Merge pull request #33 from AOT-Technologies/caseflow-ci-cd

Caseflow ci cd

.github/workflows/caseflow_dms_os.yml

@@ -0,0 +1,85 @@
+name: caseflow dms openshift build
+
+on:
+  workflow_dispatch:
+    inputs:
+      START_BUILD:
+        required: true
+        type: boolean
+        description: This value is ignored, just to trigger dispatch.
+      environment:
+        description: "Environment"
+        required: true
+        type: environment
+  push:
+    branches:
+      - dev
+      - master
+
+    # paths:
+    #   #- 'app/**'
+    # #   - 'frontend/**'
+    # #   - 'forms-flow-ai/**'
+    # #   - '.github/workflows/**'
+
+defaults:
+  run:
+    shell: bash
+    working-directory: ./app/caseflow_core/microservices/dms
+env:
+  APP_NAME: "caseflow-dms"
+
+jobs:
+  caseflow-dms-push:
+    runs-on: ubuntu-20.04
+    environment: ${{ inputs.environment }}
+
+    # if: github.repository == 'github.com/aot-technologies/case-flow-ai-case-management'
+    steps:
+      - uses: actions/checkout@v2
+      - name: Set ENV variables
+        id: set-variable
+        # make sure to update the TOOLS_NAME once all the environment for forms-flow-ai-web is ready
+        run: |
+          if [ '${{ github.ref_name }}' == 'master' ]; then
+            echo "For ${{ github.ref_name }} branch"
+            echo "TOOLS_NAME=${{secrets.OC_NAMESPACE_NAMEPLATE}}" >> $GITHUB_ENV
+            echo "TAG_NAME="dev"" >> $GITHUB_ENV
+            echo "BRANCH_NAME="master"" >> $GITHUB_ENV
+            echo "ENV_NAME="dev"" >> $GITHUB_ENV
+          elif [ '${{ github.ref_name }}' == 'main' ]; then
+            echo "For ${{ github.ref_name }} branch"
+            echo "TOOLS_NAME=${{secrets.OC_NAMESPACE_NAMEPLATE}}" >> $GITHUB_ENV
+            echo "TAG_NAME="test"" >> $GITHUB_ENV
+            echo "BRANCH_NAME="main"" >> $GITHUB_ENV
+            echo "ENV_NAME="test"" >> $GITHUB_ENV
+          else
+            echo "For ${{ github.ref_name }} branch, defaulting to dev values"
+            echo "TOOLS_NAME=${{secrets.OC_NAMESPACE_NAMEPLATE}}" >> $GITHUB_ENV
+            echo "TAG_NAME="dev"" >> $GITHUB_ENV
+            echo "BRANCH_NAME="dev"" >> $GITHUB_ENV
+            echo "ENV_NAME="tools"" >> $GITHUB_ENV
+          fi
+        shell: bash
+
+      - name: Login Openshift
+        shell: bash
+        run: |
+          oc login --server=${{secrets.OC_SERVER}} --token=${{secrets.OC_TOKEN}}
+      - name: Tools project
+        shell: bash
+        run: |
+          oc project ${{ secrets.OC_NAMESPACE_NAMEPLATE }}-tools
+      # Build from either dev or main branch as appropriate
+      - name: Build from ${{ github.ref_name }} branch
+        shell: bash
+        run: |
+          oc patch bc/${{ env.APP_NAME }}-build -p '{"spec":{"source":{"git":{"ref":"${{ github.ref_name }}"}}}}'
+      - name: Start Build Openshift
+        shell: bash
+        run: |
+          oc start-build ${{ env.APP_NAME }}-build --wait
+      - name: Tag+Deploy for ${{ inputs.environment }}
+        shell: bash
+        run: |
+          oc tag ${{ env.APP_NAME }}-build:latest ${{ env.APP_NAME }}:${{ inputs.environment }}

app/caseflow_core/identity_ management_systems/keycloak/docker-compose.yml

@@ -25,7 +25,7 @@ services:
       - keycloak-server-network
 
   keycloak:
-    image: jboss/keycloak:latest
+    image: quay.io/keycloak/keycloak:14.0.0
     restart: unless-stopped
     container_name: keycloak
     volumes:

app/caseflow_core/microservices/dms/Dockerfile

@@ -21,5 +21,10 @@ COPY --from=builder /app/dist ./dist
 # Expose port 
 EXPOSE 7002 7003
 
+# Grant access to group 0 to allow npm v9 to work
+# See: https://docs.openshift.com/container-platform/4.11/openshift_images/create-images.html#use-uid_create-images
+RUN chgrp -R 0 /app && \
+    chmod -R g=u /app
+
 # Start up command, with max heap size as 50Megs
 ENTRYPOINT ["node", "--max-old-space-size=1024","dist/main"]

app/caseflow_core/microservices/gateway/Dockerfile

@@ -23,5 +23,10 @@ COPY --from=builder /app/dist ./dist
 # Expose port 
 EXPOSE 7000
 
+# Grant access to group 0 to allow npm v9 to work
+# See: https://docs.openshift.com/container-platform/4.11/openshift_images/create-images.html#use-uid_create-images
+RUN chgrp -R 0 /app && \
+    chmod -R g=u /app
+
 # Start up command, with max heap size as 50Megs
 ENTRYPOINT ["node", "--max-old-space-size=50","dist/main"]

app/caseflow_core/microservices/lob/Dockerfile

@@ -23,5 +23,10 @@ COPY --from=builder /app/dist ./dist
 # Expose port 
 EXPOSE 8000
 
+# Grant access to group 0 to allow npm v9 to work
+# See: https://docs.openshift.com/container-platform/4.11/openshift_images/create-images.html#use-uid_create-images
+RUN chgrp -R 0 /app && \
+    chmod -R g=u /app
+
 # Start up command, with max heap size as 50Megs
 ENTRYPOINT ["node", "--max-old-space-size=50","dist/main"]

app/caseflow_core/microservices/server/Dockerfile

@@ -22,5 +22,10 @@ COPY --from=builder /app/dist ./dist
 # Expose port 
 EXPOSE 7001
 
+# Grant access to group 0 to allow npm v9 to work
+# See: https://docs.openshift.com/container-platform/4.11/openshift_images/create-images.html#use-uid_create-images
+RUN chgrp -R 0 /app && \
+    chmod -R g=u /app
+
 # Start up command, with max heap size as 50Megs
 ENTRYPOINT ["node", "--max-old-space-size=256","dist/main"]

app/caseflow_web/Dockerfile

@@ -4,22 +4,41 @@ FROM node:14.17.0-alpine as build-stage
 # set working directory
 WORKDIR /case-flow-web/app
 
+ARG NODE_ENV
+ARG REACT_APP_KEYCLOAK_CLIENT
+ARG REACT_APP_KEYCLOAK_URL_REALM
+ARG REACT_APP_KEYCLOAK_URL
+
+ENV NODE_ENV ${NODE_ENV}
+ENV REACT_APP_API_SERVER_URL ${REACT_APP_API_SERVER_URL}
+ENV REACT_APP_KEYCLOAK_CLIENT ${REACT_APP_KEYCLOAK_CLIENT}
+ENV REACT_APP_KEYCLOAK_URL_REALM ${REACT_APP_KEYCLOAK_URL_REALM}
+ENV REACT_APP_KEYCLOAK_URL ${REACT_APP_KEYCLOAK_URL}
+
+
 # add `/app/node_modules/.bin` to $PATH
 ENV PATH /case-flow-web/app/node_modules/.bin:$PATH
 
 RUN apk update && apk upgrade && \
     apk add --no-cache bash git openssh
 
 # install and cache app dependencies
+
 COPY package-lock.json /case-flow-web/app/package-lock.json
 COPY package.json /case-flow-web/app/package.json
 
-RUN npm install --unsafe-perm --dev
-#RUN npm install [email protected] -g --silent
-COPY . /case-flow-web/app/
+RUN npm install --silent
+RUN npm install [email protected] -g --silent
+
+# create and set user permissions to app folder
+RUN mkdir -p node_modules/.cache && chmod -R 777 node_modules/.cache
+
+# add app files
+COPY . ./
+
 RUN npm run build
 
 FROM nginx:latest as production-stage
 RUN mkdir /app
 COPY --from=build-stage /case-flow-web/app/build /usr/share/nginx/html
-COPY ./nginx_conf/nginx.conf /etc/nginx/nginx.conf
+COPY ./nginx.conf /etc/nginx/nginx.conf

app/caseflow_web/nginx.conf

@@ -1,61 +1,29 @@
-# nginx.conf
-worker_processes auto;
-error_log  /var/log/nginx/error.log;
-
-pid /tmp/nginx.pid;
-
-
+user  nginx;
+worker_processes  auto;
+error_log  /var/log/nginx/error.log warn;
+pid        /var/run/nginx.pid;
 events {
- worker_connections 4096;
+  worker_connections  1024;
 }
-
 http {
- include       /etc/nginx/mime.types;
-  client_body_temp_path /tmp/client_temp;
-  proxy_temp_path       /tmp/proxy_temp_path;
-  fastcgi_temp_path     /tmp/fastcgi_temp;
-  uwsgi_temp_path       /tmp/uwsgi_temp;
-  scgi_temp_path        /tmp/scgi_temp;
- default_type  application/octet-stream;
- server_tokens off;
- underscores_in_headers on;
-
- # Use a w3c standard log format
- log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
-                      '$status $body_bytes_sent "$http_referer" '
-                      '"$http_user_agent" "$http_x_forwarded_for"';
-
- access_log  /var/log/nginx/access.log  main;
-
-
- server {
-
-   # add in most common security headers
-   add_header Content-Security-Policy "default-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'";
-   add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
-   add_header X-Content-Type-Options "nosniff";
-   add_header X-XSS-Protection 1;
-   add_header X-Frame-Options SAMEORIGIN;
-
-
-
-   listen 8080;
-   server_name _;
-
-   index index.html;
-   error_log /dev/stdout info;
-   access_log /dev/stdout;
-
-    location / {
-        root   /usr/share/nginx/html;
-        index  index.html index.htm;
-        try_files $uri $uri/ /index.html;
-      }
-
-      error_page   500 502 503 504  /50x.html;
-
-        location = /50x.html {
-          root   /usr/share/nginx/html;
-        }
- }
+  include       /etc/nginx/mime.types;
+  default_type  application/octet-stream;
+  log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+  '$status $body_bytes_sent "$http_referer" '
+  '"$http_user_agent" "$http_x_forwarded_for"';
+  access_log  /var/log/nginx/access.log  main;
+  sendfile        on;
+  #tcp_nopush     on;
+
+  keepalive_timeout  65;
+  #gzip  on;
+  #include /etc/nginx/conf.d/*.conf;
+server {
+  listen 80;
+  location / {
+    root   /usr/share/nginx/html;
+    index  index.html index.htm;
+    try_files $uri $uri/ /index.html;
+  }
 }
+}