ogticrd · UsernameAlvarez · Oct 24, 2024 · Oct 24, 2024 · Oct 24, 2024
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,15 @@
+version: 2
+updates:
+  - package-ecosystem: "npm"
+    directory: "/"
+    target-branch: main
+    schedule:
+      interval: "weekly"
+    open-pull-requests-limit: 20
+    commit-message:
+      prefix: "deps"
+
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
diff --git a/.github/workflows/build-docker-image.yml b/.github/workflows/build-docker-image.yml
@@ -0,0 +1,110 @@
+name: Build docker image
+
+on:
+  workflow_call:
+    inputs:
+      app_name:
+        required: true
+        type: string
+      dockerfile_path:
+        required: true
+        type: string
+      dockerfile_target:
+        required: true
+        type: string
+      registry:
+        required: true
+        type: string
+      environment:
+        required: false
+        type: string
+    outputs:
+      image_digest:
+        description: "The image digest to be used on a caller workflow"
+        value: ${{ jobs.build.outputs.image_digest }}
+
+jobs:
+  build:
+    name: Build images
+    timeout-minutes: 15
+    runs-on: ubuntu-latest
+    outputs:
+      image_digest: ${{ steps.docker_build.outputs.digest }}
+    permissions:
+      contents: "read"
+      id-token: "write"
+    steps:
+      - uses: actions/checkout@v4.1.0
+        with:
+          persist-credentials: false
+
+      - name: Inject slug/short variables
+        uses: rlespinasse/github-slug-action@v4.4.1
+        with:
+          short-length: 7
+
+      # Automatic tag management and OCI Image Format Specification for labels
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5.0.0
+        with:
+          # list of Docker images to use as base name for tags
+          images: |
+            ${{ inputs.registry }}/${{ inputs.app_name }}
+          # generate Docker tags based on the following events/attributes
+          tags: |
+            type=schedule
+            # semver and ref,tag automatically add a "latest" tag, but only on stable releases
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=semver,pattern={{major}}
+            type=ref,event=tag
+            type=ref,event=branch
+            type=ref,event=pr
+            type=sha
+            # edge is the latest commit on the default branch.
+            type=edge,enable={{is_default_branch}}
+
+      # Setup Docker Buildx to allow use of docker cache layers from GH
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to Google Artifact Registry
+        uses: docker/login-action@v3.0.0
+        with:
+          registry: us-docker.pkg.dev
+          username: _json_key
+          password: ${{ secrets.GAR_JSON_KEY }}
+
+      # Build and push image to Google Artifact Registry, and possibly DockerHub
+      - name: Build & push
+        id: docker_build
+        uses: docker/build-push-action@v5.1.0
+        with:
+          target: ${{ inputs.dockerfile_target }}
+          context: .
+          file: ${{ inputs.dockerfile_path }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          push: true
+          build-args: |
+            NODE_ENV=${{ vars.NODE_ENV }}
+            SKIP_PREFLIGHT_CHECK=${{ vars.SKIP_PREFLIGHT_CHECK }}
+            DISABLE_ESLINT_PLUGIN=${{ vars.DISABLE_ESLINT_PLUGIN }}
+
+          # To improve build speeds, for each branch we push an additional image to the registry,
+          # to be used as the caching layer, using the `max` caching mode.
+          #
+          # We use multiple cache sources to confirm a cache hit, starting from a per-branch cache,
+          # and if there's no hit, then continue with the `main` branch. When changes are added to a PR,
+          # they are usually smaller than the diff between the PR and `main` branch. So this provides the
+          # best performance.
+          #
+          # The caches are tried in top-down order, the first available cache is used:
+          # https://github.com/moby/moby/pull/26839#issuecomment-277383550
+          cache-from: |
+            type=registry,ref=${{ inputs.registry }}/${{ inputs.app_name }}:${{ env.GITHUB_REF_SLUG_URL }}-cache
+            type=registry,ref=${{ inputs.registry }}/${{ inputs.app_name }}:${{ github.event.repository.default_branch }}-cache
+          cache-to: |
+            type=registry,ref=${{ inputs.registry }}/${{ inputs.app_name }}:${{ env.GITHUB_REF_SLUG_URL }}-cache,mode=min
diff --git a/.github/workflows/ci-tests.yml b/.github/workflows/ci-tests.yml
@@ -0,0 +1,71 @@
+name: Running tests
+
+permissions: read-all
+
+on:
+  workflow_call:
+    inputs:
+      node_env:
+        required: true
+        type: string
+
+  pull_request:
+    branches:
+      - main
+    paths:
+      - '**.js*'
+      - '**.ts*'
+      - package*.json
+      - .github/workflows/ci-tests.yml
+
+  push:
+    branches:
+      - main
+    paths:
+      - '**.js*'
+      - '**.ts*'
+      - package*.json
+      - .github/workflows/ci-tests.yml
+
+env:
+  NODE_ENV: ${{ inputs.node_env }}
+  NEXT_TELEMETRY_DISABLED: 1
+  # we build a dev binary for use in CI so skip downloading
+  # canary next-swc binaries in the monorepo
+  NEXT_SKIP_NATIVE_POSTINSTALL: 1
+  CI: true
+
+jobs:
+  versioning:
+    runs-on: ubuntu-latest
+    outputs:
+      version: ${{ steps.set.outputs.version }}
+    steps:
+      - name: Setting API Version
+        id: set
+        run: echo "::set-output name=version::${{ vars.NODE_ENV }}"
+
+  test:
+    name: Test with Node.js ${{ matrix.node }}
+    timeout-minutes: 10
+    runs-on: ubuntu-latest
+
+    strategy:
+        fail-fast: false
+        matrix:
+          node: [lts/*, latest]
+
+    steps:
+      - name: Cheking out the code
+        uses: actions/checkout@v4
+
+      - name: Use Node.js ${{ matrix.node }}
+        uses: actions/setup-node@v4.0.4
+        with:
+          node-version: ${{ matrix.node }}
+
+      - name: Installing dependencies
+        run: yarn install --frozen-lockfile
+
+      - name: Running tests
+        run: yarn test
diff --git a/.github/workflows/clean.yml b/.github/workflows/clean.yml
diff --git a/.github/workflows/cloudrun-deploy.yml b/.github/workflows/cloudrun-deploy.yml
@@ -0,0 +1,92 @@
+name: Deploy to Cloud Run
+
+on:
+  workflow_call:
+    inputs:
+      image:
+        required: false
+        type: string
+      image_digest:
+        required: false
+        type: string
+      region:
+        required: true
+        type: string
+      project:
+        required: true
+        type: string
+      environment:
+        required: false
+        type: string
+      default_name:
+        required: false
+        type: string
+
+jobs:
+  versioning:
+    runs-on: ubuntu-latest
+    outputs:
+      version: ${{ steps.set.outputs.version }}
+    steps:
+      - name: Getting API Version
+        id: get
+        uses: actions/github-script@v6
+        if: ${{ github.event_name == 'release' }}
+        with:
+          result-encoding: string
+          script: |
+            return context.payload.release.tag_name.substring(0,2)
+      - name: Setting API Version
+        id: set
+        run: echo "version=${{ steps.get.outputs.result }}" >> "$GITHUB_OUTPUT"
+
+  deploy:
+    name: Deploy to Cloud Run
+    needs: ['versioning']
+    timeout-minutes: 15
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write
+    environment:
+      name: ${{ inputs.environment }}
+      url: ${{ steps.deploy.outputs.url }}
+    steps:
+      - name: Inject slug/short variables
+        uses: rlespinasse/github-slug-action@v4.4.1
+
+      - name: Authenticate to GCP
+        id: auth
+        uses: google-github-actions/auth@v1.1.1
+        with:
+          credentials_json: ${{ secrets.GAR_JSON_KEY }}
+
+      - name: Set up Cloud SDK
+        uses: google-github-actions/setup-gcloud@v1.1.1
+
+      - name: Deploy to cloud run
+        id: deploy
+        uses: google-github-actions/deploy-cloudrun@v2.6.0
+        with:
+          image: ${{ inputs.image }}
+          service: ${{ env.GITHUB_REPOSITORY_NAME_PART_SLUG }}-${{ inputs.default_name || needs.versioning.outputs.version || env.GITHUB_HEAD_REF_SLUG || env.GITHUB_REF_SLUG }}
+          region: ${{ inputs.region }}
+          flags: |
+            --vpc-connector=projects/${{ secrets.GCP_PROJECT }}/locations/${{ secrets.GCP_REGION }}/connectors/${{ secrets.GCP_REGION }}
+          env_vars: |
+            NODE_ENV=${{ vars.NODE_ENV }}
+            DB_HOST=${{ secrets.DB_HOST }}
+            DB_PORT=${{ secrets.DB_PORT }}
+            DB_USER=${{ secrets.DB_USER }}
+            DB_PASSWORD=${{ secrets.DB_PASSWORD }}
+            DB_NAME=${{ secrets.DB_NAME }}
+            API_VERSION=${{ needs.versioning.outputs.version }}
+
+
+      - name: Allow unauthenticated calls to the service
+        run: |
+          gcloud run services add-iam-policy-binding ${{ env.GITHUB_REPOSITORY_NAME_PART_SLUG }}-${{  needs.versioning.outputs.version || env.GITHUB_HEAD_REF_SLUG || env.GITHUB_REF_SLUG  }} \
+          --region=${{ inputs.region }} --member=allUsers --role=roles/run.invoker --quiet
+
+      - name: Test service with cURL
+        run: curl "${{ steps.deploy.outputs.url }}"
diff --git a/.github/workflows/code-quality.yml b/.github/workflows/code-quality.yml
@@ -25,12 +25,12 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4.1.0
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v1
+        uses: github/codeql-action/init@v3
         with:
           languages: ${{ matrix.language }}
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v1
+        uses: github/codeql-action/analyze@v3
diff --git a/.github/workflows/delete-deployment.yml b/.github/workflows/delete-deployment.yml
@@ -0,0 +1,41 @@
+name: Delete Cloud Run instances on PR closed by merged
+
+on:
+  pull_request:
+    branches:
+      - main
+    types: [closed]
+
+jobs:
+  delete-cloud-run:
+    if: github.event.pull_request.merged == true
+    runs-on: ubuntu-latest
+    steps:
+      - name: Inject slug/short variables
+        uses: rlespinasse/github-slug-action@v4.5.0
+
+      - id: 'auth'
+        name: 'Authenticate to Google Cloud'
+        uses: 'google-github-actions/auth@v2'
+        with:
+          credentials_json: '${{ secrets.GAR_JSON_KEY }}'
+
+      - name: 'Set up Cloud SDK'
+        uses: 'google-github-actions/setup-gcloud@v2'
+
+      - name: 'Display information about the current gcloud environment'
+        run: 'gcloud info'
+
+      - name: Check if Cloud Run service exists
+        id: check_service
+        run: |
+          SERVICE_NAME=${{ env.GITHUB_REPOSITORY_NAME_PART_SLUG }}-${{ env.GITHUB_HEAD_REF_SLUG || env.GITHUB_REF_SLUG }}
+          if gcloud run services describe $SERVICE_NAME --region=${{ vars.GCP_REGION }} > /dev/null 2>&1; then
+            echo "service_exists=true" >> $GITHUB_ENV
+          else
+            echo "service_exists=false" >> $GITHUB_ENV
+          fi
+
+      - name: 'Delete service'
+        if: env.service_exists == 'true'
+        run: gcloud run services delete ${{ env.GITHUB_REPOSITORY_NAME_PART_SLUG }}-${{ env.GITHUB_HEAD_REF_SLUG || env.GITHUB_REF_SLUG }} --region=${{ vars.GCP_REGION }} --quiet