chore(ci): Docker Compose updates (#41)

bcgov · Aug 13, 2024 · 076ac9b · 076ac9b
1 parent be73dbd
commit 076ac9b
Show file tree

Hide file tree

Showing 8 changed files with 57,893 additions and 123 deletions.
diff --git a/.github/workflows/.tests.yml b/.github/workflows/.tests.yml
@@ -1,25 +1,25 @@
-# name: .Tests
+name: .Tests
 
-# on:
-#   workflow_call:
-#     inputs:
-#       ### Required
-#       target:
-#         description: PR number, test or prod
-#         required: true
-#         type: string
+on:
+  workflow_call:
+    inputs:
+      ### Required
+      target:
+        description: PR number, test or prod
+        required: true
+        type: string
 
-#       ### Typical / recommended
-#       triggers:
-#         description: Bash array to diff for build triggering; omit to always fire
-#         required: false
-#         type: string
+      ### Typical / recommended
+      triggers:
+        description: Bash array to diff for build triggering; omit to always fire
+        required: false
+        type: string
 
-# env:
-#   DOMAIN: apps.silver.devops.gov.bc.ca
-#   PREFIX: ${{ github.event.repository.name }}-${{ inputs.target }}
+env:
+  DOMAIN: apps.silver.devops.gov.bc.ca
+  PREFIX: ${{ github.event.repository.name }}-${{ inputs.target }}
 
-# jobs:
+jobs:
   # integration-tests:
   #   name: Integration
   #   runs-on: ubuntu-22.04

diff --git a/.github/workflows/analysis.yml b/.github/workflows/analysis.yml
@@ -1,20 +1,20 @@
-# name: Analysis
+name: Analysis
 
-# on:
-#   push:
-#     branches: [main]
-#   pull_request:
-#     types: [opened, reopened, synchronize, ready_for_review, converted_to_draft]
-#   schedule:
-#     - cron: "0 11 * * 0" # 3 AM PST = 12 PM UDT, runs sundays
-#   workflow_dispatch:
+on:
+  push:
+    branches: [main]
+  pull_request:
+    types: [opened, reopened, synchronize, ready_for_review, converted_to_draft]
+  schedule:
+    - cron: "0 11 * * 0" # 3 AM PST = 12 PM UDT, runs sundays
+  workflow_dispatch:
 
-# concurrency:
-#   group: ${{ github.workflow }}-${{ github.ref }}
-#   cancel-in-progress: true
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
 
-# jobs:
-#   tests:
+jobs:
+#   tests:  
 #     name: Tests
 #     if: ${{ ! github.event.pull_request.draft }}
 #     runs-on: ubuntu-22.04
@@ -58,32 +58,33 @@
 #           triggers: ('${{ matrix.dir }}/')
 
   # https://github.com/marketplace/actions/aqua-security-trivy
-  # trivy:
-  #   name: Trivy Security Scan
-  #   if: ${{ ! github.event.pull_request.draft }}
-  #   runs-on: ubuntu-22.04
-  #   timeout-minutes: 1
-  #   steps:
-  #     - uses: actions/checkout@v4
-  #     - name: Run Trivy vulnerability scanner in repo mode
-  #       uses: aquasecurity/trivy-action@0.23.0
-  #       with:
-  #         format: "sarif"
-  #         output: "trivy-results.sarif"
-  #         ignore-unfixed: true
-  #         scan-type: "fs"
-  #         scanners: "vuln,secret,config"
-  #         severity: "CRITICAL,HIGH"
+  trivy:
+    name: Trivy Security Scan
+    if: ${{ ! github.event.pull_request.draft }}
+    runs-on: ubuntu-22.04
+    timeout-minutes: 1
+    steps:
+      - uses: actions/checkout@v4
+      - name: Run Trivy vulnerability scanner in repo mode
+        uses: aquasecurity/trivy-action@0.23.0
+        with:
+          format: "sarif"
+          output: "trivy-results.sarif"
+          ignore-unfixed: true
+          scan-type: "fs"
+          scanners: "vuln,secret,config"
+          severity: "CRITICAL,HIGH"
 
-  #     - name: Upload Trivy scan results to GitHub Security tab
-  #       uses: github/codeql-action/upload-sarif@v3
-  #       with:
-  #         sarif_file: "trivy-results.sarif"
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: "trivy-results.sarif"
 
-  # results:
-  #   name: Analysis Results
-  #   needs: [tests, trivy]
-  #   runs-on: ubuntu-22.04
-  #   steps:
-  #     - run: echo "Success!"
+  results:
+    name: Analysis Results
+    # needs: [tests, trivy]
+    needs: [trivy]
+    runs-on: ubuntu-22.04
+    steps:
+      - run: echo "Success!"
 
diff --git a/.github/workflows/merge.yml b/.github/workflows/merge.yml
@@ -36,7 +36,7 @@ jobs:
   # https://github.com/bcgov/quickstart-openshift-helpers
   deploy-test:
     name: Deploy (test)
-    uses: bcgov/quickstart-openshift-helpers/.github/workflows/.deployer.yml@v0.5.0
+    uses: bcgov/quickstart-openshift-helpers/.github/workflows/.deployer.yml@v0.6.1
     secrets:
       oc_namespace: ${{ secrets.OC_NAMESPACE }}
       oc_token: ${{ secrets.OC_TOKEN }}
@@ -46,7 +46,7 @@ jobs:
   # deploy-prod:
   #   name: Deploy (prod)
   #   needs: [deploy-test, vars]
-  #   uses: bcgov/quickstart-openshift-helpers/.github/workflows/.deployer.yml@v0.5.0
+  #   uses: bcgov/quickstart-openshift-helpers/.github/workflows/.deployer.yml@v0.6.1
   #   secrets:
   #     oc_namespace: ${{ secrets.OC_NAMESPACE }}
   #     oc_token: ${{ secrets.OC_TOKEN }}

diff --git a/.github/workflows/pr-close.yml b/.github/workflows/pr-close.yml
@@ -12,7 +12,7 @@ concurrency:
 jobs:
   cleanup:
     name: Cleanup and Images
-    uses: bcgov/quickstart-openshift-helpers/.github/workflows/.pr-close.yml@v0.5.0
+    uses: bcgov/quickstart-openshift-helpers/.github/workflows/.pr-close.yml@v0.6.1
     secrets:
       oc_namespace: ${{ secrets.OC_NAMESPACE }}
       oc_token: ${{ secrets.OC_TOKEN }}

diff --git a/.github/workflows/pr-open.yml b/.github/workflows/pr-open.yml
@@ -30,7 +30,7 @@ jobs:
   # deploys:
   #   name: Deploys
   #   needs: [builds]
-  #   uses: bcgov/quickstart-openshift-helpers/.github/workflows/.deployer.yml@v0.5.0
+  #   uses: bcgov/quickstart-openshift-helpers/.github/workflows/.deployer.yml@v0.6.1
   #   secrets:
   #     oc_namespace: ${{ secrets.OC_NAMESPACE }}
   #     oc_token: ${{ secrets.OC_TOKEN }}

diff --git a/.github/workflows/pr-validate.yml b/.github/workflows/pr-validate.yml
@@ -12,7 +12,7 @@ jobs:
   validate:
     name: Validate PR
     if: (! github.event.pull_request.draft)
-    uses: bcgov/quickstart-openshift-helpers/.github/workflows/.pr-validate.yml@v0.5.0
+    uses: bcgov/quickstart-openshift-helpers/.github/workflows/.pr-validate.yml@v0.6.1
     with:
       markdown_links: |
         - [Frontend](https://${{ github.event.repository.name }}-${{ github.event.number }}-frontend.apps.silver.devops.gov.bc.ca)

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -8,6 +8,7 @@
 #        For example:
 #          docker login -u garywong-bc -p `oc whoami -t` docker-registry.pathfinder.gov.bc.ca
 services:
+
 #############################################################################################
 ###                                       Minio-Pub                                       ###
 #############################################################################################
@@ -16,17 +17,16 @@ services:
       context: ./gwells/openshift/docker/minio/
     hostname: minio
     ports:
-    - "9000:9000"
+      - "9000:9000"
     volumes:
-    - /data
+      - /data
     environment:
       MINIO_ACCESS_KEY: minio
       MINIO_SECRET_KEY: minio1234
       MINIO_DATA_DIR: /data
     entrypoint: /minio-entrypoint.sh
     command: server /data
-    networks:
-      - gwells-network
+
 #############################################################################################
 ###                                       Minio-Priv                                      ###
 #############################################################################################
@@ -35,17 +35,16 @@ services:
       context: ./gwells/openshift/docker/minio/
     hostname: minio
     ports:
-    - "9001:9001"
+      - "9001:9001"
     volumes:
-    - /data
+      - /data
     environment:
       MINIO_ACCESS_KEY: minio
       MINIO_SECRET_KEY: minio1234
       MINIO_DATA_DIR: /data
     entrypoint: /minio-entrypoint.sh
     command: server --address :9001 /data
-    networks:
-      - gwells-network
+
 #############################################################################################
 ###                                       CrunchyDB                                       ###
 #############################################################################################
@@ -72,21 +71,17 @@ services:
       TILESERVER_USER: ftw_reader
       TILESERVER_PASSWORD: test1
     ports:
-    - "5432:5432"
+      - "5432:5432"
     volumes:
-      - pgdata-volume:/pgdata:z
-      - type: bind
-        source: ./database/scripts/local_dev/setup.sql
-        target: /pgconf/setup.sql
-        consistency: cached
+      - /pgdata
+      - ./database/scripts/local_dev/setup.sql:/pgconf/setup.sql
     healthcheck:
       test: ["CMD-SHELL", "/usr/pgsql-12/bin/pg_isready", "-d", "gwells"]
       interval: 20s
       timeout: 30s
       retries: 5
       start_period: 120s
-    networks:
-      - gwells-network
+
 #############################################################################################
 ###                                       Tileserv                                        ###
 #############################################################################################
@@ -96,16 +91,15 @@ services:
       - db
     platform: linux/x86_64
     image: pramsey/pg_tileserv:20231005
-    env_file:
-    - path: ./.env.test
-      required: false
+    # env_file:
+    # - path: ./.env.test
+    #   required: false
     environment:
       DATABASE_URL: "postgres://ftw_reader:${DATABASE_PASSWORD:-test1}@${GWELLS_SERVICE_HOST:-db}:${GWELLS_SERVICE_PORT:-5432}/gwells"
     ports:
       - "7800:7800"
     entrypoint: sh -c "sleep 10; /app/pg_tileserv"
-    networks:
-      - gwells-network
+
 #############################################################################################
 ###                                       Frontend                                        ###
 #############################################################################################
@@ -116,7 +110,7 @@ services:
       dockerfile: Dockerfile
     hostname: frontend
     environment:
-      DEBUG: "True"
+      DEBUG: "true"
       VUE_APP_AXIOS_BASE_URL: /api/
       VUE_APP_VECTOR_TILE_BASE_URL: "/tiles/"
       VECTOR_TILE_SERVER: "http://tileserv:7800/"
@@ -126,14 +120,11 @@ services:
     ports:
       - "8080:8080"
     volumes:
-      - type: bind
-        source: ./frontend
-        target: /frontend
+      - ./frontend:/frontend
       - /frontend/node_modules/
     depends_on:
       - backend
-    networks:
-      - gwells-network
+
 #############################################################################################
 ###                                       Backend                                         ###
 #############################################################################################
@@ -157,10 +148,10 @@ services:
       DATABASE_PASSWORD: "${DATABASE_PASSWORD:-test1}"
       DATABASE_SERVICE_NAME: gwells
       DJANGO_ADMIN_URL: admin
-      DJANGO_DEBUG: "True"
+      DJANGO_DEBUG: "true"
       DJANGO_SECRET_KEY: secret
-      ENABLE_ADDITIONAL_DOCUMENTS: "True"
-      ENABLE_AQUIFERS_SEARCH: "True"
+      ENABLE_ADDITIONAL_DOCUMENTS: "true"
+      ENABLE_AQUIFERS_SEARCH: "true"
       GWELLS_SERVICE_HOST: "${GWELLS_SERVICE_HOST:-db}"
       GWELLS_SERVICE_PORT: "${GWELLS_SERVICE_PORT:-5432}"
       MINIO_ACCESS_KEY: minio
@@ -193,8 +184,8 @@ services:
       S3_USE_SECURE: 0
       EMAIL_NOTIFICATION_RECIPIENT: sustainment.team@gov.bc.ca
       GEOCODER_ADDRESS_API_BASE: https://geocoder.api.gov.bc.ca/addresses.json?
-      LOCAL: True
-      LOAD_FIXTURES: True
+      LOCAL: "true"
+      LOAD_FIXTURES: "true"
     command: /bin/bash -c "
       python3 -m pip install --upgrade pip &&
       python3 -m pip install ptvsd &&
@@ -205,48 +196,27 @@ services:
       python3 manage.py collectstatic --noinput &&
       python3 manage.py export --cleanup=1 --upload=1 &&
       python3 manage.py runserver 0.0.0.0:8000"
-    volumes:
-      - type: bind
-        source: ./backend
-        target: /backend
-        consistency: cached
-      # - type: bind
-      #   source: ./backend-command-script.sh
-      #   target: /backend-command-script.sh
-      #   consistency: cached
+    volumes: 
+      - ./backend:/backend
+      # - ./backend-command-script.sh:/backend-command-script.sh
     ports:
       - "8000:8000"
       - "3000:3000"
     depends_on:
       db:
         condition: service_healthy
-    networks:
-      - gwells-network
 
 #############################################################################################
-###                                       Volumes                                         ###
+###                                       PGAdmin                                         ###
 #############################################################################################
   pgadmin:
     container_name: gwells-pgadmin
+    profiles: ["pgadmin"]
     image: dpage/pgadmin4
     ports:
       - 5050:80
     environment:
       PGADMIN_DEFAULT_PASSWORD: admin
       PGADMIN_DEFAULT_EMAIL: admin@gwells.com
-    networks:
-      - gwells-network
-
-
-#############################################################################################
-###                                       Volumes                                         ###
-#############################################################################################
-volumes:
-  pgdata-volume:
-
-#############################################################################################
-###                                       Network                                         ###
-#############################################################################################
-networks:
-  gwells-network:
-    driver: "bridge"
+    depends_on:
+      - db