Merge pull request #1562 from swisstopo/develop

Release Candidate 1.1.0

Author: daniel-va

.env

@@ -1,14 +1,17 @@
-# Database
-PGUSER=www-data
-PGPASSWORD=www-data
-PGHOST=db
-PGPORT=5432
-PGDATABASE=swissgeol-local
-
-# SQLx
-DATABASE_URL=postgres://${PGUSER}:${PGPASSWORD}@${PGHOST}:${PGPORT}/${PGDATABASE}
-
-# S3
-S3_AWS_REGION=eu-west-1
-AWS_ACCESS_KEY_ID=minio
-AWS_SECRET_ACCESS_KEY=minio123
+# Database
+PGUSER=www-data
+PGPASSWORD=www-data
+PGHOST=db
+PGPORT=5432
+PGDATABASE=swissgeol-local
+
+# SQLx
+DATABASE_URL=postgres://${PGUSER}:${PGPASSWORD}@${PGHOST}:${PGPORT}/${PGDATABASE}
+
+# S3
+S3_AWS_REGION=eu-west-1
+AWS_ACCESS_KEY_ID=minio
+AWS_SECRET_ACCESS_KEY=minio123
+
+#DEBUG
+RUST_BACKTRACE=1

.github/ISSUE_TEMPLATE/1-issue.md

@@ -0,0 +1,20 @@
+---
+name: Issue
+about: Beschreibe eine neue Aufgabe
+title: ""
+labels: ""
+assignees: ""
+---
+
+**Beschreibung**
+
+Eine klare und präzise Beschreibung der Ausgangssituation, der Problematik sowie bereits bekannter Lösungsansätze.
+
+**Abgrenzung**
+
+Nicht beachtet in dieser Aufgabe wird die Suche nach der Frage.
+
+**Acceptance Criteria**
+
+- [ ] Die Antwort muss 42 sein.
+- [ ] ...

.github/ISSUE_TEMPLATE/2-bug.md

@@ -0,0 +1,34 @@
+---
+name: Bug
+about: Melde einen neuen Bug
+title: "Bug: "
+labels: bug
+assignees: ""
+---
+
+**Beschreibung**
+Eine klare und präzise Beschreibung des Problems.
+
+**Schritte zum Reproduzieren**
+
+1. Gehe zur Seite '....'
+2. Klicke auf '....'
+3. Scrolle zu '....'
+4. Ein Fehler erscheint
+
+**Beobachtetes Verhalten**
+Eine Beschreibung des Fehlverhaltens.
+
+**Erwartetes Verhalten**
+Eine Beschreibung des eigentlich erwarteten Verhaltens
+
+**Screenshots**
+Zeige Screenshots, wenn vorhanden und hilfreich.
+
+**Plattform**
+Falls relevant:
+
+- Device: [e.g. Desktop, iPhone6]
+- OS: [e.g. Windows, iOS8.1]
+- Browser [e.g. firefox, edge]
+- Mobile Version [e.g. 22]

.github/actions/create-image/action.yaml

@@ -69,3 +69,5 @@ runs:
         no-cache: true
         build-args: |
           APP_VERSION=${{ inputs.VERSION }}
+        secrets: |
+          github_token=${{ inputs.GITHUB_TOKEN }}

.github/actions/deploy-k8s-chart/action.yaml

@@ -0,0 +1,61 @@
+name: "Deploy K8s Chart"
+description: "Deploys a Kubernetes Chart"
+inputs:
+  TARGET_ENV:
+    description: "The environment to which the chart is deployed."
+    required: true
+  DEPLOYMENT_NAME:
+    description: "The deployment's name under which it will appear in Kubernetes."
+    required: true
+  REPO_PATH:
+    description: "The path at which the Helm charts can be found within the repo."
+    required: true
+  VAULT_PATH:
+    description: "The path at which the chart's secrets can be found within the Vault."
+    required: true
+
+runs:
+  using: "composite"
+  steps:
+    - name: "Load secrets"
+      id: load-secrets
+      uses: hashicorp/vault-action@v3
+      with:
+        url: https://swisstopo-vault-public-vault-d680830d.382257a9.z1.hashicorp.cloud:8200
+        method: jwt
+        namespace: admin/igi/igi-cloud/swisstopo-ngm
+        secrets: |
+          viewer/data/${{ inputs.TARGET_ENV }}                          kubeconfig   | KUBECONFIG;
+          viewer/data/${{ inputs.TARGET_ENV }}/${{ inputs.VAULT_PATH }} helm_values  | HELM_VALUES;
+          viewer/data/${{ inputs.TARGET_ENV }}/${{ inputs.VAULT_PATH }} helm_secrets | HELM_SECRETS;
+          viewer/data/${{ inputs.TARGET_ENV }}/${{ inputs.VAULT_PATH }} namespace    | K8S_NAMESPACE;
+
+    - name: "Write values to file"
+      shell: bash
+      run: |
+        cat <<'EOF' > ./k8s/values.yaml
+        ${{ env.HELM_VALUES }}
+        EOF
+
+    - name: "Write secrets to file"
+      shell: bash
+      run: |
+        cat <<'EOF' > ./k8s/secrets.yaml
+        ${{ env.HELM_SECRETS }}
+        EOF
+
+    - name: "Write kubeconfig to file"
+      shell: bash
+      run: |
+        cat <<'EOF' > kubeconfig.yaml
+        ${{ env.KUBECONFIG }}
+        EOF
+
+    - name: "Deploy helm charts"
+      shell: bash
+      run: |
+        helm upgrade --install ${{ inputs.DEPLOYMENT_NAME }} ${{ inputs.REPO_PATH }} \
+          --values ./k8s/values.yaml \
+          --values ./k8s/secrets.yaml \
+          --kubeconfig $(pwd)/kubeconfig.yaml \
+          --namespace ${{ env.K8S_NAMESPACE }}

.github/actions/deploy-k8s-suite/action.yaml

@@ -0,0 +1,36 @@
+name: "Deploy K8s Suite"
+description: "Deploys an entire Viewer Suite to K8s"
+inputs:
+  TARGET_ENV:
+    description: "The environment to which the chart is deployed."
+    required: true
+  AWS_ROLE:
+    description: "The AWS role to assume."
+    required: true
+  AWS_REGION:
+    description: "The AWS region to deploy to."
+    required: true
+
+runs:
+  using: "composite"
+  steps:
+    - name: "Setup kubectl"
+      uses: azure/setup-kubectl@v4
+    - name: "Install helm"
+      uses: azure/setup-helm@v4
+    - name: "Configure AWS credentials from AWS account"
+      uses: aws-actions/configure-aws-credentials@v4
+      with:
+        role-to-assume: ${{ inputs.AWS_ROLE }}
+        aws-region: ${{ inputs.AWS_REGION }}
+        role-session-name: GitHub-OIDC
+        retry-max-attempts: 3
+
+    - name: "Deploy viewer"
+      uses: ./.github/actions/deploy-k8s-chart
+      with:
+        TARGET_ENV: ${{ inputs.TARGET_ENV }}
+        DEPLOYMENT_NAME: "swissgeol-viewer"
+        REPO_PATH: ./k8s
+        VAULT_PATH: "viewer"
+

.github/scripts/wait_for_service.sh

@@ -9,7 +9,7 @@ if [ ! -n "$SERVICE_NAME" ]; then
 fi
 
 for i in $(seq 1 $MAX_RETRY_COUNT); do
-  if [ "$(docker inspect -f '{{.State.Health.Status}}' "swissgeol-viewer-app-$SERVICE_NAME-1")" == "healthy" ]; then
+  if [ "$(docker inspect -f '{{.State.Health.Status}}' "swissgeol-viewer-suite-$SERVICE_NAME-1")" == "healthy" ]; then
     echo "Service $SERVICE_NAME is healthy!"
     exit 0
   else

.github/workflows/code-quality.yml

@@ -74,6 +74,8 @@ jobs:
           restore-keys: |
             ${{ runner.os }}-node_modules-
       - name: Install node dependencies
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: cd ui && npm ci
 
 

.github/workflows/deploy-k8s.yml

@@ -0,0 +1,43 @@
+name: Deploy K8s
+
+on:
+  workflow_dispatch:
+    inputs:
+      env:
+        type: choice
+        description: The environment to which the Kubernetes config is deployed.
+        options:
+          - dev
+          - int
+          - prod
+
+permissions:
+  contents: read
+  id-token: write
+
+env:
+  TARGET_ENV: ${{ github.event.inputs.env || 'dev' }}
+
+jobs:
+  deploy-viewer:
+    name: "deploy viewer"
+    runs-on: ubuntu-latest
+    steps:
+      - name: "Select AWS_ROLE"
+        id: select-aws-role
+        env:
+          DEV_ROLE: ${{ secrets.AWS_ROLE_DEV }}
+          INT_ROLE: ${{ secrets.AWS_ROLE_INT }}
+          PROD_ROLE: ${{ secrets.AWS_ROLE_PROD }}
+        run: |
+          VAR_NAME="${TARGET_ENV^^}_ROLE"
+          AWS_ROLE="${!VAR_NAME}"
+          echo "AWS_ROLE=$AWS_ROLE" >> $GITHUB_OUTPUT
+      - name: "Checkout repository"
+        uses: actions/checkout@v4
+      - name: "Deploy"
+        uses: ./.github/actions/deploy-k8s-suite
+        with:
+          TARGET_ENV: ${{ env.TARGET_ENV }}
+          AWS_ROLE: ${{ steps.select-aws-role.outputs.AWS_ROLE }}
+          AWS_REGION: ${{ secrets.AWS_REGION }}

.github/workflows/deploy.yml

@@ -0,0 +1,33 @@
+name: Fetch Earthquakes
+
+on:
+  workflow_dispatch:
+
+  # Run this workflow every night
+  schedule:
+    - cron:  '0 10 * * *'
+
+jobs:
+  fetch-earthquakes:
+    name: "fetch earthquakes"
+    runs-on: ubuntu-latest
+    env:
+      GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
+      AWS_ACCESS_KEY_ID: ${{secrets.AWS_ACCESS_KEY_ID_DOWNLOAD}}
+      AWS_SECRET_ACCESS_KEY: ${{secrets.AWS_SECRET_ACCESS_KEY_DOWNLOAD}}
+      AWS_DEFAULT_REGION: eu-west-1
+    steps:
+      - name: 'Fetch last 90 days'
+        run: |
+          FILENAME="earthquakes_last_90d.txt"
+          STARTTIME=$(date -d '-90 days' +'%FT%H:%M:%S')
+          ENDTIME=$(date +'%FT%H:%M:%S')
+          curl --fail "http://arclink.ethz.ch/fdsnws/event/1/query?starttime=$STARTTIME&endtime=$ENDTIME&minmagnitude=1&format=text&nodata=404&EventType=earthquake" > $FILENAME    
+          aws s3 --debug cp --cache-control no-cache $FILENAME s3://ngmpub-download-bgdi-ch/earthquakes/
+      - name: 'Fetch all with a magnitude greater than three'
+        run: |
+          FILENAME="earthquakes_magnitude_gt_3.txt"
+          STARTTIME="1979-01-01T00:00:00"
+          ENDTIME=$(date +'%FT%H:%M:%S')
+          curl --fail "http://arclink.ethz.ch/fdsnws/event/1/query?starttime=$STARTTIME&endtime=$ENDTIME&minmagnitude=3&format=text&nodata=404&EventType=earthquake" > $FILENAME
+          aws s3 --debug cp --cache-control no-cache $FILENAME s3://ngmpub-download-bgdi-ch/earthquakes/