Merge pull request #89 from bcgov/dev

Fix Vanity url comments

.github/workflows/build.yaml

@@ -72,7 +72,6 @@ jobs:
         echo ::set-output name=TIMESTAMPTAG::${DATESTAMP}
         echo ::set-output name=REPO::${REPO}
 
-        
         echo event name is $GITHUB_EVENT_NAME
         echo  $DEBUG_DEPLOY
 

.github/workflows/deploy_dev.yaml

@@ -23,13 +23,16 @@ jobs:
       OPENSHIFT_TOKEN_DEV: ${{secrets.OPENSHIFT_TOKEN_DEV}}
       GHCR_USER: ${{ secrets.GHCR_USER }}
       GHCR_TOKEN: ${{ secrets.GHCR_TOKEN }}
-      RUN_GWA: false
+      RUN_GWA: true
+      REVIEWERS: '["GuyTheFlower", "NicoledeGreef"]'
+      MENTIONS: '["GuyTheFlower", "NicoledeGreef", "franTarkenton"]'
     steps:
 
     # Checking out code to get access to the openshift deploy template later on
     # could also reference the github url?
     - uses: actions/checkout@v2
       id: checkout
+      if: env.OPENSHIFT_SERVER_URL != '' && env.OPENSHIFT_TOKEN_DEV != ''
       with:
         fetch-depth: 0
 
@@ -118,23 +121,43 @@ jobs:
         DOCKER_VERSION_TAG=${{ steps.retrieveimagetag.outputs.DOCKER_VERSION_TAG }}
         IMAGE_REGISTRY=${{ steps.retrieveimagetag.outputs.IMAGE_REGISTRY }}
         REPONAME=${{ steps.retrieveimagetag.outputs.REPONAME }}
+        IMAGE_PULL_SECRET_NAME=${REPONAME}-image-pull-secret
 
         # -- debug-- verify the variables have been retrieved and have the values expected
         echo EMAIL $EMAIL
         echo REPONAME $REPONAME
         echo DOCKER_VERSION_TAG $DOCKER_VERSION_TAG
         echo IMAGE_REGISTRY $IMAGE_REGISTRY
 
+        # potential issue:
+        #  - helm chart creates the image pull secret
+        #  - tries to use it with the service account
+        #  - service account hasn't been granted access
+
         helm upgrade $REPONAME ./helm-charts --install \
            --set app_name=$REPONAME \
            --set env=dev \
-           --set app_image_pull_secret_params.name=github-imagepull-secrets \
+           --set app_image_pull_secret_params.email=$EMAIL \
+           --set app_image_pull_secret_params.password=$GHCR_TOKEN \
+           --set app_image_pull_secret_params.name=$IMAGE_PULL_SECRET_NAME \
            --set app_image_pull_secret_params.imagetag=$DOCKER_VERSION_TAG \
            --set app_image_pull_secret_params.registry=$IMAGE_REGISTRY
 
+        # verify / report on the image tag that was deployed
+        IMAGE_DEPLOYED=$(oc get dc smk-fap-fcb-dc -o json | jq '.spec.template.spec.containers[0].image' | tr -d '"' )
+        echo IMAGE_DEPLOYED $IMAGE_DEPLOYED
+        IMAGE_DEPLOYED_TAG=$(echo ${IMAGE_DEPLOYED} | cut -d':' -f2)
+        echo IMAGE_DEPLOYED_TAG $IMAGE_DEPLOYED_TAG
+
+        # finally need to grant the service account access to the the 
+        # image_pull_secret that was just created
+        serviceAccountName=$(oc whoami | cut -d':' -f4)
+        oc patch serviceaccount $serviceAccountName -p '{"imagePullSecrets": [{"name": "'$IMAGE_PULL_SECRET_NAME'"}]}'
+
     # # ADD THE ROUTE TO THE ISSUE
     - name: Update issue
       id: updateissue
+      if: env.OPENSHIFT_SERVER_URL != '' && env.OPENSHIFT_TOKEN_DEV != '' && env.GHCR_TOKEN != ''
       run: |
         # populate env vars used by this step
         REPONAME=${{ steps.retrieveimagetag.outputs.REPONAME }}
@@ -153,32 +176,28 @@ jobs:
         ISSUE_URL=$(oc get configmap $GITHUB_ISSUES_CONFIGMAP -o json | jq .data.issueURL | tr -d '"')
         echo ISSUE_URL $ISSUE_URL
 
-        # GET THE ISSUE URL from event path - Disabled
-        #issue_url=$(jq --raw-output .pull_request.issue_url "$GITHUB_EVENT_PATH")
-        #echo issue url is $issue_url
-        ## for debugging using existing pull_request
-        #if [ -z "$issue_url" ] || [ "$issue_url" = "null" ]
-        #  then
-        #    issue_url="https://api.github.com/repos/bcgov/bcdc-smk/issues/19/comments"
-        #fi
-        #echo issue url $issue_url
-        #ISSUE_URL=${{ steps.retrieveimagetag.outputs.ISSUE_URL }}
+        #format reviewers
+        MENTION_STRING=$(echo $MENTIONS | jq -rc 'map("@" + .) | .[]' | tr '\n' ',' | sed 's/, */, /g' |  sed 's/, *$//g')
 
         # ADD COMMENT TO THE ISSUE
         echo 'adding route to the comment for the issue'
         GITHUB_TOKEN=${{ secrets.GHCR_TOKEN }}
-        ISSUE_COMMENT="link to demo deployment of your smk based app is \n https://$ROUTEPATH\n\nVerify that it looks good, if so merge the pull request which will trigger a prod deployment, otherwise close the pull request without merging"
+        ISSUE_COMMENT="link to demo deployment of your smk based app is \n https://$ROUTEPATH\n\nVerify that it looks good, if so merge the pull request which will trigger a prod deployment, otherwise close the pull request without merging\n\n mentions / notifications: $MENTION_STRING"
         ISSUE_BODY='{"body": "'$ISSUE_COMMENT'"}'
 
         curl $ISSUE_URL -X POST --header "Authorization: Bearer $GITHUB_TOKEN" \
           --header "Accept: application/vnd.github.v3+json" \
           --data-raw "$ISSUE_BODY"
+        
+        echo ::set-output name=ISSUE_URL::${ISSUE_URL}
 
     - name: Get GWA CLI
-      id: getGWA
-      if: env.RUN_GWA == 'true'
+      id: getGWACLI
+      if: env.RUN_GWA == 'true' && env.OPENSHIFT_SERVER_URL != '' && env.OPENSHIFT_TOKEN_DEV != ''
       run: |
-        # disabled atm
+
+        # Grabbing the GWA command line tool
+        #----------------------------------------------------
         GWA_VERSION=v1.1.2
         GWA_CLI_LINK=https://github.com/bcgov/gwa-cli/releases/download/${GWA_VERSION}/gwa_${GWA_VERSION}_linux_x64.zip
         curl -L -O $GWA_CLI_LINK
@@ -187,78 +206,131 @@ jobs:
         
     - name: Configure Kong Route
       id: kongconf
-      if: env.RUN_GWA == 'true'
+      if: env.RUN_GWA == 'true' && env.OPENSHIFT_SERVER_URL != '' && env.OPENSHIFT_TOKEN_DEV != ''
+      run: |
+
+        # get the Reponame from previous step
+        # ---------------------------------------------------
+        REPONAME=${{ steps.retrieveimagetag.outputs.REPONAME }}
+
+        # extract kong config info from secret objects
+        # --------------------------------------------------
+        kongSecrets=$(oc get secrets kong-secrets -o json | jq '.data' | jq '.["kong-config"] | @base64d | fromjson')
+        GWA_CLIENTID=$(echo $kongSecrets | jq '.gwa_client_id' | tr -d '"')
+        GWA_TOKEN=$(echo $kongSecrets | jq '.apikey' | tr -d '"')
+        GWA_NAMESPACE=$(echo $kongSecrets | jq '.gwa_namespace' | tr -d '"')
+        gwa_route_name=${REPONAME}-route
+        oc_service_name=${REPONAME}-svc
+        oc_service_port=$(oc get service ${oc_service_name} -o json | jq '.spec.ports[0].port' | tr -d '"')
+        oc_project=$(oc project --short=true | tr -d '"')
+
+        # init the gwa config
+        # --------------------------------------------------
+        ./gwa-cli-linux init -T \
+           --namespace=$GWA_NAMESPACE \
+           --client-id=$GWA_CLIENTID \
+           --client-secret=$GWA_TOKEN
+
+        # create the gwa config
+        # --------------------------------------------------
+        python3 gwa/createGWAConfig.py \
+          --OCService $oc_service_name \
+          --reponame $REPONAME \
+          --OCNamespace $oc_project \
+          --servicePort $oc_service_port \
+          --kongDomain api.gov.bc.ca \
+          --GWANamespace $GWA_NAMESPACE \
+          --GWAenv dev > gwa_config.yaml
+
+        # publish the gwa config
+        # --------------------------------------------------
+        ./gwa-cli-linux pg gwa_config.yaml
+
+        # verify the url and output it
+        # --------------------------------------------------
+
+        # authenticate to api
+        CREDS64=$(echo -ne "${GWA_CLIENTID}:${GWA_TOKEN}" | base64 -w 0 -)
+        TOKEN=$(curl 'https://authz-apps-gov-bc-ca.test.apsgw.xyz/auth/realms/aps/protocol/openid-connect/token' \
+          -H 'Accept: application/json, text/plain, */*'  \
+          -H 'Content-Type: application/x-www-form-urlencoded'  \
+          -H 'X-Requested-With: XMLHttpRequest'  \
+          -H "Authorization: Basic ${CREDS64}" \
+          -H 'Origin: https://gwa-api-gov-bc-ca.test.apsgw.xyz'  \
+          -H 'Connection: keep-alive'  \
+          --data-raw 'grant_type=client_credentials' \
+          | jq '.access_token' | tr -d '"')
+         
+        # get the services in the namespace
+        SERVICES=$(curl "https://gwa-api-gov-bc-ca.test.apsgw.xyz/v1/namespaces/${GWA_NAMESPACE}/services" \
+          -H 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0' \
+          -H 'Accept: */*' \
+          -H 'Accept-Language: en-US,en;q=0.5' --compressed \
+          -H "Authorization: Bearer ${TOKEN}" \
+          -H 'Connection: keep-alive' )
+        echo SERVICES $SERVICES
+
+        # extract the url associated with the service
+        function getUrl {
+        python3 - <<END
+        import json, sys, os
+        jsonObj = json.loads(os.environ['SERVICES'])
+        for obj in jsonObj:
+            if obj['name'] == os.environ['oc_service_name']:
+                sys.stdout.write(f"https://{obj['env_host']}")
+        END
+        }
+        export oc_service_name
+        echo oc_service_name $oc_service_name
+        export SERVICES
+        VANITY_URL=$(getUrl)
+        echo vanity url $VANITY_URL
+        echo ::set-output name=VANITY_URL::${VANITY_URL}
+
+    - name: "Add Dev Vanity Url to Issue"
+      id: addDevVanityUrlToIssue
+      if: env.RUN_GWA == 'true' && env.OPENSHIFT_SERVER_URL != '' && env.OPENSHIFT_TOKEN_DEV != ''
       run: |
-          #------------------------------------------------------------------------
-          # commenting this whole section out, current gwa config may work but
-          # it is incorrect, the gwa should wrap the service vs a route, the 
-          # python code that creates the input file also should get updated as
-          # the config file it spits out wraps the gwa around a route vs a service.
-          #------------------------------------------------------------------------
-          # # 
-          # # extract kong config info from secrets
-          # export PATH=`pwd`:$PATH
-          # ls -l
-          # gitrepo=${{ steps.retrieveimagetag.outputs.REPONAME }}
-          # echo gitrepo $gitrepo
-          # kongSecrets=$(oc get secrets kong-secrets -o json | jq '.data' | jq '.["kong-config"] | @base64d | fromjson')
-          # GWA_CLIENTID=$(echo $kongSecrets | jq '.gwa_client_id')
-          # echo client id $GWA_CLIENTID
-          # GWA_TOKEN=$(echo $kongSecrets | jq '.apikey')
-          # GWA_NAMESPACE=$(echo $kongSecrets | jq '.gwa_namespace')
-          # echo namespace $GWA_CLIENTID
-          # gwa_route_name=${gitrepo}-kong-route
-          # oc_service_name=${gitrepo}-svc
-          # oc_route_name="${gitrepo}-rt"
-          # echo oc_route_name $oc_route_name
-          # echo oc_service_name $oc_service_name
-          # echo gwa_route_name $gwa_route_name
-          # oc_route_host=https://$(oc get routes $oc_route_name -o json | jq '.spec.host' | tr -d '"')
-
-          # gwa-cli-linux init -T \
-          #   --namespace=$GWA_NAMESPACE \
-          #   --client-id=$GWA_CLIENTID \
-          #   --client-secret=$GWA_TOKEN
-
-          # echo init complete
-
-          # python --version
-          # python3 gwa/createGWAConfig.py \
-          #   service=$oc_service_name \
-          #   ocUrl=$oc_route_host \
-          #   gwa_namespace=$GWA_NAMESPACE \
-          #   gwa_route_name=$gwa_route_name \
-          #   url_prefix=$gitrepo > gwa_config.yaml
-
-          # echo gwa config created
-          
-          # gwa-cli-linux pg gwa_config.yaml
-          echo kong config is currently disabled
-          
+        ISSUE_URL=${{ steps.updateissue.outputs.ISSUE_URL }}/comments
+        VANITY_URL=${{ steps.kongconf.outputs.VANITY_URL }}
+        REPONAME=${{ steps.retrieveimagetag.outputs.REPONAME }}
+        MENTION_STRING=$(echo $MENTIONS | jq -rc 'map("@" + .) | .[]' | tr '\n' ',' | sed 's/, */, /g' |  sed 's/, *$//g')
+        echo MENTION_STRING $MENTION_STRING
+        ISSUE_COMMENT="The Vanity URL for the Dev deploy is: $VANITY_URL, \n\n $MENTION_STRING"
+        ISSUE_BODY='{"body": "'$ISSUE_COMMENT'"}'
+        GITHUB_TOKEN=${{ secrets.GHCR_TOKEN }}
+        curl $ISSUE_URL -X POST --header "Authorization: Bearer $GITHUB_TOKEN" \
+          --header "Accept: application/vnd.github.v3+json" \
+          --data-raw "$ISSUE_BODY"
+
     - name: "Send Review Request 2"
       id: requestreview
+      if: env.OPENSHIFT_SERVER_URL != '' && env.OPENSHIFT_TOKEN_DEV != '' && env.GHCR_TOKEN != ''
       run: |
         # get the openshift dev namespace name
         OCDEVNAMESPACE=$(oc get configmap $OC_NAMESPACE_NAMES_CONFIG_MAP -o json | jq .data.dev | tr -d '"')
         REPONAME=${{ steps.retrieveimagetag.outputs.REPONAME }}
         CONFIGMAPNAME=$REPONAME-gh-issues-cm
         EVENT_INFO=$(oc get configmap $CONFIGMAPNAME -o json | jq '.data.github_event_json' | jq -rc)
-
-        # get the issue number from the config map.. the build that 
-        # was triggered by the pr would have cached it there.
+        #GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }}
+        GITHUB_TOKEN=$GHCR_TOKEN
 
         # git_event.txt
         #EVENT_INFO=$(cat git_event.txt)
-        GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }}
 
+        # extract PR number from GH Action Event Info object
+        # ---------------------------------------------------------
         PR_NUMBER=$(echo $EVENT_INFO | jq ".number")
         echo pr number is $PR_NUMBER
         PR_URL=$(echo $EVENT_INFO | jq ".pull_request.url" | tr -d '"')
         echo pr url is $PR_URL
+
+        # configure reviewers - (should extract this from the repo)
+        # ---------------------------------------------------------
         REVIEW_URL="$PR_URL/requested_reviewers"
         echo review url $REVIEW_URL
         # NicoledeGreef
-        REVIEWERS='{"reviewers":["franTarkenton", "GuyTheFlower"]}'
+        REVIEWERS='{"reviewers":'${REVIEWERS}' }'
         echo reviewers are $REVIEWERS
 
         curl --location --request POST  "$REVIEW_URL" \

.github/workflows/deploy_prod.yaml

@@ -27,6 +27,13 @@ jobs:
       run:
         shell: bash
     runs-on: ubuntu-20.04
+    env:
+      OPENSHIFT_SERVER_URL: ${{secrets.OPENSHIFT_SERVER_URL}}
+      OPENSHIFT_TOKEN_DEV: ${{secrets.OPENSHIFT_TOKEN_DEV}}
+      OPENSHIFT_TOKEN_PROD: ${{secrets.OPENSHIFT_TOKEN_PROD}}
+      GHCR_USER: ${{ secrets.GHCR_USER }}
+      GHCR_TOKEN: ${{ secrets.GHCR_TOKEN }}
+
     steps:
 
     # CHECKOUT THE CODE
@@ -39,6 +46,7 @@ jobs:
     - name: OpenShift Action
       id: GHAOCAuthenticationDev
       uses: redhat-developer/openshift-actions@v1.1
+      if: env.OPENSHIFT_SERVER_URL != '' && env.OPENSHIFT_TOKEN_DEV != ''
       with:
         version: '3.11.232'
         openshift_server_url: ${{ secrets.OPENSHIFT_SERVER_URL }}
@@ -48,6 +56,7 @@ jobs:
     # GETTING THE IMAGE TAG FROM DEV OC
     - name: Retrieve tag from the artifacts
       id: retrieveimagetag
+      if: env.OPENSHIFT_SERVER_URL != '' && env.OPENSHIFT_TOKEN_DEV != ''
       run: |
         # outputs:
         # --------------------------------------------------------
@@ -93,6 +102,7 @@ jobs:
     # APPLY THE RELEASE TAG TO THE MERGED COMMIT
     - name: Apply the tag to release
       id: applyreleasetag
+      if: env.OPENSHIFT_SERVER_URL != '' && env.OPENSHIFT_TOKEN_DEV != '' && env.GHCR_TOKEN != ''
       uses: actions/create-release@v1
       env:
         GITHUB_TOKEN: ${{ secrets.GHCR_TOKEN }} # This token is provided by Actions, you do not need to create your own token
@@ -108,6 +118,7 @@ jobs:
     - name: OpenShift Action
       id: GHAOCAuthenticationPrd
       uses: redhat-developer/openshift-actions@v1.1
+      if: env.OPENSHIFT_SERVER_URL != '' && env.OPENSHIFT_TOKEN_PROD != ''
       with:
         version: '3.11.232'
         openshift_server_url: ${{ secrets.OPENSHIFT_SERVER_URL }}
@@ -117,6 +128,7 @@ jobs:
     # DEPLOY TO PROD
     - name: Deploy to prod
       id: proddeploy
+      if: env.OPENSHIFT_SERVER_URL != '' && env.OPENSHIFT_TOKEN_PROD != ''
       run: |
         # ---- get the oc namespace name and set the namespace, verify that the project
         #      that is being pointed to is the correct one or raise an error
@@ -148,3 +160,6 @@ jobs:
       id: prodRouteDeploy
       run: |
          echo not enabled atm
+
+    # Add the url that was created by the kong action and add it to the issue
+    # Add a comment to the issue to say that it has been deployed successfully

.gitignore

@@ -2,9 +2,10 @@ node_modules
 debug.log
 caddy
 roles.txt
-.env
+.env*
 gwa-cli-linux.zip
 gwa-cli-linux
 junk
-gwa/gwa-config-service-demo.yaml
+gwa/gwa-config*
 gwa_v*_linux_x64.zip
+junk*