chore(ci): load passwords and make consistent (#42)

.github/workflows/.deploy.yml

@@ -53,10 +53,10 @@ jobs:
           oc_namespace: ${{ secrets.OC_NAMESPACE }}
           oc_server: ${{ vars.OC_SERVER }}
           oc_token: ${{ secrets.OC_TOKEN }}
-          overwrite: true
+          overwrite: false
           parameters:
             -p ZONE=${{ inputs.target }} -p TAG=${{ inputs.tag }}
-            -p ORACLE_USER="user" -p ORACLE_PASSWORD="password"
+            -p ORACLE_PASSWORD=${{ secrets.ORACLE_PASSWORD }}
           triggers: ('database/' 'sync/')
 
       - name: Sync

database/openshift.deploy.yml

@@ -10,31 +10,29 @@ parameters:
   - name: ZONE
     description: Deployment zone, e.g. pr-###, test or prod
     required: true
+  - name: ORACLE_PASSWORD
+    description: Oracle database password for API
+    required: true
 
   ### Recommended - suggest hard coding
   - name: APP
     description: Application/component name
     value: database
+  - name: ORACLE_USER
+    description: Oracle database username for API
+    value: proxy_fsa_spar_read_only_user
   - name: ORG
     description: GitHub organization name
     value: bcgov
   - name: REPO
     description: Repository name
     value: nr-spar-data
 
-  ### Config
-  - name: DB_PASSWORD
+  ### Usually a bad idea - not recommended
+  - name: POSTGRES_PASSWORD
     description: Password for the PostgreSQL connection user.
     from: "[a-zA-Z0-9]{16}"
     generate: expression
-  - name: ORACLE_USER
-    description: Oracle database username for API
-    required: true
-  - name: ORACLE_PASSWORD
-    description: Oracle database password for API
-    required: true
-
-  ### Usually a bad idea - not recommended
   - name: REGISTRY
     description: Container registry to import from (internal is image-registry.openshift-image-registry.svc:5000)
     value: ghcr.io
@@ -67,7 +65,7 @@ objects:
         app: ${REPO}-${ZONE}
     stringData:
       database-name: ${APP}
-      database-password: ${DB_PASSWORD}
+      database-password: ${POSTGRES_PASSWORD}
       database-user: ${APP}
   - apiVersion: v1
     kind: Secret

docker-compose.yml

@@ -17,13 +17,9 @@ x-postgres-vars: &postgres-vars
 x-python-vars: &python-vars
   PIP_NO_CACHE_DIR: "off"
   PIP_DISABLE_PIP_VERSION_CHECK: "on"
-  PIP_DEFAULT_TIMEOUT: 100
-  PYTHONDONTWRITEBYTECODE: 1
-  PYTHONUNBUFFERED: 1
-  teste: "123"
-  test_mode: 1
-  vurl: "https://knox.io.nrs.gov.bc.ca/v1/groups/data/spar/test"
-  vtoken: ${vtoken}
+  PIP_DEFAULT_TIMEOUT: "100"
+  PYTHONDONTWRITEBYTECODE: "1"
+  PYTHONUNBUFFERED: "1"
 
 services:
   database:
@@ -40,6 +36,9 @@ services:
       context: ./sync
     container_name: sync
     environment:
+      test_mode: 1
+      ORACLE_USER: ${ORACLE_USER:-proxy_fsa_spar_read_only_user}
+      ORACLE_PASSWORD: ${ORACLE_PASSWORD:-password}
       <<: [*postgres-vars, *python-vars]
     volumes:
       - ./sync:/app

sync/openshift.deploy.yml

@@ -73,19 +73,19 @@ objects:
                   env:
                     - name: test_mode
                       value: "${TEST_MODE}"
-                    - name: DB_SERVICE
+                    - name: POSTGRES_HOST
                       value: ${REPO}-${ZONE}-database
-                    - name: DB_NAME
+                    - name: POSTGRES_DATABASE
                       valueFrom:
                         secretKeyRef:
                           name: ${REPO}-${ZONE}-database
                           key: database-name
-                    - name: DB_PASSWORD
+                    - name: POSTGRES_PASSWORD
                       valueFrom:
                         secretKeyRef:
                           name: ${REPO}-${ZONE}-database
                           key: database-password
-                    - name: DB_USER
+                    - name: POSTGRES_USER
                       valueFrom:
                         secretKeyRef:
                           name: ${REPO}-${ZONE}-database