diff --git a/.github/workflows/on-pr-main.yml b/.github/workflows/on-pr-main.yml index f1625cf..11d3f38 100644 --- a/.github/workflows/on-pr-main.yml +++ b/.github/workflows/on-pr-main.yml @@ -57,8 +57,35 @@ jobs: needs: - builds runs-on: ubuntu-22.04 + environment: test + env: + project_name: nr-oracle + app_name: nr-oracle-service + environment: development + secret_path_env: dev # this path is different from the path in the broker steps: - uses: actions/checkout@v4 + - name: Broker + id: broker + uses: bcgov-nr/action-vault-broker-approle@v1.0.0 + with: + broker_jwt: ${{ secrets.BROKER_JWT }} + provision_role_id: ${{ secrets.PROVISION_ROLE }} + project_name: ${{ env.project_name }} + app_name: ${{ env.app_name }} + environment: ${{ env.environment }} + - name: Import Secrets + id: secrets + uses: hashicorp/vault-action@v2.7.4 + with: + url: https://vault-iit.apps.silver.devops.gov.bc.ca + token: ${{ steps.broker.outputs.vault_token }} + exportEnv: 'false' + secrets: | + apps/data/${{ env.secret_path_env }}/${{ env.project_name }}/${{ env.app_name }}/rar dbHost | DB_HOST; + apps/data/${{ env.secret_path_env }}/${{ env.project_name }}/${{ env.app_name }}/rar dbName | DB_NAME; + apps/data/${{ env.secret_path_env }}/${{ env.project_name }}/${{ env.app_name }}/rar dbPassword | DB_PWD; + apps/data/${{ env.secret_path_env }}/${{ env.project_name }}/${{ env.app_name }}/rar dbUser | DB_USER; - name: Deploy to OpenShift shell: bash run: | @@ -70,4 +97,14 @@ jobs: oc project ${{ vars.oc_namespace }} # Deploy Helm Chart - helm upgrade --install --wait --atomic nr-oracle-service-${{ github.event.number }} --set nameOverride=nr-oracle-service-${{ github.event.number }} --set image.tag=pr-${{ github.event.number }} --set app.envs.DB_HOST=${{ secrets.DB_HOST }} --set app.envs.DB_NAME=${{ secrets.DB_NAME }} --set app.envs.DB_PASSWORD=${{ secrets.DB_PASSWORD }} --set app.envs.DB_USER=${{ secrets.DB_USER }} --set image.repository=ghcr.io/${{ github.repository }}/nr-oracle-service --set image.repositoryInit=ghcr.io/${{ github.repository }}/nr-oracle-service-init --set namespace=${{ vars.oc_namespace }} --timeout 10m charts/nr-oracle-service --debug + helm upgrade --install nr-oracle-service-${{ github.event.number }} \ + --set-string image.tag=${{ github.sha }} \ + --set-string app.envs.DB_HOST=${{ steps.secrets.outputs.DB_HOST }} \ + --set-string app.envs.DB_NAME=${{ steps.secrets.outputs.DB_NAME }} \ + --set-string app.envs.DB_PASSWORD=${{ steps.secrets.outputs.DB_PWD }} \ + --set-string app.envs.DB_USER=${{ steps.secrets.outputs.DB_USER }} \ + --set-string app.envs.DB_PORT="${{ secrets.DB_PORT }}" \ + --set-string image.repository="ghcr.io/${{ github.repository }}/nr-oracle-service" \ + --set-string image.repositoryInit="ghcr.io/${{ github.repository }}/nr-oracle-service-init" \ + --set-string namespace=${{ vars.oc_namespace }} \ + --timeout 10m charts/nr-oracle-service diff --git a/.gitignore b/.gitignore index 8c7863e..126b357 100644 --- a/.gitignore +++ b/.gitignore @@ -41,3 +41,4 @@ nb-configuration.xml # Plugin directory /.quarkus/cli/plugins/ +cman_certificate.crt diff --git a/Dockerfile b/Dockerfile index f078915..2a7c288 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM quay.io/quarkus/ubi-quarkus-native-image:22.3.0-java17 AS build +FROM quay.io/quarkus/ubi-quarkus-mandrel-builder-image:jdk-21 AS build COPY --chown=quarkus:quarkus mvnw /code/mvnw COPY --chown=quarkus:quarkus .mvn /code/.mvn COPY --chown=quarkus:quarkus pom.xml /code/ @@ -8,6 +8,7 @@ RUN chmod +x mvnw RUN ./mvnw -B org.apache.maven.plugins:maven-dependency-plugin:3.1.2:go-offline COPY src /code/src RUN ./mvnw package -Pnative -DskipTests +#RUN ./mvnw package -DskipTests for JVM mode HEALTHCHECK --interval=300s --timeout=30s CMD ./mvnw --version || exit 1 ### FROM quay.io/quarkus/quarkus-micro-image:2.0 @@ -21,3 +22,24 @@ EXPOSE 3000 USER 1001 HEALTHCHECK --interval=300s --timeout=3s CMD curl -f http://localhost:3000/ || exit 1 CMD ["./application", "-Dquarkus.http.host=0.0.0.0"] + + + +# +#FROM registry.access.redhat.com/ubi8/openjdk-17:1.16 + +#ENV LANGUAGE='en_US:en' + + +# We make four distinct layers so if there are application changes the library layers can be re-used +#COPY --chown=185 --from=build /code/target/quarkus-app/lib/ /deployments/lib/ +#COPY --chown=185 --from=build /code/target/quarkus-app/*.jar /deployments/ +#COPY --chown=185 --from=build /code/target/quarkus-app/app/ /deployments/app/ +#COPY --chown=185 --from=build /code/target/quarkus-app/quarkus/ /deployments/quarkus/ + +#EXPOSE 8080 +#USER 185 +#ENV JAVA_OPTS="-Dquarkus.http.host=0.0.0.0 -Djava.util.logging.manager=org.jboss.logmanager.LogManager" +#ENV JAVA_APP_JAR="/deployments/quarkus-run.jar" +#HEALTHCHECK --interval=300s --timeout=3s CMD curl -f http://localhost:3000/ || exit 1 +#ENTRYPOINT [ "/opt/jboss/container/java/run/run-java.sh" ] diff --git a/Dockerfile.certs b/Dockerfile.certs index d02ef23..96ed838 100644 --- a/Dockerfile.certs +++ b/Dockerfile.certs @@ -1,5 +1,5 @@ #This Dockerfile mounts the certs -FROM eclipse-temurin:17.0.8_7-jdk-alpine AS buildCert +FROM eclipse-temurin:21-jdk-alpine AS buildCert ENV LANG en_CA.UTF-8 ENV LANGUAGE en_CA.UTF-8 diff --git a/charts/nr-oracle-service/Chart.yaml b/charts/nr-oracle-service/Chart.yaml index f228134..e8f00a6 100644 --- a/charts/nr-oracle-service/Chart.yaml +++ b/charts/nr-oracle-service/Chart.yaml @@ -16,11 +16,11 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.18 +version: 0.2.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: "0.1.18" +appVersion: "3.5.2" diff --git a/charts/nr-oracle-service/templates/_helpers.tpl b/charts/nr-oracle-service/templates/_helpers.tpl index 5083f33..4d41442 100644 --- a/charts/nr-oracle-service/templates/_helpers.tpl +++ b/charts/nr-oracle-service/templates/_helpers.tpl @@ -2,7 +2,7 @@ Expand the name of the chart. */}} {{- define "component.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- default .Release.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} {{- end }} {{/* diff --git a/charts/nr-oracle-service/templates/deployment.yaml b/charts/nr-oracle-service/templates/deployment.yaml index a0265e9..a2bcc6d 100644 --- a/charts/nr-oracle-service/templates/deployment.yaml +++ b/charts/nr-oracle-service/templates/deployment.yaml @@ -3,14 +3,14 @@ apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "component.name" . }} - labels: + labels: {{- include "component.labels" . | nindent 4 }} spec: {{- if not .Values.autoscaling.enabled }} replicas: {{ .Values.replicaCount }} {{- end }} selector: - matchLabels: + matchLabels: {{- include "component.selectorLabels" . | nindent 6 }} template: metadata: @@ -29,7 +29,7 @@ spec: {{- toYaml .Values.podSecurityContext | nindent 8 }} initContainers: - name: {{ .Chart.Name }}-init - image: "image-registry.openshift-image-registry.svc:5000/{{.Release.Namespace}}/{{ include "component.fullname" . }}-init:{{ .Values.image.tag | default .Chart.AppVersion }}" + image: "image-registry.openshift-image-registry.svc:5000/{{.Release.Namespace}}/{{ include "component.name" . }}-init:{{ .Values.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} resources: {{- toYaml .Values.resources | nindent 12 }} @@ -45,7 +45,7 @@ spec: key: certSecret name: {{ include "component.name" . }} - name: DB_PORT - value: "1543" + value: '1543' volumeMounts: - name: {{ include "component.name" . }} mountPath: /app/cert @@ -53,7 +53,7 @@ spec: - name: {{ .Chart.Name }} securityContext: {{- toYaml .Values.securityContext | nindent 12 }} - image: "image-registry.openshift-image-registry.svc:5000/{{.Release.Namespace}}/{{ include "component.fullname" . }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + image: "image-registry.openshift-image-registry.svc:5000/{{.Release.Namespace}}/{{ include "component.name" . }}:{{ .Values.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} ports: - name: http @@ -120,6 +120,8 @@ spec: value: {{ required "A valid .Values.app.envs.POOL_MAX_LIFETIME entry required!" .Values.app.envs.POOL_MAX_LIFETIME | quote }} - name: POOL_LEAK_DETECTION_INTERVAL value: {{ required "A valid .Values.app.envs.POOL_LEAK_DETECTION_INTERVAL entry required!" .Values.app.envs.POOL_LEAK_DETECTION_INTERVAL | quote }} + - name: ACCESS_LOG_ENABLED + value: {{ required "A valid .Values.app.envs.ACCESS_LOG_ENABLED entry required!" .Values.app.envs.ACCESS_LOG_ENABLED | quote }} volumeMounts: - name: {{ include "component.name" . }} - mountPath: /app/cert \ No newline at end of file + mountPath: /app/cert diff --git a/charts/nr-oracle-service/templates/networkpolicy.yaml b/charts/nr-oracle-service/templates/networkpolicy.yaml index 2f96097..4416524 100644 --- a/charts/nr-oracle-service/templates/networkpolicy.yaml +++ b/charts/nr-oracle-service/templates/networkpolicy.yaml @@ -2,7 +2,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: - name: allow-apps-to-connect-to-{{ include "component.name" . }} + name: allow-apps-to-connect-to-{{ .Release.Name }} labels: {{- include "component.labels" . | nindent 6 }} spec: @@ -11,4 +11,4 @@ spec: - from: - podSelector: {} policyTypes: - - Ingress \ No newline at end of file + - Ingress diff --git a/charts/nr-oracle-service/templates/secret.yaml b/charts/nr-oracle-service/templates/secret.yaml index 8a00dd8..397c05b 100644 --- a/charts/nr-oracle-service/templates/secret.yaml +++ b/charts/nr-oracle-service/templates/secret.yaml @@ -3,7 +3,7 @@ {{- $secretObj := (lookup "v1" "Secret" .Release.Namespace $secretName) | default dict }} {{- $secretData := (get $secretObj "data") | default dict }} # set below to existing secret data or generate a random one when not exists -{{- $certSecret := (get $secretData "certSecret") | default (randAlpha 10 | lower | b64enc) }} +{{- $certSecret := (get $secretData "certSecret") | default (randAlpha 10 | lower | b64enc) }} {{- $apiKey := (get $secretData "apiKey") | default (randAlphaNum 32 | b64enc) }} --- apiVersion: v1 @@ -15,6 +15,7 @@ data: dbUser: {{ .Values.app.envs.DB_USER | b64enc | quote }} dbPassword: {{ .Values.app.envs.DB_PASSWORD | b64enc | quote }} dbHost: {{ .Values.app.envs.DB_HOST | b64enc | quote }} + dbPort: {{ .Values.app.envs.DB_PORT | b64enc | quote }} dbName: {{ .Values.app.envs.DB_NAME | b64enc | quote }} certSecret: {{ $certSecret | quote }} # cert secret is reused. apiKey: {{ $apiKey | quote }} diff --git a/charts/nr-oracle-service/values.schema.json b/charts/nr-oracle-service/values.schema.json index bd6a934..6326b3e 100644 --- a/charts/nr-oracle-service/values.schema.json +++ b/charts/nr-oracle-service/values.schema.json @@ -192,10 +192,12 @@ "type": "string", "default": "1" } + }, "required": [ "DB_HOST", "DB_NAME", "DB_PASSWORD", "DB_USER" - ] + ], + "additionalProperties": true }, "ports": { "type": "object", diff --git a/charts/nr-oracle-service/values.yaml b/charts/nr-oracle-service/values.yaml index fd469ff..5faea27 100644 --- a/charts/nr-oracle-service/values.yaml +++ b/charts/nr-oracle-service/values.yaml @@ -72,9 +72,11 @@ affinity: {} app: envs: DB_HOST: ~ + DB_PORT: ~ DB_NAME: ~ DB_PASSWORD: ~ DB_USER: ~ + CMAN_CERT: ~ HTTP_PORT: "3000" POOL_IDLE_TIMEOUT: "60000" POOL_INITIAL_SIZE: "1" @@ -82,5 +84,6 @@ app: POOL_MAX_LIFETIME: "180000" POOL_MAX_SIZE: "1" POOL_MIN_SIZE: "1" + ACCESS_LOG_ENABLED: "false" ports: http: 3000 diff --git a/pom.xml b/pom.xml index 1334734..2ee49bd 100644 --- a/pom.xml +++ b/pom.xml @@ -7,12 +7,12 @@ 0.1.18 3.11.0 - 17 + 21 UTF-8 UTF-8 quarkus-bom io.quarkus.platform - 3.5.1 + 3.5.2 true 3.2.2 diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties index e442832..33e7b47 100644 --- a/src/main/resources/application.properties +++ b/src/main/resources/application.properties @@ -11,6 +11,8 @@ quarkus.datasource.jdbc.leak-detection-interval=${POOL_LEAK_DETECTION_INTERVAL:4 quarkus.http.port=${HTTP_PORT:3000} %dev.quarkus.datasource.jdbc.url=jdbc:oracle:thin:@${DB_HOST}:1521/${DB_NAME} api.key=${API_KEY} +quarkus.http.access-log.enabled=${ACCESS_LOG_ENABLED:false} +quarkus.native.additional-build-args=-march=compatibility # Trigger build.