Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(ci): deploy backend #54

Merged
merged 95 commits into from
Sep 26, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
95 commits
Select commit Hold shift + click to select a range
5a910ee
Move backed deployment config.
fergmac Sep 10, 2024
697b632
Add backend deploy job - in progress.
fergmac Sep 10, 2024
6857bd7
Add backend deploy parameters.
fergmac Sep 10, 2024
fa55fd5
Update secret reference name.
fergmac Sep 10, 2024
d2b3afd
Switch templates
DerekRoberts Sep 11, 2024
4e81e2b
Switch templates
DerekRoberts Sep 11, 2024
6c410eb
Migrate from deploymentConfig to deployment.
fergmac Sep 11, 2024
7801f5f
Update backed deployment.
fergmac Sep 12, 2024
d3f45a4
Update deploy workflow.
fergmac Sep 12, 2024
6741011
Comment out deployment secret object. Typo in gha.
fergmac Sep 12, 2024
db9221a
Wrap deployment parameters.
fergmac Sep 12, 2024
ea5fff7
Update secret type. Opaque is default. Use stringData to populate sec…
fergmac Sep 12, 2024
4f0378f
🙃 typo
fergmac Sep 12, 2024
fcef281
Update deployment file path.
fergmac Sep 12, 2024
0b3385a
Update deployment parameters.
fergmac Sep 12, 2024
a61269a
Update deployment params.
fergmac Sep 12, 2024
052725c
Update deployment variables.
fergmac Sep 12, 2024
2ddb1ac
Update env vars.
fergmac Sep 13, 2024
5ec34f2
Update global config configmap object.
fergmac Sep 13, 2024
d4e5bf8
Configmap uses data not stringData.
fergmac Sep 13, 2024
1aeab77
Update config values.
fergmac Sep 13, 2024
bed05aa
Reorder parameters.
fergmac Sep 13, 2024
2964a24
🙃 template typo.
fergmac Sep 13, 2024
18eb7f4
Update config values.
fergmac Sep 13, 2024
288ef28
Configmap update.
fergmac Sep 13, 2024
7e3dc77
Remove duplicate params.
fergmac Sep 13, 2024
4ccdc84
Update minio secret object.
fergmac Sep 13, 2024
506a49d
Comment out minio related code.
fergmac Sep 13, 2024
0983a06
Uncomment minio code.
fergmac Sep 13, 2024
264569b
Dial back some renames
DerekRoberts Sep 16, 2024
9fff968
Use ubuntu-latest for runners
DerekRoberts Sep 16, 2024
4c793fa
Split off database secrets into init
DerekRoberts Sep 16, 2024
a2a915a
Init w/ db pw
DerekRoberts Sep 16, 2024
5f6d1c7
Comment out builds temporarily
DerekRoberts Sep 16, 2024
a7b8293
Template path
DerekRoberts Sep 16, 2024
93ff362
Comment out analysis
DerekRoberts Sep 16, 2024
f9c62ea
Set init as db need/prereq
DerekRoberts Sep 16, 2024
08b4104
Init params
DerekRoberts Sep 16, 2024
2fd1efb
Backend needs/prereqs
DerekRoberts Sep 16, 2024
bb8240c
Add GH secret
DerekRoberts Sep 16, 2024
ebca98c
Update db secret name.
fergmac Sep 16, 2024
6585b5d
Add param to db dc template.
fergmac Sep 16, 2024
cf2279e
Update init.
fergmac Sep 16, 2024
7b52c49
Add params to init job.
fergmac Sep 16, 2024
6ee9151
Comment out init params.
fergmac Sep 16, 2024
c23c89f
Comment out more init params.
fergmac Sep 16, 2024
875ccbd
Add licensing params.
fergmac Sep 16, 2024
bbcdde6
Update image name.
fergmac Sep 17, 2024
dd08aad
Remove nr- prefix from deploy.
fergmac Sep 17, 2024
5feaa99
Uncomment build step.
fergmac Sep 17, 2024
222fce6
Re-comment and prefix.
fergmac Sep 17, 2024
8c9a9b7
Dial back Dockerfile
DerekRoberts Sep 17, 2024
b1c6417
Restore builds
DerekRoberts Sep 17, 2024
3c627b7
Extend build timeout
DerekRoberts Sep 17, 2024
003ec4c
Extend build timeout
DerekRoberts Sep 17, 2024
21a15ce
Dockerfile changes
DerekRoberts Sep 18, 2024
c93b983
Bring over backend dependency updates.
fergmac Sep 18, 2024
893e0f7
Add logs to data migrations.
fergmac Sep 18, 2024
99cf74c
Duplicate os import.
fergmac Sep 18, 2024
0ef0571
Push up data migration data.
fergmac Sep 18, 2024
d7b55a5
Push up registries regional areas zip.
fergmac Sep 18, 2024
b9903e1
Permission denied
DerekRoberts Sep 19, 2024
5c8dbbd
Permission denied
DerekRoberts Sep 19, 2024
faf6900
Permission denied
DerekRoberts Sep 19, 2024
7d12e2b
Permission denied
DerekRoberts Sep 19, 2024
3565eca
.dockerignore
DerekRoberts Sep 19, 2024
0be6f00
Permission denied
DerekRoberts Sep 19, 2024
06f46b0
Permission denied
DerekRoberts Sep 19, 2024
0021dfa
Permission denied
DerekRoberts Sep 19, 2024
d9891b6
Remove unused Helm charts
DerekRoberts Sep 19, 2024
39762fb
Remove unused template migrations
DerekRoberts Sep 19, 2024
188e5f0
Remove stale files
DerekRoberts Sep 19, 2024
109aa04
Keep working on pod write error
DerekRoberts Sep 19, 2024
c302361
Comment out builds and keep trying
DerekRoberts Sep 19, 2024
bf74fb2
Temporarily disable probes
DerekRoberts Sep 19, 2024
da4b820
Uncomment minio vars.
fergmac Sep 24, 2024
ee36816
Uncomment minio env vars in init.
fergmac Sep 24, 2024
1ce4b78
Uncomment minio env vars in deploy workflow.
fergmac Sep 24, 2024
6e5edf4
Comment out minio.
fergmac Sep 24, 2024
d670b17
Comment out deploy vars to test.
fergmac Sep 24, 2024
58df89c
Minio vars.
fergmac Sep 24, 2024
cd528fe
Undo minio updates.
fergmac Sep 24, 2024
574d80c
Recreate minio var.
fergmac Sep 24, 2024
ea806f6
Check directory for zip file.
fergmac Sep 24, 2024
1317ee9
Move log.
fergmac Sep 24, 2024
bac3686
Flush print statement.
fergmac Sep 24, 2024
0d2919e
Update dockerfile.
fergmac Sep 24, 2024
947d720
Clean up. Move zip to tmp directory.
fergmac Sep 25, 2024
63e4bb1
Comment out export.
fergmac Sep 25, 2024
77c61dc
Update backend template resources. Update Docker permissions.
fergmac Sep 25, 2024
ec240ea
Add /app to permission set.
fergmac Sep 25, 2024
b8879a9
Uncomment build job.
fergmac Sep 25, 2024
e338475
Uncomment needs builds for deploys.
fergmac Sep 25, 2024
688545e
Remove permission update.
fergmac Sep 25, 2024
7c3a2f9
Try tmp file again.
fergmac Sep 25, 2024
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
80 changes: 76 additions & 4 deletions .github/workflows/.deploy.yml
Original file line number Diff line number Diff line change
Expand Up @@ -19,10 +19,40 @@ on:
type: string

jobs:
init:
name: Initialize
runs-on: ubuntu-latest
steps:
- name: Initialize
uses: bcgov-nr/action-deployer-openshift@v3.0.0
with:
oc_namespace: ${{ vars.OC_NAMESPACE }}
oc_server: ${{ vars.OC_SERVER }}
oc_token: ${{ secrets.OC_TOKEN }}
file: common/openshift.init.yml
overwrite: true
parameters:
-p NAME_SUFFIX=-dev-${{ github.event.number }}
-p POSTGRESQL_PASSWORD=${{ secrets.POSTGRES_PASSWORD }}
-p FDW_DATABASE_PASSWORD=${{ secrets.FDW_DATABASE_PASSWORD }}
-p DJANGO_ADMIN_PASSWORD=${{ secrets.DJANGO_ADMIN_PASSWORD }}
-p DJANGO_ADMIN_URL=${{ secrets.DJANGO_ADMIN_URL }}
-p DJANGO_ADMIN_USER=${{ secrets.DJANGO_ADMIN_USER }}
-p DJANGO_SECRET_KEY=${{ secrets.DJANGO_SECRET_KEY }}
-p E_LICENSING_AUTH_USERNAME=${{ secrets.E_LICENSING_AUTH_USERNAME }}
-p E_LICENSING_AUTH_PASSWORD=${{ secrets.E_LICENSING_AUTH_PASSWORD }}
# -p S3_PUBLIC_ACCESS_KEY=${{ secrets.S3_PUBLIC_ACCESS_KEY }}
# -p S3_PUBLIC_SECRET_KEY=${{ secrets.S3_PUBLIC_SECRET_KEY }}
# -p S3_HOST=${{ secrets.S3_HOST }}
# -p S3_ROOT_BUCKET=${{ secrets.S3_ROOT_BUCKET }}
# -p MINIO_ACCESS_KEY=${{ secrets.MINIO_ACCESS_KEY }}
# -p MINIO_SECRET_KEY=${{ secrets.MINIO_SECRET_KEY }}

database:
name: Database
needs: init
# environment: ${{ inputs.environment }}
runs-on: ubuntu-22.04
runs-on: ubuntu-latest
steps:
# - name: Deploy Frontend
# uses: bcgov-nr/action-deployer-openshift@v3.0.0
Expand All @@ -44,15 +74,57 @@ jobs:
file: database/postgresql.dc.yml
overwrite: true
parameters:
-p DATABASE_SERVICE_NAME=nr-gwells-pg12-dev-${{ github.event.number }}
-p DATABASE_SERVICE_NAME=gwells-pg12-dev-${{ github.event.number }}
-p IMAGE_STREAM_NAMESPACE=${{ vars.OC_NAMESPACE }}
-p IMAGE_STREAM_NAME=crunchy-postgres-gis
-p NAME_SUFFIX=-dev-${{ github.event.number }}
-p POSTGRESQL_DATABASE=gwells
-p VOLUME_CAPACITY=1Gi
-p STORAGE_CLASS=netapp-file-standard
-p REQUEST_CPU=200m
-p REQUEST_MEMORY=512Mi
-p LIMIT_CPU=500m
-p LIMIT_MEMORY=1Gi
-p POSTGRESQL_PASSWORD=${{ secrets.POSTGRES_PASSWORD }}

backend:
name: Backend
needs: [ init, database ]
# environment: ${{ inputs.environment }}
runs-on: ubuntu-latest
steps:
- name: Deploy Backend
uses: bcgov-nr/action-deployer-openshift@v3.0.0
with:
oc_namespace: ${{ vars.OC_NAMESPACE }}
oc_server: ${{ vars.OC_SERVER }}
oc_token: ${{ secrets.OC_TOKEN }}
file: backend/openshift.backend.yml
parameters:
-p NAME_SUFFIX=-dev-${{ github.event.number }}
-p ENV_NAME=dev
-p E_LICENSING_URL=${{ vars.E_LICENSING_URL }}
-p DB_REPLICATE=${{ vars.DB_REPLICATE }}
-p DJANGO_DEBUG=${{ vars.DJANGO_DEBUG }}
-p ENABLE_ADDITIONAL_DOCUMENTS=${{ vars.ENABLE_ADDITIONAL_DOCUMENTS }}
-p S3_PRIVATE_BUCKET=${{ vars.S3_PRIVATE_BUCKET }}
-p S3_PRIVATE_HOST=${{ vars.S3_PRIVATE_HOST }}
-p S3_WELL_EXPORT_BUCKET=${{ vars.S3_WELL_EXPORT_BUCKET }}
-p SSO_AUDIENCE=${{ vars.SSO_AUDIENCE }}
-p SSO_AUTH_HOST=${{ vars.SSO_AUTH_HOST }}
-p SSO_CLIENT=${{ vars.SSO_CLIENT }}
-p SSO_IDP_HINT=${{ vars.SSO_IDP_HINT }}
-p SSO_PORT=${{ vars.SSO_PORT }}
-p SSO_PUBKEY=${{ vars.SSO_PUBKEY }}
-p SSO_REALM=${{ vars.SSO_REALM }}
-p SSO_TEST_AUDIENCE=${{ vars.SSO_TEST_AUDIENCE }}
-p SSO_TEST_CLIENT=${{ vars.SSO_TEST_CLIENT }}
-p GDAL_LIBRARY_PATH=${{ vars.GDAL_LIBRARY_PATH }}
-p GEOS_LIBRARY_PATH=${{ vars.GEOS_LIBRARY_PATH }}
-p S3_AQUIFER_BUCKET=${{ vars.S3_AQUIFER_BUCKET }}
-p S3_REGISTRANT_BUCKET=${{ vars.S3_REGISTRANT_BUCKET }}
-p S3_PRIVATE_ROOT_BUCKET=${{ vars.S3_PRIVATE_ROOT_BUCKET }}
-p S3_PRIVATE_AQUIFER_BUCKET=${{ vars.S3_PRIVATE_AQUIFER_BUCKET }}
-p S3_PRIVATE_REGISTRANT_BUCKET=${{ vars.S3_PRIVATE_REGISTRANT_BUCKET }}
-p S3_PRIVATE_WELL_BUCKET=${{ vars.S3_PRIVATE_WELL_BUCKET }}
-p ENABLE_AQUIFERS_SEARCH=${{ vars.ENABLE_AQUIFERS_SEARCH }}
-p EMAIL_NOTIFICATION_RECIPIENT=${{ vars.EMAIL_NOTIFICATION_RECIPIENT }}
-p GEOCODER_ADDRESS_API_BASE=${{ vars.GEOCODER_ADDRESS_API_BASE }}
6 changes: 3 additions & 3 deletions .github/workflows/.tests.yml
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ env:
jobs:
# integration-tests:
# name: Integration
# runs-on: ubuntu-22.04
# runs-on: ubuntu-latest
# timeout-minutes: 1
# steps:
# - uses: actions/checkout@v4
Expand All @@ -49,7 +49,7 @@ jobs:
# defaults:
# run:
# working-directory: frontend
# runs-on: ubuntu-22.04
# runs-on: ubuntu-latest
# timeout-minutes: 5
# strategy:
# matrix:
Expand Down Expand Up @@ -85,7 +85,7 @@ jobs:

# load-tests:
# name: Load
# runs-on: ubuntu-22.04
# runs-on: ubuntu-latest
# strategy:
# matrix:
# name: [backend, frontend]
Expand Down
18 changes: 9 additions & 9 deletions .github/workflows/analysis.yml
Original file line number Diff line number Diff line change
@@ -1,12 +1,12 @@
name: Analysis

on:
push:
branches: [main]
pull_request:
types: [opened, reopened, synchronize, ready_for_review, converted_to_draft]
schedule:
- cron: "0 11 * * 0" # 3 AM PST = 12 PM UDT, runs sundays
# push:
# branches: [main]
# pull_request:
# types: [opened, reopened, synchronize, ready_for_review, converted_to_draft]
# schedule:
# - cron: "0 11 * * 0" # 3 AM PST = 12 PM UDT, runs sundays
workflow_dispatch:

concurrency:
Expand All @@ -17,7 +17,7 @@ jobs:
# tests:
# name: Tests
# if: ${{ ! github.event.pull_request.draft }}
# runs-on: ubuntu-22.04
# runs-on: ubuntu-latest
# timeout-minutes: 5
# services:
# postgres:
Expand Down Expand Up @@ -61,7 +61,7 @@ jobs:
trivy:
name: Trivy Security Scan
if: ${{ ! github.event.pull_request.draft }}
runs-on: ubuntu-22.04
runs-on: ubuntu-latest
timeout-minutes: 1
steps:
- uses: actions/checkout@v4
Expand All @@ -84,7 +84,7 @@ jobs:
name: Analysis Results
# needs: [tests, trivy]
needs: [trivy]
runs-on: ubuntu-22.04
runs-on: ubuntu-latest
steps:
- run: echo "Success!"

4 changes: 2 additions & 2 deletions .github/workflows/merge.yml
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ jobs:
name: Set Variables
outputs:
pr: ${{ steps.pr.outputs.pr }}
runs-on: ubuntu-22.04
runs-on: ubuntu-latest
timeout-minutes: 1
steps:
# Get PR number for squash merges to main
Expand Down Expand Up @@ -61,7 +61,7 @@ jobs:
# promote:
# name: Promote Images
# needs: [deploy-prod, vars]
# runs-on: ubuntu-22.04
# runs-on: ubuntu-latest
# permissions:
# packages: write
# strategy:
Expand Down
24 changes: 12 additions & 12 deletions .github/workflows/pr-open.yml
Original file line number Diff line number Diff line change
Expand Up @@ -9,14 +9,14 @@ concurrency:
cancel-in-progress: true

jobs:
# https://github.com/bcgov-nr/action-builder-ghcr
# # https://github.com/bcgov-nr/action-builder-ghcr
builds:
name: Builds
runs-on: ubuntu-22.04
runs-on: ubuntu-latest
strategy:
matrix:
package: [backend, frontend]
timeout-minutes: 10
package: [database, backend]
timeout-minutes: 20
steps:
- uses: bcgov-nr/action-builder-ghcr@v2.2.0
with:
Expand All @@ -40,17 +40,17 @@ jobs:
# with:
# target: ${{ github.event.number }}

results:
name: PR Results
# needs: [builds, deploys, tests]
if: always() && (!failure()) && (!cancelled())
runs-on: ubuntu-22.04
steps:
- run: echo "Success!"
# results:
# name: PR Results
# # needs: [builds, deploys, tests]
# if: always() && (!failure()) && (!cancelled())
# runs-on: ubuntu-latest
# steps:
# - run: echo "Success!"

# dump:
# name: Dump Context
# runs-on: ubuntu-22.04
# runs-on: ubuntu-latest
# env:
# CONTEXT: ${{ toJson(github) }}
# steps:
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/pr-validate.yml
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,6 @@ jobs:
name: Validate Results
if: always()
needs: [validate]
runs-on: ubuntu-22.04
runs-on: ubuntu-latest
steps:
- run: echo "Success!"
2 changes: 1 addition & 1 deletion .github/workflows/scheduled.yml
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,7 @@ jobs:

generate-schema-spy:
name: Generate SchemaSpy Documentation
runs-on: ubuntu-22.04
runs-on: ubuntu-latest
services:
postgres:
image: postgis/postgis:16-3.4
Expand Down
15 changes: 8 additions & 7 deletions backend/.dockerignore
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
.github
.idea
.vscode
Dockerfile
Dockerfile*
CODE_OF_CONDUCT*
CONTRIBUTING*
LICENSE*
Expand All @@ -16,9 +16,10 @@ node_modules
npm-debug.log

# App-specific exclusions
# coverage
# e2e
# migrations
# output
# test
# tests
coverage
cypress
e2e
migrations
output
test
tests
90 changes: 75 additions & 15 deletions backend/Dockerfile
Original file line number Diff line number Diff line change
@@ -1,31 +1,91 @@
FROM python:3.6.15-slim-buster AS build

RUN apt-get -y update && apt-get -y install \
git \
build-essential \
gdal-bin \
libgdal-dev

RUN echo "Checking gdal-config installation"
RUN find / -name gdal-config

ENV PATH="/usr/bin:${PATH}"
FROM python:3.7-slim

# Envars
ENV ENVIRONMENT="local"
ENV APP_CONTEXT_ROOT=gwells
ENV CSRF_COOKIE_SECURE="False"
ENV CUSTOM_GDAL_GEOS="False"
ENV DATABASE_NAME=gwells
ENV DATABASE_USER="gwells"
ENV DATABASE_PASSWORD="test1"

Check warning on line 10 in backend/Dockerfile

View workflow job for this annotation

GitHub Actions / Builds (backend)

Sensitive data should not be used in the ARG or ENV commands

SecretsUsedInArgOrEnv: Do not use ARG or ENV instructions for sensitive data (ENV "DATABASE_PASSWORD") More info: https://docs.docker.com/go/dockerfile/rule/secrets-used-in-arg-or-env/
ENV DATABASE_SERVICE_NAME=gwells
ENV DJANGO_ADMIN_URL=admin
ENV DJANGO_DEBUG="true"
ENV DJANGO_SECRET_KEY=secret

Check warning on line 14 in backend/Dockerfile

View workflow job for this annotation

GitHub Actions / Builds (backend)

Sensitive data should not be used in the ARG or ENV commands

SecretsUsedInArgOrEnv: Do not use ARG or ENV instructions for sensitive data (ENV "DJANGO_SECRET_KEY") More info: https://docs.docker.com/go/dockerfile/rule/secrets-used-in-arg-or-env/
ENV ENABLE_ADDITIONAL_DOCUMENTS="true"
ENV ENABLE_AQUIFERS_SEARCH="true"
ENV GWELLS_SERVICE_HOST="db"
ENV GWELLS_SERVICE_PORT="5432"
ENV MINIO_ACCESS_KEY=minio

Check warning on line 19 in backend/Dockerfile

View workflow job for this annotation

GitHub Actions / Builds (backend)

Sensitive data should not be used in the ARG or ENV commands

SecretsUsedInArgOrEnv: Do not use ARG or ENV instructions for sensitive data (ENV "MINIO_ACCESS_KEY") More info: https://docs.docker.com/go/dockerfile/rule/secrets-used-in-arg-or-env/
ENV MINIO_SECRET_KEY=minio1234

Check warning on line 20 in backend/Dockerfile

View workflow job for this annotation

GitHub Actions / Builds (backend)

Sensitive data should not be used in the ARG or ENV commands

SecretsUsedInArgOrEnv: Do not use ARG or ENV instructions for sensitive data (ENV "MINIO_SECRET_KEY") More info: https://docs.docker.com/go/dockerfile/rule/secrets-used-in-arg-or-env/
ENV PYTHONUNBUFFERED="1"
ENV SESSION_COOKIE_SECURE="False"
ENV SSO_AUDIENCE=gwells-4121
ENV SSO_CLIENT=gwells-4121
ENV SSO_TEST_AUDIENCE=gwells-api-tests-4820
ENV SSO_TEST_CLIENT=gwells-api-tests-4820
ENV SSO_AUTH_HOST=https://test.loginproxy.gov.bc.ca/auth

Check warning on line 27 in backend/Dockerfile

View workflow job for this annotation

GitHub Actions / Builds (backend)

Sensitive data should not be used in the ARG or ENV commands

SecretsUsedInArgOrEnv: Do not use ARG or ENV instructions for sensitive data (ENV "SSO_AUTH_HOST") More info: https://docs.docker.com/go/dockerfile/rule/secrets-used-in-arg-or-env/
ENV SSO_IDP_HINT="undefined"
ENV SSO_PORT=0
ENV SSO_REALM=standard
ENV SSO_PUBKEY=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiFdv9GA83uHuy8Eu9yiZHGGF9j6J8t7FkbcpaN81GDjwbjsIJ0OJO9dKRAx6BAtTC4ubJTBJMPvQER5ikOhIeBi4o25fg61jpgsU6oRZHkCXc9gX6mrjMjbsPaf3/bjjYxP5jicBDJQeD1oRa24+tiGggoQ7k6gDEN+cRYqqNpzC/GQbkUPk8YsgroncEgu8ChMh/3ERsLV2zorchMANUq76max16mHrhtWIQxrb/STpSt4JuSlUzzBV/dcXjJe5gywZHe0jAutFhNqjHzHdgyaC4RAd3eYQo+Kl/JOgy2AZrnx+CiPmvOJKe9tAW4k4H087ng8aVE40v4HW/FEbnwIDAQAB
ENV S3_HOST=minio-public:9000
ENV S3_PRIVATE_HOST=minio-private:9001
ENV S3_PRIVATE_BUCKET=gwells
ENV S3_PRIVATE_ROOT_BUCKET=gwells
ENV S3_PRIVATE_WELL_BUCKET=well-docs
ENV S3_PRIVATE_AQUIFER_BUCKET=aquifer-docs
ENV S3_PRIVATE_REGISTRANT_BUCKET=driller-docs
ENV S3_PUBLIC_ACCESS_KEY=minio

Check warning on line 39 in backend/Dockerfile

View workflow job for this annotation

GitHub Actions / Builds (backend)

Sensitive data should not be used in the ARG or ENV commands

SecretsUsedInArgOrEnv: Do not use ARG or ENV instructions for sensitive data (ENV "S3_PUBLIC_ACCESS_KEY") More info: https://docs.docker.com/go/dockerfile/rule/secrets-used-in-arg-or-env/
ENV S3_PUBLIC_SECRET_KEY=minio1234

Check warning on line 40 in backend/Dockerfile

View workflow job for this annotation

GitHub Actions / Builds (backend)

Sensitive data should not be used in the ARG or ENV commands

SecretsUsedInArgOrEnv: Do not use ARG or ENV instructions for sensitive data (ENV "S3_PUBLIC_SECRET_KEY") More info: https://docs.docker.com/go/dockerfile/rule/secrets-used-in-arg-or-env/
ENV S3_AQUIFER_BUCKET=aquifer-docs
ENV S3_REGISTRANT_BUCKET=driller-docs
ENV S3_ROOT_BUCKET=gwells
ENV S3_WELL_BUCKET=well-docs
ENV S3_WELL_EXPORT_BUCKET=gwells
ENV S3_USE_SECURE=0
ENV EMAIL_NOTIFICATION_RECIPIENT=sustainment.team@gov.bc.ca
ENV GEOCODER_ADDRESS_API_BASE=https://geocoder.api.gov.bc.ca/addresses.json?
ENV LOCAL="true"
ENV LOAD_FIXTURES="true"

# Install dependencies
RUN apt-get -y update

RUN apt-get -y install git build-essential gdal-bin libgdal-dev

ENV PATH="/usr/bin/python3:${PATH}"

WORKDIR /app

RUN python3 -m pip install 'setuptools<58.0'
RUN python3 -m pip install --upgrade pip
RUN python3 -m pip install ptvsd
RUN python3 -m pip install 'setuptools<58.0'

COPY . /app
COPY ./backend-command-script.sh /backend-command-script.sh
# COPY ./backend-command-script.sh /backend-command-script.sh
COPY ./requirements.txt /requirements.txt

# RUN chmod +x load_fixtures.sh works when i pull the dockerfile into backend but not when dockerfile is with other docker files
RUN chmod +x /app

# RUN python3 -m pip install -r requirements.txt

RUN python3 -m pip install -r requirements.txt

# TODO: move to entrypoint in deployment template?
# chmod -R 777 /app && \
CMD sh -c "python3 manage.py migrate --noinput && \

Check warning on line 78 in backend/Dockerfile

View workflow job for this annotation

GitHub Actions / Builds (backend)

JSON arguments recommended for ENTRYPOINT/CMD to prevent unintended behavior related to OS signals

JSONArgsRecommended: JSON arguments recommended for CMD to prevent unintended behavior related to OS signals More info: https://docs.docker.com/go/dockerfile/rule/json-args-recommended/
./load_fixtures.sh all && \
python3 manage.py createinitialrevisions && \
python3 manage.py collectstatic --noinput && \
# python3 manage.py export --cleanup=1 --upload=1 && \
python3 manage.py runserver 0.0.0.0:8000"

# RUN mkdir -p /app/staticfiles/admin/css && \
# ln -s /app/staticfiles /tmp/staticfiles && \
# chmod -R 777 /app/staticfiles

# make script executable
# RUN chmod +x /backend/backend-command-script.sh

Expand Down Expand Up @@ -56,4 +116,4 @@
# make script executable
# RUN chmod +x /backend/backend-command-script.sh

# CMD ["python3", "manage.py", "runserver", "0.0.0.0:8000"]
# CMD ["python3", "manage.py", "runserver", "0.0.0.0:8000"]
Loading
Loading