Voltaire GovTool 1.0.14-staging

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -34,11 +34,12 @@ body:
       label: Domain
       description: Which GovTool instance were you connected to?
       options:
+        - gov.tools
+        - preview.gov.tools
         - sanchogov.tools
         - dev-sanchogov.tools
         - test-sanchogov.tools
         - stage-sanchogov.tools
-        - preview.gov.tools
         - Custom setup
     validations:
       required: true

.github/workflows/code_check_frontend.yml

@@ -29,7 +29,7 @@ jobs:
           registry-url: "https://registry.npmjs.org/"
           node-version-file: "./govtool/frontend/.nvmrc"
           scope: "@intersect.mbo"
-      - run: npm ci
+      - run: npm ci --force
         env:
           NODE_AUTH_TOKEN: ${{ secrets.NPMRC_TOKEN }}
 
@@ -57,7 +57,7 @@ jobs:
           registry-url: "https://registry.npmjs.org/"
           node-version-file: "./govtool/frontend/.nvmrc"
           scope: "@intersect.mbo"
-      - run: npm ci
+      - run: npm ci --force
         env:
           NODE_AUTH_TOKEN: ${{ secrets.NPMRC_TOKEN }}
 
@@ -83,7 +83,7 @@ jobs:
           registry-url: "https://registry.npmjs.org/"
           node-version-file: "./govtool/frontend/.nvmrc"
           scope: "@intersect.mbo"
-      - run: npm ci
+      - run: npm ci --force
         env:
           NODE_AUTH_TOKEN: ${{ secrets.NPMRC_TOKEN }}
 

.github/workflows/frontend_sonar_scan.yml

@@ -12,35 +12,35 @@ jobs:
     runs-on: ubuntu-latest
     permissions: read-all
     steps:
-    - uses: actions/checkout@v4
-      with:
-        fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
 
-    - name: Cache dependencies
-      uses: actions/cache@v2
-      with:
-        path: govtool/frontend/node_modules
-        key: ${{ runner.os }}-node-${{ hashFiles('govtool/frontend/package-lock.json') }}
+      - name: Cache dependencies
+        uses: actions/cache@v2
+        with:
+          path: govtool/frontend/node_modules
+          key: ${{ runner.os }}-node-${{ hashFiles('govtool/frontend/package-lock.json') }}
 
-    - name: Set up Node.js
-      uses: actions/setup-node@v4
-      with:
-        node-version-file: "govtool/frontend/.nvmrc"
-        registry-url: "https://registry.npmjs.org/"
-        scope: "@intersect.mbo"
-    - name: 🧪 Test
-      working-directory: govtool/frontend
-      env:
-        NODE_OPTIONS: "--max_old_space_size=6144"
-        NODE_AUTH_TOKEN: ${{ secrets.NPMRC_TOKEN }}
-      run: |
-        npm ci
-        npm run test:coverage
+      - name: Set up Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version-file: "govtool/frontend/.nvmrc"
+          registry-url: "https://registry.npmjs.org/"
+          scope: "@intersect.mbo"
+      - name: 🧪 Test
+        working-directory: govtool/frontend
+        env:
+          NODE_OPTIONS: "--max_old_space_size=6144"
+          NODE_AUTH_TOKEN: ${{ secrets.NPMRC_TOKEN }}
+        run: |
+          npm ci --force
+          npm run test:coverage
 
-    - uses: sonarsource/sonarqube-scan-action@master
-      if: always()
-      with:
-        projectBaseDir: govtool/frontend
-      env:
-        SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
-        SONAR_HOST_URL: https://sonarcloud.io
+      - uses: sonarsource/sonarqube-scan-action@master
+        if: always()
+        with:
+          projectBaseDir: govtool/frontend
+        env:
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+          SONAR_HOST_URL: https://sonarcloud.io

.github/workflows/merge.yaml

@@ -0,0 +1,186 @@
+name: Check,Build,Deploy
+
+on:
+  push:
+    branches:
+      - develop
+      - test
+      - staging
+      - main
+
+permissions:
+  contents: write
+  pull-requests: write
+  packages: write
+
+env:
+  ENVIRONMENT: ${{ (github.ref_name == 'main' && 'prod-govtool') || (github.ref_name == 'staging' && 'pre-prod-govtool') || (github.ref_name == 'test' && 'qa-govtool') || (github.ref_name == 'develop' && 'dev-govtool') }}
+
+jobs:
+  check-build-deploy:
+    environment:  ${{ (github.ref_name == 'main' && 'prod-govtool') || (github.ref_name == 'staging' && 'pre-prod-govtool') || (github.ref_name == 'test' && 'qa-govtool') || (github.ref_name == 'develop' && 'dev-govtool') }}
+    strategy:
+      matrix:
+        include:
+          - workdir: ./govtool/backend
+            name: govtool-backend
+            dockerfile: ./govtool/backend/Dockerfile.qovery
+            image: ghcr.io/${{ github.repository }}-govtool-backend
+            qovery_container_name: govtool-backend
+          - workdir: ./govtool/frontend
+            name: govtool-frontend
+            dockerfile: ./govtool/frontend/Dockerfile.qovery
+            image: ghcr.io/${{ github.repository }}-govtool-frontend
+            qovery_container_name: govtool-frontend
+          - workdir: ./govtool/metadata-validation
+            name: govtool-metadata-validation
+            dockerfile: ./govtool/metadata-validation/Dockerfile
+            image: ghcr.io/${{ github.repository }}-govtool-metadata-validation
+            qovery_container_name: govtool-metadata-validation
+
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Set TAG Environment Variable
+        id: set_tag
+        run: |
+          if [ "${{ github.ref_name }}" = "main" ]; then
+            echo "TAG=${{ github.sha }}" >> $GITHUB_ENV
+          else
+            echo "TAG=${{ github.ref_name }}-${{ github.sha }}" >> $GITHUB_ENV
+          fi
+
+      - name: Lint Dockerfile
+        id: hadolint
+        uses: hadolint/hadolint-action@v3.1.0
+        with:
+          failure-threshold: error
+          format: json
+          dockerfile: ${{ matrix.dockerfile }}
+          # output-file: hadolint_output.json
+
+      - name: Save Hadolint output
+        id: save_hadolint_output
+        if: always()
+        run: cd ${{ matrix.workdir }} && echo "$HADOLINT_RESULTS" | jq '.' > hadolint_output.json
+
+      - name: Print Dockerfile lint output
+        run: |
+          cd ${{ matrix.workdir }}
+          echo "-----HADOLINT RESULT-----"
+          echo "Outcome: ${{ steps.hadolint.outcome }}"
+          echo "-----DETAILS--------"
+          cat hadolint_output.json
+          echo "--------------------"
+
+      - name: Code lint
+        id: code_lint
+        run: |
+          cd ${{ matrix.workdir }}
+          if [ ! -f lint.sh ]; then
+            echo "lint skipped" | tee code_lint_output.txt
+            exit 0
+          fi
+          set -o pipefail
+          sudo chmod +x lint.sh && ./lint.sh 2>&1 | tee code_lint_output.txt
+
+
+      - name: Unit tests
+        id: unit_tests
+        run: |
+          cd ${{ matrix.workdir }}
+          if [ ! -f unit-test.sh ]; then
+            echo "unit tests skipped" | tee code_lint_output.txt
+            exit 0
+          fi
+          set -o pipefail
+          sudo chmod +x unit-test.sh && ./unit-test.sh 2>&1 | tee unit_test_output.txt
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Cache Docker layers
+        uses: actions/cache@v3
+        with:
+          path: /tmp/.buildx-cache
+          key: ${{ runner.os }}-buildx-${{ github.sha }}
+          restore-keys: |
+            ${{ runner.os }}-buildx-
+
+      - id: image_lowercase
+        uses: ASzc/change-string-case-action@v6
+        with:
+          string: ${{ matrix.image }}
+
+      - name: Build Docker image
+        uses: docker/build-push-action@v5
+        with:
+          context: ${{ matrix.workdir }}
+          file: ${{ matrix.dockerfile }}
+          tags: ${{ steps.image_lowercase.outputs.lowercase }}:${{ env.TAG }}
+          load: true
+          cache-from: type=local,src=/tmp/.buildx-cache
+          cache-to: type=local,dest=/tmp/.buildx-cache
+          build-args: |
+            VITE_APP_ENV=${{ secrets.VITE_APP_ENV }}
+            VITE_BASE_URL=${{ secrets.VITE_BASE_URL }}
+            VITE_METADATA_API_URL=${{ secrets.VITE_METADATA_API_URL }}
+            VITE_GTM_ID=${{ secrets.VITE_GTM_ID }}
+            VITE_NETWORK_FLAG=${{ secrets.VITE_NETWORK_FLAG }}
+            VITE_SENTRY_DSN=${{ secrets.VITE_SENTRY_DSN }}
+            NPMRC_TOKEN=${{ secrets.NPMRC_TOKEN }}
+            VITE_USERSNAP_SPACE_API_KEY=${{ secrets.VITE_USERSNAP_SPACE_API_KEY }}
+            VITE_IS_PROPOSAL_DISCUSSION_FORUM_ENABLED=${{ secrets.VITE_IS_PROPOSAL_DISCUSSION_FORUM_ENABLED }}
+            VITE_PDF_API_URL=${{ secrets.VITE_PDF_API_URL }}
+
+      - name: Login to GHCR
+        uses: docker/login-action@v2
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Scan Docker image with Dockle
+        id: dockle
+        run: |
+            wget https://github.com/goodwithtech/dockle/releases/download/v0.4.14/dockle_0.4.14_Linux-64bit.tar.gz
+            tar zxvf dockle_0.4.14_Linux-64bit.tar.gz
+            sudo mv dockle /usr/local/bin
+
+            dockle --exit-level fatal --format json --output ${{ matrix.workdir }}/dockle_scan_output.json ${{ steps.image_lowercase.outputs.lowercase }}:${{ env.TAG }}
+            echo " dockle exited w/ $?"
+            cat ${{ matrix.workdir }}/dockle_scan_output.json
+
+            echo "outcome=success" >> $GITHUB_OUTPUT
+
+      - name: Push Docker image to GHCR
+        run: |
+          docker push ${{ steps.image_lowercase.outputs.lowercase }}:${{ env.TAG }}
+
+      - name: Deploy with Qovery
+        if: github.ref == 'refs/heads/develop'
+        env:
+          QOVERY_CLI_ACCESS_TOKEN: ${{secrets.QOVERY_CLI_ACCESS_TOKEN }}
+        run: |
+
+          echo "Deploying on $ENVIRONMENT"
+          echo "Organization - ${{ vars.ORGANIZATION }}"
+          echo "Project - ${{ vars.PROJECT }}"
+
+          # Download and install Qovery CLI
+          curl -s https://get.qovery.com | bash
+
+          qovery container list \
+          --organization ${{ vars.ORGANIZATION }} \
+          --project ${{ vars.PROJECT }} \
+          --environment $ENVIRONMENT
+
+          qovery container deploy \
+            --organization ${{ vars.ORGANIZATION }} \
+            --project ${{ vars.PROJECT }} \
+            --environment $ENVIRONMENT \
+            --container ${{ matrix.qovery_container_name }} \
+            --tag ${{ env.TAG }} \
+            --watch