JustaName-id · Ghadi8 · Sep 13, 2024 · Sep 12, 2024 · Sep 12, 2024 · Sep 12, 2024
diff --git a/.github/workflows/ci-on-develop.yml b/.github/workflows/ci-on-develop.yml
@@ -0,0 +1,90 @@
+name: ci-on-develop
+
+on:
+  pull_request:
+    branches: ["develop", "staging", "main"]
+
+jobs:
+
+  determine-affected-projects:
+    runs-on: ubuntu-latest
+    outputs:
+      matrix: ${{ steps.set-matrix.outputs.matrix }}
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+      - name: Cache node modules
+        id: cache
+        uses: actions/cache@v2
+        with:
+          path: node_modules
+          key: cache-node-modules-${{ hashFiles('yarn.lock') }}
+      - uses: actions/setup-node@v1
+        if: steps.cache.outputs.cache-hit != 'true'
+        with:
+          node-version: 18.18.0
+      - name: yarn install
+        continue-on-error: true
+        if: steps.cache.outputs.cache-hit != 'true'
+        run: yarn install --pure-lockfile
+
+      - name: Fetch missing history
+        run: git fetch
+
+      - name: 'Determine affected projects'
+        id: affected
+        run: |
+          OUTPUT=$(npx nx show projects --affected --base=origin/${{github.event.pull_request.base.ref}} --with-target=container)
+          echo "Affected projects: $OUTPUT"
+          OUTPUT="${OUTPUT//[$'\r\n']/ }"
+          echo "::set-output name=affected::$OUTPUT"
+      - name: Set output matrix excluding e2e
+        id: set-matrix
+        run: |
+          IFS=' '
+          read -ra PROJECTS <<< "${{ steps.affected.outputs.affected }}"
+          COMPONENTS=()
+          for PROJECT in "${PROJECTS[@]}"; do
+            if ! [[ "$PROJECT" =~ -e2e$ ]] && [[ "$PROJECT" != "contracts" ]]; then
+              COMPONENTS+=("$PROJECT")
+            fi
+          done
+          MATRIX='{"component":['
+          for COMPONENT in "${COMPONENTS[@]}"; do
+            MATRIX+="\"$COMPONENT\","
+            done
+          MATRIX="${MATRIX%,}]}"
+          echo "::set-output name=matrix::$MATRIX"
+  build_and_push:
+    needs: determine-affected-projects
+    runs-on: ubuntu-latest
+    if: ${{ needs.determine-affected-projects.outputs.matrix != '{"component":[]}' }}
+    strategy:
+      matrix:
+        component: ${{fromJson(needs.determine-affected-projects.outputs.matrix).component}}
+    steps:
+      - name: Debug affected projects
+        run: echo "${{ needs.determine-affected-projects.outputs.matrix }}"
+
+      - name: Checkout code
+        uses: actions/checkout@v2
+      - run: git fetch --no-tags --prune --depth=1 origin develop
+      - name: Cache node modules
+        uses: actions/cache@v2
+        with:
+          path: node_modules
+          key: cache-node-modules-${{ hashFiles('yarn.lock') }}
+      - name: Debug component name
+        env:
+          COMPONENT_NAME: ${{ matrix.component }}
+        run: echo ${COMPONENT_NAME}
+      - name: 'Build images'
+        run: |
+
+          npx nx container ${COMPONENT_NAME} --prod
+        env:
+          INPUT_PUSH: false
+          COMPONENT_NAME: ${{ matrix.component }}
+          INPUT_GITHUB_TOKEN: ${{ secrets.GH_TOKEN }}
diff --git a/.github/workflows/ci-on-main.yml b/.github/workflows/ci-on-main.yml
@@ -0,0 +1,104 @@
+name: ci-on-main
+
+on:
+  push:
+    branches: [ "main" ]
+
+jobs:
+  determine-affected-projects:
+    runs-on: ubuntu-latest
+    outputs:
+      matrix: ${{ steps.set-matrix.outputs.matrix }}
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+      - name: Cache node modules
+        id: cache
+        uses: actions/cache@v2
+        with:
+          path: node_modules
+          key: cache-node-modules-${{ hashFiles('yarn.lock') }}
+      - uses: actions/setup-node@v1
+        if: steps.cache.outputs.cache-hit != 'true'
+        with:
+          node-version: 18.18.0
+      - name: yarn install
+        if: steps.cache.outputs.cache-hit != 'true'
+        continue-on-error: true
+        run: yarn install --pure-lockfile
+
+
+      - name: Fetch missing history
+        run: git fetch
+
+      - name: 'Determine affected projects'
+        id: affected
+        run: |
+          OUTPUT=$(npx nx show projects --affected --base=origin/main~1 --head=origin/main --with-target=container)
+          echo "Affected projects: $OUTPUT"
+          OUTPUT="${OUTPUT//[$'\r\n']/ }"
+          echo "::set-output name=affected::$OUTPUT"
+      - name: Set output matrix excluding e2e
+        id: set-matrix
+        run: |
+          IFS=' '
+          read -ra PROJECTS <<< "${{ steps.affected.outputs.affected }}"
+          COMPONENTS=()
+          for PROJECT in "${PROJECTS[@]}"; do
+            COMPONENTS+=("$PROJECT")
+          done
+          MATRIX='{"component":['
+          for COMPONENT in "${COMPONENTS[@]}"; do
+            MATRIX+="\"$COMPONENT\","
+            done
+          MATRIX="${MATRIX%,}]}"
+          echo "::set-output name=matrix::$MATRIX"
+  build_and_push:
+    needs: determine-affected-projects
+    runs-on: ubuntu-latest
+    if: ${{ needs.determine-affected-projects.outputs.matrix != '{"component":[]}' }}
+    strategy:
+      matrix:
+        component: ${{fromJson(needs.determine-affected-projects.outputs.matrix).component}}
+    steps:
+      - name: Debug affected projects
+        run: echo "${{ needs.determine-affected-projects.outputs.matrix }}"
+
+      - name: Checkout code
+        uses: actions/checkout@v2
+      - run: git fetch --no-tags --prune --depth=1 origin main
+
+      - name: Cache node modules
+        uses: actions/cache@v2
+        with:
+          path: node_modules
+          key: cache-node-modules-${{ hashFiles('yarn.lock') }}
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v1
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: eu-central-1
+
+      - name: Login to Amazon ECR
+        id: login-ecr
+        uses: aws-actions/amazon-ecr-login@v1
+
+      - name: Debug component name
+        env:
+          COMPONENT_NAME: ${{ matrix.component }}
+        run: echo ${COMPONENT_NAME}
+      - name: 'Build images'
+        run: |
+
+          npx nx container ${COMPONENT_NAME} --prod
+        env:
+          COMPONENT_NAME: ${{ matrix.component }}
+          ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
+          INPUT_GITHUB_TOKEN: ${{ secrets.GH_TOKEN }}
+          INPUT_VC_API_IMAGES: ${{ steps.login-ecr.outputs.registry }}/justaname-production/vc-api
+          INPUT_TAGS: latest
+          INPUT_PUSH: true
diff --git a/.github/workflows/ci-on-staging.yml b/.github/workflows/ci-on-staging.yml
@@ -0,0 +1,104 @@
+name: ci-on-staging
+
+on:
+  push:
+    branches: [ "staging" ]
+
+jobs:
+  determine-affected-projects:
+    runs-on: ubuntu-latest
+    outputs:
+      matrix: ${{ steps.set-matrix.outputs.matrix }}
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+      - name: Cache node modules
+        id: cache
+        uses: actions/cache@v2
+        with:
+          path: node_modules
+          key: cache-node-modules-${{ hashFiles('yarn.lock') }}
+      - uses: actions/setup-node@v1
+        if: steps.cache.outputs.cache-hit != 'true'
+        with:
+          node-version: 18.18.0
+      - name: yarn install
+        if: steps.cache.outputs.cache-hit != 'true'
+        continue-on-error: true
+        run: yarn install --pure-lockfile
+
+
+      - name: Fetch missing history
+        run: git fetch
+
+      - name: 'Determine affected projects'
+        id: affected
+        run: |
+          OUTPUT=$(npx nx show projects --affected --base=origin/staging~1 --head=origin/staging --with-target=container)
+          echo "Affected projects: $OUTPUT"
+          OUTPUT="${OUTPUT//[$'\r\n']/ }"
+          echo "::set-output name=affected::$OUTPUT"
+      - name: Set output matrix
+        id: set-matrix
+        run: |
+          IFS=' '
+          read -ra PROJECTS <<< "${{ steps.affected.outputs.affected }}"
+          COMPONENTS=()
+          for PROJECT in "${PROJECTS[@]}"; do
+            COMPONENTS+=("$PROJECT")
+          done
+          MATRIX='{"component":['
+          for COMPONENT in "${COMPONENTS[@]}"; do
+            MATRIX+="\"$COMPONENT\","
+            done
+          MATRIX="${MATRIX%,}]}"
+          echo "::set-output name=matrix::$MATRIX"
+  build_and_push:
+    needs: determine-affected-projects
+    runs-on: ubuntu-latest
+    if: ${{ needs.determine-affected-projects.outputs.matrix != '{"component":[]}' }}
+    strategy:
+      matrix:
+        component: ${{fromJson(needs.determine-affected-projects.outputs.matrix).component}}
+    steps:
+      - name: Debug affected projects
+        run: echo "${{ needs.determine-affected-projects.outputs.matrix }}"
+
+      - name: Checkout code
+        uses: actions/checkout@v2
+      - run: git fetch --no-tags --prune --depth=1 origin staging
+
+      - name: Cache node modules
+        uses: actions/cache@v2
+        with:
+          path: node_modules
+          key: cache-node-modules-${{ hashFiles('yarn.lock') }}
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v1
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: eu-central-1
+
+      - name: Login to Amazon ECR
+        id: login-ecr
+        uses: aws-actions/amazon-ecr-login@v1
+
+      - name: Debug component name
+        env:
+          COMPONENT_NAME: ${{ matrix.component }}
+        run: echo ${COMPONENT_NAME}
+      - name: 'Build images'
+        run: |
+
+          npx nx container ${COMPONENT_NAME} --prod
+        env:
+          COMPONENT_NAME: ${{ matrix.component }}
+          ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
+          INPUT_GITHUB_TOKEN: ${{ secrets.GH_TOKEN }}
+          INPUT_VC_API_IMAGES: ${{ steps.login-ecr.outputs.registry }}/justaname/vc-api
+          INPUT_TAGS: latest
+          INPUT_PUSH: true
diff --git a/apps/vc-api/Dockerfile b/apps/vc-api/Dockerfile
@@ -0,0 +1,33 @@
+# Stage 1: Install dependencies in a separate layer to leverage Docker cache
+FROM node:lts-alpine as deps
+WORKDIR /usr/src/app
+COPY dist/apps/vc-api/package.json dist/apps/vc-api/yarn.lock ./
+RUN apk add --no-cache --virtual .build-deps python3 make g++ && \
+    echo "@community http://dl-cdn.alpinelinux.org/alpine/v3.18/community" >> /etc/apk/repositories && \
+    yarn install --production && \
+    apk del .build-deps
+
+# Stage 2: Build the application
+# Note: Assuming main.js doesn't require a build process. If it does, you would need to copy source files and build here.
+FROM node:lts-alpine as build
+WORKDIR /usr/src/app
+COPY --from=deps /usr/src/app/node_modules ./node_modules
+COPY dist/apps/vc-api/ ./
+
+# Stage 3: Production image, copy all the files and run the app
+FROM node:lts-alpine as runner
+RUN apk add --no-cache dumb-init && \
+    addgroup -S appgroup && adduser -S appuser -G appgroup
+ENV NODE_ENV production
+ENV PORT 3009
+
+WORKDIR /usr/src/app
+# Copy only necessary runtime files
+COPY --from=build /usr/src/app/ ./
+COPY --from=build /usr/src/app/node_modules ./node_modules
+
+# Use non-root user for better security
+USER appuser
+
+EXPOSE 3009
+CMD [ "npm", "run", "start" ]
diff --git a/apps/vc-api/package.json b/apps/vc-api/package.json
@@ -1,2 +1,25 @@
 {
+  "scripts": {
+    "start": "node main.js"
+  },
+  "dependencies": {
+    "@nestjs/axios": "^3.0.3",
+    "@nestjs/common": "^10.0.2",
+    "@nestjs/config": "^3.2.3",
+    "@nestjs/core": "^10.0.2",
+    "@nestjs/platform-express": "^10.0.2",
+    "@nx/webpack": "19.7.2",
+    "@veramo/core": "^6.0.0",
+    "@veramo/credential-eip712": "^6.0.0",
+    "class-transformer": "^0.5.1",
+    "class-validator": "^0.14.1",
+    "did-resolver": "4.1.0",
+    "ens-did-resolver": "^1.0.4",
+    "ethers": "^6.13.2",
+    "ethr-did-resolver": "^10.1.10",
+    "express": "4.20.0",
+    "moment": "^2.30.1",
+    "web-did-resolver": "^2.0.27",
+    "@nestjs/swagger": "^7.4.0"
+  }
 }
diff --git a/apps/vc-api/project.json b/apps/vc-api/project.json
@@ -22,7 +22,7 @@
         "development": {},
         "production": {}
       },
-      "dependsOn": ["prisma-generate","lint","^test","test"]
+      "dependsOn": ["lint"]
     },
     "serve": {
       "executor": "@nx/js:node",
@@ -44,6 +44,27 @@
       "options": {
         "fix": true
       }
+    },
+    "container": {
+      "executor": "@nx-tools/nx-container:build",
+      "dependsOn": ["build"],
+      "options": {
+        "engine": "docker",
+        "metadata": {
+          "images": ["justaname/vc-api"],
+          "load": true,
+          "tags": [
+            "type=schedule",
+            "type=ref,event=branch",
+            "type=ref,event=tag",
+            "type=ref,event=pr",
+            "type=semver,pattern={{version}}",
+            "type=semver,pattern={{major}}.{{minor}}",
+            "type=semver,pattern={{major}}",
+            "type=sha,prefix=sha-"
+          ]
+        }
+      }
     }
   }
 }