Merge branch 'main' into chore/jump-host

.github/workflows/.deploy_stack.yml

@@ -0,0 +1,106 @@
+name: .Deploy Stack
+
+on:
+  workflow_call:
+    inputs:
+      ### Required
+      environment_name:
+        description: 'The name of the environment to deploy to'
+        required: true
+        default: 'dev'
+        type: string
+      command:
+        description: 'The terragrunt command to run'
+        required: true
+        default: 'apply'
+        type: string
+      tag:
+        description: 'The tag of the containers to deploy'
+        default: 'latest'
+        type: string
+        required: false
+      app_env:
+        required: false
+        type: string
+        description: 'The APP env separates between AWS ENV and Actual APP, since AWS dev is where PR, and TEST is deployed'
+    outputs:
+      API_GW_URL: 
+        value: ${{ jobs.deploy-api.outputs.API_GW_URL }}
+      S3_BUCKET_ARN:
+        value: ${{ jobs.deploy-cloudfront.outputs.S3_BUCKET_ARN }}
+      CF_DOMAIN:
+        value: ${{ jobs.deploy-cloudfront.outputs.CF_DOMAIN }}
+      CF_DISTRIBUTION_ID:
+        value: ${{ jobs.deploy-cloudfront.outputs.CF_DISTRIBUTION_ID }}
+env:
+    AWS_REGION: ca-central-1
+jobs:
+  stack-prefix:
+    name: Stack Prefix
+    uses: ./.github/workflows/.stack-prefix.yml
+  deploy-db:
+    name: Deploys Database
+    needs: [stack-prefix]
+    uses: ./.github/workflows/.deployer.yml
+    with:
+      environment_name: ${{ inputs.environment_name }}
+      command: ${{ inputs.command }}
+      working_directory: database
+      app_env: ${{ inputs.app_env }}
+      stack_prefix: ${{ needs.stack-prefix.outputs.stack_prefix }}
+    secrets: inherit
+  deploy-api:
+    name: Deploys API
+    needs: [deploy-db, stack-prefix]
+    uses: ./.github/workflows/.deployer.yml
+    with:
+      environment_name: ${{ inputs.environment_name }}
+      command: ${{ inputs.command }}
+      tag: ${{ inputs.tag }}
+      app_env: ${{ inputs.app_env }}
+      working_directory: api
+      stack_prefix: ${{ needs.stack-prefix.outputs.stack_prefix }}
+    secrets: inherit
+  deploy-cloudfront:
+    name: Deploys Cloudfront
+    needs: [stack-prefix]
+    uses: ./.github/workflows/.deployer.yml
+    with:
+      environment_name: ${{ inputs.environment_name }}
+      command: ${{ inputs.command }}
+      tag: ${{ inputs.tag }}
+      app_env: ${{ inputs.app_env }}
+      working_directory: frontend
+      stack_prefix: ${{ needs.stack-prefix.outputs.stack_prefix }}
+    secrets: inherit
+  build-ui:
+    name: Build And upload UI to s3 ${{ inputs.environment_name }}
+    environment: ${{ inputs.environment_name }}
+    if: ${{ inputs.command == 'apply' }}
+    needs: [deploy-api, deploy-cloudfront]
+    runs-on: ubuntu-24.04
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: setup node
+        uses: actions/setup-node@v4
+        with:
+          node-version: '22'
+          cache: 'npm'
+          cache-dependency-path: frontend/package-lock.json
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+            role-to-assume: ${{ secrets.AWS_DEPLOY_ROLE_ARN }}
+            aws-region: ${{ env.AWS_REGION }}
+      - name: Build And Update UI (CF)
+        working-directory: frontend
+        env:
+          VITE_API_BASE_URL: ${{ needs.deploy-api.outputs.API_GW_URL }}/api
+          S3_BUCKET_ARN: ${{ needs.deploy-cloudfront.outputs.S3_BUCKET_ARN }}
+          CF_DISTRIBUTION_ID: ${{ needs.deploy-cloudfront.outputs.CF_DISTRIBUTION_ID }}
+        run: |
+          npm run deploy
+          aws s3 sync --delete ./dist s3://$(echo "$S3_BUCKET_ARN" | cut -d: -f6)
+          aws cloudfront create-invalidation --distribution-id $CF_DISTRIBUTION_ID --paths "/*"

.github/workflows/.deployer.yml

@@ -28,6 +28,10 @@ on:
         required: false
         type: string
         description: 'The APP env separates between AWS ENV and Actual APP, since AWS dev is where PR, and TEST is deployed'
+      stack_prefix:
+        required: true
+        type: string
+        description: 'The stack prefix to use for the resources'
     outputs:
       API_GW_URL: 
         value: ${{ jobs.infra.outputs.API_GW_URL }}
@@ -80,6 +84,7 @@ jobs:
           flyway_image: ghcr.io/${{github.repository}}/migrations:${{inputs.tag}}
           api_image: ghcr.io/${{github.repository}}/backend:${{inputs.tag}}
           app_env: ${{inputs.app_env}}
+          stack_prefix: ${{ inputs.stack_prefix }}
       run: |
           # Run terraform
           terragrunt run-all ${{inputs.command}} --terragrunt-non-interactive
@@ -93,6 +98,7 @@ jobs:
           flyway_image: ghcr.io/${{github.repository}}/migrations:${{inputs.tag}}
           api_image: ghcr.io/${{github.repository}}/backend:${{inputs.tag}}
           app_env: ${{inputs.app_env}}
+          stack_prefix: ${{ inputs.stack_prefix }}
       run: |
           terragrunt output -json > outputs.json
           #print the output
@@ -109,6 +115,7 @@ jobs:
           flyway_image: ghcr.io/${{github.repository}}/migrations:${{inputs.tag}}
           api_image: ghcr.io/${{github.repository}}/backend:${{inputs.tag}}
           app_env: ${{inputs.app_env}}
+          stack_prefix: ${{ inputs.stack_prefix }}
       run: |
           terragrunt output -json > outputs.json
           #print the output

.github/workflows/.e2e.yml

@@ -0,0 +1,63 @@
+name: .E2E
+on:
+  workflow_call:
+    inputs:
+      frontend_url:
+        description: 'The URL of the frontend to test'
+        required: true
+        type: string
+      tag:
+        description: 'The tag of the containers to test'
+        default: 'latest'
+        type: string
+        required: false
+jobs:
+  e2e-tests:
+    name: E2E Tests
+    runs-on: ubuntu-24.04
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Run Docker compose
+        if: ${{ inputs.frontend_url == 'http://localhost:3000' }}
+        env:
+          BACKEND_IMAGE: ghcr.io/${{ github.repository }}/backend:${{ inputs.tag }}
+          FLYWAY_IMAGE: ghcr.io/${{ github.repository }}/migrations:${{ inputs.tag }}
+          FRONTEND_IMAGE: ghcr.io/${{ github.repository }}/frontend:${{ inputs.tag }}
+        run: docker compose up -d --wait
+        continue-on-error: true
+      - name: Docker Compose Logs
+        if:  ${{ inputs.frontend_url == 'http://localhost:3000' }}
+        run: docker compose logs
+      - name: Cache Playwright Browsers
+        uses: actions/cache@v4
+        id: playwright-cache
+        with:
+          path: |
+            ~/.cache/ms-playwright
+          key: ${{ runner.os }}-playwright-${{ hashFiles('**/package-lock.json') }}
+      - uses: actions/setup-node@v4
+        name: Setup Node
+        with:
+          node-version: 22
+          cache: 'npm'
+          cache-dependency-path: frontend/package-lock.json
+      - name: Fix permissions
+        run: sudo chown -R $USER:$USER frontend
+      - name: Install dependencies
+        working-directory: frontend
+        run: |
+          npm ci
+      - run: npx @playwright/test install --with-deps
+        if: steps.playwright-cache.outputs.cache-hit != 'true'
+        working-directory: ./frontend
+      - run: npx @playwright/test install-deps
+        if: steps.playwright-cache.outputs.cache-hit == 'true'
+        working-directory: ./frontend
+      - name: Run Tests
+        working-directory: frontend
+        env:
+          E2E_BASE_URL: ${{ inputs.frontend_url }}
+          CI: 'true'
+        run: |
+          npx playwright test --project="chromium" --reporter=blob

.github/workflows/.stack-prefix.yml

@@ -0,0 +1,52 @@
+name: .Stack Prefix
+on:
+  workflow_call:
+    outputs:
+      STACK_PREFIX: 
+        description: 'The Stack Prefix'
+        value: ${{ jobs.prefix.outputs.STACK_PREFIX }}
+jobs:
+  prefix:
+    name: Stack Prefix
+    runs-on: ubuntu-24.04
+    outputs:
+      STACK_PREFIX: ${{ steps.stack-prefix.outputs.STACK_PREFIX }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Generate Stack Prefix
+        id: stack-prefix
+        shell: bash
+        run: |
+          # Get repository name
+          REPO_NAME="${{ github.event.repository.name }}"
+
+          # If repo name is less than 20 characters, use it directly
+          if [[ ${#REPO_NAME} -lt 20 ]]; then
+            STACK_PREFIX="${REPO_NAME}"
+          else
+            # Split by hyphen or underscore and get first letter of each word
+            PREFIX=$(echo "$REPO_NAME" | 
+                    awk -v RS='[-_]' '{printf "%s", tolower(substr($0,1,1))}' | 
+                    tr -d '\n')
+
+            # Ensure at least 4 characters without repetition
+            while [[ ${#PREFIX} -lt 4 ]]; do
+              # Concatenate with the next letter in the sequence (avoiding randomness)
+              SUFFIX="${PREFIX: -1}"  # Get the last character of the current PREFIX
+              INDEX=$(( $(echo "$PREFIX" | grep -o "$SUFFIX" | wc -l) + 1 ))  # Get the index of the next character
+              NEXT_CHAR=$(echo "$PREFIX" | cut -c $INDEX)  # Get the next character
+              PREFIX="${PREFIX}${NEXT_CHAR}"
+            done
+
+            # Truncate if prefix exceeds 10 characters
+            if [[ ${#PREFIX} -gt 10 ]]; then
+              PREFIX="${PREFIX:0:10}"
+            fi
+
+            STACK_PREFIX="${PREFIX}"
+          fi
+
+          # Set output
+          echo "STACK_PREFIX=$STACK_PREFIX" >> $GITHUB_OUTPUT
+          echo "Generated prefix: $STACK_PREFIX"

.github/workflows/.tests.yml

@@ -20,7 +20,7 @@ jobs:
       postgres:
         image: postgres
         env:
-          POSTGRES_PASSWORD: postgres
+          POSTGRES_PASSWORD: default
         options: >-
           --health-cmd pg_isready
           --health-interval 10s
@@ -47,7 +47,7 @@ jobs:
           sonar_args: >
             -Dsonar.exclusions=**/coverage/**,**/node_modules/**,**/*spec.ts
             -Dsonar.organization=bcgov-sonarcloud
-            -Dsonar.projectKey=quickstart-openshift_${{ matrix.dir }}
+            -Dsonar.projectKey=quickstart-aws-containers_${{ matrix.dir }}
             -Dsonar.sources=src
             -Dsonar.tests.inclusions=**/*spec.ts
             -Dsonar.javascript.lcov.reportPaths=./coverage/lcov.info
@@ -76,46 +76,7 @@ jobs:
           sarif_file: "trivy-results.sarif"
   e2e:
     name: E2E Tests
-    runs-on: ubuntu-24.04
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-      - name: Run Docker compose
-        env:
-          BACKEND_IMAGE: ghcr.io/${{ github.repository }}/backend:${{ inputs.tag }}
-          FLYWAY_IMAGE: ghcr.io/${{ github.repository }}/migrations:${{ inputs.tag }}
-          FRONTEND_IMAGE: ghcr.io/${{ github.repository }}/frontend:${{ inputs.tag }}
-        run: docker compose up -d --wait
-        continue-on-error: true
-      - name: Cache Playwright Browsers
-        uses: actions/cache@v4
-        id: playwright-cache
-        with:
-          path: |
-            ~/.cache/ms-playwright
-          key: ${{ runner.os }}-playwright-${{ hashFiles('**/package-lock.json') }}
-      - uses: actions/setup-node@v4
-        name: Setup Node
-        with:
-          node-version: 22
-          cache: 'npm'
-          cache-dependency-path: frontend/package-lock.json
-      - name: Fix permissions
-        run: sudo chown -R $USER:$USER frontend
-      - name: Install dependencies
-        working-directory: frontend
-        run: |
-          npm ci
-      - run: npx @playwright/test install --with-deps
-        if: steps.playwright-cache.outputs.cache-hit != 'true'
-        working-directory: ./frontend
-      - run: npx @playwright/test install-deps
-        if: steps.playwright-cache.outputs.cache-hit == 'true'
-        working-directory: ./frontend
-      - name: Run Tests
-        working-directory: frontend
-        env:
-          E2E_BASE_URL: http://localhost:3000
-          CI: 'true'
-        run: |
-          npx playwright test --project="chromium" --reporter=blob
+    uses: ./.github/workflows/.e2e.yml
+    with:
+      FRONTEND_URL: http://localhost:3000
+      tag: ${{ inputs.tag }}