Merge branch 'educ-dev-keycloak' of https://github.com/bcgov/EDUC-GRA…

…D-ADMIN into institute-connection
bcgov · Dec 12, 2024 · 00ab4fc · 00ab4fc
2 parents 62e4558 + 11bc1d8
commit 00ab4fc
Show file tree

Hide file tree

Showing 53 changed files with 842 additions and 468 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,11 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
diff --git a/.github/workflows/build-n-deploy-backend-km.yml b/.github/workflows/build-n-deploy-backend-km.yml
@@ -169,6 +169,6 @@ jobs:
           oc rollout status dc/${{ env.IMAGE_NAME }}-dc
 
       - name: ZAP Scan
-        uses: zaproxy/action-full-scan@v0.3.0
+        uses: zaproxy/action-full-scan@v0.12.0
         with:
           target: 'https://educ-grad-admin-bbe4c3-dev.apps.silver.devops.gov.bc.ca'
diff --git a/.github/workflows/build-n-deploy-backend-to-ocp-dev-vue3.yml b/.github/workflows/build-n-deploy-backend-to-ocp-dev-vue3.yml
@@ -169,6 +169,6 @@ jobs:
           oc rollout status dc/${{ env.IMAGE_NAME }}-dc
 
       - name: ZAP Scan
-        uses: zaproxy/action-full-scan@v0.10.0
+        uses: zaproxy/action-full-scan@v0.12.0
         with:
           target: "https://educ-grad-admin-${{secrets.GRAD_NAMESPACE_NO_ENV}}-dev.apps.silver.devops.gov.bc.ca"
diff --git a/.github/workflows/build-n-deploy-backend-to-ocp-dev.yml b/.github/workflows/build-n-deploy-backend-to-ocp-dev.yml
@@ -29,10 +29,10 @@ env:
   TAG: "latest"
   TARGET_ENV: "dev"
 
-  MIN_CPU: "50m"
-  MAX_CPU: "100m"
-  MIN_MEM: "200Mi"
-  MAX_MEM: "250Mi"
+  MIN_CPU: "60m"
+  MAX_CPU: "120m"
+  MIN_MEM: "250Mi"
+  MAX_MEM: "400Mi"
   MIN_REPLICAS: "1"
   MAX_REPLICAS: "2"
 
@@ -169,6 +169,6 @@ jobs:
           oc rollout status dc/${{ env.IMAGE_NAME }}-dc
 
       - name: ZAP Scan
-        uses: zaproxy/action-full-scan@v0.10.0
+        uses: zaproxy/action-full-scan@v0.12.0
         with:
           target: 'https://educ-grad-admin-bbe4c3-dev.apps.silver.devops.gov.bc.ca'
diff --git a/.github/workflows/build-n-deploy-backend-to-ocp-tools.yml b/.github/workflows/build-n-deploy-backend-to-ocp-tools.yml
@@ -173,6 +173,6 @@ jobs:
           oc rollout status dc/${{ env.IMAGE_NAME }}-dc
 
       - name: ZAP Scan
-        uses: zaproxy/action-full-scan@v0.3.0
+        uses: zaproxy/action-full-scan@v0.12.0
         with:
           target: 'https://educ-grad-admin-bbe4c3-tools.apps.silver.devops.gov.bc.ca'
diff --git a/.github/workflows/build-n-deploy-frontend-km.yml b/.github/workflows/build-n-deploy-frontend-km.yml
@@ -171,6 +171,6 @@ jobs:
           # Get status, returns 0 if rollout is successful
           oc rollout status dc/${{ env.IMAGE_NAME }}-dc
       - name: ZAP Scan
-        uses: zaproxy/action-full-scan@v0.3.0
+        uses: zaproxy/action-full-scan@v0.12.0
         with:
           target: 'https://educ-grad-admin-bbe4c3-dev.apps.silver.devops.gov.bc.ca'
diff --git a/.github/workflows/build-n-deploy-frontend-to-ocp-dev-vue3.yml b/.github/workflows/build-n-deploy-frontend-to-ocp-dev-vue3.yml
@@ -171,6 +171,6 @@ jobs:
           # Get status, returns 0 if rollout is successful
           oc rollout status dc/${{ env.IMAGE_NAME }}-dc
       - name: ZAP Scan
-        uses: zaproxy/action-full-scan@v0.10.0
+        uses: zaproxy/action-full-scan@v0.12.0
         with:
           target: "https://educ-grad-admin-${{secrets.GRAD_NAMESPACE_NO_ENV}}-dev.apps.silver.devops.gov.bc.ca"
diff --git a/.github/workflows/build-n-deploy-frontend-to-ocp-dev.yml b/.github/workflows/build-n-deploy-frontend-to-ocp-dev.yml
@@ -171,7 +171,7 @@ jobs:
           # Get status, returns 0 if rollout is successful
           oc rollout status dc/${{ env.IMAGE_NAME }}-dc
       - name: ZAP Scan
-        uses: zaproxy/action-full-scan@v0.10.0
+        uses: zaproxy/action-full-scan@v0.12.0
         with:
           target: 'https://educ-grad-admin-bbe4c3-dev.apps.silver.devops.gov.bc.ca'
 
diff --git a/.github/workflows/build-n-deploy-frontend-to-ocp-tools.yml b/.github/workflows/build-n-deploy-frontend-to-ocp-tools.yml
@@ -173,7 +173,7 @@ jobs:
           # Get status, returns 0 if rollout is successful
           oc rollout status dc/${{ env.IMAGE_NAME }}-dc
       - name: ZAP Scan
-        uses: zaproxy/action-full-scan@v0.3.0
+        uses: zaproxy/action-full-scan@v0.12.0
         with:
           target: 'https://educ-grad-admin-bbe4c3-tools.apps.silver.devops.gov.bc.ca'
 
diff --git a/.github/workflows/create_tag.yml b/.github/workflows/create_tag.yml
@@ -6,14 +6,14 @@ env:
   # To get a permanent token, refer to https://github.com/redhat-actions/oc-login/wiki/Using-a-Service-Account-for-GitHub-Actions
   OPENSHIFT_SERVER: ${{ secrets.OPENSHIFT_SERVER }}
   OPENSHIFT_TOKEN: ${{ secrets.OPENSHIFT_TOKEN }}
-  OPENSHIFT_NAMESPACE: ${{ secrets.GRAD_BUSINESS_NAMESPACE }}-dev
+  OPENSHIFT_NAMESPACE: ${{ secrets.UI_NAMESPACE }}-dev
 
   # 🖊️ EDIT to specify custom tags for the container image, or default tags will be generated below.
   IMAGE_TAGS: ""
 
   REPO_NAME: "educ-grad-admin"
   BRANCH: "main"
-  NAMESPACE: ${{ secrets.GRAD_BUSINESS_NAMESPACE }}
+  NAMESPACE: ${{ secrets.UI_NAMESPACE }}
 
 on:
   # https://docs.github.com/en/actions/reference/events-that-trigger-workflows

diff --git a/.github/workflows/deploy-backend-to-ocp-prod.yml b/.github/workflows/deploy-backend-to-ocp-prod.yml
@@ -30,10 +30,10 @@ env:
   TAG: "latest"
   TARGET_ENV: "prod"
 
-  MIN_CPU: "50m"
-  MAX_CPU: "100m"
-  MIN_MEM: "200Mi"
-  MAX_MEM: "250Mi"
+  MIN_CPU: "60m"
+  MAX_CPU: "120m"
+  MIN_MEM: "250Mi"
+  MAX_MEM: "400Mi"
   MIN_REPLICAS: "3"
   MAX_REPLICAS: "5"
 

diff --git a/.github/workflows/deploy-backend-to-ocp-test.yml b/.github/workflows/deploy-backend-to-ocp-test.yml
@@ -33,10 +33,10 @@ env:
   # SITE_URL should have no scheme or port. It will be prepended with https://
   HOST_ROUTE: ${{ secrets.SITE_URL }}
 
-  MIN_CPU: "50m"
-  MAX_CPU: "100m"
-  MIN_MEM: "200Mi"
-  MAX_MEM: "250Mi"
+  MIN_CPU: "60m"
+  MAX_CPU: "120m"
+  MIN_MEM: "250Mi"
+  MAX_MEM: "400Mi"
   MIN_REPLICAS: "3"
   MAX_REPLICAS: "5"
 
@@ -93,6 +93,6 @@ jobs:
           oc rollout status dc/${{ env.IMAGE_NAME }}-dc
 
       - name: ZAP Scan
-        uses: zaproxy/action-full-scan@v0.10.0
+        uses: zaproxy/action-full-scan@v0.12.0
         with:
           target: "https://educ-grad-admin-bbe4c3-test.apps.silver.devops.gov.bc.ca"
diff --git a/.github/workflows/deploy-frontend-to-ocp-test.yml b/.github/workflows/deploy-frontend-to-ocp-test.yml
@@ -94,6 +94,6 @@ jobs:
           oc rollout status dc/${{ env.IMAGE_NAME }}-dc
 
       - name: ZAP Scan
-        uses: zaproxy/action-full-scan@v0.10.0
+        uses: zaproxy/action-full-scan@v0.12.0
         with:
           target: "https://educ-grad-admin-bbe4c3-test.apps.silver.devops.gov.bc.ca"
diff --git a/backend/src/app.js b/backend/src/app.js
@@ -106,7 +106,8 @@ utils.getOidcDiscovery().then(discovery => {
     callbackURL: config.get('server:frontend') + '/api/auth/callback',
     scope: discovery.scopes_supported,
     kc_idp_hint: config.get('server:idirIDPHint')
-  }, (_issuer, _sub, profile, accessToken, refreshToken, done) => {
+  }, (_issuer, _sub, profile, accessToken, refreshToken, params, done) => {
+    const idToken = params.id_token;
     if ((typeof (accessToken) === 'undefined') || (accessToken === null) ||
       (typeof (refreshToken) === 'undefined') || (refreshToken === null)) {
       return done('No access token', null);
@@ -116,6 +117,7 @@ utils.getOidcDiscovery().then(discovery => {
     profile.jwtFrontend = auth.generateUiToken();
     profile.jwt = accessToken;
     profile.refreshToken = refreshToken;
+    profile.idToken = idToken;
     return done(null, profile);
   }));
   //JWT strategy is used for authorization