From d78ab374bc6e549f24ed3927b23414185cdbdcb1 Mon Sep 17 00:00:00 2001 From: Riku Rouvila Date: Wed, 11 Sep 2024 22:41:38 +0300 Subject: [PATCH] add QA_ENV flag --- .github/workflows/clear-environment.yml | 9 +++------ .github/workflows/e2e.yml | 18 ++++++----------- infrastructure/clear-all-data.sh | 10 +++------- infrastructure/docker-compose.app.yml | 20 +++++++++++++++++++ .../elasticsearch/roles/search_user.json | 2 +- infrastructure/mongodb/on-deploy.sh | 4 ++-- infrastructure/run-migrations.sh | 19 ++---------------- 7 files changed, 37 insertions(+), 45 deletions(-) diff --git a/.github/workflows/clear-environment.yml b/.github/workflows/clear-environment.yml index 8d66aa3a..ed96c61f 100644 --- a/.github/workflows/clear-environment.yml +++ b/.github/workflows/clear-environment.yml @@ -28,7 +28,7 @@ on: jobs: reset-data: - name: 'Reset data' + name: 'Reset data from stack ${{ inputs.stack }} in ${{ inputs.environment }}' environment: ${{ inputs.environment }} runs-on: ubuntu-22.04 outputs: @@ -74,7 +74,6 @@ jobs: MINIO_ROOT_USER: ${{ secrets.MINIO_ROOT_USER }} MINIO_ROOT_PASSWORD: ${{ secrets.MINIO_ROOT_PASSWORD }} SSH_ARGS: ${{ vars.SSH_ARGS }} - STACK: ${{ inputs.stack }} run: | ssh -p $SSH_PORT $SSH_USER@$SSH_HOST $SSH_ARGS " ELASTICSEARCH_ADMIN_USER=elastic \ @@ -83,11 +82,9 @@ jobs: MONGODB_ADMIN_PASSWORD=$MONGODB_ADMIN_PASSWORD \ MINIO_ROOT_USER=$MINIO_ROOT_USER \ MINIO_ROOT_PASSWORD=$MINIO_ROOT_PASSWORD \ - /opt/opencrvs/infrastructure/clear-all-data.sh $REPLICAS $STACK" + /opt/opencrvs/infrastructure/clear-all-data.sh $REPLICAS ${{ inputs.stack }}" echo "Running migrations..." echo ssh -p $SSH_PORT $SSH_USER@$SSH_HOST $SSH_ARGS " - ELASTICSEARCH_ADMIN_USER=elastic \ - ELASTICSEARCH_ADMIN_PASSWORD=$ELASTICSEARCH_SUPERUSER_PASSWORD \ - /opt/opencrvs/infrastructure/run-migrations.sh" + /opt/opencrvs/infrastructure/run-migrations.sh ${{ inputs.stack }}" diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml index 0e53094b..294e04e9 100644 --- a/.github/workflows/e2e.yml +++ b/.github/workflows/e2e.yml @@ -1,18 +1,12 @@ name: E2E -run-name: Deploy to ${{ github.event.inputs.environment }} and E2E +run-name: Deploy to ${{ github.event.inputs.stack }} and E2E on: - push: - branches: - - e2e/* workflow_dispatch: inputs: - environment: - type: choice - description: Environment to deploy to + stack: + type: string + description: Stack name required: true - default: 'development' - options: - - development jobs: discover-tests: @@ -50,7 +44,7 @@ jobs: test: needs: [discover-tests] runs-on: ubuntu-22.04 - environment: ${{ github.event.inputs.environment || 'development' }} + environment: qa strategy: fail-fast: false matrix: @@ -92,7 +86,7 @@ jobs: if: steps.check-specs.outputs.has_spec_files == 'true' run: npx playwright test ./e2e/testcases/${{ matrix.test_dir }} env: - DOMAIN: '${{ vars.DOMAIN }}' + DOMAIN: '${{inputs.stack}}.${{ vars.DOMAIN }}' - uses: actions/upload-artifact@v4 if: steps.check-specs.outputs.has_spec_files == 'true' diff --git a/infrastructure/clear-all-data.sh b/infrastructure/clear-all-data.sh index 3f13a4e1..eb2cda87 100755 --- a/infrastructure/clear-all-data.sh +++ b/infrastructure/clear-all-data.sh @@ -102,11 +102,7 @@ docker run --rm --network=$NETWORK appropriate/curl curl -X POST "http://influxd #----------------------------- docker run --rm --network=$NETWORK --entrypoint=/bin/sh minio/mc -c "\ mc alias set myminio http://minio:9000 $MINIO_ROOT_USER $MINIO_ROOT_PASSWORD && \ - mc rm --recursive --force myminio/${STACK}__ocrvs && \ - mc rb myminio/${STACK}__ocrvs && \ - mc mb myminio/${STACK}__ocrvs" - -# Delete all data from metabase -#----------------------------- -docker exec $(docker ps | grep opencrvs_dashboards | awk '{print $1}' | head -n 1) /bin/sh -c "rm -rf /data/metabase/*" + mc rm --recursive --force myminio/${STACK}--ocrvs && \ + mc rb myminio/${STACK}--ocrvs && \ + mc mb myminio/${STACK}--ocrvs" diff --git a/infrastructure/docker-compose.app.yml b/infrastructure/docker-compose.app.yml index 3d985d63..f0ad7a3c 100644 --- a/infrastructure/docker-compose.app.yml +++ b/infrastructure/docker-compose.app.yml @@ -3,6 +3,7 @@ services: hearth: image: opencrvs/hearth:1.1.0 environment: + - QA_ENV=true - HOST=0.0.0.0 - mongodb__url=mongodb://${STACK}__hearth:${HEARTH_MONGODB_PASSWORD}@mongo1/${STACK}__hearth-dev?replicaSet=rs0 - logger__level=warn @@ -31,6 +32,7 @@ services: secrets: - jwt-public-key.{{STACK}}.{{ts}} environment: + - QA_ENV=true - HOST=0.0.0.0 - NODE_ENV=production - LANGUAGES=en,fr @@ -84,6 +86,7 @@ services: - 'traefik.http.routers.${STACK}__block-dashboard-queries.middlewares=${STACK}__block-internal-routes' replicas: 1 environment: + - QA_ENV=true - HOST=0.0.0.0 - NODE_ENV=production - FHIR_URL=http://hearth:3447/fhir @@ -96,6 +99,7 @@ services: - COUNTRY_CONFIG_URL=https://countryconfig.${STACK}.{{hostname}} - LOGIN_URL=https://login.${STACK}.{{hostname}} - CLIENT_APP_URL=https://register.${STACK}.{{hostname}} + - SENDER_EMAIL_ADDRESS=${SENDER_EMAIL_ADDRESS} # This needs to be the internal swarm url # as containers cannot connect to the web - GATEWAY_URL=http://gateway:7070 @@ -122,6 +126,7 @@ services: login: image: opencrvs/ocrvs-login:${VERSION} environment: + - QA_ENV=true - HOST=0.0.0.0 - COUNTRY_CONFIG_URL=https://countryconfig.${STACK}.{{hostname}} - CONTENT_SECURITY_POLICY_WILDCARD=${CONTENT_SECURITY_POLICY_WILDCARD} @@ -154,6 +159,7 @@ services: client: image: opencrvs/ocrvs-client:${VERSION} environment: + - QA_ENV=true - HOST=0.0.0.0 - DECLARED_DECLARATION_SEARCH_QUERY_COUNT=100 - COUNTRY_CONFIG_URL=https://countryconfig.${STACK}.{{hostname}} @@ -194,10 +200,12 @@ services: secrets: - jwt-public-key.{{STACK}}.{{ts}} environment: + - QA_ENV=true - HOST=0.0.0.0 - NODE_ENV=production - LANGUAGES=en,fr - SENTRY_DSN=${SENTRY_DSN:-} + - DISABLE_RATE_LIMIT=true - APN_SERVICE_URL=http://apm-server:8200 - CERT_PUBLIC_KEY_PATH=/run/secrets/jwt-public-key.{{STACK}}.{{ts}} - LOGIN_URL=https://login.${STACK}.{{hostname}} @@ -250,6 +258,7 @@ services: secrets: - jwt-public-key.{{STACK}}.{{ts}} environment: + - QA_ENV=true - HOST=0.0.0.0 - NODE_ENV=production - LANGUAGES=en,fr @@ -284,6 +293,7 @@ services: secrets: - jwt-public-key.{{STACK}}.{{ts}} environment: + - QA_ENV=true - HOST=0.0.0.0 - NODE_ENV=production - SENTRY_DSN=${SENTRY_DSN:-} @@ -314,6 +324,7 @@ services: volumes: - /data/vsexport:/usr/src/app/packages/metrics/src/scripts environment: + - QA_ENV=true - HOST=0.0.0.0 - NODE_ENV=production - SENTRY_DSN=${SENTRY_DSN:-} @@ -353,6 +364,7 @@ services: - jwt-public-key.{{STACK}}.{{ts}} - jwt-private-key.{{STACK}}.{{ts}} environment: + - QA_ENV=true - HOST=0.0.0.0 - NODE_ENV=production - SENTRY_DSN=${SENTRY_DSN:-} @@ -399,6 +411,7 @@ services: secrets: - jwt-public-key.{{STACK}}.{{ts}} environment: + - QA_ENV=true - HOST=0.0.0.0 - NODE_ENV=production - SENTRY_DSN=${SENTRY_DSN:-} @@ -429,6 +442,7 @@ services: secrets: - jwt-public-key.{{STACK}}.{{ts}} environment: + - QA_ENV=true - HOST=0.0.0.0 - NODE_ENV=production - SENTRY_DSN=${SENTRY_DSN:-} @@ -470,6 +484,7 @@ services: secrets: - jwt-public-key.{{STACK}}.{{ts}} environment: + - QA_ENV=true - HOST=0.0.0.0 - NODE_ENV=production - SENTRY_DSN=${SENTRY_DSN:-} @@ -525,6 +540,7 @@ services: secrets: - jwt-public-key.{{STACK}}.{{ts}} environment: + - QA_ENV=true - HOST=0.0.0.0 - NODE_ENV=production - APN_SERVICE_URL=http://apm-server:8200 @@ -548,6 +564,7 @@ services: scheduler: image: opencrvs/ocrvs-scheduler:${VERSION} environment: + - QA_ENV=true - NODE_ENV=production - METRICS_URL=http://metrics:1050 deploy: @@ -566,6 +583,7 @@ services: migration: image: opencrvs/ocrvs-migration:${VERSION} environment: + - QA_ENV=true - HOST=0.0.0.0 - ELASTICSEARCH_INDEX_NAME=ocrvs--${STACK} - USER_MGNT_MONGO_URL=mongodb://${STACK}__user-mgnt:${USER_MGNT_MONGODB_PASSWORD}@mongo1/${STACK}__user-mgnt?replicaSet=rs0 @@ -614,6 +632,7 @@ services: restart_policy: condition: none environment: + - QA_ENV=true - HOST=0.0.0.0 - REPLICAS=1 - DATABASE_PREFIX=${STACK} @@ -646,6 +665,7 @@ services: - overlay_net - dependencies_overlay_net environment: + - QA_ENV=true - HOST=0.0.0.0 # Note that only mongo1 is used here on purpose for all environments # https://discourse.metabase.com/t/solved-add-mongodb-replicaset-database/7404/2 diff --git a/infrastructure/elasticsearch/roles/search_user.json b/infrastructure/elasticsearch/roles/search_user.json index da60cdeb..379bbed6 100644 --- a/infrastructure/elasticsearch/roles/search_user.json +++ b/infrastructure/elasticsearch/roles/search_user.json @@ -2,7 +2,7 @@ "cluster": ["manage"], "indices": [ { - "names": ["ocrvs", "ocrvs-*"], + "names": ["*__ocrvs", "ocrvs", "ocrvs-*", "ocrvs--*"], "privileges": [ "write", "create", diff --git a/infrastructure/mongodb/on-deploy.sh b/infrastructure/mongodb/on-deploy.sh index 160d8a30..b1b6f80e 100755 --- a/infrastructure/mongodb/on-deploy.sh +++ b/infrastructure/mongodb/on-deploy.sh @@ -120,7 +120,7 @@ if [[ $HEARTH_USER != "FOUND" ]]; then db.createUser({ user: '${DATABASE_PREFIX}__hearth', pwd: '$HEARTH_MONGODB_PASSWORD', - roles: [{ role: 'readWrite', db: "${DATABASE_PREFIX}__hearth" }, { role: 'readWrite', db: "${DATABASE_PREFIX}__performance" }, { role: 'readWrite', db: "${DATABASE_PREFIX}__hearth-dev" }] + roles: [{ role: 'readWrite', db: "${DATABASE_PREFIX}__hearth" }, { role: 'readWrite', db: "performance" }, { role: 'readWrite', db: "${DATABASE_PREFIX}__performance" }, { role: 'readWrite', db: "${DATABASE_PREFIX}__hearth-dev" }] }) use performance db.createUser({ @@ -135,7 +135,7 @@ else use ${DATABASE_PREFIX}__hearth-dev db.updateUser('${DATABASE_PREFIX}__hearth', { pwd: '$HEARTH_MONGODB_PASSWORD', - roles: [{ role: 'readWrite', db: "${DATABASE_PREFIX}__hearth" }, { role: 'readWrite', db: "${DATABASE_PREFIX}__performance" }, { role: 'readWrite', db: "${DATABASE_PREFIX}__hearth-dev" }] + roles: [{ role: 'readWrite', db: "${DATABASE_PREFIX}__hearth" }, { role: 'readWrite', db: "performance" }, { role: 'readWrite', db: "${DATABASE_PREFIX}__performance" }, { role: 'readWrite', db: "${DATABASE_PREFIX}__hearth-dev" }] }) use performance db.updateUser('${DATABASE_PREFIX}__hearth', { diff --git a/infrastructure/run-migrations.sh b/infrastructure/run-migrations.sh index 0935bb44..91cc1c38 100755 --- a/infrastructure/run-migrations.sh +++ b/infrastructure/run-migrations.sh @@ -8,22 +8,7 @@ # Copyright (C) The OpenCRVS Authors located at https://github.com/opencrvs/opencrvs-core/blob/master/AUTHORS. set -e -print_usage_and_exit () { - echo 'Usage: ./run-migrations.sh' - echo "" - echo "If your Elasticsearch is password protected, an admin user's credentials can be given as environment variables:" - echo "ELASTICSEARCH_ADMIN_USER=your_user ELASTICSEARCH_ADMIN_PASSWORD=your_pass" - exit 1 - exit 1 -} - -elasticsearch_host() { - if [ ! -z ${ELASTICSEARCH_ADMIN_USER+x} ] || [ ! -z ${ELASTICSEARCH_ADMIN_PASSWORD+x} ]; then - echo "$ELASTICSEARCH_ADMIN_USER:$ELASTICSEARCH_ADMIN_PASSWORD@elasticsearch:9200"; - else - echo "elasticsearch:9200"; - fi -} +STACK=$1 # run migration by restarting migration service -docker service update --force --update-parallelism 1 --update-delay 30s $STACK_migration +docker service update --force --update-parallelism 1 --update-delay 30s "${STACK}_migration"