Merge branch 'release/noble-sea-lemon' into CE-1077

bcgov · Oct 30, 2024 · ce30225 · ce30225
2 parents 154e357 + 8c3d91e
commit ce30225
Show file tree

Hide file tree

Showing 100 changed files with 4,800 additions and 721 deletions.
diff --git a/.github/actions/get-latest-pr-number/action.yml b/.github/actions/get-latest-pr-number/action.yml
@@ -0,0 +1,39 @@
+name: Get Latest Merged PR Number
+description: Get the latest merged PR number from the release branch, this is the production candidate
+branding:
+  icon: git-pull-request
+  color: blue
+
+inputs:
+  token:
+    description: Specify token (GH or PAT), instead of inheriting one from the calling workflow
+    default: ${{ github.token }}
+
+outputs:
+  pr:
+    description: "Latest merged pull request number"
+    value: ${{ steps.vars.outputs.pr }}
+
+runs:
+  using: composite
+  steps:
+    - id: vars
+      shell: bash
+      run: |
+        git fetch origin
+
+        release_branch="${{ github.event.pull_request.head.ref }}"
+        echo "Detected release branch: $release_branch"
+
+        latest_pr=$(git log origin/$release_branch --pretty=format:'%s' | grep -oP '(?<=#)\d+' | head -n 1)
+
+        if [ -z "$latest_pr" ]; then
+          echo "No merged PR found on $release_branch"
+          exit 1
+        elif [[ ! "$latest_pr" =~ ^[0-9]+$ ]]; then
+          echo "PR number format incorrect: $latest_pr"
+          exit 1
+        fi
+
+        echo "Latest PR number from $release_branch: $latest_pr"
+        echo "pr=$latest_pr" >> $GITHUB_OUTPUT
diff --git a/.github/scripts/sysdig_deploy.sh b/.github/scripts/sysdig_deploy.sh
@@ -0,0 +1,27 @@
+#!/bin/bash
+# Handles sysdig terraform validation and apply
+
+set -e # failfast
+# ENV:
+# APPLY: determines if plan is applied, lease as false for dry-run
+
+cd terraform || exit 1
+terraform -v
+terraform init \
+    -backend-config="bucket=${STATE_BACKEND_BUCKET}" \
+    -backend-config="key=${STATE_BACKEND_FILEPATH}" \
+    -backend-config="access_key=${STATE_BACKEND_ACCESS_KEY}" \
+    -backend-config="secret_key=${STATE_BACKEND_SECRET_KEY}" \
+    -backend-config="endpoint=${STATE_BACKEND_ENDPOINT}"
+
+# validate and lint check
+terraform validate
+terraform plan
+
+if [ "$APPLY" = "true" ]; then
+    echo "APPLY=true flag provided, attempting to apply changes"
+    # deploy
+    terraform apply -auto-approve
+else
+    echo "Dry-run, skipping apply"
+fi
diff --git a/.github/scripts/sysdig_installed.sh b/.github/scripts/sysdig_installed.sh
@@ -0,0 +1,34 @@
+#!/bin/bash
+# Fetches the sysdig team crd and checks at least 1 user is present in the config
+# IMPORTANT NOTE: requires a serviceaccount with get/list on sysdig-team
+# ENV:
+# OC_NAMESPACE
+# OC_SERVER
+# OC_TOKEN
+set -e # failfast
+if [ -z "$OC_NAMESPACE" ]; then
+    echo "OC_NAMESPACE not set"
+    exit 1
+fi
+if [ -z "$OC_SERVER" ]; then
+    echo "OC_SERVER not set"
+    exit 1
+fi
+if [ -z "$OC_TOKEN" ]; then
+    echo "OC_TOKEN not set"
+    exit 1
+fi
+
+OC_TEMP_TOKEN=$(curl -k -X POST $OC_SERVER/api/v1/namespaces/$OC_NAMESPACE/serviceaccounts/pipeline/token --header "Authorization: Bearer $OC_TOKEN" -d '{"spec": {"expirationSeconds": 600}}' -H 'Content-Type: application/json; charset=utf-8' | jq -r '.status.token' )
+oc login --token=$OC_TEMP_TOKEN --server=$OC_SERVER
+oc project $OC_NAMESPACE # Safeguard!
+
+
+sysdig_config=$(oc get sysdig-team -n $OC_NAMESPACE -ojson)
+num_users=$(echo $sysdig_config | jq -r '.items[0].spec.team.users | length')
+if [ $num_users -eq 0 ]; then
+    echo "No users found in sysdig-team"
+    exit 1
+fi
+echo "Found $num_users users in sysdig-team"
+exit 0
diff --git a/.github/workflows/deploy-sysdig.yml b/.github/workflows/deploy-sysdig.yml
@@ -0,0 +1,64 @@
+name: Deploy Sysdig Alerts
+
+on:
+  push:
+    paths:
+      - "terraform/**"
+
+concurrency:
+  # Do not interrupt previous workflows
+  # avoid state corruption from cancels
+  group: ${{ github.workflow }}
+  cancel-in-progress: false
+
+jobs:
+  installed:
+    environment: tools
+    name: Check Sysdig Installed
+    runs-on: ubuntu-22.04
+    timeout-minutes: 1
+    steps:
+      - uses: actions/checkout@v4
+      - run: ./.github/scripts/sysdig_installed.sh
+        env:
+          OC_NAMESPACE: ${{ secrets.OC_NAMESPACE }}
+          OC_SERVER: ${{ secrets.OC_SERVER }}
+          OC_TOKEN: ${{ secrets.OC_TOKEN }}
+
+  validate:
+    environment: tools
+    needs: installed
+    name: Validate Sysdig Terraform
+    runs-on: ubuntu-22.04
+    timeout-minutes: 3
+    steps:
+      - uses: actions/checkout@v4
+      - name: Validate Sysdig Terraform
+        run: APPLY=false ./.github/scripts/sysdig_deploy.sh
+        env:
+          STATE_BACKEND_BUCKET: ${{ secrets.STATE_BACKEND_BUCKET }}
+          STATE_BACKEND_ACCESS_KEY: ${{ secrets.STATE_BACKEND_ACCESS_KEY }}
+          STATE_BACKEND_SECRET_KEY: ${{ secrets.STATE_BACKEND_SECRET_KEY }}
+          STATE_BACKEND_FILEPATH: ${{ secrets.STATE_BACKEND_FILEPATH }}
+          STATE_BACKEND_ENDPOINT: ${{ secrets.STATE_BACKEND_ENDPOINT }}
+          TF_VAR_sysdig_api_token: ${{ secrets.TF_VAR_SYSDIG_API_TOKEN }}
+          AWS_NO_SIGN_REQUEST: 1
+  deploy:
+    if: github.ref == 'refs/heads/main'
+    needs: validate
+    environment: tools
+    name: Deploy Sysdig Terraform
+    runs-on: ubuntu-22.04
+    timeout-minutes: 10
+    steps:
+      - uses: actions/checkout@v4
+      - name: Apply Sysdig Terraform
+        run: APPLY=true ./.github/scripts/sysdig_deploy.sh
+        env:
+          STATE_BACKEND_BUCKET: ${{ secrets.STATE_BACKEND_BUCKET }}
+          STATE_BACKEND_ACCESS_KEY: ${{ secrets.STATE_BACKEND_ACCESS_KEY }}
+          STATE_BACKEND_SECRET_KEY: ${{ secrets.STATE_BACKEND_SECRET_KEY }}
+          STATE_BACKEND_FILEPATH: ${{ secrets.STATE_BACKEND_FILEPATH }}
+          STATE_BACKEND_ENDPOINT: ${{ secrets.STATE_BACKEND_ENDPOINT }}
+          TF_VAR_sysdig_api_token: ${{ secrets.TF_VAR_SYSDIG_API_TOKEN }}
+          AWS_NO_SIGN_REQUEST: 1
diff --git a/.github/workflows/merge-main.yml b/.github/workflows/merge-main.yml
@@ -24,17 +24,16 @@ jobs:
   vars:
     name: Set Variables
     outputs:
-      pr: ${{ steps.pr.outputs.pr }}
+      pr: ${{ steps.latest-pr.outputs.pr }}
     runs-on: ubuntu-22.04
     timeout-minutes: 1
     steps:
       - uses: actions/checkout@v4
-      # Get PR number for squash merges to release
-      - name: PR Number
-        id: pr
-        uses: ./.github/actions/get-pr-number
+      - name: Get Latest PR Number in release branch
+        id: latest-pr
+        uses: ./.github/actions/get-latest-pr-number
       - name: Set PR Output
-        run: echo "pr=${{ steps.pr.outputs.pr }}" >> $GITHUB_OUTPUT
+        run: echo "pr=${{ steps.latest-pr.outputs.pr }}" >> $GITHUB_OUTPUT
 
   create_release:
     name: Create GitHub Release (Keep Version)
@@ -86,6 +85,8 @@ jobs:
         --set webeoc.pdb.enabled=true
         --set nats.config.cluster.replicas=3
         --set nats.config.cluster.enabled=true
+        --set bitnami-pg.backup.cronjob.storage.size=512Mi
+        --set bitnami-pg.primary.persistence.size=512Mi
 
   promote:
     name: Promote Images

diff --git a/.gitignore b/.gitignore
@@ -119,3 +119,23 @@ frontend/cypress/screenshots/allegation-details-edit.cy.ts/Complaint Edit Page s
 frontend/cypress/screenshots/hwcr-details-edit.cy.ts/Complaint Edit Page spec - Edit View -- Navigate to the Complaint Edit page & check inputs (failed).png
 frontend/cypress/screenshots/hwcr-details-edit.cy.ts/Complaint Edit Page spec - Edit View -- it has a map on screen with a marker at the correct location (failed).png
 nr-compliance-enforcement.code-workspace
+
+# Terraform
+*.tfstate
+*.tfstate.*
+crash.log
+crash.*.log
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+.terraform/
+.terraform.lock.hcl
+**/.terraform/*
+*.tfvars
+*.tfvars.json
+# Ignore transient lock info files created by terraform apply
+.terraform.tfstate.lock.info
+# Ignore CLI configuration files
+.terraformrc
+terraform.rc
diff --git a/backend/package-lock.json b/backend/package-lock.json
diff --git a/backend/package.json b/backend/package.json
@@ -73,6 +73,7 @@
     "linq-to-typescript": "^11.0.0",
     "nest-winston": "^1.9.2",
     "npm-check-updates": "^17.1.3",
+    "nrs-ce-common-types": "^1.0.10",
     "passport": "^0.6.0",
     "passport-jwt": "^4.0.1",
     "path-to-regexp": "^8.0.0",

diff --git a/backend/src/app.module.ts b/backend/src/app.module.ts
@@ -53,6 +53,7 @@ import { TeamCodeModule } from "./v1/team_code/team_code.module";
 import { OfficerTeamXrefModule } from "./v1/officer_team_xref/officer_team_xref.module";
 import { ComplaintMethodReceivedCodeModule } from "./v1/complaint_method_received_code/complaint_method_received_code.module";
 import { CompMthdRecvCdAgcyCdXrefModule } from "./v1/comp_mthd_recv_cd_agcy_cd_xref/comp_mthd_recv_cd_agcy_cd_xref.module";
+import { LinkedComplaintXrefModule } from "./v1/linked_complaint_xref/linked_complaint_xref.module";
 
 console.log("Var check - POSTGRESQL_HOST", process.env.POSTGRESQL_HOST);
 console.log("Var check - POSTGRESQL_DATABASE", process.env.POSTGRESQL_DATABASE);
@@ -128,6 +129,7 @@ if (process.env.POSTGRESQL_PASSWORD != null) {
     OfficerTeamXrefModule,
     ComplaintMethodReceivedCodeModule,
     CompMthdRecvCdAgcyCdXrefModule,
+    LinkedComplaintXrefModule,
   ],
   controllers: [AppController],
   providers: [AppService, ComplaintSequenceResetScheduler],

diff --git a/backend/src/middleware/maps/automapper-entity-to-dto-maps.ts b/backend/src/middleware/maps/automapper-entity-to-dto-maps.ts
@@ -243,6 +243,10 @@ export const complaintToComplaintDtoMap = (mapper: Mapper) => {
       (destination) => destination.webeocId,
       mapFrom((source) => source.webeoc_identifier),
     ),
+    forMember(
+      (destination) => destination.referenceNumber,
+      mapFrom((source) => source.reference_number),
+    ),
     forMember(
       (destination) => destination.complaintMethodReceivedCode,
       mapFrom((source) => {
@@ -692,6 +696,10 @@ export const applyWildlifeComplaintMap = (mapper: Mapper) => {
       (destination) => destination.webeocId,
       mapFrom((source) => source.complaint_identifier.webeoc_identifier),
     ),
+    forMember(
+      (destination) => destination.referenceNumber,
+      mapFrom((source) => source.complaint_identifier.reference_number),
+    ),
     forMember(
       (destination) => destination.complaintMethodReceivedCode,
       mapFrom((source) => {
@@ -915,6 +923,10 @@ export const applyAllegationComplaintMap = (mapper: Mapper) => {
       (destination) => destination.webeocId,
       mapFrom((source) => source.complaint_identifier.webeoc_identifier),
     ),
+    forMember(
+      (destination) => destination.referenceNumber,
+      mapFrom((source) => source.complaint_identifier.reference_number),
+    ),
     forMember(
       (destination) => destination.complaintMethodReceivedCode,
       mapFrom((source) => {
@@ -1432,6 +1444,10 @@ export const mapWildlifeReport = (mapper: Mapper, tz: string = "America/Vancouve
       (destination) => destination.webeocId,
       mapFrom((source) => source.complaint_identifier.webeoc_identifier),
     ),
+    forMember(
+      (destination) => destination.referenceNumber,
+      mapFrom((source) => source.complaint_identifier.reference_number),
+    ),
     forMember(
       (destination) => destination.complaintMethodReceivedCode,
       mapFrom((source) => {
@@ -1723,6 +1739,10 @@ export const mapAllegationReport = (mapper: Mapper, tz: string = "America/Vancou
       (destination) => destination.webeocId,
       mapFrom((source) => source.complaint_identifier.webeoc_identifier),
     ),
+    forMember(
+      (destination) => destination.referenceNumber,
+      mapFrom((source) => source.complaint_identifier.reference_number),
+    ),
     forMember(
       (destination) => destination.complaintMethodReceivedCode,
       mapFrom((source) => {

diff --git a/backend/src/middleware/maps/dto-to-table-map.ts b/backend/src/middleware/maps/dto-to-table-map.ts
@@ -100,6 +100,12 @@ export const mapComplaintDtoToComplaintTable = (mapper: Mapper) => {
         };
       }),
     ),
+    forMember(
+      (dest) => dest.reference_number,
+      mapFrom((src) => {
+        return src.referenceNumber;
+      }),
+    ),
     forMember(
       (dest) => dest.is_privacy_requested,
       mapFrom((src) => {

diff --git a/backend/src/types/models/case-files/assessment-details.ts b/backend/src/types/models/case-files/assessment-details.ts
@@ -1,6 +1,8 @@
 import { AssessmentActionDto } from "./assessment-action";
 export interface AssessmentDetailsDto {
   actionNotRequired: boolean;
+  actionCloseComplaint: boolean;
+  actionLinkedComplaintIdentifier: string;
   actionJustificationCode: string;
   actionJustificationShortDescription: string;
   actionJustificationLongDescription: string;

diff --git a/backend/src/types/models/complaints/allegation-complaint.ts b/backend/src/types/models/complaints/allegation-complaint.ts
@@ -1,7 +1,8 @@
 import { UUID } from "crypto";
 import { ComplaintDto } from "./complaint";
+import { BaseComplaint } from "nrs-ce-common-types";
 
-export interface AllegationComplaintDto extends ComplaintDto {
+export interface AllegationComplaintDto extends ComplaintDto, BaseComplaint {
   ersId: UUID;
   violation: string;
   isInProgress: boolean;