diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index da9f9399d77..5909d3e55c9 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -30,7 +30,7 @@ variables: # Specify the environment: loadtest, demo, exp DP3_ENV: &dp3_env placeholder_env - # Specify the branch to deploy + # Specify the branch to deploy TODO: this might be not needed. So far useless DP3_BRANCH: &dp3_branch placeholder_branch_name # Ignore branches for integration tests @@ -39,6 +39,14 @@ variables: CLIENT_IGNORE_BRANCH: &client_ignore_branch placeholder_branch_name SERVER_IGNORE_BRANCH: &server_ignore_branch placeholder_branch_name + #RUNNER_TAG: &runner_tag milmove + RUNNER_TAG: &runner_tag milmove + DOCKER_RUNNER_TAG: &docker_runner_tag eks_cluster_runner + + postgres: &postgres postgres:16.4 + #postgres: &postgres postgres:16.4 + redis: &redis redis:5.0.6 + stages: - pre_checks - build @@ -57,24 +65,42 @@ stages: - export REACT_APP_ERROR_LOGGING=otel .announce_failure: &announce_failure - - if [[ "$CI_COMMIT_BRANCH" == "main" && "$CI_JOB_STATUS" == "failed" ]]; then - echo "Announcing broken branch in GitLab CI" + #- if [[ "$CI_COMMIT_BRANCH" == "main" && "$CI_JOB_STATUS" == "failed" ]]; then + - echo $CI_COMMIT_BRANCH + - echo $CI_JOB_STATUS + - echo "Announcing broken branch in GitLab CI" + # fi + +.setup_tls_vars_dp3: &setup_tls_vars_dp3 + - | + if [[ "$DP3_ENV" == "exp" || "$DP3_ENV" == "loadtest" || "$DP3_ENV" == "demo" ]]; then + export ENV=$(echo ${DP3_ENV} | tr '[:lower:]' '[:upper:]'); + export TLS_CERT=$(eval echo \$${ENV^^}_DP3_CERT); + export TLS_KEY=$(eval echo \$${ENV^^}_DP3_KEY); + export TLS_CA=$(eval echo \$${ENV^^}_DP3_CA); fi .setup_aws_vars_dp3: &setup_aws_vars_dp3 - - if [[ "$DP3_ENV" == "exp" OR "$DP3_ENV" == "loadtest" OR "$DP3_ENV" == "demo" ]]; then - export AWS_DEFAULT_REGION=$(eval echo \$${DP3_ENV^^}_REGION) - export AWS_ACCOUNT_ID=$(eval echo \$${DP3_ENV^^}_ACCOUNT_ID) - export AWS_ACCESS_KEY_ID=$(eval echo \$${DP3_ENV^^}_ACCESS_KEY_ID) - export AWS_SECRET_ACCESS_KEY=$(eval echo \$${DP3_ENV^^}_SECRET_ACCESS_KEY) + - | + if [[ "$DP3_ENV" == "exp" || "$DP3_ENV" == "loadtest" || "$DP3_ENV" == "demo" ]]; then + export ENV=$(echo ${DP3_ENV} | tr '[:lower:]' '[:upper:]'); + export AWS_DEFAULT_REGION=$(eval echo \$${ENV^^}_REGION); + export AWS_ACCOUNT_ID=$(eval echo \$${ENV^^}_ACCOUNT_ID); + export AWS_ACCESS_KEY_ID=$(eval echo \$${ENV^^}_ACCESS_KEY_ID); + export AWS_SECRET_ACCESS_KEY=$(eval echo \$${ENV^^}_SECRET_ACCESS_KEY); fi -.setup_tls_vars_dp3: &setup_tls_vars_dp3 - - if [[ "$DP3_ENV" == "exp" OR "$DP3_ENV" == "loadtest" OR "$DP3_ENV" == "demo" ]]; then - export TLS_CERT=$(eval echo \$${DP3_ENV^^}_DP3_CERT) - export TLS_KEY=$(eval echo \$${DP3_ENV^^}_DP3_KEY) - export TLS_CA=$(eval echo \$${DP3_ENV^^}_DP3_CA) - fi +.setup_release_dp3: &setup_release_dp3 + - | + if [[ "$DP3_ENV" == "exp" || "$DP3_ENV" == "loadtest" || "$DP3_ENV" == "demo" ]]; then + export ENV=$(echo ${DP3_ENV} | tr '[:lower:]' '[:upper:]'); + export AWS_REGION=$(eval echo \$${ENV}_REGION); + export AWS_ACCOUNT_ID=$(eval echo \$${ENV}_ACCOUNT_ID); + export ECR_REPOSITORY_URI=$(echo ${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com) + export APP_DOCKER_FILE=Dockerfile.dp3 + export TASK_DOCKER_FILE=Dockerfile.tasks_dp3 + export APP_ENVIRONMENT=$ENV + fi .setup_aws_vars_stg: &setup_aws_vars_stg - export AWS_DEFAULT_REGION=$STG_REGION @@ -100,14 +126,6 @@ stages: - export TLS_KEY=$PRD_MOVE_MIL_DOD_TLS_KEY - export TLS_CA=$PRD_MOVE_MIL_DOD_TLS_CA -.setup_release_dp3: &setup_release_dp3 - #if demo/loadtest/exp - - export ECR_REPOSITORY_URI=$(eval echo \$${DP3_ENV^^}_ACCOUNT_ID).dkr.ecr.$(eval echo \$${DP3_ENV^^}_REGION).amazonaws.com - - export APP_DOCKER_FILE=Dockerfile.dp3 - - export TASK_DOCKER_FILE=Dockerfile.tasks_dp3 - - export APP_ENVIRONMENT=$DPS_ENV - - echo ${ECR_REPOSITORY_URI} - .setup_release_stg: &setup_release_stg #if main - export ECR_REPOSITORY_URI=${STG_ACCOUNT_ID}.dkr.ecr.${STG_REGION}.amazonaws.com @@ -115,7 +133,6 @@ stages: - export TASK_DOCKER_FILE=Dockerfile.tasks_dp3 #TODO: update demo to stg - export APP_ENVIRONMENT=demo - - echo ${ECR_REPOSITORY_URI} .setup_release_prd: &setup_release_prd #build off prd variables @@ -124,7 +141,6 @@ stages: - export TASK_DOCKER_FILE=Dockerfile.tasks_dp3 #TODO: update exp to prod - export APP_ENVIRONMENT=exp - - echo ${ECR_REPOSITORY_URI} .kaniko_before_setup: &kaniko_before_setup # prep login for kaniko @@ -141,9 +157,93 @@ stages: .check_debug: &check_debug - if: '$debug == "true"' +.check_integration_ignore_branch: &check_integration_ignore_branch + - if: '$CI_COMMIT_BRANCH == "main" || $CI_COMMIT_BRANCH == $INTEGRATION_IGNORE_BRANCH' + +.check_integration_mtls_ignore_branch: &check_integration_mtls_ignore_branch + - if: '$CI_COMMIT_BRANCH == "main" || $CI_COMMIT_BRANCH == $INTEGRATION_MTLS_IGNORE_BRANCH' + +.check_client_ignore_branch: &check_client_ignore_branch + - if: '$CI_COMMIT_BRANCH == "main" || $CI_COMMIT_BRANCH == $CLIENT_IGNORE_BRANCH' + +.check_server_ignore_branch: &check_server_ignore_branch + - if: '$CI_COMMIT_BRANCH == "main" || $CI_COMMIT_BRANCH == $SERVER_IGNORE_BRANCH' + + +.install_yarn: &install_yarn + - | + mkdir -p /builds/milmove/mymove/.cache + mkdir -p /builds/milmove/mymove/.cache/yarn + yarn install --frozen-lockfile --cache-folder /builds/milmove/mymove/.cache/yarn + scripts/check-generated-code yarn.lock + echo "yarn check dependencies" + ./scripts/rebuild-dependencies-without-binaries + +.yarn_cache: &yarn_cache + key: + files: + - yarn.lock + paths: + - .cache/yarn + +.go_cache: &go_cache + key: + files: + - go.sum + paths: + - $GOPATH/pkg/mod + - /builds/milmove/mymove/bin + +.setup_generic_app_env_variables: &setup_generic_app_env_variables + - | + export APPLICATION=app + export DB_PASSWORD=mysecretpassword + export DB_USER_LOW_PRIV=crud + export DB_PASSWORD_LOW_PRIV=mysecretpassword + export DB_USER=postgres + export DB_HOST=localhost + export DB_PORT=5432 + export MIGRATION_MANIFEST='/builds/milmove/mymove/migrations/app/migrations_manifest.txt' + export MIGRATION_PATH='file:///builds/milmove/mymove/migrations/app/schema;file:///builds/milmove/mymove/migrations/app/secure' + export EIA_KEY=db2522a43820268a41a802a16ae9fd26 + +.setup_devseed_env_variables: &setup_devseed_env_variables + - | + export DB_NAME=dev_db + export DB_NAME_DEV=dev_db + export ENVIRONMENT=development + export DOD_CA_PACKAGE=/builds/milmove/mymove/config/tls/milmove-cert-bundle.p7b + +.setup_server_env_variables: &setup_server_env_variables + - | + echo "make server_test_build for app" + export LOGIN_GOV_SECRET_KEY=$(echo $E2E_LOGIN_GOV_SECRET_KEY | base64 --decode) + export OKTA_CUST_CLIENT_ID=notrealkey + export OKTA_CUSTOMER_SECRET_KEY=notrealkey + export OKTA_OFFICE_SECRET_KEY=notrealkey1 + export OKTA_ADMIN_SECRET_KEY=notrealkey2 + export OKTA_TENANT_ORG_URL=test-milmove.okta.mil + export GOTEST_PARALLEL=8 + export DB_PORT_TEST=5433 + export DB_NAME=test_db + export DB_NAME_TEST=test_db + export DTOD_USE_MOCK='true' + export ENV=test + export ENVIRONMENT=test + export SERVER_REPORT=1 + export COVERAGE=1 + export SERVE_API_INTERNAL='true' + export OKTA_CUSTOMER_CLIENT_ID=1q2w3e4r5t6y7u8i9o + export OKTA_ADMIN_CLIENT_ID=AQ1SW2DE3FR4G5 + export OKTA_OFFICE_CLIENT_ID=9f9f9s8s90gig9 + export OKTA_API_KEY=notrealapikey8675309 + export OKTA_OFFICE_GROUP_ID=notrealgroupId + export OKTA_CUSTOMER_GROUP_ID=notrealcustomergroupId sast: stage: pre_checks + tags: + - $RUNNER_TAG include: - template: Jobs/SAST.gitlab-ci.yml - template: Jobs/Dependency-Scanning.gitlab-ci.yml @@ -151,6 +251,8 @@ include: anti_virus: stage: pre_checks + tags: + - $RUNNER_TAG image: milmove/clamav-ci # Custom image with ClamAV pre-installed script: - pwd @@ -176,13 +278,33 @@ anti_virus: rules: - *check_main +# Prep the public folder for frontend dependency serving +# This is needed for things like pdfjs-dist +prep_server_hosted_client_deps: + stage: pre_checks + tags: + - $RUNNER_TAG + image: $DOCKER_APP_IMAGE + before_script: + - *setup_milmove_env + script: | + echo "Running prep_server_hosted_client_deps" + ./scripts/fetch-react-file-viewer-from-yarn + after_script: + - *announce_failure + artifacts: + paths: + - /builds/milmove/mymove/public + pre_deps_golang: stage: pre_checks + tags: + - $RUNNER_TAG image: $DOCKER_APP_IMAGE before_script: - *setup_milmove_env variables: - KUBERNETES_CPU_REQUEST: "2" + KUBERNETES_CPU_REQUEST: "4" KUBERNETES_MEMORY_REQUEST: "4Gi" KUBERNETES_MEMORY_LIMIT: "4Gi" script: @@ -191,10 +313,12 @@ pre_deps_golang: - make bin/swagger after_script: - *announce_failure + cache: + - <<: *go_cache artifacts: paths: - - bin/ - - swagger/ + - /builds/milmove/mymove/bin/ + - /builds/milmove/mymove/swagger/ #TODO: Optimization potential # cache: # key: "$CI_COMMIT_REF_SLUG-go" @@ -205,23 +329,17 @@ pre_deps_golang: pre_deps_yarn: stage: pre_checks + tags: + - $RUNNER_TAG image: $DOCKER_APP_IMAGE - needs: - - pre_deps_golang before_script: - *setup_milmove_env script: - - pwd - - ls bin - - yarn config set "strict-ssl" false - - yarn install --frozen-lockfile --cache-folder ~/.cache/yarn - - scripts/check-generated-code yarn.lock - - echo "Temporarily skipping yarn installation and code checks." - artifacts: - paths: - - ~/.cache/yarn + - *install_yarn + cache: + - <<: *yarn_cache after_script: - - *announce_failure + - *announce_failure check_generated_code: stage: pre_checks @@ -241,6 +359,8 @@ check_generated_code: check_tls_certificate_dp3: stage: pre_checks + tags: + - $RUNNER_TAG image: $DOCKER_APP_IMAGE # Replace with your appropriate Docker image. before_script: - *setup_aws_vars_dp3 @@ -263,7 +383,9 @@ check_tls_certificate_dp3: check_tls_certificate_stg: stage: pre_checks - image: $DOCKER_APP_IMAGE # This can reB-18585-gitlab-pipeline-work unchanged, or you can use a lightweight image since no real work is done. + tags: + - $RUNNER_TAG + image: $DOCKER_APP_IMAGE before_script: - *setup_aws_vars_stg - *setup_tls_vars_stg @@ -275,6 +397,8 @@ check_tls_certificate_stg: check_tls_certificate_prd: stage: pre_checks + tags: + - $RUNNER_TAG image: $DOCKER_APP_IMAGE before_script: - *setup_tls_vars_prd @@ -285,28 +409,79 @@ check_tls_certificate_prd: after_script: - *announce_failure +build_storybook: + stage: build + tags: + - $RUNNER_TAG + image: $DOCKER_APP_IMAGE + variables: + KUBERNETES_CPU_REQUEST: "4" + KUBERNETES_MEMORY_REQUEST: "8Gi" + KUBERNETES_MEMORY_LIMIT: "8Gi" + needs: + - pre_deps_yarn + - anti_virus + cache: + - <<: *yarn_cache + before_script: + - *setup_milmove_env + - *install_yarn + script: + - yarn build-storybook + after_script: + - *announce_failure + artifacts: + paths: + - /builds/milmove/mymove/storybook-static + rules: + - *check_main + +deploy_storybook_dp3: + stage: deploy + tags: + - $RUNNER_TAG + image: $DOCKER_APP_IMAGE + needs: + - pre_deps_yarn + - build_storybook + before_script: + - *setup_milmove_env + script: + - echo "TODO Add steps" + - echo "deploy_storybook_dp3" + after_script: + - *announce_failure + artifacts: + paths: + - /builds/milmove/mymove/storybook-static + rules: + - *check_main + compile_app_client: stage: build + tags: + - $RUNNER_TAG image: $DOCKER_APP_IMAGE + cache: + - <<: *yarn_cache variables: - KUBERNETES_CPU_REQUEST: "2" + KUBERNETES_CPU_REQUEST: "6" KUBERNETES_MEMORY_REQUEST: "8Gi" KUBERNETES_MEMORY_LIMIT: "8Gi" - before_script: *setup_milmove_env + before_script: + - *setup_milmove_env + - *install_yarn needs: - pre_deps_yarn script: - make client_build - - echo "Skipping actual build steps." artifacts: paths: - - ~/.cache/yarn - /builds/milmove/mymove/bin - /builds/milmove/mymove/build - playwright - playwright.config.js - package.json - - yarn.lock - eslint-plugin-ato expire_in: 1 week after_script: @@ -315,15 +490,22 @@ compile_app_client: compile_app_server: stage: build + tags: + - $RUNNER_TAG image: $DOCKER_APP_IMAGE + cache: + - <<: *go_cache + - <<: *yarn_cache variables: - KUBERNETES_CPU_REQUEST: "2" - KUBERNETES_MEMORY_REQUEST: "4Gi" - KUBERNETES_MEMORY_LIMIT: "4Gi" + KUBERNETES_CPU_REQUEST: "6" + KUBERNETES_MEMORY_REQUEST: "6Gi" + KUBERNETES_MEMORY_LIMIT: "8Gi" needs: - pre_deps_golang - pre_deps_yarn - before_script: *setup_milmove_env + before_script: + - *setup_milmove_env + - *install_yarn script: - make -j 4 server_build build_tools - echo "Skipping server and tools compilation." @@ -347,8 +529,621 @@ compile_app_server: after_script: - *announce_failure + +##################################### +## Test stages various conditions ## +##################################### + +pre_test: + stage: test + tags: + - $RUNNER_TAG + image: $DOCKER_APP_IMAGE + cache: + - <<: *go_cache + - <<: *yarn_cache + needs: + - pre_deps_golang + - pre_deps_yarn + - check_tls_certificate_stg + - check_tls_certificate_prd + variables: + KUBERNETES_CPU_REQUEST: "4" + KUBERNETES_MEMORY_REQUEST: "6Gi" + KUBERNETES_MEMORY_LIMIT: "6Gi" + before_script: *setup_milmove_env + script: + - export GODEBUG=asyncpreemptoff=1 + - echo "Save Baseline Spectral Lint" + - | + [ -d ~/transcom/mymove/spectral ] && cp -r ~/transcom/mymove/spectral /tmp/spectral_baseline || echo "Skipping saving baseline" + - rm -rf ~/transcom/mymove/spectral + - *install_yarn + - echo "Run pre-commit tests without golangci-lint, eslint, or prettier" + - SKIP=golangci-lint,eslint,prettier,ato-go-linter,gomod,appcontext-linter pre-commit run --all-files + - | + echo "Run pre-commit tests with ato-go-linter only" + pre-commit run -v --all-files ato-go-linter + - | + echo "Run pre-commit tests with gomod only" + pre-commit run -v --all-files gomod,appcontext-linter + - | + echo "Run pre-commit tests with appcontext-linter only" + pre-commit run -v --all-files appcontext-linter + - echo "Run pre-commit tests with golangci-lint only" + - | + echo 'export GOLANGCI_LINT_CONCURRENCY=4' >> $BASH_ENV + echo 'export GOLANGCI_LINT_VERBOSE=-v' >> $BASH_ENV + source $BASH_ENV + mkdir -p tmp/test-results/pretest + pre-commit run -v --all-files golangci-lint | tee tmp/test-results/pretest/golangci-lint.out + - echo "Run prettier, eslint, danger checks" + - yarn prettier-ci + - yarn lint + - yarn danger ci --failOnErrors + - echo "Run spectral linter on all files" + - ./scripts/ensure-spectral-lint /tmp/spectral_baseline spectral + - ./scripts/pre-commit-go-mod || exit 0 + after_script: + - *announce_failure + rules: + - *check_server_ignore_branch + +server_test: + stage: test + tags: + - $DOCKER_RUNNER_TAG + image: $DOCKER_APP_IMAGE + needs: + - pre_deps_golang + before_script: + - *setup_milmove_env + - *setup_generic_app_env_variables + - *setup_server_env_variables + services: + - name: docker:dind + alias: docker + - name: $postgres + - name: $redis + variables: + DOCKER_HOST: "tcp://docker-backend.gitlab-runner.svc.cluster.local:2375" + DOCKER_TLS_CERTDIR: "" + APPLICATION: app + # 8 since this runs on xlarge with 8 CPUs + GOTEST_PARALLEL: 8 + DB_PASSWORD: mysecretpassword + DB_USER_LOW_PRIV: crud + DB_PASSWORD_LOW_PRIV: mysecretpassword + DB_USER: postgres + DB_HOST: localhost + DB_PORT_TEST: 5433 + DB_PORT: 5432 + DB_NAME: test_db + DB_NAME_TEST: test_db + DTOD_USE_MOCK: 'true' + MIGRATION_MANIFEST: '/builds/milmove/mymove/migrations/app/migrations_manifest.txt' + MIGRATION_PATH: 'file:///builds/milmove/mymove/migrations/app/schema;file:///builds/milmove/mymove/migrations/app/secure' + EIA_KEY: db2522a43820268a41a802a16ae9fd26 # dummy key generated with openssl rand -hex 16 + ENV: test + ENVIRONMENT: test + SERVER_REPORT: 1 + COVERAGE: 1 + SERVE_API_INTERNAL: 'true' + OKTA_CUSTOMER_CLIENT_ID: 1q2w3e4r5t6y7u8i9o + OKTA_ADMIN_CLIENT_ID: AQ1SW2DE3FR4G5 + OKTA_OFFICE_CLIENT_ID: 9f9f9s8s90gig9 + OKTA_API_KEY: notrealapikey8675309 + OKTA_OFFICE_GROUP_ID: notrealgroupId + OKTA_CUSTOMER_GROUP_ID: notrealcustomergroupId + script: + - psql --version + - for i in $(seq 1 5); do go mod download && break || s=$? && sleep 5; done; (exit $s) + - scripts/check-generated-code go.sum + - make bin/swagger + - echo "server test -- TODO Add steps need to potentially pass job id to file and persist" + - make -j 2 bin/milmove bin/gotestsum + - make server_test for app + # - go install gotest.tools/gotestsum@latest + # - go mod tidy + #- bin/gotestsum --junitfile server_test_report.xml --format server_test + artifacts: + paths: + - /builds/milmove/mymove/bin/gotestsum + - /builds/milmove/mymove/tmp/test-results + when: always + reports: + junit: /builds/milmove/mymove/tmp/test-results/gotest/app/go-test-report.xml + after_script: + - *announce_failure + rules: + - *check_server_ignore_branch + +server_test_coverage: + stage: test + tags: + - $RUNNER_TAG + image: $DOCKER_APP_IMAGE + needs: + - pre_deps_golang + - server_test + before_script: *setup_milmove_env + script: + - echo "TODO understand recording stats and PR interaction" + - echo "server test coverage" + - | + echo "Ensure Test Coverage Increasing" + ./scripts/ensure-go-test-coverage \ + tmp/baseline-go-coverage/go-coverage.txt \ + tmp/test-results/gotest/app/go-coverage.txt + after_script: + - *announce_failure + rules: + - *check_server_ignore_branch + ###may need to rethink the logic and intent of this they save per the following and do some PR interaction + # only save the cache on default branch builds because we only want to + # change the baseline of test results on main builds + # + # Save the new baseline regardless of if the coverage succeeds + # or fails as a merge to main means we have a new baseline. We + # will use other means to measure if our coverage is increasing + +client_test: + stage: test + tags: + - $RUNNER_TAG + image: $DOCKER_APP_IMAGE + variables: + KUBERNETES_CPU_REQUEST: "4" + KUBERNETES_MEMORY_REQUEST: "8Gi" + KUBERNETES_MEMORY_LIMIT: "8Gi" + needs: + - pre_deps_yarn + cache: + - <<: *yarn_cache + before_script: + - *setup_milmove_env + - *install_yarn + coverage: /All files[^|]*\|[^|]*\s+([\d\.]+)/ + dependencies: + - pre_deps_yarn + script: + - echo "client test coverage" + - JEST_JUNIT_OUTPUT_DIR=jest-junit-reports yarn test:coverage -results=false >> $CI_PROJECT_DIR/coverage.output + artifacts: + when: always + reports: + junit: + - jest-junit-reports/junit.xml + paths: + - /builds/milmove/mymove/coverage + - /builds/milmove/mymove/jest-junit-reports + after_script: + - *announce_failure + rules: + - *check_client_ignore_branch + +client_test_coverage: + stage: test + tags: + - $RUNNER_TAG + image: $DOCKER_APP_IMAGE + needs: + - pre_deps_yarn + - client_test + before_script: *setup_milmove_env + # TODO: need to add cache for max coverage increase similar to this + # https://stackoverflow.com/questions/54542922/force-coverage-increase-in-gitlab-prs + script: + - echo "TODO understand recording stats and PR interaction" + - | + echo "Ensure Test Coverage Increasing" + ./scripts/ensure-js-test-coverage \ + tmp/baseline-jest-coverage/clover.xml \ + coverage/clover.xml + after_script: + - *announce_failure + rules: + - *check_client_ignore_branch + +integration_test_devseed: + stage: test + tags: + - $DOCKER_RUNNER_TAG + image: $DOCKER_APP_IMAGE + services: + - name: docker:dind + alias: docker + - name: $postgres + - name: $redis + variables: + DOCKER_HOST: "tcp://docker-backend.gitlab-runner.svc.cluster.local:2375" + DOCKER_TLS_CERTDIR: "" + APPLICATION: app + DB_PASSWORD: mysecretpassword + DB_USER_LOW_PRIV: crud + DB_PASSWORD_LOW_PRIV: mysecretpassword + DB_USER: postgres + DB_HOST: localhost + DB_PORT: 5432 + DB_NAME: dev_db + DB_NAME_DEV: dev_db + MIGRATION_MANIFEST: '/builds/milmove/mymove/migrations/app/migrations_manifest.txt' + MIGRATION_PATH: 'file:///builds/milmove/mymove/migrations/app/schema;file:///builds/milmove/mymove/migrations/app/secure' + EIA_KEY: db2522a43820268a41a802a16ae9fd26 # dummy key generated with openssl rand -hex 16 + ENVIRONMENT: development + DOD_CA_PACKAGE: /builds/milmove/mymove/config/tls/milmove-cert-bundle.p7b + POSTGRES_PASSWORD: mysecretpassword + POSTGRES_DB: test_db + needs: + - pre_deps_golang + - prep_server_hosted_client_deps + before_script: + - *setup_milmove_env + - *setup_generic_app_env_variables + - *setup_devseed_env_variables + script: + - echo "integration_test_devseed" + - | + export MOVE_MIL_DOD_CA_CERT=$(cat config/tls/devlocal-ca.pem) + export MOVE_MIL_DOD_TLS_CERT=$(cat config/tls/devlocal-https.pem) + export MOVE_MIL_DOD_TLS_KEY=$(cat config/tls/devlocal-https.key) + - make db_dev_fresh + after_script: + - *announce_failure + rules: + - *check_integration_ignore_branch + +integration_tests: + stage: test + tags: + - $RUNNER_TAG + image: $DOCKER_APP_IMAGE + needs: + - pre_deps_yarn + - pre_deps_golang + - compile_app_client + - compile_app_server + - integration_test_my + - integration_test_office + - integration_test_admin + - integration_test_devseed + before_script: *setup_milmove_env + script: + - echo "TODO Add steps" + - echo "integration_tests" + after_script: + - *announce_failure + rules: + - *check_integration_ignore_branch + +integration_test_mtls: + stage: test + tags: + - $RUNNER_TAG + image: $DOCKER_APP_IMAGE + needs: + - pre_deps_yarn + - compile_app_server + before_script: *setup_milmove_env + script: + - echo "TODO Add steps" + - echo "integration_test_mtls" + after_script: + - *announce_failure + rules: + - *check_integration_mtls_ignore_branch + +integration_test_admin: + stage: test + tags: + - $RUNNER_TAG + image: $DOCKER_APP_IMAGE + needs: + - pre_deps_yarn + - pre_deps_golang + - compile_app_client + - compile_app_server + before_script: *setup_milmove_env + script: + - echo "TODO Add steps" + - echo "integration_test_admin" + after_script: + - *announce_failure + rules: + - *check_integration_ignore_branch + +integration_test_my: + stage: test + tags: + - $RUNNER_TAG + image: $DOCKER_APP_IMAGE + needs: + - pre_deps_yarn + - pre_deps_golang + - compile_app_client + - compile_app_server + before_script: *setup_milmove_env + script: + - echo "TODO Add steps" + - echo "integration_test_my" + after_script: + - *announce_failure + rules: + - *check_integration_ignore_branch + +integration_test_office: + stage: test + tags: + - $RUNNER_TAG + image: $DOCKER_APP_IMAGE + needs: + - pre_deps_yarn + - pre_deps_golang + - compile_app_client + - compile_app_server + before_script: *setup_milmove_env + script: + - echo "TODO Add steps" + - echo "integration_test_office" + after_script: + - *announce_failure + rules: + - *check_integration_ignore_branch + + +############################################################### +## DP3 Env push and deploy stages all off of setting dp3 env ## +############################################################### +build_push_app_dp3: + stage: push + tags: + - $RUNNER_TAG + environment: DP3_ENV + image: + name: gcr.io/kaniko-project/executor:v1.14.0-debug + entrypoint: [""] + needs: + - compile_app_client + - compile_app_server + before_script: + - *setup_aws_vars_dp3 + - *setup_release_dp3 + - *kaniko_before_setup + script: + - echo "Building and Pushing app Docker image..." + - /kaniko/executor --context "${CI_PROJECT_DIR}/" --dockerfile "${CI_PROJECT_DIR}/${APP_DOCKER_FILE}" --destination "${ECR_REPOSITORY_URI}/app:$CI_COMMIT_SHORT_SHA" + after_script: + - *announce_failure + rules: + - *check_dp3 + +build_push_migrations_dp3: + stage: push + tags: + - $RUNNER_TAG + environment: DP3_ENV + image: + name: gcr.io/kaniko-project/executor:v1.14.0-debug + entrypoint: [""] + needs: + - compile_app_server + - compile_app_client + before_script: + - *setup_aws_vars_dp3 + - *setup_release_dp3 + - *kaniko_before_setup + script: + - echo "Building and Pushing migrations Docker image..." + - /kaniko/executor --context "${CI_PROJECT_DIR}/" --dockerfile "${CI_PROJECT_DIR}/Dockerfile.migrations" --destination "${ECR_REPOSITORY_URI}/app-migrations:$CI_COMMIT_SHORT_SHA" + after_script: + - *announce_failure + rules: + - *check_dp3 + +build_push_tasks_dp3: + stage: push + tags: + - $RUNNER_TAG + environment: DP3_ENV + image: + name: gcr.io/kaniko-project/executor:v1.14.0-debug + entrypoint: [""] + needs: + - compile_app_server + - compile_app_client + before_script: + - *setup_aws_vars_dp3 + - *setup_release_dp3 + - *kaniko_before_setup + script: + - echo "Building tasks Docker image..." + - /kaniko/executor --context "${CI_PROJECT_DIR}/" --dockerfile "${CI_PROJECT_DIR}/${TASK_DOCKER_FILE}" --destination "${ECR_REPOSITORY_URI}/app-tasks:$CI_COMMIT_SHORT_SHA" + after_script: + - *announce_failure + rules: + - *check_dp3 + +push_otel_collector_image_dp3: + stage: push + tags: + - $RUNNER_TAG + environment: DP3_ENV + image: + name: $DOCKER_BASE_IMAGE + entrypoint: [""] + needs: + - compile_app_server + - compile_app_client + script: + - echo "Logging in to Amazon ECR with Crane..." + - aws ecr get-login-password --region us-gov-west-1 | crane auth login ${ECR_REPOSITORY_URI} -u AWS --password-stdin + + - echo "Pulling the AWS OTel Collector image from the public registry with Crane..." + - crane pull --insecure public.ecr.aws/aws-observability/aws-otel-collector:v0.31.0 image.tar + + - echo "Pushing the image to our private ECR using Crane..." + - crane push --insecure image.tar ${ECR_REPOSITORY_URI}/otel-collector:${CI_COMMIT_SHORT_SHA} + + - echo "Cleaning up the temporary image file..." + - rm image.tar + allow_failure: false + after_script: + - *announce_failure + rules: + - *check_dp3 + +deploy_migrations_dp3: + stage: deploy + tags: + - $RUNNER_TAG + environment: DP3_ENV + image: + name: $DOCKER_APP_IMAGE + entrypoint: [""] + needs: + - build_push_migrations_dp3 + - compile_app_server + - compile_app_client + before_script: + - *setup_aws_vars_dp3 + - *setup_release_dp3 + script: + # Step 1: Get the Digest + - echo "Getting Digest from AWS" + - export ECR_DIGEST=$(aws ecr describe-images --repository-name app-migrations --image-ids imageTag=$CI_COMMIT_SHORT_SHA --query 'imageDetails[0].imageDigest' --output text) + # Step 2: Ensure exclusive execution and Snapshot + - echo "Snapshotting database" + - ./scripts/rds-snapshot-app-db "$APP_ENVIRONMENT" + # Step 3: Run migrations + - echo "Running migrations" + - ./scripts/ecs-run-app-migrations-container "${ECR_REPOSITORY_URI}/app-migrations@${ECR_DIGEST}" "${APP_ENVIRONMENT}" + after_script: + - *announce_failure + rules: + - *check_dp3 + +deploy_tasks_dp3: + stage: deploy + tags: + - $RUNNER_TAG + image: + name: $DOCKER_APP_IMAGE + entrypoint: [""] + needs: + - build_push_tasks_dp3 + - compile_app_server + - compile_app_client + before_script: + - *setup_release_dp3 + script: + - echo "Getting Digest from AWS" + - export ECR_DIGEST=$(aws ecr describe-images --repository-name app-tasks --image-ids imageTag=$CI_COMMIT_SHORT_SHA --query 'imageDetails[0].imageDigest' --output text) + - echo "Deploying GHC fuel price data task service" + - ./scripts/ecs-deploy-task-container save-ghc-fuel-price-data "${ECR_REPOSITORY_URI}/app-tasks@${ECR_DIGEST}" "${APP_ENVIRONMENT}" + - echo "Deploying payment reminder email task service" + - ./scripts/ecs-deploy-task-container send-payment-reminder "${ECR_REPOSITORY_URI}/app-tasks@${ECR_DIGEST}" "${APP_ENVIRONMENT}" + after_script: + - *announce_failure + rules: + - *check_dp3 + +deploy_app_client_tls_dp3: + stage: deploy + tags: + - $RUNNER_TAG + environment: DP3_ENV + image: + name: $DOCKER_APP_IMAGE + entrypoint: [""] + needs: + - deploy_migrations_dp3 + - push_otel_collector_image_dp3 + - compile_app_server + - compile_app_client + variables: + OPEN_TELEMETRY_SIDECAR: "true" + HEALTH_CHECK: "true" + before_script: + - *setup_aws_vars_dp3 + - *setup_release_dp3 + script: + # - echo "Comparing against deployed commit" + # - ./scripts/compare-deployed-commit "" $CI_COMMIT_SHA ${TLS_KEY} ${TLS_CERT} ${TLS_CA} + - echo "Getting Digest from AWS" + - export ECR_DIGEST=$(aws ecr describe-images --repository-name app --image-ids imageTag=$CI_COMMIT_SHORT_SHA --query 'imageDetails[0].imageDigest' --output text) + - echo "Getting otel collector Digest from AWS" + - export OTEL_ECR_DIGEST=$(aws ecr describe-images --repository-name otel-collector --image-ids imageTag=$CI_COMMIT_SHORT_SHA --query 'imageDetails[0].imageDigest' --output text) + - export OTEL_COLLECTOR_IMAGE="${ECR_REPOSITORY_URI}/otel-collector@${OTEL_ECR_DIGEST}" + - echo "Deploying app-client-tls service" + - ./scripts/ecs-deploy-service-container app-client-tls "${ECR_REPOSITORY_URI}/app@${ECR_DIGEST}" "${APP_ENVIRONMENT}" "/bin/milmove serve" + - echo "Running Health Check" + # - bin/health-checker --schemes https --hosts api.demo.dp3.us --key ${TLS_KEY} --cert ${TLS_CERT} --ca ${TLS_CA} --tries 10 --backoff 3 --log-level info --timeout 5m + # - echo "Running TLS Check" + # - bin/tls-checker --schemes https --hosts api.demo.dp3.us --key ${TLS_KEY} --cert ${TLS_CERT} --ca ${TLS_CA} --log-level info --timeout 15m + # - echo "Checking deployed commits" + # - ./scripts/check-deployed-commit "api.demo.dp3.us" "$CI_COMMIT_SHA" ${TLS_KEY} ${TLS_CERT} ${TLS_CA} + after_script: + - *announce_failure + rules: + - *check_dp3 + +deploy_app_dp3: + stage: deploy + tags: + - $RUNNER_TAG + environment: DP3_ENV + image: + name: $DOCKER_APP_IMAGE + entrypoint: [""] + needs: + - build_push_app_dp3 + - deploy_migrations_dp3 + - compile_app_server + - compile_app_client + variables: + OPEN_TELEMETRY_SIDECAR: "true" + HEALTH_CHECK: "true" + before_script: + - *setup_aws_vars_dp3 + - *setup_release_dp3 + script: + - echo "Comparing against deployed commit" + # - ./scripts/compare-deployed-commit "" "$CI_COMMIT_SHA" "$TLS_KEY" "$TLS_CERT" "$TLS_CA" + - echo "Creating .go-version file if not already present" + - | + if [ -f ".go-version" ]; then + echo ".go-version already exists, no need to re-create" + else + GO_VERSION=$(awk '/golang/ { print $2 }' .tool-versions) + echo "Creating .go-version using version ${GO_VERSION}" + echo $GO_VERSION > .go-version + fi + - echo "Getting Digest from AWS" + - export ECR_DIGEST=$(aws ecr describe-images --repository-name app --image-ids imageTag=$CI_COMMIT_SHORT_SHA --query 'imageDetails[0].imageDigest' --output text) + - echo "Getting otel collector digest from AWS" + - export OTEL_ECR_DIGEST=$(aws ecr describe-images --repository-name otel-collector --image-ids imageTag=$CI_COMMIT_SHORT_SHA --query 'imageDetails[0].imageDigest' --output text) + - export OTEL_COLLECTOR_IMAGE="${ECR_REPOSITORY_URI}/otel-collector@${OTEL_ECR_DIGEST}" + - echo "Deploying app service" + - ./scripts/ecs-deploy-service-container app "${ECR_REPOSITORY_URI}/app@${ECR_DIGEST}" "${APP_ENVIRONMENT}" "/bin/milmove serve" + - echo "Running Health Check" + # - bin/health-checker --schemes https --hosts my.demo.dp3.us,office.demo.dp3.us,admin.demo.dp3.us --tries 10 --backoff 3 --log-level info --timeout 5m + # - echo "Running TLS Check" + # - bin/tls-checker --schemes https --hosts my.demo.dp3.us,office.demo.dp3.us,admin.demo.dp3.us --log-level info --timeout 15m + # - echo "Checking deployed commits" + - ./scripts/check-deployed-commit "my.demo.dp3.us,office.demo.dp3.us,admin.demo.dp3.us" "$CI_COMMIT_SHA" + after_script: + - *announce_failure + rules: + - *check_dp3 + +######################################################## +## STG push and deploy stages all off of main only ## +######################################################## + build_push_app_stg: stage: push + tags: + - $RUNNER_TAG environment: stg image: name: gcr.io/kaniko-project/executor:v1.14.0-debug @@ -370,6 +1165,8 @@ build_push_app_stg: build_push_migrations_stg: stage: push + tags: + - $RUNNER_TAG environment: stg image: name: gcr.io/kaniko-project/executor:v1.14.0-debug @@ -391,6 +1188,8 @@ build_push_migrations_stg: build_push_tasks_stg: stage: push + tags: + - $RUNNER_TAG environment: stg image: name: gcr.io/kaniko-project/executor:v1.14.0-debug @@ -412,6 +1211,8 @@ build_push_tasks_stg: push_otel_collector_image_stg: stage: push + tags: + - $RUNNER_TAG environment: stg image: name: $DOCKER_BASE_IMAGE @@ -442,6 +1243,8 @@ push_otel_collector_image_stg: deploy_migrations_stg: stage: deploy + tags: + - $RUNNER_TAG environment: stg image: name: $DOCKER_APP_IMAGE @@ -470,6 +1273,8 @@ deploy_migrations_stg: deploy_tasks_stg: stage: deploy + tags: + - $RUNNER_TAG environment: stg image: name: $DOCKER_APP_IMAGE @@ -533,6 +1338,8 @@ deploy_app_client_tls_stg: deploy_app_stg: stage: deploy + tags: + - $RUNNER_TAG environment: stg image: name: $DOCKER_APP_IMAGE @@ -578,12 +1385,14 @@ deploy_app_stg: rules: - *check_main +############################################################################## +## PROD push and deploy stages all dependent on prod_approval manual stage ## +############################################################################## prod_approval: stage: prod_approval + tags: + - $RUNNER_TAG environment: prd_approval - image: - name: gcr.io/kaniko-project/executor:v1.14.0-debug - entrypoint: [""] needs: - compile_app_client - compile_app_server @@ -620,6 +1429,8 @@ build_push_app_prd: build_push_migrations_prd: stage: push_prd + tags: + - $RUNNER_TAG environment: prd image: name: gcr.io/kaniko-project/executor:v1.14.0-debug @@ -638,11 +1449,13 @@ build_push_migrations_prd: after_script: - *announce_failure rules: - - if: '$CI_COMMIT_BRANCH == "main"' + - *check_main build_push_tasks_prd: stage: push_prd environment: prd + tags: + - $RUNNER_TAG image: name: gcr.io/kaniko-project/executor:v1.14.0-debug entrypoint: [""] @@ -664,6 +1477,8 @@ build_push_tasks_prd: push_otel_collector_image_prd: stage: push_prd + tags: + - $RUNNER_TAG environment: prd image: name: $DOCKER_BASE_IMAGE @@ -691,11 +1506,13 @@ push_otel_collector_image_prd: after_script: - *announce_failure rules: - - if: '$CI_COMMIT_BRANCH == "main"' + - *check_main deploy_migrations_prd: stage: deploy_prd environment: prd + tags: + - $RUNNER_TAG image: name: $DOCKER_APP_IMAGE entrypoint: [""] @@ -724,6 +1541,8 @@ deploy_migrations_prd: deploy_tasks_prd: stage: deploy_prd environment: prd + tags: + - $RUNNER_TAG image: name: $DOCKER_APP_IMAGE entrypoint: [""] @@ -749,6 +1568,8 @@ deploy_tasks_prd: deploy_app_client_tls_prd: stage: deploy_prd environment: prd + tags: + - $RUNNER_TAG image: name: $DOCKER_APP_IMAGE entrypoint: [""] @@ -786,6 +1607,8 @@ deploy_app_client_tls_prd: deploy_app_prd: stage: deploy_prd + tags: + - $RUNNER_TAG environment: prd image: name: $DOCKER_APP_IMAGE @@ -829,231 +1652,4 @@ deploy_app_prd: after_script: - *announce_failure rules: - - *check_main - - -build_push_app_dp3: - stage: push - environment: DP3_ENV - image: - name: gcr.io/kaniko-project/executor:v1.14.0-debug - entrypoint: [""] - needs: - - compile_app_client - - compile_app_server - before_script: - - *setup_aws_vars_dp3 - - *setup_release_dp3 - - *kaniko_before_setup - script: - - echo "Building and Pushing app Docker image..." - - /kaniko/executor --context "${CI_PROJECT_DIR}/" --dockerfile "${CI_PROJECT_DIR}/${APP_DOCKER_FILE}" --destination "${ECR_REPOSITORY_URI}/app:$CI_COMMIT_SHORT_SHA" - after_script: - - *announce_failure - rules: - - *check_dp3 - -build_push_migrations_dp3: - stage: push - environment: DP3_ENV - image: - name: gcr.io/kaniko-project/executor:v1.14.0-debug - entrypoint: [""] - needs: - - compile_app_server - - compile_app_client - before_script: - - *setup_aws_vars_dp3 - - *setup_release_dp3 - - *kaniko_before_setup - script: - - echo "Building and Pushing migrations Docker image..." - - /kaniko/executor --context "${CI_PROJECT_DIR}/" --dockerfile "${CI_PROJECT_DIR}/Dockerfile.migrations" --destination "${ECR_REPOSITORY_URI}/app-migrations:$CI_COMMIT_SHORT_SHA" - after_script: - - *announce_failure - rules: - - *check_dp3 - -build_push_tasks_dp3: - stage: push - environment: DP3_ENV - image: - name: gcr.io/kaniko-project/executor:v1.14.0-debug - entrypoint: [""] - needs: - - compile_app_server - - compile_app_client - before_script: - - *setup_aws_vars_dp3 - - *setup_release_dp3 - - *kaniko_before_setup - script: - - echo "Building tasks Docker image..." - - /kaniko/executor --context "${CI_PROJECT_DIR}/" --dockerfile "${CI_PROJECT_DIR}/${TASK_DOCKER_FILE}" --destination "${ECR_REPOSITORY_URI}/app-tasks:$CI_COMMIT_SHORT_SHA" - after_script: - - *announce_failure - rules: - - *check_dp3 - -push_otel_collector_image_dp3: - stage: push - environment: DP3_ENV - image: - name: $DOCKER_BASE_IMAGE - entrypoint: [""] - needs: - - compile_app_server - - compile_app_client - script: - - echo "Logging in to Amazon ECR with Crane..." - - aws ecr get-login-password --region us-gov-west-1 | crane auth login ${ECR_REPOSITORY_URI} -u AWS --password-stdin - - - echo "Pulling the AWS OTel Collector image from the public registry with Crane..." - - crane pull --insecure public.ecr.aws/aws-observability/aws-otel-collector:v0.31.0 image.tar - - - echo "Pushing the image to our private ECR using Crane..." - - crane push --insecure image.tar ${ECR_REPOSITORY_URI}/otel-collector:${CI_COMMIT_SHORT_SHA} - - - echo "Cleaning up the temporary image file..." - - rm image.tar - allow_failure: false - after_script: - - *announce_failure - rules: - - *check_dp3 - -deploy_migrations_dp3: - stage: deploy - environment: DP3_ENV - image: - name: $DOCKER_APP_IMAGE - entrypoint: [""] - needs: - - build_push_migrations_dp3 - - compile_app_server - - compile_app_client - before_script: - - *setup_aws_vars_dp3 - - *setup_release_dp3 - script: - # Step 1: Get the Digest - - echo "Getting Digest from AWS" - - export ECR_DIGEST=$(aws ecr describe-images --repository-name app-migrations --image-ids imageTag=$CI_COMMIT_SHORT_SHA --query 'imageDetails[0].imageDigest' --output text) - # Step 2: Ensure exclusive execution and Snapshot - - echo "Snapshotting database" - - ./scripts/rds-snapshot-app-db "$APP_ENVIRONMENT" - # Step 3: Run migrations - - echo "Running migrations" - - ./scripts/ecs-run-app-migrations-container "${ECR_REPOSITORY_URI}/app-migrations@${ECR_DIGEST}" "${APP_ENVIRONMENT}" - after_script: - - *announce_failure - rules: - - *check_dp3 - -deploy_tasks_dp3: - stage: deploy - image: - name: $DOCKER_APP_IMAGE - entrypoint: [""] - needs: - - build_push_tasks_dp3 - - compile_app_server - - compile_app_client - before_script: - - *setup_release_dp3 - script: - - echo "Getting Digest from AWS" - - export ECR_DIGEST=$(aws ecr describe-images --repository-name app-tasks --image-ids imageTag=$CI_COMMIT_SHORT_SHA --query 'imageDetails[0].imageDigest' --output text) - - echo "Deploying GHC fuel price data task service" - - ./scripts/ecs-deploy-task-container save-ghc-fuel-price-data "${ECR_REPOSITORY_URI}/app-tasks@${ECR_DIGEST}" "${APP_ENVIRONMENT}" - - echo "Deploying payment reminder email task service" - - ./scripts/ecs-deploy-task-container send-payment-reminder "${ECR_REPOSITORY_URI}/app-tasks@${ECR_DIGEST}" "${APP_ENVIRONMENT}" - after_script: - - *announce_failure - rules: - - *check_dp3 - -deploy_app_client_tls_dp3: - stage: deploy - environment: DP3_ENV - image: - name: $DOCKER_APP_IMAGE - entrypoint: [""] - needs: - - deploy_migrations_dp3 - - push_otel_collector_image_dp3 - - compile_app_server - - compile_app_client - variables: - OPEN_TELEMETRY_SIDECAR: "true" - HEALTH_CHECK: "true" - before_script: - - *setup_aws_vars_dp3 - - *setup_release_dp3 - script: - # - echo "Comparing against deployed commit" - # - ./scripts/compare-deployed-commit "" $CI_COMMIT_SHA ${TLS_KEY} ${TLS_CERT} ${TLS_CA} - - echo "Getting Digest from AWS" - - export ECR_DIGEST=$(aws ecr describe-images --repository-name app --image-ids imageTag=$CI_COMMIT_SHORT_SHA --query 'imageDetails[0].imageDigest' --output text) - - echo "Getting otel collector Digest from AWS" - - export OTEL_ECR_DIGEST=$(aws ecr describe-images --repository-name otel-collector --image-ids imageTag=$CI_COMMIT_SHORT_SHA --query 'imageDetails[0].imageDigest' --output text) - - export OTEL_COLLECTOR_IMAGE="${ECR_REPOSITORY_URI}/otel-collector@${OTEL_ECR_DIGEST}" - - echo "Deploying app-client-tls service" - - ./scripts/ecs-deploy-service-container app-client-tls "${ECR_REPOSITORY_URI}/app@${ECR_DIGEST}" "${APP_ENVIRONMENT}" "/bin/milmove serve" - - echo "Running Health Check" - # - bin/health-checker --schemes https --hosts api.demo.dp3.us --key ${TLS_KEY} --cert ${TLS_CERT} --ca ${TLS_CA} --tries 10 --backoff 3 --log-level info --timeout 5m - # - echo "Running TLS Check" - # - bin/tls-checker --schemes https --hosts api.demo.dp3.us --key ${TLS_KEY} --cert ${TLS_CERT} --ca ${TLS_CA} --log-level info --timeout 15m - # - echo "Checking deployed commits" - # - ./scripts/check-deployed-commit "api.demo.dp3.us" "$CI_COMMIT_SHA" ${TLS_KEY} ${TLS_CERT} ${TLS_CA} - after_script: - - *announce_failure - rules: - - *check_dp3 - -deploy_app_dp3: - stage: deploy - environment: DP3_ENV - image: - name: $DOCKER_APP_IMAGE - entrypoint: [""] - needs: - - build_push_app_dp3 - - deploy_migrations_dp3 - - compile_app_server - - compile_app_client - variables: - OPEN_TELEMETRY_SIDECAR: "true" - HEALTH_CHECK: "true" - before_script: - - *setup_aws_vars_dp3 - - *setup_release_dp3 - script: - - echo "Comparing against deployed commit" - # - ./scripts/compare-deployed-commit "" "$CI_COMMIT_SHA" "$TLS_KEY" "$TLS_CERT" "$TLS_CA" - - echo "Creating .go-version file if not already present" - - | - if [ -f ".go-version" ]; then - echo ".go-version already exists, no need to re-create" - else - GO_VERSION=$(awk '/golang/ { print $2 }' .tool-versions) - echo "Creating .go-version using version ${GO_VERSION}" - echo $GO_VERSION > .go-version - fi - - echo "Getting Digest from AWS" - - export ECR_DIGEST=$(aws ecr describe-images --repository-name app --image-ids imageTag=$CI_COMMIT_SHORT_SHA --query 'imageDetails[0].imageDigest' --output text) - - echo "Getting otel collector digest from AWS" - - export OTEL_ECR_DIGEST=$(aws ecr describe-images --repository-name otel-collector --image-ids imageTag=$CI_COMMIT_SHORT_SHA --query 'imageDetails[0].imageDigest' --output text) - - export OTEL_COLLECTOR_IMAGE="${ECR_REPOSITORY_URI}/otel-collector@${OTEL_ECR_DIGEST}" - - echo "Deploying app service" - - ./scripts/ecs-deploy-service-container app "${ECR_REPOSITORY_URI}/app@${ECR_DIGEST}" "${APP_ENVIRONMENT}" "/bin/milmove serve" - - echo "Running Health Check" - # - bin/health-checker --schemes https --hosts my.demo.dp3.us,office.demo.dp3.us,admin.demo.dp3.us --tries 10 --backoff 3 --log-level info --timeout 5m - # - echo "Running TLS Check" - # - bin/tls-checker --schemes https --hosts my.demo.dp3.us,office.demo.dp3.us,admin.demo.dp3.us --log-level info --timeout 15m - # - echo "Checking deployed commits" - - ./scripts/check-deployed-commit "my.demo.dp3.us,office.demo.dp3.us,admin.demo.dp3.us" "$CI_COMMIT_SHA" - after_script: - - *announce_failure - rules: - - *check_dp3 \ No newline at end of file + - *check_main \ No newline at end of file diff --git a/config/tls/milmove-cert-bundle.p7b b/config/tls/milmove-cert-bundle.p7b index 9a53bf6c2e9..85eb6a72d7f 100644 Binary files a/config/tls/milmove-cert-bundle.p7b and b/config/tls/milmove-cert-bundle.p7b differ diff --git a/go.mod b/go.mod index e528f684f9d..264e97343fa 100644 --- a/go.mod +++ b/go.mod @@ -95,10 +95,10 @@ require ( go.opentelemetry.io/otel/sdk/metric v1.28.0 go.opentelemetry.io/otel/trace v1.31.0 go.uber.org/zap v1.27.0 - golang.org/x/crypto v0.27.0 + golang.org/x/crypto v0.31.0 golang.org/x/net v0.29.0 golang.org/x/oauth2 v0.23.0 - golang.org/x/text v0.18.0 + golang.org/x/text v0.21.0 golang.org/x/tools v0.24.0 google.golang.org/grpc v1.68.0 gopkg.in/dnaeon/go-vcr.v3 v3.2.0 @@ -261,10 +261,10 @@ require ( golang.org/x/exp v0.0.0-20230905200255-921286631fa9 golang.org/x/image v0.18.0 // indirect golang.org/x/mod v0.20.0 // indirect - golang.org/x/sync v0.8.0 // indirect - golang.org/x/sys v0.25.0 // indirect - golang.org/x/term v0.24.0 // indirect - google.golang.org/genproto v0.0.0-20240401170217-c3f982113cda // indirect + golang.org/x/sync v0.10.0 // indirect + golang.org/x/sys v0.28.0 // indirect + golang.org/x/term v0.27.0 // indirect + google.golang.org/genproto v0.0.0-20240401170217-c3f982113cda google.golang.org/genproto/googleapis/api v0.0.0-20240903143218-8af14fe29dc1 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1 // indirect google.golang.org/protobuf v1.34.2 // indirect diff --git a/go.sum b/go.sum index edfdd1c49f0..8a725675df2 100644 --- a/go.sum +++ b/go.sum @@ -723,8 +723,8 @@ golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliY golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs= -golang.org/x/crypto v0.27.0 h1:GXm2NjJrPaiv/h1tb2UH8QfgC/hOf/+z0p6PT8o1w7A= -golang.org/x/crypto v0.27.0/go.mod h1:1Xngt8kV6Dvbssa53Ziq6Eqn0HqbZi5Z6R0ZpwQzt70= +golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U= +golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20230905200255-921286631fa9 h1:GoHiUyI/Tp2nVkLI2mCxVkOjsbSXD66ic0XW0js0R9g= golang.org/x/exp v0.0.0-20230905200255-921286631fa9/go.mod h1:S2oDrQGGwySpoQPVqRShND87VCbxmc6bL1Yd2oYrm6k= @@ -790,8 +790,8 @@ golang.org/x/sync v0.0.0-20220929204114-8fcdb60fdcc0/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= -golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ= -golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ= +golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -831,8 +831,8 @@ golang.org/x/sys v0.14.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.25.0 h1:r+8e+loiHxRqhXVl6ML1nO3l1+oFoWbnlu2Ehimmi34= -golang.org/x/sys v0.25.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA= +golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= @@ -849,8 +849,8 @@ golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU= golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0= golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= -golang.org/x/term v0.24.0 h1:Mh5cbb+Zk2hqqXNO7S1iTjEphVL+jb8ZWaqh/g+JWkM= -golang.org/x/term v0.24.0/go.mod h1:lOBK/LVxemqiMij05LGJ0tzNr8xlmwBRJ81PX6wVLH8= +golang.org/x/term v0.27.0 h1:WP60Sv1nlK1T6SupCHbXzSaN0b9wUmsPoRS9b61A23Q= +golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= @@ -863,8 +863,8 @@ golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.11.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= -golang.org/x/text v0.18.0 h1:XvMDiNzPAl0jr17s6W9lcaIhGUfUORdGCNsuLmPG224= -golang.org/x/text v0.18.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= +golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo= +golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= diff --git a/migrations/app/migrations_manifest.txt b/migrations/app/migrations_manifest.txt index cd0e00e7277..0d92b5ce410 100644 --- a/migrations/app/migrations_manifest.txt +++ b/migrations/app/migrations_manifest.txt @@ -1071,5 +1071,7 @@ 20241230190647_add_missing_AK_zips_to_zip3_distances.up.sql 20250103130619_revert_data_change_for_gbloc_for_ak.up.sql 20250103180420_update_pricing_proc_to_use_local_price_variable.up.sql +20250106202424_update_duty_locs.up.sql 20250110001339_update_nts_release_enum_name.up.sql 20250110153428_add_shipment_address_updates_to_move_history.up.sql +20250110214012_homesafeconnect_cert.up.sql diff --git a/migrations/app/schema/20250106202424_update_duty_locs.up.sql b/migrations/app/schema/20250106202424_update_duty_locs.up.sql new file mode 100644 index 00000000000..bd801b9067d --- /dev/null +++ b/migrations/app/schema/20250106202424_update_duty_locs.up.sql @@ -0,0 +1,32 @@ +--update duty location for NAS Meridian, MS to use zip 39309 +update duty_locations set name = 'NAS Meridian, MS 39309', address_id = '691551c2-71fe-4a15-871f-0c46dff98230' where id = '334fecaf-abeb-49ce-99b5-81d69c8beae5'; + +--remove 39302 duty location +delete from duty_locations where id = 'e55be32c-bf89-4927-8893-4454a26bfd55'; + +--update duty location for Minneapolis, MN 55460 to use 55467 +update orders set new_duty_location_id = 'fc4d669f-594a-4784-9831-bf2eb9f8948b' where new_duty_location_id = '4c960096-1fbc-4b9d-b7d9-5979a3ba7344'; + +--remove 55460 duty location +delete from duty_locations where id = '4c960096-1fbc-4b9d-b7d9-5979a3ba7344'; + +--add 92135 duty location +INSERT INTO addresses +(id, street_address_1, street_address_2, city, state, postal_code, created_at, updated_at, street_address_3, county, is_oconus, country_id, us_post_region_cities_id) +VALUES('3d617fab-bf6f-4f07-8ab5-f7652b8e7f3e'::uuid, 'n/a', NULL, 'NAS N ISLAND', 'CA', '39125', now(), now(), NULL, 'SAN DIEGO', false, '791899e6-cd77-46f2-981b-176ecb8d7098'::uuid, 'ce42858c-85af-4566-bbef-6b9aaf75c18a'::uuid); + +INSERT INTO duty_locations (id,"name",affiliation,address_id,created_at,updated_at,transportation_office_id,provides_services_counseling) VALUES + ('56255626-bbbe-4834-8324-1c08f011f2f6'::uuid,'NAS N Island, CA 92135',NULL,'3d617fab-bf6f-4f07-8ab5-f7652b8e7f3e'::uuid,now(),now(),null,true), + ('7156098f-13cf-4455-bcd5-eb829d57c714'::uuid,'NAS North Island, CA 92135',NULL,'8d613f71-b80e-4ad4-95e7-00781b084c7c'::uuid,now(),now(),null,true), + ('6555ccb2-a8a1-4961-98cc-b507490580ed'::uuid,'San Diego, CA 92135',NULL,'cb437e3d-a2e8-4315-95c6-6da85b6c242a'::uuid,now(),now(),null,true); + +--add Cannon AFB 88101 duty location +INSERT INTO addresses +(id, street_address_1, street_address_2, city, state, postal_code, created_at, updated_at, street_address_3, county, is_oconus, country_id, us_post_region_cities_id) +VALUES('fb90a7df-6494-4974-a0ce-4bdbcaff80c0'::uuid, 'n/a', NULL, 'CANNON AFB', 'NM', '88101', now(), now(), NULL, 'CURRY', false, '791899e6-cd77-46f2-981b-176ecb8d7098'::uuid, '68393e10-1aed-4a51-85a0-559a0a5b0e3f'::uuid); + +INSERT INTO duty_locations (id,"name",affiliation,address_id,created_at,updated_at,transportation_office_id,provides_services_counseling) VALUES +('98beab3c-f8ce-4e3c-b78e-8db614721621'::uuid, 'Cannon AFB, NM 88101',null, 'fb90a7df-6494-4974-a0ce-4bdbcaff80c0'::uuid,now(),now(),'80796bc4-e494-4b19-bb16-cdcdba187829',true); + +--associate New London, CT duty location to New London transportation office +update duty_locations set transportation_office_id = '5eb485ae-fb9c-4c90-80e4-6231158797df' where id = '3a2a84cd-0991-4f40-9a19-f977608d08f0'; \ No newline at end of file diff --git a/migrations/app/secure/20250110214012_homesafeconnect_cert.up.sql b/migrations/app/secure/20250110214012_homesafeconnect_cert.up.sql new file mode 100644 index 00000000000..f9862f58a7c --- /dev/null +++ b/migrations/app/secure/20250110214012_homesafeconnect_cert.up.sql @@ -0,0 +1,4 @@ +-- Local test migration. +-- This will be run on development environments. +-- It should mirror what you intend to apply on prd/stg/exp/demo +-- DO NOT include any sensitive data. diff --git a/package.json b/package.json index c3bff3b6b4c..222b9519685 100644 --- a/package.json +++ b/package.json @@ -77,7 +77,7 @@ "reselect": "^4.1.8", "sass": "^1.77.6", "swagger-client": "^3.18.5", - "swagger-ui-dist": "^5.2.0", + "swagger-ui-dist": "^5.18.2", "uswds": "2.13.3", "uuid": "^9.0.0", "webpack": "5", diff --git a/yarn.lock b/yarn.lock index dd46ddf509b..13023153627 100644 --- a/yarn.lock +++ b/yarn.lock @@ -2947,6 +2947,11 @@ resolved "https://registry.yarnpkg.com/@rushstack/eslint-patch/-/eslint-patch-1.1.3.tgz#6801033be7ff87a6b7cadaf5b337c9f366a3c4b0" integrity sha512-WiBSI6JBIhC6LRIsB2Kwh8DsGTlbBU+mLRxJmAe3LjHTdkDpwIbEOZgoXBbZilk/vlfjK8i6nKRAvIRn1XaIMw== +"@scarf/scarf@=1.4.0": + version "1.4.0" + resolved "https://registry.yarnpkg.com/@scarf/scarf/-/scarf-1.4.0.tgz#3bbb984085dbd6d982494538b523be1ce6562972" + integrity sha512-xxeapPiUXdZAE3che6f3xogoJPeZgig6omHEy1rIY5WVsB3H2BHNnZH+gHG6x91SCWyQCzWGsuL2Hh3ClO5/qQ== + "@sinclair/typebox@^0.23.3": version "0.23.5" resolved "https://registry.yarnpkg.com/@sinclair/typebox/-/typebox-0.23.5.tgz#93f7b9f4e3285a7a9ade7557d9a8d36809cbc47d" @@ -16650,10 +16655,12 @@ swagger-client@^3.18.5: traverse "~0.6.6" url "~0.11.0" -swagger-ui-dist@^5.2.0: - version "5.2.0" - resolved "https://registry.yarnpkg.com/swagger-ui-dist/-/swagger-ui-dist-5.2.0.tgz#175e112b3aea756fdbbbb035d4cffef26ac579d1" - integrity sha512-rLvJBgualxNZcwKOmTFzy4zF1nHy+3S0pUDDR/ageDRZgi8aITSe7pVYiAy03xGQZtqEifjwEtHQE+eF14gveg== +swagger-ui-dist@^5.18.2: + version "5.18.2" + resolved "https://registry.yarnpkg.com/swagger-ui-dist/-/swagger-ui-dist-5.18.2.tgz#62013074374d272c04ed3030704b88db5aa8c0b7" + integrity sha512-J+y4mCw/zXh1FOj5wGJvnAajq6XgHOyywsa9yITmwxIlJbMqITq3gYRZHaeqLVH/eV/HOPphE6NjF+nbSNC5Zw== + dependencies: + "@scarf/scarf" "=1.4.0" swc-loader@^0.2.3: version "0.2.3"