Add dev-env&test-env branches; update ROS report query; add KeyCloak login option

.github/workflows/format.yml

@@ -1,7 +1,7 @@
 name: Check format of code base
 on:
   pull_request:
-    types: [opened, synchronize]
+    types: [opened, synchronize, reopened]
 
 jobs:
   premerge:

.github/workflows/build.yml → .github/workflows/promote-dev.yml

@@ -1,14 +1,34 @@
 # Build and Deploy to dev env.
-# Trigger with tag dev
-# Connected with repo environment 'dev'
-name: OpenShift Build and Deploy to Dev with OWSAP ZAP SCAN
+# Trigger with branch dev-env or manual dispatch
+
+# Example Scenarios
+#   Automatic Deployment:
+#     Someone pushes to dev-env
+#     Workflow triggers automatically
+#     github.event.inputs.ref is empty
+#     Code is checked out from github.ref (dev-env branch)
+#   Manual Deployment from Feature Branch:
+#     User manually triggers workflow
+#     Selects "feature/feature-name" in the ref input
+#     Code is checked out from "feature/feature-name"
+#     Deployment proceeds with that code
+
+name: OpenShift Deploy/Promotion to Dev with OWSAP ZAP SCAN
 
 on:
+  workflow_dispatch:
+    inputs:
+      reason:
+        description: 'Reason for manual deployment'
+        required: true
+        default: 'Manual dev deployment'
+      ref:
+        description: 'Branch to deploy (default: dev-env)'
+        required: false
+        default: 'dev-env'
   push:
     branches:
-      - master
-    tags:
-      - dev
+      - dev-env
 
 env:
   CLUSTER: https://api.silver.devops.gov.bc.ca:6443
@@ -25,6 +45,8 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v2
+        with:
+          ref: ${{ github.event.inputs.ref || github.ref }}
 
       - name: Install OpenShift CLI
         uses: redhat-actions/openshift-tools-installer@v1
@@ -46,19 +68,28 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v2
+        with:
+          ref: ${{ github.event.inputs.ref || github.ref }}
+          fetch-depth: 0
 
       - name: Install OpenShift CLI
         uses: redhat-actions/openshift-tools-installer@v1
         with:
           oc: latest
 
+      - name: Get previous commit
+        id: get-prev-commit
+        run: echo "prev_commit=$(git rev-parse HEAD^)" >> $GITHUB_OUTPUT
+
       - uses: dorny/paths-filter@v2
         id: changes
         with:
           filters: |
             src:
               - 'openshift/**'
-          base: ${{ github.ref }}
+          # github.event.before is the SHA of the commit before the push event (only available during push events)
+          # steps.get-prev-commit.outputs.prev_commit contains the SHA of the parent commit (one before the current commit)
+          base: ${{ github.event.before || steps.get-prev-commit.outputs.prev_commit }}
       - name: Dry run - Dev
         env:
           OS_NAMESPACE_SUFFIX: dev
@@ -85,17 +116,27 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v2
+        with:
+          ref: ${{ github.event.inputs.ref || github.ref }}
+          fetch-depth: 0
       - name: Install OpenShift CLI
         uses: redhat-actions/openshift-tools-installer@v1
         with:
           oc: latest
+
+      - name: Get previous commit
+        id: get-prev-commit
+        run: echo "prev_commit=$(git rev-parse HEAD^)" >> $GITHUB_OUTPUT
+
       - uses: dorny/paths-filter@v2
         id: changes
         with:
           filters: |
             src:
               - 'openshift/**'
-          base: ${{ github.ref}}
+          # github.event.before is the SHA of the commit before the push event (only available during push events)
+          # steps.get-prev-commit.outputs.prev_commit contains the SHA of the parent commit (one before the current commit)
+          base: ${{ github.event.before || steps.get-prev-commit.outputs.prev_commit }}
       - name: Apply Changes
         env:
           OS_NAMESPACE_SUFFIX: dev
@@ -115,6 +156,8 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v2
+        with:
+          ref: ${{ github.event.inputs.ref || github.ref }}
       - name: Install OpenShift CLI
         uses: redhat-actions/openshift-tools-installer@v1
         with:

.github/workflows/promote-test.yml

@@ -1,12 +1,25 @@
 # Promotion to test env.
-# Trigger with tag push
-# Connected with repo environment 'test'
+# Trigger with manual dispatch only
+#
+# Deployment Process:
+#   User manually triggers workflow
+#   Provides ticket number in the reason field
+#   Workflow checks for OpenShift config changes
+#   Requires approval from environment protection rules
+#   Deploys the selected branch to test environment
 name: OpenShift Deploy/Promotion to Test
 
 on:
-  push:
-    tags:
-      - test
+  workflow_dispatch:
+    inputs:
+      reason:
+        description: 'Reason for deployment to test (include ticket number)'
+        required: true
+        default: 'BCMOHAM-XXXXX: Test deployment'
+      ref:
+        description: 'Branch to deploy (default: test-env)'
+        required: false
+        default: 'test-env'
 
 env:
   CLUSTER: https://api.silver.devops.gov.bc.ca:6443
@@ -21,6 +34,9 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v2
+        with:
+          ref: ${{ github.event.inputs.ref }}
+          fetch-depth: 0
 
       - name: Cache OpenShift CLI
         id: cache-oc
@@ -44,13 +60,17 @@ jobs:
       - name: Verify OpenShift CLI installation
         run: oc version
 
+      - name: Get previous commit
+        id: get-prev-commit
+        run: echo "prev_commit=$(git rev-parse HEAD^)" >> $GITHUB_OUTPUT
+
       - uses: dorny/paths-filter@v2
         id: changes
         with:
           filters: |
             src:
               - 'openshift/**'
-          base: 'refs/tags/test'
+          base: ${{ steps.get-prev-commit.outputs.prev_commit }} #The commit right before the current commit
 
       - name: Dry run - Test
         env:
@@ -77,13 +97,22 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v2
+        with:
+          ref: ${{ github.event.inputs.ref }}
+          fetch-depth: 0
+
+      - name: Get previous commit
+        id: get-prev-commit
+        run: echo "prev_commit=$(git rev-parse HEAD^)" >> $GITHUB_OUTPUT
+
       - uses: dorny/paths-filter@v2
         id: changes
         with:
           filters: |
             src:
               - 'openshift/**'
-          base: 'refs/tags/test'
+          base: ${{ steps.get-prev-commit.outputs.prev_commit }} #The commit right before the current commit
+
       - name: Apply Changes
         env:
           OS_NAMESPACE_SUFFIX: test
@@ -103,6 +132,8 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v2
+        with:
+          ref: ${{ github.event.inputs.ref }}
 
       - name: Cache OpenShift CLI
         id: cache-oc

.github/workflows/sonar.yml

@@ -3,6 +3,8 @@ on:
   push:
     branches:
       - master
+      - dev-env
+      - test-env
   pull_request:
     types: [opened, synchronize, reopened]
 jobs:

.github/workflows/test.yml

@@ -7,6 +7,8 @@ on:
 
   pull_request:
     branches:
+      - dev-env
+      - test-env
       - master
 env:
   KEYCLOAK_LOCAL_USERNAME: 'test-admin'

.gitignore

@@ -16,6 +16,7 @@ server/*.pdf
 server/pdfs/*
 server/db/.migrate
 server/build
+server/scripts/output
 
 # Misc.
 Dockerrun.aws.json

Makefile

@@ -162,27 +162,22 @@ local-kc-arm-down:
 	@echo "Stopping local app container"
 	@docker-compose -f docker-compose.arm.test.yml down --remove-orphans
 
-# Git Tagging Aliases
+# Local Scripts
+local-export-business-bceid-has:
+	@npx ts-node ./server/scripts/export-user-ha.ts
 
-tag-dev:
-ifdef ticket
-	@git tag -fa dev -m "Deploy $(ticket) to DEV env"
-else
-	@echo -e '\nTicket name missing - Example :: make tag-dev ticket=HCAP-ABC \n'
-	@echo -e 'Falling Back to using branch name \n'
-	@git tag -fa dev -m "Deploy $(git rev-parse --abbrev-ref HEAD) to DEV env"
-endif
-	@git push --force origin refs/tags/dev:refs/tags/dev
+local-export-all-users-has:
+	@npx ts-node ./server/scripts/export-user-ha.ts --all
 
-tag-test:
+# Branch-based deployment commands
+deploy-to-dev: #deploy the code on current branch to DEV env via dev-env branch
 ifdef ticket
-	@git tag -fa test -m "Deploy $(ticket) to TEST env"
+	@echo "Deploying current branch to DEV with ticket $(ticket)"
+	@CURRENT_BRANCH=$(shell git rev-parse --abbrev-ref HEAD) && \
+	git push origin $$CURRENT_BRANCH:dev-env -f
 else
-	@echo -e '\nTicket name missing - Example :: make tag-test ticket=HCAP-ABC \n'
-	@echo -e 'Falling Back to using branch name\n'
-	@git tag -fa test -m "Deploy $(git rev-parse --abbrev-ref HEAD) to TEST env"
+	@echo -e '\nTicket name missing - Example :: make deploy-to-dev ticket=BCMOHAM-12345 \n'
 endif
-	@git push --force origin refs/tags/test:refs/tags/test
 
 tag-prod:
 ifdef ticket

client/src/utils/keycloak-util.js

@@ -6,7 +6,7 @@
  * @param idpHint keycloak idp hint
  */
 export const createCustomLoginUrl = (kcInstance, route, idpHint) => {
-  const idps = ['idir', 'bceid_business'];
+  const idps = ['idir', 'bceid_business', 'moh_idp'];
 
   const loginUrl = kcInstance.createLoginUrl({
     idpHint,

docs/deployment.md

@@ -1,6 +1,5 @@
 # Deployment
 
-
 ## OpenShift Application
 
 The Dockerized application is deployed to OpenShift using Makefile targets and YAML templates defined in the `openshift` directory.
@@ -19,6 +18,62 @@ Route | Exposes a service to the Internet. Routes differ from services in that t
 Deployment Config | Defines how a new version of an application is to be deployed. Additionally, triggers for redeployment are defined within this object. For the HCAP application, we've used a rolling deployment triggered by new images pushed to the image stream and tagged with the `latest` tag.
 Secret |Defines values that can be used by pods within in the same namespace. While there are no secrets defined in our server application, there is a reference to a secret defined by the [MongoDB database template](openshift/mongo.yml). In order for the server to access the DB, it must be provided with `MONGODB_DATABASE` and `MONGODB_URI` environment variables. The definition for these environment variables can be found in the [server deployment config template](openshift/server.dc.yml). Note that they are referencing the `${APP_NAME}-mongodb` (resolves to `hcap-mongodb`) secret and the `mongo-url` and `database` keys within this secret.
 
+## Deployment Process
+
+The application uses a branch-based deployment strategy for development and test environments, and a tag-based approach for production.
+
+### Development Environment
+
+Deployments to the development environment can be triggered by these 3 approaches:
+
+1. Creating and merging a PR to the `dev-env` branch
+2. Manually triggering the "OpenShift Deploy/Promotion to Dev" workflow in GitHub Actions
+3. Using the Makefile command for quick deployments without a PR:
+
+```bash
+# Deploy your current branch to dev
+make deploy-to-dev ticket=BCMOHAM-12345
+```
+
+This command will:
+- Get your current branch name
+- Force push your current branch to the remote `dev-env` branch
+- Trigger the GitHub Actions workflow for deployment to dev
+
+### Test Environment
+
+Deployments to the test environment follow a more controlled process:
+
+1. Create a PR from `dev-env` to `test-env`
+2. Get the PR reviewed and approved by the team
+3. Merge the approved PR to update the `test-env` branch
+4. Go to GitHub Actions
+5. Select "OpenShift Deploy/Promotion to Test" workflow
+6. Click "Run workflow"
+7. Enter the ticket number (e.g., BCMOHAM-12345) in the reason field
+8. Select the branch (`test-env`)
+9. Submit the workflow
+10. Wait for environment approval and deployment completion
+
+Test deployments require:
+- The ticket number
+- PR approval from authorized team members
+- Manual workflow trigger with proper documentation
+- Final environment approval in GitHub Actions
+
+### Production Environment (TODO)
+
+Production deployments use a tag-based approach:
+
+```bash
+# Use the Makefile command
+make tag-prod ticket=HCAP-123
+```
+
+This command will:
+- Create a tag named `prod` pointing to your current commit
+- Push it to the remote repository
+- Trigger the GitHub Actions workflow for deployment to production
 
 ## Dev/Test Certificate Creation
 

server/keycloak.ts

@@ -10,7 +10,7 @@ import { FEATURE_KEYCLOAK_MIGRATION } from './services/feature-flags';
 import { sanitize } from './utils';
 
 const MAX_RETRY = 5;
-const options = ['bceid', 'bceid_business', 'idir'];
+const options = ['bceid', 'bceid_business', 'idir', 'moh_idp'];
 
 const regionMap = {
   region_fraser: 'Fraser',