Merge branch 'main' into dependabot/docker/frontend/node-22-slim

adfinis · Jul 29, 2024 · 8f7dea3 · 8f7dea3
2 parents d640370 + 483c388
commit 8f7dea3
Show file tree

Hide file tree

Showing 213 changed files with 16,488 additions and 13,195 deletions.
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
@@ -1,3 +1,3 @@
-backend/* @adfinis/dev-backend
-frontend/* @adfinis/dev-frontend
-charts/* @adfinis/dev-devops
+backend/ @adfinis/dev-backend
+frontend/ @adfinis/dev-timed
+charts/ @adfinis/dev-devops
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -51,7 +51,58 @@ updates:
       interval: daily
       time: "12:00"
       timezone: "Europe/Zurich"
-    open-pull-requests-limit: 10
+    open-pull-requests-limit: 20
     commit-message:
       prefix: chore
       include: scope
+
+    groups:
+      lint:
+        patterns:
+          - "eslint"
+          - "eslint-*"
+          - "@adfinis/eslint-config"
+
+          - "ember-template-lint"
+          - "ember-template-lint-*"
+
+          - "stylelint"
+          - "stylelint-*"
+
+          - "prettier"
+          - "prettier-*"
+
+      ember-core:
+        patterns:
+          - "ember-cli"
+          - "ember-data"
+          - "ember-source"
+
+      ember:
+        patterns:
+          - "ember-*"
+          - "@ember/*"
+
+        exclude-patterns:
+          - "ember-cli"
+          - "ember-data"
+          - "ember-source"
+
+          - "ember-template-lint"
+          - "ember-template-lint-*"
+          - "ember-auto-import"
+      js:
+        patterns:
+          - "*"
+        exclude-patterns:
+          - "ember-*"
+          - "@ember/*"
+          - "eslint"
+          - "eslint-*"
+          - "@adfinis/eslint-config"
+          - "stylelint"
+          - "stylelint-*"
+          - "ember-auto-import"
+          - "webpack"
+          - "prettier"
+          - "prettier-*"
diff --git a/.github/workflows/frontend.yaml b/.github/workflows/frontend.yaml
@@ -34,9 +34,9 @@ jobs:
       - uses: actions/checkout@v4
 
       - name: Install pnpm
-        uses: pnpm/action-setup@v2.4.0
+        uses: pnpm/action-setup@v4.0.0
         with:
-          version: 8
+          version: 9
 
       - uses: actions/setup-node@v4
         with:
@@ -59,9 +59,9 @@ jobs:
       - uses: actions/checkout@v4
 
       - name: Install pnpm
-        uses: pnpm/action-setup@v2.4.0
+        uses: pnpm/action-setup@v4.0.0
         with:
-          version: ^7.17.1
+          version: 9
 
       - uses: actions/setup-node@v4
         with:
@@ -73,7 +73,7 @@ jobs:
         run: pnpm install --no-frozen-lockfile
 
       - name: Run tests
-        run: pnpm test
+        run: pnpm test:ember
         env:
           COVERAGE: true
 

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -34,84 +34,21 @@ jobs:
         with:
           github-token: ${{ secrets.ADFINISBOT_PAT }}
           allow-initial-development-versions: true
-  backend:
-    name: Release Backend
+
+  containers:
+    name: Release Containers
     runs-on: ubuntu-latest
     if: needs.semrel.outputs.version != ''
     needs: semrel
-    permissions:
-      actions: none
-      checks: none
-      contents: none
-      deployments: none
-      issues: none
-      packages: write
-      pull-requests: none
-      repository-projects: none
-      security-events: write
-      statuses: none
-      id-token: write # needed for signing the images with GitHub OIDC using cosign
-
-    steps:
-      - name: Checkout Repository
-        uses: actions/checkout@v4
-
-      - name: Adjust Version
-        run: |
-          sed 's/"0.0.0"/"${{ needs.semrel.outputs.version }}"/g' -i ./backend/pyproject.toml
-
-      - name: Login to GitHub Container Registry
-        uses: docker/login-action@v3
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-
-      - name: Docker meta
-        id: meta
-        uses: docker/metadata-action@v5
-        with:
-          images: ghcr.io/${{ github.repository }}/backend
-          flavor: |
-            latest=auto
-          tags: |
-            type=semver,pattern={{version}},value=${{ needs.semrel.outputs.version }}
-            type=semver,pattern={{major}}.{{minor}},value=${{ needs.semrel.outputs.version }}
-            type=semver,pattern={{major}},value=${{ needs.semrel.outputs.version }}
-          labels: |
-            org.opencontainers.image.title=backend
-            org.opencontainers.image.description=${{ github.event.repository.description }}
-            org.opencontainers.image.url=${{ github.event.repository.html_url }}
-            org.opencontainers.image.source=${{ github.event.repository.clone_url }}
-            org.opencontainers.image.revision=${{ github.sha }}
-            org.opencontainers.image.licenses=${{ github.event.repository.license.spdx_id }}
 
-      - name: Build and Push backend Docker Image
-        uses: docker/build-push-action@v5
-        id: docker
-        with:
-          context: ./backend/
-          push: true
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: |
-            ${{ steps.meta.outputs.labels }}
+    strategy:
+      matrix:
+        config:
+          - name: backend
+            version-file: pyproject.toml
+          - name: frontend
+            version-file: package.json
 
-      - name: Sign backend image and attach SBOM attestation
-        uses: adfinis/[email protected]
-        with:
-          image-ref: ghcr.io/${{ github.repository }}/backend
-          token: ${{ secrets.GITHUB_TOKEN }}
-          digest: ${{ steps.docker.outputs.digest }}
-          attest: true
-
-  frontend:
-    name: Release frontend
-    runs-on: ubuntu-latest
-    if: needs.semrel.outputs.version != ''
-    needs: semrel
     permissions:
       actions: none
       checks: none
@@ -131,7 +68,7 @@ jobs:
 
       - name: Adjust Version
         run: |
-          sed 's/"0.0.0"/"${{ needs.semrel.outputs.version }}"/g' -i ./frontend/package.json
+          sed 's/"0.0.0"/"${{ needs.semrel.outputs.version }}"/g' -i ./${{ matrix.config.name }}/${{ matrix.config.version-file }}
 
       - name: Login to GitHub Container Registry
         uses: docker/login-action@v3
@@ -147,35 +84,35 @@ jobs:
         id: meta
         uses: docker/metadata-action@v5
         with:
-          images: ghcr.io/${{ github.repository }}/frontend
+          images: ghcr.io/${{ github.repository }}/${{ matrix.config.name }}
           flavor: |
             latest=auto
           tags: |
             type=semver,pattern={{version}},value=${{ needs.semrel.outputs.version }}
             type=semver,pattern={{major}}.{{minor}},value=${{ needs.semrel.outputs.version }}
             type=semver,pattern={{major}},value=${{ needs.semrel.outputs.version }}
           labels: |
-            org.opencontainers.image.title=frontend
+            org.opencontainers.image.title=${{ matrix.config.name }}
             org.opencontainers.image.description=${{ github.event.repository.description }}
             org.opencontainers.image.url=${{ github.event.repository.html_url }}
             org.opencontainers.image.source=${{ github.event.repository.clone_url }}
             org.opencontainers.image.revision=${{ github.sha }}
             org.opencontainers.image.licenses=${{ github.event.repository.license.spdx_id }}
 
-      - name: Build and Push
+      - name: Build and Push ${{ matrix.config.name }} Docker Image
         uses: docker/build-push-action@v5
         id: docker
         with:
-          context: ./frontend/
+          context: ./${{ matrix.config.name }}/
           push: true
           tags: ${{ steps.meta.outputs.tags }}
           labels: |
             ${{ steps.meta.outputs.labels }}
 
-      - name: Sign image and attach SBOM attestation
-        uses: adfinis/[email protected].3
+      - name: Sign ${{ matrix.config.name }} image and attach SBOM attestation
+        uses: adfinis/[email protected].9
         with:
-          image-ref: ghcr.io/${{ github.repository }}/frontend
+          image-ref: ghcr.io/${{ github.repository }}/${{ matrix.config.name }}
           token: ${{ secrets.GITHUB_TOKEN }}
           digest: ${{ steps.docker.outputs.digest }}
           attest: true
@@ -185,8 +122,7 @@ jobs:
     runs-on: ubuntu-latest
     if: needs.semrel.outputs.version != ''
     needs:
-      - backend
-      - frontend
+      - containers
       - semrel
     permissions:
       actions: none

diff --git a/.github/workflows/schedule.yaml b/.github/workflows/schedule.yaml
@@ -7,31 +7,12 @@ on:
   workflow_dispatch:
 
 jobs:
-  scan-backend:
-    name: Scan backend image
-    runs-on: ubuntu-latest
-    permissions:
-      actions: none
-      checks: none
-      contents: none
-      deployments: none
-      issues: none
-      packages: write
-      pull-requests: none
-      repository-projects: none
-      security-events: write
-      statuses: none
-      # needed for `cosign attest`
-      id-token: write
-    steps:
-      - uses: adfinis/[email protected]
-        with:
-          image-ref: ghcr.io/${{ github.repository }}/backend
-          attest: true
-          token: ${{ secrets.GITHUB_TOKEN }}
+  scan:
+    strategy:
+      matrix:
+        image: [backend, frontend]
 
-  scan-frontend:
-    name: Scan frontend image
+    name: Scan ${{ matrix.image }} image
     runs-on: ubuntu-latest
     permissions:
       actions: none
@@ -47,8 +28,8 @@ jobs:
       # needed for `cosign attest`
       id-token: write
     steps:
-      - uses: adfinis/[email protected].3
+      - uses: adfinis/[email protected].9
         with:
-          image-ref: ghcr.io/${{ github.repository }}/frontend
+          image-ref: ghcr.io/${{ github.repository }}/${{ matrix.image }}
           attest: true
           token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/Makefile b/Makefile
@@ -8,7 +8,7 @@ ORCHESTRATOR = docker
 
 .PHONY: help
 help:
-	@grep -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | sort -k 1,1 | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}'
+	@grep -hE '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | sort -k 1,1 | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}'
 
 .PHONY: start
 start: ## Start the application