silver: + name: WebAPI Backend Promote to prod - Silver runs-on: ubuntu-latest steps: - name: Install oc @@ -36,3 +36,32 @@ jobs: oc -n d8a8f9-tools tag \ d8a8f9-tools/pidp-webapi:${{ env.ORIG_TAG }} \ d8a8f9-tools/pidp-webapi:${{ env.PROMOTE_TAG }} + + promote-image-to-prod-gold: + name: WebAPI Backend Promote to prod - Gold + runs-on: ubuntu-latest + steps: + - name: Install oc + uses: redhat-actions/openshift-tools-installer@v1 + with: + oc: "4.9" + + - name: oc login - Gold + run: | + oc login --token=${{ secrets.GOLD_PIPELINE_SERVICE_ACCOUNT_TOKEN }} --server=${{ secrets.GOLD_OPENSHIFT_CLUSTER_URL }} + + - name: Promote webapi from test to main - Gold + run: | + oc -n f088b1-tools tag \ + f088b1-tools/pidp-webapi:${{ env.ORIG_TAG }} \ + f088b1-tools/pidp-webapi:${{ env.PROMOTE_TAG }} + + - name: oc login - Golddr + run: | + oc login --token=${{ secrets.GOLDDR_PIPELINE_SERVICE_ACCOUNT_TOKEN }} --server=${{ secrets.GOLDDR_OPENSHIFT_CLUSTER_URL }} + + - name: Promote webapi from test to main - Golddr + run: | + oc -n f088b1-tools tag \ + f088b1-tools/pidp-webapi:${{ env.ORIG_TAG }} \ + f088b1-tools/pidp-webapi:${{ env.PROMOTE_TAG }} \ No newline at end of file diff --git a/.github/workflows/main-deploy-db-migration.yaml b/.github/workflows/main-deploy-db-migration.yaml index 4fd0a2347..913c196cf 100644 --- a/.github/workflows/main-deploy-db-migration.yaml +++ b/.github/workflows/main-deploy-db-migration.yaml @@ -11,8 +11,7 @@ concurrency: cancel-in-progress: true jobs: - - helm-deployment: + db-migration-silver: runs-on: 'ubuntu-latest' steps: - uses: actions/checkout@v1 @@ -23,7 +22,7 @@ jobs: openshift_server_url: ${{secrets.OPENSHIFT_CLUSTER_URL}} openshift_token: ${{secrets.OPENSHIFT_PIPELINE_SERVICE_ACCOUNT_TOKEN}} - - name: deply db migration job + - name: deply db migration job - silver run: | oc project d8a8f9-prod @@ -37,4 +36,31 @@ jobs: oc delete job/prod-plr-intake-migrations -n d8a8f9-prod --ignore-not-found echo applying plr-intake-migration template... - helm template prod charts/plr-intake -n d8a8f9-prod --values ./deploy/prod_values.yaml -s templates/migrations.yaml --wait --debug| oc apply -n d8a8f9-prod -f - \ No newline at end of file + helm template prod charts/plr-intake -n d8a8f9-prod --values ./deploy/prod_values.yaml -s templates/migrations.yaml --wait --debug| oc apply -n d8a8f9-prod -f - + + db-migration-gold: + runs-on: 'ubuntu-latest' + steps: + - uses: actions/checkout@v1 + + - name: Authenticate and set context + uses: redhat-actions/oc-login@v1.1 + with: + openshift_server_url: ${{secrets.GOLD_OPENSHIFT_CLUSTER_URL}} + openshift_token: ${{secrets.GOLD_PIPELINE_SERVICE_ACCOUNT_TOKEN}} + + - name: deply db migration job - Gold + run: | + oc project f088b1-prod + + echo deleting prod-webapi-migrations job + oc delete job/prod-webapi-migrations -n f088b1-prod --ignore-not-found + + echo applying web-api-migration template... + helm template prod charts/webapi -n f088b1-prod --values ./deploy/prod_values_gold.yaml -s templates/migrations.yaml --wait --debug| oc apply -n f088b1-prod -f - + + echo deleting prod-plr-intake-migrations job + oc delete job/prod-plr-intake-migrations -n f088b1-prod --ignore-not-found + + echo applying plr-intake-migration template... + helm template prod charts/plr-intake -n f088b1-prod --values ./deploy/prod_values_gold.yaml -s templates/migrations.yaml --wait --debug| oc apply -n f088b1-prod -f - diff --git a/.github/workflows/main-deploy-endorsement-reminder.yaml b/.github/workflows/main-deploy-endorsement-reminder.yaml index 8304f3ed8..48c17cc4a 100644 --- a/.github/workflows/main-deploy-endorsement-reminder.yaml +++ b/.github/workflows/main-deploy-endorsement-reminder.yaml @@ -14,7 +14,7 @@ concurrency: jobs: - helm-deployment-endorsement-reminder: + helm-deployment-endorsement-reminder-silver: runs-on: 'ubuntu-latest' steps: - uses: actions/checkout@v4 @@ -31,4 +31,23 @@ jobs: helm list --namespace d8a8f9-test echo installing helm chart... - helm upgrade --wait --namespace d8a8f9-prod --values infra/endorsement_reminder/values-prod.yaml endorsement-reminder infra/endorsement_reminder + helm upgrade --wait --namespace d8a8f9-prod --values infra/endorsement_reminder/values.yaml --set env=prod global.image.tag=main aspnetcore.environment=Production endorsement-reminder infra/endorsement_reminder + + helm-deployment-endorsement-reminder-gold: + runs-on: 'ubuntu-latest' + steps: + - uses: actions/checkout@v4 + + - name: Authenticate and set context + uses: redhat-actions/oc-login@v1.2 + with: + openshift_server_url: ${{secrets.GOLD_OPENSHIFT_CLUSTER_URL}} + openshift_token: ${{secrets.GOLD_PIPELINE_SERVICE_ACCOUNT_TOKEN}} + + - name: Helm Deploy Upgrade + run: | + echo current installed helm releases + helm list --namespace f088b1-test + + echo installing helm chart... + helm upgrade --wait --namespace f088b1-prod --values infra/endorsement_reminder/values.yaml endorsement-reminder infra/endorsement_reminder diff --git a/.github/workflows/main-deploy_helm_chart Gold.yaml b/.github/workflows/main-deploy_helm_chart Gold.yaml new file mode 100644 index 000000000..39ab6d293 --- /dev/null +++ b/.github/workflows/main-deploy_helm_chart Gold.yaml @@ -0,0 +1,34 @@ +name: Deploy Helm Charts - Prod - Gold + +on: + push: + branches: [main] + paths: + - "charts/**" + - "./deploy/prod_values_gold.yaml" + workflow_dispatch: + +# This will terminate builds that are previously, but continuing to run. Saves GHA hours. +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +jobs: + helm-deployment-gold: + runs-on: 'ubuntu-latest' + steps: + - uses: actions/checkout@v1 + + - name: Authenticate and set context + uses: redhat-actions/oc-login@v1.1 + with: + openshift_server_url: ${{secrets.GOLD_OPENSHIFT_CLUSTER_URL}} + openshift_token: ${{secrets.GOLD_PIPELINE_SERVICE_ACCOUNT_TOKEN}} + + - name: Helm Deploy / install command + run: | + echo current installed helm releases + helm list --namespace f088b1-prod + + echo installing helm chart... + helm upgrade --wait --values ./deploy/prod_values_gold.yaml --namespace f088b1-prod prod charts/pidp --debug diff --git a/.github/workflows/test-build-endorsement-reminder.yaml b/.github/workflows/test-build-endorsement-reminder.yaml index 42f5cf984..9e75188f0 100644 --- a/.github/workflows/test-build-endorsement-reminder.yaml +++ b/.github/workflows/test-build-endorsement-reminder.yaml @@ -17,8 +17,8 @@ concurrency: cancel-in-progress: true jobs: - promote-image-to-test: - name: WebAPI Backend Promote to test + promote-image-to-test-silver: + name: WebAPI Backend Promote to test - Silver runs-on: ubuntu-latest steps: - name: Install oc @@ -35,3 +35,22 @@ jobs: oc -n d8a8f9-tools tag \ d8a8f9-tools/endorsement-reminder:${{ env.ORIG_TAG }} \ d8a8f9-tools/endorsement-reminder:${{ env.PROMOTE_TAG }} + + promote-image-to-test-gold: + name: WebAPI Backend Promote to test - Gold + runs-on: ubuntu-latest + steps: + - name: Install oc + uses: redhat-actions/openshift-tools-installer@v1 + with: + oc: "4.9" + + - name: oc login + run: | + oc login --token=${{ secrets.GOLD_PIPELINE_SERVICE_ACCOUNT_TOKEN }} --server=${{ secrets.GOLD_OPENSHIFT_CLUSTER_URL }} + + - name: Promote webapi from dev to test + run: | + oc -n f088b1-tools tag \ + f088b1-tools/endorsement-reminder:${{ env.ORIG_TAG }} \ + f088b1-tools/endorsement-reminder:${{ env.PROMOTE_TAG }} diff --git a/.github/workflows/test-build-frontend.yaml b/.github/workflows/test-build-frontend.yaml index b12b0252f..35e660346 100644 --- a/.github/workflows/test-build-frontend.yaml +++ b/.github/workflows/test-build-frontend.yaml @@ -17,8 +17,8 @@ concurrency: cancel-in-progress: true jobs: - promote-image-to-test: - name: WebAPI Backend Promote to test + promote-image-to-test-silver: + name: Frontend Promote to test runs-on: ubuntu-latest steps: - name: Install oc @@ -35,3 +35,32 @@ jobs: oc -n d8a8f9-tools tag \ d8a8f9-tools/pidp-frontend:${{ env.ORIG_TAG }} \ d8a8f9-tools/pidp-frontend:${{ env.PROMOTE_TAG }} + + promote-image-to-test-gold: + name: Frontend Promote to test - Gold + runs-on: ubuntu-latest + steps: + - name: Install oc + uses: redhat-actions/openshift-tools-installer@v1 + with: + oc: "4.9" + + - name: oc login - Gold + run: | + oc login --token=${{ secrets.GOLD_PIPELINE_SERVICE_ACCOUNT_TOKEN }} --server=${{ secrets.GOLD_OPENSHIFT_CLUSTER_URL }} + + - name: Promote frontend from dev to test - Gold + run: | + oc -n f088b1-tools tag \ + f088b1-tools/pidp-frontend:${{ env.ORIG_TAG }} \ + f088b1-tools/pidp-frontend:${{ env.PROMOTE_TAG }} + + - name: oc login - Golddr + run: | + oc login --token=${{ secrets.GOLDDR_PIPELINE_SERVICE_ACCOUNT_TOKEN }} --server=${{ secrets.GOLDDR_OPENSHIFT_CLUSTER_URL }} + + - name: Promote frontend from dev to test - Golddr + run: | + oc -n f088b1-tools tag \ + f088b1-tools/pidp-frontend:${{ env.ORIG_TAG }} \ + f088b1-tools/pidp-frontend:${{ env.PROMOTE_TAG }} diff --git a/.github/workflows/test-build-plr-intake.yaml b/.github/workflows/test-build-plr-intake.yaml index 3c3160037..af91a5236 100644 --- a/.github/workflows/test-build-plr-intake.yaml +++ b/.github/workflows/test-build-plr-intake.yaml @@ -18,8 +18,8 @@ concurrency: cancel-in-progress: true jobs: - promote-image-to-test: - name: WebAPI Backend Promote to test + promote-image-to-test-silver: + name: Plr Intake Backend Promote to test - Silver runs-on: ubuntu-latest steps: - name: Install oc @@ -36,3 +36,32 @@ jobs: oc -n d8a8f9-tools tag \ d8a8f9-tools/pidp-plr-intake:${{ env.ORIG_TAG }} \ d8a8f9-tools/pidp-plr-intake:${{ env.PROMOTE_TAG }} + + promote-image-to-test-gold: + name: Plr Intake Backend Promote to test - Gold + runs-on: ubuntu-latest + steps: + - name: Install oc + uses: redhat-actions/openshift-tools-installer@v1 + with: + oc: "4.9" + + - name: oc login - Gold + run: | + oc login --token=${{ secrets.GOLD_PIPELINE_SERVICE_ACCOUNT_TOKEN }} --server=${{ secrets.GOLD_OPENSHIFT_CLUSTER_URL }} + + - name: Promote plr-intake from dev to test - Gold + run: | + oc -n f088b1-tools tag \ + f088b1-tools/pidp-plr-intake:${{ env.ORIG_TAG }} \ + f088b1-tools/pidp-plr-intake:${{ env.PROMOTE_TAG }} + + - name: oc login - Golddr + run: | + oc login --token=${{ secrets.GOLDDR_PIPELINE_SERVICE_ACCOUNT_TOKEN }} --server=${{ secrets.GOLDDR_OPENSHIFT_CLUSTER_URL }} + + - name: Promote plr-intake from dev to test - Golddr + run: | + oc -n f088b1-tools tag \ + f088b1-tools/pidp-plr-intake:${{ env.ORIG_TAG }} \ + f088b1-tools/pidp-plr-intake:${{ env.PROMOTE_TAG }} diff --git a/.github/workflows/test-build-webapi.yaml b/.github/workflows/test-build-webapi.yaml index 84d828a86..074393d90 100644 --- a/.github/workflows/test-build-webapi.yaml +++ b/.github/workflows/test-build-webapi.yaml @@ -18,8 +18,8 @@ concurrency: cancel-in-progress: true jobs: - promote-image-to-test: - name: WebAPI Backend Promote to test + promote-image-to-test-silver: + name: WebAPI Backend Promote to test - Silver runs-on: ubuntu-latest steps: - name: Install oc @@ -37,3 +37,32 @@ jobs: d8a8f9-tools/pidp-webapi:${{ env.ORIG_TAG }} \ d8a8f9-tools/pidp-webapi:${{ env.PROMOTE_TAG }} + promote-image-to-test-gold: + name: WebAPI Backend Promote to test - Gold + runs-on: ubuntu-latest + steps: + - name: Install oc + uses: redhat-actions/openshift-tools-installer@v1 + with: + oc: "4.9" + + - name: oc login - Gold + run: | + oc login --token=${{ secrets.GOLD_PIPELINE_SERVICE_ACCOUNT_TOKEN }} --server=${{ secrets.GOLD_OPENSHIFT_CLUSTER_URL }} + + - name: Promote WebAPI from dev to test - Gold + run: | + oc -n f088b1-tools tag \ + f088b1-tools/pidp-webapi:${{ env.ORIG_TAG }} \ + f088b1-tools/pidp-webapi:${{ env.PROMOTE_TAG }} + + - name: oc login - Golddr + run: | + oc login --token=${{ secrets.GOLDDR_PIPELINE_SERVICE_ACCOUNT_TOKEN }} --server=${{ secrets.GOLDDR_OPENSHIFT_CLUSTER_URL }} + + - name: Promote WebAPI from dev to test - Golddr + run: | + oc -n f088b1-tools tag \ + f088b1-tools/pidp-webapi:${{ env.ORIG_TAG }} \ + f088b1-tools/pidp-webapi:${{ env.PROMOTE_TAG }} + diff --git a/.github/workflows/test-deploy-endorsement-reminder.yaml b/.github/workflows/test-deploy-endorsement-reminder.yaml index 3952197fd..fa899689a 100644 --- a/.github/workflows/test-deploy-endorsement-reminder.yaml +++ b/.github/workflows/test-deploy-endorsement-reminder.yaml @@ -31,4 +31,23 @@ jobs: helm list --namespace d8a8f9-test echo installing helm chart... - helm upgrade --wait --namespace d8a8f9-test --values infra/endorsement_reminder/values-test.yaml endorsement-reminder infra/endorsement_reminder + helm upgrade --wait --namespace d8a8f9-test --values infra/endorsement_reminder/values.yaml endorsement-reminder infra/endorsement_reminder + + helm-deployment-endorsement-reminder-gold: + runs-on: 'ubuntu-latest' + steps: + - uses: actions/checkout@v4 + + - name: Authenticate and set context + uses: redhat-actions/oc-login@v1.2 + with: + openshift_server_url: ${{secrets.GOLD_OPENSHIFT_CLUSTER_URL}} + openshift_token: ${{secrets.GOLD_PIPELINE_SERVICE_ACCOUNT_TOKEN}} + + - name: Helm Deploy Upgrade + run: | + echo current installed helm releases + helm list --namespace f088b1-test + + echo installing helm chart... + helm upgrade --wait --namespace f088b1-test --values infra/endorsement_reminder/values.yaml endorsement-reminder infra/endorsement_reminder diff --git a/.github/workflows/test-deploy_helm_chart.yaml b/.github/workflows/test-deploy_helm_chart.yaml index ee1acba4b..1d1b34d21 100644 --- a/.github/workflows/test-deploy_helm_chart.yaml +++ b/.github/workflows/test-deploy_helm_chart.yaml @@ -14,7 +14,6 @@ concurrency: cancel-in-progress: true jobs: - helm-deployment: runs-on: 'ubuntu-latest' steps: @@ -33,3 +32,41 @@ jobs: echo installing helm chart... helm upgrade --wait --values ./deploy/test_values.yaml --namespace d8a8f9-test test charts/pidp --debug + + helm-deployment-gold: + runs-on: 'ubuntu-latest' + steps: + - uses: actions/checkout@v1 + + - name: Authenticate and set context + uses: redhat-actions/oc-login@v1.1 + with: + openshift_server_url: ${{secrets.GOLD_OPENSHIFT_CLUSTER_URL}} + openshift_token: ${{secrets.GOLD_PIPELINE_SERVICE_ACCOUNT_TOKEN}} + + - name: Helm Deploy / install command + run: | + echo current installed helm releases + helm list --namespace f088b1-test + + echo installing helm chart... + helm upgrade --wait --values ./deploy/test_values.yaml --set global.image.registry=image-registry.openshift-image-registry.svc:5000/f088b1-tools --namespace f088b1-test test charts/pidp --debug + + helm-deployment-golddr: + runs-on: 'ubuntu-latest' + steps: + - uses: actions/checkout@v1 + + - name: Authenticate and set context + uses: redhat-actions/oc-login@v1.1 + with: + openshift_server_url: ${{secrets.GOLDDR_OPENSHIFT_CLUSTER_URL}} + openshift_token: ${{secrets.GOLDDR_PIPELINE_SERVICE_ACCOUNT_TOKEN}} + + - name: Helm Deploy / install command + run: | + echo current installed helm releases + helm list --namespace f088b1-test + + echo installing helm chart... + helm upgrade --wait --values ./deploy/test_values.yaml --set global.image.registry=image-registry.openshift-image-registry.svc:5000/f088b1-tools --namespace f088b1-test test charts/pidp --debug diff --git a/charts/nginx/values.yaml b/charts/nginx/values.yaml index 34b558994..dacdf1dc1 100644 --- a/charts/nginx/values.yaml +++ b/charts/nginx/values.yaml @@ -885,7 +885,7 @@ metrics: ## @section fluentbit parameters fluentbit: - enabled: false + enabled: true imageRegistry: docker.io/fluent/fluent-bit:3.0.3-debug imagePullPolicy: IfNotPresent securityContext: diff --git a/charts/webapi/values.yaml b/charts/webapi/values.yaml index 979999c51..2e235d629 100644 --- a/charts/webapi/values.yaml +++ b/charts/webapi/values.yaml @@ -102,7 +102,7 @@ rabbitmq: fluentbit: - enabled: false + enabled: true imageRegistry: docker.io/fluent/fluent-bit:3.0.3-debug imagePullPolicy: IfNotPresent securityContext: diff --git a/deploy/prod_values.yaml b/deploy/prod_values.yaml index f76271395..899da4ef0 100644 --- a/deploy/prod_values.yaml +++ b/deploy/prod_values.yaml @@ -18,8 +18,6 @@ redis: nginx: replicaCount: 3 - fluentbit: - enabled: true frontend: replicaCount: 3 @@ -32,8 +30,6 @@ webapi: replicaCount: 3 aspnetcore: environment: Production - fluentbit: - enabled: true plr-intake: replicaCount: 2 diff --git a/deploy/prod_values_gold.yaml b/deploy/prod_values_gold.yaml new file mode 100644 index 000000000..f7d7d4d47 --- /dev/null +++ b/deploy/prod_values_gold.yaml @@ -0,0 +1,157 @@ +# PR Helm values +global: + vanityURL: "healthprovideridentityportal.gov.bc.ca" + commit_sha: "" + image: + registry: image-registry.openshift-image-registry.svc:5000/f088b1-tools + tag: main + +database: + autoCreate: false + # databaseHost: dev-patroni +# existingSecret: dev-patroni-secret + +redis: + enabled: false + auth: + existingSecret: redis + existingSecretPasswordKey: database-password + +nginx: + replicaCount: 3 + fluentbit: + enabled: true + serverBlock: |- + server { + listen 8080; + server_name localhost *.gov.bc.ca; + location / { + proxy_pass http://prod-frontend:8080/; + } + location ^~ /api/ { + proxy_pass http://prod-webapi:8080/api/; + } + location ^~ /api/v1/ { + proxy_pass http://prod-webapi:8080/api/; + } + location ^~ /api/v1/PLRHL7 { + proxy_pass http://prod-webapi:8080/api/PLRHL7; + proxy_set_header X-SSL-CERT $ssl_client_escaped_cert; + } + location ^~ /midas/ { + proxy_pass http://midas-probe:80/midas/; + } + # Deny all attempts to access hidden files such as .htaccess or .htpasswd + location ~ /\. { + deny all; + } + # required for metrics exporter + location /status { + stub_status on; + access_log off; + allow 127.0.0.1; + deny all; + } + } + server { + listen 8443 ssl; + server_name localhost *.gov.bc.ca; + ssl_certificate certs/tls.crt; + ssl_certificate_key certs/tls.key; + ssl_verify_client optional_no_ca; + ssl_protocols TLSv1.2 TLSv1.3; + ssl_client_certificate certs/plr/trusted-ca-certs.pem; + set $CSP_style "style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com https://cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/css/bootstrap.min.css"; + set $CSP_font "font-src 'self' data: *.googleapis.com *.gstatic.com"; + set $CSP_frame "frame-ancestors 'self' *.oidc.gov.bc.ca oidc.gov.bc.ca"; + set $CSP_SCRIPT "script-src 'self' 'unsafe-inline' https://code.jquery.com/jquery-3.6.0.min.js"; + set $CSP "default-src 'self' 'unsafe-inline' *.hlth.gov.bc.ca ; ${CSP_style} ; ${CSP_font} ; ${CSP_SCRIPT} ; ${CSP_frame}"; + add_header Content-Security-Policy $CSP; + add_header X-Frame-Options "ALLOW-FROM dev.oidc.gov.bc.ca oidc.gov.bc.ca" always; + add_header X-XSS-Protection "1; mode=block" always; + add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload" always; + add_header X-Content-Type-Options "nosniff" always; + add_header Referrer-Policy "no-referrer-when-downgrade"; + location / { + proxy_pass http://prod-frontend:8080/; + } + location ^~ /api/ { + proxy_pass http://prod-webapi:8080/api/; + } + location ^~ /api/v1/ { + proxy_pass http://prod-webapi:8080/api/; + } + location ^~ /api/v1/PLRHL7 { + proxy_pass http://prod-webapi:8080/api/PLRHL7; + proxy_set_header X-SSL-CERT $ssl_client_escaped_cert; + } + location ^~ /midas/ { + proxy_pass http://midas-probe:80/midas/; + } + # Deny all attempts to access hidden files such as .htaccess or .htpasswd + location ~ /\. { + deny all; + } + # required for metrics exporter + location /status { + stub_status on; + access_log off; + allow 127.0.0.1; + deny all; + } + } + server { + listen 8543 ssl; + server_name localhost *.gov.bc.ca; + ssl_certificate certs/tls.crt; + ssl_certificate_key certs/tls.key; + ssl_verify_client optional_no_ca; + ssl_protocols TLSv1.2 TLSv1.3; + ssl_client_certificate certs/plr/trusted-ca-certs.pem; + set $CSP_style "style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com; "; + set $CSP_font "font-src 'self' data: *.googleapis.com *.gstatic.com; "; + set $CSP_frame "frame-ancestors 'self' *.oidc.gov.bc.ca oidc.gov.bc.ca"; + set $CSP "default-src 'self' ; ${CSP_style} ${CSP_font} ${CSP_frame}"; + add_header Content-Security-Policy $CSP; + add_header X-Frame-Options "ALLOW-FROM dev.oidc.gov.bc.ca oidc.gov.bc.ca" always; + add_header X-XSS-Protection "1; mode=block" always; + add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload" always; + add_header X-Content-Type-Options "nosniff" always; + add_header Referrer-Policy "no-referrer-when-downgrade"; + location ^~ /api/v1/PLRHL7 { + proxy_pass http://prod-plr-intake:8080/api/PLRHL7; + proxy_set_header X-SSL-CERT $ssl_client_escaped_cert; + } + # Deny all attempts to access hidden files such as .htaccess or .htpasswd + location ~ /\. { + deny all; + } + # required for metrics exporter + location /status { + stub_status on; + access_log off; + allow 127.0.0.1; + deny all; + } + } + +frontend: + replicaCount: 3 + settings: + environmentName: prod + keycloak: + url: https://common-logon.hlth.gov.bc.ca/auth + +webapi: + replicaCount: 3 + aspnetcore: + environment: Production + fluentbit: + enabled: true + +plr-intake: + replicaCount: 2 + +rabbitmq: + autoCreate: true + host: rabbitmq://pidp:password@rabbitmq:5672/ \ No newline at end of file diff --git a/deploy/test_values.yaml b/deploy/test_values.yaml index b8b4fea50..d1bb16ab7 100644 --- a/deploy/test_values.yaml +++ b/deploy/test_values.yaml @@ -3,6 +3,7 @@ global: vanityURL: "healthprovideridentityportal.gov.bc.ca" commit_sha: "" image: + registry: image-registry.openshift-image-registry.svc:5000/d8a8f9-tools tag: test database: @@ -18,6 +19,8 @@ redis: nginx: replicaCount: 2 + fluentbit: + enabled: false frontend: replicaCount: 3 @@ -30,6 +33,8 @@ webapi: replicaCount: 3 aspnetcore: environment: Staging + fluentbit: + enabled: false plr-intake: replicaCount: 2