chore: support openshift deployment, dev and prod, configure aws secr…

…et as separate, aws secret sync will be added later

.github/workflows/build-deploy-el-openshift.yml

@@ -9,7 +9,6 @@ on:
         type: choice
         options:
           - dev
-          - test
           - prod
 
 jobs:
@@ -37,7 +36,7 @@ jobs:
   deploy:
     name: Deploy Helm Chart
     needs: build
-    environment: ${{ github.event.inputs.environment }}
+    environment: openshift-${{ github.event.inputs.environment }}
     runs-on: ubuntu-24.04
     steps:
       - name: Helm Deploy
@@ -56,8 +55,6 @@ jobs:
               --set-string image.tag=${{ github.sha }} \
               --set-string secrets.dbHost=${{ secrets.dbHost }} \
               --set-string secrets.certSecret=${{ secrets.certSecret }} \
-              --set-string secrets.awsAccessKey=${{ secrets.awsAccessKey }} \
-              --set-string secrets.awsSecretKey=${{ secrets.awsSecretKey }} \
               --set-string secrets.dbName=${{ secrets.dbName }} \
               --set-string secrets.dbPassword=${{ secrets.dbPassword }} \
               --set-string secrets.dbUser=${{ secrets.dbUser }} \

backend-el/Dockerfile.certs

@@ -1,5 +1,5 @@
 #This Dockerfile mounts the certs
-FROM eclipse-temurin:21
+FROM eclipse-temurin:21-jdk-alpine
 
 ENV LANG=en_CA.UTF-8
 ENV LANGUAGE=en_CA.UTF-8
@@ -9,10 +9,10 @@ WORKDIR /app
 RUN apk --no-cache add openssl
 
 COPY get_certs.sh .
-RUN addgroup -S appgroup && adduser -S appuser -G appgroup
-USER appuser
+
 RUN chmod g+w /app && \
     chmod g+x get_certs.sh && \
     chmod g+w ${JAVA_HOME}/lib/security/cacerts
-
+RUN addgroup -S appgroup && adduser -S appuser -G appgroup
+USER appuser
 ENTRYPOINT ["sh", "get_certs.sh"]

backend-el/src/main/java/ca/bc/gov/nrs/environment/fta/el/FtaRstExporterApplication.java

@@ -1,20 +1,17 @@
 package ca.bc.gov.nrs.environment.fta.el;
 
-import ca.bc.gov.nrs.environment.fta.el.services.ApplicationService;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
 import org.springframework.boot.CommandLineRunner;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.retry.annotation.EnableRetry;
 
+import ca.bc.gov.nrs.environment.fta.el.services.ApplicationService;
+
 @SpringBootApplication
 @EnableRetry
 public class FtaRstExporterApplication implements CommandLineRunner {
 
   private final ApplicationService applicationService;
-  private static final Logger logger = LoggerFactory
-    .getLogger(FtaRstExporterApplication.class);
 
   public FtaRstExporterApplication(ApplicationService applicationService) {
     this.applicationService = applicationService;

charts/backend-el/templates/cronjob.yaml

@@ -52,13 +52,17 @@ spec:
               envFrom:
                 - secretRef:
                     name: {{ .Release.Name }}-backend-el
+                - secretRef:
+                    name: aws-secrets
               env:
                 - name: DB_PORT
                   value: '1543'
                 - name: FILE_BASE_PATH
                   value: "/uploads"
                 - name: SPRING_JPA_SHOW_SQL
                   value: "false"
+                - name: AWS_S3_BUCKET
+                  value: fta-rec-rst-uploads
               volumeMounts:
                 - name: {{ .Release.Name }}-certs
                   mountPath: /app/cert

charts/backend-el/templates/secret.yaml

@@ -23,8 +23,6 @@ metadata:
 data:
   DB_HOST: {{ .Values.secrets.dbHost | b64enc | quote }}
   CERT_SECRET: {{ .Values.secrets.certSecret | b64enc | quote }}
-  AWS_ACCESS_KEY: {{ .Values.secrets.awsAccessKey | b64enc | quote }}
-  AWS_SECRET_KEY: {{ .Values.secrets.awsSecretKey | b64enc | quote }}
   DB_NAME: {{ .Values.secrets.dbName | b64enc | quote }}
   DB_PASSWORD: {{ .Values.secrets.dbPassword | b64enc | quote }}
   DB_USER: {{ .Values.secrets.dbUser | b64enc | quote }}

charts/backend-el/values.yaml

@@ -1,8 +1,6 @@
 secrets:
   dbHost: ~
   certSecret: ~
-  awsAccessKey: ~
-  awsSecretKey: ~
   dbName: ~
   dbPassword: ~
   dbUser: ~