Last updated: November 28, 2023
This document covers some of the most popular reusable components designed to enhance the feature and infrastructure of your applications. You can find out more about the services and tools below, and guidance on how to integrate them into your application. This list crosses with the BCGov Common Components as well as the BCGov Software as a Service (SaaS) catalog, feel free to check out from all three places when looking for a component to use!
- Backup container
- BC Address Geocoder
- CI/CD Pipeline templates
- Common Document Generation Service
- Common Hosted Email Service
- Common Object Management Service
- Get Token
- Matomo OpenShift
- OWASP ZAP security vulnerability scanning
- Pathfinder Single Sign-On Keycloak
- SonarQube and SonarCloud
- WeasyPrint HTML to PDF/PNG microservice
- Related pages
The Backup Container is an easy backup system. It helps you back up one or more databases to another place. You can also test restoring the database backups to make sure they work when needed. The code and documentation was originally pulled from HETS Project.
These are the supported databases:
- MSSQL (MSSQL requires the NFS DB volume is shared with the database for backups to function correctly)
You can run Backup Container for supported databases separately or in a mixed environment. The service can be hosted as either a deployment with scheduled Database (DB) tasks or as a Cronjob in OpenShift. For more details on how to set it up, refer to the backup-container repository.
The BC Address Geocoder REST API lets you integrate real-time standardization, validation and geocoding of physical addresses into your applications. The current baseUrl for the online geocoder is
The Geocoder helps you:
- Validate and geocode addresses (including public and related business occupants)
- Find physical sites, intersections and occupants
- Find sites, intersections and occupants near a point or within an area
Follow the BC Address Geocoder Developer Guide to get started. Please note that the URL allows both public and gated access. Gated access requires an APIkey.
To get a sandbox APIkey with a maximum rate of 1000 requests per minute, visit the Geocoder API console.
You can get an unrestricted APIkey for use in government applications by opening a ticket with the Data Systems & Services request system.
The Pipeline templates repository provides different options to setup your CI/CD pipeline in OpenShift. You can find pipeline samples that contain common CI/CD pipeline stages to reuse for your project.
CI/CD Pipeline Templates and GitHub Actions templates.
- OpenShift Pipeline (aka Tekton) examples:
- Installation guide on how to setup pipeline on either your local workspace or from a docker container
- React app build and deploy
- Using builda to build and push an image
- Build and deploy application via helm
- Maven build
- Codeql scan
- Sonar scan
- Trivy scan
- Owasp scan
Find out how to use OpenShift Pipeline with this guide
OpenShift 201 training video about OpenShift Pipeline
Use Github Actions guide
Use the Common Document Generation Service (CDOGS) to generate PDF or XML-based documents (ex: docx, xlsx, pptx, odt, ods, odp, and html). The CDOGS API can merge complex datasets into document templates. It supports any XML-based document templates including but not limited to Microsoft Office, LibreOffice, and OpenOffice.
Use the Common Document Generation Service to:
- Create custom letters to clients, including detailed information related to their files
- Create requests for proposals and related standard-form contracts
- Generate monthly reports by automatically inserting data into documents
For more information on CDOGS, see the following pages:
- Common Document Generation Service (CDOGS) product overview
- Common Document Generation Service (CDOGS) documentation
Use the Common Hosted Email Service (CHES) to send emails programmatically.
Use the Common Hosted Email Service to:
- Notify a list of clients of individual appointments or schedule changes
- Request information regarding specific items
- Advise contacts of process changes that apply to their cases
For more information on CHES, see the following pages:
- Common Hosted Email Service (CHES) product overview
- Common Hosted Email Service (CHES) documentation
Use the Common Object Management Service (COMS) to cut costs on storage for your business apps. Pick an authorization and authentication method that fits your app's needs. COMS is a secure REST API that connects your app to any S3 bucket.
Use COMS to:
- Upload, download, manage and delete objects
- Discover, update and manage object versions
- Toggle general public access to objects
- Grant and manage refined user object permissions
- Flexible search and filter capabilities of metadata and tags based on user permissions
For more information on COMS, see the following pages:
- Common Object Management Service (COMS) product overview
- Common Object Management Service (COMS) documentation
Get Token (also known as GETOK) is a web-based tool for development teams to manage their application’s secure access to Common Services. Users can create and deploy service clients instantly to gain access to common service APIs like email notifications, document management, or document generation.
- Communicate with Keycloak realms to generate service clients
- Secure password generation and transmission via public/private key encryption
To install the service on OpenShift, refer to this guide.
Fathom analytics provide simple website statistics without tracking or storing personal data. fathom-openshift is a set of OpenShift configurations to set up an instance of the Fathom web analytics server.
Refer to the Fathom repository to get started. If you require more comprehensive analytics, a Google Analytics alternative, where data ownership and privacy compliance are still a concern check out Matomo Openshift.
go-crond is a cron daemon crafted in Go, designed specifically for Docker images.
- system crontab (with username inside)
- user crontabs (without username inside)
- run-parts support
- Logging to STDOUT and STDERR (instead of sending mails)
- Keep current environment (eg. for usage in Docker containers)
- Supports Linux, MacOS, ARM/ARM64 (Rasbperry Pi and others)
Refer to the go-crond repository to get started. You can find the installation guidance and n the repo.
Matomo is a full web analytics server. It's a choice to consider instead of Google Analytics if you're worried about owning your data and meeting privacy rules.
The OWASP Zed Attack Proxy (ZAP) automatically finds security vulnerabilities in web applications.
- Active and Passive Scans
- Running Scans: Desktop and API
- Authenticated Security Scanning
- OWASP ZAP Fuzzer
- AJAX Spidering
The public docker registry version of OWASP's Zed Attack Proxy (ZAP) is not compatible with OpenShift without using privileged containers. Use this Docker image resolves that issue. You can also check out ZAP scanning integration with pipeline from the pipeline-template repo.
The Pathfinder Single Sign-On (SSO) team provides the Common Hosted Single Sign-On (CSS) App. This is a self-service app that allows you to integrate with B.C. government approved login services (identity providers). The Pathfinder SSO service is built on the foundations of Keycloak/Redhat SSO.
- Easy setup with integrations to the following identity providers:
- IDIR and AzureAD IDIR (BC Common Logon Page)
- BCeID Basic (BC Common Logon Page) -- Allows login only with BCeID Basic
- BCeID Business (BC Common Logon Page) -- Allows login only with BCeID Business
- BCeID Basic & Business(BC Common Logon Page) -- Allows login with BCeID Basic or BCeID Business
- GitHub associated with BC Gov Org -- Allows login of GitHub BC Gov Org members
- OIDC protocol
- Session Management
- High Availability Requirements
SonarQube is an automatic code review tool you can use to detect bugs, vulnerabilities and code smells in your code. It smoothly fits into your current workflow, making continuous code inspection happen across your project branches and pull requests.
SonarCloud is a cloud service offered by SonarSource and based on SonarQube. It has been enabled on BCGov github organizations.
- Static code analysis for over 17 languages
- Review security hotspots, detect bugs and vulnerabilities
- Track code smells and fix your technical debt
- Code quality metrics, history, and CI/CD integration
- Extensible with more than 50 community plugins
SonarCloud (in addition to SonarQube advantages):
- Automatically analyzes and decorates pull requests on GitHub
- Can be invoked from your workstation, OpenShift pipeline and your GitHub actions on top of that it will run for every pull request automatically
- Will save precious OpenShift resources
- Is free for Open Source projects (that's us!)
Refer to the SonarQube repository to get started. The repo container instruction on how to install your own instance of SonarQube in OpenShift. If you are looking for SonarCloud, here are more details. To get started, you will need to submit a request for SonarCloud integration from DevOps Requests.
The docker-weasyprint project bundles WeasyPrint into a simple, OpenShift-compatible, HTML to PDF/PNG microservice with a simple REST interface. WeasyPrint is a open source solution that helps web developers to create PDF documents.
- Support for modern CSS3 and HTML5 standards, pagination and page layout control
- Support for layout techniques like Flexbox and Grid, and handling of fonts, typography, MathML, and SVG
Refer to the docker-weasyprint repository to get started.