Merge pull request #4685 from UNDP-Data/release/develop-to-main

[RELEASE] Merge develop to main

.github/workflows/ci.yml

@@ -167,6 +167,7 @@ jobs:
     environment:
       name: Svelte UNDP Design
       url: https://svelte-undp-design.undpgeohub.org/
+
     steps:
       - name: checkout code repository
         uses: actions/checkout@v4
@@ -190,13 +191,17 @@ jobs:
 
       - name: deploy storybook to Blob container
         if: ${{ (github.ref == 'refs/heads/develop') }}
-        uses: bacongobbler/azure-blob-storage-upload@main
+        uses: azure/CLI@v2
         with:
-          source_dir: packages/svelte-undp-design/storybook-static
-          container_name: $web
-          connection_string: ${{ secrets.AZURE_STORAGE_CONNECTION_STRING_STORYBOOK }}
-          # WARNING: this will overwrite existing blobs in your blob storage
-          sync: "true"
+          azcliversion: 2.67.0
+          # azcopy workadound https://github.com/Azure/azure-cli/issues/30635
+          inlineScript: |
+            tdnf install -y azcopy;
+            az storage blob sync \
+              --container '$web' \
+              --source "packages/svelte-undp-design/storybook-static" \
+              --connection-string "${{ secrets.AZURE_STORAGE_CONNECTION_STRING_STORYBOOK }}" \
+              --delete-destination true
 
   build-and-deploy-undp-components:
     name: Build and deploy svelte UNDP components storybook
@@ -209,6 +214,7 @@ jobs:
     environment:
       name: Svelte UNDP Components
       url: https://svelte-undp-components.undpgeohub.org/
+
     steps:
       - name: checkout code repository
         uses: actions/checkout@v4
@@ -233,13 +239,17 @@ jobs:
 
       - name: deploy storybook to Blob container
         if: ${{ (github.ref == 'refs/heads/develop') }}
-        uses: bacongobbler/azure-blob-storage-upload@main
+        uses: azure/CLI@v2
         with:
-          source_dir: packages/svelte-undp-components/storybook-static
-          container_name: $web
-          connection_string: ${{ secrets.AZURE_STORAGE_CONNECTION_STRING_STORYBOOK }}
-          # WARNING: this will overwrite existing blobs in your blob storage
-          sync: "true"
+          azcliversion: 2.67.0
+          # azcopy workadound https://github.com/Azure/azure-cli/issues/30635
+          inlineScript: |
+            tdnf install -y azcopy;
+            az storage blob sync \
+              --container '$web' \
+              --source "packages/svelte-undp-components/storybook-static" \
+              --connection-string "${{ secrets.AZURE_STORAGE_CONNECTION_STRING_STORYBOOK }}" \
+              --delete-destination true
 
   build-and-deploy-userguide:
     name: Build and deploy GeoHub userguide
@@ -289,22 +299,31 @@ jobs:
 
       - name: deploy userguide to Blob container Prod
         if: ${{ (github.ref == 'refs/heads/main') }}
-        uses: bacongobbler/azure-blob-storage-upload@main
+        uses: azure/CLI@v2
         with:
-          source_dir: documentation/site
-          container_name: $web
-          connection_string: ${{ secrets.AZURE_STORAGE_CONNECTION_STRING_USERGUIDE }}
-          # WARNING: this will overwrite existing blobs in your blob storage
-          sync: "true"
+          azcliversion: 2.67.0
+          # azcopy workadound https://github.com/Azure/azure-cli/issues/30635
+          inlineScript: |
+            tdnf install -y azcopy;
+            az storage blob sync \
+              --container '$web' \
+              --source "documentation/site" \
+              --connection-string "${{ secrets.AZURE_STORAGE_CONNECTION_STRING_USERGUIDE }}" \
+              --delete-destination true
+
       - name: deploy userguide to Blob container Dev
         if: ${{ github.ref == 'refs/heads/develop' }}
-        uses: bacongobbler/azure-blob-storage-upload@main
+        uses: azure/CLI@v2
         with:
-          source_dir: documentation/site
-          container_name: $web
-          connection_string: ${{ secrets.AZURE_STORAGE_CONNECTION_STRING_USERGUIDE_DEV }}
-          # WARNING: this will overwrite existing blobs in your blob storage
-          sync: "true"
+          azcliversion: 2.67.0
+          # azcopy workadound https://github.com/Azure/azure-cli/issues/30635
+          inlineScript: |
+            tdnf install -y azcopy;
+            az storage blob sync \
+              --container '$web' \
+              --source "documentation/site" \
+              --connection-string "${{ secrets.AZURE_STORAGE_CONNECTION_STRING_USERGUIDE_DEV }}" \
+              --delete-destination true
 
   build_static_api_acr:
     name: Build and deploy Static Image API to ACR
@@ -394,16 +413,16 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Deploy pgtileserv to kubernetes
-        uses: actions-hub/[email protected].0
+        uses: actions-hub/[email protected].1
         with:
           args: apply -f backends/k8s/pgtileserv/yaml/pgtileserv-deployment.yaml
 
       - name: Delete Secrets for pgtileserv
-        uses: actions-hub/[email protected].0
+        uses: actions-hub/[email protected].1
         with:
           args: delete secret pgtileserv-secrets --ignore-not-found -n ${{ env.PGTILESERV_NAMESPACE }}
       - name: Create Secrets for pgtileserv
-        uses: actions-hub/[email protected].0
+        uses: actions-hub/[email protected].1
         with:
           args: create secret generic pgtileserv-secrets --from-literal=DATABASE_URL=${{ secrets.DATABASE_URL }}  -n ${{ env.PGTILESERV_NAMESPACE }}
 
@@ -421,15 +440,15 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v4
       - name: Delete Secrets
-        uses: actions-hub/[email protected].0
+        uses: actions-hub/[email protected].1
         with:
           args: delete secret ingest-secrets --ignore-not-found -n ${{ env.DEPLOYMENT_NAMESPACE }}
       - name: Create Secrets
-        uses: actions-hub/[email protected].0
+        uses: actions-hub/[email protected].1
         with:
           args: create secret generic ingest-secrets --from-literal=AZURE_STORAGE_CONNECTION_STRING=${{ secrets.AZURE_STORAGE_CONNECTION_STRING }} --from-literal=SERVICE_BUS_CONNECTION_STRING=${{ secrets.SERVICE_BUS_CONNECTION_STRING }}  --from-literal=AZURE_WEBPUBSUB_CONNECTION_STRING=${{ secrets.AZURE_WEBPUBSUB_CONNECTION_STRING }} -n ${{ env.DEPLOYMENT_NAMESPACE }}
       - name: Deploy ingest to kubernetes
-        uses: actions-hub/[email protected].0
+        uses: actions-hub/[email protected].1
         env:
           SERVICE_BUS_CONNECTION_STRING: ${{ secrets.SERVICE_BUS_CONNECTION_STRING }}
         with:
@@ -450,7 +469,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Deploy cogserver-dev to kubernetes
-        uses: actions-hub/[email protected].0
+        uses: actions-hub/[email protected].1
         with:
           args: apply -f backends/k8s/cogserver/yaml/cogserver-dev-deployment.yaml
 
@@ -469,7 +488,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Deploy cogserver to kubernetes
-        uses: actions-hub/[email protected].0
+        uses: actions-hub/[email protected].1
         with:
           args: apply -f backends/k8s/cogserver/yaml/cogserver-deployment.yaml
 
@@ -488,15 +507,15 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v4
       - name: Delete Secrets
-        uses: actions-hub/[email protected].0
+        uses: actions-hub/[email protected].1
         with:
           args: delete secret stac-secrets --ignore-not-found -n ${{ env.DEPLOYMENT_NAMESPACE }}
       - name: Create Secrets
-        uses: actions-hub/[email protected].0
+        uses: actions-hub/[email protected].1
         with:
-          args: create secret generic stac-secrets --from-literal=AZURE_STORAGE_CONNECTION_STRING=${{ secrets.AZURE_STORAGE_CONNECTION_STRING }} --from-literal=AZURE_SERVICE_BUS_CONNECTION_STRING=${{ secrets.AZURE_SERVICE_BUS_CONNECTION_STRING }}  --from-literal=AZURE_SERVICE_BUS_QUEUE_NAME=${{ env.AZURE_SERVICE_BUS_QUEUE_NAME }} -n ${{ env.DEPLOYMENT_NAMESPACE }}
+          args: create secret generic stac-secrets --from-literal=AZURE_STORAGE_CONNECTION_STRING=${{ secrets.AZURE_STORAGE_CONNECTION_STRING }} --from-literal=AZURE_SERVICE_BUS_CONNECTION_STRING=${{ secrets.AZURE_SERVICE_BUS_CONNECTION_STRING }}  --from-literal=AZURE_SERVICE_BUS_QUEUE_NAME=${{ env.AZURE_SERVICE_BUS_QUEUE_NAME }} --from-literal=EOG_USER=${{ secrets.EOG_USER }} --from-literal=EOG_PASSWORD=${{ secrets.EOG_PASSWORD }} -n ${{ env.DEPLOYMENT_NAMESPACE }}
       - name: Deploy ingest to kubernetes
-        uses: actions-hub/[email protected].0
+        uses: actions-hub/[email protected].1
         env:
           AZURE_SERVICE_BUS_CONNECTION_STRING: ${{ secrets.AZURE_SERVICE_BUS_CONNECTION_STRING }}
         with:

.github/workflows/release.yml

@@ -10,7 +10,12 @@ env:
   CI: true
   PNPM_CACHE_FOLDER: .pnpm-store
 
-permissions: {}
+permissions:
+  contents: write
+  issues: write
+  pull-requests: write
+  packages: write
+
 jobs:
   release:
     # prevents this action from running on forks
@@ -36,11 +41,10 @@ jobs:
           cache: pnpm
 
       - name: install dependencies
-        run: pnpm install --frozen-lockfile
+        run: pnpm install --frozen-lockfile --shamefully-hoist
 
       - name: build packages
-        run: |
-          pnpm build
+        run: pnpm build
 
       - name: Create Release Pull Request or Publish to npm
         id: changesets

.nvmrc

@@ -1 +1 @@
-22.12.0
+22.13.1

backends/k8s/cert-manager/scripts/install.sh

@@ -2,7 +2,7 @@
 
 kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.9.1/cert-manager.yaml
 . scripts/.env
-envsubst < yaml/cloudflare-apitoken-secret.yaml | kubectl apply -f -
+envsubst < yaml/cloudflare-apikey-secret.yaml | kubectl apply -f -
 envsubst < yaml/zerossl-hmac-secret.yaml | kubectl apply -f -
 unset CLOUDFLARE_API_TOKEN
 unset ZEROSSL_HMAC_KEY

backends/k8s/cert-manager/yaml/cloudflare-apitoken-secret.yaml → backends/k8s/cert-manager/yaml/cloudflare-apikey-secret.yaml

@@ -1,8 +1,8 @@
 apiVersion: v1
 kind: Secret
 metadata:
-  name: cloudflare-api-token-secret
+  name: cloudflare-api-key
   namespace: cert-manager
 type: Opaque
 stringData:
-  api-token: $CLOUDFLARE_API_TOKEN
+  api-key: $CLOUDFLARE_API_KEY

backends/k8s/cert-manager/yaml/le-cluster-issuer.yaml

@@ -12,10 +12,9 @@ spec:
       - dns01:
           cloudflare:
             email: [email protected]
-            apiTokenSecretRef:
-              name: cloudflare-api-token-secret
-              key: api-token
+            apiKeySecretRef:
+              name: cloudflare-api-key
+              key: api-key
         selector:
           dnsZones:
-          - 'undpgeohub.org'
-          - '*.undpgeohub.org'
+          - 'undpgeohub.org'

backends/k8s/cert-manager/yaml/zerossl-cluster-issuer.yaml

@@ -20,7 +20,7 @@ spec:
         # Replace the section below with your DNS01 provider
         cloudflare:
           email: [email protected]
-          apiTokenSecretRef:
-            name: cloudflare-api-token-secret
-            key: api-token
+          apiKeySecretRef:
+            name: cloudflare-api-key
+            key: api-key
 

backends/k8s/cogserver/yaml/cogserver-deployment.yaml

@@ -93,7 +93,7 @@ metadata:
   namespace: titiler
   annotations:
     kubernetes.io/ingress.class: addon-http-application-routing
-    cert-manager.io/cluster-issuer: zerossl
+    cert-manager.io/cluster-issuer: letsencrypt
 spec:
   #ingressClassName: addon-http-application-routing
   tls:

backends/k8s/pgtileserv/yaml/pgtileserv-deployment.yaml

@@ -22,7 +22,7 @@ spec:
         type: "auto"
       containers:
         - name: pgtileserv
-          image: pramsey/pg_tileserv:20240614
+          image: pramsey/pg_tileserv:20250131
           resources:
             limits:
               memory: "2048Mi"

backends/k8s/stac-pipeline/scripts/.env.example

@@ -1,3 +1,6 @@
 AZURE_STORAGE_CONNECTION_STRING=
 AZURE_SERVICE_BUS_CONNECTION_STRING=
-AZURE_SERVICE_BUS_QUEUE_NAME=undp-stac-pipeline
+AZURE_SERVICE_BUS_QUEUE_NAME=undp-stac-pipeline
+# see https://eogdata.mines.edu/products/register/
+EOG_USER=
+EOG_PASSWORD=

backends/k8s/stac-pipeline/scripts/install.sh

@@ -12,6 +12,8 @@ kubectl create secret generic $SECRET_NAME \
 --from-literal=AZURE_STORAGE_CONNECTION_STRING=$AZURE_STORAGE_CONNECTION_STRING \
 --from-literal=AZURE_SERVICE_BUS_CONNECTION_STRING=$AZURE_SERVICE_BUS_CONNECTION_STRING \
 --from-literal=AZURE_SERVICE_BUS_QUEUE_NAME=$AZURE_SERVICE_BUS_QUEUE_NAME \
+--from-literal=EOG_USER=$EOG_USER \
+--from-literal=EOG_PASSWORD=$EOG_PASSWORD \
 -n $NAMESPACE
 
 

backends/k8s/stac-pipeline/yaml/deployment.yaml

@@ -21,7 +21,7 @@ spec:
           type: "pipeline"
         containers:
           - name: stac
-            image: undpgeohub.azurecr.io/undp-data/geo-undpstac-pipeline:v0.0.8
+            image: undpgeohub.azurecr.io/undp-data/geo-undpstac-pipeline:v0.0.9
             imagePullPolicy: Always
             command: ["python3"]
             args: ["-m", "undpstac_pipeline.cli", "queue", "--force"]
@@ -71,7 +71,7 @@ spec:
           type: "pipeline"
         containers:
           - name: stac
-            image: undpgeohub.azurecr.io/undp-data/geo-undpstac-pipeline:v0.0.8
+            image: undpgeohub.azurecr.io/undp-data/geo-undpstac-pipeline:v0.0.9
             imagePullPolicy: Always
             command: ["python3"]
             # register a message for yesterday into service bus queue