diff --git a/.github/workflows/on-pr-main.yml b/.github/workflows/on-pr-main.yml
index f1625cf..11d3f38 100644
--- a/.github/workflows/on-pr-main.yml
+++ b/.github/workflows/on-pr-main.yml
@@ -57,8 +57,35 @@ jobs:
needs:
- builds
runs-on: ubuntu-22.04
+ environment: test
+ env:
+ project_name: nr-oracle
+ app_name: nr-oracle-service
+ environment: development
+ secret_path_env: dev # this path is different from the path in the broker
steps:
- uses: actions/checkout@v4
+ - name: Broker
+ id: broker
+ uses: bcgov-nr/action-vault-broker-approle@v1.0.0
+ with:
+ broker_jwt: ${{ secrets.BROKER_JWT }}
+ provision_role_id: ${{ secrets.PROVISION_ROLE }}
+ project_name: ${{ env.project_name }}
+ app_name: ${{ env.app_name }}
+ environment: ${{ env.environment }}
+ - name: Import Secrets
+ id: secrets
+ uses: hashicorp/vault-action@v2.7.4
+ with:
+ url: https://vault-iit.apps.silver.devops.gov.bc.ca
+ token: ${{ steps.broker.outputs.vault_token }}
+ exportEnv: 'false'
+ secrets: |
+ apps/data/${{ env.secret_path_env }}/${{ env.project_name }}/${{ env.app_name }}/rar dbHost | DB_HOST;
+ apps/data/${{ env.secret_path_env }}/${{ env.project_name }}/${{ env.app_name }}/rar dbName | DB_NAME;
+ apps/data/${{ env.secret_path_env }}/${{ env.project_name }}/${{ env.app_name }}/rar dbPassword | DB_PWD;
+ apps/data/${{ env.secret_path_env }}/${{ env.project_name }}/${{ env.app_name }}/rar dbUser | DB_USER;
- name: Deploy to OpenShift
shell: bash
run: |
@@ -70,4 +97,14 @@ jobs:
oc project ${{ vars.oc_namespace }}
# Deploy Helm Chart
- helm upgrade --install --wait --atomic nr-oracle-service-${{ github.event.number }} --set nameOverride=nr-oracle-service-${{ github.event.number }} --set image.tag=pr-${{ github.event.number }} --set app.envs.DB_HOST=${{ secrets.DB_HOST }} --set app.envs.DB_NAME=${{ secrets.DB_NAME }} --set app.envs.DB_PASSWORD=${{ secrets.DB_PASSWORD }} --set app.envs.DB_USER=${{ secrets.DB_USER }} --set image.repository=ghcr.io/${{ github.repository }}/nr-oracle-service --set image.repositoryInit=ghcr.io/${{ github.repository }}/nr-oracle-service-init --set namespace=${{ vars.oc_namespace }} --timeout 10m charts/nr-oracle-service --debug
+ helm upgrade --install nr-oracle-service-${{ github.event.number }} \
+ --set-string image.tag=${{ github.sha }} \
+ --set-string app.envs.DB_HOST=${{ steps.secrets.outputs.DB_HOST }} \
+ --set-string app.envs.DB_NAME=${{ steps.secrets.outputs.DB_NAME }} \
+ --set-string app.envs.DB_PASSWORD=${{ steps.secrets.outputs.DB_PWD }} \
+ --set-string app.envs.DB_USER=${{ steps.secrets.outputs.DB_USER }} \
+ --set-string app.envs.DB_PORT="${{ secrets.DB_PORT }}" \
+ --set-string image.repository="ghcr.io/${{ github.repository }}/nr-oracle-service" \
+ --set-string image.repositoryInit="ghcr.io/${{ github.repository }}/nr-oracle-service-init" \
+ --set-string namespace=${{ vars.oc_namespace }} \
+ --timeout 10m charts/nr-oracle-service
diff --git a/.gitignore b/.gitignore
index 8c7863e..126b357 100644
--- a/.gitignore
+++ b/.gitignore
@@ -41,3 +41,4 @@ nb-configuration.xml
# Plugin directory
/.quarkus/cli/plugins/
+cman_certificate.crt
diff --git a/Dockerfile b/Dockerfile
index f078915..2a7c288 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM quay.io/quarkus/ubi-quarkus-native-image:22.3.0-java17 AS build
+FROM quay.io/quarkus/ubi-quarkus-mandrel-builder-image:jdk-21 AS build
COPY --chown=quarkus:quarkus mvnw /code/mvnw
COPY --chown=quarkus:quarkus .mvn /code/.mvn
COPY --chown=quarkus:quarkus pom.xml /code/
@@ -8,6 +8,7 @@ RUN chmod +x mvnw
RUN ./mvnw -B org.apache.maven.plugins:maven-dependency-plugin:3.1.2:go-offline
COPY src /code/src
RUN ./mvnw package -Pnative -DskipTests
+#RUN ./mvnw package -DskipTests for JVM mode
HEALTHCHECK --interval=300s --timeout=30s CMD ./mvnw --version || exit 1
###
FROM quay.io/quarkus/quarkus-micro-image:2.0
@@ -21,3 +22,24 @@ EXPOSE 3000
USER 1001
HEALTHCHECK --interval=300s --timeout=3s CMD curl -f http://localhost:3000/ || exit 1
CMD ["./application", "-Dquarkus.http.host=0.0.0.0"]
+
+
+
+#
+#FROM registry.access.redhat.com/ubi8/openjdk-17:1.16
+
+#ENV LANGUAGE='en_US:en'
+
+
+# We make four distinct layers so if there are application changes the library layers can be re-used
+#COPY --chown=185 --from=build /code/target/quarkus-app/lib/ /deployments/lib/
+#COPY --chown=185 --from=build /code/target/quarkus-app/*.jar /deployments/
+#COPY --chown=185 --from=build /code/target/quarkus-app/app/ /deployments/app/
+#COPY --chown=185 --from=build /code/target/quarkus-app/quarkus/ /deployments/quarkus/
+
+#EXPOSE 8080
+#USER 185
+#ENV JAVA_OPTS="-Dquarkus.http.host=0.0.0.0 -Djava.util.logging.manager=org.jboss.logmanager.LogManager"
+#ENV JAVA_APP_JAR="/deployments/quarkus-run.jar"
+#HEALTHCHECK --interval=300s --timeout=3s CMD curl -f http://localhost:3000/ || exit 1
+#ENTRYPOINT [ "/opt/jboss/container/java/run/run-java.sh" ]
diff --git a/Dockerfile.certs b/Dockerfile.certs
index d02ef23..96ed838 100644
--- a/Dockerfile.certs
+++ b/Dockerfile.certs
@@ -1,5 +1,5 @@
#This Dockerfile mounts the certs
-FROM eclipse-temurin:17.0.8_7-jdk-alpine AS buildCert
+FROM eclipse-temurin:21-jdk-alpine AS buildCert
ENV LANG en_CA.UTF-8
ENV LANGUAGE en_CA.UTF-8
diff --git a/charts/nr-oracle-service/Chart.yaml b/charts/nr-oracle-service/Chart.yaml
index f228134..e8f00a6 100644
--- a/charts/nr-oracle-service/Chart.yaml
+++ b/charts/nr-oracle-service/Chart.yaml
@@ -16,11 +16,11 @@ type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.18
+version: 0.2.0
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes.
-appVersion: "0.1.18"
+appVersion: "3.5.2"
diff --git a/charts/nr-oracle-service/templates/_helpers.tpl b/charts/nr-oracle-service/templates/_helpers.tpl
index 5083f33..4d41442 100644
--- a/charts/nr-oracle-service/templates/_helpers.tpl
+++ b/charts/nr-oracle-service/templates/_helpers.tpl
@@ -2,7 +2,7 @@
Expand the name of the chart.
*/}}
{{- define "component.name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- default .Release.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
diff --git a/charts/nr-oracle-service/templates/deployment.yaml b/charts/nr-oracle-service/templates/deployment.yaml
index a0265e9..a2bcc6d 100644
--- a/charts/nr-oracle-service/templates/deployment.yaml
+++ b/charts/nr-oracle-service/templates/deployment.yaml
@@ -3,14 +3,14 @@ apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "component.name" . }}
- labels:
+ labels:
{{- include "component.labels" . | nindent 4 }}
spec:
{{- if not .Values.autoscaling.enabled }}
replicas: {{ .Values.replicaCount }}
{{- end }}
selector:
- matchLabels:
+ matchLabels:
{{- include "component.selectorLabels" . | nindent 6 }}
template:
metadata:
@@ -29,7 +29,7 @@ spec:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
initContainers:
- name: {{ .Chart.Name }}-init
- image: "image-registry.openshift-image-registry.svc:5000/{{.Release.Namespace}}/{{ include "component.fullname" . }}-init:{{ .Values.image.tag | default .Chart.AppVersion }}"
+ image: "image-registry.openshift-image-registry.svc:5000/{{.Release.Namespace}}/{{ include "component.name" . }}-init:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
resources:
{{- toYaml .Values.resources | nindent 12 }}
@@ -45,7 +45,7 @@ spec:
key: certSecret
name: {{ include "component.name" . }}
- name: DB_PORT
- value: "1543"
+ value: '1543'
volumeMounts:
- name: {{ include "component.name" . }}
mountPath: /app/cert
@@ -53,7 +53,7 @@ spec:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
- image: "image-registry.openshift-image-registry.svc:5000/{{.Release.Namespace}}/{{ include "component.fullname" . }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+ image: "image-registry.openshift-image-registry.svc:5000/{{.Release.Namespace}}/{{ include "component.name" . }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
ports:
- name: http
@@ -120,6 +120,8 @@ spec:
value: {{ required "A valid .Values.app.envs.POOL_MAX_LIFETIME entry required!" .Values.app.envs.POOL_MAX_LIFETIME | quote }}
- name: POOL_LEAK_DETECTION_INTERVAL
value: {{ required "A valid .Values.app.envs.POOL_LEAK_DETECTION_INTERVAL entry required!" .Values.app.envs.POOL_LEAK_DETECTION_INTERVAL | quote }}
+ - name: ACCESS_LOG_ENABLED
+ value: {{ required "A valid .Values.app.envs.ACCESS_LOG_ENABLED entry required!" .Values.app.envs.ACCESS_LOG_ENABLED | quote }}
volumeMounts:
- name: {{ include "component.name" . }}
- mountPath: /app/cert
\ No newline at end of file
+ mountPath: /app/cert
diff --git a/charts/nr-oracle-service/templates/networkpolicy.yaml b/charts/nr-oracle-service/templates/networkpolicy.yaml
index 2f96097..4416524 100644
--- a/charts/nr-oracle-service/templates/networkpolicy.yaml
+++ b/charts/nr-oracle-service/templates/networkpolicy.yaml
@@ -2,7 +2,7 @@
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
- name: allow-apps-to-connect-to-{{ include "component.name" . }}
+ name: allow-apps-to-connect-to-{{ .Release.Name }}
labels:
{{- include "component.labels" . | nindent 6 }}
spec:
@@ -11,4 +11,4 @@ spec:
- from:
- podSelector: {}
policyTypes:
- - Ingress
\ No newline at end of file
+ - Ingress
diff --git a/charts/nr-oracle-service/templates/secret.yaml b/charts/nr-oracle-service/templates/secret.yaml
index 8a00dd8..397c05b 100644
--- a/charts/nr-oracle-service/templates/secret.yaml
+++ b/charts/nr-oracle-service/templates/secret.yaml
@@ -3,7 +3,7 @@
{{- $secretObj := (lookup "v1" "Secret" .Release.Namespace $secretName) | default dict }}
{{- $secretData := (get $secretObj "data") | default dict }}
# set below to existing secret data or generate a random one when not exists
-{{- $certSecret := (get $secretData "certSecret") | default (randAlpha 10 | lower | b64enc) }}
+{{- $certSecret := (get $secretData "certSecret") | default (randAlpha 10 | lower | b64enc) }}
{{- $apiKey := (get $secretData "apiKey") | default (randAlphaNum 32 | b64enc) }}
---
apiVersion: v1
@@ -15,6 +15,7 @@ data:
dbUser: {{ .Values.app.envs.DB_USER | b64enc | quote }}
dbPassword: {{ .Values.app.envs.DB_PASSWORD | b64enc | quote }}
dbHost: {{ .Values.app.envs.DB_HOST | b64enc | quote }}
+ dbPort: {{ .Values.app.envs.DB_PORT | b64enc | quote }}
dbName: {{ .Values.app.envs.DB_NAME | b64enc | quote }}
certSecret: {{ $certSecret | quote }} # cert secret is reused.
apiKey: {{ $apiKey | quote }}
diff --git a/charts/nr-oracle-service/values.schema.json b/charts/nr-oracle-service/values.schema.json
index bd6a934..6326b3e 100644
--- a/charts/nr-oracle-service/values.schema.json
+++ b/charts/nr-oracle-service/values.schema.json
@@ -192,10 +192,12 @@
"type": "string",
"default": "1"
}
+
},
"required": [
"DB_HOST", "DB_NAME", "DB_PASSWORD", "DB_USER"
- ]
+ ],
+ "additionalProperties": true
},
"ports": {
"type": "object",
diff --git a/charts/nr-oracle-service/values.yaml b/charts/nr-oracle-service/values.yaml
index fd469ff..5faea27 100644
--- a/charts/nr-oracle-service/values.yaml
+++ b/charts/nr-oracle-service/values.yaml
@@ -72,9 +72,11 @@ affinity: {}
app:
envs:
DB_HOST: ~
+ DB_PORT: ~
DB_NAME: ~
DB_PASSWORD: ~
DB_USER: ~
+ CMAN_CERT: ~
HTTP_PORT: "3000"
POOL_IDLE_TIMEOUT: "60000"
POOL_INITIAL_SIZE: "1"
@@ -82,5 +84,6 @@ app:
POOL_MAX_LIFETIME: "180000"
POOL_MAX_SIZE: "1"
POOL_MIN_SIZE: "1"
+ ACCESS_LOG_ENABLED: "false"
ports:
http: 3000
diff --git a/pom.xml b/pom.xml
index 1334734..2ee49bd 100644
--- a/pom.xml
+++ b/pom.xml
@@ -7,12 +7,12 @@
0.1.18
3.11.0
- 17
+ 21
UTF-8
UTF-8
quarkus-bom
io.quarkus.platform
- 3.5.1
+ 3.5.2
true
3.2.2
diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties
index e442832..33e7b47 100644
--- a/src/main/resources/application.properties
+++ b/src/main/resources/application.properties
@@ -11,6 +11,8 @@ quarkus.datasource.jdbc.leak-detection-interval=${POOL_LEAK_DETECTION_INTERVAL:4
quarkus.http.port=${HTTP_PORT:3000}
%dev.quarkus.datasource.jdbc.url=jdbc:oracle:thin:@${DB_HOST}:1521/${DB_NAME}
api.key=${API_KEY}
+quarkus.http.access-log.enabled=${ACCESS_LOG_ENABLED:false}
+quarkus.native.additional-build-args=-march=compatibility
# Trigger build.