{"id":27643722,"url":"https://github.com/ikethecoder/quickstart-aps-hello","last_synced_at":"2025-07-21T22:36:00.587Z","repository":{"id":216543497,"uuid":"741598374","full_name":"ikethecoder/quickstart-aps-hello","owner":"ikethecoder","description":null,"archived":false,"fork":false,"pushed_at":"2025-02-05T23:57:02.000Z","size":594,"stargazers_count":0,"open_issues_count":1,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-04-24T00:17:23.152Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ikethecoder.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":".github/codeowners","security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2024-01-10T18:15:26.000Z","updated_at":"2024-01-10T18:34:17.000Z","dependencies_parsed_at":"2024-01-10T20:20:29.066Z","dependency_job_id":"33ea409e-ffc7-460d-a4cf-74b0d343cee2","html_url":"https://github.com/ikethecoder/quickstart-aps-hello","commit_stats":null,"previous_names":["ikethecoder/quickstart-aps-hello"],"tags_count":0,"template":false,"template_full_name":"bcgov/quickstart-openshift","purl":"pkg:github/ikethecoder/quickstart-aps-hello","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ikethecoder%2Fquickstart-aps-hello","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ikethecoder%2Fquickstart-aps-hello/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ikethecoder%2Fquickstart-aps-hello/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ikethecoder%2Fquickstart-aps-hello/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ikethecoder","download_url":"https://codeload.github.com/ikethecoder/quickstart-aps-hello/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ikethecoder%2Fquickstart-aps-hello/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":266393612,"owners_count":23922423,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-07-21T11:47:31.412Z","response_time":64,"last_error":null,"robots_txt_status":null,"robots_txt_updated_at":null,"robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-04-24T00:17:20.852Z","updated_at":"2025-07-21T22:36:00.565Z","avatar_url":"https://github.com/ikethecoder.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"[![MIT License](https://img.shields.io/github/license/bcgov/quickstart-openshift.svg)](/LICENSE.md)\n[![Lifecycle](https://img.shields.io/badge/Lifecycle-Experimental-339999)](https://github.com/bcgov/repomountie/blob/master/doc/lifecycle-badges.md)\n\n[![Merge](https://github.com/bcgov/quickstart-openshift/actions/workflows/merge.yml/badge.svg)](https://github.com/bcgov/quickstart-openshift/actions/workflows/merge.yml)\n[![Analysis](https://github.com/bcgov/quickstart-openshift/actions/workflows/analysis.yml/badge.svg)](https://github.com/bcgov/quickstart-openshift/actions/workflows/analysis.yml)\n[![Scheduled](https://github.com/bcgov/quickstart-openshift/actions/workflows/scheduled.yml/badge.svg)](https://github.com/bcgov/quickstart-openshift/actions/workflows/scheduled.yml)\n\n##### Frontend (JavaScript/TypeScript)\n[![Bugs](https://sonarcloud.io/api/project_badges/measure?project=quickstart-openshift_frontend\u0026metric=bugs)](https://sonarcloud.io/summary/new_code?id=quickstart-openshift_frontend)\n[![Code Smells](https://sonarcloud.io/api/project_badges/measure?project=quickstart-openshift_frontend\u0026metric=code_smells)](https://sonarcloud.io/summary/new_code?id=quickstart-openshift_frontend)\n[![Coverage](https://sonarcloud.io/api/project_badges/measure?project=quickstart-openshift_frontend\u0026metric=coverage)](https://sonarcloud.io/summary/new_code?id=quickstart-openshift_frontend)\n[![Duplicated Lines](https://sonarcloud.io/api/project_badges/measure?project=quickstart-openshift_frontend\u0026metric=duplicated_lines_density)](https://sonarcloud.io/summary/new_code?id=quickstart-openshift_frontend)\n[![Maintainability Rating](https://sonarcloud.io/api/project_badges/measure?project=quickstart-openshift_frontend\u0026metric=sqale_rating)](https://sonarcloud.io/summary/new_code?id=quickstart-openshift_frontend)\n[![Reliability Rating](https://sonarcloud.io/api/project_badges/measure?project=quickstart-openshift_frontend\u0026metric=reliability_rating)](https://sonarcloud.io/summary/new_code?id=quickstart-openshift_frontend)\n[![Security Rating](https://sonarcloud.io/api/project_badges/measure?project=quickstart-openshift_frontend\u0026metric=security_rating)](https://sonarcloud.io/summary/new_code?id=quickstart-openshift_frontend)\n[![Technical Debt](https://sonarcloud.io/api/project_badges/measure?project=quickstart-openshift_frontend\u0026metric=sqale_index)](https://sonarcloud.io/summary/new_code?id=quickstart-openshift_frontend)\n[![Vulnerabilities](https://sonarcloud.io/api/project_badges/measure?project=quickstart-openshift_frontend\u0026metric=vulnerabilities)](https://sonarcloud.io/summary/new_code?id=quickstart-openshift_frontend)\n\n##### Backend (JavaScript/TypeScript)\n[![Bugs](https://sonarcloud.io/api/project_badges/measure?project=quickstart-openshift_backend\u0026metric=bugs)](https://sonarcloud.io/summary/new_code?id=quickstart-openshift_backend)\n[![Code Smells](https://sonarcloud.io/api/project_badges/measure?project=quickstart-openshift_backend\u0026metric=code_smells)](https://sonarcloud.io/summary/new_code?id=quickstart-openshift_backend)\n[![Coverage](https://sonarcloud.io/api/project_badges/measure?project=quickstart-openshift_backend\u0026metric=coverage)](https://sonarcloud.io/summary/new_code?id=quickstart-openshift_backend)\n[![Duplicated Lines](https://sonarcloud.io/api/project_badges/measure?project=quickstart-openshift_backend\u0026metric=duplicated_lines_density)](https://sonarcloud.io/summary/new_code?id=quickstart-openshift_backend)\n[![Maintainability Rating](https://sonarcloud.io/api/project_badges/measure?project=quickstart-openshift_backend\u0026metric=sqale_rating)](https://sonarcloud.io/summary/new_code?id=quickstart-openshift_backend)\n[![Reliability Rating](https://sonarcloud.io/api/project_badges/measure?project=quickstart-openshift_backend\u0026metric=reliability_rating)](https://sonarcloud.io/summary/new_code?id=quickstart-openshift_backend)\n[![Security Rating](https://sonarcloud.io/api/project_badges/measure?project=quickstart-openshift_backend\u0026metric=security_rating)](https://sonarcloud.io/summary/new_code?id=quickstart-openshift_backend)\n[![Technical Debt](https://sonarcloud.io/api/project_badges/measure?project=quickstart-openshift_backend\u0026metric=sqale_index)](https://sonarcloud.io/summary/new_code?id=quickstart-openshift_backend)\n[![Vulnerabilities](https://sonarcloud.io/api/project_badges/measure?project=quickstart-openshift_backend\u0026metric=vulnerabilities)](https://sonarcloud.io/summary/new_code?id=quickstart-openshift_backend)\n\n# QuickStart for OpenShift\n\n## Pull Request-Based Workflows with Sample Stack\n\nThe is a fully functional set of [GitHub Actions](https://github.com/bcgov/quickstart-openshift/actions) workflows and a starter application stack intended to help Agile teams hit the ground running.\n\nFeatures:\n* Pull Request-based pipeline\n* Sandboxed development environments\n* Gateable production deployments\n* Container publishing (ghcr.io) and importing (OpenShift)\n* Security, vulnerability, infrastructure, and container scan tools\n* Automatic dependency patching available from [bcgov/nr-renovate](https://github.com/bcgov/nr-renovate)\n* Enforced code reviews and workflow jobs (pass|fail)\n* Helm Package Manager for atomic deployments\n* Sample application stack:\n    * Database: Postgres, PostGIS, backups\n    * Frontend: TypeScript, Caddy Server\n    * Backend: TypeScript, Nest.js\n    * Alternative backends for [Java/Quarkus, Go/Fiber and Python/FastAPI](https://github.com/bcgov/quickstart-openshift-backends)\n\n# Table of Contents\n\n* [Setup](#Setup)\n  * [Prerequisites](#Prerequisites)\n  * [Using this Template](#Using-this-Template)\n  * [Secrets and Variables](#Secrets-and-Variables)\n  * [Environments](#environments)\n  * [Updating Dependencies](#Updating-Dependencies)\n  * [Repository Configuration](#Repository-Configuration)\n* [Workflows](#Workflows)\n  * [Pull Request](#Pull-Request)\n  * [Analysis](#Analysis)\n  * [Pull Request Closed](#Pull-Request-Closed)\n  * [Merge](#Merge)\n* [App Stack](#App-Stack)\n  * [Starter](#Starter)\n  * [Pluggable Backends](#Pluggable-Backends)\n  * [SchemaSpy](#SchemaSpy)\n* [Resources](#Resources)\n* [Contributing](#Contributing)\n\n# Setup\n\nInitial setup is intended to take an hour or less.  This depends greatly on intended complexity, features selected/excluded and outside cooperation.\n\n## Prerequisites\n\nThe following are required:\n\n* BC Government IDIR accounts for anyone submitting requests\n* GitHub accounts for all participating team members\n    * [Sign Up is free](https://github.com/signup)\n* Membership in the BCGov GitHub organization\n    * Provide GitHub IDs to [BCGov's Just Ask](https://just-ask.developer.gov.bc.ca/)\n* Project namespaces:\n    * OpenShift  * [Register a New Project](https://registry.developer.gov.bc.ca)\n\n## Using this Template\n\nCreate a new repository using this repository as a template.\n\n* Select bcgov/quickstart-openshift under Repository template\n* Check Codecov | Code Coverage to grant access\n\n![](./.graphics/template.png)\n\n## Secrets and Variables\n\nVariables and secrets are consumed by workflows.  Environments provide their own values, overriding default sets.\n\nSecrets are hidden from logs and outputs, while variables are visible.  Using secrets exclusively can make troubeshooting more difficult.\n\nNote: Dependabot, which we don't recommend as highly as Renovate, requires its own set of variables.\n\n### Secrets Values\n\n\u003e Click Settings \u003e Secrets and Variables \u003e Actions \u003e Secrets \u003e New repository secret\n\n**GITHUB_TOKEN**\n\nDefault token.  Replaced every workflow run, available to all workflows.\n* Consume: `{{ secrets.GITHUB_TOKEN }}`\n\n**OC_TOKEN**\n\nOpenShift token, different for every project/namespace.  This guide assumes your OpenShift platform team has provisioned a pipeline account.\n\n* Consume: `{{ secrets.OC_TOKEN }}`\n\nLocate an OpenShift pipeline token:\n\n1. Login to your OpenShift cluster, e.g.: [Gold](https://console.apps.silver.devops.gov.bc.ca/) or [Silver](https://console.apps.silver.devops.gov.bc.ca/)\n2. Select your DEV namespace\n3. Click Workloads \u003e Secrets (under Workloads for Administrator view)\n4. Select `pipeline-token-...` or a similarly privileged token\n5. Under Data, copy `token`\n6. Paste into the GitHub Secret `OC_TOKEN`\n\n**SONAR_TOKEN(s)**\n\nIf SonarCloud is being used each application will have its own token.  Single-application repositories typically use `${{ secrets.SONAR_TOKEN }}`, while monorepos use multiple, e.g. `${{ secrets.SONAR_TOKEN_BACKEND }}`, `${{ secrets.SONAR_TOKEN_FRONTEND }}`.\n\nBC Government employees can request SonarCloud projects by creating an [issue](https://github.com/BCDevOps/devops-requests/issues/new/choose) with BCDevOps.  Please make sure to request a monorepo with component names (e.g. backend, frontend), which may not be explained in their directions.\n\n### Variable Values\n\n\u003e Click Settings \u003e Secrets and Variables \u003e Actions \u003e Variables \u003e New repository variable\n\n**OC_SERVER**\n\nOpenShift server address.\n* Consume: `{{ vars.OC_SERVER }}`\n* Value: `https://api.gold.devops.gov.bc.ca:6443` or `https://api.silver.devops.gov.bc.ca:6443`\n\n**OC_NAMESPACE**\n\nOpenShift project/namespace.  Provided by your OpenShift platform team.\n\n* Consume: `{{ vars.OC_NAMESPACE }}`\n* Value: format `abc123-dev | test | prod`\n\n## Environments\n\nEnvironments are groups of secrets and variables that can be gatekept.  This includes limting access to certain users or requiring manual approval before a requesting workflow can run.  Environment values override any default values.\n\nFor pull requests and development surrounding lower-level, sandboxed environments it is best not to use an environment at all.  Higher level environments, like TEST and PROD, will override those values as necessary.\n\n\u003e Click Settings \u003e Environments \u003e New environment\n\nEnvironments provide a [number of features](https://docs.github.com/en/actions/deployment/targeting-different-environments/using-environments-for-deployment), including:\n\n* Required reviewers\n* Wait timer\n* Deployment branches\n\n## Updating Dependencies\n\nDependabot and Mend Renovate can both provide dependency updates using pull requests.  Dependabot is simpler to configure, while Renovate is much more configurable and lighter on resources.\n\n### Renovate\n\nA config file (`renovate.json`) is included with this template.  It can source config from our [renovate repository](https://github.com/bcgov/renovate-config).  Renovate can be [self-hosted](https://github.com/renovatebot/github-action) or run using the GitHub App managed at the organization level.  For BC Government the OCIO controls this application, so please opt in with them using a GitHub issue.\n\nTo opt-in:\n* Visit [BCDevOps Requests](https://github.com/BCDevOps/devops-requests)\n* Select [Issues](https://github.com/BCDevOps/devops-requests/issues)\n* Select [New Issue](https://github.com/BCDevOps/devops-requests/issues/new/choose)\n* Select [Request for integrating a GitHub App](https://github.com/BCDevOps/devops-requests/issues/new?assignees=MonicaG%2C+oomIRL%2C+SHIHO-I\u0026labels=github-app%2C+pending\u0026projects=\u0026template=github_integration_request.md\u0026title=)\n* Create a meaningful title, e.g. `Request to add X repo to Renovate App`\n* Fill out the description providing a repository name\n* Select \"Submit new issue\"\n* Wait for Renovate to start sending pull requests to your repository\n\n### Dependabot\n\nDependabot is no longer recommended as an alternative to Renovate for generating security, vulnerability and dependency pull requests.  It can still be used to generate warnings under the GitHub Security tab, which is only viewable by repository administrators.\n\n## Repository Configuration\n\n### Pull Request Handling\n\nSquash merging is recommended for simplified history and ease of rollback.  Cleaning up merged branches is recommended for your DevOps Specialist's fragile sanity.\n\n\u003e Click Settings \u003e General (selected automatically)\n\nPull Requests:\n\n* `[uncheck] Allow merge commits`\n* `[check] Allow squash merging`\n   * `Default to pull request title`\n* `[uncheck] Allow rebase merging`\n* `[check] Always suggest updating pull request branches`\n* `[uncheck] Allow auto-merge`\n* `[check] Automatically delete head branches`\n\n### Packages\n\nPackages are available from your repository (link on right).  All should have visibility set to public for the workflows to run successfully.\n\nE.g. https://github.com/bcgov/quickstart-openshift/packages\n\n### Branch Protection\n\nThis is required to prevent direct pushes and merges to the default branch.  These steps must be run after one full pull request pipeline has been run.\n\n1. Select Settings (gear, top right)  *\u003e Branches (under Code and Automation)\n2. Click `Add Rule` or edit an existing rule\n3. Under `Protect matching branches` specify the following:\n    * Branch name pattern: `main`\n    * `[check] Require a pull request before merging`\n        * `[check] Require approvals` (default = 1)\n        * `[check] Dismiss stale pull request approvals when new commits are pushed`\n        * `[check] Require review from Code Owners`\n    * `[check] Require status checks to pass before merging`\n        * `[check] Require branches to be up to date before merging`\n        * `Status checks that are required`:\n            * Select checks as appropriate, e.g. Build x, Deploy y\n    * `[check] Require conversation resolution before merging`\n    * `[check] Include administrators` (optional)\n\n![](./.graphics/branch-protection.png)\n\n### Adding Team Members\n\nDon't forget to add your team members!  \n\n1. Select Settings (gear, top right)  *\u003e Collaborators and teams (under `Access`)\n2. Click `Add people` or `Add teams`\n3. Use the search box to find people or teams\n4. Choose a role (read, triage, write, maintain, admin)\n5. Click Add\n\n# Workflows\n\n## Pull Request\n\nRuns on pull request submission.\n\n* Provides safe, sandboxed deployment environments\n* Build action pushes to GitHub Container Registry (ghcr.io)\n* Build triggers select new builds vs reusing builds\n* Deployment triggers to only deploy when changes are made\n* Deployment includes curl checks and optional penetration tests\n* Other checks and updates as required\n\n![](.graphics/pr-open.png)\n\n## Analysis\n\nRuns on pull request submission or merge to the default branch.\n\n* Unit tests (should include coverage)\n* SonarCloud coverage and analysis\n* CodeQL/GitHub security reporting\n* Trivy password, vulnerability and security scanning\n\n![](.graphics/analysis.png)\n\n## Pull Request Closed\n\nRuns on pull request close or merge.\n\n* Cleans up OpenShift objects/artifacts\n* Merge promotes successful build images to TEST\n\n![](.graphics/pr-close.png)\n\n## Merge\n\nRuns on merge to main branch.\n\n* Code scanning and reporting to GitHub Security overview\n* Zero-downtime* TEST deployment\n* Penetration tests on TEST deployment\n* Zero-downtime* PROD deployment\n* Labels successful deployment images as PROD\n\n\\* excludes database changes\n\n![](.graphics/merge.png)\n\n# App Stack\n\n## Starter\n\nThe starter stack includes a (React, MUI, Vite, Caddy) frontend, Pluggable backend(Nest/Node, Quarkus/Java On Native, FastAPI/Python, Fiber/Golang) and postgres database.  See subfolder for source, including Dockerfiles and OpenShift templates.\n\nFeatures:\n* [TypeScript](https://www.typescriptlang.org/) strong-typing for JavaScript\n* [NestJS](https://docs.nestjs.com) Nest/Node backend and frontend\n* [Flyway](https://flywaydb.org/) database migrations\n* [Postgres](https://www.postgresql.org/) or [PostGIS](https://postgis.net/) database\n* [backup-container](https://github.com/BCDevOps/backup-container) provided by BCDevOps\n\nPostgres is default.  Switch to PostGIS by copying the appropriate Dockerfile to `./database`:\n\n\u003e cp ./database/postgis/Dockerfile ./database\n\n## Pluggable Backends\n\nThis quickstart works with more than just JavaScript.  Please check out our pluggable [backends repository](https://github.com/bcgov/quickstart-openshift-backends).  Flyway-based database migrations for each are included.\n\nSupported languages:\n* [Go with Fiber](https://github.com/bcgov/quickstart-openshift-backends/tree/main/backend-go)\n* [Java with Quarkus, Cloud Native](https://github.com/bcgov/quickstart-openshift-backends/tree/main/backend-go)\n* [Python with FastAPI](https://github.com/bcgov/quickstart-openshift-backends/tree/main/backend-py)\n\n## SchemaSpy\n\nThe database documentation is created and deployed to GitHub pages.  See [here](https://bcgov.github.io/quickstart-openshift/schemaspy/index.html).\n\nAfter a full workflow run and merge can been run, please do the following:\n\n1. Select Settings (gear, top right)  *\u003e Pages (under `Code and automation`)\n2. Click `Branch` or `Add teams`\n3. Select `gh-pages`\n4. Click `Save`\n\n![img.png](.graphics/schemaspy.png)\n\n# Resources\n\nThis repository is provided by NRIDS Architecture and Forestry Digital Services, courtesy of the Government of British Columbia.\n\n* NRID's [Kickstarter Guide](https://github.com/bcgov/nr-arch-templates/blob/main/confluence/pages/Agile_Team_Kickstarter/README.md) (via. Confluence, links may be internal)\n* [OpenShift Backends for Go, Java and Python](https://github.com/bcgov/quickstart-openshift-backends)\n\n# Contributing\n\nPlease contribute your ideas!  [Issues](/../../issues) and [Pull Requests](/../../pulls) are appreciated.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fikethecoder%2Fquickstart-aps-hello","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fikethecoder%2Fquickstart-aps-hello","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fikethecoder%2Fquickstart-aps-hello/lists"}