Use updated quickstart template

.github/workflows/.deploy.yml

@@ -0,0 +1,132 @@
+name: .Deploys
+
+on:
+  workflow_call:
+    inputs:
+      ### Required
+      release:
+        description: Deployment release; usually PR number, test or prod
+        required: true
+        type: string
+
+      ### Typical / recommended
+      autoscaling:
+        description: Autoscaling enabled or not for the deployments
+        required: false
+        type: string
+        default: true
+      environment:
+        description: Environment name; omit for PRs
+        required: false
+        type: string
+      tag:
+        description: Container tag; usually PR number
+        required: false
+        type: string
+        default: ${{ github.event.number }}
+      triggers:
+        description: Paths to trigger a deploy; omit=always; e.g. ('backend/' 'frontend/')
+        required: false
+        type: string
+
+      ### Usually a bad idea / not recommended
+      directory:
+        description: 'Chart directory'
+        default: 'charts/${{ github.event.repository.name }}'
+        required: false
+        type: string
+      timeout-minutes:
+        description: 'Timeout minutes'
+        default: 10
+        required: false
+        type: number
+      values:
+        description: 'Values file'
+        default: 'values.yaml'
+        required: false
+        type: string
+      params:
+        description: 'Extra parameters to pass to helm upgrade'
+        default: ''
+        required: false
+        type: string
+
+env:
+  repo_release: ${{ github.event.repository.name }}-${{ inputs.release }}
+  package_tag: ${{ inputs.tag }}
+
+jobs:
+  deploys:
+    name: Helm
+    environment: ${{ inputs.environment }}
+    runs-on: ubuntu-22.04
+    timeout-minutes: ${{ inputs.timeout-minutes }}
+    steps:
+      - uses: actions/checkout@v4
+      - name: Check Deployment Triggers
+        id: triggers
+        run: |
+          # Expand for trigger processing
+
+          # Always deploy if no triggers are provided
+          if [ -z "${{ inputs.triggers }}" ]; then
+            echo "Always deploy when no triggers are provided"
+            echo "triggered=true" >> $GITHUB_OUTPUT
+            exit 0
+          fi
+
+          # Deploy if changed files (git diff) match triggers
+          TRIGGERS=${{ inputs.triggers }}
+          git fetch origin ${{ github.event.repository.default_branch }}
+          while read -r check; do
+            for t in "${TRIGGERS[@]}"; do
+              if [[ "${check}" =~ "${t}" ]]; then
+                  echo "Build triggered based on git diff"
+                  echo -e "${t}\n --> ${check}"
+                  echo "triggered=true" >> $GITHUB_OUTPUT
+                  exit 0
+              fi
+            done
+          done < <(git diff origin/${{ github.event.repository.default_branch }} --name-only)
+
+          # If here skip deployment
+          echo "No triggers have fired, deployment skipped"
+
+      - name: Deploy if Triggers Fired
+        if: ${{ steps.triggers.outputs.triggered == 'true' }}
+        working-directory: ${{ inputs.directory }}
+        shell: bash
+        run: |
+          oc login --token=${{ secrets.oc_token }} --server=${{ vars.oc_server }}
+          oc project ${{ vars.OC_NAMESPACE }} # Safeguard!
+
+          # Interrupt any previous jobs (status = pending-upgrade)
+          PREVIOUS=$(helm status ${{ env.repo_release }} -o json | jq .info.status || true)
+          if [[ ${PREVIOUS} =~ pending ]]; then
+            echo "Rollback triggered"
+            helm rollback ${{ env.repo_release }} || \
+              helm uninstall ${{ env.repo_release }}
+          fi
+
+          # Deploy Helm Chart
+          helm dependency update
+          helm package --app-version="${{ env.package_tag }}" --version=${{ inputs.tag }} .
+          
+          helm upgrade \
+            --set global.autoscaling=${{ inputs.autoscaling }} \
+            --set-string global.repository=${{ github.repository }} \
+            --set-string global.secrets.databasePassword=${{ secrets.DB_PASSWORD }} \
+            --set-string backend.containers[0].tag="${{ env.package_tag }}" \
+            --set-string backend.initContainers[0].tag="${{ env.package_tag }}" \
+            --set-string frontend.containers[0].tag="${{ env.package_tag }}" \
+            ${{ inputs.params }} \
+            --install --wait --atomic  ${{ env.repo_release }} \
+            --timeout ${{ inputs.timeout-minutes }}m \
+            --values ${{ inputs.values }} \
+            ./${{ github.event.repository.name }}-${{ inputs.tag }}.tgz
+
+          # print history 
+          helm history ${{ env.repo_release }}
+          
+          # Remove old build runs, build pods and deployment pods
+          oc delete po --field-selector=status.phase==Succeeded

.github/workflows/.tests.yml

@@ -0,0 +1,74 @@
+name: .Tests
+
+on:
+  workflow_call:
+    inputs:
+      ### Required
+      target:
+        description: PR number, test or prod
+        required: true
+        type: string
+
+jobs:
+  integration-tests:
+    name: Integration Tests
+    runs-on: ubuntu-22.04
+    timeout-minutes: 1
+    steps:
+      - uses: actions/checkout@v4
+      - id: cache-npm
+        uses: actions/cache@v3
+        with:
+          path: ~/.npm
+          key: ${{ runner.os }}-build-cache-node-modules-${{ hashFiles('**/package-lock.json') }}
+          restore-keys: |
+            ${{ runner.os }}-build-cache-node-modules-
+            ${{ runner.os }}-build-
+            ${{ runner.os }}-
+
+      - name: Integration tests
+        env:
+          API_NAME: nest
+          BASE_URL: https://${{ github.event.repository.name }}-${{ inputs.target }}-frontend.apps.silver.devops.gov.bc.ca
+        run: |
+          cd integration-tests
+          npm ci
+          node src/main.js
+
+  cypress-e2e:
+    name: E2E Tests
+    runs-on: ubuntu-22.04
+    defaults:
+      run:
+        working-directory: frontend
+    strategy:
+      matrix:
+        browser: [chrome, firefox, edge]
+    timeout-minutes: 5
+    steps:
+      - uses: actions/checkout@v4
+      - id: cache-npm
+        uses: actions/cache@v3
+        with:
+          path: ~/.npm
+          key: ${{ runner.os }}-build-cache-node-modules-${{ hashFiles('**/package-lock.json') }}
+          restore-keys: |
+            ${{ runner.os }}-build-cache-node-modules-
+            ${{ runner.os }}-build-
+            ${{ runner.os }}-
+
+      - uses: cypress-io/github-action@v6
+        name: Cypress run
+        env:
+          CYPRESS_baseUrl: https://${{ github.event.repository.name }}-${{ inputs.target }}-frontend.apps.silver.devops.gov.bc.ca/
+        with:
+          config: pageLoadTimeout=10000
+          working-directory: ./frontend
+          browser: ${{ matrix.browser }}
+
+      - uses: actions/upload-artifact@v3
+        if: failure()
+        with:
+          name: cypress-screenshots
+          path: ./cypress/screenshots
+          if-no-files-found: ignore # 'warn' or 'error' are also available, defaults to `warn`

.github/workflows/analysis.yml

@@ -3,6 +3,7 @@ name: Analysis
 on:
   push:
     branches: [main]
+  merge_group:
   pull_request:
     types: [opened, reopened, synchronize, ready_for_review]
   schedule:
@@ -16,8 +17,9 @@ concurrency:
 jobs:
   codeql:
     name: CodeQL
-    if: github.event_name != 'pull_request' || !github.event.pull_request.draft
+    if: ${{ ! github.event.pull_request.draft }}
     runs-on: ubuntu-22.04
+    timeout-minutes: 5
     steps:
       - uses: actions/checkout@v4
       - uses: github/codeql-action/init@v2
@@ -32,12 +34,13 @@ jobs:
   # https://github.com/marketplace/actions/aqua-security-trivy
   trivy:
     name: Trivy Security Scan
-    if: github.event_name != 'pull_request' || !github.event.pull_request.draft
+    if: ${{ ! github.event.pull_request.draft }}
     runs-on: ubuntu-22.04
+    timeout-minutes: 1
     steps:
       - uses: actions/checkout@v4
       - name: Run Trivy vulnerability scanner in repo mode
-        uses: aquasecurity/trivy-action@0.12.0
+        uses: aquasecurity/trivy-action@0.15.0
         with:
           format: "sarif"
           output: "trivy-results.sarif"
@@ -51,50 +54,53 @@ jobs:
         with:
           sarif_file: "trivy-results.sarif"
 
-  # tests:
-  #   name: Tests
-  #   if: github.event_name != 'pull_request' || !github.event.pull_request.draft
-  #   runs-on: ubuntu-22.04
-  #   services:
-  #     postgres:
-  #       image: postgres
-  #       env:
-  #         POSTGRES_DB: postgres
-  #         POSTGRES_USER: postgres
-  #         POSTGRES_PASSWORD: postgres
-  #       options: >-
-  #         --health-cmd pg_isready
-  #         --health-interval 10s
-  #         --health-timeout 5s
-  #         --health-retries 5
-  #       ports:
-  #         - 5432:5432
-    # strategy:
-    #   matrix:
-    #     dir: [backend, frontend]
-    #     include:
-    #       - dir: backend
-    #         sonar_projectKey: nr-compliance-enforcement-cm_backend
-    #         token: SONAR_TOKEN_BACKEND
-    #         triggers: ('backend/')
-    #       - dir: frontend
-    #         sonar_projectKey: nr-compliance-enforcement-cm_frontend
-    #         token: SONAR_TOKEN_FRONTEND
-    #         triggers: ('frontend/')
-    # steps:
-    #   - uses: bcgov-nr/[email protected]
-    #     with:
-    #       commands: |
-    #         npm ci
-    #         npm run test:cov
-    #       dir: ${{ matrix.dir }}
-    #       node_version: "20"
-    #       sonar_args: >
-    #         -Dsonar.exclusions=**/coverage/**,**/node_modules/**,**/*spec.ts
-    #         -Dsonar.organization=bcgov-sonarcloud
-    #         -Dsonar.projectKey=${{ matrix.sonar_projectKey }}
-    #         -Dsonar.sources=src
-    #         -Dsonar.tests.inclusions=**/*spec.ts
-    #         -Dsonar.javascript.lcov.reportPaths=./coverage/lcov.info
-    #       sonar_token: ${{ secrets[matrix.token] }}
-    #       triggers: ${{ matrix.triggers }}
+  tests:
+    name: Tests
+    if: ${{ ! github.event.pull_request.draft }}
+    runs-on: ubuntu-22.04
+    timeout-minutes: 5
+    services:
+      postgres:
+        image: postgres
+        env:
+          POSTGRES_PASSWORD: postgres
+        options: >-
+          --health-cmd pg_isready
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
+        ports:
+          - 5432:5432
+    strategy:
+      matrix:
+        dir: [backend, frontend]
+        include:
+          - dir: backend
+            token: SONAR_TOKEN_BACKEND
+          - dir: frontend
+            token: SONAR_TOKEN_FRONTEND
+    steps:
+      - uses: bcgov-nr/[email protected]
+        with:
+          commands: |
+            npm ci
+            npm run test:cov
+          dir: ${{ matrix.dir }}
+          node_version: "20"
+          sonar_args: >
+            -Dsonar.exclusions=**/coverage/**,**/node_modules/**,**/*spec.ts
+            -Dsonar.organization=bcgov-sonarcloud
+            -Dsonar.projectKey=nr-compliance-enforcement-cm-openshift_${{ matrix.dir }}
+            -Dsonar.sources=src
+            -Dsonar.tests.inclusions=**/*spec.ts
+            -Dsonar.javascript.lcov.reportPaths=./coverage/lcov.info
+          sonar_token: ${{ secrets[matrix.token] }}
+          triggers: ('${{ matrix.dir }}/')
+
+  results:
+    name: Results
+    needs: [codeql, trivy, tests]
+    runs-on: ubuntu-22.04
+    timeout-minutes: 1
+    steps:
+      - run: echo "Success!"