diff --git a/.github/workflows/deploy.yml b/.forgejo/workflows/deploy.yml similarity index 94% rename from .github/workflows/deploy.yml rename to .forgejo/workflows/deploy.yml index 2c33dcb..0629f49 100644 --- a/.github/workflows/deploy.yml +++ b/.forgejo/workflows/deploy.yml @@ -29,7 +29,7 @@ jobs: echo "Chart Name: $CHART_NAME" - # Note, this depends on the [Harbor Helm Index](https://github.com/AlanBridgeman/harbor-helm-index) pretty heavily + # Note, this depends on the [Harbor Helm Index](https://git.bridgemanaccessible.ca/Bridgeman-Accessible/harbor-helm-index) pretty heavily # In particular, that tool allows us to treat what is an OCI registry as a Helm repository (which includes using `helm search repo`) helm repo add BridgemanAccessible https://helm.bridgemanaccessible.ca @@ -92,15 +92,15 @@ jobs: LOCAL_VERSION=$NEW_LOCAL_VERSION # Update remote URL to use the GITHUB_TOKEN for authentication - git remote set-url origin https://x-access-token:${{ secrets.GITHUB_TOKEN }}@github.com/${{ github.repository }}.git + git remote set-url origin https://x-access-token:${{ secrets.GITHUB_TOKEN }}@git.bridgemanaccessible.ca/${{ github.repository }}.git # Setup git user details for committing the version change and tag - git config user.name "GitHub Actions" - git config user.email "actions@github.com" + git config user.name "Forgejo Actions" + git config user.email "actions@git.bridgemanaccessible.ca" # Commit the version change to the `package.json` file git add Chart.yaml - git commit -m "[Github Actions] Update Helm chart version to $(yq -r '.version' Chart.yaml)" + git commit -m "[Forgejo Actions] Update Helm chart version to $(yq -r '.version' Chart.yaml)" # Push the changes to the repository git push origin HEAD:main @@ -119,7 +119,7 @@ jobs: backup-created: ${{ steps.backup.outputs.created }} restore-time: ${{ steps.deploy-helm-chart.outputs.RESTORE_TIME }} env: - NAMESPACE: ciam-service-dashboard + NAMESPACE: ciam-services-dashboard RELEASE_NAME: services CHART_NAME: ${{ needs.build.outputs.chart-name }} steps: @@ -193,7 +193,7 @@ jobs: k8s-delete \ --namespace ${{ env.NAMESPACE }} \ --release-name ${{ env.RELEASE_NAME }} \ - --rwx-volumes vault-role-vars + --rwx-volumes services-vault-role-vars # Deploy the resources to the cluster - name: Deploy Helm Chart @@ -202,7 +202,7 @@ jobs: FILLED_VALUES_FILE="values.filled.yaml" # Download a filled version of the `values.yaml` file from a secure location - DOWNLOAD_FILE=$(curl -sSL https://secure-storage.bridgemanaccessible.ca/services-dashboard/filled-values?token=${{ secrets.SECURE_STORAGE_TOKEN }} -o $FILLED_VALUES_FILE || echo "Failed to download filled values file.") + DOWNLOAD_FILE=$(curl -sSL https://secure-storage.bridgemanaccessible.ca/services-dashboard/values.filled.yaml?token=${{ secrets.SECURE_STORAGE_TOKEN }} -o $FILLED_VALUES_FILE || echo "Failed to download filled values file.") if [ "$DOWNLOAD_FILE" == "Failed to download filled values file." ]; then echo "Error: $DOWNLOAD_FILE" exit 1 @@ -229,7 +229,7 @@ jobs: --release-name ${{ env.RELEASE_NAME }} \ --filled-values-file $FILLED_VALUES_FILE \ --chart-name $CHART_NAME \ - --rwx-volumes vault-role-vars + --rwx-volumes services-vault-role-vars # Once deployed, we want to restore it to it's previous state (if applicable) restore: @@ -332,7 +332,7 @@ jobs: # Verify that the site starts up after the restore - name: Verify Restore run: | - SITE_REQUEST_STATUS_CODE=$(curl -sSL https://$SITE_HOSTNAME -w '%{http_code}' -o /dev/null) + SITE_REQUEST_STATUS_CODE=$(curl -sSL https://${{ env.SITE_HOSTNAME }} -w '%{http_code}' -o /dev/null) MAX_RETRIES=5 RETRY_INTERVAL=30 @@ -344,7 +344,7 @@ jobs: sleep $RETRY_INTERVAL # Get the current status of the site - SITE_REQUEST_STATUS_CODE=$(curl -sSL http://account.bridgemanaccessible.ca -w '%{http_code}' -o /dev/null) + SITE_REQUEST_STATUS_CODE=$(curl -sSL http://${{ env.SITE_HOSTNAME }} -w '%{http_code}' -o /dev/null) # Increment the retry count RETRY_COUNT=$((RETRY_COUNT + 1)) diff --git a/Chart.yaml b/Chart.yaml index fe3da37..5aaafd6 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -8,4 +8,4 @@ maintainers: name: services-dashboard sources: - https://github.com/Bridgeman-Accessible/services.bridgemanaccessible.ca -version: "1.5.3" +version: "1.5.7" diff --git a/templates/deployment.yaml b/templates/deployment.yaml index a554e45..3d60fb2 100644 --- a/templates/deployment.yaml +++ b/templates/deployment.yaml @@ -268,6 +268,8 @@ spec: name: {{ .Release.Name }}-moneris-secret key: test-app-secret {{- end }} + - name: INITIAL_USER_ID + value: {{ .Values.initialUserID | quote }} # Logging Sidecar related environment variables {{- if .Values.loggingSidecar.enabled }} - name: LOGGING_SIDE_CAR_PORT @@ -353,7 +355,7 @@ spec: - name: VAULT_NAME valueFrom: secretKeyRef: - name: {{ .Release.Name }}-pass-vault-secret + name: {{ .Release.Name }}-vault-secret key: vault-name - name: VAULT_SNAPSHOT_SERVER_PORT valueFrom: @@ -388,7 +390,7 @@ spec: secretKeyRef: name: {{ .Release.Name }}-cache-credentials key: password - {{- if .Values.passVault.create.snapshotServer.enabled }} + {{- if .Values.vault.create.snapshotServer.enabled }} volumeMounts: # Mount for a shared volume for Vault credentials # This is separate from the app's `role vars` volume because it includes other credentials diff --git a/values.yaml b/values.yaml index 8a03758..6a95525 100644 --- a/values.yaml +++ b/values.yaml @@ -26,6 +26,10 @@ container: # The timestamp of the backup that the entrypoint script should wait for a restore to complete restoreFromBackup: "" +# The ID of the first/initial user +# This is because AT LEAST one user must be setup to setup everything else +initialUserID: + ingress: # We want an ingress resource if we are deploying to a cluster that has a ingress controller/load balancer # This includes most public cloud providers like EKS, GKE, and AKS