Merge changes from v2.2.0-next.1 into main (#30)

Nerdware-LLC · Aug 6, 2024 · 0dcde85 · 0dcde85
2 parents 034fb5a + a4cdab3
commit 0dcde85
Show file tree

Hide file tree

Showing 467 changed files with 16,149 additions and 12,511 deletions.
diff --git a/.github/workflows/annualLicenseUpdate.yaml b/.github/workflows/annualLicenseUpdate.yaml
@@ -0,0 +1,34 @@
+name: 📝 Annual License Update
+
+on:
+  # This workflow runs on Jan 1st every year
+  schedule:
+    - cron: "0 0 1 1 *"
+
+jobs:
+  update-license:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write # to checkout the code and update the LICENSE file
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          token: ${{ secrets.SEMANTIC_RELEASE_TOKEN }}
+
+      - name: Update Copyright Date Range in LICENSE
+        run: |
+          function log_error() { echo '🚨LICENSE UPDATE FAILED🚨'; exit 1; }
+
+          year=$(date +%Y)
+
+          sed -i -E \
+              "s/(Copyright © [0-9]{4})-[0-9]{4}(.*)/\1-$year\2/" ./LICENSE || log_error
+
+          git config --global user.email "${{ github.actor }}@users.noreply.github.com"
+          git config --global user.name "${{ github.actor }}"
+          git add ./LICENSE
+
+          git commit -m \
+              "chore(license): update copyright date range to include $year" || log_error
+
+          echo 'License Copyright date range successfully updated.'
diff --git a/.github/workflows/cicd.yaml b/.github/workflows/cicd.yaml
@@ -0,0 +1,33 @@
+name: 🚀 CI/CD Workflow
+
+on:
+  pull_request:
+    types: [opened, reopened, synchronize] # default PR types
+    branches: [main, next]
+    paths: ["src/**/*", "package*.json"]
+  push:
+    branches: [main, next]
+    paths: ["src/**/*", "package*.json"]
+  # This workflow can be manually triggered
+  workflow_dispatch:
+
+jobs:
+  test:
+    name: 🧪 Test
+    uses: ./.github/workflows/test.yaml
+    secrets: inherit
+    permissions:
+      contents: write #      to checkout the code and merge bot-PRs
+      pull-requests: write # to add coverage reports to the PR
+      statuses: write #      to update commit status
+
+  release:
+    name: 📦 Release
+    needs: test # run job if event=push and tests passed
+    if: github.event_name == 'push' && needs.test.outputs.success == 'true'
+    uses: ./.github/workflows/release.yaml
+    secrets: inherit
+    permissions:
+      attestations: write # to generate artifact attestations for dist assets
+      contents: write #     to create a release
+      issues: write #       to be able to comment on released issues
diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml
@@ -1,23 +1,24 @@
-name: Deploy Workflow
+name: 🚀 Deploy Workflow
 
 on:
+  # This workflow runs for both releases and pre-releases
   release: { types: [published] }
   workflow_dispatch:
 
 jobs:
   deploy:
-    name: Deploy to ECS
+    name: 🚀 Deploy to ECS
     runs-on: ubuntu-latest
-
-    # Permissions required to use aws-actions/configure-aws-credentials:
-    permissions: { id-token: write, contents: read }
-
+    permissions:
+      contents: read #  to checkout the code
+      id-token: write # to assume the OIDC role (configure-aws-credentials)
     steps:
       - uses: actions/checkout@v4
 
       - uses: docker/setup-buildx-action@v3
 
-      - uses: aws-actions/configure-aws-credentials@v4
+      - name: Configure AWS Credentials for ECR
+        uses: aws-actions/configure-aws-credentials@v4
         with:
           role-to-assume: ${{ secrets.ECR_OIDC_GITHUB_ROLE_ARN }}
           aws-region: ${{ secrets.ECR_REPO_REGION }}
@@ -36,49 +37,50 @@ jobs:
         # 3. env tag           (if release: "prod", anything else: "staging")
         # 4. relative pointer  (if release: "latest", anything else: "next")
         run: |
-          IMAGE_TAGS=( "${{ github.sha }}" )
+          image_tags=( "${{ github.sha }}" )
 
           if [ "${{ github.event_name }}" == 'release' ]; then
-              IMAGE_TAGS+=( "${{ github.event.release.tag_name }}" )
+              image_tags+=( "${{ github.event.release.tag_name }}" )
           fi
 
           if [[ "${{ github.event_name }}" == 'release' && "${{ github.event.release.prerelease }}" == 'false' ]]; then
-              IMAGE_TAGS+=( prod latest )
+              image_tags+=( prod latest )
           else
-              IMAGE_TAGS+=( staging next )
+              image_tags+=( staging next )
           fi
 
-          IMAGE_REPO="${{ steps.login-ecr.outputs.registry }}/${{ secrets.ECR_PRIVATE_REPO }}"
-          IMAGE_TAGS=("${IMAGE_TAGS[@]/#/$IMAGE_REPO:}")
+          image_repo="${{ steps.login-ecr.outputs.registry }}/${{ secrets.ECR_PRIVATE_REPO }}"
+          image_tags=("${image_tags[@]/#/$image_repo:}")
 
-          docker build ${IMAGE_TAGS[@]/#/--tag } .
+          docker build ${image_tags[@]/#/--tag } .
 
-          for tag in "${IMAGE_TAGS[@]}"; do docker push "$tag"; done
+          for tag in "${image_tags[@]}"; do docker push "$tag"; done
 
-      - uses: aws-actions/configure-aws-credentials@v4
+      - name: Configure AWS Credentials for ECS
+        uses: aws-actions/configure-aws-credentials@v4
         with:
           role-to-assume: ${{ secrets.ECS_OIDC_GITHUB_ROLE_ARN }}
           aws-region: ${{ secrets.ECS_CLUSTER_REGION }}
 
       - name: Update ECS Task Definition & Service
         run: |
           if [[ "${{ github.event_name }}" == 'release' && "${{ github.event.release.prerelease }}" == 'false' ]]; then
-              TASK_DEF_NAME=${{ secrets.ECS_API_TASK_DEF_PROD }}
-              SERVICE_NAME=${{ secrets.ECS_API_SERVICE_NAME_PROD }}
-              CLUSTER_NAME=${{ secrets.ECS_CLUSTER_NAME_PROD }}
+              task_def_name=${{ secrets.ECS_API_TASK_DEF_PROD }}
+              service_name=${{ secrets.ECS_API_SERVICE_NAME_PROD }}
+              cluster_name=${{ secrets.ECS_CLUSTER_NAME_PROD }}
           else
-              TASK_DEF_NAME=${{ secrets.ECS_API_TASK_DEF_STAGING }}
-              SERVICE_NAME=${{ secrets.ECS_API_SERVICE_NAME_STAGING }}
-              CLUSTER_NAME=${{ secrets.ECS_CLUSTER_NAME_STAGING }}
+              task_def_name=${{ secrets.ECS_API_TASK_DEF_STAGING }}
+              service_name=${{ secrets.ECS_API_SERVICE_NAME_STAGING }}
+              cluster_name=${{ secrets.ECS_CLUSTER_NAME_STAGING }}
           fi
 
-          IMAGE_REPO="${{ steps.login-ecr.outputs.registry }}/${{ secrets.ECR_PRIVATE_REPO }}"
+          image_repo="${{ steps.login-ecr.outputs.registry }}/${{ secrets.ECR_PRIVATE_REPO }}"
 
-          UPDATED_TASK_DEF_JSON=$(
+          updated_task_def_json=$(
               aws ecs describe-task-definition \
-                  --task-definition $TASK_DEF_NAME \
+                  --task-definition $task_def_name \
                   --output json | \
-                  jq --arg NEW_IMAGE "$IMAGE_REPO:${{ github.sha }}" \
+                  jq --arg NEW_IMAGE "$image_repo:${{ github.sha }}" \
                       '.taskDefinition |
                       .containerDefinitions[0].image = $NEW_IMAGE |
                       del(.taskDefinitionArn) |
@@ -91,12 +93,12 @@ jobs:
           )
 
           aws ecs register-task-definition \
-              --cli-input-json "$UPDATED_TASK_DEF_JSON" \
+              --cli-input-json "$updated_task_def_json" \
               1>/dev/null
 
           aws ecs update-service \
-              --cluster $CLUSTER_NAME \
-              --service $SERVICE_NAME \
-              --task-definition $TASK_DEF_NAME \
+              --cluster $cluster_name \
+              --service $service_name \
+              --task-definition $task_def_name \
               --force-new-deployment \
               1>/dev/null
diff --git a/.github/workflows/publishApiSchema.yaml b/.github/workflows/publishApiSchema.yaml
@@ -0,0 +1,62 @@
+name: Publish API Schema
+
+on:
+  # This workflow runs for both releases and pre-releases
+  release: { types: [published] }
+  # This workflow can be manually triggered
+  workflow_dispatch:
+
+jobs:
+  publish-open-api-schema:
+    name: Publish OpenAPI Schema
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: actions/setup-node@v4
+        with:
+          node-version-file: ".nvmrc"
+
+      - name: Setup Publication Tools
+        run: npm ci --include=dev
+
+      - name: Run Publication Script
+        env:
+          SWAGGERHUB_API_KEY: ${{ secrets.SWAGGERHUB_API_KEY }}
+        run: |
+          # If prerelease is false, use --setdefault flag to update the default version
+          should_set_default=$(
+              [ ${{ github.event.release.prerelease }} == 'false' ] &&
+                  echo '--setdefault' ||
+                  echo ''
+          )
+
+          scripts/cicd.publish-schema-open-api.sh \
+              --version=${{ github.event.release.tag_name }} \
+              $should_set_default
+
+  publish-graphql-schema:
+    name: Publish GraphQL Schema
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: actions/setup-node@v4
+        with:
+          node-version-file: ".nvmrc"
+
+      - name: Setup Publication Tools
+        run: npm ci --include=dev
+
+      - name: Run Publication Script
+        env:
+          APOLLO_KEY: ${{ secrets.APOLLO_STUDIO_GRAPH_API_KEY }}
+        run: |
+          # If prerelease is false, then variant is prod, else variant is staging
+          graph_variant=$(
+              [ ${{ github.event.release.prerelease }} == 'false' ] &&
+                  echo prod ||
+                  echo staging
+          )
+
+          scripts/cicd.publish-schema-graphql.sh --variant=$graph_variant
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -1,16 +1,43 @@
-name: Release Workflow
-
-# This workflow is called by the Test workflow when all tests pass.
+name: 📦 Release Workflow
 
 on:
-  workflow_dispatch:
+  # This workflow is called by the CI/CD Workflow (see ./cicd.yaml)
   workflow_call:
     secrets:
       SEMANTIC_RELEASE_TOKEN: { required: true }
+  # This workflow can be manually triggered
+  workflow_dispatch:
 
 jobs:
   release:
-    name: Release
-    uses: Nerdware-LLC/reusable-action-workflows/.github/workflows/release.yaml@main
-    secrets:
-      SEMANTIC_RELEASE_TOKEN: ${{ secrets.SEMANTIC_RELEASE_TOKEN }}
+    name: 📦 Release
+    runs-on: ubuntu-latest
+    permissions:
+      attestations: write # to generate artifact attestations for dist assets
+      contents: write #     to create a release
+      issues: write #       to be able to comment on released issues
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          persist-credentials: false
+
+      - uses: actions/setup-node@v4
+        with:
+          node-version-file: ".nvmrc"
+
+      - name: Install Dependencies
+        run: npm ci --include=dev
+
+      - name: Build Dist Assets
+        run: npm run build
+
+      - name: Run Semantic-Release
+        id: semantic-release
+        uses: cycjimmy/semantic-release-action@v4
+        with:
+          extra_plugins: |
+            @aensley/semantic-release-openapi@1.1.8
+            @semantic-release/changelog@6.0.3
+            @semantic-release/git@10.0.1
+        env:
+          GITHUB_TOKEN: ${{ secrets.SEMANTIC_RELEASE_TOKEN }}