Add liquibase deployment scripts.

Author: hwang-vividsolutions

.github/workflows/liquibase-ddl.yml

@@ -0,0 +1,85 @@
+name: Liquibase DDL application
+run-name: Deploy Liquibase to ${{ inputs.ENVIRONMENT_NAME }}
+
+on:
+  workflow_dispatch:
+    inputs:
+      ENVIRONMENT_NAME:
+        required: true
+        type: choice
+        options:
+          - dev
+          - qa
+          - dlvr
+          - test
+          - prod
+      NAMESPACE:
+        required: true
+        type: choice
+        options: 
+          - e980f4-dev
+          - e980f4-test
+          - e980f4-prod
+      TAG:
+        required: false
+        type: string
+        default: latest
+
+jobs:
+
+  ddl_dockerbuild:
+    runs-on: ubuntu-latest
+    environment:
+      name: ${{ inputs.ENVIRONMENT_NAME }}
+    permissions:
+      contents: read
+      packages: write
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v2
+        with:
+          registry: ${{ vars.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta_pr
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ vars.REGISTRY}}/${{ github.repository_owner }}/farms-liquibase
+          tags: |
+            type=schedule
+            type=raw,value=${{ github.base_ref }}
+            type=ref,event=tag
+            type=raw,value=${{ inputs.TAG }}
+            ${{ toJson(github.event.pull_request.number) == '{}' && format( 'type=raw,value=pr-{0}', github.event.pull_request.number) || '' }} 
+
+
+      - name: Build and push
+        uses: docker/build-push-action@v5
+        with:
+          context: ./farms-liquibase
+          push: true
+          tags: ${{ steps.meta_pr.outputs.tags }}
+          labels: ${{ steps.meta_pr.outputs.labels }}
+  
+
+  ddl_deploy:
+    needs: ddl_dockerbuild 
+    uses: ./.github/workflows/openshift-deploy.yml
+    secrets: inherit
+    with:
+      MICROSERVICE_NAME: farms-liquibase
+      ENVIRONMENT_NAME: ${{ inputs.ENVIRONMENT_NAME }}
+      NAMESPACE: ${{ inputs.NAMESPACE }}
+      TAG: ${{ inputs.TAG }}
+      

.github/workflows/openshift-deploy.yml

@@ -0,0 +1,156 @@
+name: openshift deploy
+run-name: Deploy ${{ inputs.MICROSERVICE_NAME }} to ${{ inputs.ENVIRONMENT_NAME}}
+
+on:
+  workflow_dispatch:
+    inputs:
+      MICROSERVICE_NAME:
+        required: true
+        type: choice
+        options: 
+          - farms-api
+      ENVIRONMENT_NAME:
+        required: true
+        type: choice
+        options:
+          - dev
+          - qa
+          - dlvr
+          - test
+          - prod
+      NAMESPACE:
+        required: true
+        type: choice
+        options: 
+          - e980f4-dev
+          - e980f4-test
+          - e980f4-prod
+      TAG:
+        required: false
+        type: string
+        default: latest
+  workflow_call:
+    inputs:
+      MICROSERVICE_NAME:
+        required: true
+        type: string
+      ENVIRONMENT_NAME:
+        required: true
+        type: string
+      NAMESPACE:
+        required: true
+        type: string
+      TAG:
+        required: true
+        type: string
+        default: latest
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    environment:
+      name: ${{ inputs.ENVIRONMENT_NAME }}
+    permissions:
+      contents: read
+      packages: write
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Copy openshift yaml files
+        run: mkdir staging && cp openshift/${{ inputs.MICROSERVICE_NAME }}*.yaml staging/
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v2
+        with:
+          registry: ${{ vars.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+
+      - name: update IMAGE NAME variable if needed
+        id: updateImageName
+        run: |
+          export IMAGE_NAME='farms-api'
+          echo "IMAGE_NAME=$IMAGE_NAME" >> $GITHUB_OUTPUT
+
+      - name: Get digest of docker image
+        id: getDigest
+        run: |
+          export IMAGE='ghcr.io/${{github.repository_owner}}/${{ steps.updateImageName.outputs.IMAGE_NAME}}:${{ inputs.TAG }}'
+          docker pull $IMAGE
+          echo "IMAGE_BY_DIGEST=$(docker inspect --format='{{index .RepoDigests 0}}' $IMAGE)" >> $GITHUB_OUTPUT
+
+      - name: Fill yaml files
+        uses: cschleiden/replace-tokens@v1.2
+        with:
+          files: staging/**.yaml
+        env:
+          #Common variables
+          LICENSE_PLATE: 'e980f4'
+          #Vault path is different for prod than all other environments
+          VAULT_RESOURCE: ${{ inputs.NAMESPACE == 'e980f4-prod' && 'prod' || 'nonprod'  }}
+          ENV: ${{ inputs.ENVIRONMENT_NAME }}
+          NAMESPACE: ${{ inputs.NAMESPACE }}
+          TAG: ${{ inputs.TAG }}
+          IMAGE_BY_DIGEST: ${{ steps.getDigest.outputs.IMAGE_BY_DIGEST }}
+          SID: ${{ github.run_id }}
+          LOG_LEVEL: ${{ vars.LOG_LEVEL }}
+          CONNECTION_TIMEOUT: ${{ vars.CONNECTION_TIMEOUT }}
+
+          POSTGRES_USERNAME: ${{ vars.POSTGRES_USERNAME}}
+
+
+          #API variables
+          API_CPU_REQUEST: ${{ vars.API_CPU_REQUEST }}
+          API_CPU_LIMIT: ${{ vars.API_CPU_LIMIT }}
+          API_MEMORY_REQUEST: ${{ vars.API_MEMORY_REQUEST }}
+          API_MEMORY_LIMIT: ${{ vars.API_MEMORY_LIMIT }}
+          MAX_API_COUNT: ${{ vars.MAX_APP_COUNT }}
+
+          POSTGRES_RESOURCE_NAME: ${{ vars.POSTGRES_RESOURCE_NAME }}
+
+          TOMCAT_MAX_THREADS: ${{ vars.TOMCAT_MAX_THREADS }}
+          TOMCAT_PORT: ${{ vars.TOMCAT_PORT }}
+          TIME_ZONE: ${{ vars.TIME_ZONE }}
+
+
+          #DB/Liquibase variables:
+          POSTGRES_MAXACTIVE: '10'
+          CHANGELOG_FILE: changelog.json
+
+          
+          #Frontend variables
+          MAX_UI_COUNT: ${{ vars.MAX_UI_COUNT }}
+          FARMS_REST_URI: https://farms-api-route-${{ inputs.ENVIRONMENT_NAME }}-${{inputs.NAMESPACE}}.apps.silver.devops.gov.bc.ca/farms-api/v1
+
+          ACTIVE_PORT: ${{ vars.TOMCAT_PORT }}
+          LOCAL_CHECKTOKEN_ENDPOINT: ${{ vars.LOCAL_CHECKTOKEN_ENDPOINT }}
+
+          WEB_PATH: ${{ vars.WEB_PATH }}
+
+      #Explicit install of oc cli tool
+      - name: Install oc
+        uses: redhat-actions/oc-installer@v1
+      
+      - name: Authenticate and set context
+        uses: redhat-actions/oc-login@v1
+        with:
+          openshift_server_url: ${{secrets.OPENSHIFT_SERVER_URL}}
+          openshift_token: ${{secrets.OPENSHIFT_TOKEN}}
+          namespace: ${{ inputs.NAMESPACE }}
+
+      - name: Apply .yaml files to openshift
+        run: |
+          for file in staging/*
+          do
+            oc apply -f "$file"
+          done
+      
+
+
+
+      
+
+
+      

crunchy-postgres/charts/crunchy-postgres/values.yaml

@@ -66,7 +66,7 @@ pgBackRest:
       bucket: "pit#{ENV}#"
       endpoint: "nrs.objectstore.gov.bc.ca"
       region: "ca-central-1"
-      directoryName: pituw#{ENV}#
+      directoryName: farms#{ENV}#
 
   repoHost:
     requests:

farms-liquibase/.gitignore

@@ -0,0 +1 @@
+*.~sql

farms-liquibase/Dockerfile

@@ -0,0 +1,5 @@
+FROM liquibase/liquibase:4.30.0
+
+COPY ./scripts ./scripts
+COPY ./changelog.json .
+COPY ./liquibase.properties .

farms-liquibase/changelog.json

@@ -0,0 +1,9 @@
+{
+    "databaseChangeLog": [
+        {
+            "include": {
+                "file": "scripts/01_00_xx/01_00_00/00/farms.01_00_00_00.ddl.json"
+            }
+        }
+    ]
+}

farms-liquibase/liquibase.properties

@@ -0,0 +1,3 @@
+changeLogFile: changelog.json
+driver: org.postgresql.Driver
+schema: farms

farms-liquibase/scripts/01_00_xx/01_00_00/00/ddl/roles/farms.ddl.create_login_proxy_farms_rest.sql

@@ -0,0 +1,21 @@
+-- Role: "proxy_farms_rest"
+-- DROP ROLE "proxy_farms_rest";
+
+CREATE ROLE "proxy_farms_rest" WITH
+  LOGIN
+  NOSUPERUSER
+  INHERIT
+  NOCREATEDB
+  NOCREATEROLE
+  NOREPLICATION
+  PASSWORD '${POSTGRES_PROXY_USER_PASSWORD}';
+  
+ALTER ROLE proxy_farms_rest SET search_path TO farms;
+
+ALTER USER proxy_farms_rest set TIMEZONE to 'America/New_York';
+
+COMMENT ON ROLE "proxy_farms_rest" IS 'Proxy account for Farmer Access to Risk Management Service.';
+
+GRANT "app_farms_rest_proxy" TO "proxy_farms_rest";
+
+GRANT USAGE ON SCHEMA "farms" TO "app_farms_rest_proxy";

farms-liquibase/scripts/01_00_xx/01_00_00/00/farms.01_00_00_00.ddl.json

@@ -0,0 +1,18 @@
+{
+    "databaseChangeLog": [
+        {
+            "changeSet": {
+                "author": "hwang",
+                "id": "1",
+                "changes": [
+                    {
+                        "sqlFile": {
+                            "relativeToChangelogFile": "true",
+                            "path": "ddl/roles/farms.ddl.create_login_proxy_farms_rest.sql"
+                        }
+                    }
+                ]
+            }
+        }
+    ]
+}

openshift/farms-liquibase-configmap.yaml

@@ -0,0 +1,17 @@
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: farms-liquibase-config-#{ENV}#
+  namespace: '#{NAMESPACE}#'
+  managedFields:
+    - manager: Mozilla
+      operation: Update
+      apiVersion: v1
+      time: '2025-03-26T14:00:00Z'
+      fieldsType: FieldsV1
+  labels:
+    app: farms-api-#{ENV}#
+    project: farms-#{ENV}#
+immutable: false
+data:
+  LIQUIBASE_COMMAND_URL: jdbc:postgresql://crunchy-postgres-#{ENV}#-pgbouncer.#{NAMESPACE}#.svc.cluster.local/farms#{ENV}#