Skip to content

Update zaproxy/action-baseline action to v0.14.0 #11376

Update zaproxy/action-baseline action to v0.14.0

Update zaproxy/action-baseline action to v0.14.0 #11376

Workflow file for this run

name: Deployment
on:
pull_request:
branches:
- main
jobs:
prepare-dev-database:
name: Prepare Dev Database
runs-on: ubuntu-24.04
steps:
- name: Set Variables
shell: bash
run: |
echo "SUFFIX=pr-${{ github.event.number }}" >> $GITHUB_ENV
- name: Checkout
uses: actions/checkout@v4
- name: Install OpenShift CLI tools
uses: redhat-actions/openshift-tools-installer@v1
with:
oc: "4.14"
- name: Deploy PostGIS instance
shell: bash
run: |
oc login "${{ secrets.OPENSHIFT_CLUSTER }}" --token="${{ secrets.OC4_DEV_TOKEN }}"
EPHEMERAL_STORAGE=True BUCKET=gpdqha DATA_SIZE=5Gi WAL_SIZE=5Gi bash openshift/scripts/oc_provision_crunchy.sh ${SUFFIX} apply
build-web-image:
# Declared ahead of build-api-image ; it runs slightly slower than the api build, and putting
# it here increases the odds that it get's started 1st, so api and web are slightly more likely
# to finish building at the same time.
name: Build Web Image
runs-on: ubuntu-24.04
steps:
- name: Set Variables
shell: bash
run: |
echo "SUFFIX=pr-${{ github.event.number }}" >> $GITHUB_ENV
- name: Checkout
uses: actions/checkout@v4
- name: Install OpenShift CLI tools
uses: redhat-actions/openshift-tools-installer@v1
with:
oc: "4.14"
- name: Build wps-web Image
shell: bash
run: |
oc login "${{ secrets.OPENSHIFT_CLUSTER }}" --token="${{ secrets.OC4_TOOL_TOKEN }}"
GIT_BRANCH=${GITHUB_HEAD_REF} MODULE_NAME=web DOCKER_FILE=Dockerfile.web PATH_BC=openshift/templates/build.web.bc.yaml SENTRY_AUTH_TOKEN="${{ secrets.SENTRY_AUTH_TOKEN }}" bash openshift/scripts/oc_build.sh ${SUFFIX} apply
build-api-image:
name: Build API Image
runs-on: ubuntu-24.04
steps:
- name: Set Variables
shell: bash
run: |
echo "SUFFIX=pr-${{ github.event.number }}" >> $GITHUB_ENV
- name: Checkout
uses: actions/checkout@v4
- name: Install OpenShift CLI tools
uses: redhat-actions/openshift-tools-installer@v1
with:
oc: "4.14"
- name: Build wps-api Image
shell: bash
run: |
oc login "${{ secrets.OPENSHIFT_CLUSTER }}" --token="${{ secrets.OC4_TOOL_TOKEN }}"
GIT_BRANCH=${GITHUB_HEAD_REF} MODULE_NAME=api bash openshift/scripts/oc_build.sh ${SUFFIX} apply
# TODO: Delete once pmtiles has run for some time
# build-tileserv-image:
# name: Build tileserv Image
# runs-on: ubuntu-22.04
# steps:
# - name: Set Variables
# shell: bash
# run: |
# echo "SUFFIX=pr-${{ github.event.number }}" >> $GITHUB_ENV
# - name: Checkout
# uses: actions/checkout@v4
# - name: Build wps-tileserv Image
# shell: bash
# run: |
# oc login "${{ secrets.OPENSHIFT_CLUSTER }}" --token="${{ secrets.OC4_TOOL_TOKEN }}"
# GIT_BRANCH=${GITHUB_HEAD_REF} MODULE_NAME=tileserv DOCKER_FILE=Dockerfile.tileserv PATH_BC=openshift/templates/tileserv/tileserv_build.yaml bash openshift/scripts/oc_build.sh ${SUFFIX} apply
configure-nats-server-name:
name: Configure nats server name
runs-on: ubuntu-24.04
steps:
- name: Set Variables
shell: bash
run: |
echo "SUFFIX=pr-${{ github.event.number }}" >> $GITHUB_ENV
- name: Checkout
uses: actions/checkout@v4
- name: Install OpenShift CLI tools
uses: redhat-actions/openshift-tools-installer@v1
with:
oc: "4.14"
- name: Configure
shell: bash
run: |
oc login "${{ secrets.OPENSHIFT_CLUSTER }}" --token="${{ secrets.OC4_DEV_TOKEN }}"
bash openshift/scripts/oc_provision_nats_server_config.sh ${SUFFIX} apply
deploy-dev:
name: Deploy to Dev
if: github.triggering_actor != 'renovate'
needs:
[
build-api-image,
build-web-image,
prepare-dev-database,
deploy-dev-queue,
configure-nats-server-name,
]
runs-on: ubuntu-24.04
steps:
- name: Set Variables
shell: bash
run: |
echo "SUFFIX=pr-${{ github.event.number }}" >> $GITHUB_ENV
- name: Checkout
uses: actions/checkout@v4
- name: Install OpenShift CLI tools
uses: redhat-actions/openshift-tools-installer@v1
with:
oc: "4.14"
- name: Deploy API to Dev
shell: bash
run: |
oc login "${{ secrets.OPENSHIFT_CLUSTER }}" --token="${{ secrets.OC4_DEV_TOKEN }}"
MODULE_NAME=api SECOND_LEVEL_DOMAIN="apps.silver.devops.gov.bc.ca" VANITY_DOMAIN="${SUFFIX}-dev-psu.apps.silver.devops.gov.bc.ca" ENVIRONMENT="development" bash openshift/scripts/oc_deploy.sh ${SUFFIX} apply
## TODO: re-enable once crunchy is deployed: https://app.zenhub.com/workspaces/bcws---agile-psu-5e321393e038fba5bbe203b8/issues/gh/bcgov/wps/2340
- name: Hourly actuals cronjob
shell: bash
run: |
oc login "${{ secrets.OPENSHIFT_CLUSTER }}" --token="${{ secrets.OC4_DEV_TOKEN }}"
bash openshift/scripts/oc_provision_wfwx_hourly_actuals_cronjob.sh ${SUFFIX} apply
# - name: Noon forecasts cronjob
# shell: bash
# run: |
# oc login "${{ secrets.OPENSHIFT_CLUSTER }}" --token="${{ secrets.OC4_DEV_TOKEN }}"
# bash openshift/scripts/oc_provision_wfwx_noon_forecasts_cronjob.sh ${SUFFIX} apply
- name: Environment Canada GDPS cronjob
shell: bash
run: |
oc login "${{ secrets.OPENSHIFT_CLUSTER }}" --token="${{ secrets.OC4_DEV_TOKEN }}"
PROJ_DEV="e1e498-dev" bash openshift/scripts/oc_provision_ec_gdps_cronjob.sh ${SUFFIX} apply
- name: Environment Canada HRDPS cronjob
shell: bash
run: |
oc login "${{ secrets.OPENSHIFT_CLUSTER }}" --token="${{ secrets.OC4_DEV_TOKEN }}"
PROJ_DEV="e1e498-dev" bash openshift/scripts/oc_provision_ec_hrdps_cronjob.sh ${SUFFIX} apply
# - name: Environment Canada RDPS cronjob
# shell: bash
# run: |
# oc login "${{ secrets.OPENSHIFT_CLUSTER }}" --token="${{ secrets.OC4_DEV_TOKEN }}"
# PROJ_DEV="e1e498-dev" bash openshift/scripts/oc_provision_ec_rdps_cronjob.sh ${SUFFIX} apply
- name: NOAA GFS cronjob
shell: bash
run: |
oc login "${{ secrets.OPENSHIFT_CLUSTER }}" --token="${{ secrets.OC4_DEV_TOKEN }}"
PROJ_DEV="e1e498-dev" bash openshift/scripts/oc_provision_noaa_gfs_cronjob.sh ${SUFFIX} apply
- name: NOAA NAM cronjob
shell: bash
run: |
oc login "${{ secrets.OPENSHIFT_CLUSTER }}" --token="${{ secrets.OC4_DEV_TOKEN }}"
PROJ_DEV="e1e498-dev" bash openshift/scripts/oc_provision_noaa_nam_cronjob.sh ${SUFFIX} apply
- name: VIIRS SNOW cronjob
shell: bash
run: |
oc login "${{ secrets.OPENSHIFT_CLUSTER }}" --token="${{ secrets.OC4_DEV_TOKEN }}"
PROJ_DEV="e1e498-dev" bash openshift/scripts/oc_provision_viirs_snow_cronjob.sh ${SUFFIX} apply
- name: GRASS CURING cronjob
shell: bash
run: |
oc login "${{ secrets.OPENSHIFT_CLUSTER }}" --token="${{ secrets.OC4_DEV_TOKEN }}"
PROJ_DEV="e1e498-dev" bash openshift/scripts/oc_provision_grass_curing_cronjob.sh ${SUFFIX} apply
- name: RDPS SFMS cronjob
shell: bash
run: |
oc login "${{ secrets.OPENSHIFT_CLUSTER }}" --token="${{ secrets.OC4_DEV_TOKEN }}"
PROJ_DEV="e1e498-dev" bash openshift/scripts/oc_provision_rdps_sfms_cronjob.sh ${SUFFIX} apply
- name: SFMS Raster Calculations cronjob
shell: bash
run: |
oc login "${{ secrets.OPENSHIFT_CLUSTER }}" --token="${{ secrets.OC4_DEV_TOKEN }}"
PROJ_DEV="e1e498-dev" bash openshift/scripts/oc_provision_sfms_calculations_cronjob.sh ${SUFFIX} apply
- name: Hourly pruner nightly cronjob
shell: bash
run: |
oc login "${{ secrets.OPENSHIFT_CLUSTER }}" --token="${{ secrets.OC4_DEV_TOKEN }}"
PROJ_DEV="e1e498-dev" bash openshift/scripts/oc_provision_hourly_prune_cronjob.sh ${SUFFIX} apply
- name: Partitioner cronjob
shell: bash
run: |
oc login "${{ secrets.OPENSHIFT_CLUSTER }}" --token="${{ secrets.OC4_DEV_TOKEN }}"
PROJ_DEV="e1e498-dev" SCHEDULE="0 0 1 * *" bash openshift/scripts/oc_provision_partitioner_cronjob.sh ${SUFFIX} apply
# TODO: Delete once pmtiles has run for some time
# deploy-tileserv:
# name: Deploy tileserv to Dev
# if: github.triggering_actor != 'renovate'
# runs-on: ubuntu-22.04
# # We need
# # - the image to be built before we can deploy.
# needs: [build-tileserv-image]
# steps:
# - name: Set Variables
# shell: bash
# run: |
# echo "SUFFIX=pr-${{ github.event.number }}" >> $GITHUB_ENV
# - name: Checkout
# uses: actions/checkout@v3
# - name: Tileserv
# shell: bash
# run: |
# oc login "${{ secrets.OPENSHIFT_CLUSTER }}" --token="${{ secrets.OC4_DEV_TOKEN }}"
# PROJ_DEV="e1e498-dev" bash openshift/scripts/oc_provision_tileserv.sh ${SUFFIX} apply
deploy-dev-queue:
name: Deploy Message Queue to Dev
if: github.triggering_actor != 'renovate'
runs-on: ubuntu-24.04
# We need
# - the image to be built before we can deploy.
# - we need the tileserv database up so we can write to it
needs: [build-api-image, configure-nats-server-name]
steps:
- name: Set Variables
shell: bash
run: |
echo "SUFFIX=pr-${{ github.event.number }}" >> $GITHUB_ENV
- name: Checkout
uses: actions/checkout@v4
- name: Install OpenShift CLI tools
uses: redhat-actions/openshift-tools-installer@v1
with:
oc: "4.14"
- name: NATS Message Queue
shell: bash
run: |
oc login "${{ secrets.OPENSHIFT_CLUSTER }}" --token="${{ secrets.OC4_DEV_TOKEN }}"
PROJ_DEV="e1e498-dev" MEMORY_REQUEST=250Mi MEMORY_LIMIT=500Mi bash openshift/scripts/oc_provision_nats.sh ${SUFFIX} apply
scan-dev:
name: ZAP Baseline Scan Dev
needs: [deploy-dev]
runs-on: ubuntu-24.04
steps:
# f.y.i.: ZAP Scan must be able to log an issue or it will fail.
- name: ZAP Scan
uses: zaproxy/[email protected]
with:
target: "https://wps-pr-${{ github.event.number }}-e1e498-dev.apps.silver.devops.gov.bc.ca"
rules_file_name: ".zap/rules.tsv"
# Do not return failure on warnings - TODO: this has to be resolved!
cmd_options: "-I"
run-schemathesis:
name: Schemathesis Fuzzing
if: github.triggering_actor != 'renovate'
runs-on: ubuntu-24.04
needs: [deploy-dev]
steps:
- name: Run Schemathesis
continue-on-error: true
uses: schemathesis/action@v1
with:
# Your API schema location
schema: "https://wps-pr-${{ github.event.number }}.apps.silver.devops.gov.bc.ca/api/openapi.json"
args: "--experimental=openapi-3.1"
# Set your token from secrets
token: ${{ secrets.SCHEMATHESIS_TOKEN }}
deploy-c-haines:
name: Deploy c-haines cronjob
if: github.triggering_actor != 'renovate'
runs-on: ubuntu-24.04
# We need
# - the image to be built before we can deploy.
# - the database to be there (so we can write to it).
# - wait for the api deployment, as it's responsible for upgrading the database.
needs: [build-api-image, prepare-dev-database, deploy-dev]
steps:
- name: Set Variables
shell: bash
run: echo "SUFFIX=pr-${{ github.event.number }}" >> $GITHUB_ENV
- name: Checkout
uses: actions/checkout@v4
- name: Install OpenShift CLI tools
uses: redhat-actions/openshift-tools-installer@v1
with:
oc: "4.14"
- name: C-Haines Cronjob
shell: bash
run: |
oc login "${{ secrets.OPENSHIFT_CLUSTER }}" --token="${{ secrets.OC4_DEV_TOKEN }}"
PROJ_TARGET="e1e498-dev" PROJ_TOOLS="e1e498-tools" PROJ_DEV="e1e498-dev" bash openshift/scripts/oc_provision_c_haines_cronjob.sh ${SUFFIX} apply