Merge pull request #2080 from pwei1018/main

CI/CD update for PPR API and MHR API.
bcgov · Dec 10, 2024 · 95ec1a2 · 95ec1a2
2 parents 3011a1c + cf4526c
commit 95ec1a2
Show file tree

Hide file tree

Showing 28 changed files with 269 additions and 1,382 deletions.
diff --git a/.github/workflows/mhr-api-cd.yml b/.github/workflows/mhr-api-cd.yml
@@ -0,0 +1,32 @@
+name: MHR API CD
+
+on:
+  push:
+    branches:
+      - main
+      - feature*
+      - hotfix*
+    paths:
+      - "mhr-api/**"
+  workflow_dispatch:
+    inputs:
+      target:
+        description: "Deploy To"
+        required: true
+        type: choice
+        options:
+        - dev
+        - test
+        - sandbox
+        - prod
+
+jobs:
+  mhr-api-cd:
+    uses: bcgov/bcregistry-sre/.github/workflows/backend-cd.yaml@main
+    with:
+      target: ${{ inputs.target }}
+      app_name: "mhr-api"
+      working_directory: "./mhr-api"
+    secrets:
+      WORKLOAD_IDENTIFY_POOLS_PROVIDER: ${{ secrets.WORKLOAD_IDENTIFY_POOLS_PROVIDER }}
+      GCP_SERVICE_ACCOUNT: ${{ secrets.GCP_SERVICE_ACCOUNT }}
diff --git a/.github/workflows/mhr-api-ci.yml b/.github/workflows/mhr-api-ci.yml
@@ -0,0 +1,20 @@
+name: MHR API CI
+
+on:
+  pull_request:
+    paths:
+      - "mhr-api/**"
+  workflow_dispatch:
+
+defaults:
+  run:
+    shell: bash
+    working-directory: ./mhr-api
+
+jobs:
+  mhr-api-ci:
+    uses: bcgov/bcregistry-sre/.github/workflows/backend-ci.yaml@main
+    with:
+      app_name: "mhr-api"
+      working_directory: "./mhr-api"
+      codecov_flag: "mhrapi"
diff --git a/.github/workflows/ppr-api-cd.yml b/.github/workflows/ppr-api-cd.yml
@@ -4,110 +4,29 @@ on:
   push:
     branches:
       - main
+      - feature*
+      - hotfix*
     paths:
       - "ppr-api/**"
   workflow_dispatch:
     inputs:
-      environment:
-        description: "Environment (dev/test/prod)"
+      target:
+        description: "Deploy To"
         required: true
-        default: "dev"
-
-defaults:
-  run:
-    shell: bash
-    working-directory: ./ppr-api
-
-env:
-  APP_NAME: "ppr-api"
-  TAG_NAME: "dev"
+        type: choice
+        options:
+        - dev
+        - test
+        - sandbox
+        - prod
 
 jobs:
-  ppr-api-cd-by-push:
-    runs-on: ubuntu-20.04
-
-    if: github.event_name == 'push' && github.repository == 'bcgov/ppr'
-    environment:
-      name: "dev"
-
-    steps:
-      - uses: actions/checkout@v3
-
-      - name: Login Openshift
-        shell: bash
-        run: |
-          oc login --server=${{secrets.OPENSHIFT4_LOGIN_REGISTRY}} --token=${{secrets.OPENSHIFT4_SA_TOKEN}}
-
-      - name: CD Flow
-        shell: bash
-        env:
-          OPS_REPOSITORY: ${{ secrets.OPS_REPOSITORY }}
-          OPENSHIFT_DOCKER_REGISTRY: ${{ secrets.OPENSHIFT4_DOCKER_REGISTRY }}
-          OPENSHIFT_SA_NAME: ${{ secrets.OPENSHIFT4_SA_NAME }}
-          OPENSHIFT_SA_TOKEN: ${{ secrets.OPENSHIFT4_SA_TOKEN }}
-          OPENSHIFT_REPOSITORY: ${{ secrets.OPENSHIFT4_REPOSITORY }}
-          TAG_NAME: ${{ env.TAG_NAME }}
-        run: |
-          make cd
-
-      - name: Watch new rollout (trigger by image change in Openshift)
-        shell: bash
-        run: |
-          oc rollout status dc/${{ env.APP_NAME }}-${{ env.TAG_NAME }} -n ${{ secrets.OPENSHIFT4_REPOSITORY }}-${{ env.TAG_NAME }} -w
-
-      - name: Rocket.Chat Notification
-        uses: RocketChat/Rocket.Chat.GitHub.Action.Notification@master
-        if: failure()
-        with:
-          type: ${{ job.status }}
-          job_name: "*PPR API Built and Deployed to ${{env.TAG_NAME}}*"
-          channel: "#registries-bot"
-          url: ${{ secrets.ROCKETCHAT_WEBHOOK }}
-          commit: true
-          token: ${{ secrets.GITHUB_TOKEN }}
-
-  ppr-api-cd-by-dispatch:
-    runs-on: ubuntu-20.04
-
-    if: github.event_name == 'workflow_dispatch' && github.repository == 'bcgov/ppr'
-    environment:
-      name: "${{ github.event.inputs.environment }}"
-
-    steps:
-      - uses: actions/checkout@v3
-      - name: Set env by input
-        run: |
-          echo "TAG_NAME=${{ github.event.inputs.environment }}" >> $GITHUB_ENV
-
-      - name: Login Openshift
-        shell: bash
-        run: |
-          oc login --server=${{secrets.OPENSHIFT4_LOGIN_REGISTRY}} --token=${{secrets.OPENSHIFT4_SA_TOKEN}}
-
-      - name: CD Flow
-        shell: bash
-        env:
-          OPS_REPOSITORY: ${{ secrets.OPS_REPOSITORY }}
-          OPENSHIFT_DOCKER_REGISTRY: ${{ secrets.OPENSHIFT4_DOCKER_REGISTRY }}
-          OPENSHIFT_SA_NAME: ${{ secrets.OPENSHIFT4_SA_NAME }}
-          OPENSHIFT_SA_TOKEN: ${{ secrets.OPENSHIFT4_SA_TOKEN }}
-          OPENSHIFT_REPOSITORY: ${{ secrets.OPENSHIFT4_REPOSITORY }}
-          TAG_NAME: ${{ env.TAG_NAME }}
-        run: |
-          make cd
-
-      - name: Watch new rollout (trigger by image change in Openshift)
-        shell: bash
-        run: |
-          oc rollout status dc/${{ env.APP_NAME }}-${{ env.TAG_NAME }} -n ${{ secrets.OPENSHIFT4_REPOSITORY }}-${{ env.TAG_NAME }} -w
-
-      - name: Rocket.Chat Notification
-        uses: RocketChat/Rocket.Chat.GitHub.Action.Notification@master
-        if: failure()
-        with:
-          type: ${{ job.status }}
-          job_name: "*PPR API Built and Deployed to ${{env.TAG_NAME}}*"
-          channel: "#registries-bot"
-          url: ${{ secrets.ROCKETCHAT_WEBHOOK }}
-          commit: true
-          token: ${{ secrets.GITHUB_TOKEN }}
+  ppr-api-cd:
+    uses: bcgov/bcregistry-sre/.github/workflows/backend-cd.yaml@main
+    with:
+      target: ${{ inputs.target }}
+      app_name: "ppr-api"
+      working_directory: "./ppr-api"
+    secrets:
+      WORKLOAD_IDENTIFY_POOLS_PROVIDER: ${{ secrets.WORKLOAD_IDENTIFY_POOLS_PROVIDER }}
+      GCP_SERVICE_ACCOUNT: ${{ secrets.GCP_SERVICE_ACCOUNT }}
diff --git a/.github/workflows/ppr-api-ci.yml b/.github/workflows/ppr-api-ci.yml
@@ -2,118 +2,19 @@ name: PPR API CI
 
 on:
   pull_request:
-    types: [assigned, synchronize]
     paths:
       - "ppr-api/**"
+  workflow_dispatch:
 
 defaults:
   run:
     shell: bash
     working-directory: ./ppr-api
 
 jobs:
-  setup-job:
-    runs-on: ubuntu-20.04
-
-    if: github.repository == 'bcgov/ppr'
-
-    steps:
-      - uses: actions/checkout@v3
-      - run: "true"
-
-  linting:
-    needs: setup-job
-    runs-on: ubuntu-20.04
-
-    strategy:
-      matrix:
-        python-version: [3.9, 3.10]
-
-    steps:
-      - uses: actions/checkout@v3
-      - name: Set up Python ${{ matrix.python-version }}
-        uses: actions/setup-python@v1
-        with:
-          python-version: ${{ matrix.python-version }}
-      - name: Install dependencies
-        run: |
-          make setup
-      - name: Lint with pylint
-        id: pylint
-        run: |
-          make pylint
-      - name: Lint with flake8
-        id: flake8
-        run: |
-          make flake8
-
-  testing:
-    needs: setup-job
-    env:
-      IMAGE_NAME: ppr-api
-      DATABASE_TEST_USERNAME: postgres
-      DATABASE_TEST_PASSWORD: postgres
-      DATABASE_TEST_NAME: postgres
-      DATABASE_TEST_HOST: localhost
-      DATABASE_TEST_PORT: 5432
-      DATABASE_HOST: localhost
-      DATABASE_PORT: 5432
-      DATABASE_PASSWORD: postgres
-      NATS_SERVERS: "nats://nats:4222"
-      NATS_CLIENT_NAME: entity.ppr_api
-      NATS_CLUSTER_ID: test-cluster
-      NATS_FILER_SUBJECT: entity.ppr.pay
-      NATS_QUEUE: ppr-worker
-      JWT_OIDC_JWKS_CACHE_TIMEOUT: 300
-
-    runs-on: ubuntu-20.04
-
-    services:
-      postgres:
-        image: postgres:12
-        env:
-          POSTGRES_USER: postgres
-          POSTGRES_PASSWORD: postgres
-          POSTGRES_DB: postgres
-        ports:
-          - 5432:5432
-        # needed because the postgres container does not provide a healthcheck
-        options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5
-
-    steps:
-      - uses: actions/checkout@v3
-      - name: Set up Python ${{ matrix.python-version }}
-        uses: actions/setup-python@v1
-        with:
-          python-version: ${{ matrix.python-version }}
-      - name: Install dependencies
-        run: |
-          make setup
-      - name: Upgrade db
-        run: |
-          . venv/bin/activate && python manage.py db upgrade
-      - name: Create Test Data
-        run: |
-          . venv/bin/activate && python manage.py create_test_data
-      - name: Test with pytest
-        id: test
-        run: |
-          make test
-      - name: Upload coverage to Codecov
-        uses: codecov/codecov-action@v3
-        with:
-          file: ./ppr-api/coverage.xml
-          flags: pprapi
-          name: codecov-ppr-api
-          fail_ci_if_error: true
-
-  build-check:
-    needs: setup-job
-    runs-on: ubuntu-20.04
-
-    steps:
-      - uses: actions/checkout@v3
-      - name: build to check strictness
-        id: build
-        run: |
-          make build-nc
+  ppr-api-ci:
+    uses: bcgov/bcregistry-sre/.github/workflows/backend-ci.yaml@main
+    with:
+      app_name: "ppr-api"
+      working_directory: "./ppr-api"
+      codecov_flag: "pprapi"
diff --git a/codecov.yaml b/codecov.yaml
@@ -15,7 +15,7 @@ coverage:
         target: 75%
         flags:
           - pprapi
-
+          - mhrapi
       ui:
         target: 50%
         flags:
@@ -46,3 +46,7 @@ flags:
     paths:
       - ppr-ui/src
     carryforward: true
+  mhrapi:
+    paths:
+      - mhr-api/src/mhr-api
+    carryforward: true
diff --git a/mhr-api/.env.sample b/mhr-api/.env.sample
@@ -36,9 +36,11 @@ JWT_OIDC_TEST_JWKS_CACHE_TIMEOUT=300
 JWT_OIDC_PUBLIC_KEY_PEM=
 
 # Integration Settings
-AUTH_SVC_URL=
-PAYMENT_SVC_URL=
-REPORT_SVC_URL=
+AUTH_API_URL=
+AUTH_API_VERSION=
+PAY_API_URL=
+PAY_API_VERSION=
+REPORT_API_URL=
 REPORT_TEMPLATE_PATH="report-templates"
 GATEWAY_LTSA_URL=
 GATEWAY_URL=

diff --git a/mhr-api/devops/vaults.gcp.env b/mhr-api/devops/vaults.gcp.env
@@ -9,21 +9,24 @@ JWT_OIDC_TOKEN_URL="op://ppr/$APP_ENV/jwt/JWT_OIDC_TOKEN_URL"
 ACCOUNT_SVC_CLIENT_ID="op://ppr/$APP_ENV/jwt/ACCOUNT_SVC_CLIENT_ID"
 ACCOUNT_SVC_CLIENT_SECRET="op://ppr/$APP_ENV/jwt/ACCOUNT_SVC_CLIENT_SECRET"
 ACCOUNT_SVC_TIMEOUT="op://ppr/$APP_ENV/ppr-api/ACCOUNT_SVC_TIMEOUT"
-AUTH_SVC_URL="op://ppr/$APP_ENV/ppr-api/AUTH_SVC_URL"
 DATABASE_USERNAME="op://database/$APP_ENV/ppr-db-gcp/DATABASE_USERNAME"
 DATABASE_PASSWORD="op://database/$APP_ENV/ppr-db-gcp/DATABASE_PASSWORD"
 DATABASE_PORT="op://database/$APP_ENV/ppr-db-gcp/DATABASE_PORT"
 DATABASE_NAME="op://database/$APP_ENV/ppr-db-gcp/DATABASE_NAME"
 DATABASE_UNIX_SOCKET="op://database/$APP_ENV/ppr-db-gcp/DATABASE_UNIX_SOCKET"
-PAYMENT_SVC_URL="op://ppr/$APP_ENV/ppr-api/PAYMENT_SVC_URL"
+AUTH_API_URL="op://API/$APP_ENV/auth-api/AUTH_API_URL"
+AUTH_API_VERSION="op://API/$APP_ENV/auth-api/AUTH_API_VERSION"
+PAY_API_URL="op://API/$APP_ENV/pay-api/PAY_API_URL"
+PAY_API_VERSION="op://API/$APP_ENV/pay-api/PAY_API_VERSION"
+REPORT_API_URL="op://ppr/$APP_ENV/mhr-api/REPORT_SVC_URL"
+REPORT_API_AUDIENCE="op://ppr/$APP_ENV/mhr-api/REPORT_API_AUDIENCE"
 GOOGLE_DEFAULT_SA="op://buckets/$APP_ENV/mhr-api/GOOGLE_DEFAULT_SA"
 GCP_CS_PROJECT_ID="op://ppr/$APP_ENV/mhr-api/GCP_PS_PROJECT_ID"
 GCP_CS_SA_SCOPES="op://buckets/$APP_ENV/mhr-api/GCP_CS_SA_SCOPES"
 GCP_CS_BUCKET_ID="op://buckets/$APP_ENV/mhr-api/GCP_CS_BUCKET_ID"
 GCP_CS_BUCKET_ID_REGISTRATION ="op://buckets/$APP_ENV/mhr-api/GCP_CS_BUCKET_ID_REGISTRATION"
 GCP_CS_BUCKET_ID_BATCH="op://buckets/$APP_ENV/mhr-api/GCP_CS_BUCKET_ID_BATCH"
 GCP_CS_BUCKET_ID_TERMS="op://buckets/$APP_ENV/mhr-api/GCP_CS_BUCKET_ID_TERMS"
-REPORT_SVC_URL="op://ppr/$APP_ENV/mhr-api/REPORT_SVC_URL"
 REPORT_TEMPLATE_PATH="op://API/$APP_ENV/report-api-gotenberg/REPORT_TEMPLATE_PATH"
 SEARCH_PDF_ASYNC_THRESHOLD="op://ppr/$APP_ENV/mhr-api/SEARCH_PDF_ASYNC_THRESHOLD"
 EVENT_MAX_RETRIES="op://ppr/$APP_ENV/mhr-api/EVENT_MAX_RETRIES"
@@ -43,4 +46,4 @@ DOC_SERVICE_CONFIG="op://ppr/$APP_ENV/mhr-api/DOC_SERVICE_CONFIG"
 GUNICORN_PROCESSES="op://ppr/$APP_ENV/mhr-api/GUNICORN_PROCESSES"
 GUNICORN_THREADS="op://ppr/$APP_ENV/mhr-api/GUNICORN_THREADS"
 REPORT_VERSION="op://ppr/$APP_ENV/mhr-api/REPORT_VERSION"
-REPORT_API_AUDIENCE="op://ppr/$APP_ENV/mhr-api/REPORT_API_AUDIENCE"
+REPORT_API_AUDIENCE=op://API/$APP_ENV/report-api-gotenberg/REPORT_API_GOTENBERG_URL"