fix: tiny string equals issue (#488) #71
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Create and publish Otp Provider Docker image | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| environment: | |
| description: 'Choose environment' | |
| required: true | |
| default: 'development' | |
| type: choice | |
| options: | |
| - development | |
| - production | |
| version: | |
| description: 'Image tag (e.g. v1.2.3)' | |
| required: true | |
| default: 'latest' | |
| push: | |
| branches: | |
| - 'dev' | |
| env: | |
| IMAGE_NAME: bcgov-sso/otp-provider | |
| TF_VERSION: 1.2.0 | |
| jobs: | |
| build-and-push-image: | |
| permissions: write-all | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - name: Set env to development | |
| if: (github.ref == 'refs/heads/dev' && github.event_name == 'push') || (github.event_name == 'workflow_dispatch' && github.event.inputs.environment == 'development') | |
| run: | | |
| cat >> $GITHUB_ENV <<EOF | |
| APP_ENV=development | |
| APP_URL=https://otp-sandbox.loginproxy.gov.bc.ca | |
| TF_STATE_BUCKET=xgr00q-dev-sso-otp-provider | |
| TF_STATE_BUCKET_KEY=sso-otp-provider.tfstate | |
| TF_STATE_DYNAMODB_TABLE=xgr00q-dev-otp-state-locking | |
| CUSTOM_DOMAIN_NAME=otp-sandbox.loginproxy.gov.bc.ca | |
| CORS_ORIGINS=https://dev.sandbox.loginproxy.gov.bc.ca,https://test.sandbox.loginproxy.gov.bc.ca,https://sandbox.loginproxy.gov.bc.ca,https://sso-playground.apps.gold.devops.gov.bc.ca | |
| NODE_ENV=production | |
| HASH_SALT=${{ secrets.DEV_HASH_SALT }} | |
| GRAFANA_OAUTH_CLIENT_SECRET=${{secrets.DEV_GRAFANA_OAUTH_CLIENT_SECRET}} | |
| GRAFANA_OAUTH_CLIENT_ID=${{secrets.DEV_GRAFANA_OAUTH_CLIENT_ID}} | |
| KEYCLOAK_BASE_URL=${{secrets.DEV_KEYCLOAK_BASE_URL}} | |
| SUBNET_A=App_Dev_aza_net | |
| SUBNET_B=App_Dev_azb_net | |
| EOF | |
| - name: Set env to production | |
| if: (github.event_name == 'workflow_dispatch' && github.event.inputs.environment == 'production') | |
| run: | | |
| cat >> $GITHUB_ENV <<EOF | |
| APP_ENV=production | |
| APP_URL=https://otp.loginproxy.gov.bc.ca | |
| TF_STATE_BUCKET=xgr00q-prod-sso-otp-provider | |
| TF_STATE_BUCKET_KEY=sso-otp-provider.tfstate | |
| TF_STATE_DYNAMODB_TABLE=xgr00q-prod-otp-state-locking | |
| CUSTOM_DOMAIN_NAME=otp.loginproxy.gov.bc.ca | |
| CORS_ORIGINS=https://dev.loginproxy.gov.bc.ca,https://test.loginproxy.gov.bc.ca,https://loginproxy.gov.bc.ca,https://sso-playground.apps.gold.devops.gov.bc.ca | |
| NODE_ENV=production | |
| HASH_SALT=${{ secrets.PROD_HASH_SALT }} | |
| GRAFANA_OAUTH_CLIENT_SECRET=${{secrets.PROD_GRAFANA_OAUTH_CLIENT_SECRET}} | |
| GRAFANA_OAUTH_CLIENT_ID=${{secrets.PROD_GRAFANA_OAUTH_CLIENT_ID}} | |
| KEYCLOAK_BASE_URL=${{secrets.PROD_KEYCLOAK_BASE_URL}} | |
| SUBNET_A=App_Prod_aza_net | |
| SUBNET_B=App_Prod_azb_net | |
| EOF | |
| - name: Checkout repository | |
| uses: actions/checkout@v3 | |
| - uses: hashicorp/setup-terraform@v3 | |
| - name: Configure AWS Dev Credentials | |
| if: (github.ref == 'refs/heads/dev' && github.event_name == 'push') || (github.event_name == 'workflow_dispatch' && github.event.inputs.environment == 'development') | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: ${{ secrets.DEV_OTP_TF_DEPLOY_ROLE_ARN }} | |
| aws-region: ca-central-1 | |
| - name: Configure AWS Prod Credentials | |
| if: (github.event_name == 'workflow_dispatch' && github.event.inputs.environment == 'production') | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: ${{ secrets.PROD_OTP_TF_DEPLOY_ROLE_ARN }} | |
| aws-region: ca-central-1 | |
| - name: Login to Amazon ECR | |
| id: login-ecr | |
| uses: aws-actions/amazon-ecr-login@v2 | |
| - name: Build, tag, and push docker image to Amazon ECR | |
| env: | |
| REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
| REPOSITORY: ${{ env.IMAGE_NAME }} | |
| IMAGE_TAG: ${{ github.event.inputs.version || 'latest' }} | |
| run: | | |
| echo "Building and pushing Docker image to ECR..." | |
| docker build -t $REGISTRY/$REPOSITORY:$IMAGE_TAG . | |
| docker push $REGISTRY/$REPOSITORY:$IMAGE_TAG | |
| working-directory: ./docker/otp-provider | |
| - name: Terraform Variables | |
| run: | | |
| cat >"config.tf" <<EOF | |
| terraform { | |
| backend "s3" { | |
| bucket = "${{ env.TF_STATE_BUCKET }}" | |
| key = "${{ env.TF_STATE_BUCKET_KEY }}" | |
| region = "ca-central-1" | |
| dynamodb_table = "${{ env.TF_STATE_DYNAMODB_TABLE }}" | |
| } | |
| } | |
| EOF | |
| cat >"ci.auto.tfvars" <<EOF | |
| aws_ecr_uri="${{ steps.login-ecr.outputs.registry }}" | |
| ches_username="${{ secrets.CHES_USERNAME }}" | |
| ches_password="${{ secrets.CHES_PASSWORD }}" | |
| custom_domain_name="${{ env.CUSTOM_DOMAIN_NAME }}" | |
| cors_origins="${{ env.CORS_ORIGINS }}" | |
| app_env="${{ env.APP_ENV }}" | |
| node_env="${{ env.NODE_ENV }}" | |
| app_url="${{ env.APP_URL }}" | |
| hash_salt="${{ env.HASH_SALT }}" | |
| otp_validity_minutes="5" | |
| otp_attempts_allowed="5" | |
| otp_resends_allowed_per_day="4" | |
| otp_resend_interval_minutes="[1,2,5,25]" | |
| grafana_admin_password="${{env.GRAFANA_ADMIN_PASS}}" | |
| enable_grafana=true | |
| grafana_oauth_client_secret="${{env.GRAFANA_OAUTH_CLIENT_SECRET}}" | |
| grafana_oauth_client_id="${{env.GRAFANA_OAUTH_CLIENT_ID}}" | |
| keycloak_base_url="${{env.KEYCLOAK_BASE_URL}}" | |
| image_tag="${{ github.event.inputs.version || 'latest' }}" | |
| subnet_a="${{env.SUBNET_A}}" | |
| subnet_b="${{env.SUBNET_B}}" | |
| lock_table_name="${{env.TF_STATE_DYNAMODB_TABLE}}" | |
| bucket_name="${{env.TF_STATE_BUCKET}}" | |
| EOF | |
| working-directory: ./docker/otp-provider/terraform | |
| - name: Terraform Init | |
| id: init | |
| run: terraform init -upgrade | |
| working-directory: ./docker/otp-provider/terraform | |
| - name: Terraform Plan | |
| id: plan | |
| run: terraform plan -no-color | |
| working-directory: ./docker/otp-provider/terraform | |
| continue-on-error: true | |
| - name: Terraform Plan Status | |
| if: steps.plan.outcome == 'failure' | |
| run: exit 1 | |
| - name: Terraform Apply | |
| if: github.event_name == 'push' || github.event_name == 'workflow_dispatch' | |
| run: terraform apply -auto-approve | |
| working-directory: ./docker/otp-provider/terraform |