cicd

.github/workflows/report-api-cd.yml

@@ -0,0 +1,34 @@
+name: Report-API CD GCP
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - "report-api/**"
+  workflow_dispatch:
+    inputs:
+      target:
+        description: "Deploy To"
+        required: true
+        type: choice
+        options:
+          - dev
+          - test
+          - sandbox
+          - prod
+
+jobs:
+  report-api-cd:
+    permissions:
+      id-token: write
+      contents: write
+
+    uses: bcgov/bcregistry-sre/.github/workflows/cloud-run-service-cd.yaml@main
+    with:
+      target: ${{ github.event.inputs.target }}  # Corrected the input reference
+      app_name: "report-api"
+      working_directory: "./report-api"
+    secrets:
+      WORKLOAD_IDENTIFY_POOLS_PROVIDER: ${{ secrets.WORKLOAD_IDENTIFY_POOLS_PROVIDER }}
+      GCP_SERVICE_ACCOUNT: ${{ secrets.GCP_SERVICE_ACCOUNT }}

.github/workflows/report-api-ci.yml

@@ -0,0 +1,114 @@
+name: Report API CI
+
+on:
+  pull_request:
+    branches:
+      - main
+    paths:
+      - "report-api/**"
+
+defaults:
+  run:
+    shell: bash
+    working-directory: ./report-api
+
+jobs:
+  setup-job:
+    runs-on: ubuntu-20.04
+
+    if: github.repository == 'bcgov/bcros-common'
+
+    steps:
+      - uses: actions/checkout@v4
+      - run: "true"
+
+  linting:
+    needs: setup-job
+    runs-on: ubuntu-20.04
+
+    strategy:
+      matrix:
+        python-version: [3.12]
+
+    steps:
+      - uses: actions/checkout@v4
+      - name: Set up Python ${{ matrix.python-version }}
+        uses: actions/setup-python@v1
+        with:
+          python-version: ${{ matrix.python-version }}
+      - name: Install dependencies
+        run: |
+          make setup
+      - name: Lint with pylint
+        id: pylint
+        run: |
+          make pylint
+      - name: Lint with flake8
+        id: flake8
+        run: |
+          make flake8
+
+  testing:
+    needs: setup-job
+    env:
+      FLASK_ENV: "testing"
+      JWT_OIDC_ISSUER: "http://localhost:8081/auth/realms/demo"
+      JWT_OIDC_WELL_KNOWN_CONFIG: "http://localhost:8081/auth/realms/demo/.well-known/openid-configuration"
+      JWT_OIDC_ALGORITHMS: "RS256"
+      JWT_OIDC_AUDIENCE: "sbc-auth-web"
+      JWT_OIDC_CLIENT_SECRET: "1111111111"
+      JWT_OIDC_JWKS_CACHE_TIMEOUT: "6000"
+
+    runs-on: ubuntu-20.04
+
+    strategy:
+      matrix:
+        python-version: [3.12]
+
+    services:
+      postgres:
+        image: postgres:12
+        env:
+          POSTGRES_USER: postgres
+          POSTGRES_PASSWORD: postgres
+          POSTGRES_DB: postgres
+        ports:
+          - 5432:5432
+        # needed because the postgres container does not provide a healthcheck
+        options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5
+
+    steps:
+      - uses: actions/checkout@v4
+      - name: Set up Python ${{ matrix.python-version }}
+        uses: actions/setup-python@v1
+        with:
+          python-version: ${{ matrix.python-version }}
+      - name: Install dependencies
+        run: |
+          make setup
+      - name: Test with pytest
+        id: test
+        run: |
+          make test
+      - name: Upload coverage to Codecov
+        uses: codecov/codecov-action@v3
+        with:
+          file: ./report-api/coverage.xml
+          flags: reportapi
+          name: codecov-report-api
+          fail_ci_if_error: false
+
+  build-check:
+    needs: setup-job
+    runs-on: ubuntu-20.04
+
+    strategy:
+      matrix:
+        python-version: [3.12]
+
+    steps:
+      - uses: actions/checkout@v4
+      - name: build to check strictness
+        id: build
+        run: |
+          make build-nc

report-api/Dockerfile

@@ -23,9 +23,9 @@ RUN python3 -m pip install -r requirements.txt
 RUN python3 setup.py install
 
 
-EXPOSE 5001
+EXPOSE 8080
 
 ENV NUM_WORKERS=3
 ENV TIMEOUT=360
 
-CMD gunicorn --bind 0.0.0.0:5001 --timeout $TIMEOUT --workers $NUM_WORKERS  wsgi:application
+CMD gunicorn --bind 0.0.0.0:8080 --timeout $TIMEOUT --workers $NUM_WORKERS  wsgi:application

report-api/config.py

@@ -58,10 +58,8 @@ class _Config():  # pylint: disable=too-few-public-methods
     # JWT_OIDC Settings
     JWT_OIDC_WELL_KNOWN_CONFIG = os.getenv('JWT_OIDC_WELL_KNOWN_CONFIG')
     JWT_OIDC_ALGORITHMS = os.getenv('JWT_OIDC_ALGORITHMS')
-    JWT_OIDC_JWKS_URI = os.getenv('JWT_OIDC_JWKS_URI')
     JWT_OIDC_ISSUER = os.getenv('JWT_OIDC_ISSUER')
     JWT_OIDC_AUDIENCE = os.getenv('ACCOUNT_SERVICES_SERVICE_ACCOUNT_CLIENT_ID')
-    JWT_OIDC_CLIENT_SECRET = os.getenv('JWT_OIDC_CLIENT_SECRET')
     JWT_OIDC_CACHING_ENABLED = os.getenv('JWT_OIDC_CACHING_ENABLED')
     JWT_OIDC_JWKS_CACHE_TIMEOUT = int(os.getenv('JWT_OIDC_JWKS_CACHE_TIMEOUT', '300'))
 

report-api/devops/gcp/clouddeploy-targets.yaml

@@ -0,0 +1,106 @@
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: deploy.cloud.google.com/v1
+kind: Target
+metadata:
+ name: dev
+description: Dev Environment
+deployParameters:
+  deploy-env: "development"
+  deploy-project-id: "c4hnrd-dev"
+  service-name: "report-api-dev"
+  container-name: "report-api-dev"
+  cloudsql-instances: ""
+  app-env: "dev"
+  container-port: "8080"
+  service-account: "sa-api@c4hnrd-dev.iam.gserviceaccount.com"
+run:
+ location: projects/c4hnrd-dev/locations/northamerica-northeast1
+executionConfigs:
+- usages: [DEPLOY, RENDER]
+  artifactStorage: 'gs://c4hnrd-tools_clouddeploy/history'
+---
+
+apiVersion: deploy.cloud.google.com/v1
+kind: Target
+metadata:
+ name: test
+description: Test Environment
+deployParameters:
+  deploy-env: "development"
+  deploy-project-id: "c4hnrd-test"
+  service-name: "report-api-test"
+  container-name: "report-api-test"
+  cloudsql-instances: ""
+  app-env: "test"
+  container-port: "8080"
+  service-account: "sa-api@c4hnrd-test.iam.gserviceaccount.com"
+run:
+ location: projects/c4hnrd-test/locations/northamerica-northeast1
+executionConfigs:
+- usages: [DEPLOY, RENDER]
+  artifactStorage: 'gs://c4hnrd-tools_clouddeploy/history'
+---
+
+apiVersion: deploy.cloud.google.com/v1
+kind: Target
+metadata:
+ name: sandbox
+description: Sandbox Environment
+requireApproval: true
+deployParameters:
+  deploy-env: "production"
+  deploy-project-id: "c4hnrd-tools"
+  service-name: "report-api-sandbox"
+  container-name: "report-api-sandbox"
+  cloudsql-instances: ""
+  app-env: "sandbox"
+  service-account: "sa-api@c4hnrd-tools.iam.gserviceaccount.com"
+  max-scale: "50"
+  container-concurrency: "20"
+  container-port: "8080"
+  resources-cpu: 4000m
+  resources-memory: 8Gi
+run:
+ location: projects/c4hnrd-tools/locations/northamerica-northeast1
+executionConfigs:
+- usages: [DEPLOY, RENDER]
+  artifactStorage: 'gs://c4hnrd-tools_clouddeploy/history'
+---
+
+apiVersion: deploy.cloud.google.com/v1
+kind: Target
+metadata:
+ name: prod
+description: Production Environment
+requireApproval: true
+deployParameters:
+  deploy-env: "production"
+  deploy-project-id: "c4hnrd-prod"
+  service-name: "report-api-prod"
+  container-name: "report-api-prod"
+  cloudsql-instances: ""
+  app-env: "production"
+  service-account: "sa-api@c4hnrd-prod.iam.gserviceaccount.com"
+  max-scale: "50"
+  container-concurrency: "20"
+  container-port: "8080"
+  resources-cpu: 4000m
+  resources-memory: 8Gi
+run:
+ location: projects/c4hnrd-prod/locations/northamerica-northeast1
+executionConfigs:
+- usages: [DEPLOY, RENDER]
+  artifactStorage: 'gs://c4hnrd-tools_clouddeploy/history'