mozilla-iam · dividehex · Jul 11, 2023 · May 10, 2023 · May 10, 2023 · May 10, 2023
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -0,0 +1,251 @@
+name: Build and Deploy SSO Dashboard
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - 'revamp'
+
+permissions:
+  contents: 'read'
+  id-token: 'write'
+
+env:
+  APP: sso-dashboard
+  GAR_LOCATION: us-east1
+  PROJECT_ID: iam-auth0
+  REGION: us-east1
+  CHANNEL_IDS: C05AMLCL4JX
+  SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN}}
+
+jobs:
+  init:
+    name: Init
+    runs-on: ubuntu-latest
+    outputs:
+      release_name: ${{ steps.release_name.outputs.release_name }}
+      docker_tag: ${{ steps.docker_tag.outputs.docker_tag  }}
+      slack_ts: ${{ steps.slack_ts.outputs.slack_ts }}
+    steps:
+      - name: 'Checkout'
+        uses: 'actions/checkout@v3'
+
+      - name: 'Create release name'
+        id: release_name
+        run: echo "RELEASE_NAME=${{ env.APP }}-${GITHUB_SHA::7}-${GITHUB_RUN_NUMBER}-${GITHUB_RUN_ATTEMPT}" >> "$GITHUB_OUTPUT"
+
+      - name: 'Create docker tag'
+        id: docker_tag
+        run: echo "DOCKER_TAG=${{ env.GAR_LOCATION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.APP }}/${{ env.APP }}:${{ github.sha }}" >> "$GITHUB_OUTPUT"
+
+      - name: Send initial slack notification
+        uses: slackapi/[email protected]
+        id: slack
+        with:
+          channel-id: ${{ env.CHANNEL_IDS }}
+          payload-file-path: ".github/workflows/payload-slack-content.json"
+        env:
+          STATUS_COLOR: dbab09
+          STATUS_TITLE: Starting Deployment Pipeline
+          STATUS_VALUE: ':link-run: *Running*'
+
+      - name: Output slack ts
+        id: slack_ts
+        run: echo "SLACK_TS=${{ steps.slack.outputs.ts }}" >> "$GITHUB_OUTPUT"
+
+  lint:
+    name: Linting / Unit Testing
+    needs: init
+    runs-on: ubuntu-latest
+    env:
+      RELEASE_NAME: ${{needs.init.outputs.release_name}}
+    steps:
+      - name: 'Checkout'
+        uses: 'actions/checkout@v3'
+
+      - name: Update slack notification
+        uses: slackapi/[email protected]
+        with:
+          update-ts: ${{ needs.init.outputs.slack_ts }}
+          channel-id: ${{ env.CHANNEL_IDS }}
+          payload-file-path: ".github/workflows/payload-slack-content.json"
+        env:
+          STATUS_COLOR: dbab09
+          STATUS_TITLE: Linting/Unittesting
+          STATUS_VALUE: ':link-run: *Running*'
+
+      - name: Install tox
+        run: pip install tox
+
+      - name: Running Tox
+        run: tox
+
+  build:
+    name: Building
+    needs: [ init, lint ]
+    runs-on: ubuntu-latest
+    env:
+      RELEASE_NAME: ${{needs.init.outputs.release_name}}
+      DOCKER_TAG: ${{needs.init.outputs.docker_tag}}
+    steps:
+      - name: 'Checkout'
+        uses: 'actions/checkout@v3'
+
+      - name: Update slack notification
+        uses: slackapi/[email protected]
+        with:
+          update-ts: ${{ needs.init.outputs.slack_ts }}
+          channel-id: ${{ env.CHANNEL_IDS }}
+          payload-file-path: ".github/workflows/payload-slack-content.json"
+        env:
+          STATUS_COLOR: dbab09
+          STATUS_TITLE: Building Docker Image
+          STATUS_VALUE: ':link-run: *Running*'
+
+      - name: 'Google auth'
+        id: 'auth'
+        uses: 'google-github-actions/auth@v1'
+        with:
+          workload_identity_provider: '${{ secrets.WIF_PROVIDER }}'
+          service_account: '${{ secrets.WIF_SERVICE_ACCOUNT }}'
+
+      - name: 'Docker auth'
+        run: gcloud auth configure-docker ${{ env.GAR_LOCATION }}-docker.pkg.dev
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Build and push Docker image with buildx
+        uses: docker/build-push-action@v4
+        with:
+          context: .
+          push: true
+          build-args: RELEASE_NAME=${{ env.RELEASE_NAME }}
+          tags: "${{ env.DOCKER_TAG }}"
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+  validate:
+    name: Validating
+    needs: [ init, lint, build ]
+    runs-on: ubuntu-latest
+    env:
+      RELEASE_NAME: ${{needs.init.outputs.release_name}}
+      DOCKER_TAG: ${{needs.init.outputs.docker_tag}}
+    steps:
+      - name: 'Checkout'
+        uses: 'actions/checkout@v3'
+
+      - name: Update slack notification
+        uses: slackapi/[email protected]
+        with:
+          update-ts: ${{ needs.init.outputs.slack_ts }}
+          channel-id: ${{ env.CHANNEL_IDS }}
+          payload-file-path: ".github/workflows/payload-slack-content.json"
+        env:
+          STATUS_COLOR: dbab09
+          STATUS_TITLE: Validating Image
+          STATUS_VALUE: ':link-run: *Running*'
+
+      - name: 'Google auth'
+        id: 'auth'
+        uses: 'google-github-actions/auth@v1'
+        with:
+          workload_identity_provider: '${{ secrets.WIF_PROVIDER }}'
+          service_account: '${{ secrets.WIF_SERVICE_ACCOUNT }}'
+
+      - name: 'Docker auth'
+        run: gcloud auth configure-docker ${{ env.GAR_LOCATION }}-docker.pkg.dev
+
+      - name: Pull Docker image
+        run: docker pull "${{ env.DOCKER_TAG }}"
+
+      - name: Run validate docker image
+        uses: addnab/docker-run-action@v3
+        with:
+          image: "${{ env.DOCKER_TAG }}"
+          run: echo "TODO Add docker validation checks"
+
+  deploy:
+    name: Sending to Cloud Deploy
+    needs: [ init, lint, build, validate ]
+    runs-on: ubuntu-latest
+    env:
+      RELEASE_NAME: ${{needs.init.outputs.release_name}}
+      DOCKER_TAG: ${{needs.init.outputs.docker_tag}}
+    steps:
+      - name: 'Checkout'
+        uses: 'actions/checkout@v3'
+
+      - name: Update slack notification
+        uses: slackapi/[email protected]
+        with:
+          update-ts: ${{ needs.init.outputs.slack_ts }}
+          channel-id: ${{ env.CHANNEL_IDS }}
+          payload-file-path: ".github/workflows/payload-slack-content.json"
+        env:
+          STATUS_COLOR: dbab09
+          STATUS_TITLE: Sending to Cloud Deploy
+          STATUS_VALUE: ':link-run: *Running*'
+
+      - name: 'Google auth'
+        id: 'auth'
+        uses: 'google-github-actions/auth@v1'
+        with:
+          workload_identity_provider: '${{ secrets.WIF_PROVIDER }}'
+          service_account: '${{ secrets.WIF_SERVICE_ACCOUNT }}'
+
+      - name: 'Render cloud deploy config manifests from templates'
+        run: for template in $(ls clouddeploy/*.template.yaml); do envsubst < ${template} > ${template%%.*}.yaml ; done
+
+      - name: 'Create Cloud Deploy release'
+        uses: 'google-github-actions/create-cloud-deploy-release@v0'
+        with:
+          delivery_pipeline: '${{ env.APP }}'
+          name: '${{ env.RELEASE_NAME }}'
+          region: '${{ env.REGION }}'
+          description: '${{ env.GITHUB_COMMIT_MSG }}'
+          skaffold_file: 'clouddeploy/skaffold.yaml'
+          images: 'app=${{ env.DOCKER_TAG }}'
+
+  final:
+    name: Finalize Notifications
+    needs: [ init, lint, build, validate, deploy ]
+    runs-on: ubuntu-latest
+    if: always()
+    env:
+      RELEASE_NAME: ${{needs.init.outputs.release_name}}
+    steps:
+      - name: 'Checkout'
+        uses: 'actions/checkout@v3'
+
+      - name: Update slack deployment complete
+        if: needs.deploy.result == 'success'
+        uses: slackapi/[email protected]
+        with:
+          update-ts: ${{ needs.init.outputs.slack_ts }}
+          channel-id: ${{ env.CHANNEL_IDS }}
+          payload-file-path: ".github/workflows/payload-slack-content.json"
+        env:
+          STATUS_COLOR: 28a745
+          STATUS_TITLE: Building and Deploy
+          STATUS_VALUE: ':link-zelda: *Completed*'
+
+      - name: Update slack deployment ready for promotion
+        if: needs.deploy.result == 'success'
+        uses: slackapi/[email protected]
+        with:
+          channel-id: ${{ env.CHANNEL_IDS }}
+          payload-file-path: ".github/workflows/payload-slack-deploy.json"
+
+      - name: Update slack deployment failed
+        if: needs.lint.result == 'failure' || needs.build.result == 'failure' || needs.validate.result == 'failure' || needs.deploy.result == 'failure'
+        uses: slackapi/[email protected]
+        with:
+          update-ts: ${{ needs.init.outputs.slack_ts }}
+          channel-id: ${{ env.CHANNEL_IDS }}
+          payload-file-path: ".github/workflows/payload-slack-content.json"
+        env:
+          STATUS_COLOR: d81313
+          STATUS_TITLE: Building and Deploy
+          STATUS_VALUE: ':skull_and_crossbones: *Failed*'
diff --git a/.github/workflows/payload-slack-content.json b/.github/workflows/payload-slack-content.json
@@ -0,0 +1,63 @@
+{
+  "text": "",
+  "attachments": [
+    {
+      "color": "{{ env.STATUS_COLOR }}",
+      "blocks": [
+        {
+          "type": "header",
+          "text": {
+            "type": "plain_text",
+            "text": ":link-wut: Github Action Notification :link-wut:\n{{ github.workflow }}",
+            "emoji": true
+          }
+        },
+        {
+          "type": "section",
+          "fields": [
+            {
+              "type": "plain_text",
+              "text": "{{ env.RELEASE_NAME }}",
+              "emoji": true
+            },
+            {
+              "type": "plain_text",
+              "text": "{{ env.GITHUB_ACTOR }}",
+              "emoji": true
+            },
+            {
+              "type": "plain_text",
+              "text": "{{ env.GITHUB_REPOSITORY }}",
+              "emoji": true
+            },
+            {
+              "type": "plain_text",
+              "text": "{{ env.GITHUB_REF_NAME }}",
+              "emoji": true
+            }
+          ]
+        },
+        {
+          "type": "section",
+          "text": {
+            "type": "mrkdwn",
+            "text": "<https://github.com/{{ env.GITHUB_REPOSITORY }}/actions/runs/{{ env.GITHUB_RUN_ID }}|https://github.com/${{ env.GITHUB_REPOSITORY }}/actions/runs/${{ env.GITHUB_RUN_ID }}>"
+          }
+        },
+        {
+          "type": "context",
+          "elements": [
+            {
+              "type": "mrkdwn",
+              "text": "Action: *{{ env.STATUS_TITLE }}*"
+            },
+            {
+              "type": "mrkdwn",
+              "text": "Status: {{ env.STATUS_VALUE }}"
+            }
+          ]
+        }
+      ]
+    }
+  ]
+}
diff --git a/.github/workflows/payload-slack-deploy.json b/.github/workflows/payload-slack-deploy.json
@@ -0,0 +1,32 @@
+{
+  "text": "",
+  "attachments": [
+    {
+      "color": "28a745",
+      "blocks": [
+        {
+          "type": "header",
+          "text": {
+            "type": "plain_text",
+            "text": ":rocket: SSO Dashboard is ready for Promotion",
+            "emoji": true
+          }
+        },
+        {
+          "type": "section",
+          "text": {
+            "type": "mrkdwn",
+            "text": "Build: *{{ env.RELEASE_NAME }}*"
+          }
+        },
+        {
+          "type": "section",
+          "text": {
+            "type": "mrkdwn",
+            "text": ":link: <https://console.cloud.google.com/deploy/delivery-pipelines/us-east1/sso-dashboard?project=iam-auth0|Click here to view deploy pipeline>"
+          }
+        }
+      ]
+    }
+  ]
+}
diff --git a/.gitignore b/.gitignore
@@ -9,6 +9,7 @@ dashboard/static/css/gen/
 dashboard/static/.webassets-cache/
 dashboard/static/img/logos/*
 virtualenv.egg-info
+dashboard.egg-info
 bin
 man
 include
@@ -24,3 +25,6 @@ pip-selfcheck.json
 tests/test_activate_actual.output
 bower_components
 node_modules
+.vscode/*
+build/*
+envfile
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -0,0 +1,15 @@
+# See https://pre-commit.com for more information
+# See https://pre-commit.com/hooks.html for more hooks
+repos:
+-   repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v3.2.0
+    hooks:
+    -   id: trailing-whitespace
+    -   id: end-of-file-fixer
+    -   id: check-yaml
+    -   id: check-added-large-files
+
+-   repo: https://github.com/psf/black
+    rev: 22.10.0
+    hooks:
+    -   id: black