Merge pull request #14973 from transcom/B-22814-EnvVariableTests

change to env variables for bypass if needed; unset aws env; fix whitespace; change needs to include now passing/req'd tests; change some images to use harbor proxy vs docker to avoid rate limit

.gitlab-ci.yml

@@ -46,9 +46,9 @@ variables:
   RUNNER_TAG: &runner_tag milmove
   DOCKER_RUNNER_TAG: &docker_runner_tag eks_cluster_runner
 
-  postgres: &postgres postgres:16.4
+  postgres: &postgres harbor.csde.caci.com/docker.io/postgres:16.4
   #postgres: &postgres postgres:16.4
-  redis: &redis redis:5.0.6
+  redis: &redis harbor.csde.caci.com/docker.io/redis:5.0.6
 
 stages:
 - pre_checks
@@ -86,6 +86,10 @@ stages:
 .setup_aws_vars_dp3: &setup_aws_vars_dp3
   - export SERVICE_RESERVATION_CPU=2048
   - export SERVICE_RESERVATION_MEM=4096
+  - unset AWS_ACCESS_KEY_ID
+  - unset AWS_SECRET_ACCESS_KEY
+  - unset AWS_ACCOUNT_ID
+  - unset AWS_DEFAULT_REGION
   - |
     if [[ "$DP3_ENV" == "exp" || "$DP3_ENV" == "loadtest" || "$DP3_ENV" == "demo" ]]; then
       export ENV=$(echo ${DP3_ENV} | tr '[:lower:]' '[:upper:]');
@@ -108,12 +112,20 @@ stages:
     fi
 
 .setup_aws_vars_com_dev: &setup_aws_vars_com_dev
+  - unset AWS_ACCESS_KEY_ID
+  - unset AWS_SECRET_ACCESS_KEY
+  - unset AWS_ACCOUNT_ID
+  - unset AWS_DEFAULT_REGION
   - export AWS_DEFAULT_REGION=$COM_REGION
   - export AWS_ACCOUNT_ID=$DEV_ACCOUNT_ID
   - export AWS_ACCESS_KEY_ID=$DEV_ACCESS_KEY_ID
   - export AWS_SECRET_ACCESS_KEY=$DEV_SECRET_KEY
 
 .setup_aws_vars_stg: &setup_aws_vars_stg
+  - unset AWS_ACCESS_KEY_ID
+  - unset AWS_SECRET_ACCESS_KEY
+  - unset AWS_ACCOUNT_ID
+  - unset AWS_DEFAULT_REGION
   - export AWS_DEFAULT_REGION=$STG_REGION
   - export AWS_ACCOUNT_ID=$STG_ACCOUNT_ID
   - export AWS_ACCESS_KEY_ID=$STG_ACCESS_KEY_ID
@@ -127,6 +139,10 @@ stages:
   - export TLS_CA=$STG_MOVE_MIL_DOD_TLS_CA
 
 .setup_aws_vars_prd: &setup_aws_vars_prd
+  - unset AWS_ACCESS_KEY_ID
+  - unset AWS_SECRET_ACCESS_KEY
+  - unset AWS_ACCOUNT_ID
+  - unset AWS_DEFAULT_REGION
   - export AWS_DEFAULT_REGION=$PRD_REGION
   - export AWS_ACCOUNT_ID=$PRD_ACCOUNT_ID
   - export AWS_ACCESS_KEY_ID=$PRD_ACCESS_KEY_ID
@@ -405,7 +421,7 @@ golang_lint:
   interruptible: true
   tags:
     - $DOCKER_RUNNER_TAG
-  image: golangci/golangci-lint:latest # Refer to https://hub.docker.com/r/golangci/golangci-lint
+  image: harbor.csde.caci.com/docker.io/golangci/golangci-lint:latest # Refer to https://hub.docker.com/r/golangci/golangci-lint
   script:
     - golangci-lint run --print-issued-lines=false --timeout=25m --out-format code-climate:gl-code-quality-report.json,line-number
   artifacts:
@@ -750,7 +766,6 @@ pre_test:
     - yarn danger ci --failOnErrors
     - echo "Run spectral linter on all files"
     - ./scripts/ensure-spectral-lint /tmp/spectral_baseline spectral
-  allow_failure: true
   after_script:
     - *announce_failure
   artifacts:
@@ -761,8 +776,12 @@ pre_test:
         - tmp/spectral_baseline/*.json #what do we need to store for review?
         - spectral/*.json #what do we need to store for review?
       when: always
-  # rules:
-  #  - *check_server_ignore_branch
+  rules:
+   - if: '$PRE_TEST_ALLOW_FAILURE == "true"'
+     allow_failure: true
+   - if: '$PRE_TEST_ALLOW_FAILURE == "false"'
+     allow_failure: false
+  #  - *check_server_ignore_branch  all branches for now
 
 server_test:
   stage: test
@@ -835,7 +854,6 @@ server_test:
     - echo "server test -- build gotestsum and run scripts for report"
     - make -j 2 bin/milmove bin/gotestsum
     - make server_test
-  allow_failure: false
   artifacts:
     paths:
       - /builds/milmove/mymove/bin/gotestsum
@@ -845,9 +863,12 @@ server_test:
       junit: /builds/milmove/mymove/tmp/test-results/gotest/app/go-test-report.xml
   after_script:
     - *announce_failure
-  # we want to make this run on every branch bc webhooks don't exist currently
-  # rules:
-  #  - *check_server_ignore_branch
+  rules:
+   - if: '$SERVER_TEST_ALLOW_FAILURE == "true"'
+     allow_failure: true
+   - if: '$SERVER_TEST_ALLOW_FAILURE == "false"'
+     allow_failure: false
+  #  - *check_server_ignore_branch   # we want to make this run on every branch bc webhooks don't exist currently
 
 server_test_coverage:
   stage: test
@@ -867,10 +888,13 @@ server_test_coverage:
         ./scripts/ensure-go-test-coverage \
         tmp/baseline-go-coverage/go-coverage.txt \
         tmp/test-results/gotest/app/go-coverage.txt
-  allow_failure: true
   after_script:
     - *announce_failure
   rules:
+   - if: '$SERVER_TEST_ALLOW_FAILURE == "true"'
+     allow_failure: true
+   - if: '$SERVER_TEST_ALLOW_FAILURE == "false"'
+     allow_failure: true #allow failure for now
    - *check_server_ignore_branch
   ###may need to rethink the logic and intent of this they save per the following and do some PR interaction
   # only save the cache on default branch builds because we only want to
@@ -914,9 +938,12 @@ client_test:
       - /builds/milmove/mymove/jest-junit-reports
   after_script:
     - *announce_failure
-  # we want to make this run on every branch bc webhooks don't exist currently
-  # rules:
-  #  - *check_client_ignore_branch
+  rules:
+   - if: '$CLIENT_TEST_ALLOW_FAILURE == "true"'
+     allow_failure: true
+   - if: '$CLIENT_TEST_ALLOW_FAILURE == "false"'
+     allow_failure: false
+  #  - *check_client_ignore_branch   # we want to make this run on every branch bc webhooks don't exist currently
 
 client_test_coverage:
   stage: test
@@ -940,6 +967,10 @@ client_test_coverage:
   after_script:
     - *announce_failure
   rules:
+   - if: '$CLIENT_TEST_ALLOW_FAILURE == "true"'
+     allow_failure: true
+   - if: '$CLIENT_TEST_ALLOW_FAILURE == "false"'
+     allow_failure: true #allow failure for now
    - *check_client_ignore_branch
 
 integration_test_devseed:
@@ -995,10 +1026,13 @@ integration_test_devseed:
      export MOVE_MIL_DOD_TLS_CERT=$(cat config/tls/devlocal-https.pem)
      export MOVE_MIL_DOD_TLS_KEY=$(cat config/tls/devlocal-https.key)
     - make db_dev_fresh
-  allow_failure: true
   after_script:
     - *announce_failure
   rules:
+   - if: '$INTEGRATION_TEST_ALLOW_FAILURE == "true"'
+     allow_failure: true
+   - if: '$INTEGRATION_TEST_ALLOW_FAILURE == "false"'
+     allow_failure: false
    - *check_integration_ignore_branch
 
 integration_tests:
@@ -1020,10 +1054,13 @@ integration_tests:
   script:
     - echo "TODO Add steps"
     - echo "integration_tests"
-  allow_failure: true
   after_script:
     - *announce_failure
   rules:
+   - if: '$INTEGRATION_TEST_ALLOW_FAILURE == "true"'
+     allow_failure: true
+   - if: '$INTEGRATION_TEST_ALLOW_FAILURE == "false"'
+     allow_failure: true # allow failure for now
    - *check_integration_ignore_branch
 
 integration_test_mtls:
@@ -1082,10 +1119,13 @@ integration_test_mtls:
     paths:
       - test-results/
     when: always
-  allow_failure: true
   after_script:
     - *announce_failure
   rules:
+   - if: '$INTEGRATION_TEST_ALLOW_FAILURE == "true"'
+     allow_failure: true
+   - if: '$INTEGRATION_TEST_ALLOW_FAILURE == "false"'
+     allow_failure: true # allow failure for now
    - *check_integration_mtls_ignore_branch
 
 integration_test_admin:
@@ -1149,10 +1189,13 @@ integration_test_admin:
       - complete-playwright-report.zip
       - playwright-results.xml
     when: always
-  allow_failure: true
   after_script:
     - *announce_failure
   rules:
+   - if: '$INTEGRATION_TEST_ALLOW_FAILURE == "true"'
+     allow_failure: true
+   - if: '$INTEGRATION_TEST_ALLOW_FAILURE == "false"'
+     allow_failure: true # allow failure for now
    - *check_integration_ignore_branch
 
 integration_test_my:
@@ -1217,10 +1260,13 @@ integration_test_my:
       - complete-playwright-report.zip
       - playwright-results.xml
     when: always
-  allow_failure: true
   after_script:
     - *announce_failure
   rules:
+   - if: '$INTEGRATION_TEST_ALLOW_FAILURE == "true"'
+     allow_failure: true
+   - if: '$INTEGRATION_TEST_ALLOW_FAILURE == "false"'
+     allow_failure: true # allow failure for now
    - *check_integration_ignore_branch
 
 integration_test_office:
@@ -1283,10 +1329,13 @@ integration_test_office:
       - complete-playwright-report.zip
       - playwright-results.xml
     when: always
-  allow_failure: true
   after_script:
     - *announce_failure
   rules:
+   - if: '$INTEGRATION_TEST_ALLOW_FAILURE == "true"'
+     allow_failure: true
+   - if: '$INTEGRATION_TEST_ALLOW_FAILURE == "false"'
+     allow_failure: true # allow failure for now
    - *check_integration_ignore_branch
 
 
@@ -1560,7 +1609,6 @@ deploy_app_dp3:
 ########################################################
 ## STG push and deploy stages all off of main only    ##
 ########################################################
-
 build_push_app_stg:
   stage: push
   interruptible: true
@@ -1573,6 +1621,10 @@ build_push_app_stg:
   needs:
       - compile_app_client
       - compile_app_server
+      - client_test_coverage
+      - server_test_coverage
+      - pre_test
+      - integration_tests
   before_script:
     - *setup_aws_vars_stg
     - *setup_release_stg
@@ -1597,6 +1649,10 @@ build_push_migrations_stg:
   needs:
     - compile_app_server
     - compile_app_client
+    - client_test_coverage
+    - server_test_coverage
+    - pre_test
+    - integration_tests
   before_script:
     - *setup_aws_vars_stg
     - *setup_release_stg
@@ -1621,6 +1677,10 @@ build_push_tasks_stg:
   needs:
     - compile_app_server
     - compile_app_client
+    - client_test_coverage
+    - server_test_coverage
+    - pre_test
+    - integration_tests
   before_script:
     - *setup_aws_vars_stg
     - *setup_release_stg

migrations/app/schema/20250227160358_B-21966_add_data_to_office_users.up.sql

@@ -1,5 +1,5 @@
 -- Adds rejectedOn date to pre-existing rejected office users.
-UPDATE office_users 
-SET rejected_on = updated_at 
-WHERE 
+UPDATE office_users
+SET rejected_on = updated_at
+WHERE
 status ='REJECTED'::public."office_user_status" AND rejected_on is null;