Web CI and CD Workflow Pipelines

.github/workflows/actions/build-web/action.yml

@@ -0,0 +1,38 @@
+name: Build Web
+description: Builds the Web codebase
+
+inputs:
+  working_directory:
+    description: The working directory where the code will be built.
+    required: true
+  node_version:
+    description: The node version that will be used.
+    required: true
+
+runs:
+  using: composite
+
+  steps:
+    - name: Use Node.js ${{ inputs.node_version }}
+      uses: actions/setup-node@v1
+      with:
+        node-version: ${{ inputs.node_version }}
+
+    - run: npm ci
+      shell: bash
+      working-directory: ${{ inputs.working_directory }}
+
+    # Lint errors exists from SCC and will be worked on separately.
+    - run: npm run lint
+      shell: bash
+      working-directory: ${{ inputs.working_directory }}
+      continue-on-error: true
+
+    - run: npm run build
+      shell: bash
+      working-directory: ${{ inputs.working_directory }}
+
+    # Unit test is not configured in SCC and will be worked on separately.
+    - run: npm run test --if-present
+      shell: bash
+      working-directory: ${{ inputs.working_directory }}

.github/workflows/actions/deploy-to-aws/action.yml

@@ -0,0 +1,64 @@
+name: Deploy to AWS
+description: Deploy image to AWS Instance
+
+inputs:
+  environment:
+    description: The environment to which the image will be deployed.
+    required: true
+  aws_account:
+    description: The AWS Account ID.
+    required: true
+  region:
+    description: The AWS Region of the AWS Account.
+    required: true
+  app_name:
+    description: The application name.
+    required: true
+  aws_role_arn:
+    description: The AWS Role ARN to assume.
+    required: true
+
+  # Image parameters
+  ghcr_token:
+    description: The token to use to login to the GHCR.
+    required: true
+  github_image_repo:
+    description: The GCHR repo where images are stored.
+    required: true
+  image_name:
+    description: The name of the image to be deployed.
+    required: true
+  image_digest:
+    description: The digest of the image to be deployed. Identifies the unique image tag in the GHCR.
+    required: true
+
+runs:
+  using: composite
+  steps:
+    - name: Log in to the GHCR
+      uses: docker/login-action@v2
+      with:
+        registry: ghcr.io
+        username: ${{ github.actor }}
+        password: ${{ inputs.ghcr_token }}
+
+    - name: Configure AWS credentials
+      uses: aws-actions/configure-aws-credentials@v4
+      with:
+        role-skip-session-tagging: true
+        aws-region: ${{ inputs.region }}
+        role-to-assume: ${{ inputs.aws_role_arn }}
+        role-duration-seconds: 1800
+        role-session-name: ci-deployment
+
+    - name: Login to AWS CLI
+      shell: bash
+      run: |
+        aws ecr get-login-password --region ${{ inputs.region }} | docker login --username AWS --password-stdin ${{ inputs.aws_account }}.dkr.ecr.${{ inputs.region }}.amazonaws.com/${{ inputs.app_name }}-ecr-repo-${{ inputs.environment }}
+
+    - name: Tag the image in the GHCR as ${{ inputs.environment }}
+      shell: bash
+      run: |
+        docker pull ${{ inputs.github_image_repo }}${{ inputs.image_name }}@${{ inputs.image_digest }}
+        docker tag ${{ inputs.github_image_repo }}${{ inputs.image_name }}@${{ inputs.image_digest }} ${{ inputs.aws_account }}.dkr.ecr.${{ inputs.region }}.amazonaws.com/${{ inputs.app_name }}-ecr-repo-${{ inputs.environment }}:${{ inputs.image_name }}
+        docker push ${{ inputs.aws_account }}.dkr.ecr.${{ inputs.region }}.amazonaws.com/${{ inputs.app_name }}-ecr-repo-${{ inputs.environment }}:${{ inputs.image_name }}

.github/workflows/build-and-test-web.yml

@@ -0,0 +1,30 @@
+name: Build and Test Web
+
+on:
+  pull_request:
+    branches:
+      - master
+    paths:
+      - "web/**"
+
+  workflow_dispatch:
+
+env:
+  WORKING_DIRECTORY: ./web
+
+jobs:
+  build-and-test:
+    runs-on: ubuntu-latest
+
+    strategy:
+      matrix:
+        node-version: [12.x]
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Building Web codebase
+        uses: ./.github/workflows/actions/build-web
+        with:
+          working_directory: ${{ env.WORKING_DIRECTORY }}
+          node_version: ${{ matrix.node-version }}

.github/workflows/publish-web.yml

@@ -0,0 +1,153 @@
+name: Deploy Web
+
+on:
+  push:
+    branches:
+      - master
+    paths:
+      - "web/**"
+
+  workflow_dispatch:
+
+env:
+  WORKING_DIRECTORY: ./web
+  IMAGE_NAME: web
+  GITHUB_IMAGE_REPO: ghcr.io/bcgov/jasper/
+  WEB_BASE_HREF: /
+
+jobs:
+  build:
+    name: Build, Create and Push Image
+    runs-on: ubuntu-latest
+    outputs:
+      image_digest: ${{ steps.docker_push.outputs.digest }}
+
+    strategy:
+      matrix:
+        node-major-version: [12]
+        node-minor-version: [x]
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Building Web codebase
+        uses: ./.github/workflows/actions/build-web
+        with:
+          working_directory: ${{ env.WORKING_DIRECTORY }}
+          node_version: ${{ matrix.node-major-version }}.${{ matrix.node-minor-version }}
+
+      - name: Log in to the GHCR
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Get short SHA
+        id: short_sha
+        run: |
+          echo "::set-output name=SHORT_SHA::$(git rev-parse --short HEAD)"
+          echo "Short SHA: $SHORT_SHA"
+
+      - name: Build Docker Image
+        working-directory: ${{env.WORKING_DIRECTORY}}/../
+        run: |
+          docker build --tag web-runtime -f docker/nginx-runtime/Dockerfile ./docker/nginx-runtime/
+          docker build --tag web-artifacts --build-arg node_version=${{ matrix.node-major-version }} --build-arg WEB_BASE_HREF=${{ env.WEB_BASE_HREF }} -f docker/web/Dockerfile . 
+          docker build --tag ${{ env.IMAGE_NAME }} -f docker/vue-on-nginx/Dockerfile ./docker/vue-on-nginx/
+          docker tag ${{ env.IMAGE_NAME }} ${{ env.GITHUB_IMAGE_REPO }}${{ env.IMAGE_NAME }}:${{ steps.short_sha.outputs.SHORT_SHA }}
+
+      - name: Push Image to GCHR
+        id: docker_push
+        run: |
+          output=$(docker push ${{ env.GITHUB_IMAGE_REPO }}${{ env.IMAGE_NAME }}:${{ steps.short_sha.outputs.SHORT_SHA }})
+          echo $output
+          digest=$(echo "$output" | grep "digest: sha256" | awk '{ print $3 }')
+          echo "digest=$digest" >> $GITHUB_OUTPUT
+
+  deploy2dev:
+    name: Deploy to DEV
+    needs: build
+    env:
+      ENVIRONMENT: dev
+    permissions:
+      id-token: write
+      packages: write
+    runs-on: ubuntu-latest
+    environment: dev
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Deploy to ${{ env.ENVIRONMENT }}
+        uses: ./.github/workflows/actions/deploy-to-aws
+        with:
+          environment: ${{ env.ENVIRONMENT }}
+          aws_account: ${{ vars.AWS_ACCOUNT }}
+          region: ${{ vars.AWS_REGION }}
+          app_name: ${{ vars.APP_NAME }}
+          aws_role_arn: ${{ vars.AWS_ROLE_ARN }}
+          ghcr_token: ${{ secrets.GITHUB_TOKEN }}
+          github_image_repo: ${{ env.GITHUB_IMAGE_REPO }}
+          image_name: ${{ env.IMAGE_NAME  }}
+          image_digest: ${{ needs.build.outputs.image_digest }}
+
+  deploy2test:
+    name: Deploy to TEST
+    needs: [build, deploy2dev]
+    env:
+      ENVIRONMENT: test
+    permissions:
+      id-token: write
+      packages: write
+    runs-on: ubuntu-latest
+    environment: test
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      # Uncomment when infra in AWS in TEST environment has been configured
+      # - name: Deploy to ${{ env.ENVIRONMENT }}
+      #   uses: ./.github/workflows/actions/deploy-to-aws
+      #   with:
+      #     environment: ${{ env.ENVIRONMENT }}
+      #     aws_account: ${{ vars.AWS_ACCOUNT }}
+      #     region: ${{ vars.AWS_REGION }}
+      #     app_name: ${{ vars.APP_NAME }}
+      #     aws_role_arn: ${{ vars.AWS_ROLE_ARN }}
+      #     ghcr_token: ${{ secrets.GITHUB_TOKEN }}
+      #     github_image_repo: ${{ env.GITHUB_IMAGE_REPO }}
+      #     image_name: ${{ env.IMAGE_NAME  }}
+      #     image_digest: ${{ needs.build.outputs.image_digest }}
+
+  deploy2prod:
+    name: Deploy to PROD
+    needs: [build, deploy2dev, deploy2test]
+    env:
+      ENVIRONMENT: prod
+    permissions:
+      id-token: write
+      packages: write
+    runs-on: ubuntu-latest
+    environment: prod
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      # Uncomment when infra in AWS in PROD environment has been configured
+      # - name: Deploy to ${{ env.ENVIRONMENT }}
+      #   uses: ./.github/workflows/actions/deploy-to-aws
+      #   with:
+      #     environment: ${{ env.ENVIRONMENT }}
+      #     aws_account: ${{ vars.AWS_ACCOUNT }}
+      #     region: ${{ vars.AWS_REGION }}
+      #     app_name: ${{ vars.APP_NAME }}
+      #     aws_role_arn: ${{ vars.AWS_ROLE_ARN }}
+      #     ghcr_token: ${{ secrets.GITHUB_TOKEN }}
+      #     github_image_repo: ${{ env.GITHUB_IMAGE_REPO }}
+      #     image_name: ${{ env.IMAGE_NAME  }}
+      #     image_digest: ${{ needs.build.outputs.image_digest }}

docker/vue-on-nginx/Dockerfile

@@ -12,6 +12,7 @@ COPY ./s2i/bin/fix-base-url /usr/libexec/s2i/fix-base-url
 # Fix permissions.
 USER root
 RUN chmod 674 /usr/libexec/s2i/fix-base-url
+RUN chmod -R 674 /tmp/app/dist/
 
 # From nginx-runtime.
 USER 104

docker/web/Dockerfile

@@ -0,0 +1,12 @@
+ARG node_version=10
+ARG WEB_BASE_HREF=/
+FROM centos/nodejs-${node_version}-centos7:${node_version}
+ENV WEB_BASE_HREF=${WEB_BASE_HREF}
+ENV WEB1_BASE_HREF=${WEB_BASE_HREF}
+WORKDIR /opt/app-root/src
+COPY ../../web .
+RUN echo "$WEB1_BASE_HREF"
+RUN echo "$WEB_BASE_HREF"
+USER root
+RUN npm install
+RUN npm run build 

web/package.json

@@ -3,7 +3,6 @@
   "version": "0.1.0",
   "private": true,
   "scripts": {
-    "preinstall": "npx npm-force-resolutions",
     "serve": "cross-env WEB_BASE_HREF='/' vue-cli-service serve",
     "build": "vue-cli-service build",
     "clean": "",