Tracking issue for:

• https://github.com/bcgov/nr-spar/security/code-scanning/21

Backend is configured to point to the Forest Client API in PROD. This is obscenely bad for development, since changes need to go all the way to production before they can be properly tested.

Worse still, this appears to have been configured MANUALLY so the problem could not be uncovered with a search.

https://console.apps.silver.devops.gov.bc.ca/k8s/ns/b9d53b-dev/secrets/nr-spar-backend

data:
  allowed_origins: http://localhost:300*,https://*.apps.silver.devops.gov.bc.ca
  forest-client-api.address: https://nr-forest-client-api-prod.api.gov.bc.ca/api
  forest-client-api.key: <REDACTED>
  keycloak-realm-url: https://test.loginproxy.gov.bc.ca/auth/realms/standard

Let Caddy serve static files. Better performance and lower resource utilization than most other options. Also more or less a standard thing to do.

Copied from bcgov/nr-spar-webapp, which was archived.

bcgov/nr-spar-webapp#48

Contents require login.

https://github.com/bcgov/nr-spar/security/dependabot/1
https://github.com/bcgov/nr-spar/security/code-scanning/1

Describe the task
Once the repo is cloned, in case one need to work with any backend (in Java), maven will be required. Since mvnw is a wrapper e doesn't include a jar file, is required a command to retrieve this file (or manual copying from somewhere else).

I think would be good to add this notes on the CONTRIBUTING.md files.

This is the command: mvn wrapper:wrapper.

⚠️ Note that maven should be globally installed for this command work. A good option is to use sdk man, that is already covered in the contributing guide.

Acceptance Criteria

• All steps for running locally clearly described in the contributing guide.

Additional context

• No additional notes.

Look into Caddy for the Frontend and implement if practical. Log findings either way.

Describe the task
Update all building instructions and files to enable both of the two back-end apis build native images, making everything less painfull, quicker and require less resources.

Acceptance Criteria

• Backend image building and running locally property
• Oracle-api image building and running locally property
• Backend and oracle-api running smoothly with docker-compose
• Deploy workflows working and getting deployed faster

Additional context

• Be aware of the oracle-api one, due to certificate issues and secure connection.

CODEOWNERS file specifies required PR reviewers based on path.

https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners

https://github.com/bcgov/nr-spar/security/dependabot/4

Backend is waiting 2.5 minutes to check readiness. Please reduce.

Note: this should ideally happen after switching to Java cloud native, since startup and resource consumption will change.

https://github.com/bcgov/nr-spar/blob/main/backend/openshift.deploy.yml#L154

DEV is pointing to PROD nr-forest-client. This will be dialed down to TEST data, but using mock data for DEV is even better.

Courtesy of @paulushcgcj:

"""
I would suggest to have a mock in place for local use, something that can be switched on and off when needed. Sometimes the best way to validate something is going straight to prod, but in most of the cases, mocks are all we need, specially if we want to validate one scenario that is hard to replicate on a real world

wiremock is something we use for our automated tests and the same can be used for mocks. There is a docker image that can be used, and you just need to supply it with json files to work as intended

https://wiremock.org/
"""

In backend/backend/pom.xml:1

https://github.com/bcgov/nr-spar/security/code-scanning/21
https://avd.aquasec.com/nvd/2022/cve-2022-1471/
https://www.veracode.com/blog/research/resolving-cve-2022-1471-snakeyaml-20-release-0

Contents require login.

https://github.com/bcgov/nr-spar/security/dependabot/8

Secret: keycloak-realm-url does not exist in the code base. Ether abandoned or, more likely, manually added.

https://github.com/bcgov/nr-spar-backend/blob/9d19258604fcf4ec44d167f6f60ffa0a519fe15e/backend/openshift.deploy.yml#L112

org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'forestClientEndpoint' defined in URL [jar:file:/app/app.jar!/BOOT-INF/classes!/ca/bc/gov/backendstartapi/endpoint/ForestClientEndpoint.class]: Unsatisfied dependency expressed through constructor parameter 0: Error creating bean with name 'forestClientService' defined in URL [jar:file:/app/app.jar!/BOOT-INF/classes!/ca/bc/gov/backendstartapi/service/ForestClientService.class]: Unsatisfied dependency expressed through constructor parameter 0: Error creating bean with name 'forestClientApiProvider' defined in URL [jar:file:/app/app.jar!/BOOT-INF/classes!/ca/bc/gov/backendstartapi/service/ForestClientApiProvider.class]: Unexpected exception during bean creation

DEV backends are configured to point to Test Keycloak. This isn't as bad as where DEV pointed to PROD Oracle API, but still not desirable.

As before, this appears to have been configured MANUALLY so the problem could not be uncovered with a search.

https://console.apps.silver.devops.gov.bc.ca/k8s/ns/b9d53b-dev/secrets/nr-spar-backend

data:
  allowed_origins: http://localhost:300*,https://*.apps.silver.devops.gov.bc.ca
  forest-client-api.address: https://nr-forest-client-api-prod.api.gov.bc.ca/api
  forest-client-api.key: <REDACTED>
  keycloak-realm-url: https://test.loginproxy.gov.bc.ca/auth/realms/standard

Verification paths and readiness probes don't match, so it can appear that deployments have finished, but they have still failed. The deployer action is preventing this, but it should be handled at the deployment template level, not rely on outside tools.

Try to use less resources to enable more DEV environments and higher scaling of TEST and PROD replica sets.

Use Docker Compose for the entire stack, including anything that would be stored in environment files.

No Project Lifecycle Badge found in your readme!

Hello! I scanned your readme and could not find a project lifecycle badge. A project lifecycle badge will provide contributors to your project as well as other stakeholders (platform services, executive) insight into the lifecycle of your repository.

What is a Project Lifecycle Badge?

It is a simple image that neatly describes your project's stage in its lifecycle. More information can be found in the project lifecycle badges documentation.

What do I need to do?

I suggest you make a PR into your README.md and add a project lifecycle badge near the top where it is easy for your users to pick it up :). Once it is merged feel free to close this issue. I will not open up a new one :)

Most efforts have been focused on DEV so far. Next, get TEST and PROD running just as smoothly.

The same test commands should be run locally as in the pipeline.

• group decision on what gets run
• put the selected code into npm scripts
• run the same commands locally and in workflows
• some differences are acceptable (e.g. generating coverage for workflows)

TEST database is receiving queries and data from FME, causing an OOM crash. The likely fix is to dial up the memory limit.

Troubleshooting:
oc describe pod/nr-spar-test-database-10-4qmc5

Screenshot and troubleshooting courtesy of @abschwenker.

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Awaiting Schedule

These updates are awaiting their schedule. Click on a checkbox to get an update now.

• chore(deps): lock file maintenance npm all non-major dependencies (undefined, sass)

Pending Status Checks

These updates await pending status checks. To force their creation now, click the checkbox below.

• chore(deps): update caddy docker tag to v2.7.3
• fix(deps): update dependency @testing-library/jest-dom to v6

Other Branches

These updates are pending. To force PRs open, click the checkbox below.

• chore(deps): update github actions all non-major dependencies (aquasecurity/trivy-action, bcgov-nr/action-builder-ghcr, bcgov-nr/action-deployer-openshift, bcgov-nr/action-test-and-analyse, bcgov-nr/action-test-and-analyse-java)
• chore(deps): update bcgov-nr/action-test-and-analyse action to v1
• chore(deps): update cypress/included docker tag to v12
• chore(deps): update dependency ubuntu to v22

Ignored or Blocked

These are blocked by an existing closed PR and will not be recreated unless you click a checkbox below.

• fix(deps): update dependency jest to v29.6.2
• chore(deps): update node.js to v20
• chore(deps): update postgis/postgis docker tag to v15
• fix(deps): update dependency keycloak-js to v22

Detected dependencies

@RMCampos has identified some Oracle API misconfigurations, likely caused by me and the hasty repo stact merger/consolidation. Please fix that!

DEV and TEST are potentially exposing real PROD data. This is barely mitigated using an API stored locally.

Request access to a TEST environment, use that. Ideally DEV will use mock data, which is going into another ticket.

https://api.gov.bc.ca/devportal/api-directory/3179?preview=false

Roll two or three of the SPAR repos together to simplify.

Refactor and rework are needed for the submitted PR #100

A new branch is created: https://github.com/bcgov/nr-spar/tree/feat/603-parent-tree-tables-v2

The main issue is that the table data are not stored in state but stored in a Ref object. There is also no linkage between this component to the parent component like other steps. A lot of duplicated lines as well. 30%+.

This is a complex task implementing Step 5 of the seedlot registration flow.

The design can be found here

There are three tabs of pages to be implemented within this step:

Cone and pollen count
SMP success on parent
Calculation of SMP mix

Users can upload a sheet(csv, xml etc.) file, but this file has to be processed by the back end first, so the working status of the related endpoint can be a potential blocker. 

Sabina also mentioned that step 4 and 5 are dependent on each other, so we need to confirm what exactly needs to be linked or associated. 

Definition of done: 

Rendered elements working as designed for all 3 tabs
Uploading files of different allowed types working
Process then populate the table with the json data replied from the back-end working
Upload modal implemented

Inconsistent CORS errors are creeping up inconsistently between the Frontend and Backend. One of many ways to replicate: check the networking tab while clicking a favourite seedlot.

Update: could be the Frontend's preflight request header.

Ensure CORS response header values are valid
A cross-origin resource sharing (CORS) request was blocked because of invalid or missing response headers of the request or the associated preflight request .
To fix this issue, ensure the response to the CORS request and/or the associated preflight request are not missing headers and use valid header values.
Note that if an opaque response is sufficient, the request's mode can be set to no-cors to fetch the resource with CORS disabled; that way CORS headers are not required but the response content is inaccessible (opaque).

Oracle-api TEST deployment is failing. There is currently no functional deployment from the previous repository to copy.

TL;DR 🏎️

Teams are encouraged to favour modern inclusive phrasing both in their communication as well as in any source checked into their repositories. You'll find a table at the end of this text with preferred phrasing to socialize with your team.

Words Matter

We're aligning our development community to favour inclusive phrasing for common technical expressions. There is a table below that outlines the phrases that are being retired along with the preferred alternatives.

During your team scrum, technical meetings, documentation, the code you write, etc. use the inclusive phrasing from the table below. That's it - it really is that easy.

For the curious mind, the Public Service Agency (PSA) has published a guide describing how Words Matter in our daily communication. Its an insightful read and a good reminder to be curious and open minded.

What about the master branch?

The word "master" is not inherently bad or non-inclusive. For example people get a masters degree; become a master of their craft; or master a skill. It's generally when the word "master" is used along side the word "slave" that it becomes non-inclusive.

Some teams choose to use the word main for the default branch of a repo as opposed to the more commonly used master branch. While it's not required or recommended, your team is empowered to do what works for them. If you do rename the master branch consider using main so that we have consistency among the repos within our organization.

Preferred Phrasing

Pro Tip 🤓

This list is not comprehensive. If you're aware of other outdated nomenclature please create an issue (PR preferred) with your suggestion.

Describe the task
Investigate why port-forwarding to Postgres DB connection to pod on test is getting dropped.

Acceptance Criteria

• Increase connection pool to handle up to 100 connections.
• FME processes running without losting connection with pod.

Additional context

• This is part of the task FSADT2-600

@thiagosanchezenc feel free to add comments!

Make combined workflows consistent and, of course, working.

Describe the task
The current env vars setup emits warning in local development.
This task will change how we read env vars, the plan is to use the dotenv package from NPM.

Acceptance Criteria

• Everything should work as intended as before this change

https://github.com/bcgov/nr-spar/security/code-scanning/7
https://github.com/bcgov/nr-spar/security/code-scanning/8

Frontend unhandled paths are returning 200 codes, which is unexpected behaviour. This, for example, passed in the pipeline, despite the path not existing.

https://nr-spar-116-frontend.apps.silver.devops.gov.bc.ca/actuator/health

Use Alpine base images to lessen resource consumption and avoid potential licensing issues. Red Hat also tends to hide their dockerfiles behind a paywall, which can make troubleshooting difficult.

This would be the case for our components. Databases or anything else with an official container should continue to use those.

Describe the task
A clear and concise description of what the task is.

Replace react-scripts and webpack with vite. (We already did this in the past, on the sample webapp, that now is merged into QuickStart template: https://github.com/bcgov/quickstart-openshift/blob/main/frontend-react/vite.config.ts)

Acceptance Criteria

• Build and run locally smoothly
• Build and fun smoothly on Docker
• Tests passing locally
• Tests passing on CI

Additional context

• With this task we also can remove that env.js file in public.html and use something else. Maybe update to use Caddy. But I'm not sure if could do all of that in the same issue.

Sort out deployment inconsistencies. Backend in particular likes to fail inconsistently in OpenShift. I'm hoping that cloud native will make this a non-factor.

The Cypress Nightly workflow has been failing for the past five months. The workflow has been brought over to the new repo, but will not be re-enabled until it is passing.

https://github.com/bcgov/nr-spar-webapp/actions/workflows/cypress-nightly.yml?page=7

swagger documentation links are not working

• postgres PR + test + prod
• oracle PR + test + prod

I think we'll probably need to run all the backends when validating, testing locally or simply running it locally. Today we have separate docker compose files.

What do you guys think?
cc: @DerekRoberts @craigyu (feel free to request more opinions!)

Trivy appears to be configured correctly, but is failing on PR vs main branch comparison. Investigate and correct.

TL;DR

Topics greatly improve the discoverability of repos; please add the short code from the table below to the topics of your repo so that ministries can use GitHub's search to find out what repos belong to them and other visitors can find useful content (and reuse it!).

Why Topic

In short order we'll add our 800th repo. This large number clearly demonstrates the success of using GitHub and our Open Source initiative. This huge success means it's critical that we work to make our content as discoverable as possible. Through discoverability, we promote code reuse across a large decentralized organization like the Government of British Columbia as well as allow ministries to find the repos they own.

What to do

Below is a table of abbreviation a.k.a short codes for each ministry; they're the ones used in all @gov.bc.ca email addresses. Please add the short codes of the ministry or organization that "owns" this repo as a topic.

That's it, you're done!!!

How to use

Once topics are added, you can use them in GitHub's search. For example, enter something like org:bcgov topic:citz to find all the repos that belong to Citizens' Services. You can refine this search by adding key words specific to a subject you're interested in. To learn more about searching through repos check out GitHub's doc on searching.

Pro Tip 🤓

• If your org is not in the list below, or the table contains errors, please create an issue here.

• While you're doing this, add additional topics that would help someone searching for "something". These can be the language used javascript or R; something like opendata or data for data only repos; or any other key words that are useful.

• Add a meaningful description to your repo. This is hugely valuable to people looking through our repositories.

• If your application is live, add the production URL.

Ministry Short Codes

NOTE See an error or omission? Please create an issue here to get it remedied.

Pod counts for TEST and PROD have been set to one for consistent deployment in our resource-strained environments. Increase more space (already done) and then increase pod counts (not done until more space provided).

Alternatively, if we can lower resource consumtion with Java cloud native it would reduce resource consuption as well. That's a bigger ask, so we can revist later.

Combining repos has made a real mess of documentation. Please review and resolve.

Success: https://github.com/bcgov/nr-spar/actions/runs/4931422697/jobs/8813438290
Fail: https://github.com/bcgov/nr-spar/actions/runs/4931720417/jobs/8814129572?pr=91