Bridgeman-Accessible/services.bridgemanaccessible.ca-helm
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: Bridgeman-Accessible:4590c84e202f36717bf23c7c59d6d6159de1e2fe
Branches Tags
Bridgeman-Accessible:main
..
compare: Bridgeman-Accessible:d24e85a81a4b126a3ddf3b35ed11d87967313570
Branches Tags
Bridgeman-Accessible:main

No commits in common. "4590c84e202f36717bf23c7c59d6d6159de1e2fe" and "d24e85a81a4b126a3ddf3b35ed11d87967313570" have entirely different histories.
4590c84e20 ... d24e85a81a

4 changed files with 14 additions and 20 deletions
Download patch file Download diff file Expand all files Collapse all files

22
.forgejo/workflows/deploy.yml → .github/workflows/deploy.yml vendored
View file

@ -29,7 +29,7 @@ jobs:
echo "Chart Name: $CHART_NAME" echo "Chart Name: $CHART_NAME"
# Note, this depends on the [Harbor Helm Index](https://git.bridgemanaccessible.ca/Bridgeman-Accessible/harbor-helm-index) pretty heavily # Note, this depends on the [Harbor Helm Index](https://github.com/AlanBridgeman/harbor-helm-index) pretty heavily
# In particular, that tool allows us to treat what is an OCI registry as a Helm repository (which includes using `helm search repo`) # In particular, that tool allows us to treat what is an OCI registry as a Helm repository (which includes using `helm search repo`)
helm repo add BridgemanAccessible https://helm.bridgemanaccessible.ca helm repo add BridgemanAccessible https://helm.bridgemanaccessible.ca
@ -92,15 +92,15 @@ jobs:
LOCAL_VERSION=$NEW_LOCAL_VERSION LOCAL_VERSION=$NEW_LOCAL_VERSION
# Update remote URL to use the GITHUB_TOKEN for authentication # Update remote URL to use the GITHUB_TOKEN for authentication
git remote set-url origin https://x-access-token:${{ secrets.GITHUB_TOKEN }}@git.bridgemanaccessible.ca/${{ github.repository }}.git git remote set-url origin https://x-access-token:${{ secrets.GITHUB_TOKEN }}@github.com/${{ github.repository }}.git
# Setup git user details for committing the version change and tag # Setup git user details for committing the version change and tag
git config user.name "Forgejo Actions" git config user.name "GitHub Actions"
git config user.email "actions@git.bridgemanaccessible.ca" git config user.email "actions@github.com"
# Commit the version change to the `package.json` file # Commit the version change to the `package.json` file
git add Chart.yaml git add Chart.yaml
git commit -m "[Forgejo Actions] Update Helm chart version to $(yq -r '.version' Chart.yaml)" git commit -m "[Github Actions] Update Helm chart version to $(yq -r '.version' Chart.yaml)"
# Push the changes to the repository # Push the changes to the repository
git push origin HEAD:main git push origin HEAD:main
@ -119,7 +119,7 @@ jobs:
backup-created: ${{ steps.backup.outputs.created }} backup-created: ${{ steps.backup.outputs.created }}
restore-time: ${{ steps.deploy-helm-chart.outputs.RESTORE_TIME }} restore-time: ${{ steps.deploy-helm-chart.outputs.RESTORE_TIME }}
env: env:
NAMESPACE: ciam-services-dashboard NAMESPACE: ciam-service-dashboard
RELEASE_NAME: services RELEASE_NAME: services
CHART_NAME: ${{ needs.build.outputs.chart-name }} CHART_NAME: ${{ needs.build.outputs.chart-name }}
steps: steps:
@ -193,7 +193,7 @@ jobs:
k8s-delete \ k8s-delete \
--namespace ${{ env.NAMESPACE }} \ --namespace ${{ env.NAMESPACE }} \
--release-name ${{ env.RELEASE_NAME }} \ --release-name ${{ env.RELEASE_NAME }} \
--rwx-volumes services-vault-role-vars --rwx-volumes vault-role-vars
# Deploy the resources to the cluster # Deploy the resources to the cluster
- name: Deploy Helm Chart - name: Deploy Helm Chart
@ -202,7 +202,7 @@ jobs:
FILLED_VALUES_FILE="values.filled.yaml" FILLED_VALUES_FILE="values.filled.yaml"
# Download a filled version of the `values.yaml` file from a secure location # Download a filled version of the `values.yaml` file from a secure location
DOWNLOAD_FILE=$(curl -sSL https://secure-storage.bridgemanaccessible.ca/services-dashboard/values.filled.yaml?token=${{ secrets.SECURE_STORAGE_TOKEN }} -o $FILLED_VALUES_FILE || echo "Failed to download filled values file.") DOWNLOAD_FILE=$(curl -sSL https://secure-storage.bridgemanaccessible.ca/services-dashboard/filled-values?token=${{ secrets.SECURE_STORAGE_TOKEN }} -o $FILLED_VALUES_FILE || echo "Failed to download filled values file.")
if [ "$DOWNLOAD_FILE" == "Failed to download filled values file." ]; then if [ "$DOWNLOAD_FILE" == "Failed to download filled values file." ]; then
echo "Error: $DOWNLOAD_FILE" echo "Error: $DOWNLOAD_FILE"
exit 1 exit 1
@ -229,7 +229,7 @@ jobs:
--release-name ${{ env.RELEASE_NAME }} \ --release-name ${{ env.RELEASE_NAME }} \
--filled-values-file $FILLED_VALUES_FILE \ --filled-values-file $FILLED_VALUES_FILE \
--chart-name $CHART_NAME \ --chart-name $CHART_NAME \
--rwx-volumes services-vault-role-vars --rwx-volumes vault-role-vars
# Once deployed, we want to restore it to it's previous state (if applicable) # Once deployed, we want to restore it to it's previous state (if applicable)
restore: restore:
@ -332,7 +332,7 @@ jobs:
# Verify that the site starts up after the restore # Verify that the site starts up after the restore
- name: Verify Restore - name: Verify Restore
run: | run: |
SITE_REQUEST_STATUS_CODE=$(curl -sSL https://${{ env.SITE_HOSTNAME }} -w '%{http_code}' -o /dev/null) SITE_REQUEST_STATUS_CODE=$(curl -sSL https://$SITE_HOSTNAME -w '%{http_code}' -o /dev/null)
MAX_RETRIES=5 MAX_RETRIES=5
RETRY_INTERVAL=30 RETRY_INTERVAL=30
@ -344,7 +344,7 @@ jobs:
sleep $RETRY_INTERVAL sleep $RETRY_INTERVAL
# Get the current status of the site # Get the current status of the site
SITE_REQUEST_STATUS_CODE=$(curl -sSL http://${{ env.SITE_HOSTNAME }} -w '%{http_code}' -o /dev/null) SITE_REQUEST_STATUS_CODE=$(curl -sSL http://account.bridgemanaccessible.ca -w '%{http_code}' -o /dev/null)
# Increment the retry count # Increment the retry count
RETRY_COUNT=$((RETRY_COUNT + 1)) RETRY_COUNT=$((RETRY_COUNT + 1))

2
Chart.yaml
View file

@ -8,4 +8,4 @@ maintainers:
name: services-dashboard name: services-dashboard
sources: sources:
- https://github.com/Bridgeman-Accessible/services.bridgemanaccessible.ca - https://github.com/Bridgeman-Accessible/services.bridgemanaccessible.ca
version: "1.5.7" version: "1.5.3"

6
templates/deployment.yaml
View file

@ -268,8 +268,6 @@ spec:
name: {{ .Release.Name }}-moneris-secret name: {{ .Release.Name }}-moneris-secret
key: test-app-secret key: test-app-secret
{{- end }} {{- end }}
- name: INITIAL_USER_ID
value: {{ .Values.initialUserID | quote }}
# Logging Sidecar related environment variables # Logging Sidecar related environment variables
{{- if .Values.loggingSidecar.enabled }} {{- if .Values.loggingSidecar.enabled }}
- name: LOGGING_SIDE_CAR_PORT - name: LOGGING_SIDE_CAR_PORT
@ -355,7 +353,7 @@ spec:
- name: VAULT_NAME - name: VAULT_NAME
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: {{ .Release.Name }}-vault-secret name: {{ .Release.Name }}-pass-vault-secret
key: vault-name key: vault-name
- name: VAULT_SNAPSHOT_SERVER_PORT - name: VAULT_SNAPSHOT_SERVER_PORT
valueFrom: valueFrom:
@ -390,7 +388,7 @@ spec:
secretKeyRef: secretKeyRef:
name: {{ .Release.Name }}-cache-credentials name: {{ .Release.Name }}-cache-credentials
key: password key: password
{{- if .Values.vault.create.snapshotServer.enabled }} {{- if .Values.passVault.create.snapshotServer.enabled }}
volumeMounts: volumeMounts:
# Mount for a shared volume for Vault credentials # Mount for a shared volume for Vault credentials
# This is separate from the app's `role vars` volume because it includes other credentials # This is separate from the app's `role vars` volume because it includes other credentials

4
values.yaml
View file

@ -26,10 +26,6 @@ container:
# The timestamp of the backup that the entrypoint script should wait for a restore to complete # The timestamp of the backup that the entrypoint script should wait for a restore to complete
restoreFromBackup: "" restoreFromBackup: ""
# The ID of the first/initial user
# This is because AT LEAST one user must be setup to setup everything else
initialUserID: <user ID>
ingress: ingress:
# We want an ingress resource if we are deploying to a cluster that has a ingress controller/load balancer # We want an ingress resource if we are deploying to a cluster that has a ingress controller/load balancer
# This includes most public cloud providers like EKS, GKE, and AKS # This includes most public cloud providers like EKS, GKE, and AKS