WIP - Pipeline Enhancements: Fetch Config Map

.github/workflows/cleanClosedPR.yml

@@ -51,24 +51,24 @@ jobs:
         working-directory: "app/.pipeline/"
         run: |
           npm ci
-          DEBUG=* npm run clean -- --pr=$PR_NUMBER --env=build
-          DEBUG=* npm run clean -- --pr=$PR_NUMBER --env=dev
+          DEBUG=* npm run clean -- --pr=$PR_NUMBER --phase=build
+          DEBUG=* npm run clean -- --pr=$PR_NUMBER --phase=dev
 
       # Clean the database build/deployment artifacts
       - name: Clean Database Artifacts
         working-directory: "database/.pipeline/"
         run: |
           npm ci
-          DEBUG=* npm run clean -- --pr=$PR_NUMBER --env=build
-          DEBUG=* npm run clean -- --pr=$PR_NUMBER --env=dev
+          DEBUG=* npm run clean -- --pr=$PR_NUMBER --phase=build
+          DEBUG=* npm run clean -- --pr=$PR_NUMBER --phase=dev
 
       # Clean the api deployment artifacts
       - name: Clean API Deployment
         working-directory: "api/.pipeline/"
         run: |
           npm ci
-          DEBUG=* npm run clean -- --pr=$PR_NUMBER --env=build
-          DEBUG=* npm run clean -- --pr=$PR_NUMBER --env=dev
+          DEBUG=* npm run clean -- --pr=$PR_NUMBER --phase=build
+          DEBUG=* npm run clean -- --pr=$PR_NUMBER --phase=dev
 
       # Clean the reamaining build/deployment artifacts
       - name: Clean remaining Artifacts

.github/workflows/cleanMergedPR.yml

@@ -55,24 +55,24 @@ jobs:
         working-directory: "app/.pipeline/"
         run: |
           npm ci
-          DEBUG=* npm run clean -- --pr=$PR_NUMBER --env=build
-          DEBUG=* npm run clean -- --pr=$PR_NUMBER --env=dev
+          DEBUG=* npm run clean -- --pr=$PR_NUMBER --phase=build
+          DEBUG=* npm run clean -- --pr=$PR_NUMBER --phase=dev
 
       # Clean the database build/deployment artifacts
       - name: Clean Database Artifacts
         working-directory: "database/.pipeline/"
         run: |
           npm ci
-          DEBUG=* npm run clean -- --pr=$PR_NUMBER --env=build
-          DEBUG=* npm run clean -- --pr=$PR_NUMBER --env=dev
+          DEBUG=* npm run clean -- --pr=$PR_NUMBER --phase=build
+          DEBUG=* npm run clean -- --pr=$PR_NUMBER --phase=dev
 
       # Clean the api deployment artifacts
       - name: Clean API Deployment
         working-directory: "api/.pipeline/"
         run: |
           npm ci
-          DEBUG=* npm run clean -- --pr=$PR_NUMBER --env=build
-          DEBUG=* npm run clean -- --pr=$PR_NUMBER --env=dev
+          DEBUG=* npm run clean -- --pr=$PR_NUMBER --phase=build
+          DEBUG=* npm run clean -- --pr=$PR_NUMBER --phase=dev
 
       # Clean the reamaining build/deployment artifacts
       - name: Clean remaining Artifacts

.github/workflows/deploy.yml

@@ -46,7 +46,8 @@ jobs:
       # Set to `true` if the latest commit message contains `ignore-skip` anywhere in the message OR the base branch
       # is dev, test, or prod.
       # Used to disable duplicate action skipping, if needed.
-      ignore_skip: ${{ contains(steps.head_commit_message.outputs.commit_message, 'ignore-skip') || 
+      ignore_skip:
+        ${{ contains(steps.head_commit_message.outputs.commit_message, 'ignore-skip') ||
         github.head_ref == 'dev' || github.head_ref == 'test' || github.head_ref == 'prod' }}
     steps:
       - id: skip_check
@@ -130,6 +131,29 @@ jobs:
         with:
           node-version: 14
 
+  # Fetch the pipeline config map from Openshift
+  getPipelineConfigMap:
+    name: Get Pipeline Config
+    runs-on: ubuntu-latest
+    timeout-minutes: 20
+    if: ${{ github.event.pull_request.merged == false }}
+    env:
+      PR_NUMBER: ${{ github.event.number }}
+    outputs:
+      pipeline_config: ${{ steps.get_config.outputs.pipeline_config }}
+    steps:
+      # Log in to OpenShift.
+      # Note: The secrets needed to log in are NOT available if the PR comes from a FORK.
+      # PR's must originate from a branch off the original repo or else all openshift `oc` commands will fail.
+      - name: Log in to OpenShift
+        run: oc login --token=${{ secrets.TOOLS_SA_TOKEN }} --server=https://api.silver.devops.gov.bc.ca:6443
+
+      # Fetch config map and store in pipeline_config for use by subsequent jobs
+      - name: Fetch pipeline config map
+        id: "get_config"
+        run: |
+          echo "pipeline_config=$( oc get configmap sims-pipeline-config -o jsonpath={.data.config} | jq -c )" >> "$GITHUB_OUTPUT"
+
   # Build the web frontend app image
   buildAPP:
     name: Build APP Image
@@ -143,9 +167,11 @@ jobs:
     env:
       PR_NUMBER: ${{ github.event.number }}
       APP_NAME: "biohubbc-app"
+      PIPELINE_CONFIG: ${{ needs.getPipelineConfigMap.outputs.pipeline_config }}
     needs:
       - checkoutRepo
       - skipDuplicateActions
+      - getPipelineConfigMap
     steps:
       # Install Node - for `node` and `npm` commands
       - name: Setup Node.js
@@ -190,7 +216,7 @@ jobs:
       - name: Build APP Image
         working-directory: app/.pipeline/
         run: |
-          DEBUG=* npm run build -- --pr=$PR_NUMBER
+          DEBUG=* npm run build -- --pr=$PR_NUMBER --config=$PIPELINE_CONFIG
 
   # Build the Database image
   buildDatabase:
@@ -205,9 +231,11 @@ jobs:
     env:
       PR_NUMBER: ${{ github.event.number }}
       APP_NAME: "biohubbc-db"
+      PIPELINE_CONFIG: ${{ needs.getPipelineConfigMap.outputs.pipeline_config }}
     needs:
       - checkoutRepo
       - skipDuplicateActions
+      - getPipelineConfigMap
     steps:
       # Install Node - for `node` and `npm` commands
       - name: Setup Node.js
@@ -252,7 +280,7 @@ jobs:
       - name: Build Database Image
         working-directory: database/.pipeline/
         run: |
-          DEBUG=* npm run db:build -- --pr=$PR_NUMBER
+          DEBUG=* npm run db:build -- --pr=$PR_NUMBER --config=$PIPELINE_CONFIG
 
   # Build the Database Setup image
   buildDatabaseSetup:
@@ -266,9 +294,11 @@ jobs:
       fromJSON(needs.skipDuplicateActions.outputs.paths_result).database.skipped_by.branch != github.head_ref ) }}
     env:
       PR_NUMBER: ${{ github.event.number }}
+      PIPELINE_CONFIG: ${{ needs.getPipelineConfigMap.outputs.pipeline_config }}
     needs:
       - checkoutRepo
       - skipDuplicateActions
+      - getPipelineConfigMap
     steps:
       # Install Node - for `node` and `npm` commands
       - name: Setup Node.js
@@ -307,7 +337,7 @@ jobs:
       - name: Build Database Setup Image
         working-directory: database/.pipeline/
         run: |
-          DEBUG=* npm run db-setup:build -- --pr=$PR_NUMBER
+          DEBUG=* npm run db-setup:build -- --pr=$PR_NUMBER --config=$PIPELINE_CONFIG
 
   # Build the API image
   buildAPI:
@@ -322,9 +352,11 @@ jobs:
     env:
       PR_NUMBER: ${{ github.event.number }}
       APP_NAME: "biohubbc-api"
+      PIPELINE_CONFIG: ${{ needs.getPipelineConfigMap.outputs.pipeline_config }}
     needs:
       - checkoutRepo
       - skipDuplicateActions
+      - getPipelineConfigMap
     steps:
       # Install Node - for `node` and `npm` commands
       - name: Setup Node.js
@@ -369,7 +401,7 @@ jobs:
       - name: Build API Image
         working-directory: api/.pipeline/
         run: |
-          DEBUG=* npm run build -- --pr=$PR_NUMBER
+          DEBUG=* npm run build -- --pr=$PR_NUMBER --config=$PIPELINE_CONFIG
 
   # Deploy APP image
   deployAPP:
@@ -383,7 +415,10 @@ jobs:
       fromJSON(needs.skipDuplicateActions.outputs.paths_result).app.skipped_by.branch != github.head_ref ) }}
     env:
       PR_NUMBER: ${{ github.event.number }}
+      PIPELINE_CONFIG: ${{ needs.getPipelineConfigMap.outputs.pipeline_config }}
     needs:
+      - skipDuplicateActions
+      - getPipelineConfigMap
       - buildAPP
     steps:
       # Install Node - for `node` and `npm` commands
@@ -423,7 +458,7 @@ jobs:
       - name: Deploy APP Image
         working-directory: app/.pipeline
         run: |
-          DEBUG=* npm run deploy -- --pr=$PR_NUMBER --env=dev
+          DEBUG=* npm run deploy -- --pr=$PR_NUMBER --config=$PIPELINE_CONFIG --phase=pr
 
   # Deploy Database image
   deployDatabase:
@@ -437,7 +472,10 @@ jobs:
       fromJSON(needs.skipDuplicateActions.outputs.paths_result).database.skipped_by.branch != github.head_ref ) }}
     env:
       PR_NUMBER: ${{ github.event.number }}
+      PIPELINE_CONFIG: ${{ needs.getPipelineConfigMap.outputs.pipeline_config }}
     needs:
+      - skipDuplicateActions
+      - getPipelineConfigMap
       - buildDatabase
     steps:
       # Install Node - for `node` and `npm` commands
@@ -477,7 +515,7 @@ jobs:
       - name: Deploy Database Image
         working-directory: database/.pipeline/
         run: |
-          DEBUG=* npm run db:deploy -- --pr=$PR_NUMBER --env=dev
+          DEBUG=* npm run db:deploy -- --pr=$PR_NUMBER --config=$PIPELINE_CONFIG --phase=pr
 
   # Deploy Database image
   deployDatabaseSetup:
@@ -491,7 +529,10 @@ jobs:
       fromJSON(needs.skipDuplicateActions.outputs.paths_result).database.skipped_by.branch != github.head_ref ) }}
     env:
       PR_NUMBER: ${{ github.event.number }}
+      PIPELINE_CONFIG: ${{ needs.getPipelineConfigMap.outputs.pipeline_config }}
     needs:
+      - skipDuplicateActions
+      - getPipelineConfigMap
       - buildDatabaseSetup
       - deployDatabase
     steps:
@@ -532,7 +573,7 @@ jobs:
       - name: Deploy Database Setup Image
         working-directory: database/.pipeline/
         run: |
-          DEBUG=* npm run db-setup:deploy -- --pr=$PR_NUMBER --env=dev
+          DEBUG=* npm run db-setup:deploy -- --pr=$PR_NUMBER --config=$PIPELINE_CONFIG --phase=pr
 
   # Deploy API image
   deployAPI:
@@ -548,7 +589,10 @@ jobs:
       fromJSON(needs.skipDuplicateActions.outputs.paths_result).api.skipped_by.branch != github.head_ref ) }}
     env:
       PR_NUMBER: ${{ github.event.number }}
+      PIPELINE_CONFIG: ${{ needs.getPipelineConfigMap.outputs.pipeline_config }}
     needs:
+      - skipDuplicateActions
+      - getPipelineConfigMap
       - buildAPI
       - deployDatabase
     steps:
@@ -589,7 +633,7 @@ jobs:
       - name: Deploy API Image
         working-directory: api/.pipeline/
         run: |
-          DEBUG=* npm run deploy -- --pr=$PR_NUMBER --env=dev
+          DEBUG=* npm run deploy -- --pr=$PR_NUMBER --config=$PIPELINE_CONFIG --phase=pr
 
   # Report the overall status of all jobs.
   # Why? Skipped jobs are not considered successes when specifying requird jobs in the GitHub PR settings. Rather than
@@ -606,6 +650,7 @@ jobs:
       - checkEnv
       - skipDuplicateActions
       - checkoutRepo
+      - getPipelineConfigMap
       - buildAPP
       - buildDatabase
       - buildDatabaseSetup

.github/workflows/deployStatic.yml

@@ -334,7 +334,7 @@ jobs:
       - name: Deploy APP Image
         working-directory: "app/.pipeline"
         run: |
-          DEBUG=* npm run deploy -- --pr=$PR_NUMBER --env=$BRANCH --branch=$BRANCH --type=static
+          DEBUG=* npm run deploy -- --pr=$PR_NUMBER --phase=$BRANCH --branch=$BRANCH --type=static
 
   # Deploy Database image
   deployDatabase:
@@ -385,7 +385,7 @@ jobs:
       - name: Deploy Database Image
         working-directory: "database/.pipeline/"
         run: |
-          DEBUG=* npm run db:deploy -- --pr=$PR_NUMBER --env=$BRANCH --branch=$BRANCH --type=static
+          DEBUG=* npm run db:deploy -- --pr=$PR_NUMBER --phase=$BRANCH --branch=$BRANCH --type=static
 
   # Deploy Database setup image
   deployDatabaseSetup:
@@ -437,7 +437,7 @@ jobs:
       - name: Deploy Database Setup Image
         working-directory: "database/.pipeline/"
         run: |
-          DEBUG=* npm run db-setup:deploy -- --pr=$PR_NUMBER --env=$BRANCH --branch=$BRANCH --type=static
+          DEBUG=* npm run db-setup:deploy -- --pr=$PR_NUMBER --phase=$BRANCH --branch=$BRANCH --type=static
 
   # Deploy API image
   deployAPI:
@@ -489,7 +489,7 @@ jobs:
       - name: Deploy API Image
         working-directory: "api/.pipeline/"
         run: |
-          DEBUG=* npm run deploy -- --pr=$PR_NUMBER --env=$BRANCH --branch=$BRANCH --type=static
+          DEBUG=* npm run deploy -- --pr=$PR_NUMBER --phase=$BRANCH --branch=$BRANCH --type=static
 
   # Clean build/deployment artifacts
   clean:
@@ -538,24 +538,24 @@ jobs:
         working-directory: "app/.pipeline/"
         run: |
           npm ci
-          DEBUG=* npm run clean -- --pr=$PR_NUMBER --env=build
-          DEBUG=* npm run clean -- --pr=$PR_NUMBER --env=dev
+          DEBUG=* npm run clean -- --pr=$PR_NUMBER --phase=build
+          DEBUG=* npm run clean -- --pr=$PR_NUMBER --phase=dev
 
       # Clean the database build/deployment artifacts
       - name: Clean Database Artifacts
         working-directory: "database/.pipeline/"
         run: |
           npm ci
-          DEBUG=* npm run clean -- --pr=$PR_NUMBER --env=build
-          DEBUG=* npm run clean -- --pr=$PR_NUMBER --env=dev
+          DEBUG=* npm run clean -- --pr=$PR_NUMBER --phase=build
+          DEBUG=* npm run clean -- --pr=$PR_NUMBER --phase=dev
 
       # Clean the api deployment artifacts
       - name: Clean API Deployment
         working-directory: "api/.pipeline/"
         run: |
           npm ci
-          DEBUG=* npm run clean -- --pr=$PR_NUMBER --env=build
-          DEBUG=* npm run clean -- --pr=$PR_NUMBER --env=dev
+          DEBUG=* npm run clean -- --pr=$PR_NUMBER --phase=build
+          DEBUG=* npm run clean -- --pr=$PR_NUMBER --phase=dev
 
       # Clean the reamaining build/deployment artifacts
       - name: Clean remaining Artifacts

.pipeline/README.md

@@ -0,0 +1,17 @@
+# Openshift Config Map
+
+`sims-pipeline-config.json` is a sample of the config map that should be created in each openshift environment.
+
+It is not guaranteed to contain the correct values.
+
+The config map is validated at build time against the `PipelineConfigMapSchema` zod schema, which should always be kept up to date. See `configMapSchema.js` in each of the api, app, and database `/.pipeline` folders.
+
+**Note: This config map should never contain secrets, passwords, or other sensitive values. Those should always be stored in Openshift secrets.**
+
+## Create Config Map in Openshift
+
+Under `Workloads` -> `ConfigMaps`
+
+- **name:** `sims-pipeline-config`
+  - **key:** `config`
+  - **value:** A JSON object containing the config map settings.