chore(ci): deploy backend (#54)

Co-authored-by: Derek Roberts <derek.roberts@gmail.com>

.github/workflows/.deploy.yml

@@ -19,10 +19,40 @@ on:
         type: string
 
 jobs:
+  init:
+    name: Initialize
+    runs-on: ubuntu-latest
+    steps:
+      - name: Initialize
+        uses: bcgov-nr/action-deployer-openshift@v3.0.0
+        with:
+          oc_namespace: ${{ vars.OC_NAMESPACE }}
+          oc_server: ${{ vars.OC_SERVER }}
+          oc_token: ${{ secrets.OC_TOKEN }}
+          file: common/openshift.init.yml
+          overwrite: true
+          parameters:
+            -p NAME_SUFFIX=-dev-${{ github.event.number }}
+            -p POSTGRESQL_PASSWORD=${{ secrets.POSTGRES_PASSWORD }}
+            -p FDW_DATABASE_PASSWORD=${{ secrets.FDW_DATABASE_PASSWORD }}
+            -p DJANGO_ADMIN_PASSWORD=${{ secrets.DJANGO_ADMIN_PASSWORD }}
+            -p DJANGO_ADMIN_URL=${{ secrets.DJANGO_ADMIN_URL }}
+            -p DJANGO_ADMIN_USER=${{ secrets.DJANGO_ADMIN_USER }}
+            -p DJANGO_SECRET_KEY=${{ secrets.DJANGO_SECRET_KEY }}
+            -p E_LICENSING_AUTH_USERNAME=${{ secrets.E_LICENSING_AUTH_USERNAME }}
+            -p E_LICENSING_AUTH_PASSWORD=${{ secrets.E_LICENSING_AUTH_PASSWORD }}
+            # -p S3_PUBLIC_ACCESS_KEY=${{ secrets.S3_PUBLIC_ACCESS_KEY }}
+            # -p S3_PUBLIC_SECRET_KEY=${{ secrets.S3_PUBLIC_SECRET_KEY }}
+            # -p S3_HOST=${{ secrets.S3_HOST }}
+            # -p S3_ROOT_BUCKET=${{ secrets.S3_ROOT_BUCKET }}
+            # -p MINIO_ACCESS_KEY=${{ secrets.MINIO_ACCESS_KEY }}
+            # -p MINIO_SECRET_KEY=${{ secrets.MINIO_SECRET_KEY }}
+
   database:
     name: Database
+    needs: init
     # environment: ${{ inputs.environment }}
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-latest
     steps:
       # - name: Deploy Frontend
       #   uses: bcgov-nr/action-deployer-openshift@v3.0.0
@@ -44,15 +74,57 @@ jobs:
           file: database/postgresql.dc.yml
           overwrite: true
           parameters:
-            -p DATABASE_SERVICE_NAME=nr-gwells-pg12-dev-${{ github.event.number }}
+            -p DATABASE_SERVICE_NAME=gwells-pg12-dev-${{ github.event.number }}
             -p IMAGE_STREAM_NAMESPACE=${{ vars.OC_NAMESPACE }}
             -p IMAGE_STREAM_NAME=crunchy-postgres-gis
             -p NAME_SUFFIX=-dev-${{ github.event.number }}
-            -p POSTGRESQL_DATABASE=gwells
             -p VOLUME_CAPACITY=1Gi
             -p STORAGE_CLASS=netapp-file-standard
             -p REQUEST_CPU=200m
             -p REQUEST_MEMORY=512Mi
             -p LIMIT_CPU=500m
             -p LIMIT_MEMORY=1Gi
-            -p POSTGRESQL_PASSWORD=${{ secrets.POSTGRES_PASSWORD }}
+
+  backend:
+    name: Backend
+    needs: [ init, database ]
+    # environment: ${{ inputs.environment }}
+    runs-on: ubuntu-latest
+    steps:
+      - name: Deploy Backend
+        uses: bcgov-nr/action-deployer-openshift@v3.0.0
+        with:
+            oc_namespace: ${{ vars.OC_NAMESPACE }}
+            oc_server: ${{ vars.OC_SERVER }}
+            oc_token: ${{ secrets.OC_TOKEN }}
+            file: backend/openshift.backend.yml
+            parameters:
+                -p NAME_SUFFIX=-dev-${{ github.event.number }}
+                -p ENV_NAME=dev
+                -p E_LICENSING_URL=${{ vars.E_LICENSING_URL }}
+                -p DB_REPLICATE=${{ vars.DB_REPLICATE }}
+                -p DJANGO_DEBUG=${{ vars.DJANGO_DEBUG }}
+                -p ENABLE_ADDITIONAL_DOCUMENTS=${{ vars.ENABLE_ADDITIONAL_DOCUMENTS }}
+                -p S3_PRIVATE_BUCKET=${{ vars.S3_PRIVATE_BUCKET }}
+                -p S3_PRIVATE_HOST=${{ vars.S3_PRIVATE_HOST }}
+                -p S3_WELL_EXPORT_BUCKET=${{ vars.S3_WELL_EXPORT_BUCKET }}
+                -p SSO_AUDIENCE=${{ vars.SSO_AUDIENCE }}
+                -p SSO_AUTH_HOST=${{ vars.SSO_AUTH_HOST }}
+                -p SSO_CLIENT=${{ vars.SSO_CLIENT }}
+                -p SSO_IDP_HINT=${{ vars.SSO_IDP_HINT }}
+                -p SSO_PORT=${{ vars.SSO_PORT }}
+                -p SSO_PUBKEY=${{ vars.SSO_PUBKEY }}
+                -p SSO_REALM=${{ vars.SSO_REALM }}
+                -p SSO_TEST_AUDIENCE=${{ vars.SSO_TEST_AUDIENCE }}
+                -p SSO_TEST_CLIENT=${{ vars.SSO_TEST_CLIENT }}
+                -p GDAL_LIBRARY_PATH=${{ vars.GDAL_LIBRARY_PATH }}
+                -p GEOS_LIBRARY_PATH=${{ vars.GEOS_LIBRARY_PATH }}
+                -p S3_AQUIFER_BUCKET=${{ vars.S3_AQUIFER_BUCKET }}
+                -p S3_REGISTRANT_BUCKET=${{ vars.S3_REGISTRANT_BUCKET }}
+                -p S3_PRIVATE_ROOT_BUCKET=${{ vars.S3_PRIVATE_ROOT_BUCKET }}
+                -p S3_PRIVATE_AQUIFER_BUCKET=${{ vars.S3_PRIVATE_AQUIFER_BUCKET }}
+                -p S3_PRIVATE_REGISTRANT_BUCKET=${{ vars.S3_PRIVATE_REGISTRANT_BUCKET }}
+                -p S3_PRIVATE_WELL_BUCKET=${{ vars.S3_PRIVATE_WELL_BUCKET }}
+                -p ENABLE_AQUIFERS_SEARCH=${{ vars.ENABLE_AQUIFERS_SEARCH }}
+                -p EMAIL_NOTIFICATION_RECIPIENT=${{ vars.EMAIL_NOTIFICATION_RECIPIENT }}
+                -p GEOCODER_ADDRESS_API_BASE=${{ vars.GEOCODER_ADDRESS_API_BASE }}

.github/workflows/.tests.yml

@@ -22,7 +22,7 @@ env:
 jobs:
   # integration-tests:
   #   name: Integration
-  #   runs-on: ubuntu-22.04
+  #   runs-on: ubuntu-latest
   #   timeout-minutes: 1
   #   steps:
   #     - uses: actions/checkout@v4
@@ -49,7 +49,7 @@ jobs:
     # defaults:
     #   run:
     #     working-directory: frontend
-    # runs-on: ubuntu-22.04
+    # runs-on: ubuntu-latest
     # timeout-minutes: 5
     # strategy:
     #   matrix:
@@ -85,7 +85,7 @@ jobs:
 
   # load-tests:
     # name: Load
-    # runs-on: ubuntu-22.04
+    # runs-on: ubuntu-latest
     # strategy:
     #   matrix:
     #     name: [backend, frontend]

.github/workflows/analysis.yml

@@ -1,12 +1,12 @@
 name: Analysis
 
 on:
-  push:
-    branches: [main]
-  pull_request:
-    types: [opened, reopened, synchronize, ready_for_review, converted_to_draft]
-  schedule:
-    - cron: "0 11 * * 0" # 3 AM PST = 12 PM UDT, runs sundays
+  # push:
+  #   branches: [main]
+  # pull_request:
+  #   types: [opened, reopened, synchronize, ready_for_review, converted_to_draft]
+  # schedule:
+  #   - cron: "0 11 * * 0" # 3 AM PST = 12 PM UDT, runs sundays
   workflow_dispatch:
 
 concurrency:
@@ -17,7 +17,7 @@ jobs:
 #   tests:  
 #     name: Tests
 #     if: ${{ ! github.event.pull_request.draft }}
-#     runs-on: ubuntu-22.04
+#     runs-on: ubuntu-latest
 #     timeout-minutes: 5
 #     services:
 #       postgres:
@@ -61,7 +61,7 @@ jobs:
   trivy:
     name: Trivy Security Scan
     if: ${{ ! github.event.pull_request.draft }}
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-latest
     timeout-minutes: 1
     steps:
       - uses: actions/checkout@v4
@@ -84,7 +84,7 @@ jobs:
     name: Analysis Results
     # needs: [tests, trivy]
     needs: [trivy]
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-latest
     steps:
       - run: echo "Success!"
 

.github/workflows/merge.yml

@@ -25,7 +25,7 @@ jobs:
     name: Set Variables
     outputs:
       pr: ${{ steps.pr.outputs.pr }}
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-latest
     timeout-minutes: 1
     steps:
       # Get PR number for squash merges to main
@@ -61,7 +61,7 @@ jobs:
   # promote:
   #   name: Promote Images
   #   needs: [deploy-prod, vars]
-  #   runs-on: ubuntu-22.04
+  #   runs-on: ubuntu-latest
   #   permissions:
   #     packages: write
   #   strategy:

.github/workflows/pr-open.yml

@@ -9,14 +9,14 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
-  # https://github.com/bcgov-nr/action-builder-ghcr
+  # # https://github.com/bcgov-nr/action-builder-ghcr
   builds:
     name: Builds
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-latest
     strategy:
       matrix:
-        package: [backend, frontend]
-    timeout-minutes: 10
+        package: [database, backend]
+    timeout-minutes: 20
     steps:
       - uses: bcgov-nr/action-builder-ghcr@v2.2.0
         with:
@@ -40,17 +40,17 @@ jobs:
   #   with:
   #     target: ${{ github.event.number }}
 
-  results:
-    name: PR Results
-    # needs: [builds, deploys, tests]
-    if: always() && (!failure()) && (!cancelled())
-    runs-on: ubuntu-22.04
-    steps:
-      - run: echo "Success!"
+  # results:
+  #   name: PR Results
+  #   # needs: [builds, deploys, tests]
+  #   if: always() && (!failure()) && (!cancelled())
+  #   runs-on: ubuntu-latest
+  #   steps:
+  #     - run: echo "Success!"
 
   # dump:
   #   name: Dump Context
-  #   runs-on: ubuntu-22.04
+  #   runs-on: ubuntu-latest
   #   env:
   #     CONTEXT: ${{ toJson(github) }}
   #   steps:

.github/workflows/pr-validate.yml

@@ -22,6 +22,6 @@ jobs:
     name: Validate Results
     if: always()
     needs: [validate]
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-latest
     steps:
       - run: echo "Success!"

.github/workflows/scheduled.yml

@@ -53,7 +53,7 @@ jobs:
 
   generate-schema-spy:
     name: Generate SchemaSpy Documentation
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-latest
     services:
       postgres:
         image: postgis/postgis:16-3.4

backend/.dockerignore

@@ -4,7 +4,7 @@
 .github
 .idea
 .vscode
-Dockerfile
+Dockerfile*
 CODE_OF_CONDUCT*
 CONTRIBUTING*
 LICENSE*
@@ -16,9 +16,10 @@ node_modules
 npm-debug.log
 
 # App-specific exclusions
-# coverage
-# e2e
-# migrations
-# output
-# test
-# tests
+coverage
+cypress
+e2e
+migrations
+output
+test
+tests

backend/Dockerfile

@@ -1,31 +1,91 @@
-FROM python:3.6.15-slim-buster AS build
-
-RUN apt-get -y update && apt-get -y install \
-    git \
-    build-essential \
-    gdal-bin \
-    libgdal-dev
-
-RUN echo "Checking gdal-config installation"
-RUN find / -name gdal-config
-
-ENV PATH="/usr/bin:${PATH}"
+FROM python:3.7-slim
+
+# Envars
+ENV ENVIRONMENT="local"
+ENV APP_CONTEXT_ROOT=gwells
+ENV CSRF_COOKIE_SECURE="False"
+ENV CUSTOM_GDAL_GEOS="False"
+ENV DATABASE_NAME=gwells
+ENV DATABASE_USER="gwells"
+ENV DATABASE_PASSWORD="test1"
+ENV DATABASE_SERVICE_NAME=gwells
+ENV DJANGO_ADMIN_URL=admin
+ENV DJANGO_DEBUG="true"
+ENV DJANGO_SECRET_KEY=secret
+ENV ENABLE_ADDITIONAL_DOCUMENTS="true"
+ENV ENABLE_AQUIFERS_SEARCH="true"
+ENV GWELLS_SERVICE_HOST="db"
+ENV GWELLS_SERVICE_PORT="5432"
+ENV MINIO_ACCESS_KEY=minio
+ENV MINIO_SECRET_KEY=minio1234
+ENV PYTHONUNBUFFERED="1"
+ENV SESSION_COOKIE_SECURE="False"
+ENV SSO_AUDIENCE=gwells-4121
+ENV SSO_CLIENT=gwells-4121
+ENV SSO_TEST_AUDIENCE=gwells-api-tests-4820
+ENV SSO_TEST_CLIENT=gwells-api-tests-4820
+ENV SSO_AUTH_HOST=https://test.loginproxy.gov.bc.ca/auth
+ENV SSO_IDP_HINT="undefined"
+ENV SSO_PORT=0
+ENV SSO_REALM=standard
+ENV SSO_PUBKEY=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiFdv9GA83uHuy8Eu9yiZHGGF9j6J8t7FkbcpaN81GDjwbjsIJ0OJO9dKRAx6BAtTC4ubJTBJMPvQER5ikOhIeBi4o25fg61jpgsU6oRZHkCXc9gX6mrjMjbsPaf3/bjjYxP5jicBDJQeD1oRa24+tiGggoQ7k6gDEN+cRYqqNpzC/GQbkUPk8YsgroncEgu8ChMh/3ERsLV2zorchMANUq76max16mHrhtWIQxrb/STpSt4JuSlUzzBV/dcXjJe5gywZHe0jAutFhNqjHzHdgyaC4RAd3eYQo+Kl/JOgy2AZrnx+CiPmvOJKe9tAW4k4H087ng8aVE40v4HW/FEbnwIDAQAB
+ENV S3_HOST=minio-public:9000
+ENV S3_PRIVATE_HOST=minio-private:9001
+ENV S3_PRIVATE_BUCKET=gwells
+ENV S3_PRIVATE_ROOT_BUCKET=gwells
+ENV S3_PRIVATE_WELL_BUCKET=well-docs
+ENV S3_PRIVATE_AQUIFER_BUCKET=aquifer-docs
+ENV S3_PRIVATE_REGISTRANT_BUCKET=driller-docs
+ENV S3_PUBLIC_ACCESS_KEY=minio
+ENV S3_PUBLIC_SECRET_KEY=minio1234
+ENV S3_AQUIFER_BUCKET=aquifer-docs
+ENV S3_REGISTRANT_BUCKET=driller-docs
+ENV S3_ROOT_BUCKET=gwells
+ENV S3_WELL_BUCKET=well-docs
+ENV S3_WELL_EXPORT_BUCKET=gwells
+ENV S3_USE_SECURE=0
+ENV EMAIL_NOTIFICATION_RECIPIENT=sustainment.team@gov.bc.ca
+ENV GEOCODER_ADDRESS_API_BASE=https://geocoder.api.gov.bc.ca/addresses.json?
+ENV LOCAL="true"
+ENV LOAD_FIXTURES="true"
+
+# Install dependencies
+RUN apt-get -y update
+
+RUN apt-get -y install git build-essential gdal-bin libgdal-dev
+
+ENV PATH="/usr/bin/python3:${PATH}"
 
 WORKDIR /app
 
-RUN python3 -m pip install 'setuptools<58.0'
 RUN python3 -m pip install --upgrade pip
 RUN python3 -m pip install ptvsd
+RUN python3 -m pip install 'setuptools<58.0'
 
 COPY . /app
-COPY ./backend-command-script.sh /backend-command-script.sh
+# COPY ./backend-command-script.sh /backend-command-script.sh
 COPY ./requirements.txt /requirements.txt
 
 # RUN chmod +x load_fixtures.sh works when i pull the dockerfile into backend but not when dockerfile is with other docker files
 RUN chmod +x /app
 
+# RUN python3 -m pip install -r requirements.txt
+
 RUN python3 -m pip install -r requirements.txt
 
+# TODO: move to entrypoint in deployment template?
+# chmod -R 777 /app && \
+CMD sh -c "python3 manage.py migrate --noinput && \
+    ./load_fixtures.sh all && \
+    python3 manage.py createinitialrevisions && \
+    python3 manage.py collectstatic --noinput && \
+    # python3 manage.py export --cleanup=1 --upload=1 && \
+    python3 manage.py runserver 0.0.0.0:8000"
+
+# RUN mkdir -p /app/staticfiles/admin/css && \
+#     ln -s /app/staticfiles /tmp/staticfiles && \
+#     chmod -R 777 /app/staticfiles
+
 # make script executable
 # RUN chmod +x /backend/backend-command-script.sh
 
@@ -56,4 +116,4 @@ RUN python3 -m pip install -r requirements.txt
 # make script executable
 # RUN chmod +x /backend/backend-command-script.sh
 
-# CMD ["python3", "manage.py", "runserver", "0.0.0.0:8000"]
+# CMD ["python3", "manage.py", "runserver", "0.0.0.0:8000"]