Skip to content

fix(nodejs): regenerate OCI deploy config and env defaults #91

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
andrwils wants to merge 7 commits into
base: main
Choose a base branch
from
Open

fix(nodejs): regenerate OCI deploy config and env defaults #91

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
d95116f
fix(nodejs): regenerate OCI deploy config and env defaults
andrwils Jun 5, 2026
a7dfba2
fix(workflows): patch broker checksum post and fail fast on empty art…
andrwils Jun 5, 2026
6ea1f3b
chore(deploy): add temporary checksum alignment debug output
andrwils Jun 5, 2026
d5bb480
chore(deploy): add temporary broker candidate forensic output
andrwils Jun 6, 2026
bd472ad
fix(deploy): select broker record by expected package tag
andrwils Jun 6, 2026
be1d594
chore(deploy): remove temporary forensic and debug logging
andrwils Jun 6, 2026
ae88d7c
fix(build): emit PR merge version when using PR merge ref
andrwils Jun 6, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions .env-build.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,6 @@ fi
export PROJECT_NAME="oscar-example"
export SERVICE_NAME="nodejs-sample"
export PACKAGE_REPO="https://maven.pkg.github.com/bcgov/nr-nodejs-sample"


export VERSION="${VERSION:-0.0.0-SNAPSHOT}"
# Non-Maven build configuration (e.g. Node)
DEFAULT_VERSION="$(jq -r '.version // empty' "$(dirname "${BASH_SOURCE[0]}")/package.json" 2>/dev/null)"
export VERSION="${VERSION:-${DEFAULT_VERSION:-0.0.0}}"
30 changes: 21 additions & 9 deletions .github/workflows/build-release-nodejs-sample.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,7 @@ jobs:
run: |
if [[ "${{ github.ref_type }}" == "tag" ]]; then
echo "checkout_ref=${{ github.ref }}" >> $GITHUB_OUTPUT
echo "package_tag=${{ github.ref_name }}" >> $GITHUB_OUTPUT
elif [[ ${{ github.ref_name != 'main' }} = true ]]; then
RESPONSE=$(curl -s "https://api.github.com/repos/bcgov/nr-nodejs-sample/pulls?head=bcgov:${{ github.head_ref || github.ref_name }}&state=open&base=main" \
-H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \
Expand All @@ -68,8 +69,10 @@ jobs:
exit 1
fi
echo "checkout_ref=refs/pull/$PULL_REQUEST_NUMBER/merge" >> $GITHUB_OUTPUT
echo "package_tag=${PULL_REQUEST_NUMBER}-merge" >> $GITHUB_OUTPUT
else
echo "checkout_ref=${{ github.ref_name }}" >> $GITHUB_OUTPUT
echo "package_tag=${{ github.ref_name }}" >> $GITHUB_OUTPUT
fi
- name: Checkout repository
uses: actions/checkout@v6
Expand All @@ -90,23 +93,32 @@ jobs:
run: |
REF_NAME="${{ github.ref_name }}"
SAFE_REF_NAME=$(echo "$REF_NAME" | tr '/' '-')
version=$(cat package.json | jq -r '.version')

if [[ ${{ startsWith(github.ref, 'refs/tags/v') }} = true ]]; then
echo "tag=${{ github.ref_name }}" >> "$GITHUB_OUTPUT"
TAG=${{ github.ref_name }}
version="${TAG#v}"
echo "project_version=$version" >> $GITHUB_OUTPUT
exit 0
fi

if [[ "${PACKAGE_TAG}" == *"-merge" ]]; then
echo "project_version=$version-${PACKAGE_TAG}" >> "$GITHUB_OUTPUT"
echo "tag=${PACKAGE_TAG}" >> "$GITHUB_OUTPUT"
exit 0
fi

if [[ ${{ startsWith(github.ref, 'refs/heads/') }} = true ]]; then
version=$(cat package.json | jq -r '.version')
echo "project_version=$version-${SAFE_REF_NAME}" >> "$GITHUB_OUTPUT"
echo "tag=${SAFE_REF_NAME}" >> "$GITHUB_OUTPUT"
fi
if [[ ${{ startsWith(github.ref, 'refs/pull/') }} = true ]]; then
version=$(cat package.json | jq -r '.version')
echo "project_version=$version-${SAFE_REF_NAME}" >> "$GITHUB_OUTPUT"
echo "tag=${SAFE_REF_NAME}" >> "$GITHUB_OUTPUT"
fi
if [[ ${{ startsWith(github.ref, 'refs/tags/v') }} = true ]]; then
echo "tag=${{ github.ref_name }}" >> "$GITHUB_OUTPUT"
TAG=${{ github.ref_name }}
version="${TAG#v}"
echo "project_version=$version" >> $GITHUB_OUTPUT
fi
env:
PACKAGE_TAG: ${{ steps.lookup-pr-merge-ref.outputs.package_tag }}
- name: Set build output parameters
id: set-build-output-parameters
run: |
Expand Down Expand Up @@ -186,7 +198,7 @@ jobs:
working-directory: ./
- name: Send build info
run: |
curl -s POST ${{ env.BROKER_URL }}/v1/intention/action/patch \
curl -s -X POST ${{ env.BROKER_URL }}/v1/intention/action/patch \
-H 'Content-Type: application/json' \
-H 'X-Broker-Token: '"${BUILD_TOKEN}"'' \
-d '{"package":{"checksum": "sha256:'${ARTIFACT_SHA256}'", "size": '${ARTIFACT_SIZE}'}}'
Expand Down
9 changes: 9 additions & 0 deletions .github/workflows/check-deploy-job-status.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,15 @@ for ((i=1; i<=MAX_WAIT; i++)); do
sleep 10
done

# Extract and display the event URL
EVENT_URL=$(echo "$RESPONSE" | jq -r '.data[0].event.url // empty')
if [[ -n "$EVENT_URL" ]]; then
echo "Event URL: $EVENT_URL"
echo "event_url=$EVENT_URL" >> $GITHUB_OUTPUT
else
echo "Event URL not found in response."
fi

# Check the outcome
STATUS=$(echo "$RESPONSE" | jq -r '.data[0].transaction.outcome // empty')
echo "status=$STATUS" >> $GITHUB_OUTPUT
Expand Down
136 changes: 123 additions & 13 deletions .github/workflows/deploy-nodejs-sample.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,8 @@ jobs:
artifact_name: ${{ steps.set-build-output.outputs.artifact_name }}
artifact_sha256: ${{ steps.set-build-output.outputs.artifact_sha256 }}
download_url: ${{ steps.set-download-url.outputs.download_url }}
checkout_ref: ${{ steps.lookup-pr-merge-ref.outputs.checkout_ref }}
build_version: ${{ steps.set-build-output.outputs.build_version }}
steps:
- name: Lookup PR Merge Ref
id: lookup-pr-merge-ref
Expand All @@ -46,19 +48,20 @@ jobs:
RESPONSE=$(curl -s "https://api.github.com/repos/bcgov/nr-nodejs-sample/pulls?head=bcgov:${{ github.ref_name }}&state=open&base=main" \
-H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \
-H "Accept: application/vnd.github+json")
PR_NUMBER=$(echo "${RESPONSE}" | jq -r '.[0].number')
RESPONSE=$(curl -s "https://api.github.com/repos/bcgov/nr-nodejs-sample/pulls/$PR_NUMBER" \
PULL_REQUEST_NUMBER=$(echo "${RESPONSE}" | jq -r .[0].number)
RESPONSE=$(curl -s "https://api.github.com/repos/bcgov/nr-nodejs-sample/pulls/$PULL_REQUEST_NUMBER" \
-H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \
-H "Accept: application/vnd.github+json")
MERGEABLE=$(echo "${RESPONSE}" | jq -r .mergeable)
if [[ "$MERGEABLE" != "true" ]]; then
echo "::error ::Pull request #$PR_NUMBER is not mergeable… aborted."
echo "This error can be fixed by resolving the merge conflict with the main branch."
echo "::error ::Pull request #$PULL_REQUEST_NUMBER is not mergeable… aborted."
echo "This can be resolved by resolving the merge conflict with the main branch."
exit 1
fi
echo "build_sha=$(echo ${RESPONSE} | jq -r .merge_commit_sha)" >> $GITHUB_OUTPUT
echo "checkout_ref=refs/pull/${PR_NUMBER}/merge" >> $GITHUB_OUTPUT
echo "package_tag=${PR_NUMBER}-merge" >> $GITHUB_OUTPUT
echo "checkout_ref=refs/pull/${PULL_REQUEST_NUMBER}/merge" >> $GITHUB_OUTPUT

echo "package_tag=${PULL_REQUEST_NUMBER}-merge" >> $GITHUB_OUTPUT
else
echo "build_sha=${{ github.sha }}" >> $GITHUB_OUTPUT
echo "checkout_ref=${{ github.ref }}" >> $GITHUB_OUTPUT
Expand Down Expand Up @@ -105,18 +108,55 @@ jobs:
echo
exit 1
fi
echo "project_version=$(echo ${RESPONSE} | jq -r '.data[].actions[].package.version')" >> $GITHUB_OUTPUT
echo "build_guid=$(echo ${RESPONSE} | jq -r '.data[].id')" >> $GITHUB_OUTPUT
echo "build_number=$(echo ${RESPONSE} | jq -r '.data[].actions[].package.buildNumber')" >> $GITHUB_OUTPUT
echo "artifact_name=$(echo ${RESPONSE} | jq -r '.data[].actions[].artifacts[].name')" >> $GITHUB_OUTPUT
artifact_checksum=$(echo ${RESPONSE} | jq -r '.data[].actions[].artifacts[].checksum')

SELECTED_RECORD=$(echo "$RESPONSE" | jq -c --arg packageTag "$PACKAGE_TAG" '
.data
| map(select((.actions[0].package.version // "") | endswith("-" + $packageTag)))
| .[0]
')

if [[ -z "${SELECTED_RECORD}" || "${SELECTED_RECORD}" == "null" ]]; then
echo
echo "============================================================"
echo "Error: No Broker record matched expected package tag ${PACKAGE_TAG}."
echo "------------------------------------------------------------"
echo "Build SHA: ${BUILD_SHA}"
echo "Why it matters: Deployment must use metadata for the same artifact tag sent to Jenkins."
echo "--- Broker candidate summary ---"
echo "$RESPONSE" | jq -r '.data[] | { id, packageVersion: (.actions[0].package.version // "") }'
echo "============================================================"
echo
exit 1
fi

echo "project_version=$(echo "$SELECTED_RECORD" | jq -r '.actions[0].package.version')" >> $GITHUB_OUTPUT
echo "build_guid=$(echo "$SELECTED_RECORD" | jq -r '.id')" >> $GITHUB_OUTPUT
echo "build_number=$(echo "$SELECTED_RECORD" | jq -r '.actions[0].package.buildNumber')" >> $GITHUB_OUTPUT
echo "build_version=$(echo "$SELECTED_RECORD" | jq -r '.actions[0].package.buildVersion')" >> $GITHUB_OUTPUT
echo "artifact_name=$(echo "$SELECTED_RECORD" | jq -r '.actions[0].artifacts[0].name')" >> $GITHUB_OUTPUT
artifact_checksum=$(echo "$SELECTED_RECORD" | jq -r '.actions[0].artifacts[0].checksum // empty')
if [[ -z "${artifact_checksum}" ]]; then
echo
echo "============================================================"
echo "Error: Broker returned an empty artifact checksum."
echo "------------------------------------------------------------"
echo "Build SHA: ${BUILD_SHA}"
echo "Why it matters: Jenkins checksum validation will always fail with an empty expected value."
echo "Check if the build workflow successfully patched package.checksum in Broker."
echo "--- Broker API response below ---"
echo "$RESPONSE"
echo "============================================================"
echo
exit 1
fi
echo "artifact_sha256=${artifact_checksum#sha256:}" >> $GITHUB_OUTPUT
env:
BROKER_URL: https://broker.io.nrs.gov.bc.ca
BROKER_JWT: ${{ secrets.broker_jwt_e985d455_b0ff_470b_8731_e004fcfac915 }}
SERVICE_PROJECT: ${{ env.SERVICE_PROJECT }}
SERVICE_NAME: ${{ env.SERVICE_NAME }}
BUILD_SHA: ${{ steps.lookup-pr-merge-ref.outputs.build_sha }}
PACKAGE_TAG: ${{ steps.lookup-pr-merge-ref.outputs.package_tag }}
- name: Checkout repository
uses: actions/checkout@v6
with:
Expand All @@ -130,7 +170,7 @@ jobs:
echo "${DOWNLOAD_URL}"
echo "download_url=$(echo ${DOWNLOAD_URL})" >> $GITHUB_OUTPUT
env:
PACKAGE_TAG: ${{ steps.lookup-pr-merge-ref.outputs.package_tag}}
PACKAGE_TAG: ${{ steps.lookup-pr-merge-ref.outputs.package_tag || steps.set-build-output.outputs.project_version }}
PACKAGE_REPO: ${{ env.PACKAGE_REPO }}
deploy-release-build:
name: Trigger deployment
Expand All @@ -147,6 +187,7 @@ jobs:
artifact_name: ${{ steps.set-tag-output.outputs.artifact_name }}
artifact_sha256: ${{ steps.set-tag-output.outputs.artifact_sha256 }}
download_url: ${{ steps.set-download-url.outputs.download_url }}
checkout_ref: ${{ steps.set-tag-output.outputs.checkout_ref }}
steps:
- name: Set tag output
id: set-tag-output
Expand Down Expand Up @@ -192,7 +233,21 @@ jobs:
echo "build_guid=$(echo ${RESPONSE} | jq -r '.data[].id')" >> $GITHUB_OUTPUT
echo "build_number=$(echo ${RESPONSE} | jq -r '.data[].actions[].package.buildNumber')" >> $GITHUB_OUTPUT
echo "artifact_name=$(echo ${RESPONSE} | jq -r '.data[].actions[].artifacts[].name')" >> $GITHUB_OUTPUT
artifact_checksum=$(echo ${RESPONSE} | jq -r '.data[].actions[].artifacts[].checksum')
artifact_checksum=$(echo ${RESPONSE} | jq -r '.data[].actions[].artifacts[].checksum // empty' | head -n 1)
if [[ -z "${artifact_checksum}" ]]; then
echo
echo "============================================================"
echo "Error: Broker returned an empty artifact checksum."
echo "------------------------------------------------------------"
echo "Project tag: ${TAG}"
echo "Why it matters: Jenkins checksum validation will always fail with an empty expected value."
echo "Check if the build workflow successfully patched package.checksum in Broker."
echo "--- Broker API response below ---"
echo "$RESPONSE"
echo "============================================================"
echo
exit 1
fi
echo "artifact_sha256=${artifact_checksum#sha256:}" >> $GITHUB_OUTPUT
env:
BROKER_URL: https://broker.io.nrs.gov.bc.ca
Expand Down Expand Up @@ -308,6 +363,7 @@ jobs:
PROJECT_VERSION: ${{ needs.deploy-pre-release-build.outputs.project_version || needs.deploy-release-build.outputs.project_version }}
BUILD_GUID: ${{ needs.deploy-pre-release-build.outputs.build_guid || needs.deploy-release-build.outputs.build_guid }}
BUILD_NUMBER: ${{ needs.deploy-pre-release-build.outputs.build_number || needs.deploy-release-build.outputs.build_number }}
BUILD_SHA: ${{ needs.deploy-pre-release-build.outputs.build_version || 'n/a' }}
ARTIFACT_SHA256: ${{ needs.deploy-pre-release-build.outputs.artifact_sha256 || needs.deploy-release-build.outputs.artifact_sha256 }}
DOWNLOAD_URL: ${{ needs.deploy-pre-release-build.outputs.download_url || needs.deploy-release-build.outputs.download_url }}
- name: Display deployment job URL
Expand All @@ -323,3 +379,57 @@ jobs:
BROKER_JWT: ${{ secrets.broker_jwt_e985d455_b0ff_470b_8731_e004fcfac915 }}
SERVICE_NAME: ${{ env.SERVICE_NAME }}
TRIGGER_UUID: ${{ steps.submit-job.outputs.trigger_uuid}}
- name: Generate deploy summary
if: always()
run: |
# Determine the status and appropriate message
if [[ "${{ steps.check-jenkins-job-status.outcome }}" == "failure" ]]; then
if [[ -z "${{ steps.check-jenkins-job-status.outputs.event_url }}" ]]; then
STATUS_MSG="❌ **Failed**: Job was not successfully submitted to Jenkins"
STATUS_DETAIL="The deployment job could not be triggered. This may indicate a broker connectivity issue."
else
STATUS_MSG="❌ **Failed**: Deployment job failed"
STATUS_DETAIL="The deployment completed but reported a failure status. Check the Jenkins logs for details."
fi
elif [[ "${{ steps.check-jenkins-job-status.outcome }}" == "success" && -z "${{ steps.check-jenkins-job-status.outputs.event_url }}" ]]; then
STATUS_MSG="⚠️ **Timeout**: Job did not complete within 5 minutes"
STATUS_DETAIL="> **Action Required**: The deployment job is still running in Jenkins. You must manually verify the job status and completion."
elif [[ "${{ steps.check-jenkins-job-status.outputs.status }}" == "success" ]]; then
STATUS_MSG="✅ **Success**: Deployment completed successfully"
STATUS_DETAIL=""
else
STATUS_MSG="❌ **Failed**: Deployment did not succeed"
STATUS_DETAIL="Final status: \`${{ steps.check-jenkins-job-status.outputs.status }}\`"
fi

cat >> $GITHUB_STEP_SUMMARY << EOF
# ${ENVIRONMENT^} Deployment Summary

| | |
| - | - |
| **Ref** | \`${DEPLOY_REF}\` |
| **Commit** | [${COMMIT_HASH:0:7}](https://github.com/${{ github.repository }}/tree/${COMMIT_HASH}) |
| **Version** | ${PROJECT_VERSION} |
| **Artifact SHA256** | ${ARTIFACT_SHA256} |
| **Deployment Config Tag** | ${DEPLOY_CONFIG_TAG} |
$(if [[ -n "${{ steps.check-jenkins-job-status.outputs.event_url }}" ]]; then
echo "| **Job Run** | [View Details](${{ steps.check-jenkins-job-status.outputs.event_url }}) |"
else
echo "| **Job Run** | Not available |"
fi)

## Status

${STATUS_MSG}

${STATUS_DETAIL}

EOF
env:
ENVIRONMENT: ${{ inputs.environment }}
DEPLOY_REF: ${{ needs.deploy-pre-release-build.outputs.checkout_ref || github.ref }}
COMMIT_HASH: ${{ needs.deploy-pre-release-build.outputs.build_version || needs.deploy-release-build.outputs.checkout_ref }}
PROJECT_VERSION: ${{ needs.deploy-pre-release-build.outputs.project_version || needs.deploy-release-build.outputs.project_version }}
ARTIFACT_SHA256: ${{ needs.deploy-pre-release-build.outputs.artifact_sha256 || needs.deploy-release-build.outputs.artifact_sha256 }}
DEPLOY_CONFIG_TAG: ${{ inputs.deploy_tag }}

1 change: 1 addition & 0 deletions catalog-info.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@ metadata:
playbook.io.nrs.gov.bc.ca/toolsLocalBuildSecrets: ""
playbook.io.nrs.gov.bc.ca/deployType: nodejs
playbook.io.nrs.gov.bc.ca/artifactSrc: repo
playbook.io.nrs.gov.bc.ca/createDataTmpDir: false
description: NodeJS sample application
title: NodeJS Sample
apiVersion: backstage.io/v1alpha1
Expand Down
22 changes: 21 additions & 1 deletion playbooks/playbook.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -55,5 +55,25 @@
# with_items:
# - {
# src: "configuration.ts.j2",
# dest: "{{ oci_app_service_install_app_home }}/dist/src/config/configuration.js"
# dest: "{{ nodejs_app_service_install_app_home }}/dist/src/config/configuration.js"
# }

- name: "nodejs-sample: Stop"
ansible.builtin.include_role:
name: service_control
vars:
service_control_action: 'stop'

- meta: flush_handlers

- name: "nodejs-sample: {{ polaris_control_handler }} setup"
ansible.builtin.include_role:
name: service_control
vars:
service_control_action: 'setup'

- name: "nodejs-sample: Start"
ansible.builtin.include_role:
name: service_control
vars:
service_control_action: 'start'