This issue is a kind reminder that your repository has been inactive for 180 days. Some repositories are maintained in accordance with business requirements that infrequently change thus appearing inactive, and some repositories are inactive because they are unmaintained.

To help differentiate products that are unmaintained from products that do not require frequent maintenance, repomountie will open an issue whenever a repository has not been updated in 180 days.

• If this product is being actively maintained, please close this issue.
• If this repository isn't being actively maintained anymore, please archive this repository. Also, for bonus points, please add a dormant or retired life cycle badge.

Thank you for your help ensuring effective governance of our open-source ecosystem!

AC

• cas-postgres helm dependency should be upgraded to 0.8.3
• .tool-versions postgres version should be 14.0

No Project Lifecycle Badge found in your readme!

Hello! I scanned your readme and could not find a project lifecycle badge. A project lifecycle badge will provide contributors to your project as well as other stakeholders (platform services, executive) insight into the lifecycle of your repository.

What is a Project Lifecycle Badge?

It is a simple image that neatly describes your project's stage in its lifecycle. More information can be found in the project lifecycle badges documentation.

What do I need to do?

I suggest you make a PR into your README.md and add a project lifecycle badge near the top where it is easy for your users to pick it up :). Once it is merged feel free to close this issue. I will not open up a new one :)

The secrets that contain the CIIP/GGIRCS/CIF db credentials (used in the cron-db-pass template) currently need to be manually created in the metabase namespace. We could create them automatically with a lookup in the secrets template. There is an example of doing this in CIF where we are retrieving the GGIRCS db credentials via a lookup here: https://github.com/bcgov/cas-cif/blob/develop/chart/cas-cif/templates/secret.yaml

The metabase chart is not being linted, which can cause us to accidentally release a broken chart.

To avoid this:

• create a make lint_chart target that calls helm template ... --validate, similarly to the cif one
• call that target in a GH action
• make this action a required check when merging PRs

Issue:

Nginx containers and automatic certificate retrieval was removed when the team understood a wildcard certificate was available.
Now that this is not the case, we need to use certbot to retrieve that certificate.
There will be just a little bit of investigation to see if we can use the regular certbot chart, or if a small fork is necessary like we had for ciip.

Certbot repo: https://github.com/BCDevOps/certbot
Example of certbot usage in CIF: https://github.com/bcgov/cas-cif/blob/develop/chart/cas-cif/Chart.yaml

For reference, this is the certbot fork that the team was using: BCDevOps/certbot@6836588
It just adds a missing role and rolebinding if we need a different user.

Acceptance Criteria

As a metabase maintainer
When I setup certificate automation
I want to use certbot

As a Metabase maintainer
When use certbot in my application
I want to make sure it works with the proper roles and rolebindings

Dev Checklist

• PO to secure funding for certificate
• Put in iStore request for SSL certificate
• verify that the official certbot release now implements what the fork was intending on doing
• if necessary: fork the official repository again with the bc-cas user and apply the changes, and contact certbot maintainers to have it merged
• integrate the official or forked certbot helm chart in metabase (similar to CIF)

Not extremely urgent, the current certificate expires on Jan 29th

Acceptance Criteria:

• Reach out to attendees to give them a heads-up and check on availability. Aim = October/November
• schedule training dates: 2x 2 hour sessions (part 1 and part 2 to build off what they learned in 1)
  eg: 30 mins of overview + 90 mins ish hands-on
• Send out invites to attendees: RA, ICU, CE

No Project Lifecycle Badge found in your readme!

Hello! I scanned your readme and could not find a project lifecycle badge. A project lifecycle badge will provide contributors to your project as well as other stakeholders (platform services, executive) insight into the lifecycle of your repository.

What is a Project Lifecycle Badge?

It is a simple image that neatly describes your project's stage in its lifecycle. More information can be found in the project lifecycle badges documentation.

What do I need to do?

I suggest you make a PR into your README.md and add a project lifecycle badge near the top where it is easy for your users to pick it up :). Once it is merged feel free to close this issue. I will not open up a new one :)

From: https://youtrack.button.is/issue/GGIRCS-1716
Views and/or dashboards for:
o CIIP
o Reporting program (SWRS)
o Executives
- CIIP program analytics
- CIIP program administration analytics
o Public report
- Visualizations
- Maps
- Downloadability/exports/data sharing (where appropriate)?
o Data modelling
o Others?
Training
Data science (e.g., pre 2013 data) – this is complicated.

Metabase at rest is not very resource intensive, but can get bogged down during heavy usage.
We should add a horizontal pod autoscaler + round robin selection on the route.

About keeping the ciip/swrs data together and viewable in metabase once we stop doing a pgdump from swrs to ciip & move to an api or foreign data wrapper solution

Checklist:

• set up Dev meeting to discuss possible approaches
• identify possible risks/impacts
• set up database with limited data to test?

password authentication fails

To avoid downloading Metabase data in spreadsheets, training needs to be provided to show users how to create dashboards and use Metabase according to their specific use cases/needs.
First we will need to find out what they are downloading and what they are using it for. Then we can tailor training to show them how to do those tasks within Metabase.
There needs to be emphases on data security from an authority. Since permissions are setup in Metabase, those go out the window when tables are downloaded and saved on a LAN for example (anyone with that access can then see the data). We need a data custodian to be present to share the need to put data privacy FIRST and use Metabase as it was intended.

AC Related to setting up Metabase for training:

• Set up team meeting to discuss approach
• Reach out to Hanna and John and Matt in discussion to determine what is of most value to their teams in terms of training
• Create training objectives on Miro board
• Setup metabase data....
• Start new Miro board for the lab

Notes:

• UX/Service Design support on creative miro board design
• Additional tickets may stem from this one

After an update to production, the nginx container including its associated PVCs were dropped, which means the certificates are gone.

2 options moving forward:

• An organizational wildcard certificate will be made available not happening any time soon
• The team will need to retrieve the existing certificate that was lost from entrust / re-procure one (the existing one expired in Feb or March)

The prod-test restore work is missing a component that makes it work on deploy.
2 cronjobs were created (prod-test-restore & db-pass), but no corresponding dag to run them.
Solution:
Either add a dag to run these cronjobs or refactor the cronjobs into jobs and add a post-install hook + hook weights.
If we want to add a dag, then it's related to the work being done in https://app.zenhub.com/workspaces/climate-action-secretariat-60ca4121764d710011481ca2/issues/bcgov/cas-ciip-portal/1887

TL;DR

Topics greatly improve the discoverability of repos; please add the short code from the table below to the topics of your repo so that ministries can use GitHub's search to find out what repos belong to them and other visitors can find useful content (and reuse it!).

Why Topic

In short order we'll add our 800th repo. This large number clearly demonstrates the success of using GitHub and our Open Source initiative. This huge success means its critical that we work to make our content as discoverable as possible; Through discoverability, we promote code reuse across a large decentralized organization like the Government of British Columbia as well as allow ministries to find the repos they own.

What to do

Below is a table of abbreviation a.k.a short codes for each ministry; they're the ones used in all @gov.bc.ca email addresses. Please add the short codes of the ministry or organization that "owns" this repo as a topic.

That's in, you're done!!!

How to use

Once topics are added, you can use them in GitHub's search. For example, enter something like org:bcgov topic:citz to find all the repos that belong to Citizens' Services. You can refine this search by adding key words specific to a subject you're interested in. To learn more about searching through repos check out GitHub's doc on searching.

Pro Tip 🤓

• If your org is not in the list below, or the table contains errors, please create an issue here.

• While you're doing this, add additional topics that would help someone searching for "something". These can be the language used javascript or R; something like opendata or data for data only repos; or any other key words that are useful.

• Add a meaningful description to your repo. This is hugely valuable to people looking through our repositories.

• If your application is live, add the production URL.

Ministry Short Codes

NOTE See an error or omission? Please create an issue here to get it remedied.

Our ADM identified beep.eco as the type of tool he'd like to one day use. As we gain a better sense of public reporting needs that draw on CIIP and SWRS data, we may want to consider similar UI and even metrics to beep.eco.

Blocked: cas-airflow/91
Description:

We need to move the metabase DAG from the aiflow repo to the metabase repo

Acceptance Criteria:

• the metabase dags are in the metabase repo
• on deploy, the airflow-dag-trigger job is called to trigger the dag-fetch from airflow.

As suggested in #52 by @wenzowski ,
We can add a test that helm template runs properly and contains - or not - valid yaml for the nginx sidecar