From ea6c9635abd747ce021e7fb30864548874c94b3c Mon Sep 17 00:00:00 2001 From: Daniel Ryan Date: Thu, 5 Jun 2025 08:27:28 -1000 Subject: [PATCH 01/46] enable multitenancy --- .github/templates/instance.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/templates/instance.yaml b/.github/templates/instance.yaml index 06e105d..823979c 100644 --- a/.github/templates/instance.yaml +++ b/.github/templates/instance.yaml @@ -55,6 +55,8 @@ cdata: slack: 4643444B5541535544424141454E545041325246353431324354303100000000000000000000000050524F434553534D00004635523734413735455A32360000 gmail: 4431444B5541535544424141454E545041325246353431324354303100000000000000000000000050524F434553534D00005356434441465847303144570000 api: 4641444B5541535544424141454E545041325246353431324354303100000000000000000000000050524F434553534D00004750533442365456343939530000 +multitenancy: + enable: true microservices: scriptExecutor: enable: true From 50bfec0051dce74406339f1548f3c65bc4dc864a Mon Sep 17 00:00:00 2001 From: Daniel Ryan Date: Thu, 5 Jun 2025 15:39:51 -1000 Subject: [PATCH 02/46] use rds admin user creds from secrets for landlord --- .github/scripts/deploy-instance.sh | 12 +++--------- .github/templates/instance.yaml | 2 +- .github/workflows/deploy-pm4.yml | 2 ++ 3 files changed, 6 insertions(+), 10 deletions(-) diff --git a/.github/scripts/deploy-instance.sh b/.github/scripts/deploy-instance.sh index 853776a..66a0deb 100644 --- a/.github/scripts/deploy-instance.sh +++ b/.github/scripts/deploy-instance.sh @@ -8,16 +8,10 @@ if ! kubectl get namespace/ci-{{INSTANCE}}-ns-pm4 >/dev/null 2>&1; then echo "New instance. Creating Namespace" kubectl create namespace ci-{{INSTANCE}}-ns-pm4 echo "Creating DB" - # Generate random password - echo "Generating MySQL Password" - export MYSQL_PASSWORD=$(openssl rand -base64 12 | tr -dc 'a-zA-Z0-9' | head -c 16) + # Use admin password from secrets echo "Update instance yamls" - echo "Current Directory" - pwd - ls -lah - - sed -i "s/{{MYSQL_PASSWORD}}/$MYSQL_PASSWORD/" .github/templates/db.yaml - + sed -i "s/{{MYSQL_USERNAME}}/$RDS_ADMIN_USERNAME/" .github/templates/db.yaml + sed -i "s/{{MYSQL_PASSWORD}}/$RDS_ADMIN_PASSWORD/" .github/templates/db.yaml echo "Creating DB :: pm4_ci-{{INSTANCE}}" cat .github/templates/db.yaml kubectl apply -f .github/templates/db.yaml --v=4 diff --git a/.github/templates/instance.yaml b/.github/templates/instance.yaml index 823979c..48a59cc 100644 --- a/.github/templates/instance.yaml +++ b/.github/templates/instance.yaml @@ -30,7 +30,7 @@ database: deploy: false host: pm4-eng-stm-rds-cluster.cluster-ckz0mnb6cuna.us-east-1.rds.amazonaws.com name: pm4_ci-{{INSTANCE}} - username: user_ci-{{INSTANCE}} + username: {{MYSQL_USER}} password: {{MYSQL_PASSWORD}} analytics: awsRegion: us-east-1 diff --git a/.github/workflows/deploy-pm4.yml b/.github/workflows/deploy-pm4.yml index 4324209..4fb5c8b 100644 --- a/.github/workflows/deploy-pm4.yml +++ b/.github/workflows/deploy-pm4.yml @@ -143,6 +143,8 @@ jobs: KEYCLOAK_CLIENT_SECRET: ${{ secrets.KEYCLOAK_CLIENT_SECRET }} KEYCLOAK_PASSWORD: ${{ secrets.KEYCLOAK_PASSWORD }} CUSTOMER_LICENSES_PAT: ${{ secrets.CUSTOMER_LICENSES_PAT }} + RDS_ADMIN_USERNAME: ${{ secrets.RDS_ADMIN_USERNAME }} + RDS_ADMIN_PASSWORD: ${{ secrets.RDS_ADMIN_PASSWORD }} run: | instance=$(echo -n ${{env.IMAGE_TAG}} | md5sum | head -c 10) sed -i 's/{{INSTANCE}}/'"$instance"'/g' .github/scripts/deploy-instance.sh From afed9d6e82e77c625ce579e33704133b09bf9d41 Mon Sep 17 00:00:00 2001 From: Nolan Ehrstrom Date: Wed, 11 Jun 2025 17:29:32 -0700 Subject: [PATCH 03/46] Update deploy-pm4.yml --- .github/workflows/deploy-pm4.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy-pm4.yml b/.github/workflows/deploy-pm4.yml index 4fb5c8b..8092802 100644 --- a/.github/workflows/deploy-pm4.yml +++ b/.github/workflows/deploy-pm4.yml @@ -34,7 +34,7 @@ concurrency: jobs: imageEKS: name: build-docker-image-EKS - if: github.event.action != 'closed' + if: github.event.action != 'closed' && !contains(github.event.pull_request.body, 'ci:skip-build') runs-on: ${{ vars.RUNNER }} steps: From 818371afaaafa4be064841a50cb9f4900008c4fc Mon Sep 17 00:00:00 2001 From: Nolan Ehrstrom Date: Wed, 11 Jun 2025 17:37:19 -0700 Subject: [PATCH 04/46] Update deploy-pm4.yml --- .github/workflows/deploy-pm4.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/deploy-pm4.yml b/.github/workflows/deploy-pm4.yml index 8092802..176f573 100644 --- a/.github/workflows/deploy-pm4.yml +++ b/.github/workflows/deploy-pm4.yml @@ -34,7 +34,7 @@ concurrency: jobs: imageEKS: name: build-docker-image-EKS - if: github.event.action != 'closed' && !contains(github.event.pull_request.body, 'ci:skip-build') + if: github.event.action != 'closed' runs-on: ${{ vars.RUNNER }} steps: @@ -53,6 +53,7 @@ jobs: RESOLVED_IMAGE_TAG=${{ env.IMAGE_TAG }} echo "IMAGE=${{ secrets.REGISTRY_HOST }}/processmaker/enterprise:$RESOLVED_IMAGE_TAG" >> $GITHUB_ENV - name: Generate image EKS + if: !contains(github.event.pull_request.body, 'ci:skip-build') run: | cd pm4-k8s-distribution/images export CI_RELEASE_BRANCH=$RELEASE_BRANCH @@ -80,6 +81,7 @@ jobs: username: ${{ secrets.REGISTRY_USERNAME }} password: ${{ secrets.REGISTRY_PASSWORD }} - name: Push Enterprise Image to Harbor + if: !contains(github.event.pull_request.body, 'ci:skip-build') run: | docker tag processmaker/enterprise:${{env.IMAGE_TAG}} ${{ secrets.REGISTRY_HOST }}/processmaker/enterprise:${{env.IMAGE_TAG}} docker push ${{ secrets.REGISTRY_HOST }}/processmaker/enterprise:${{env.IMAGE_TAG}} From 60e1da4122bd1ac1dfc213eefed40922a9df404e Mon Sep 17 00:00:00 2001 From: Nolan Ehrstrom Date: Wed, 11 Jun 2025 17:40:45 -0700 Subject: [PATCH 05/46] Update deploy-pm4.yml --- .github/workflows/deploy-pm4.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy-pm4.yml b/.github/workflows/deploy-pm4.yml index 176f573..17cee28 100644 --- a/.github/workflows/deploy-pm4.yml +++ b/.github/workflows/deploy-pm4.yml @@ -53,7 +53,7 @@ jobs: RESOLVED_IMAGE_TAG=${{ env.IMAGE_TAG }} echo "IMAGE=${{ secrets.REGISTRY_HOST }}/processmaker/enterprise:$RESOLVED_IMAGE_TAG" >> $GITHUB_ENV - name: Generate image EKS - if: !contains(github.event.pull_request.body, 'ci:skip-build') + if: ${{ !contains(github.event.pull_request.body, 'ci:skip-build') }} run: | cd pm4-k8s-distribution/images export CI_RELEASE_BRANCH=$RELEASE_BRANCH From 05dde5db2f436cf41d83337901227353c3a4efe2 Mon Sep 17 00:00:00 2001 From: Nolan Ehrstrom Date: Wed, 11 Jun 2025 17:43:00 -0700 Subject: [PATCH 06/46] Update deploy-pm4.yml --- .github/workflows/deploy-pm4.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy-pm4.yml b/.github/workflows/deploy-pm4.yml index 17cee28..c571ada 100644 --- a/.github/workflows/deploy-pm4.yml +++ b/.github/workflows/deploy-pm4.yml @@ -81,7 +81,7 @@ jobs: username: ${{ secrets.REGISTRY_USERNAME }} password: ${{ secrets.REGISTRY_PASSWORD }} - name: Push Enterprise Image to Harbor - if: !contains(github.event.pull_request.body, 'ci:skip-build') + if: ${{ !contains(github.event.pull_request.body, 'ci:skip-build') }} run: | docker tag processmaker/enterprise:${{env.IMAGE_TAG}} ${{ secrets.REGISTRY_HOST }}/processmaker/enterprise:${{env.IMAGE_TAG}} docker push ${{ secrets.REGISTRY_HOST }}/processmaker/enterprise:${{env.IMAGE_TAG}} From 0db32b63f39c51938ce6adefa0c4dc9b9d982cd9 Mon Sep 17 00:00:00 2001 From: Nolan Ehrstrom Date: Fri, 20 Jun 2025 16:17:17 -0700 Subject: [PATCH 07/46] Add multitenancy env var --- .github/workflows/deploy-pm4.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/deploy-pm4.yml b/.github/workflows/deploy-pm4.yml index c571ada..5a278b9 100644 --- a/.github/workflows/deploy-pm4.yml +++ b/.github/workflows/deploy-pm4.yml @@ -25,6 +25,7 @@ env: DOM_EKS: ${{ secrets.DOM_EKS }} GITHUB_TOKEN: ${{ secrets.GIT_TOKEN }} BUILD_BASE: ${{ (contains(github.event.pull_request.body, 'ci:build-base') || github.event_name == 'schedule') && '1' || '0' }} + MULTITENANCY: ${{ (contains(github.event.pull_request.body, 'ci:multitenancy')) && true || false }} BASE_IMAGE: ${{ secrets.REGISTRY_HOST }}/processmaker/processmaker:base CUSTOMER_LICENSES_PAT: ${{ secrets.CUSTOMER_LICENSES_PAT }} # K8S_BRANCH: ${{ contains(github.event.pull_request.body, 'ci:next') && 'next' || 'release-2024-fall' }} From 99e7b3c9270dca8a9f753cab5e7af667e39f03cd Mon Sep 17 00:00:00 2001 From: Daniel Date: Fri, 27 Jun 2025 13:13:02 -1000 Subject: [PATCH 08/46] Update deploy-instance.sh --- .github/scripts/deploy-instance.sh | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/.github/scripts/deploy-instance.sh b/.github/scripts/deploy-instance.sh index 66a0deb..ce57059 100644 --- a/.github/scripts/deploy-instance.sh +++ b/.github/scripts/deploy-instance.sh @@ -10,6 +10,9 @@ if ! kubectl get namespace/ci-{{INSTANCE}}-ns-pm4 >/dev/null 2>&1; then echo "Creating DB" # Use admin password from secrets echo "Update instance yamls" + + export RDS_ADMIN_PASSWORD=$RDS_ADMIN_PASSWORD + export RDS_ADMIN_USERNAME=$RDS_ADMIN_USERNAME sed -i "s/{{MYSQL_USERNAME}}/$RDS_ADMIN_USERNAME/" .github/templates/db.yaml sed -i "s/{{MYSQL_PASSWORD}}/$RDS_ADMIN_PASSWORD/" .github/templates/db.yaml echo "Creating DB :: pm4_ci-{{INSTANCE}}" @@ -30,7 +33,8 @@ if ! kubectl get namespace/ci-{{INSTANCE}}-ns-pm4 >/dev/null 2>&1; then echo "Removing Job" kubectl delete job mysql-setup-job-ci-{{INSTANCE}} echo "Deploying Instance :: ci-{{INSTANCE}}" - sed -i "s/{{MYSQL_PASSWORD}}/$MYSQL_PASSWORD/g" .github/templates/instance.yaml + sed -i "s/{{MYSQL_PASSWORD}}/$RDS_ADMIN_PASSWORD/" .github/templates/instance.yaml + sed -i "s/{{MYSQL_USERNAME}}/$RDS_ADMIN_USERNAME/" .github/templates/instance.yaml cat .github/templates/instance.yaml helm install --timeout 75m -f .github/templates/instance.yaml ci-{{INSTANCE}} processmaker/enterprise \ @@ -55,4 +59,4 @@ fi export INSTANCE_URL=https://ci-{{INSTANCE}}$DOM_EKS echo "INSTANCE_URL=${INSTANCE_URL}" >> "$GITHUB_ENV" -./pm4-k8s-distribution/images/pm4-tools/pm wait-for-instance-ready \ No newline at end of file +./pm4-k8s-distribution/images/pm4-tools/pm wait-for-instance-ready From 809e25dcb8fa46d673e563486760fe8152d0451f Mon Sep 17 00:00:00 2001 From: Daniel Date: Mon, 30 Jun 2025 10:36:26 -1000 Subject: [PATCH 09/46] Update deploy-pm4.yml replace db creds prior to deploy.sh script running --- .github/workflows/deploy-pm4.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/deploy-pm4.yml b/.github/workflows/deploy-pm4.yml index 5a278b9..546b127 100644 --- a/.github/workflows/deploy-pm4.yml +++ b/.github/workflows/deploy-pm4.yml @@ -157,6 +157,8 @@ jobs: sed -i 's/{{KEYCLOAK_CLIENT_SECRET}}/'"${{env.KEYCLOAK_CLIENT_SECRET}}"'/g' .github/templates/instance.yaml sed -i 's/{{KEYCLOAK_PASSWORD}}/'"${{env.KEYCLOAK_PASSWORD}}"'/g' .github/templates/instance.yaml sed -i 's/{{CUSTOMER_LICENSES_PAT}}/'"${{env.CUSTOMER_LICENSES_PAT}}"'/g' .github/templates/instance.yaml + sed -i 's/{{MYSQL_USERNAME}}/'"${{env.RDS_ADMIN_USERNAME}}"'/' .github/templates/instance.yaml + sed -i 's/{{MYSQL_PASSWORD}}/'"${{env.RDS_ADMIN_PASSWORD}}"'/' .github/templates/instance.yaml chmod +x .github/scripts/deploy-instance.sh bash .github/scripts/deploy-instance.sh export INSTANCE_URL="https://ci-$instance.engk8s.processmaker.net" From 7553c3af77c5f84e412b9589cae44b05aa241128 Mon Sep 17 00:00:00 2001 From: Daniel Date: Mon, 30 Jun 2025 11:16:04 -1000 Subject: [PATCH 10/46] Update deploy-pm4.yml fix seds --- .github/workflows/deploy-pm4.yml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/workflows/deploy-pm4.yml b/.github/workflows/deploy-pm4.yml index 546b127..2e6a340 100644 --- a/.github/workflows/deploy-pm4.yml +++ b/.github/workflows/deploy-pm4.yml @@ -150,15 +150,15 @@ jobs: RDS_ADMIN_PASSWORD: ${{ secrets.RDS_ADMIN_PASSWORD }} run: | instance=$(echo -n ${{env.IMAGE_TAG}} | md5sum | head -c 10) - sed -i 's/{{INSTANCE}}/'"$instance"'/g' .github/scripts/deploy-instance.sh - sed -i 's/{{INSTANCE}}/'"$instance"'/g' .github/templates/instance.yaml - sed -i 's/{{INSTANCE}}/'"$instance"'/g' .github/templates/db.yaml - sed -i 's/{{IMAGE_TAG}}/'"${{env.IMAGE_TAG}}"'/g' .github/templates/instance.yaml - sed -i 's/{{KEYCLOAK_CLIENT_SECRET}}/'"${{env.KEYCLOAK_CLIENT_SECRET}}"'/g' .github/templates/instance.yaml - sed -i 's/{{KEYCLOAK_PASSWORD}}/'"${{env.KEYCLOAK_PASSWORD}}"'/g' .github/templates/instance.yaml - sed -i 's/{{CUSTOMER_LICENSES_PAT}}/'"${{env.CUSTOMER_LICENSES_PAT}}"'/g' .github/templates/instance.yaml - sed -i 's/{{MYSQL_USERNAME}}/'"${{env.RDS_ADMIN_USERNAME}}"'/' .github/templates/instance.yaml - sed -i 's/{{MYSQL_PASSWORD}}/'"${{env.RDS_ADMIN_PASSWORD}}"'/' .github/templates/instance.yaml + sed -i "s/{{INSTANCE}}/$instance/g" .github/scripts/deploy-instance.sh + sed -i "s/{{INSTANCE}}/$instance/g" .github/templates/instance.yaml + sed -i "s/{{INSTANCE}}/$instance/g" .github/templates/db.yaml + sed -i "s/{{IMAGE_TAG}}/$IMAGE_TAG/g" .github/templates/instance.yaml + sed -i "s/{{KEYCLOAK_CLIENT_SECRET}}/$KEYCLOAK_CLIENT_SECRET/g" .github/templates/instance.yaml + sed -i "s/{{KEYCLOAK_PASSWORD}}/$KEYCLOAK_PASSWORD/g" .github/templates/instance.yaml + sed -i "s/{{CUSTOMER_LICENSES_PAT}}/$CUSTOMER_LICENSES_PAT/g" .github/templates/instance.yaml + sed -i "s/{{MYSQL_USER}}/$RDS_ADMIN_USERNAME/" .github/templates/instance.yaml + sed -i "s/{{MYSQL_PASSWORD}}/$RDS_ADMIN_PASSWORD/" .github/templates/instance.yaml chmod +x .github/scripts/deploy-instance.sh bash .github/scripts/deploy-instance.sh export INSTANCE_URL="https://ci-$instance.engk8s.processmaker.net" From b1073ceb826e4ac1421485de9f04205109a0d76f Mon Sep 17 00:00:00 2001 From: Daniel Ryan Date: Mon, 30 Jun 2025 12:50:20 -1000 Subject: [PATCH 11/46] use pipe for delimiter --- .github/workflows/deploy-pm4.yml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/workflows/deploy-pm4.yml b/.github/workflows/deploy-pm4.yml index 2e6a340..649b5f6 100644 --- a/.github/workflows/deploy-pm4.yml +++ b/.github/workflows/deploy-pm4.yml @@ -150,15 +150,15 @@ jobs: RDS_ADMIN_PASSWORD: ${{ secrets.RDS_ADMIN_PASSWORD }} run: | instance=$(echo -n ${{env.IMAGE_TAG}} | md5sum | head -c 10) - sed -i "s/{{INSTANCE}}/$instance/g" .github/scripts/deploy-instance.sh - sed -i "s/{{INSTANCE}}/$instance/g" .github/templates/instance.yaml - sed -i "s/{{INSTANCE}}/$instance/g" .github/templates/db.yaml - sed -i "s/{{IMAGE_TAG}}/$IMAGE_TAG/g" .github/templates/instance.yaml - sed -i "s/{{KEYCLOAK_CLIENT_SECRET}}/$KEYCLOAK_CLIENT_SECRET/g" .github/templates/instance.yaml - sed -i "s/{{KEYCLOAK_PASSWORD}}/$KEYCLOAK_PASSWORD/g" .github/templates/instance.yaml - sed -i "s/{{CUSTOMER_LICENSES_PAT}}/$CUSTOMER_LICENSES_PAT/g" .github/templates/instance.yaml - sed -i "s/{{MYSQL_USER}}/$RDS_ADMIN_USERNAME/" .github/templates/instance.yaml - sed -i "s/{{MYSQL_PASSWORD}}/$RDS_ADMIN_PASSWORD/" .github/templates/instance.yaml + sed -i "s|{{INSTANCE}}|$instance|g" .github/scripts/deploy-instance.sh + sed -i "s|{{INSTANCE}}|$instance|g" .github/templates/instance.yaml + sed -i "s|{{INSTANCE}}|$instance|g" .github/templates/db.yaml + sed -i "s|{{IMAGE_TAG}}|$IMAGE_TAG|g" .github/templates/instance.yaml + sed -i "s|{{KEYCLOAK_CLIENT_SECRET}}|$KEYCLOAK_CLIENT_SECRET|g" .github/templates/instance.yaml + sed -i "s|{{KEYCLOAK_PASSWORD}}|$KEYCLOAK_PASSWORD|g" .github/templates/instance.yaml + sed -i "s|{{CUSTOMER_LICENSES_PAT}}|$CUSTOMER_LICENSES_PAT|g" .github/templates/instance.yaml + sed -i "s|{{MYSQL_USER}}|$RDS_ADMIN_USERNAME|g" .github/templates/instance.yaml + sed -i "s|{{MYSQL_PASSWORD}}|$RDS_ADMIN_PASSWORD|g" .github/templates/instance.yaml chmod +x .github/scripts/deploy-instance.sh bash .github/scripts/deploy-instance.sh export INSTANCE_URL="https://ci-$instance.engk8s.processmaker.net" From e7fd5c7183f3fef7370478f64a6b6421b65690ce Mon Sep 17 00:00:00 2001 From: Daniel Date: Mon, 30 Jun 2025 12:53:32 -1000 Subject: [PATCH 12/46] use landlord admin user for pmai --- .github/templates/instance.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/templates/instance.yaml b/.github/templates/instance.yaml index 48a59cc..9988deb 100644 --- a/.github/templates/instance.yaml +++ b/.github/templates/instance.yaml @@ -14,7 +14,7 @@ deploy: deployDb: false dbHost: pm4-eng-stm-rds-cluster.cluster-ckz0mnb6cuna.us-east-1.rds.amazonaws.com dbName: pm4_ci-{{INSTANCE}}_ai - dbUsername: user_ci-{{INSTANCE}}_ai + dbUsername: {{MYSQL_USER}} dbPassword: {{MYSQL_PASSWORD}} volumes: storageClassName: 'efs-sc' From 8337a5b4f6cacc4d3a0b34f547625ecc2e679b98 Mon Sep 17 00:00:00 2001 From: Nolan Ehrstrom Date: Mon, 30 Jun 2025 16:14:00 -0700 Subject: [PATCH 13/46] Make string --- .github/workflows/deploy-pm4.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy-pm4.yml b/.github/workflows/deploy-pm4.yml index 649b5f6..5e7dc0c 100644 --- a/.github/workflows/deploy-pm4.yml +++ b/.github/workflows/deploy-pm4.yml @@ -25,7 +25,7 @@ env: DOM_EKS: ${{ secrets.DOM_EKS }} GITHUB_TOKEN: ${{ secrets.GIT_TOKEN }} BUILD_BASE: ${{ (contains(github.event.pull_request.body, 'ci:build-base') || github.event_name == 'schedule') && '1' || '0' }} - MULTITENANCY: ${{ (contains(github.event.pull_request.body, 'ci:multitenancy')) && true || false }} + MULTITENANCY: ${{ (contains(github.event.pull_request.body, 'ci:multitenancy')) && 'true' || 'false' }} BASE_IMAGE: ${{ secrets.REGISTRY_HOST }}/processmaker/processmaker:base CUSTOMER_LICENSES_PAT: ${{ secrets.CUSTOMER_LICENSES_PAT }} # K8S_BRANCH: ${{ contains(github.event.pull_request.body, 'ci:next') && 'next' || 'release-2024-fall' }} From 85826fdc88f3b7327e02a3c8b76b88919b71126f Mon Sep 17 00:00:00 2001 From: Daniel Ryan Date: Mon, 30 Jun 2025 15:36:15 -1000 Subject: [PATCH 14/46] remove image build for testing. echo env vars --- .github/workflows/deploy-pm4.yml | 129 ++++++++++++++++--------------- 1 file changed, 68 insertions(+), 61 deletions(-) diff --git a/.github/workflows/deploy-pm4.yml b/.github/workflows/deploy-pm4.yml index 5e7dc0c..2514c59 100644 --- a/.github/workflows/deploy-pm4.yml +++ b/.github/workflows/deploy-pm4.yml @@ -33,64 +33,64 @@ concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true jobs: - imageEKS: - name: build-docker-image-EKS - if: github.event.action != 'closed' - runs-on: ${{ vars.RUNNER }} - steps: + #imageEKS: + # name: build-docker-image-EKS + # if: github.event.action != 'closed' + # runs-on: ${{ vars.RUNNER }} + # steps: - - name: Checkout - uses: actions/checkout@v4 - with: - repository: processmaker/.github + # - name: Checkout + # uses: actions/checkout@v4 + # with: + # repository: processmaker/.github - - name: Common - uses: ./.github/actions/common - with: - token: ${{ secrets.GIT_TOKEN }} + # - name: Common + # uses: ./.github/actions/common + # with: + # token: ${{ secrets.GIT_TOKEN }} - - name: Set image name - run: | - RESOLVED_IMAGE_TAG=${{ env.IMAGE_TAG }} - echo "IMAGE=${{ secrets.REGISTRY_HOST }}/processmaker/enterprise:$RESOLVED_IMAGE_TAG" >> $GITHUB_ENV - - name: Generate image EKS - if: ${{ !contains(github.event.pull_request.body, 'ci:skip-build') }} - run: | - cd pm4-k8s-distribution/images - export CI_RELEASE_BRANCH=$RELEASE_BRANCH - branch=$(echo "${{ env.CI_PACKAGE_BRANCH }}" | sed 's/refs-heads-//g') tag=${{env.IMAGE_TAG}} bash build.k8s-cicd.sh - echo "VERSION=${{ env.IMAGE_TAG }}" >> $GITHUB_ENV - - name: List Images - run: | - docker images - # - name: Run Trivy vulnerability scanner - # uses: aquasecurity/trivy-action@master - # with: - # image-ref: processmaker/enterprise:${{ env.VERSION }} - # format: 'table' - # exit-code: '0' - # ignore-unfixed: false - # vuln-type: 'os,library' - # scanners: 'vuln,secret' - # severity: 'MEDIUM,HIGH,CRITICAL' - # env: - # TRIVY_TIMEOUT: 30m - - name: Login to Harbor - uses: docker/login-action@v2 - with: - registry: ${{ secrets.REGISTRY_HOST }} - username: ${{ secrets.REGISTRY_USERNAME }} - password: ${{ secrets.REGISTRY_PASSWORD }} - - name: Push Enterprise Image to Harbor - if: ${{ !contains(github.event.pull_request.body, 'ci:skip-build') }} - run: | - docker tag processmaker/enterprise:${{env.IMAGE_TAG}} ${{ secrets.REGISTRY_HOST }}/processmaker/enterprise:${{env.IMAGE_TAG}} - docker push ${{ secrets.REGISTRY_HOST }}/processmaker/enterprise:${{env.IMAGE_TAG}} + # - name: Set image name + # run: | + # RESOLVED_IMAGE_TAG=${{ env.IMAGE_TAG }} + # echo "IMAGE=${{ secrets.REGISTRY_HOST }}/processmaker/enterprise:$RESOLVED_IMAGE_TAG" >> $GITHUB_ENV + # - name: Generate image EKS + # if: ${{ !contains(github.event.pull_request.body, 'ci:skip-build') }} + # run: | + # cd pm4-k8s-distribution/images + # export CI_RELEASE_BRANCH=$RELEASE_BRANCH + # branch=$(echo "${{ env.CI_PACKAGE_BRANCH }}" | sed 's/refs-heads-//g') tag=${{env.IMAGE_TAG}} bash build.k8s-cicd.sh + # echo "VERSION=${{ env.IMAGE_TAG }}" >> $GITHUB_ENV + # - name: List Images + # run: | + # docker images + # # - name: Run Trivy vulnerability scanner + # # uses: aquasecurity/trivy-action@master + # # with: + # # image-ref: processmaker/enterprise:${{ env.VERSION }} + # # format: 'table' + # # exit-code: '0' + # # ignore-unfixed: false + # # vuln-type: 'os,library' + # # scanners: 'vuln,secret' + # # severity: 'MEDIUM,HIGH,CRITICAL' + # # env: + # # TRIVY_TIMEOUT: 30m + # - name: Login to Harbor + # uses: docker/login-action@v2 + # with: + # registry: ${{ secrets.REGISTRY_HOST }} + # username: ${{ secrets.REGISTRY_USERNAME }} + # password: ${{ secrets.REGISTRY_PASSWORD }} + # - name: Push Enterprise Image to Harbor + # if: ${{ !contains(github.event.pull_request.body, 'ci:skip-build') }} + # run: | + # docker tag processmaker/enterprise:${{env.IMAGE_TAG}} ${{ secrets.REGISTRY_HOST }}/processmaker/enterprise:${{env.IMAGE_TAG}} + # docker push ${{ secrets.REGISTRY_HOST }}/processmaker/enterprise:${{env.IMAGE_TAG}} deployEKS: name: deploy-EKS if: contains(github.event.pull_request.body, 'ci:deploy') - needs: imageEKS + #needs: imageEKS runs-on: ${{ vars.RUNNER }} steps: - name: Checkout .github repo @@ -150,15 +150,22 @@ jobs: RDS_ADMIN_PASSWORD: ${{ secrets.RDS_ADMIN_PASSWORD }} run: | instance=$(echo -n ${{env.IMAGE_TAG}} | md5sum | head -c 10) - sed -i "s|{{INSTANCE}}|$instance|g" .github/scripts/deploy-instance.sh - sed -i "s|{{INSTANCE}}|$instance|g" .github/templates/instance.yaml - sed -i "s|{{INSTANCE}}|$instance|g" .github/templates/db.yaml - sed -i "s|{{IMAGE_TAG}}|$IMAGE_TAG|g" .github/templates/instance.yaml - sed -i "s|{{KEYCLOAK_CLIENT_SECRET}}|$KEYCLOAK_CLIENT_SECRET|g" .github/templates/instance.yaml - sed -i "s|{{KEYCLOAK_PASSWORD}}|$KEYCLOAK_PASSWORD|g" .github/templates/instance.yaml - sed -i "s|{{CUSTOMER_LICENSES_PAT}}|$CUSTOMER_LICENSES_PAT|g" .github/templates/instance.yaml - sed -i "s|{{MYSQL_USER}}|$RDS_ADMIN_USERNAME|g" .github/templates/instance.yaml - sed -i "s|{{MYSQL_PASSWORD}}|$RDS_ADMIN_PASSWORD|g" .github/templates/instance.yaml + echo "INSTANCE: $instance" + echo "IMAGE_TAG: $IMAGE_TAG" + echo "KEYCLOAK_CLIENT_SECRET: $KEYCLOAK_CLIENT_SECRET" + echo "KEYCLOAK_PASSWORD: $KEYCLOAK_PASSWORD" + echo "CUSTOMER_LICENSES_PAT: $CUSTOMER_LICENSES_PAT" + echo "RDS_ADMIN_USERNAME: $RDS_ADMIN_USERNAME" + echo "RDS_ADMIN_PASSWORD: $RDS_ADMIN_PASSWORD" + sed -i "s#{{INSTANCE}}#$instance#g" .github/scripts/deploy-instance.sh + sed -i "s#{{INSTANCE}}#$instance#g" .github/templates/instance.yaml + sed -i "s#{{INSTANCE}}#$instance#g" .github/templates/db.yaml + sed -i "s#{{IMAGE_TAG}}#$IMAGE_TAG#g" .github/templates/instance.yaml + sed -i "s#{{KEYCLOAK_CLIENT_SECRET}}#$KEYCLOAK_CLIENT_SECRET#g" .github/templates/instance.yaml + sed -i "s#{{KEYCLOAK_PASSWORD}}#$KEYCLOAK_PASSWORD#g" .github/templates/instance.yaml + sed -i "s#{{CUSTOMER_LICENSES_PAT}}#$CUSTOMER_LICENSES_PAT#g" .github/templates/instance.yaml + sed -i "s#{{MYSQL_USER}}#$RDS_ADMIN_USERNAME#g" .github/templates/instance.yaml + sed -i "s#{{MYSQL_PASSWORD}}#$RDS_ADMIN_PASSWORD#g" .github/templates/instance.yaml chmod +x .github/scripts/deploy-instance.sh bash .github/scripts/deploy-instance.sh export INSTANCE_URL="https://ci-$instance.engk8s.processmaker.net" @@ -167,7 +174,7 @@ jobs: runAPITest: name: Run API Tests - needs: [deployEKS] + #needs: [deployEKS] if: contains(github.event.pull_request.body, 'ci:api-test') runs-on: ${{ vars.RUNNER }} steps: From 005ae7c0f5df6c3cb4c50690135b31266f5cc88f Mon Sep 17 00:00:00 2001 From: Daniel Ryan Date: Mon, 30 Jun 2025 15:37:50 -1000 Subject: [PATCH 15/46] remove needs for phpunit --- .github/workflows/deploy-pm4.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy-pm4.yml b/.github/workflows/deploy-pm4.yml index 2514c59..b8aa821 100644 --- a/.github/workflows/deploy-pm4.yml +++ b/.github/workflows/deploy-pm4.yml @@ -281,7 +281,7 @@ jobs: runPhpUnit: name: run-phpunit if: github.event.action != 'closed' - needs: imageEKS + #needs: imageEKS runs-on: ${{ vars.RUNNER }} steps: - name: Checkout From 1977744e04d94435dcdd258b727ac331f2a7b642 Mon Sep 17 00:00:00 2001 From: Daniel Ryan Date: Mon, 30 Jun 2025 15:45:15 -1000 Subject: [PATCH 16/46] add more debugging --- .github/workflows/deploy-pm4.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/deploy-pm4.yml b/.github/workflows/deploy-pm4.yml index b8aa821..436c400 100644 --- a/.github/workflows/deploy-pm4.yml +++ b/.github/workflows/deploy-pm4.yml @@ -157,6 +157,12 @@ jobs: echo "CUSTOMER_LICENSES_PAT: $CUSTOMER_LICENSES_PAT" echo "RDS_ADMIN_USERNAME: $RDS_ADMIN_USERNAME" echo "RDS_ADMIN_PASSWORD: $RDS_ADMIN_PASSWORD" + echo "Checking if secrets are set:" + echo "KEYCLOAK_CLIENT_SECRET length: ${#KEYCLOAK_CLIENT_SECRET}" + echo "KEYCLOAK_PASSWORD length: ${#KEYCLOAK_PASSWORD}" + echo "CUSTOMER_LICENSES_PAT length: ${#CUSTOMER_LICENSES_PAT}" + echo "RDS_ADMIN_USERNAME length: ${#RDS_ADMIN_USERNAME}" + echo "RDS_ADMIN_PASSWORD length: ${#RDS_ADMIN_PASSWORD}" sed -i "s#{{INSTANCE}}#$instance#g" .github/scripts/deploy-instance.sh sed -i "s#{{INSTANCE}}#$instance#g" .github/templates/instance.yaml sed -i "s#{{INSTANCE}}#$instance#g" .github/templates/db.yaml From e63642b9d26c82c28dcf8efca803922e327579a2 Mon Sep 17 00:00:00 2001 From: Daniel Ryan Date: Mon, 30 Jun 2025 15:59:30 -1000 Subject: [PATCH 17/46] remove ci-user creation --- .github/templates/db.yaml | 12 ++++-------- .github/workflows/deploy-pm4.yml | 2 ++ 2 files changed, 6 insertions(+), 8 deletions(-) diff --git a/.github/templates/db.yaml b/.github/templates/db.yaml index dcccc0f..5316feb 100644 --- a/.github/templates/db.yaml +++ b/.github/templates/db.yaml @@ -16,18 +16,14 @@ spec: # Create databases CREATE DATABASE IF NOT EXISTS \`pm4_ci-{{INSTANCE}}\`; CREATE DATABASE IF NOT EXISTS \`pm4_ci-{{INSTANCE}}_ai\`; - # Create users - CREATE USER IF NOT EXISTS 'user_ci-{{INSTANCE}}'@'%' IDENTIFIED BY '{{MYSQL_PASSWORD}}'; - CREATE USER IF NOT EXISTS 'user_ci-{{INSTANCE}}_ai'@'%' IDENTIFIED BY '{{MYSQL_PASSWORD}}'; - # Grant permissions - GRANT ALL PRIVILEGES ON \`pm4_ci-{{INSTANCE}}\`.* TO 'user_ci-{{INSTANCE}}'@'%'; - GRANT ALL PRIVILEGES ON \`pm4_ci-{{INSTANCE}}_ai\`.* TO 'user_ci-{{INSTANCE}}_ai'@'%'; + # Grant permissions to admin user (no need to create instance-specific users for multitenancy) + GRANT ALL PRIVILEGES ON \`pm4_ci-{{INSTANCE}}\`.* TO '{{MYSQL_USERNAME}}'@'%'; + GRANT ALL PRIVILEGES ON \`pm4_ci-{{INSTANCE}}_ai\`.* TO '{{MYSQL_USERNAME}}'@'%'; FLUSH PRIVILEGES; # Output the created resources SELECT CONCAT('Created database: pm4_', 'ci-{{INSTANCE}}') AS setup_info; SELECT CONCAT('Created database: pm4_', 'ci-{{INSTANCE}}', '_ai') AS setup_info; - SELECT CONCAT('Created user: user_', 'ci-{{INSTANCE}}', '@%') AS setup_info; - SELECT CONCAT('Created user: user_', 'ci-{{INSTANCE}}', '_ai@%') AS setup_info; + SELECT CONCAT('Using admin user: ', '{{MYSQL_USERNAME}}', '@%') AS setup_info; SELECT CONCAT('Password: ', '{{MYSQL_PASSWORD}}') AS setup_info; EOF env: diff --git a/.github/workflows/deploy-pm4.yml b/.github/workflows/deploy-pm4.yml index 436c400..d025b40 100644 --- a/.github/workflows/deploy-pm4.yml +++ b/.github/workflows/deploy-pm4.yml @@ -172,6 +172,8 @@ jobs: sed -i "s#{{CUSTOMER_LICENSES_PAT}}#$CUSTOMER_LICENSES_PAT#g" .github/templates/instance.yaml sed -i "s#{{MYSQL_USER}}#$RDS_ADMIN_USERNAME#g" .github/templates/instance.yaml sed -i "s#{{MYSQL_PASSWORD}}#$RDS_ADMIN_PASSWORD#g" .github/templates/instance.yaml + sed -i "s#{{MYSQL_USERNAME}}#$RDS_ADMIN_USERNAME#g" .github/templates/db.yaml + sed -i "s#{{MYSQL_PASSWORD}}#$RDS_ADMIN_PASSWORD#g" .github/templates/db.yaml chmod +x .github/scripts/deploy-instance.sh bash .github/scripts/deploy-instance.sh export INSTANCE_URL="https://ci-$instance.engk8s.processmaker.net" From dd162ef0e7763e5df5d2b2c34036edb11a6c0473 Mon Sep 17 00:00:00 2001 From: Daniel Ryan Date: Mon, 30 Jun 2025 16:04:32 -1000 Subject: [PATCH 18/46] add debugging --- .github/scripts/deploy-instance.sh | 2 +- .github/workflows/deploy-pm4.yml | 121 ++++++++++++++--------------- 2 files changed, 58 insertions(+), 65 deletions(-) diff --git a/.github/scripts/deploy-instance.sh b/.github/scripts/deploy-instance.sh index ce57059..0bb341d 100644 --- a/.github/scripts/deploy-instance.sh +++ b/.github/scripts/deploy-instance.sh @@ -34,7 +34,7 @@ if ! kubectl get namespace/ci-{{INSTANCE}}-ns-pm4 >/dev/null 2>&1; then kubectl delete job mysql-setup-job-ci-{{INSTANCE}} echo "Deploying Instance :: ci-{{INSTANCE}}" sed -i "s/{{MYSQL_PASSWORD}}/$RDS_ADMIN_PASSWORD/" .github/templates/instance.yaml - sed -i "s/{{MYSQL_USERNAME}}/$RDS_ADMIN_USERNAME/" .github/templates/instance.yaml + sed -i "s/{{MYSQL_USER}}/$RDS_ADMIN_USERNAME/" .github/templates/instance.yaml cat .github/templates/instance.yaml helm install --timeout 75m -f .github/templates/instance.yaml ci-{{INSTANCE}} processmaker/enterprise \ diff --git a/.github/workflows/deploy-pm4.yml b/.github/workflows/deploy-pm4.yml index d025b40..b1139f5 100644 --- a/.github/workflows/deploy-pm4.yml +++ b/.github/workflows/deploy-pm4.yml @@ -33,64 +33,64 @@ concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true jobs: - #imageEKS: - # name: build-docker-image-EKS - # if: github.event.action != 'closed' - # runs-on: ${{ vars.RUNNER }} - # steps: + imageEKS: + name: build-docker-image-EKS + if: github.event.action != 'closed' + runs-on: ${{ vars.RUNNER }} + steps: - # - name: Checkout - # uses: actions/checkout@v4 - # with: - # repository: processmaker/.github + - name: Checkout + uses: actions/checkout@v4 + with: + repository: processmaker/.github - # - name: Common - # uses: ./.github/actions/common - # with: - # token: ${{ secrets.GIT_TOKEN }} + - name: Common + uses: ./.github/actions/common + with: + token: ${{ secrets.GIT_TOKEN }} - # - name: Set image name - # run: | - # RESOLVED_IMAGE_TAG=${{ env.IMAGE_TAG }} - # echo "IMAGE=${{ secrets.REGISTRY_HOST }}/processmaker/enterprise:$RESOLVED_IMAGE_TAG" >> $GITHUB_ENV - # - name: Generate image EKS - # if: ${{ !contains(github.event.pull_request.body, 'ci:skip-build') }} - # run: | - # cd pm4-k8s-distribution/images - # export CI_RELEASE_BRANCH=$RELEASE_BRANCH - # branch=$(echo "${{ env.CI_PACKAGE_BRANCH }}" | sed 's/refs-heads-//g') tag=${{env.IMAGE_TAG}} bash build.k8s-cicd.sh - # echo "VERSION=${{ env.IMAGE_TAG }}" >> $GITHUB_ENV - # - name: List Images - # run: | - # docker images - # # - name: Run Trivy vulnerability scanner - # # uses: aquasecurity/trivy-action@master - # # with: - # # image-ref: processmaker/enterprise:${{ env.VERSION }} - # # format: 'table' - # # exit-code: '0' - # # ignore-unfixed: false - # # vuln-type: 'os,library' - # # scanners: 'vuln,secret' - # # severity: 'MEDIUM,HIGH,CRITICAL' - # # env: - # # TRIVY_TIMEOUT: 30m - # - name: Login to Harbor - # uses: docker/login-action@v2 - # with: - # registry: ${{ secrets.REGISTRY_HOST }} - # username: ${{ secrets.REGISTRY_USERNAME }} - # password: ${{ secrets.REGISTRY_PASSWORD }} - # - name: Push Enterprise Image to Harbor - # if: ${{ !contains(github.event.pull_request.body, 'ci:skip-build') }} - # run: | - # docker tag processmaker/enterprise:${{env.IMAGE_TAG}} ${{ secrets.REGISTRY_HOST }}/processmaker/enterprise:${{env.IMAGE_TAG}} - # docker push ${{ secrets.REGISTRY_HOST }}/processmaker/enterprise:${{env.IMAGE_TAG}} + - name: Set image name + run: | + RESOLVED_IMAGE_TAG=${{ env.IMAGE_TAG }} + echo "IMAGE=${{ secrets.REGISTRY_HOST }}/processmaker/enterprise:$RESOLVED_IMAGE_TAG" >> $GITHUB_ENV + - name: Generate image EKS + if: ${{ !contains(github.event.pull_request.body, 'ci:skip-build') }} + run: | + cd pm4-k8s-distribution/images + export CI_RELEASE_BRANCH=$RELEASE_BRANCH + branch=$(echo "${{ env.CI_PACKAGE_BRANCH }}" | sed 's/refs-heads-//g') tag=${{env.IMAGE_TAG}} bash build.k8s-cicd.sh + echo "VERSION=${{ env.IMAGE_TAG }}" >> $GITHUB_ENV + - name: List Images + run: | + docker images + # - name: Run Trivy vulnerability scanner + # uses: aquasecurity/trivy-action@master + # with: + # image-ref: processmaker/enterprise:${{ env.VERSION }} + # format: 'table' + # exit-code: '0' + # ignore-unfixed: false + # vuln-type: 'os,library' + # scanners: 'vuln,secret' + # severity: 'MEDIUM,HIGH,CRITICAL' + # env: + # TRIVY_TIMEOUT: 30m + - name: Login to Harbor + uses: docker/login-action@v2 + with: + registry: ${{ secrets.REGISTRY_HOST }} + username: ${{ secrets.REGISTRY_USERNAME }} + password: ${{ secrets.REGISTRY_PASSWORD }} + - name: Push Enterprise Image to Harbor + if: ${{ !contains(github.event.pull_request.body, 'ci:skip-build') }} + run: | + docker tag processmaker/enterprise:${{env.IMAGE_TAG}} ${{ secrets.REGISTRY_HOST }}/processmaker/enterprise:${{env.IMAGE_TAG}} + docker push ${{ secrets.REGISTRY_HOST }}/processmaker/enterprise:${{env.IMAGE_TAG}} deployEKS: name: deploy-EKS if: contains(github.event.pull_request.body, 'ci:deploy') - #needs: imageEKS + needs: imageEKS runs-on: ${{ vars.RUNNER }} steps: - name: Checkout .github repo @@ -152,17 +152,6 @@ jobs: instance=$(echo -n ${{env.IMAGE_TAG}} | md5sum | head -c 10) echo "INSTANCE: $instance" echo "IMAGE_TAG: $IMAGE_TAG" - echo "KEYCLOAK_CLIENT_SECRET: $KEYCLOAK_CLIENT_SECRET" - echo "KEYCLOAK_PASSWORD: $KEYCLOAK_PASSWORD" - echo "CUSTOMER_LICENSES_PAT: $CUSTOMER_LICENSES_PAT" - echo "RDS_ADMIN_USERNAME: $RDS_ADMIN_USERNAME" - echo "RDS_ADMIN_PASSWORD: $RDS_ADMIN_PASSWORD" - echo "Checking if secrets are set:" - echo "KEYCLOAK_CLIENT_SECRET length: ${#KEYCLOAK_CLIENT_SECRET}" - echo "KEYCLOAK_PASSWORD length: ${#KEYCLOAK_PASSWORD}" - echo "CUSTOMER_LICENSES_PAT length: ${#CUSTOMER_LICENSES_PAT}" - echo "RDS_ADMIN_USERNAME length: ${#RDS_ADMIN_USERNAME}" - echo "RDS_ADMIN_PASSWORD length: ${#RDS_ADMIN_PASSWORD}" sed -i "s#{{INSTANCE}}#$instance#g" .github/scripts/deploy-instance.sh sed -i "s#{{INSTANCE}}#$instance#g" .github/templates/instance.yaml sed -i "s#{{INSTANCE}}#$instance#g" .github/templates/db.yaml @@ -174,6 +163,10 @@ jobs: sed -i "s#{{MYSQL_PASSWORD}}#$RDS_ADMIN_PASSWORD#g" .github/templates/instance.yaml sed -i "s#{{MYSQL_USERNAME}}#$RDS_ADMIN_USERNAME#g" .github/templates/db.yaml sed -i "s#{{MYSQL_PASSWORD}}#$RDS_ADMIN_PASSWORD#g" .github/templates/db.yaml + echo "=== Checking instance.yaml after replacements ===" + cat .github/templates/instance.yaml + echo "=== Checking db.yaml after replacements ===" + cat .github/templates/db.yaml chmod +x .github/scripts/deploy-instance.sh bash .github/scripts/deploy-instance.sh export INSTANCE_URL="https://ci-$instance.engk8s.processmaker.net" @@ -182,7 +175,7 @@ jobs: runAPITest: name: Run API Tests - #needs: [deployEKS] + needs: [deployEKS] if: contains(github.event.pull_request.body, 'ci:api-test') runs-on: ${{ vars.RUNNER }} steps: @@ -289,7 +282,7 @@ jobs: runPhpUnit: name: run-phpunit if: github.event.action != 'closed' - #needs: imageEKS + needs: imageEKS runs-on: ${{ vars.RUNNER }} steps: - name: Checkout From 66449b27b71998325bbb6034c02c6c4af637b899 Mon Sep 17 00:00:00 2001 From: Daniel Ryan Date: Mon, 30 Jun 2025 16:05:16 -1000 Subject: [PATCH 19/46] debug --- .github/workflows/deploy-pm4.yml | 106 +++++++++++++++---------------- 1 file changed, 53 insertions(+), 53 deletions(-) diff --git a/.github/workflows/deploy-pm4.yml b/.github/workflows/deploy-pm4.yml index b1139f5..038fa46 100644 --- a/.github/workflows/deploy-pm4.yml +++ b/.github/workflows/deploy-pm4.yml @@ -33,64 +33,64 @@ concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true jobs: - imageEKS: - name: build-docker-image-EKS - if: github.event.action != 'closed' - runs-on: ${{ vars.RUNNER }} - steps: + #imageEKS: + # name: build-docker-image-EKS + # if: github.event.action != 'closed' + # runs-on: ${{ vars.RUNNER }} + # steps: - - name: Checkout - uses: actions/checkout@v4 - with: - repository: processmaker/.github + # - name: Checkout + # uses: actions/checkout@v4 + # with: + # repository: processmaker/.github - - name: Common - uses: ./.github/actions/common - with: - token: ${{ secrets.GIT_TOKEN }} + # - name: Common + # uses: ./.github/actions/common + # with: + # token: ${{ secrets.GIT_TOKEN }} - - name: Set image name - run: | - RESOLVED_IMAGE_TAG=${{ env.IMAGE_TAG }} - echo "IMAGE=${{ secrets.REGISTRY_HOST }}/processmaker/enterprise:$RESOLVED_IMAGE_TAG" >> $GITHUB_ENV - - name: Generate image EKS - if: ${{ !contains(github.event.pull_request.body, 'ci:skip-build') }} - run: | - cd pm4-k8s-distribution/images - export CI_RELEASE_BRANCH=$RELEASE_BRANCH - branch=$(echo "${{ env.CI_PACKAGE_BRANCH }}" | sed 's/refs-heads-//g') tag=${{env.IMAGE_TAG}} bash build.k8s-cicd.sh - echo "VERSION=${{ env.IMAGE_TAG }}" >> $GITHUB_ENV - - name: List Images - run: | - docker images - # - name: Run Trivy vulnerability scanner - # uses: aquasecurity/trivy-action@master - # with: - # image-ref: processmaker/enterprise:${{ env.VERSION }} - # format: 'table' - # exit-code: '0' - # ignore-unfixed: false - # vuln-type: 'os,library' - # scanners: 'vuln,secret' - # severity: 'MEDIUM,HIGH,CRITICAL' - # env: - # TRIVY_TIMEOUT: 30m - - name: Login to Harbor - uses: docker/login-action@v2 - with: - registry: ${{ secrets.REGISTRY_HOST }} - username: ${{ secrets.REGISTRY_USERNAME }} - password: ${{ secrets.REGISTRY_PASSWORD }} - - name: Push Enterprise Image to Harbor - if: ${{ !contains(github.event.pull_request.body, 'ci:skip-build') }} - run: | - docker tag processmaker/enterprise:${{env.IMAGE_TAG}} ${{ secrets.REGISTRY_HOST }}/processmaker/enterprise:${{env.IMAGE_TAG}} - docker push ${{ secrets.REGISTRY_HOST }}/processmaker/enterprise:${{env.IMAGE_TAG}} + # - name: Set image name + # run: | + # RESOLVED_IMAGE_TAG=${{ env.IMAGE_TAG }} + # echo "IMAGE=${{ secrets.REGISTRY_HOST }}/processmaker/enterprise:$RESOLVED_IMAGE_TAG" >> $GITHUB_ENV + # - name: Generate image EKS + # if: ${{ !contains(github.event.pull_request.body, 'ci:skip-build') }} + # run: | + # cd pm4-k8s-distribution/images + # export CI_RELEASE_BRANCH=$RELEASE_BRANCH + # branch=$(echo "${{ env.CI_PACKAGE_BRANCH }}" | sed 's/refs-heads-//g') tag=${{env.IMAGE_TAG}} bash build.k8s-cicd.sh + # echo "VERSION=${{ env.IMAGE_TAG }}" >> $GITHUB_ENV + # - name: List Images + # run: | + # docker images + # # - name: Run Trivy vulnerability scanner + # # uses: aquasecurity/trivy-action@master + # # with: + # # image-ref: processmaker/enterprise:${{ env.VERSION }} + # # format: 'table' + # # exit-code: '0' + # # ignore-unfixed: false + # # vuln-type: 'os,library' + # # scanners: 'vuln,secret' + # # severity: 'MEDIUM,HIGH,CRITICAL' + # # env: + # # TRIVY_TIMEOUT: 30m + # - name: Login to Harbor + # uses: docker/login-action@v2 + # with: + # registry: ${{ secrets.REGISTRY_HOST }} + # username: ${{ secrets.REGISTRY_USERNAME }} + # password: ${{ secrets.REGISTRY_PASSWORD }} + # - name: Push Enterprise Image to Harbor + # if: ${{ !contains(github.event.pull_request.body, 'ci:skip-build') }} + # run: | + # docker tag processmaker/enterprise:${{env.IMAGE_TAG}} ${{ secrets.REGISTRY_HOST }}/processmaker/enterprise:${{env.IMAGE_TAG}} + # docker push ${{ secrets.REGISTRY_HOST }}/processmaker/enterprise:${{env.IMAGE_TAG}} deployEKS: name: deploy-EKS if: contains(github.event.pull_request.body, 'ci:deploy') - needs: imageEKS + #needs: imageEKS runs-on: ${{ vars.RUNNER }} steps: - name: Checkout .github repo @@ -175,7 +175,7 @@ jobs: runAPITest: name: Run API Tests - needs: [deployEKS] + #needs: [deployEKS] if: contains(github.event.pull_request.body, 'ci:api-test') runs-on: ${{ vars.RUNNER }} steps: @@ -282,7 +282,7 @@ jobs: runPhpUnit: name: run-phpunit if: github.event.action != 'closed' - needs: imageEKS + #needs: imageEKS runs-on: ${{ vars.RUNNER }} steps: - name: Checkout From 4c02a4e50778734f7269ab215e5eb95f0927a38f Mon Sep 17 00:00:00 2001 From: Daniel Ryan Date: Mon, 30 Jun 2025 16:09:55 -1000 Subject: [PATCH 20/46] debug info --- .github/workflows/deploy-pm4.yml | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/.github/workflows/deploy-pm4.yml b/.github/workflows/deploy-pm4.yml index 038fa46..bcb574e 100644 --- a/.github/workflows/deploy-pm4.yml +++ b/.github/workflows/deploy-pm4.yml @@ -167,6 +167,17 @@ jobs: cat .github/templates/instance.yaml echo "=== Checking db.yaml after replacements ===" cat .github/templates/db.yaml + echo "=== Checking if db.yaml contains MYSQL_USERNAME placeholder ===" + grep -n "MYSQL_USERNAME" .github/templates/db.yaml || echo "No MYSQL_USERNAME found" + echo "=== Checking if db.yaml contains CREATE USER ===" + grep -n "CREATE USER" .github/templates/db.yaml || echo "No CREATE USER found" + echo "=== Checking if db.yaml contains GRANT ===" + grep -n "GRANT" .github/templates/db.yaml || echo "No GRANT found" + echo "=== Debugging RDS_ADMIN_USERNAME ===" + echo "RDS_ADMIN_USERNAME value: '$RDS_ADMIN_USERNAME'" + echo "RDS_ADMIN_USERNAME length: ${#RDS_ADMIN_USERNAME}" + echo "=== Checking if MYSQL_USER placeholder exists in instance.yaml ===" + grep -n "MYSQL_USER" .github/templates/instance.yaml || echo "No MYSQL_USER found" chmod +x .github/scripts/deploy-instance.sh bash .github/scripts/deploy-instance.sh export INSTANCE_URL="https://ci-$instance.engk8s.processmaker.net" From e08f97870e9b963b61d88d20f6af89a2d69d8b47 Mon Sep 17 00:00:00 2001 From: Daniel Ryan Date: Mon, 30 Jun 2025 16:13:36 -1000 Subject: [PATCH 21/46] debug info --- .github/workflows/deploy-pm4.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/deploy-pm4.yml b/.github/workflows/deploy-pm4.yml index bcb574e..a7ac484 100644 --- a/.github/workflows/deploy-pm4.yml +++ b/.github/workflows/deploy-pm4.yml @@ -178,6 +178,11 @@ jobs: echo "RDS_ADMIN_USERNAME length: ${#RDS_ADMIN_USERNAME}" echo "=== Checking if MYSQL_USER placeholder exists in instance.yaml ===" grep -n "MYSQL_USER" .github/templates/instance.yaml || echo "No MYSQL_USER found" + echo "=== Checking what MYSQL_USER variable contains ===" + echo "MYSQL_USER value: '$MYSQL_USER'" + echo "MYSQL_USER length: ${#MYSQL_USER}" + echo "=== Checking if there are any other MYSQL_USER references ===" + env | grep -i mysql || echo "No MYSQL environment variables found" chmod +x .github/scripts/deploy-instance.sh bash .github/scripts/deploy-instance.sh export INSTANCE_URL="https://ci-$instance.engk8s.processmaker.net" From 7abd91c9f96c91b7850dde9e5887cd18118005fe Mon Sep 17 00:00:00 2001 From: Daniel Ryan Date: Mon, 30 Jun 2025 16:18:59 -1000 Subject: [PATCH 22/46] debug info --- .github/workflows/deploy-pm4.yml | 16 ---------------- 1 file changed, 16 deletions(-) diff --git a/.github/workflows/deploy-pm4.yml b/.github/workflows/deploy-pm4.yml index a7ac484..038fa46 100644 --- a/.github/workflows/deploy-pm4.yml +++ b/.github/workflows/deploy-pm4.yml @@ -167,22 +167,6 @@ jobs: cat .github/templates/instance.yaml echo "=== Checking db.yaml after replacements ===" cat .github/templates/db.yaml - echo "=== Checking if db.yaml contains MYSQL_USERNAME placeholder ===" - grep -n "MYSQL_USERNAME" .github/templates/db.yaml || echo "No MYSQL_USERNAME found" - echo "=== Checking if db.yaml contains CREATE USER ===" - grep -n "CREATE USER" .github/templates/db.yaml || echo "No CREATE USER found" - echo "=== Checking if db.yaml contains GRANT ===" - grep -n "GRANT" .github/templates/db.yaml || echo "No GRANT found" - echo "=== Debugging RDS_ADMIN_USERNAME ===" - echo "RDS_ADMIN_USERNAME value: '$RDS_ADMIN_USERNAME'" - echo "RDS_ADMIN_USERNAME length: ${#RDS_ADMIN_USERNAME}" - echo "=== Checking if MYSQL_USER placeholder exists in instance.yaml ===" - grep -n "MYSQL_USER" .github/templates/instance.yaml || echo "No MYSQL_USER found" - echo "=== Checking what MYSQL_USER variable contains ===" - echo "MYSQL_USER value: '$MYSQL_USER'" - echo "MYSQL_USER length: ${#MYSQL_USER}" - echo "=== Checking if there are any other MYSQL_USER references ===" - env | grep -i mysql || echo "No MYSQL environment variables found" chmod +x .github/scripts/deploy-instance.sh bash .github/scripts/deploy-instance.sh export INSTANCE_URL="https://ci-$instance.engk8s.processmaker.net" From 54f05c851937ad28c415c18063e25df7b2ab148e Mon Sep 17 00:00:00 2001 From: Daniel Ryan Date: Mon, 30 Jun 2025 16:19:45 -1000 Subject: [PATCH 23/46] debug info --- .github/workflows/deploy-pm4.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/deploy-pm4.yml b/.github/workflows/deploy-pm4.yml index 038fa46..f77c339 100644 --- a/.github/workflows/deploy-pm4.yml +++ b/.github/workflows/deploy-pm4.yml @@ -152,6 +152,11 @@ jobs: instance=$(echo -n ${{env.IMAGE_TAG}} | md5sum | head -c 10) echo "INSTANCE: $instance" echo "IMAGE_TAG: $IMAGE_TAG" + echo "RDS_ADMIN_USERNAME: $RDS_ADMIN_USERNAME" + echo "RDS_ADMIN_PASSWORD: $RDS_ADMIN_PASSWORD" + echo "KEYCLOAK_CLIENT_SECRET: $KEYCLOAK_CLIENT_SECRET" + echo "KEYCLOAK_PASSWORD: $KEYCLOAK_PASSWORD" + echo "CUSTOMER_LICENSES_PAT: $CUSTOMER_LICENSES_PAT" sed -i "s#{{INSTANCE}}#$instance#g" .github/scripts/deploy-instance.sh sed -i "s#{{INSTANCE}}#$instance#g" .github/templates/instance.yaml sed -i "s#{{INSTANCE}}#$instance#g" .github/templates/db.yaml From f90c27f75865c6603fff1e0ca9b96c86c0ca0246 Mon Sep 17 00:00:00 2001 From: Daniel Ryan Date: Mon, 30 Jun 2025 16:28:52 -1000 Subject: [PATCH 24/46] add more debugging --- .github/workflows/deploy-pm4.yml | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/.github/workflows/deploy-pm4.yml b/.github/workflows/deploy-pm4.yml index f77c339..3a4dbe3 100644 --- a/.github/workflows/deploy-pm4.yml +++ b/.github/workflows/deploy-pm4.yml @@ -157,6 +157,22 @@ jobs: echo "KEYCLOAK_CLIENT_SECRET: $KEYCLOAK_CLIENT_SECRET" echo "KEYCLOAK_PASSWORD: $KEYCLOAK_PASSWORD" echo "CUSTOMER_LICENSES_PAT: $CUSTOMER_LICENSES_PAT" + + # Debug: Check if files exist and show their content before sed + echo "=== Checking files before sed operations ===" + ls -la .github/templates/ + echo "=== instance.yaml content before sed ===" + cat .github/templates/instance.yaml + echo "=== db.yaml content before sed ===" + cat .github/templates/db.yaml + + # Debug: Check if the patterns exist in the files + echo "=== Checking if patterns exist in files ===" + grep -n "{{MYSQL_USER}}" .github/templates/instance.yaml || echo "{{MYSQL_USER}} not found in instance.yaml" + grep -n "{{MYSQL_PASSWORD}}" .github/templates/instance.yaml || echo "{{MYSQL_PASSWORD}} not found in instance.yaml" + grep -n "{{MYSQL_USERNAME}}" .github/templates/db.yaml || echo "{{MYSQL_USERNAME}} not found in db.yaml" + grep -n "{{MYSQL_PASSWORD}}" .github/templates/db.yaml || echo "{{MYSQL_PASSWORD}} not found in db.yaml" + sed -i "s#{{INSTANCE}}#$instance#g" .github/scripts/deploy-instance.sh sed -i "s#{{INSTANCE}}#$instance#g" .github/templates/instance.yaml sed -i "s#{{INSTANCE}}#$instance#g" .github/templates/db.yaml @@ -168,6 +184,14 @@ jobs: sed -i "s#{{MYSQL_PASSWORD}}#$RDS_ADMIN_PASSWORD#g" .github/templates/instance.yaml sed -i "s#{{MYSQL_USERNAME}}#$RDS_ADMIN_USERNAME#g" .github/templates/db.yaml sed -i "s#{{MYSQL_PASSWORD}}#$RDS_ADMIN_PASSWORD#g" .github/templates/db.yaml + + # Debug: Check if sed commands actually made changes + echo "=== Checking if patterns still exist after sed ===" + grep -n "{{MYSQL_USER}}" .github/templates/instance.yaml || echo "{{MYSQL_USER}} successfully replaced in instance.yaml" + grep -n "{{MYSQL_PASSWORD}}" .github/templates/instance.yaml || echo "{{MYSQL_PASSWORD}} successfully replaced in instance.yaml" + grep -n "{{MYSQL_USERNAME}}" .github/templates/db.yaml || echo "{{MYSQL_USERNAME}} successfully replaced in db.yaml" + grep -n "{{MYSQL_PASSWORD}}" .github/templates/db.yaml || echo "{{MYSQL_PASSWORD}} successfully replaced in db.yaml" + echo "=== Checking instance.yaml after replacements ===" cat .github/templates/instance.yaml echo "=== Checking db.yaml after replacements ===" From 4ea9d47a69e13438f95a5503f99507cb03a169dc Mon Sep 17 00:00:00 2001 From: Daniel Ryan Date: Mon, 30 Jun 2025 16:35:57 -1000 Subject: [PATCH 25/46] add more debugging --- .github/workflows/deploy-pm4.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/.github/workflows/deploy-pm4.yml b/.github/workflows/deploy-pm4.yml index 3a4dbe3..91abd13 100644 --- a/.github/workflows/deploy-pm4.yml +++ b/.github/workflows/deploy-pm4.yml @@ -18,7 +18,6 @@ env: CI_PACKAGE_BRANCH: ${{ github.event.pull_request.head.ref || github.event.ref || 'develop' }} CI_PROJECT: ${{github.event.pull_request.head.repo.name || github.event.repository.name || 'processmaker' }} CI_PR_BODY: ${{ github.event_name == 'schedule' && 'No ci tags needed here' || github.event.pull_request.body }} - IMAGE_TAG: $(echo "$CI_PROJECT-$CI_PACKAGE_BRANCH" | sed "s;/;-;g" | sed "s/refs-heads-//g") DEPLOY: ${{ secrets.DEPLOY }} GH_USER: ${{ secrets.GH_USER }} GH_EMAIL: ${{ secrets.GH_EMAIL }} @@ -126,6 +125,12 @@ jobs: - name: Authenticate with Amazon EKS run: aws eks update-kubeconfig --region us-east-1 --name pm4-eng + - name: Resolve IMAGE_TAG + run: | + RESOLVED_IMAGE_TAG=$(echo "$CI_PROJECT-$CI_PACKAGE_BRANCH" | sed "s;/;-;g" | sed "s/refs-heads-//g") + echo "RESOLVED_IMAGE_TAG=$RESOLVED_IMAGE_TAG" >> $GITHUB_ENV + echo "IMAGE_TAG=$RESOLVED_IMAGE_TAG" >> $GITHUB_ENV + - name: Deploy instance EKS env: IMAGE_TAG: ${{ env.IMAGE_TAG }} From 511887bdd33d387467259b754fc91d16c6dd3d82 Mon Sep 17 00:00:00 2001 From: Daniel Ryan Date: Mon, 30 Jun 2025 16:38:18 -1000 Subject: [PATCH 26/46] add ref branch to .github checkout --- .github/workflows/deploy-pm4.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/deploy-pm4.yml b/.github/workflows/deploy-pm4.yml index 91abd13..aa73389 100644 --- a/.github/workflows/deploy-pm4.yml +++ b/.github/workflows/deploy-pm4.yml @@ -96,6 +96,7 @@ jobs: uses: actions/checkout@v4 with: repository: processmaker/.github + ref: multitenancy - name: Common uses: ./.github/actions/common From 64cb8ce3752e1bce16348790872bd13e8172f59e Mon Sep 17 00:00:00 2001 From: Daniel Ryan Date: Mon, 30 Jun 2025 16:45:13 -1000 Subject: [PATCH 27/46] remove extra debug. re-add image build --- .github/workflows/deploy-pm4.yml | 135 ++++++++++++------------------- 1 file changed, 53 insertions(+), 82 deletions(-) diff --git a/.github/workflows/deploy-pm4.yml b/.github/workflows/deploy-pm4.yml index aa73389..f74bb28 100644 --- a/.github/workflows/deploy-pm4.yml +++ b/.github/workflows/deploy-pm4.yml @@ -32,64 +32,64 @@ concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true jobs: - #imageEKS: - # name: build-docker-image-EKS - # if: github.event.action != 'closed' - # runs-on: ${{ vars.RUNNER }} - # steps: + imageEKS: + name: build-docker-image-EKS + if: github.event.action != 'closed' + runs-on: ${{ vars.RUNNER }} + steps: - # - name: Checkout - # uses: actions/checkout@v4 - # with: - # repository: processmaker/.github + - name: Checkout + uses: actions/checkout@v4 + with: + repository: processmaker/.github - # - name: Common - # uses: ./.github/actions/common - # with: - # token: ${{ secrets.GIT_TOKEN }} + - name: Common + uses: ./.github/actions/common + with: + token: ${{ secrets.GIT_TOKEN }} - # - name: Set image name - # run: | - # RESOLVED_IMAGE_TAG=${{ env.IMAGE_TAG }} - # echo "IMAGE=${{ secrets.REGISTRY_HOST }}/processmaker/enterprise:$RESOLVED_IMAGE_TAG" >> $GITHUB_ENV - # - name: Generate image EKS - # if: ${{ !contains(github.event.pull_request.body, 'ci:skip-build') }} - # run: | - # cd pm4-k8s-distribution/images - # export CI_RELEASE_BRANCH=$RELEASE_BRANCH - # branch=$(echo "${{ env.CI_PACKAGE_BRANCH }}" | sed 's/refs-heads-//g') tag=${{env.IMAGE_TAG}} bash build.k8s-cicd.sh - # echo "VERSION=${{ env.IMAGE_TAG }}" >> $GITHUB_ENV - # - name: List Images - # run: | - # docker images - # # - name: Run Trivy vulnerability scanner - # # uses: aquasecurity/trivy-action@master - # # with: - # # image-ref: processmaker/enterprise:${{ env.VERSION }} - # # format: 'table' - # # exit-code: '0' - # # ignore-unfixed: false - # # vuln-type: 'os,library' - # # scanners: 'vuln,secret' - # # severity: 'MEDIUM,HIGH,CRITICAL' - # # env: - # # TRIVY_TIMEOUT: 30m - # - name: Login to Harbor - # uses: docker/login-action@v2 - # with: - # registry: ${{ secrets.REGISTRY_HOST }} - # username: ${{ secrets.REGISTRY_USERNAME }} - # password: ${{ secrets.REGISTRY_PASSWORD }} - # - name: Push Enterprise Image to Harbor - # if: ${{ !contains(github.event.pull_request.body, 'ci:skip-build') }} - # run: | - # docker tag processmaker/enterprise:${{env.IMAGE_TAG}} ${{ secrets.REGISTRY_HOST }}/processmaker/enterprise:${{env.IMAGE_TAG}} - # docker push ${{ secrets.REGISTRY_HOST }}/processmaker/enterprise:${{env.IMAGE_TAG}} + - name: Set image name + run: | + RESOLVED_IMAGE_TAG=${{ env.IMAGE_TAG }} + echo "IMAGE=${{ secrets.REGISTRY_HOST }}/processmaker/enterprise:$RESOLVED_IMAGE_TAG" >> $GITHUB_ENV + - name: Generate image EKS + if: ${{ !contains(github.event.pull_request.body, 'ci:skip-build') }} + run: | + cd pm4-k8s-distribution/images + export CI_RELEASE_BRANCH=$RELEASE_BRANCH + branch=$(echo "${{ env.CI_PACKAGE_BRANCH }}" | sed 's/refs-heads-//g') tag=${{env.IMAGE_TAG}} bash build.k8s-cicd.sh + echo "VERSION=${{ env.IMAGE_TAG }}" >> $GITHUB_ENV + - name: List Images + run: | + docker images + # - name: Run Trivy vulnerability scanner + # uses: aquasecurity/trivy-action@master + # with: + # image-ref: processmaker/enterprise:${{ env.VERSION }} + # format: 'table' + # exit-code: '0' + # ignore-unfixed: false + # vuln-type: 'os,library' + # scanners: 'vuln,secret' + # severity: 'MEDIUM,HIGH,CRITICAL' + # env: + # TRIVY_TIMEOUT: 30m + - name: Login to Harbor + uses: docker/login-action@v2 + with: + registry: ${{ secrets.REGISTRY_HOST }} + username: ${{ secrets.REGISTRY_USERNAME }} + password: ${{ secrets.REGISTRY_PASSWORD }} + - name: Push Enterprise Image to Harbor + if: ${{ !contains(github.event.pull_request.body, 'ci:skip-build') }} + run: | + docker tag processmaker/enterprise:${{env.IMAGE_TAG}} ${{ secrets.REGISTRY_HOST }}/processmaker/enterprise:${{env.IMAGE_TAG}} + docker push ${{ secrets.REGISTRY_HOST }}/processmaker/enterprise:${{env.IMAGE_TAG}} deployEKS: name: deploy-EKS if: contains(github.event.pull_request.body, 'ci:deploy') - #needs: imageEKS + needs: imageEKS runs-on: ${{ vars.RUNNER }} steps: - name: Checkout .github repo @@ -158,27 +158,6 @@ jobs: instance=$(echo -n ${{env.IMAGE_TAG}} | md5sum | head -c 10) echo "INSTANCE: $instance" echo "IMAGE_TAG: $IMAGE_TAG" - echo "RDS_ADMIN_USERNAME: $RDS_ADMIN_USERNAME" - echo "RDS_ADMIN_PASSWORD: $RDS_ADMIN_PASSWORD" - echo "KEYCLOAK_CLIENT_SECRET: $KEYCLOAK_CLIENT_SECRET" - echo "KEYCLOAK_PASSWORD: $KEYCLOAK_PASSWORD" - echo "CUSTOMER_LICENSES_PAT: $CUSTOMER_LICENSES_PAT" - - # Debug: Check if files exist and show their content before sed - echo "=== Checking files before sed operations ===" - ls -la .github/templates/ - echo "=== instance.yaml content before sed ===" - cat .github/templates/instance.yaml - echo "=== db.yaml content before sed ===" - cat .github/templates/db.yaml - - # Debug: Check if the patterns exist in the files - echo "=== Checking if patterns exist in files ===" - grep -n "{{MYSQL_USER}}" .github/templates/instance.yaml || echo "{{MYSQL_USER}} not found in instance.yaml" - grep -n "{{MYSQL_PASSWORD}}" .github/templates/instance.yaml || echo "{{MYSQL_PASSWORD}} not found in instance.yaml" - grep -n "{{MYSQL_USERNAME}}" .github/templates/db.yaml || echo "{{MYSQL_USERNAME}} not found in db.yaml" - grep -n "{{MYSQL_PASSWORD}}" .github/templates/db.yaml || echo "{{MYSQL_PASSWORD}} not found in db.yaml" - sed -i "s#{{INSTANCE}}#$instance#g" .github/scripts/deploy-instance.sh sed -i "s#{{INSTANCE}}#$instance#g" .github/templates/instance.yaml sed -i "s#{{INSTANCE}}#$instance#g" .github/templates/db.yaml @@ -190,14 +169,6 @@ jobs: sed -i "s#{{MYSQL_PASSWORD}}#$RDS_ADMIN_PASSWORD#g" .github/templates/instance.yaml sed -i "s#{{MYSQL_USERNAME}}#$RDS_ADMIN_USERNAME#g" .github/templates/db.yaml sed -i "s#{{MYSQL_PASSWORD}}#$RDS_ADMIN_PASSWORD#g" .github/templates/db.yaml - - # Debug: Check if sed commands actually made changes - echo "=== Checking if patterns still exist after sed ===" - grep -n "{{MYSQL_USER}}" .github/templates/instance.yaml || echo "{{MYSQL_USER}} successfully replaced in instance.yaml" - grep -n "{{MYSQL_PASSWORD}}" .github/templates/instance.yaml || echo "{{MYSQL_PASSWORD}} successfully replaced in instance.yaml" - grep -n "{{MYSQL_USERNAME}}" .github/templates/db.yaml || echo "{{MYSQL_USERNAME}} successfully replaced in db.yaml" - grep -n "{{MYSQL_PASSWORD}}" .github/templates/db.yaml || echo "{{MYSQL_PASSWORD}} successfully replaced in db.yaml" - echo "=== Checking instance.yaml after replacements ===" cat .github/templates/instance.yaml echo "=== Checking db.yaml after replacements ===" @@ -210,7 +181,7 @@ jobs: runAPITest: name: Run API Tests - #needs: [deployEKS] + needs: [deployEKS] if: contains(github.event.pull_request.body, 'ci:api-test') runs-on: ${{ vars.RUNNER }} steps: @@ -317,7 +288,7 @@ jobs: runPhpUnit: name: run-phpunit if: github.event.action != 'closed' - #needs: imageEKS + needs: imageEKS runs-on: ${{ vars.RUNNER }} steps: - name: Checkout From 32cd62fff2353163e546f03d1dac196fa8b370df Mon Sep 17 00:00:00 2001 From: Nolan Ehrstrom Date: Tue, 1 Jul 2025 10:50:56 -0700 Subject: [PATCH 28/46] Add missing --- .github/workflows/deploy-pm4.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/deploy-pm4.yml b/.github/workflows/deploy-pm4.yml index f74bb28..1e8f291 100644 --- a/.github/workflows/deploy-pm4.yml +++ b/.github/workflows/deploy-pm4.yml @@ -18,6 +18,7 @@ env: CI_PACKAGE_BRANCH: ${{ github.event.pull_request.head.ref || github.event.ref || 'develop' }} CI_PROJECT: ${{github.event.pull_request.head.repo.name || github.event.repository.name || 'processmaker' }} CI_PR_BODY: ${{ github.event_name == 'schedule' && 'No ci tags needed here' || github.event.pull_request.body }} + IMAGE_TAG: $(echo "$CI_PROJECT-$CI_PACKAGE_BRANCH" | sed "s;/;-;g" | sed "s/refs-heads-//g") DEPLOY: ${{ secrets.DEPLOY }} GH_USER: ${{ secrets.GH_USER }} GH_EMAIL: ${{ secrets.GH_EMAIL }} From 211dac2a7b207227eb0d1b77079ff45aff6c2eae Mon Sep 17 00:00:00 2001 From: Daniel Ryan Date: Tue, 1 Jul 2025 08:38:49 -1000 Subject: [PATCH 29/46] revert image tag changes --- .github/workflows/deploy-pm4.yml | 6 ------ 1 file changed, 6 deletions(-) diff --git a/.github/workflows/deploy-pm4.yml b/.github/workflows/deploy-pm4.yml index 1e8f291..1021e34 100644 --- a/.github/workflows/deploy-pm4.yml +++ b/.github/workflows/deploy-pm4.yml @@ -51,7 +51,6 @@ jobs: - name: Set image name run: | - RESOLVED_IMAGE_TAG=${{ env.IMAGE_TAG }} echo "IMAGE=${{ secrets.REGISTRY_HOST }}/processmaker/enterprise:$RESOLVED_IMAGE_TAG" >> $GITHUB_ENV - name: Generate image EKS if: ${{ !contains(github.event.pull_request.body, 'ci:skip-build') }} @@ -127,11 +126,6 @@ jobs: - name: Authenticate with Amazon EKS run: aws eks update-kubeconfig --region us-east-1 --name pm4-eng - - name: Resolve IMAGE_TAG - run: | - RESOLVED_IMAGE_TAG=$(echo "$CI_PROJECT-$CI_PACKAGE_BRANCH" | sed "s;/;-;g" | sed "s/refs-heads-//g") - echo "RESOLVED_IMAGE_TAG=$RESOLVED_IMAGE_TAG" >> $GITHUB_ENV - echo "IMAGE_TAG=$RESOLVED_IMAGE_TAG" >> $GITHUB_ENV - name: Deploy instance EKS env: From 885a82f31faf6f9dc584acd20a985ccc1f874b62 Mon Sep 17 00:00:00 2001 From: Daniel Date: Tue, 1 Jul 2025 09:32:18 -1000 Subject: [PATCH 30/46] add helm version to helm install command --- .github/scripts/deploy-instance.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/scripts/deploy-instance.sh b/.github/scripts/deploy-instance.sh index 0bb341d..17d2605 100644 --- a/.github/scripts/deploy-instance.sh +++ b/.github/scripts/deploy-instance.sh @@ -45,7 +45,8 @@ if ! kubectl get namespace/ci-{{INSTANCE}}-ns-pm4 >/dev/null 2>&1; then --set dockerRegistry.url=${REGISTRY_HOST} \ --set dockerRegistry.username=${REGISTRY_USERNAME} \ --set twilio.sid=${TWILIO_SID} \ - --set twilio.token=${TWILIO_TOKEN} + --set twilio.token=${TWILIO_TOKEN} \ + --version ${versionHelm} else echo "Instance exists. Running upgrade and bouncing pods" helm upgrade --timeout 60m ci-{{INSTANCE}} processmaker/enterprise --version ${versionHelm} From 967d01c7146f5c6f6a4b56010f259a104d624a88 Mon Sep 17 00:00:00 2001 From: Daniel Ryan Date: Tue, 1 Jul 2025 11:14:51 -1000 Subject: [PATCH 31/46] temporarily remove image build for testing --- .github/workflows/deploy-pm4.yml | 104 +++++++++++++++---------------- 1 file changed, 52 insertions(+), 52 deletions(-) diff --git a/.github/workflows/deploy-pm4.yml b/.github/workflows/deploy-pm4.yml index 1021e34..0e6f55e 100644 --- a/.github/workflows/deploy-pm4.yml +++ b/.github/workflows/deploy-pm4.yml @@ -33,63 +33,63 @@ concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true jobs: - imageEKS: - name: build-docker-image-EKS - if: github.event.action != 'closed' - runs-on: ${{ vars.RUNNER }} - steps: + #imageEKS: + # name: build-docker-image-EKS + # if: github.event.action != 'closed' + # runs-on: ${{ vars.RUNNER }} + # steps: - - name: Checkout - uses: actions/checkout@v4 - with: - repository: processmaker/.github + # - name: Checkout + # uses: actions/checkout@v4 + # with: + # repository: processmaker/.github - - name: Common - uses: ./.github/actions/common - with: - token: ${{ secrets.GIT_TOKEN }} + # - name: Common + # uses: ./.github/actions/common + # with: + # token: ${{ secrets.GIT_TOKEN }} - - name: Set image name - run: | - echo "IMAGE=${{ secrets.REGISTRY_HOST }}/processmaker/enterprise:$RESOLVED_IMAGE_TAG" >> $GITHUB_ENV - - name: Generate image EKS - if: ${{ !contains(github.event.pull_request.body, 'ci:skip-build') }} - run: | - cd pm4-k8s-distribution/images - export CI_RELEASE_BRANCH=$RELEASE_BRANCH - branch=$(echo "${{ env.CI_PACKAGE_BRANCH }}" | sed 's/refs-heads-//g') tag=${{env.IMAGE_TAG}} bash build.k8s-cicd.sh - echo "VERSION=${{ env.IMAGE_TAG }}" >> $GITHUB_ENV - - name: List Images - run: | - docker images - # - name: Run Trivy vulnerability scanner - # uses: aquasecurity/trivy-action@master - # with: - # image-ref: processmaker/enterprise:${{ env.VERSION }} - # format: 'table' - # exit-code: '0' - # ignore-unfixed: false - # vuln-type: 'os,library' - # scanners: 'vuln,secret' - # severity: 'MEDIUM,HIGH,CRITICAL' - # env: - # TRIVY_TIMEOUT: 30m - - name: Login to Harbor - uses: docker/login-action@v2 - with: - registry: ${{ secrets.REGISTRY_HOST }} - username: ${{ secrets.REGISTRY_USERNAME }} - password: ${{ secrets.REGISTRY_PASSWORD }} - - name: Push Enterprise Image to Harbor - if: ${{ !contains(github.event.pull_request.body, 'ci:skip-build') }} - run: | - docker tag processmaker/enterprise:${{env.IMAGE_TAG}} ${{ secrets.REGISTRY_HOST }}/processmaker/enterprise:${{env.IMAGE_TAG}} - docker push ${{ secrets.REGISTRY_HOST }}/processmaker/enterprise:${{env.IMAGE_TAG}} + # - name: Set image name + # run: | + # echo "IMAGE=${{ secrets.REGISTRY_HOST }}/processmaker/enterprise:$RESOLVED_IMAGE_TAG" >> $GITHUB_ENV + # - name: Generate image EKS + # if: ${{ !contains(github.event.pull_request.body, 'ci:skip-build') }} + # run: | + # cd pm4-k8s-distribution/images + # export CI_RELEASE_BRANCH=$RELEASE_BRANCH + # branch=$(echo "${{ env.CI_PACKAGE_BRANCH }}" | sed 's/refs-heads-//g') tag=${{env.IMAGE_TAG}} bash build.k8s-cicd.sh + # echo "VERSION=${{ env.IMAGE_TAG }}" >> $GITHUB_ENV + # - name: List Images + # run: | + # docker images + # # - name: Run Trivy vulnerability scanner + # # uses: aquasecurity/trivy-action@master + # # with: + # # image-ref: processmaker/enterprise:${{ env.VERSION }} + # # format: 'table' + # # exit-code: '0' + # # ignore-unfixed: false + # # vuln-type: 'os,library' + # # scanners: 'vuln,secret' + # # severity: 'MEDIUM,HIGH,CRITICAL' + # # env: + # # TRIVY_TIMEOUT: 30m + # - name: Login to Harbor + # uses: docker/login-action@v2 + # with: + # registry: ${{ secrets.REGISTRY_HOST }} + # username: ${{ secrets.REGISTRY_USERNAME }} + # password: ${{ secrets.REGISTRY_PASSWORD }} + # - name: Push Enterprise Image to Harbor + # if: ${{ !contains(github.event.pull_request.body, 'ci:skip-build') }} + # run: | + # docker tag processmaker/enterprise:${{env.IMAGE_TAG}} ${{ secrets.REGISTRY_HOST }}/processmaker/enterprise:${{env.IMAGE_TAG}} + # docker push ${{ secrets.REGISTRY_HOST }}/processmaker/enterprise:${{env.IMAGE_TAG}} deployEKS: name: deploy-EKS if: contains(github.event.pull_request.body, 'ci:deploy') - needs: imageEKS + #needs: imageEKS runs-on: ${{ vars.RUNNER }} steps: - name: Checkout .github repo @@ -176,7 +176,7 @@ jobs: runAPITest: name: Run API Tests - needs: [deployEKS] + #needs: [deployEKS] if: contains(github.event.pull_request.body, 'ci:api-test') runs-on: ${{ vars.RUNNER }} steps: @@ -283,7 +283,7 @@ jobs: runPhpUnit: name: run-phpunit if: github.event.action != 'closed' - needs: imageEKS + #needs: imageEKS runs-on: ${{ vars.RUNNER }} steps: - name: Checkout From 878a428dc959f340f3163028d48e8ac710672344 Mon Sep 17 00:00:00 2001 From: Daniel Ryan Date: Tue, 1 Jul 2025 11:32:47 -1000 Subject: [PATCH 32/46] add aws and openai secrets to env vars in deployment --- .github/workflows/deploy-pm4.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/deploy-pm4.yml b/.github/workflows/deploy-pm4.yml index 0e6f55e..3495720 100644 --- a/.github/workflows/deploy-pm4.yml +++ b/.github/workflows/deploy-pm4.yml @@ -134,7 +134,8 @@ jobs: HELM_REPO: ${{ secrets.HELM_REPO }} HELM_USERNAME: ${{ secrets.HELM_USERNAME }} HELM_PASSWORD: ${{ secrets.HELM_PASSWORD }} - OPEN_AI_API_KEY: ${{ secrets.OPEN_AI_API_KEY }} + OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }} + OPEN_AI_SECRET: ${{ secrets.OPENAI_API_KEY }} ANALYTICS_AWS_ACCESS_KEY: ${{ secrets.ANALYTICS_AWS_ACCESS_KEY }} ANALYTICS_AWS_SECRET_KEY: ${{ secrets.ANALYTICS_AWS_SECRET_KEY }} REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }} @@ -149,6 +150,8 @@ jobs: CUSTOMER_LICENSES_PAT: ${{ secrets.CUSTOMER_LICENSES_PAT }} RDS_ADMIN_USERNAME: ${{ secrets.RDS_ADMIN_USERNAME }} RDS_ADMIN_PASSWORD: ${{ secrets.RDS_ADMIN_PASSWORD }} + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} run: | instance=$(echo -n ${{env.IMAGE_TAG}} | md5sum | head -c 10) echo "INSTANCE: $instance" From b6989583f9a37a0981a3d6bf9e371bfbd4217282 Mon Sep 17 00:00:00 2001 From: Daniel Ryan Date: Tue, 1 Jul 2025 11:39:05 -1000 Subject: [PATCH 33/46] evaluate appVersion then pass as --set --- .github/scripts/deploy-instance.sh | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/.github/scripts/deploy-instance.sh b/.github/scripts/deploy-instance.sh index 17d2605..f2dbc17 100644 --- a/.github/scripts/deploy-instance.sh +++ b/.github/scripts/deploy-instance.sh @@ -36,9 +36,11 @@ if ! kubectl get namespace/ci-{{INSTANCE}}-ns-pm4 >/dev/null 2>&1; then sed -i "s/{{MYSQL_PASSWORD}}/$RDS_ADMIN_PASSWORD/" .github/templates/instance.yaml sed -i "s/{{MYSQL_USER}}/$RDS_ADMIN_USERNAME/" .github/templates/instance.yaml cat .github/templates/instance.yaml - + # Evaluate the command and store the result + APP_VERSION=$(echo "$CI_PROJECT-$CI_PACKAGE_BRANCH" | sed "s;/;-;g" | sed "s/refs-heads-//g") + helm install --timeout 75m -f .github/templates/instance.yaml ci-{{INSTANCE}} processmaker/enterprise \ - --set deploy.pmai.openaiApiKey=${OPEN_AI_API_KEY} \ + --set deploy.pmai.openaiApiKey=${OPENAI_API_KEY} \ --set analytics.awsAccessKey=${ANALYTICS_AWS_ACCESS_KEY} \ --set analytics.awsSecretKey=${ANALYTICS_AWS_SECRET_KEY} \ --set dockerRegistry.password=${REGISTRY_PASSWORD} \ @@ -46,6 +48,7 @@ if ! kubectl get namespace/ci-{{INSTANCE}}-ns-pm4 >/dev/null 2>&1; then --set dockerRegistry.username=${REGISTRY_USERNAME} \ --set twilio.sid=${TWILIO_SID} \ --set twilio.token=${TWILIO_TOKEN} \ + --set appVersion=${APP_VERSION} \ --version ${versionHelm} else echo "Instance exists. Running upgrade and bouncing pods" From 9cffce6d243652bd1b659f879ccf07434e9e0ac8 Mon Sep 17 00:00:00 2001 From: Daniel Ryan Date: Tue, 1 Jul 2025 13:26:55 -1000 Subject: [PATCH 34/46] re-add image build --- .github/workflows/deploy-pm4.yml | 104 +++++++++++++++---------------- 1 file changed, 52 insertions(+), 52 deletions(-) diff --git a/.github/workflows/deploy-pm4.yml b/.github/workflows/deploy-pm4.yml index 3495720..70ed8e2 100644 --- a/.github/workflows/deploy-pm4.yml +++ b/.github/workflows/deploy-pm4.yml @@ -33,63 +33,63 @@ concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true jobs: - #imageEKS: - # name: build-docker-image-EKS - # if: github.event.action != 'closed' - # runs-on: ${{ vars.RUNNER }} - # steps: + imageEKS: + name: build-docker-image-EKS + if: github.event.action != 'closed' + runs-on: ${{ vars.RUNNER }} + steps: - # - name: Checkout - # uses: actions/checkout@v4 - # with: - # repository: processmaker/.github + - name: Checkout + uses: actions/checkout@v4 + with: + repository: processmaker/.github - # - name: Common - # uses: ./.github/actions/common - # with: - # token: ${{ secrets.GIT_TOKEN }} + - name: Common + uses: ./.github/actions/common + with: + token: ${{ secrets.GIT_TOKEN }} - # - name: Set image name - # run: | - # echo "IMAGE=${{ secrets.REGISTRY_HOST }}/processmaker/enterprise:$RESOLVED_IMAGE_TAG" >> $GITHUB_ENV - # - name: Generate image EKS - # if: ${{ !contains(github.event.pull_request.body, 'ci:skip-build') }} - # run: | - # cd pm4-k8s-distribution/images - # export CI_RELEASE_BRANCH=$RELEASE_BRANCH - # branch=$(echo "${{ env.CI_PACKAGE_BRANCH }}" | sed 's/refs-heads-//g') tag=${{env.IMAGE_TAG}} bash build.k8s-cicd.sh - # echo "VERSION=${{ env.IMAGE_TAG }}" >> $GITHUB_ENV - # - name: List Images - # run: | - # docker images - # # - name: Run Trivy vulnerability scanner - # # uses: aquasecurity/trivy-action@master - # # with: - # # image-ref: processmaker/enterprise:${{ env.VERSION }} - # # format: 'table' - # # exit-code: '0' - # # ignore-unfixed: false - # # vuln-type: 'os,library' - # # scanners: 'vuln,secret' - # # severity: 'MEDIUM,HIGH,CRITICAL' - # # env: - # # TRIVY_TIMEOUT: 30m - # - name: Login to Harbor - # uses: docker/login-action@v2 - # with: - # registry: ${{ secrets.REGISTRY_HOST }} - # username: ${{ secrets.REGISTRY_USERNAME }} - # password: ${{ secrets.REGISTRY_PASSWORD }} - # - name: Push Enterprise Image to Harbor - # if: ${{ !contains(github.event.pull_request.body, 'ci:skip-build') }} - # run: | - # docker tag processmaker/enterprise:${{env.IMAGE_TAG}} ${{ secrets.REGISTRY_HOST }}/processmaker/enterprise:${{env.IMAGE_TAG}} - # docker push ${{ secrets.REGISTRY_HOST }}/processmaker/enterprise:${{env.IMAGE_TAG}} + - name: Set image name + run: | + echo "IMAGE=${{ secrets.REGISTRY_HOST }}/processmaker/enterprise:$RESOLVED_IMAGE_TAG" >> $GITHUB_ENV + - name: Generate image EKS + if: ${{ !contains(github.event.pull_request.body, 'ci:skip-build') }} + run: | + cd pm4-k8s-distribution/images + export CI_RELEASE_BRANCH=$RELEASE_BRANCH + branch=$(echo "${{ env.CI_PACKAGE_BRANCH }}" | sed 's/refs-heads-//g') tag=${{env.IMAGE_TAG}} bash build.k8s-cicd.sh + echo "VERSION=${{ env.IMAGE_TAG }}" >> $GITHUB_ENV + - name: List Images + run: | + docker images + # - name: Run Trivy vulnerability scanner + # uses: aquasecurity/trivy-action@master + # with: + # image-ref: processmaker/enterprise:${{ env.VERSION }} + # format: 'table' + # exit-code: '0' + # ignore-unfixed: false + # vuln-type: 'os,library' + # scanners: 'vuln,secret' + # severity: 'MEDIUM,HIGH,CRITICAL' + # env: + # TRIVY_TIMEOUT: 30m + - name: Login to Harbor + uses: docker/login-action@v2 + with: + registry: ${{ secrets.REGISTRY_HOST }} + username: ${{ secrets.REGISTRY_USERNAME }} + password: ${{ secrets.REGISTRY_PASSWORD }} + - name: Push Enterprise Image to Harbor + if: ${{ !contains(github.event.pull_request.body, 'ci:skip-build') }} + run: | + docker tag processmaker/enterprise:${{env.IMAGE_TAG}} ${{ secrets.REGISTRY_HOST }}/processmaker/enterprise:${{env.IMAGE_TAG}} + docker push ${{ secrets.REGISTRY_HOST }}/processmaker/enterprise:${{env.IMAGE_TAG}} deployEKS: name: deploy-EKS if: contains(github.event.pull_request.body, 'ci:deploy') - #needs: imageEKS + needs: imageEKS runs-on: ${{ vars.RUNNER }} steps: - name: Checkout .github repo @@ -179,7 +179,7 @@ jobs: runAPITest: name: Run API Tests - #needs: [deployEKS] + needs: [deployEKS] if: contains(github.event.pull_request.body, 'ci:api-test') runs-on: ${{ vars.RUNNER }} steps: @@ -286,7 +286,7 @@ jobs: runPhpUnit: name: run-phpunit if: github.event.action != 'closed' - #needs: imageEKS + needs: imageEKS runs-on: ${{ vars.RUNNER }} steps: - name: Checkout From 0b20e2584b90f0837906ace4719dcbb81cfc7681 Mon Sep 17 00:00:00 2001 From: Nolan Ehrstrom Date: Wed, 2 Jul 2025 11:45:53 -0700 Subject: [PATCH 35/46] Fix db delete --- .github/workflows/deploy-pm4.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/deploy-pm4.yml b/.github/workflows/deploy-pm4.yml index 70ed8e2..c3568c3 100644 --- a/.github/workflows/deploy-pm4.yml +++ b/.github/workflows/deploy-pm4.yml @@ -272,8 +272,8 @@ jobs: #Drop database deploy_db="\`pm4_ci-$INSTANCE\`" deploy_ai="\`pm4_ci-$INSTANCE_ai\`" - mysql -u${{ secrets.USER_MYSQL_ENG }} -p${{ secrets.PASS_MYSQL_ENG }} -e "DROP DATABASE $deploy_db" -h ${{ secrets.RDS_ENG }} - mysql -u${{ secrets.USER_MYSQL_ENG }} -p${{ secrets.PASS_MYSQL_ENG }} -e "DROP DATABASE $deploy_ai" -h ${{ secrets.RDS_ENG }} + mysql -u${{ secrets.USER_MYSQL_ENG }} -p${{ secrets.PASS_MYSQL_ENG }} -e "DROP DATABASE `$deploy_db`" -h ${{ secrets.RDS_ENG }} + mysql -u${{ secrets.USER_MYSQL_ENG }} -p${{ secrets.PASS_MYSQL_ENG }} -e "DROP DATABASE `$deploy_ai`" -h ${{ secrets.RDS_ENG }} mysql -u${{ secrets.USER_MYSQL_ENG }} -p${{ secrets.PASS_MYSQL_ENG }} -e "DROP USER 'user_ci-$INSTANCE'@'%'" -h ${{ secrets.RDS_ENG }} mysql -u${{ secrets.USER_MYSQL_ENG }} -p${{ secrets.PASS_MYSQL_ENG }} -e "DROP USER 'user_ci-$INSTANCE_ai'@'%'" -h ${{ secrets.RDS_ENG }} #Drop image Harbor From 850465ed198eb9a48565c8c9a832719619b9d1d2 Mon Sep 17 00:00:00 2001 From: Nolan Ehrstrom Date: Wed, 2 Jul 2025 12:11:37 -0700 Subject: [PATCH 36/46] Drop tenant db also --- .github/workflows/deploy-pm4.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/deploy-pm4.yml b/.github/workflows/deploy-pm4.yml index c3568c3..69c0c23 100644 --- a/.github/workflows/deploy-pm4.yml +++ b/.github/workflows/deploy-pm4.yml @@ -272,7 +272,10 @@ jobs: #Drop database deploy_db="\`pm4_ci-$INSTANCE\`" deploy_ai="\`pm4_ci-$INSTANCE_ai\`" - mysql -u${{ secrets.USER_MYSQL_ENG }} -p${{ secrets.PASS_MYSQL_ENG }} -e "DROP DATABASE `$deploy_db`" -h ${{ secrets.RDS_ENG }} + + # Drop the main database including any tenant databases + mysql -u${{ secrets.USER_MYSQL_ENG }} -p${{ secrets.PASS_MYSQL_ENG }} -h ${{ secrets.RDS_ENG }} -N -e "SHOW DATABASES LIKE '${deploy_db}%'" | while read db; do mysql -u${{ secrets.USER_MYSQL_ENG }} -p${{ secrets.PASS_MYSQL_ENG }} -h ${{ secrets.RDS_ENG }} -e "DROP DATABASE IF EXISTS \\\`${db}\\\`"; done + mysql -u${{ secrets.USER_MYSQL_ENG }} -p${{ secrets.PASS_MYSQL_ENG }} -e "DROP DATABASE `$deploy_ai`" -h ${{ secrets.RDS_ENG }} mysql -u${{ secrets.USER_MYSQL_ENG }} -p${{ secrets.PASS_MYSQL_ENG }} -e "DROP USER 'user_ci-$INSTANCE'@'%'" -h ${{ secrets.RDS_ENG }} mysql -u${{ secrets.USER_MYSQL_ENG }} -p${{ secrets.PASS_MYSQL_ENG }} -e "DROP USER 'user_ci-$INSTANCE_ai'@'%'" -h ${{ secrets.RDS_ENG }} From 697a3f65f95eb9512836676ec99c613cba7d4529 Mon Sep 17 00:00:00 2001 From: Nolan Ehrstrom Date: Wed, 2 Jul 2025 12:27:10 -0700 Subject: [PATCH 37/46] Update deploy-pm4.yml --- .github/workflows/deploy-pm4.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy-pm4.yml b/.github/workflows/deploy-pm4.yml index 69c0c23..087d178 100644 --- a/.github/workflows/deploy-pm4.yml +++ b/.github/workflows/deploy-pm4.yml @@ -274,7 +274,7 @@ jobs: deploy_ai="\`pm4_ci-$INSTANCE_ai\`" # Drop the main database including any tenant databases - mysql -u${{ secrets.USER_MYSQL_ENG }} -p${{ secrets.PASS_MYSQL_ENG }} -h ${{ secrets.RDS_ENG }} -N -e "SHOW DATABASES LIKE '${deploy_db}%'" | while read db; do mysql -u${{ secrets.USER_MYSQL_ENG }} -p${{ secrets.PASS_MYSQL_ENG }} -h ${{ secrets.RDS_ENG }} -e "DROP DATABASE IF EXISTS \\\`${db}\\\`"; done + mysql -u${{ secrets.USER_MYSQL_ENG }} -p${{ secrets.PASS_MYSQL_ENG }} -h ${{ secrets.RDS_ENG }} -N -e "SHOW DATABASES LIKE '${deploy_db}%'" | xargs -I{} mysql -u${{ secrets.USER_MYSQL_ENG }} -p${{ secrets.PASS_MYSQL_ENG }} -h ${{ secrets.RDS_ENG }} -e "DROP DATABASE IF EXISTS \`{}\`;" mysql -u${{ secrets.USER_MYSQL_ENG }} -p${{ secrets.PASS_MYSQL_ENG }} -e "DROP DATABASE `$deploy_ai`" -h ${{ secrets.RDS_ENG }} mysql -u${{ secrets.USER_MYSQL_ENG }} -p${{ secrets.PASS_MYSQL_ENG }} -e "DROP USER 'user_ci-$INSTANCE'@'%'" -h ${{ secrets.RDS_ENG }} From 81ccf96431424ccbbbf3ba208b2821824f144da8 Mon Sep 17 00:00:00 2001 From: Daniel Ryan Date: Wed, 2 Jul 2025 10:32:33 -1000 Subject: [PATCH 38/46] fix pmai-system openaiHost --- .github/templates/instance.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/templates/instance.yaml b/.github/templates/instance.yaml index 9988deb..bca1081 100644 --- a/.github/templates/instance.yaml +++ b/.github/templates/instance.yaml @@ -10,7 +10,7 @@ appConfig: licenseGitToken: {{CUSTOMER_LICENSES_PAT}} deploy: pmai: - openaiHost: pmai-svc.{{pmai-system}}.svc.cluster.local + openaiHost: pmai-svc.pmai-system.svc.cluster.local deployDb: false dbHost: pm4-eng-stm-rds-cluster.cluster-ckz0mnb6cuna.us-east-1.rds.amazonaws.com dbName: pm4_ci-{{INSTANCE}}_ai From 68394d340cee3c7f852c4b40cc83226d0a812825 Mon Sep 17 00:00:00 2001 From: Nolan Ehrstrom Date: Thu, 3 Jul 2025 14:23:30 -0700 Subject: [PATCH 39/46] Fix delete --- .github/workflows/deploy-pm4.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/deploy-pm4.yml b/.github/workflows/deploy-pm4.yml index 087d178..1776391 100644 --- a/.github/workflows/deploy-pm4.yml +++ b/.github/workflows/deploy-pm4.yml @@ -270,13 +270,13 @@ jobs: helm delete ci-$INSTANCE kubectl delete namespace ci-$INSTANCE-ns-pm4 #Drop database - deploy_db="\`pm4_ci-$INSTANCE\`" + deploy_db="pm4_ci-${INSTANCE}%" deploy_ai="\`pm4_ci-$INSTANCE_ai\`" # Drop the main database including any tenant databases - mysql -u${{ secrets.USER_MYSQL_ENG }} -p${{ secrets.PASS_MYSQL_ENG }} -h ${{ secrets.RDS_ENG }} -N -e "SHOW DATABASES LIKE '${deploy_db}%'" | xargs -I{} mysql -u${{ secrets.USER_MYSQL_ENG }} -p${{ secrets.PASS_MYSQL_ENG }} -h ${{ secrets.RDS_ENG }} -e "DROP DATABASE IF EXISTS \`{}\`;" + mysql -u${{ secrets.USER_MYSQL_ENG }} -p${{ secrets.PASS_MYSQL_ENG }} -h ${{ secrets.RDS_ENG }} -N -e "SHOW DATABASES LIKE '${deploy_db}'" | xargs -I{} mysql -u${{ secrets.USER_MYSQL_ENG }} -p${{ secrets.PASS_MYSQL_ENG }} -h ${{ secrets.RDS_ENG }} -e "DROP DATABASE IF EXISTS \`{}\`;" - mysql -u${{ secrets.USER_MYSQL_ENG }} -p${{ secrets.PASS_MYSQL_ENG }} -e "DROP DATABASE `$deploy_ai`" -h ${{ secrets.RDS_ENG }} + mysql -u${{ secrets.USER_MYSQL_ENG }} -p${{ secrets.PASS_MYSQL_ENG }} -e "DROP DATABASE $deploy_ai" -h ${{ secrets.RDS_ENG }} mysql -u${{ secrets.USER_MYSQL_ENG }} -p${{ secrets.PASS_MYSQL_ENG }} -e "DROP USER 'user_ci-$INSTANCE'@'%'" -h ${{ secrets.RDS_ENG }} mysql -u${{ secrets.USER_MYSQL_ENG }} -p${{ secrets.PASS_MYSQL_ENG }} -e "DROP USER 'user_ci-$INSTANCE_ai'@'%'" -h ${{ secrets.RDS_ENG }} #Drop image Harbor From eb8ad47052120dae8d9871f5435dc3286a173567 Mon Sep 17 00:00:00 2001 From: Nolan Ehrstrom Date: Thu, 3 Jul 2025 14:37:40 -0700 Subject: [PATCH 40/46] Add safty check --- .github/workflows/deploy-pm4.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/.github/workflows/deploy-pm4.yml b/.github/workflows/deploy-pm4.yml index 1776391..f32f331 100644 --- a/.github/workflows/deploy-pm4.yml +++ b/.github/workflows/deploy-pm4.yml @@ -271,7 +271,12 @@ jobs: kubectl delete namespace ci-$INSTANCE-ns-pm4 #Drop database deploy_db="pm4_ci-${INSTANCE}%" - deploy_ai="\`pm4_ci-$INSTANCE_ai\`" + deploy_ai="\`pm4_ci-$INSTANCE_ai\`" + + # check that that string length of $deploy_db is greater than 10 as a safety check. If its less than 12, exit now + if [ ${#deploy_db} -lt 12 ]; then + exit 1 + fi # Drop the main database including any tenant databases mysql -u${{ secrets.USER_MYSQL_ENG }} -p${{ secrets.PASS_MYSQL_ENG }} -h ${{ secrets.RDS_ENG }} -N -e "SHOW DATABASES LIKE '${deploy_db}'" | xargs -I{} mysql -u${{ secrets.USER_MYSQL_ENG }} -p${{ secrets.PASS_MYSQL_ENG }} -h ${{ secrets.RDS_ENG }} -e "DROP DATABASE IF EXISTS \`{}\`;" From a3a7b7c60f14b1d73f0041557905b387ddc59e95 Mon Sep 17 00:00:00 2001 From: Nolan Ehrstrom Date: Thu, 3 Jul 2025 14:40:56 -0700 Subject: [PATCH 41/46] Update --- .github/workflows/deploy-pm4.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/deploy-pm4.yml b/.github/workflows/deploy-pm4.yml index f32f331..c508868 100644 --- a/.github/workflows/deploy-pm4.yml +++ b/.github/workflows/deploy-pm4.yml @@ -273,7 +273,7 @@ jobs: deploy_db="pm4_ci-${INSTANCE}%" deploy_ai="\`pm4_ci-$INSTANCE_ai\`" - # check that that string length of $deploy_db is greater than 10 as a safety check. If its less than 12, exit now + # check that that string length of $deploy_db is 12 or more as a safety check. If its less than 12, exit now if [ ${#deploy_db} -lt 12 ]; then exit 1 fi @@ -281,7 +281,7 @@ jobs: # Drop the main database including any tenant databases mysql -u${{ secrets.USER_MYSQL_ENG }} -p${{ secrets.PASS_MYSQL_ENG }} -h ${{ secrets.RDS_ENG }} -N -e "SHOW DATABASES LIKE '${deploy_db}'" | xargs -I{} mysql -u${{ secrets.USER_MYSQL_ENG }} -p${{ secrets.PASS_MYSQL_ENG }} -h ${{ secrets.RDS_ENG }} -e "DROP DATABASE IF EXISTS \`{}\`;" - mysql -u${{ secrets.USER_MYSQL_ENG }} -p${{ secrets.PASS_MYSQL_ENG }} -e "DROP DATABASE $deploy_ai" -h ${{ secrets.RDS_ENG }} + mysql -u${{ secrets.USER_MYSQL_ENG }} -p${{ secrets.PASS_MYSQL_ENG }} -e "DROP DATABASE IF EXISTS $deploy_ai" -h ${{ secrets.RDS_ENG }} mysql -u${{ secrets.USER_MYSQL_ENG }} -p${{ secrets.PASS_MYSQL_ENG }} -e "DROP USER 'user_ci-$INSTANCE'@'%'" -h ${{ secrets.RDS_ENG }} mysql -u${{ secrets.USER_MYSQL_ENG }} -p${{ secrets.PASS_MYSQL_ENG }} -e "DROP USER 'user_ci-$INSTANCE_ai'@'%'" -h ${{ secrets.RDS_ENG }} #Drop image Harbor From dfa905f4fe4ceead97df0adeae28c72a8ce0d8e9 Mon Sep 17 00:00:00 2001 From: Nolan Ehrstrom Date: Mon, 14 Jul 2025 14:13:16 -0700 Subject: [PATCH 42/46] Drop user if exists --- .github/workflows/deploy-pm4.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/deploy-pm4.yml b/.github/workflows/deploy-pm4.yml index c508868..ddf2e22 100644 --- a/.github/workflows/deploy-pm4.yml +++ b/.github/workflows/deploy-pm4.yml @@ -282,8 +282,8 @@ jobs: mysql -u${{ secrets.USER_MYSQL_ENG }} -p${{ secrets.PASS_MYSQL_ENG }} -h ${{ secrets.RDS_ENG }} -N -e "SHOW DATABASES LIKE '${deploy_db}'" | xargs -I{} mysql -u${{ secrets.USER_MYSQL_ENG }} -p${{ secrets.PASS_MYSQL_ENG }} -h ${{ secrets.RDS_ENG }} -e "DROP DATABASE IF EXISTS \`{}\`;" mysql -u${{ secrets.USER_MYSQL_ENG }} -p${{ secrets.PASS_MYSQL_ENG }} -e "DROP DATABASE IF EXISTS $deploy_ai" -h ${{ secrets.RDS_ENG }} - mysql -u${{ secrets.USER_MYSQL_ENG }} -p${{ secrets.PASS_MYSQL_ENG }} -e "DROP USER 'user_ci-$INSTANCE'@'%'" -h ${{ secrets.RDS_ENG }} - mysql -u${{ secrets.USER_MYSQL_ENG }} -p${{ secrets.PASS_MYSQL_ENG }} -e "DROP USER 'user_ci-$INSTANCE_ai'@'%'" -h ${{ secrets.RDS_ENG }} + mysql -u${{ secrets.USER_MYSQL_ENG }} -p${{ secrets.PASS_MYSQL_ENG }} -e "DROP USER IF EXISTS 'user_ci-$INSTANCE'@'%'" -h ${{ secrets.RDS_ENG }} + mysql -u${{ secrets.USER_MYSQL_ENG }} -p${{ secrets.PASS_MYSQL_ENG }} -e "DROP USER IF EXISTS 'user_ci-$INSTANCE_ai'@'%'" -h ${{ secrets.RDS_ENG }} #Drop image Harbor curl -X DELETE -u ${{ secrets.REGISTRY_USERNAME }}:${{ secrets.REGISTRY_PASSWORD }} "https://${{ secrets.REGISTRY_HOST }}/api/v2.0/projects/processmaker/repositories/enterprise/artifacts/${{env.IMAGE_TAG}}" echo "The instance [https://ci-$INSTANCE.engk8s.processmaker.net] was deleted!!" From 3f8b8b07e370978f4eb0e2f5dc143ccf710a65c4 Mon Sep 17 00:00:00 2001 From: Nolan Ehrstrom Date: Tue, 15 Jul 2025 08:41:26 -0700 Subject: [PATCH 43/46] Use tenant url --- .github/workflows/deploy-pm4.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.github/workflows/deploy-pm4.yml b/.github/workflows/deploy-pm4.yml index ddf2e22..09c4815 100644 --- a/.github/workflows/deploy-pm4.yml +++ b/.github/workflows/deploy-pm4.yml @@ -173,7 +173,11 @@ jobs: cat .github/templates/db.yaml chmod +x .github/scripts/deploy-instance.sh bash .github/scripts/deploy-instance.sh - export INSTANCE_URL="https://ci-$instance.engk8s.processmaker.net" + if [ "$MULTITENANCY" = "true" ]; then + export INSTANCE_URL="https://tenant-1.ci-$instance.engk8s.processmaker.net" + else + export INSTANCE_URL="https://ci-$instance.engk8s.processmaker.net" + fi echo "Instance URL: $INSTANCE_URL" bash .github/scripts/gh_comment.sh "$CI_PROJECT" "$pull_req_id" From 6b059e108f12da669ba02cb37a08afa6c43e710e Mon Sep 17 00:00:00 2001 From: Nolan Ehrstrom Date: Tue, 15 Jul 2025 12:10:10 -0700 Subject: [PATCH 44/46] Check for tenant --- .github/scripts/deploy-instance.sh | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.github/scripts/deploy-instance.sh b/.github/scripts/deploy-instance.sh index f2dbc17..85e0aa2 100644 --- a/.github/scripts/deploy-instance.sh +++ b/.github/scripts/deploy-instance.sh @@ -61,6 +61,10 @@ else kubectl delete pod $webPod $schedulerPod $queuePod -n ci-{{INSTANCE}}-ns-pm4 fi -export INSTANCE_URL=https://ci-{{INSTANCE}}$DOM_EKS +if [ "$MULTITENANCY" = "true" ]; then + export INSTANCE_URL="https://tenant-1.ci-{{INSTANCE}}$DOM_EKS" +else + export INSTANCE_URL="https://ci-{{INSTANCE}}$DOM_EKS" +fi echo "INSTANCE_URL=${INSTANCE_URL}" >> "$GITHUB_ENV" ./pm4-k8s-distribution/images/pm4-tools/pm wait-for-instance-ready From 03e0621574067d2943a07ce10c941daa4f679182 Mon Sep 17 00:00:00 2001 From: Daniel Ryan Date: Thu, 17 Jul 2025 09:27:42 -1000 Subject: [PATCH 45/46] set .multitenancy.enable based on ci pr body --- .github/templates/instance.yaml | 2 +- .github/workflows/deploy-pm4.yml | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/templates/instance.yaml b/.github/templates/instance.yaml index bca1081..4d6f618 100644 --- a/.github/templates/instance.yaml +++ b/.github/templates/instance.yaml @@ -56,7 +56,7 @@ cdata: gmail: 4431444B5541535544424141454E545041325246353431324354303100000000000000000000000050524F434553534D00005356434441465847303144570000 api: 4641444B5541535544424141454E545041325246353431324354303100000000000000000000000050524F434553534D00004750533442365456343939530000 multitenancy: - enable: true + enable: {{MULTITENANCY}} microservices: scriptExecutor: enable: true diff --git a/.github/workflows/deploy-pm4.yml b/.github/workflows/deploy-pm4.yml index 09c4815..9e569f0 100644 --- a/.github/workflows/deploy-pm4.yml +++ b/.github/workflows/deploy-pm4.yml @@ -165,6 +165,7 @@ jobs: sed -i "s#{{CUSTOMER_LICENSES_PAT}}#$CUSTOMER_LICENSES_PAT#g" .github/templates/instance.yaml sed -i "s#{{MYSQL_USER}}#$RDS_ADMIN_USERNAME#g" .github/templates/instance.yaml sed -i "s#{{MYSQL_PASSWORD}}#$RDS_ADMIN_PASSWORD#g" .github/templates/instance.yaml + sed -i "s#{{MULTITENANCY}}#$MULTITENANCY#g" .github/templates/instance.yaml sed -i "s#{{MYSQL_USERNAME}}#$RDS_ADMIN_USERNAME#g" .github/templates/db.yaml sed -i "s#{{MYSQL_PASSWORD}}#$RDS_ADMIN_PASSWORD#g" .github/templates/db.yaml echo "=== Checking instance.yaml after replacements ===" From 9d8b37485f6743af95ffffe8702ff99222080148 Mon Sep 17 00:00:00 2001 From: Daniel Ryan Date: Tue, 22 Jul 2025 09:58:32 -1000 Subject: [PATCH 46/46] appConfig.https true to enable letsencrypt --- .github/templates/instance.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/templates/instance.yaml b/.github/templates/instance.yaml index 4d6f618..57f2f1c 100644 --- a/.github/templates/instance.yaml +++ b/.github/templates/instance.yaml @@ -1,7 +1,7 @@ appVersion: {{IMAGE_TAG}} eksCluster: pm4-eng appConfig: - https: false + https: true subdomain: .engk8s.processmaker.net customSecurityPolicy: true customSecurityPolicyUrl: 'https://adobexdplatform.com https://*.quicksight.aws.amazon.com https://www.canva.com https://excalidraw.com https://www.figma.com https://flocus.com https://www.framer.com https://giphy.com https://lookerstudio.google.com https://maps.google.com https://docs.google.com https://www.loom.com https://miro.com https://mixpanel.com https://pitch.com https://prezi.com https://www.sketch.com https://www.slideshare.net https://supademo.com https://www.tableau.com https://forms.app https://vimeo.com https://www.youtube.com'