Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use Deployment instead of DeploymentConfig for PAY-API #1919

Merged
merged 12 commits into from
Mar 6, 2025
Merged

Use Deployment instead of DeploymentConfig for PAY-API #1919

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
dab27e1
Update pay-api-cd.yml
seeker25 Mar 6, 2025
1e14155
add vaults ocp
seeker25 Mar 6, 2025
3509cb4
remove quotes
seeker25 Mar 6, 2025
e233a9e
two misisng secrets
seeker25 Mar 6, 2025
c0782f5
fix database secrets
seeker25 Mar 6, 2025
d9ecc82
more secrets
seeker25 Mar 6, 2025
54f5e58
Another missing secret
seeker25 Mar 6, 2025
b571290
fix dup secret
seeker25 Mar 6, 2025
23fb751
missing topic
seeker25 Mar 6, 2025
ab23644
remove client secret
seeker25 Mar 6, 2025
f5b6552
remove unused secrets
seeker25 Mar 6, 2025
a36e9f2
adding more secrets
seeker25 Mar 6, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
133 changes: 22 additions & 111 deletions .github/workflows/pay-api-cd.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
name: Pay API CD
name: PAY-API OCP

on:
push:
Expand All @@ -8,116 +8,27 @@ on:
- "pay-api/**"
workflow_dispatch:
inputs:
environment:
description: "Environment (dev/test/prod)"
target:
description: "Deploy To"
required: true
default: "dev"

defaults:
run:
shell: bash
working-directory: ./pay-api

env:
APP_NAME: "pay-api"
TAG_NAME: "dev"
type: choice
options:
- dev
- test
- prod

jobs:
pay-api-cd-by-push:
runs-on: ubuntu-24.04

if: github.event_name == 'push' && github.repository == 'bcgov/sbc-pay'
environment:
name: "dev"

steps:
- uses: actions/checkout@v4

- name: Install CLI tools from OpenShift Mirror
uses: redhat-actions/openshift-tools-installer@v1
with:
oc: "4"

- name: Login Openshift
shell: bash
run: |
oc login --server=${{secrets.OPENSHIFT4_LOGIN_REGISTRY}} --token=${{secrets.OPENSHIFT4_SA_TOKEN}}

- name: CD Flow
shell: bash
env:
OPS_REPOSITORY: ${{ secrets.OPS_REPOSITORY }}
OPENSHIFT_DOCKER_REGISTRY: ${{ secrets.OPENSHIFT4_DOCKER_REGISTRY }}
OPENSHIFT_SA_NAME: ${{ secrets.OPENSHIFT4_SA_NAME }}
OPENSHIFT_SA_TOKEN: ${{ secrets.OPENSHIFT4_SA_TOKEN }}
OPENSHIFT_REPOSITORY: ${{ secrets.OPENSHIFT4_REPOSITORY }}
TAG_NAME: ${{ env.TAG_NAME }}
run: |
make cd

- name: Watch new rollout (trigger by image change in Openshift)
shell: bash
run: |
oc rollout status dc/${{ env.APP_NAME }}-${{ env.TAG_NAME }} -n ${{ secrets.OPENSHIFT4_REPOSITORY }}-${{ env.TAG_NAME }} -w

- name: Rocket.Chat Notification
uses: RocketChat/Rocket.Chat.GitHub.Action.Notification@master
if: failure()
with:
type: ${{ job.status }}
job_name: "*Pay API Built and Deployed to ${{env.TAG_NAME}}*"
channel: "#registries-bot"
url: ${{ secrets.ROCKETCHAT_WEBHOOK }}
commit: true
token: ${{ secrets.GITHUB_TOKEN }}

pay-api-cd-by-dispatch:
runs-on: ubuntu-24.04

if: github.event_name == 'workflow_dispatch' && github.repository == 'bcgov/sbc-pay'
environment:
name: "${{ github.event.inputs.environment }}"

steps:
- uses: actions/checkout@v4
- name: Set env by input
run: |
echo "TAG_NAME=${{ github.event.inputs.environment }}" >> $GITHUB_ENV

- name: Install CLI tools from OpenShift Mirror
uses: redhat-actions/openshift-tools-installer@v1
with:
oc: "4"

- name: Login Openshift
shell: bash
run: |
oc login --server=${{secrets.OPENSHIFT4_LOGIN_REGISTRY}} --token=${{secrets.OPENSHIFT4_SA_TOKEN}}

- name: CD Flow
shell: bash
env:
OPS_REPOSITORY: ${{ secrets.OPS_REPOSITORY }}
OPENSHIFT_DOCKER_REGISTRY: ${{ secrets.OPENSHIFT4_DOCKER_REGISTRY }}
OPENSHIFT_SA_NAME: ${{ secrets.OPENSHIFT4_SA_NAME }}
OPENSHIFT_SA_TOKEN: ${{ secrets.OPENSHIFT4_SA_TOKEN }}
OPENSHIFT_REPOSITORY: ${{ secrets.OPENSHIFT4_REPOSITORY }}
TAG_NAME: ${{ env.TAG_NAME }}
run: |
make cd

- name: Watch new rollout (trigger by image change in Openshift)
shell: bash
run: |
oc rollout status dc/${{ env.APP_NAME }}-${{ env.TAG_NAME }} -n ${{ secrets.OPENSHIFT4_REPOSITORY }}-${{ env.TAG_NAME }} -w

- name: Rocket.Chat Notification
uses: RocketChat/Rocket.Chat.GitHub.Action.Notification@master
if: failure()
with:
type: ${{ job.status }}
job_name: "*Pay API Built and Deployed to ${{env.TAG_NAME}}*"
channel: "#registries-bot"
url: ${{ secrets.ROCKETCHAT_WEBHOOK }}
commit: true
token: ${{ secrets.GITHUB_TOKEN }}
pay-api-cd:
uses: bcgov/bcregistry-sre/.github/workflows/backend-cd-ocp.yaml@main
with:
target: ${{ inputs.target }}
app_name: "pay-api"
working_directory: "./pay-api"
secrets:
OP_CONNECT_URL: ${{ secrets.OP_CONNECT_URL }}
OP_CONNECT_TOKEN: ${{ secrets.OP_CONNECT_TOKEN }}
OPENSHIFT_DOCKER_REGISTRY: ${{ secrets.OPENSHIFT4_DOCKER_REGISTRY }}
OPENSHIFT_LOGIN_REGISTRY: ${{secrets.OPENSHIFT4_LOGIN_REGISTRY}}
OPENSHIFT_SA_NAME: ${{ secrets.OPENSHIFT4_SA_NAME }}
OPENSHIFT_SA_TOKEN: ${{ secrets.OPENSHIFT4_SA_TOKEN }}
OPENSHIFT_REPOSITORY: ${{ secrets.OPENSHIFT4_REPOSITORY }}
3 changes: 0 additions & 3 deletions jobs/payment-jobs/config.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -131,9 +131,6 @@ class _Config(object): # pylint: disable=too-few-public-methods
CFS_STOP_PAD_ACCOUNT_CREATION = os.getenv("CFS_STOP_PAD_ACCOUNT_CREATION", "false").lower() == "true"
CFS_PARTY_PREFIX = os.getenv("CFS_PARTY_PREFIX", "BCR-")

CFS_INVOICE_CUT_OFF_HOURS_UTC = int(os.getenv("CFS_INVOICE_CUT_OFF_HOURS_UTC", "2"))
CFS_INVOICE_CUT_OFF_MINUTES_UTC = int(os.getenv("CFS_INVOICE_CUT_OFF_MINUTES_UTC", "0"))

SENTRY_ENABLE = os.getenv("SENTRY_ENABLE", "False")
SENTRY_DSN = os.getenv("SENTRY_DSN", None)

Expand Down
75 changes: 75 additions & 0 deletions pay-api/devops/vaults.ocp.env
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,75 @@
PAY_LD_SDK_KEY=op://launchdarkly/$APP_ENV/pay/PAY_LD_SDK_KEY
PAY_LD_CLIENT_ID=op://launchdarkly/$APP_ENV/pay/PAY_LD_CLIENT_ID

DATABASE_NAME=op://database/$APP_ENV/pay-db/PAY_DATABASE_NAME
DATABASE_PASSWORD=op://database/$APP_ENV/pay-db/PAY_DATABASE_PASSWORD
DATABASE_PORT=op://database/$APP_ENV/pay-db/PAY_DATABASE_PORT
DATABASE_USERNAME=op://database/$APP_ENV/pay-db/PAY_DATABASE_USERNAME
DATABASE_HOST=op://database/$APP_ENV/pay-db/PAY_DATABASE_HOST

JWT_OIDC_AUDIENCE=op://keycloak/$APP_ENV/account-services-account/ACCOUNT_SERVICES_SERVICE_ACCOUNT_CLIENT_ID
JWT_OIDC_JWKS_CACHE_TIMEOUT=op://keycloak/$APP_ENV/jwt-base/JWT_OIDC_JWKS_CACHE_TIMEOUT
JWT_OIDC_WELL_KNOWN_CONFIG=op://keycloak/$APP_ENV/jwt-base/JWT_OIDC_WELL_KNOWN_CONFIG
JWT_OIDC_ISSUER=op://keycloak/$APP_ENV/jwt-base/JWT_OIDC_ISSUER
JWT_OIDC_CACHING_ENABLED=op://keycloak/$APP_ENV/jwt-base/JWT_OIDC_CACHING_ENABLED
JWT_OIDC_ALGORITHMS=op://keycloak/$APP_ENV/jwt-base/JWT_OIDC_ALGORITHMS

SBC_AUTH_ADMIN_CLIENT_ID=op://keycloak/$APP_ENV/sbc-auth-admin/SBC_AUTH_ADMIN_CLIENT_ID
SBC_AUTH_ADMIN_CLIENT_SECRET=op://keycloak/$APP_ENV/sbc-auth-admin/SBC_AUTH_ADMIN_CLIENT_SECRET
CFS_BASE_URL=op://payment-external-services/$APP_ENV/cfs/CFS_BASE_URL
CFS_CLIENT_ID=op://payment-external-services/$APP_ENV/cfs/CFS_CLIENT_ID
CFS_CLIENT_SECRET=op://payment-external-services/$APP_ENV/cfs/CFS_CLIENT_SECRET
PAYBC_PORTAL_URL=op://payment-external-services/$APP_ENV/cfs/PAYBC_PORTAL_URL
CONNECT_TIMEOUT=op://payment-external-services/$APP_ENV/cfs/CONNECT_TIMEOUT
CFS_GENERATE_RANDOM_INVOICE_NUMBER=op://payment-external-services/$APP_ENV/cfs/CFS_GENERATE_RANDOM_INVOICE_NUMBER
CFS_ACCOUNT_DESCRIPTION=op://payment-external-services/$APP_ENV/cfs/CFS_ACCOUNT_DESCRIPTION
CFS_INVOICE_PREFIX=op://payment-external-services/$APP_ENV/cfs/CFS_INVOICE_PREFIX
CFS_RECEIPT_PREFIX=op://payment-external-services/$APP_ENV/cfs/CFS_RECEIPT_PREFIX
CFS_PARTY_PREFIX=op://payment-external-services/$APP_ENV/cfs/CFS_PARTY_PREFIX
EFT_INVOICE_PREFIX=op://payment-external-services/$APP_ENV/eft/EFT_INVOICE_PREFIX
PAYBC_DIRECT_PAY_REF_NUMBER=op://payment-external-services/$APP_ENV/paybc/PAYBC_DIRECT_PAY_REF_NUMBER
PAYBC_DIRECT_PAY_API_KEY=op://payment-external-services/$APP_ENV/paybc/PAYBC_DIRECT_PAY_API_KEY
PAYBC_DIRECT_PAY_PORTAL_URL=op://payment-external-services/$APP_ENV/paybc/PAYBC_DIRECT_PAY_PORTAL_URL
PAYBC_DIRECT_PAY_BASE_URL=op://payment-external-services/$APP_ENV/paybc/PAYBC_DIRECT_PAY_BASE_URL
PAYBC_DIRECT_PAY_CLIENT_ID=op://payment-external-services/$APP_ENV/paybc/PAYBC_DIRECT_PAY_CLIENT_ID
PAYBC_DIRECT_PAY_CLIENT_SECRET=op://payment-external-services/$APP_ENV/paybc/PAYBC_DIRECT_PAY_CLIENT_SECRET
PAYBC_DIRECT_PAY_CC_REFUND_BASE_URL=op://payment-external-services/$APP_ENV/paybc/PAYBC_DIRECT_PAY_CC_REFUND_BASE_URL
AUDIENCE=op://gcp-queue/$APP_ENV/base/AUDIENCE
AUTHPAY_GCP_AUTH_KEY=op://gcp-queue/$APP_ENV/gtksf3/AUTHPAY_GCP_AUTH_KEY
PUBLISHER_AUDIENCE=op://gcp-queue/$APP_ENV/base/PUBLISHER_AUDIENCE
ACCOUNT_MAILER_TOPIC=op://gcp-queue/$APP_ENV/topics/ACCOUNT_MAILER_TOPIC
AUTH_EVENT_TOPIC=op://gcp-queue/$APP_ENV/topics/AUTH_EVENT_TOPIC
NAMEX_PAY_TOPIC=op://gcp-queue/$APP_ENV/topics/NAMEX_PAY_TOPIC
NAMEX_NR_STATE_TOPIC=op://gcp-queue/$APP_ENV/topics/NAMEX_NR_STATE_TOPIC
BUSINESS_PAY_TOPIC=op://gcp-queue/$APP_ENV/topics/BUSINESS_PAY_TOPIC
BUSINESS_EMAILER_TOPIC=op://gcp-queue/$APP_ENV/topics/BUSINESS_EMAILER_TOPIC
AUTH_API_URL=op://API/$APP_ENV/auth-api/AUTH_API_URL
AUTH_API_VERSION=op://API/$APP_ENV/auth-api/AUTH_API_VERSION
BCOL_API_URL=op://API/$APP_ENV/bcol-api/BCOL_API_URL
BCOL_API_VERSION=op://API/$APP_ENV/bcol-api/BCOL_API_VERSION
REPORT_API_URL=op://API/$APP_ENV/report-api/REPORT_API_URL
REPORT_API_VERSION=op://API/$APP_ENV/report-api/REPORT_API_VERSION
SENTRY_ENABLE=op://sentry/$APP_ENV/relationship-api/SENTRY_ENABLE
SENTRY_DSN=op://sentry/$APP_ENV/relationship-api/SENTRY_DSN
DISABLE_VALID_REDIRECT_URLS=op://relationship/$APP_ENV/pay-api/DISABLE_VALID_REDIRECT_URLS
VALID_REDIRECT_URLS=op://relationship/$APP_ENV/pay-api/VALID_REDIRECT_URLS
TRANSACTION_REPORT_DEFAULT_TOTAL=op://relationship/$APP_ENV/pay-api/TRANSACTION_REPORT_DEFAULT_TOTAL
ROUTING_SLIP_DEFAULT_TOTAL=op://relationship/$APP_ENV/pay-api/ROUTING_SLIP_DEFAULT_TOTAL
PAD_CONFIRMATION_PERIOD_IN_DAYS=op://relationship/$APP_ENV/pay-api/PAD_CONFIRMATION_PERIOD_IN_DAYS
LEGISLATIVE_TIMEZONE=op://relationship/$APP_ENV/pay-api/LEGISLATIVE_TIMEZONE
BCOL_USERNAME_FOR_SERVICE_ACCOUNT_PAYMENTS=op://relationship/$APP_ENV/pay-api/BCOL_USERNAME_FOR_SERVICE_ACCOUNT_PAYMENTS
MASK_LEN=op://relationship/$APP_ENV/pay-api/MASK_LEN
ACCOUNT_SECRET_KEY=op://relationship/$APP_ENV/pay-api/ACCOUNT_SECRET_KEY
OUTSTANDING_TRANSACTION_DAYS=op://relationship/$APP_ENV/pay-api/OUTSTANDING_TRANSACTION_DAYS
ALLOW_LEGACY_ROUTING_SLIPS=op://relationship/$APP_ENV/pay-api/ALLOW_LEGACY_ROUTING_SLIPS
AUTH_WEB_URL=op://web-url/$APP_ENV/auth-web/AUTH_WEB_URL
PAY_WEB_URL=op://web-url/$APP_ENV/fas-ui/PAY_WEB_URL
PAY_CONNECTOR_AUTH=op://relationship/$APP_ENV/pay-api/PAY_CONNECTOR_AUTH
ALLOW_SKIP_PAYMENT=op://relationship/$APP_ENV/pay-api/ALLOW_SKIP_PAYMENT
ENABLE_403_LOGGING=op://relationship/$APP_ENV/pay-api/ENABLE_403_LOGGING
NOTIFY_API_URL=op://API/$APP_ENV/notify-api/NOTIFY_API_URL
NOTIFY_API_VERSION=op://API/$APP_ENV/notify-api/NOTIFY_API_VERSION
ACCESS_TOKEN_LIFESPAN=op://keycloak/$APP_ENV/jwt-base/ACCESS_TOKEN_LIFESPAN
FTP_POLLER_TOPIC=op://gcp-queue/$APP_ENV/topics/FTP_POLLER_TOPIC
CFS_FAS_CLIENT_ID=op://payment-external-services/$APP_ENV/cfs/CFS_FAS_CLIENT_ID
CFS_FAS_CLIENT_SECRET=op://payment-external-services/$APP_ENV/cfs/CFS_FAS_CLIENT_SECRET
Loading