Merge branch 'feature/EASI-4614_grb_discussions' into EASI-4658/integ…

…rate-tagging-discussions
CMS-Enterprise · Dec 11, 2024 · a0aa4c6 · a0aa4c6
2 parents 95775c7 + 9a50dd9
commit a0aa4c6
Show file tree

Hide file tree

Showing 49 changed files with 1,824 additions and 739 deletions.
diff --git a/.github/workflows/build_and_test.yml b/.github/workflows/build_and_test.yml
@@ -18,8 +18,19 @@ jobs:
     secrets: inherit
     with:
       env: test
+
+  Build_easi-frontend_image:
+    uses: ./.github/workflows/build_frontend_image.yml
+    secrets: inherit
 
   Run_Tests:
     uses: ./.github/workflows/run_tests.yml
     needs: [Build_Application_Images,Build_Test_Frontend_Assets]
     secrets: inherit
+
+  Deploy_to_EKS:
+    uses: ./.github/workflows/deploy_to_eks.yml
+    needs: [Build_Application_Images,Build_easi-frontend_image]
+    secrets: inherit
+    with:
+      namespace: easi-${{ github.event.number }}
diff --git a/.github/workflows/build_frontend_image.yml b/.github/workflows/build_frontend_image.yml
@@ -0,0 +1,61 @@
+name: Build easi-frontend image
+
+on:
+  workflow_call:
+
+env:
+  GIT_HASH: ${{ github.sha }}
+  GIT_REF_NAME: ${{ github.ref }}
+
+permissions:
+  id-token: write
+  contents: read
+
+jobs:
+  build_easi-frontend_image:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v4
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4.0.2
+        with:
+          role-to-assume: ${{ secrets.AWS_INFRA_OIDC_ROLE_TO_ASSUME }}
+          aws-region: us-west-2
+      - name: Login to Amazon ECR
+        id: login-ecr
+        uses: aws-actions/amazon-ecr-login@v2
+      - name: Setup Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Set env vars with direnv # This allows docker build of FE files to pull from .envrc
+        uses: HatsuneMiku3939/direnv-action@v1
+      - name: Calculate build args
+        id: calculate-build-args
+        run: |
+          echo "VITE_LD_CLIENT_ID=${VITE_LD_CLIENT_ID}" >> $GITHUB_OUTPUT
+          echo "VITE_OKTA_CLIENT_ID=${VITE_OKTA_CLIENT_ID}" >> $GITHUB_OUTPUT
+          echo "VITE_OKTA_SERVER_ID=${VITE_OKTA_SERVER_ID}" >> $GITHUB_OUTPUT
+          echo "VITE_OKTA_ISSUER=${VITE_OKTA_ISSUER}" >> $GITHUB_OUTPUT
+          echo "VITE_OKTA_DOMAIN=${VITE_OKTA_DOMAIN}" >> $GITHUB_OUTPUT
+          echo "VITE_OKTA_REDIRECT_URI=${VITE_OKTA_REDIRECT_URI}" >> $GITHUB_OUTPUT
+      - name: Build, tag, and push image to Amazon ECR
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          file: Dockerfile.frontend_k8s
+          push: true
+          cache-to: type=gha,mode=max,scope=${{ env.GIT_REF_NAME }}-easi-frontend
+          cache-from: type=gha,scope=${{ env.GIT_REF_NAME }}-easi-frontend
+          tags: ${{ steps.login-ecr.outputs.registry }}/easi-frontend:${{ env.GIT_HASH }}
+          build-args: |
+            VITE_LD_CLIENT_ID=${{ steps.calculate-build-args.outputs.VITE_LD_CLIENT_ID }}
+            VITE_OKTA_CLIENT_ID=${{ steps.calculate-build-args.outputs.VITE_OKTA_CLIENT_ID }}
+            VITE_OKTA_SERVER_ID=${{ steps.calculate-build-args.outputs.VITE_OKTA_SERVER_ID }}
+            VITE_OKTA_ISSUER=${{ steps.calculate-build-args.outputs.VITE_OKTA_ISSUER }}
+            VITE_OKTA_DOMAIN=${{ steps.calculate-build-args.outputs.VITE_OKTA_DOMAIN }}
+            VITE_OKTA_REDIRECT_URI=${{ steps.calculate-build-args.outputs.VITE_OKTA_REDIRECT_URI }}
diff --git a/.github/workflows/deploy_to_eks.yml b/.github/workflows/deploy_to_eks.yml
@@ -1,60 +1,23 @@
-name: Deploy To EKS
+name: Deploy branch environment to EKS
 
 on:
-  workflow_dispatch:
+  workflow_call:
+    inputs:
+      namespace:
+        required: false
+        type: string
+        description: 'The namespace to use when deploying to EKS. If not passed, a namespace will attempt to be automatically generated from the branch name.'
 
 permissions:
   id-token: write
   contents: read
+  pull-requests: write
 
 env:
-  EASI_APP_NODE_VERSION: "18.20.4"
   GIT_HASH: ${{ github.sha }}
-  SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
-  GIT_REF_NAME: ${{ github.ref }}
 
 jobs:
-
-  build_easi-frontend_image:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Check out code
-        uses: actions/checkout@v4
-      - name: Login to Docker Hub
-        uses: docker/login-action@v3
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-      - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@v4.0.2
-        with:
-          role-to-assume: ${{ secrets.AWS_INFRA_OIDC_ROLE_TO_ASSUME }}
-          aws-region: us-west-2
-      - name: Login to Amazon ECR
-        id: login-ecr
-        uses: aws-actions/amazon-ecr-login@v2
-      - name: Setup Docker Buildx
-        uses: docker/setup-buildx-action@v3
-      - name: Build, tag, and push image to Amazon ECR
-        uses: docker/build-push-action@v6
-        with:
-          context: .
-          file: Dockerfile.frontend_k8s
-          push: true
-          cache-to: type=gha,mode=max,scope=${{ env.GIT_REF_NAME }}-easi-frontend
-          cache-from: type=gha,scope=${{ env.GIT_REF_NAME }}-easi-frontend
-          tags: ${{ steps.login-ecr.outputs.registry }}/easi-frontend:${{ env.GIT_HASH }}
-      - name: Announce failure
-        if: ${{ failure() }}
-        run: |
-          ./scripts/github-action-announce-broken-branch
-
-  Build_Application_Images:
-    uses: ./.github/workflows/build_application_images.yml
-    secrets: inherit
-
   Deploy_to_EKS:
-    needs: [build_easi-frontend_image, Build_Application_Images]
     runs-on: ubuntu-latest
     environment: "dev"
     steps:
@@ -73,5 +36,26 @@ jobs:
       - name: Update kubeconfig
         run: aws eks update-kubeconfig --name dev-easi-poc-cluster --region us-west-2
       - name: Deploy to EKS
+        id: deploy-to-eks
         run: |
-          ./scripts/deploy_eks_env.sh
+          if [ -n "${{ inputs.namespace }}" ]; then
+            . ./scripts/deploy_eks_env.sh -n ${{ inputs.namespace }}
+          else
+            . ./scripts/deploy_eks_env.sh
+          fi
+          echo "EASI_INGRESS=http://${EASI_INGRESS}" >> $GITHUB_OUTPUT
+          echo "EMAIL_INGRESS=http://${EMAIL_INGRESS}" >> $GITHUB_OUTPUT
+          echo "MINIO_CONSOLE_INGRESS=http://${MINIO_CONSOLE_INGRESS}" >> $GITHUB_OUTPUT
+
+      - name: Comment on PR
+        if: github.event_name == 'pull_request'
+        uses: thollander/actions-comment-pull-request@v3
+        with:
+          comment-tag: ingress-urls
+          pr-number: ${{ github.event.number }}
+          message: |
+            # EKS Ingress URLs
+            - [EASi](${{ steps.deploy-to-eks.outputs.EASI_INGRESS }})
+            - [Mailcatcher](${{ steps.deploy-to-eks.outputs.EMAIL_INGRESS }})
+            - [Minio Console](${{ steps.deploy-to-eks.outputs.MINIO_CONSOLE_INGRESS }})
+          reactions: eyes, rocket
diff --git a/.github/workflows/manual_deploy_to_eks.yml b/.github/workflows/manual_deploy_to_eks.yml
@@ -0,0 +1,36 @@
+name: Manual deploy To EKS
+
+on:
+  workflow_dispatch:
+    inputs:
+      namespace:
+        required: false
+        type: string
+        description: 'The namespace to use when deploying to EKS. If not passed, a namespace will attempt to be automatically generated from the branch name.'
+
+permissions:
+  id-token: write
+  contents: read
+
+env:
+  EASI_APP_NODE_VERSION: "18.20.4"
+  GIT_HASH: ${{ github.sha }}
+  SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
+  GIT_REF_NAME: ${{ github.ref }}
+
+jobs:
+
+  Build_easi-frontend_image:
+    uses: ./.github/workflows/build_frontend_image.yml
+    secrets: inherit
+
+  Build_Application_Images:
+    uses: ./.github/workflows/build_application_images.yml
+    secrets: inherit
+
+  Deploy_to_EKS:
+    needs: [Build_easi-frontend_image, Build_Application_Images]
+    uses: ./.github/workflows/deploy_to_eks.yml
+    secrets: inherit
+    with:
+      namespace: ${{ github.event.inputs.namespace }}
diff --git a/.github/workflows/pr_teardown_env_on_close.yml b/.github/workflows/pr_teardown_env_on_close.yml
@@ -0,0 +1,35 @@
+name: Teardown branch environment in EKS on PR close
+
+on:
+  pull_request:
+    types: [closed]
+
+
+permissions:
+  id-token: write
+  contents: read
+
+env:
+  GIT_HASH: ${{ github.sha }}
+  GIT_REF_NAME: ${{ github.ref }}
+  PR_NUMBER: ${{ github.event.number }}
+
+jobs:
+  Teardown_env:
+    name: Teardown EKS branch environment
+    runs-on: ubuntu-latest
+    environment: "dev"
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v4
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4.0.2
+        with:
+          role-to-assume: ${{ secrets.AWS_OIDC_ROLE_TO_ASSUME }}
+          aws-region: us-west-2
+      - name: Update kubeconfig
+        run: aws eks update-kubeconfig --name dev-easi-poc-cluster --region us-west-2
+      - name: Teardown branch environment
+        # The "easi-pr-" prefix needs to match the prefix in build_and_test.yml so that we delete the correct namespace
+        run: |
+          kubectl delete namespace "easi-$PR_NUMBER" --force --ignore-not-found
diff --git a/Dockerfile.backend_k8s b/Dockerfile.backend_k8s
diff --git a/Dockerfile.frontend_k8s b/Dockerfile.frontend_k8s
@@ -16,4 +16,38 @@ COPY tsconfig.json .eslintrc vite.config.ts apollo.config.js index.html ./
 COPY public ./public
 COPY src ./src
 
-ENTRYPOINT [ "yarn", "start" ]
+# Pass in from outside (.envrc)
+ARG VITE_LD_CLIENT_ID
+ARG VITE_OKTA_CLIENT_ID
+ARG VITE_OKTA_SERVER_ID
+ARG VITE_OKTA_ISSUER
+ARG VITE_OKTA_DOMAIN
+ARG VITE_OKTA_REDIRECT_URI
+
+# Difficult (depend on k8s instantiation of ingress)
+# ARG VITE_API_ADDRESS
+# ARG VITE_GRAPHQL_ADDRESS
+
+ENV VITE_OKTA_CLIENT_ID=${VITE_OKTA_CLIENT_ID} \
+	VITE_OKTA_SERVER_ID=${VITE_OKTA_SERVER_ID} \
+	VITE_LD_CLIENT_ID=${VITE_LD_CLIENT_ID} \
+	VITE_APP_ENV=local \
+	VITE_OKTA_ISSUER=${VITE_OKTA_ISSUER} \
+	# VITE_API_ADDRESS=${VITE_API_ADDRESS} \
+	# VITE_GRAPHQL_ADDRESS=${VITE_GRAPHQL_ADDRESS} \
+	VITE_LOCAL_AUTH_ENABLED=true \
+	VITE_OKTA_DOMAIN=${VITE_OKTA_DOMAIN} \
+	VITE_OKTA_REDIRECT_URI=${VITE_OKTA_REDIRECT_URI}
+
+RUN yarn build
+
+#
+# Final layer to export just built HTML
+#
+FROM nginx:1.27.1-alpine
+
+# Copy built files from yarn build layer
+COPY --from=build /app/build /usr/share/nginx/html
+
+# https://github.com/nginxinc/docker-nginx/blob/04d0c5754673d6880b91e94c3cebaa767d9a1af7/Dockerfile
+ENTRYPOINT ["nginx", "-g", "daemon off;"]