diff --git a/.github/workflows/.deploy.yml b/.github/workflows/.deploy.yml index 9c69c3f48..04ac28b6d 100644 --- a/.github/workflows/.deploy.yml +++ b/.github/workflows/.deploy.yml @@ -79,6 +79,7 @@ jobs: overwrite: true parameters: -p ZONE=${{ inputs.target }} + -p DB_PASSWORD='${{ secrets.DB_PASSWORD }}' -p FORESTCLIENTAPI_KEY='${{ secrets.FORESTCLIENTAPI_KEY }}' -p ORACLE_PASSWORD='${{ secrets.ORACLE_PASSWORD }}' -p ORACLE_SERVICE='${{ vars.ORACLE_SERVICE }}' @@ -96,12 +97,10 @@ jobs: oc_namespace: ${{ vars.OC_NAMESPACE }} oc_server: ${{ vars.OC_SERVER }} oc_token: ${{ secrets.OC_TOKEN }} - file: database/openshift.deploy.yml + file: common/openshift.database.yml overwrite: false parameters: - -p TAG=${{ inputs.tag }} -p ZONE=${{ inputs.target }} - -p DB_PASSWORD='${{ secrets.DB_PASSWORD }}' ${{ github.event_name == 'pull_request' && '-p DB_PVC_SIZE=192Mi' || '' }} ${{ github.event_name == 'pull_request' && '-p MEMORY_REQUEST=100Mi' || '' }} ${{ github.event_name == 'pull_request' && '-p MEMORY_LIMIT=200Mi' || '' }} @@ -177,7 +176,7 @@ jobs: parameters: -p TAG=${{ inputs.tag }} -p ZONE=${{ inputs.target }} - ${{ github.event_name == 'pull_request' && '-p TEST_MODE=true' || '' }} + ${{ inputs.target == 'test' && '-p TEST_MODE=false' || '-p TEST_MODE=true' }} - name: Override OpenShift version if: github.event_name == 'pull_request' @@ -191,4 +190,4 @@ jobs: - name: Run sync ETL if: github.event_name == 'pull_request' - run: ./sync/oc_run.sh ${{ secrets.oc_token }} + run: ./sync/oc_run.sh ${{ inputs.tag }} ${{ secrets.oc_token }} diff --git a/.github/workflows/job-sync.yml b/.github/workflows/job-sync.yml index 143c7185e..a2243dca2 100644 --- a/.github/workflows/job-sync.yml +++ b/.github/workflows/job-sync.yml @@ -23,26 +23,6 @@ jobs: oc version working-directory: /usr/local/bin/ + - uses: actions/checkout@v4 - name: ETL Sync - run: | - # Run and verify job - - # Login - oc login --token=${{ secrets.oc_token }} --server=${{ vars.oc_server }} - oc project ${{ vars.oc_namespace }} #Safeguard! - - # Exit on errors or unset variables - set -eu - - # Create job - CRONJOB=nr-spar-test-sync - RUN_JOB=${CRONJOB}--$(date +"%Y-%m-%d--%H-%M-%S") - oc create job ${RUN_JOB} --from=cronjob/${CRONJOB} - - # Follow - oc wait --for=condition=ready pod --selector=job-name=${RUN_JOB} --timeout=1m - oc logs -l job-name=${RUN_JOB} --tail=50 --follow - - # Verify successful completion - oc wait --for jsonpath='{.status.phase}'=Succeeded pod --selector=job-name=${RUN_JOB} --timeout=1m - echo "Job successful!" + run: ./sync/oc_run.sh test ${{ secrets.oc_token }} diff --git a/.github/workflows/merge.yml b/.github/workflows/merge.yml index bf8fee45a..c6a0f62e2 100644 --- a/.github/workflows/merge.yml +++ b/.github/workflows/merge.yml @@ -45,7 +45,7 @@ jobs: runs-on: ubuntu-latest strategy: matrix: - package: [backend, common, database, frontend, oracle-api, sync] + package: [backend, frontend, oracle-api, sync] steps: - uses: shrink/actions-docker-registry-tag@v4 with: diff --git a/.github/workflows/pr-close.yml b/.github/workflows/pr-close.yml index 681656c92..560ede7ac 100644 --- a/.github/workflows/pr-close.yml +++ b/.github/workflows/pr-close.yml @@ -18,5 +18,5 @@ jobs: oc_token: ${{ secrets.OC_TOKEN }} with: cleanup: label - packages: database backend frontend oracle-api sync common + packages: backend frontend oracle-api sync diff --git a/.github/workflows/pr-open.yml b/.github/workflows/pr-open.yml index b1ebffad4..eb8ddf388 100644 --- a/.github/workflows/pr-open.yml +++ b/.github/workflows/pr-open.yml @@ -18,7 +18,7 @@ jobs: packages: write strategy: matrix: - package: [database, common, backend, frontend, oracle-api, sync] + package: [backend, frontend, oracle-api, sync] steps: - uses: bcgov-nr/action-builder-ghcr@v2.2.0 id: build diff --git a/backend/openshift.deploy.yml b/backend/openshift.deploy.yml index 3abe7dbfb..d7c8ee287 100644 --- a/backend/openshift.deploy.yml +++ b/backend/openshift.deploy.yml @@ -35,9 +35,9 @@ parameters: - name: FORESTCLIENTAPI_ADDRESS value: "https://nr-forest-client-api-prod.api.gov.bc.ca/api" - name: CPU_REQUEST - value: 15m + value: 25m - name: CPU_LIMIT - value: 60m + value: 100m - name: MEMORY_REQUEST value: 150Mi - name: MEMORY_LIMIT diff --git a/common/Dockerfile b/common/Dockerfile deleted file mode 100644 index 64bb3f495..000000000 --- a/common/Dockerfile +++ /dev/null @@ -1,20 +0,0 @@ -FROM eclipse-temurin:17.0.11_9-jdk-alpine - -ENV LANG=en_CA.UTF-8 -ENV LANGUAGE=en_CA.UTF-8 -ENV LC_ALL=en_CA.UTF-8 - -WORKDIR /app - -RUN apk --no-cache add openssl - -COPY startup.sh . - -RUN chmod g+w /app && \ - chmod g+x startup.sh && \ - chmod g+w ${JAVA_HOME}/lib/security/cacerts - -# Non-privileged user -USER app - -ENTRYPOINT ["sh", "startup.sh"] diff --git a/database/init_db/init.sql b/common/init_db/init.sql similarity index 99% rename from database/init_db/init.sql rename to common/init_db/init.sql index e40bdd9fd..5cd45fee2 100644 --- a/database/init_db/init.sql +++ b/common/init_db/init.sql @@ -2622,22 +2622,6 @@ CREATE TRIGGER trg_seedlot_audit_DIU AFTER INSERT OR UPDATE OR DELETE ON spar.seedlot FOR EACH ROW EXECUTE PROCEDURE spar.seedlot_if_modified_func(); -create table spar.ETL_EXECUTION_LOG( -from_timestamp timestamp not null, -to_timestamp timestamp not null, -run_status varchar(100) not null, -updated_at timestamp default now() not null, -created_at timestamp default now() not null -); - - -comment on table spar.ETL_EXECUTION_LOG is 'ETL Tool monitoring table to store execution current instance of batch processing interfaces'; -comment on column spar.ETL_EXECUTION_LOG.from_timestamp is 'From timestamp for the run (i.e. update_timestamp between from_timestamp and to_timetsamp)'; -comment on column spar.ETL_EXECUTION_LOG.to_timestamp is 'To timestamp for the run (i.e. update_timestamp between from_timestamp and to_timetsamp)'; -comment on column spar.ETL_EXECUTION_LOG.run_status is 'Status of ETL execution'; -comment on column spar.ETL_EXECUTION_LOG.updated_at is 'Timestamp of the last time this record was updated'; -comment on column spar.ETL_EXECUTION_LOG.created_at is 'Timestamp of the time this record was created'; - alter table spar.seedlot add column approved_timestamp timestamp, add column approved_userid varchar(30); @@ -4490,6 +4474,23 @@ comment on column spar.ETL_EXECUTION_MAP.retry_errors is 'If true, comment on column spar.ETL_EXECUTION_MAP.updated_at is 'Timestamp of the last time this record was updated'; comment on column spar.ETL_EXECUTION_MAP.created_at is 'Timestamp of the time this record was created'; +create table spar.ETL_EXECUTION_LOG( +from_timestamp timestamp not null, +to_timestamp timestamp not null, +run_status varchar(100) not null, +updated_at timestamp default now() not null, +created_at timestamp default now() not null +); + + +comment on table spar.ETL_EXECUTION_LOG is 'ETL Tool monitoring table to store execution current instance of batch processing interfaces'; +comment on column spar.ETL_EXECUTION_LOG.from_timestamp is 'From timestamp for the run (i.e. update_timestamp between from_timestamp and to_timetsamp)'; +comment on column spar.ETL_EXECUTION_LOG.to_timestamp is 'To timestamp for the run (i.e. update_timestamp between from_timestamp and to_timetsamp)'; +comment on column spar.ETL_EXECUTION_LOG.run_status is 'Status of ETL execution'; +comment on column spar.ETL_EXECUTION_LOG.updated_at is 'Timestamp of the last time this record was updated'; +comment on column spar.ETL_EXECUTION_LOG.created_at is 'Timestamp of the time this record was created'; + + create table spar.ETL_EXECUTION_SCHEDULE( interface_id varchar(100) not null, execution_id integer not null, @@ -4512,7 +4513,7 @@ comment on column spar.ETL_EXECUTION_SCHEDULE.created_at is 'Timestamp o create table spar.etl_execution_log_hist ( entry_timestamp timestamp(6) not null default current_timestamp -, log_details jsonb not null) +, log_details jsonb not null); comment on table spar.ETL_EXECUTION_LOG_HIST is 'ETL Tool monitoring table to store all executed instances of batch processing interfaces'; comment on column spar.ETL_EXECUTION_LOG_HIST.entry_timestamp is 'The timestamp when the record was inserted'; diff --git a/database/openshift.deploy.yml b/common/openshift.database.yml similarity index 80% rename from database/openshift.deploy.yml rename to common/openshift.database.yml index 08adc86ff..f9555691f 100644 --- a/database/openshift.deploy.yml +++ b/common/openshift.database.yml @@ -12,18 +12,6 @@ parameters: - name: ZONE description: Deployment zone, e.g. pr-### or prod required: true - - name: TAG - description: Image tag; e.g. PR number, latest or prod - required: true - - name: REGISTRY - description: Container registry to import from (internal is image-registry.openshift-image-registry.svc:5000) - value: ghcr.io - - name: ORG - description: Organization name - value: bcgov - - name: PVC_MOUNT_PATH - description: Where to mount the PVC, subpath (e.g. data/) - value: /var/lib/postgresql - name: CPU_REQUEST value: 25m - name: CPU_LIMIT @@ -33,24 +21,9 @@ parameters: - name: MEMORY_LIMIT value: 4Gi - name: DB_PVC_SIZE - description: Volume space available for data, e.g. 512Mi, 2Gi. - displayName: Database Volume Capacity - value: 1Gi - - name: DB_PASSWORD - description: Password for the PostgreSQL connection user - required: true + description: Volume space available for data, e.g. 512Mi, 2Gi + value: 1.8Gi objects: - - apiVersion: v1 - kind: Secret - metadata: - name: ${NAME}-${ZONE}-${COMPONENT} - labels: - app: ${NAME}-${ZONE} - stringData: - database-name: ${NAME} - database-password: ${DB_PASSWORD} - database-port: "5432" - database-user: ${NAME} - kind: PersistentVolumeClaim apiVersion: v1 metadata: @@ -93,7 +66,7 @@ objects: claimName: ${NAME}-${ZONE}-${COMPONENT} containers: - name: ${NAME}-${ZONE} - image: ${REGISTRY}/${ORG}/${NAME}/${COMPONENT}:${TAG} + image: postgis/postgis:15-master resources: requests: cpu: ${CPU_REQUEST} @@ -111,6 +84,8 @@ objects: - bash - '-ce' - exec pg_isready -U $POSTGRES_USER -d "dbname=$POSTGRES_DB" -h 127.0.0.1 -p 5432 + periodSeconds: 30 + timeoutSeconds: 10 livenessProbe: exec: command: @@ -138,7 +113,7 @@ objects: key: database-user volumeMounts: - name: ${NAME}-${ZONE}-${COMPONENT} - mountPath: ${PVC_MOUNT_PATH} + mountPath: /var/lib/postgresql terminationMessagePath: "/dev/termination-log" terminationMessagePolicy: File imagePullPolicy: Always diff --git a/common/openshift.init.yml b/common/openshift.init.yml index d77aed0e3..1da33db29 100644 --- a/common/openshift.init.yml +++ b/common/openshift.init.yml @@ -7,6 +7,9 @@ parameters: - name: ZONE description: Deployment zone, e.g. pr-### or prod required: true + - name: DB_PASSWORD + description: Password for the PostgreSQL connection user + required: true - name: FORESTCLIENTAPI_KEY required: true - name: ORACLE_HOST @@ -35,6 +38,17 @@ parameters: description: Cognito user pools web client ID required: true objects: + - apiVersion: v1 + kind: Secret + metadata: + name: ${NAME}-${ZONE}-database + labels: + app: ${NAME}-${ZONE} + stringData: + database-name: ${NAME} + database-password: ${DB_PASSWORD} + database-port: "5432" + database-user: ${NAME} - apiVersion: v1 kind: Secret metadata: diff --git a/database/Dockerfile b/database/Dockerfile deleted file mode 100644 index 491f15f73..000000000 --- a/database/Dockerfile +++ /dev/null @@ -1,10 +0,0 @@ -FROM postgis/postgis:15-master - -# Enable pgcrypto extension on startup -RUN sed -i '/EXISTS postgis_tiger_geocoder;*/a CREATE EXTENSION IF NOT EXISTS pgcrypto;' \ - /docker-entrypoint-initdb.d/10_postgis.sh - -# User, port and Healthcheck -USER postgres -EXPOSE 5432 -HEALTHCHECK CMD ["psql", "-q", "-U", "$${POSTGRES_USER}", "-d", "$${POSTGRES_DB}", "-c", "SELECT 1"] diff --git a/docker-compose.yml b/docker-compose.yml index 4f52e6384..a4348236b 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -24,12 +24,12 @@ x-frontend: &frontend services: database: container_name: database - build: ./database + image: postgis/postgis:15-master environment: <<: *postgres-vars volumes: - "/pgdata" - - "./database/init_db:/init_db" + - "./common/init_db:/init_db" ports: ["5432:5432"] healthcheck: test: psql -q -U $${POSTGRES_USER} -d $${POSTGRES_DB} -c 'SELECT 1' diff --git a/oracle-api/.eslintrc.json b/oracle-api/.eslintrc.json deleted file mode 100644 index 7530e96ed..000000000 --- a/oracle-api/.eslintrc.json +++ /dev/null @@ -1,67 +0,0 @@ -{ - "env": { - "browser": true, - "es2021": true - }, - "extends": [ - "plugin:react/recommended", - "airbnb", - "plugin:jsdoc/recommended" - ], - "globals": { - "JSX": true, - "RequestInit": true, - "BodyInit": true - }, - "parser": "@typescript-eslint/parser", - "parserOptions": { - "ecmaFeatures": { - "jsx": true - }, - "ecmaVersion": "latest", - "sourceType": "module" - }, - "settings": { - "import/resolver": { - "node": { - "extensions": [".js", ".jsx", ".ts", ".tsx"] - } - } - }, - "plugins": [ - "react", - "@typescript-eslint", - "jsdoc" - ], - "rules": { - "react/require-default-props": "off", - "linebreak-style": 0, - "react/jsx-filename-extension": [2, { "extensions": [".js", ".jsx", ".ts", ".tsx"] }], - "comma-dangle": ["error", "never"], - "import/no-extraneous-dependencies": ["error", {"devDependencies": true}], - "import/extensions": [ - "error", - "ignorePackages", - { - "js": "never", - "jsx": "never", - "ts": "never", - "tsx": "never" - } - ], - "react/function-component-definition": [ - "error", - { - "namedComponents": ["function-declaration", "arrow-function"], - "unnamedComponents": "arrow-function" - } - ], - "jsx-a11y/label-has-associated-control": [ 2, { - "depth": 3 - }], - "no-shadow": "off", - "no-unused-vars": "off", - "@typescript-eslint/no-shadow": ["error"], - "@typescript-eslint/no-unused-vars": "error" - } -} diff --git a/oracle-api/CHANGELOG.md b/oracle-api/CHANGELOG.md deleted file mode 100644 index 1bb9ba4fc..000000000 --- a/oracle-api/CHANGELOG.md +++ /dev/null @@ -1,25 +0,0 @@ -## [0.12.2](https://github.com/bcgov/nr-spar-oracle-api/compare/v0.12.1...v0.12.2) (2023-05-02) - - - -## [0.12.1](https://github.com/bcgov/nr-spar-oracle-api/compare/v0.12.0...v0.12.1) (2023-05-02) - - - -# [0.12.0](https://github.com/bcgov/nr-spar-oracle-api/compare/v0.11.9...v0.12.0) (2023-04-28) - - -### Features - -* orchard parent tree api ([#120](https://github.com/bcgov/nr-spar-oracle-api/issues/120)) ([d014d2c](https://github.com/bcgov/nr-spar-oracle-api/commit/d014d2c8bf6d6de2de05e87c79be1d7b017b8056)) - - - -## [0.11.9](https://github.com/bcgov/nr-spar-oracle-api/compare/v0.11.8...v0.11.9) (2023-04-24) - - - -## [0.11.8](https://github.com/bcgov/nr-spar-oracle-api/compare/v0.11.7...v0.11.8) (2023-04-10) - - - diff --git a/oracle-api/CODE_OF_CONDUCT.md b/oracle-api/CODE_OF_CONDUCT.md deleted file mode 100644 index 6f5be045d..000000000 --- a/oracle-api/CODE_OF_CONDUCT.md +++ /dev/null @@ -1,132 +0,0 @@ -# Contributor Covenant Code of Conduct - -## Overview - -Act in the best interests of the community, the government of British Columbia and your fellow collaborators. We welcome and appreciate your contributions, in any capacity. - -## Our Pledge - -We as members, contributors, and leaders pledge to make participation in our -community a harassment-free experience for everyone, regardless of age, body -size, visible or invisible disability, ethnicity, sex characteristics, gender -identity and expression, level of experience, education, socio-economic status, -nationality, personal appearance, race, religion, or sexual identity -and orientation. - -We pledge to act and interact in ways that contribute to an open, welcoming, -diverse, inclusive, and healthy community. - -## Our Standards - -Examples of behavior that contributes to a positive environment for our -community include: - -* Demonstrating empathy and kindness toward other people -* Being respectful of differing opinions, viewpoints, and experiences -* Giving and gracefully accepting constructive feedback -* Accepting responsibility and apologizing to those affected by our mistakes, - and learning from the experience -* Focusing on what is best not just for us as individuals, but for the - overall community - -Examples of unacceptable behavior include: - -* The use of sexualized language or imagery, and sexual attention or - advances of any kind -* Trolling, insulting or derogatory comments, and personal or political attacks -* Public or private harassment -* Publishing others' private information, such as a physical or email - address, without their explicit permission -* Other conduct which could reasonably be considered inappropriate in a - professional setting - -## Enforcement Responsibilities - -Community leaders are responsible for clarifying and enforcing our standards of -acceptable behavior and will take appropriate and fair corrective action in -response to any behavior that they deem inappropriate, threatening, offensive, -or harmful. - -Community leaders have the right and responsibility to remove, edit, or reject -comments, commits, code, wiki edits, issues, and other contributions that are -not aligned to this Code of Conduct, and will communicate reasons for moderation -decisions when appropriate. - -## Scope - -This Code of Conduct applies within all community spaces, and also applies when -an individual is officially representing the community in public spaces. -Examples of representing our community include using an official e-mail address, -posting via an official social media account, or acting as an appointed -representative at an online or offline event. - -## Enforcement - -Instances of abusive, harassing, or otherwise unacceptable behavior may be -reported to the community leaders responsible for enforcement at -derek.roberts@gmail.com. -All complaints will be reviewed and investigated promptly and fairly. - -All community leaders are obligated to respect the privacy and security of the -reporter of any incident. - -## Enforcement Guidelines - -Community leaders will follow these Community Impact Guidelines in determining -the consequences for any action they deem in violation of this Code of Conduct: - -### 1. Correction - -**Community Impact**: Use of inappropriate language or other behavior deemed -unprofessional or unwelcome in the community. - -**Consequence**: A private, written warning from community leaders, providing -clarity around the nature of the violation and an explanation of why the -behavior was inappropriate. A public apology may be requested. - -### 2. Warning - -**Community Impact**: A violation through a single incident or series -of actions. - -**Consequence**: A warning with consequences for continued behavior. No -interaction with the people involved, including unsolicited interaction with -those enforcing the Code of Conduct, for a specified period of time. This -includes avoiding interactions in community spaces as well as external channels -like social media. Violating these terms may lead to a temporary or -permanent ban. - -### 3. Temporary Ban - -**Community Impact**: A serious violation of community standards, including -sustained inappropriate behavior. - -**Consequence**: A temporary ban from any sort of interaction or public -communication with the community for a specified period of time. No public or -private interaction with the people involved, including unsolicited interaction -with those enforcing the Code of Conduct, is allowed during this period. -Violating these terms may lead to a permanent ban. - -### 4. Permanent Ban - -**Community Impact**: Demonstrating a pattern of violation of community -standards, including sustained inappropriate behavior, harassment of an -individual, or aggression toward or disparagement of classes of individuals. - -**Consequence**: A permanent ban from any sort of public interaction within -the community. - -## Attribution - -This Code of Conduct is adapted from the [Contributor Covenant][homepage], -version 2.0, available at -https://www.contributor-covenant.org/version/2/0/code_of_conduct.html. - -Community Impact Guidelines were inspired by [Mozilla's code of conduct -enforcement ladder](https://github.com/mozilla/diversity). - -[homepage]: https://www.contributor-covenant.org - -For answers to common questions about this code of conduct, see the FAQ at -https://www.contributor-covenant.org/faq. Translations are available at -https://www.contributor-covenant.org/translations. diff --git a/oracle-api/COMPLIANCE.yaml b/oracle-api/COMPLIANCE.yaml deleted file mode 100644 index f18d0a7ad..000000000 --- a/oracle-api/COMPLIANCE.yaml +++ /dev/null @@ -1,11 +0,0 @@ -name: compliance -description: | - This document is used to track a projects PIA and STRA - compliance. -spec: - - name: PIA - status: not-required - last-updated: '2022-01-26T23:07:19.992Z' - - name: STRA - status: not-required - last-updated: '2022-01-26T23:07:19.992Z' diff --git a/oracle-api/Dockerfile b/oracle-api/Dockerfile index d85e56e39..e8449b0fc 100644 --- a/oracle-api/Dockerfile +++ b/oracle-api/Dockerfile @@ -2,16 +2,14 @@ FROM ghcr.io/graalvm/native-image:22.3.3 AS build # Copy WORKDIR /app -COPY pom.xml mvnw ./ -COPY src ./src -COPY .mvn/ ./.mvn -COPY InstallCert.java . +COPY . ./ # Build RUN ./mvnw package -Pnative -DskipTests -Dskip.unit.tests=true && \ - javac InstallCert.java + javac InstallCert.java - ### Deployer + +### Deployer FROM eclipse-temurin:17.0.11_9-jdk-jammy AS deploy # Java vars @@ -23,6 +21,7 @@ ENV LC_ALL=en_CA.UTF-8 WORKDIR /app COPY --from=build /app/target/nr-spar-oracle-api ./nr-spar-oracle-api COPY --from=build /app/*.class ./artifacts/ +COPY --from=build /app/install_cert.sh ./ # User, port and healthcheck USER 1001 diff --git a/oracle-api/LICENSE.md b/oracle-api/LICENSE.md deleted file mode 100644 index 8dada3eda..000000000 --- a/oracle-api/LICENSE.md +++ /dev/null @@ -1,201 +0,0 @@ - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "{}" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright {yyyy} {name of copyright owner} - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/oracle-api/SECURITY.md b/oracle-api/SECURITY.md deleted file mode 100644 index 67ff97678..000000000 --- a/oracle-api/SECURITY.md +++ /dev/null @@ -1,10 +0,0 @@ -# Security Policy - -## Supported Versions - -This product currently has no support and is experimental. That could change in future. - - -## Reporting a Vulnerability - -Please report any issues or vulerabilities with an [issue](https://github.com/bcgov/greenfield-template/issues). diff --git a/common/startup.sh b/oracle-api/install_cert.sh similarity index 100% rename from common/startup.sh rename to oracle-api/install_cert.sh diff --git a/oracle-api/mvnw.cmd b/oracle-api/mvnw.cmd deleted file mode 100644 index 1ff8c9ddc..000000000 --- a/oracle-api/mvnw.cmd +++ /dev/null @@ -1,146 +0,0 @@ -<# : batch portion -@REM ---------------------------------------------------------------------------- -@REM Licensed to the Apache Software Foundation (ASF) under one -@REM or more contributor license agreements. See the NOTICE file -@REM distributed with this work for additional information -@REM regarding copyright ownership. The ASF licenses this file -@REM to you under the Apache License, Version 2.0 (the -@REM "License"); you may not use this file except in compliance -@REM with the License. You may obtain a copy of the License at -@REM -@REM http://www.apache.org/licenses/LICENSE-2.0 -@REM -@REM Unless required by applicable law or agreed to in writing, -@REM software distributed under the License is distributed on an -@REM "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -@REM KIND, either express or implied. See the License for the -@REM specific language governing permissions and limitations -@REM under the License. -@REM ---------------------------------------------------------------------------- - -@REM ---------------------------------------------------------------------------- -@REM Apache Maven Wrapper startup batch script, version 3.3.1 -@REM -@REM Optional ENV vars -@REM MVNW_REPOURL - repo url base for downloading maven distribution -@REM MVNW_USERNAME/MVNW_PASSWORD - user and password for downloading maven -@REM MVNW_VERBOSE - true: enable verbose log; others: silence the output -@REM ---------------------------------------------------------------------------- - -@IF "%__MVNW_ARG0_NAME__%"=="" (SET __MVNW_ARG0_NAME__=%~nx0) -@SET __MVNW_CMD__= -@SET __MVNW_ERROR__= -@SET __MVNW_PSMODULEP_SAVE=%PSModulePath% -@SET PSModulePath= -@FOR /F "usebackq tokens=1* delims==" %%A IN (`powershell -noprofile "& {$scriptDir='%~dp0'; $script='%__MVNW_ARG0_NAME__%'; icm -ScriptBlock ([Scriptblock]::Create((Get-Content -Raw '%~f0'))) -NoNewScope}"`) DO @( - IF "%%A"=="MVN_CMD" (set __MVNW_CMD__=%%B) ELSE IF "%%B"=="" (echo %%A) ELSE (echo %%A=%%B) -) -@SET PSModulePath=%__MVNW_PSMODULEP_SAVE% -@SET __MVNW_PSMODULEP_SAVE= -@SET __MVNW_ARG0_NAME__= -@SET MVNW_USERNAME= -@SET MVNW_PASSWORD= -@IF NOT "%__MVNW_CMD__%"=="" (%__MVNW_CMD__% %*) -@echo Cannot start maven from wrapper >&2 && exit /b 1 -@GOTO :EOF -: end batch / begin powershell #> - -$ErrorActionPreference = "Stop" -if ($env:MVNW_VERBOSE -eq "true") { - $VerbosePreference = "Continue" -} - -# calculate distributionUrl, requires .mvn/wrapper/maven-wrapper.properties -$distributionUrl = (Get-Content -Raw "$scriptDir/.mvn/wrapper/maven-wrapper.properties" | ConvertFrom-StringData).distributionUrl -if (!$distributionUrl) { - Write-Error "cannot read distributionUrl property in $scriptDir/.mvn/wrapper/maven-wrapper.properties" -} - -switch -wildcard -casesensitive ( $($distributionUrl -replace '^.*/','') ) { - "maven-mvnd-*" { - $USE_MVND = $true - $distributionUrl = $distributionUrl -replace '-bin\.[^.]*$',"-windows-amd64.zip" - $MVN_CMD = "mvnd.cmd" - break - } - default { - $USE_MVND = $false - $MVN_CMD = $script -replace '^mvnw','mvn' - break - } -} - -# apply MVNW_REPOURL and calculate MAVEN_HOME -# maven home pattern: ~/.m2/wrapper/dists/{apache-maven-,maven-mvnd--}/ -if ($env:MVNW_REPOURL) { - $MVNW_REPO_PATTERN = if ($USE_MVND) { "/org/apache/maven/" } else { "/maven/mvnd/" } - $distributionUrl = "$env:MVNW_REPOURL$MVNW_REPO_PATTERN$($distributionUrl -replace '^.*'+$MVNW_REPO_PATTERN,'')" -} -$distributionUrlName = $distributionUrl -replace '^.*/','' -$distributionUrlNameMain = $distributionUrlName -replace '\.[^.]*$','' -replace '-bin$','' -$MAVEN_HOME_PARENT = "$HOME/.m2/wrapper/dists/$distributionUrlNameMain" -$MAVEN_HOME_NAME = ([System.Security.Cryptography.MD5]::Create().ComputeHash([byte[]][char[]]$distributionUrl) | ForEach-Object {$_.ToString("x2")}) -join '' -$MAVEN_HOME = "$MAVEN_HOME_PARENT/$MAVEN_HOME_NAME" - -if (Test-Path -Path "$MAVEN_HOME" -PathType Container) { - Write-Verbose "found existing MAVEN_HOME at $MAVEN_HOME" - Write-Output "MVN_CMD=$MAVEN_HOME/bin/$MVN_CMD" - exit $? -} - -if (! $distributionUrlNameMain -or ($distributionUrlName -eq $distributionUrlNameMain)) { - Write-Error "distributionUrl is not valid, must end with *-bin.zip, but found $distributionUrl" -} - -# prepare tmp dir -$TMP_DOWNLOAD_DIR_HOLDER = New-TemporaryFile -$TMP_DOWNLOAD_DIR = New-Item -Itemtype Directory -Path "$TMP_DOWNLOAD_DIR_HOLDER.dir" -$TMP_DOWNLOAD_DIR_HOLDER.Delete() | Out-Null -trap { - if ($TMP_DOWNLOAD_DIR.Exists) { - try { Remove-Item $TMP_DOWNLOAD_DIR -Recurse -Force | Out-Null } - catch { Write-Warning "Cannot remove $TMP_DOWNLOAD_DIR" } - } -} - -New-Item -Itemtype Directory -Path "$MAVEN_HOME_PARENT" -Force | Out-Null - -# Download and Install Apache Maven -Write-Verbose "Couldn't find MAVEN_HOME, downloading and installing it ..." -Write-Verbose "Downloading from: $distributionUrl" -Write-Verbose "Downloading to: $TMP_DOWNLOAD_DIR/$distributionUrlName" - -$webclient = New-Object System.Net.WebClient -if ($env:MVNW_USERNAME -and $env:MVNW_PASSWORD) { - $webclient.Credentials = New-Object System.Net.NetworkCredential($env:MVNW_USERNAME, $env:MVNW_PASSWORD) -} -[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 -$webclient.DownloadFile($distributionUrl, "$TMP_DOWNLOAD_DIR/$distributionUrlName") | Out-Null - -# If specified, validate the SHA-256 sum of the Maven distribution zip file -$distributionSha256Sum = (Get-Content -Raw "$scriptDir/.mvn/wrapper/maven-wrapper.properties" | ConvertFrom-StringData).distributionSha256Sum -if ($distributionSha256Sum) { - if ($USE_MVND) { - Write-Error "Checksum validation is not supported for maven-mvnd. `nPlease disable validation by removing 'distributionSha256Sum' from your maven-wrapper.properties." - } - Import-Module $PSHOME\Modules\Microsoft.PowerShell.Utility -Function Get-FileHash - if ((Get-FileHash "$TMP_DOWNLOAD_DIR/$distributionUrlName" -Algorithm SHA256).Hash.ToLower() -ne $distributionSha256Sum) { - Write-Error "Error: Failed to validate Maven distribution SHA-256, your Maven distribution might be compromised. If you updated your Maven version, you need to update the specified distributionSha256Sum property." - } -} - -# unzip and move -Expand-Archive "$TMP_DOWNLOAD_DIR/$distributionUrlName" -DestinationPath "$TMP_DOWNLOAD_DIR" | Out-Null -Rename-Item -Path "$TMP_DOWNLOAD_DIR/$distributionUrlNameMain" -NewName $MAVEN_HOME_NAME | Out-Null -try { - Move-Item -Path "$TMP_DOWNLOAD_DIR/$MAVEN_HOME_NAME" -Destination $MAVEN_HOME_PARENT | Out-Null -} catch { - if (! (Test-Path -Path "$MAVEN_HOME" -PathType Container)) { - Write-Error "fail to move MAVEN_HOME" - } -} finally { - try { Remove-Item $TMP_DOWNLOAD_DIR -Recurse -Force | Out-Null } - catch { Write-Warning "Cannot remove $TMP_DOWNLOAD_DIR" } -} - -Write-Output "MVN_CMD=$MAVEN_HOME/bin/$MVN_CMD" diff --git a/oracle-api/openshift.deploy.yml b/oracle-api/openshift.deploy.yml index 54e1dca81..77b67be89 100644 --- a/oracle-api/openshift.deploy.yml +++ b/oracle-api/openshift.deploy.yml @@ -24,9 +24,9 @@ parameters: - name: DOMAIN value: apps.silver.devops.gov.bc.ca - name: CPU_REQUEST - value: 15m + value: 25m - name: CPU_LIMIT - value: 50m + value: 100m - name: MEMORY_REQUEST value: 150Mi - name: MEMORY_LIMIT @@ -94,7 +94,13 @@ objects: claimName: ${NAME}-${ZONE}-${COMPONENT} initContainers: - name: ${NAME}-${ZONE}-${COMPONENT}-init - image: ${REGISTRY}/${ORG}/${NAME}/common:${TAG} + command: + - /bin/sh + - -c + - | + cd /app + ./install_cert.sh + image: ${REGISTRY}/${ORG}/${NAME}/${COMPONENT}:${TAG} imagePullPolicy: Always env: - name: DATABASE_HOST diff --git a/sync/config/SQL/SPAR/POSTGRES_SEEDLOT_EXTRACT.sql b/sync/config/SQL/SPAR/POSTGRES_SEEDLOT_EXTRACT.sql index ee92ba701..bbd5224d8 100644 --- a/sync/config/SQL/SPAR/POSTGRES_SEEDLOT_EXTRACT.sql +++ b/sync/config/SQL/SPAR/POSTGRES_SEEDLOT_EXTRACT.sql @@ -32,11 +32,11 @@ WITH seedlot_coll_methods else null end as secondary_orchard_id , CAST(case when all_step_data->'collectionStep'->'startDate'->>'isInvalid' = 'false' - then all_step_data->'collectionStep'->'startDate'->>'value' + then NULLIF(all_step_data->'collectionStep'->'startDate'->>'value','') else null end AS DATE) as collection_start_date , CAST(case when all_step_data->'collectionStep'->'endDate'->>'isInvalid' = 'false' - then all_step_data->'collectionStep'->'endDate'->>'value' + then NULLIF(all_step_data->'collectionStep'->'endDate'->>'value','') else null end AS DATE) as collection_end_date , case when all_step_data->'collectionStep'->'collectorAgency'->>'isInvalid' = 'false' diff --git a/sync/oc_run.sh b/sync/oc_run.sh index 15bf92bcb..75812e98b 100755 --- a/sync/oc_run.sh +++ b/sync/oc_run.sh @@ -6,13 +6,13 @@ set -eux # Run and verify job # Login -if [ ! -z "${1:-}" ]; then - oc login --token=${1} --server=https://api.silver.devops.gov.bc.ca:6443 +if [ ! -z "${2:-}" ]; then + oc login --token=${2} --server=https://api.silver.devops.gov.bc.ca:6443 oc project #Safeguard! fi # Create job -CRONJOB=nr-spar-1502-sync +CRONJOB=nr-spar-${1:-test}-sync RUN_JOB=${CRONJOB}--$(date +"%Y-%m-%d--%H-%M-%S") oc create job ${RUN_JOB} --from=cronjob/${CRONJOB} diff --git a/sync/openshift.deploy.yml b/sync/openshift.deploy.yml index 31a87713a..c607fcbd5 100644 --- a/sync/openshift.deploy.yml +++ b/sync/openshift.deploy.yml @@ -32,10 +32,10 @@ parameters: ### Usually a bad idea - not recommended - name: JOB_BACKOFF_LIMIT description: "The number of attempts to try for a successful job outcome" - value: "3" + value: "0" - name: JOB_HISTORY_FAIL description: "The number of failed jobs that will be retained" - value: "2" + value: "1" - name: JOB_HISTORY_SUCCESS description: "The number of successful jobs that will be retained" value: "5"