ci: simplify and cleanup (#2215)

.github/workflows/.deployer.yml

@@ -57,6 +57,9 @@ on:
         type: string
 
     outputs:
+      tag:
+        description: 'Which tag was used for deployment?'
+        value: ${{ jobs.vars.outputs.tag }}
       triggered:
         description: 'Has a deployment has been triggered?'
         value: ${{ jobs.deployer.outputs.triggered }}
@@ -86,6 +89,7 @@ jobs:
     environment: ${{ inputs.environment }}
     runs-on: ubuntu-24.04
     outputs:
+      tag: ${{ inputs.tag || steps.pr.outputs.pr }}
       triggered: ${{ steps.triggers.outputs.triggered }}
     steps:
       ### Triggers, tag and release
@@ -100,6 +104,7 @@ jobs:
       - if: ${{ steps.triggers.outputs.triggered == 'true' && inputs.tag  == '' }}
         id: pr
         uses: bcgov-nr/[email protected]
+
       - if: steps.triggers.outputs.triggered == 'true'
         id: vars
         run: |

.github/workflows/merge.yml

@@ -21,43 +21,28 @@ concurrency:
   cancel-in-progress: false
 
 jobs:
-  vars:
-    name: Set Variables
-    outputs:
-      tag: ${{ steps.tag.outputs.tag }}
-    runs-on: ubuntu-24.04
-    timeout-minutes: 1
-    steps:
-      # Get PR number for squash merges to main
-      - name: PR Number
-        if: ${{ ! inputs.tag }}
-        id: pr
-        uses: bcgov-nr/[email protected]
-
-      - name: Set Tag
-        id: tag
-        run: echo "tag=${{ inputs.tag || steps.pr.outputs.pr }}" >> $GITHUB_OUTPUT
-
   # https://github.com/bcgov/quickstart-openshift-helpers
   deploy-test:
-    name: Deploy (test, tag=${{ needs.vars.outputs.tag }})
-    needs: [vars]
+    name: Deploy (TEST)
     uses: ./.github/workflows/.deployer.yml
-    secrets:
-      oc_namespace: ${{ secrets.OC_NAMESPACE }}
-      oc_token: ${{ secrets.OC_TOKEN }}
+    secrets: inherit
     with:
       environment: test
       db_user: app
-      tag: ${{ needs.vars.outputs.tag }}
+      tag: ${{ inputs.tag }}
+
+  tests:
+    name: Tests
+    needs: [deploy-test]
+    uses: ./.github/workflows/.tests.yml
+    with:
+      target: test
 
   deploy-prod:
-    name: Deploy (prod, tag=${{ needs.vars.outputs.tag }})
-    needs: [deploy-test, vars]
+    name: Deploy (PROD)
+    needs: [tests]
     uses: ./.github/workflows/.deployer.yml
-    secrets:
-      oc_namespace: ${{ secrets.OC_NAMESPACE }}
-      oc_token: ${{ secrets.OC_TOKEN }}
+    secrets: inherit
     with:
       environment: prod
       db_user: app
@@ -67,11 +52,12 @@ jobs:
         --set global.autoscaling=true
         --set frontend.pdb.enabled=true
         --set backend.pdb.enabled=true
-      tag: ${{ needs.vars.outputs.tag }}
+      promote: prod
+      tag: ${{ inputs.tag }}
 
   promote:
     name: Promote Images
-    needs: [deploy-prod, vars]
+    needs: [deploy-prod]
     runs-on: ubuntu-24.04
     permissions:
       packages: write
@@ -84,5 +70,5 @@ jobs:
         with:
           registry: ghcr.io
           repository: ${{ github.repository }}/${{ matrix.package }}
-          target: ${{ needs.vars.outputs.tag }}
+          target: ${{ needs.deploy-prod.outputs.tag }}
           tags: prod

.github/workflows/pr-close.yml

@@ -69,6 +69,3 @@ jobs:
           oc exec "${CRUNCHY_PG_PRIMARY_POD_NAME}" -- psql -c "DROP DATABASE \"app-${{ github.event.number }}\" --cascade"
           oc exec "${CRUNCHY_PG_PRIMARY_POD_NAME}" -- psql -c "DROP ROLE \"app-${{ github.event.number }}\" --cascade"
           echo 'database and role deleted'
-          
-          exit 0
-        

.github/workflows/pr-open.yml

@@ -36,11 +36,11 @@ jobs:
       oc_token: ${{ secrets.OC_TOKEN }}
     with:
       triggers: ('backend/' 'frontend/' 'migrations/' 'charts/')
-      db_user: app-${{github.event.number}}
+      db_user: app-${{ github.event.number }}
       params: --set global.secrets.persist=false
 
   tests:
-    name: Tests (${{ github.event.number }})
+    name: Tests
     if: needs.deploys.outputs.triggered == 'true'
     needs: [deploys]
     uses: ./.github/workflows/.tests.yml

.github/workflows/scheduled.yml

@@ -11,7 +11,7 @@ concurrency:
 
 jobs:
   ageOutPRs:
-    name: PR Env Purge
+    name: PR Deployment Purge
     env:
       # https://tecadmin.net/getting-yesterdays-date-in-bash/
       CUTOFF: "1 week ago"
@@ -61,38 +61,30 @@ jobs:
 
   # https://github.com/bcgov/quickstart-openshift-helpers
   schema-spy:
-    name: SchemaSpy Documentation
+    name: SchemaSpy
     uses: bcgov/quickstart-openshift-helpers/.github/workflows/[email protected]
 
-
-  tests:
-    name: Tests
-    uses: ./.github/workflows/.tests.yml
-    with:
-      target: test
-
   # Run sequentially to reduce chances of rate limiting
   zap_scan:
-    runs-on: ubuntu-latest
     name: ZAP Scans
     env:
       DOMAIN: apps.silver.devops.gov.bc.ca
       PREFIX: ${{ github.event.repository.name }}-test
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        name: [backend, frontend]
+        include:
+          - name: backend
+            target: https://${{ env.PREFIX }}-frontend.${{ env.DOMAIN }}/api
+          - name: frontend
+            target: https://${{ env.PREFIX }}-frontend.${{ env.DOMAIN }}
     steps:
       - name: ZAP Scan
         uses: zaproxy/[email protected]
         with:
           allow_issue_writing: true
-          artifact_name: "zap_backend"
-          cmd_options: "-a"
-          issue_title: "ZAP: Backend"
-          target: https://${{ env.PREFIX }}-frontend.${{ env.DOMAIN }}/api
-
-      - name: ZAP Scan - Frontend
-        uses: zaproxy/[email protected]
-        with:
-          allow_issue_writing: true
-          artifact_name: "zap_frontend"
+          artifact_name: ${{ matrix.name }}
           cmd_options: "-a"
-          issue_title: "ZAP: Frontend"
-          target: https://${{ env.PREFIX }}-frontend.${{ env.DOMAIN }}
+          issue_title: "ZAP: ${{ matrix.name }}"
+          target: ${{ matrix.target }}