Merge pull request #1118 from clearlydefined/master

merge master into prod for v1.3.0 release

.github/dependabot.yml

@@ -4,8 +4,22 @@ updates:
     directory: '/'
     schedule:
       interval: weekly
+    groups:
+      dev-dependencies:
+        dependency-type: 'development'
 
   - package-ecosystem: 'github-actions'
     directory: '/'
     schedule:
       interval: 'weekly'
+    groups:
+      azure-actions:
+        patterns:
+          - 'azure/*'
+      docker-actions:
+        patterns:
+          - 'docker/*'
+      github-actions:
+        patterns:
+          - 'actions/*'
+          - 'github/*'

.github/workflows/build-and-deploy-dev.yml

@@ -1,95 +1,21 @@
 # This workflow will build a docker image, push it to ghcr.io, and deploy it to an Azure WebApp.
-name: Build and Deploy to dev service app
+name: Build and Deploy -- DEV
 
-# Update the triggers based on the environment that is being deployed to.
-#   Triggers for dev deployments:  1) manually triggered, 2) push to branch `master`
-#   Triggers for prod deployments: 1) manually triggered, 2) release created
 on:
   workflow_dispatch:
   push:
     branches: [master]
 
-# There are secrets and environment variables that need to be set that control what is pushed to
-# ghcr and Azure.
-#
-# Secrets:
-#   AZURE_CREDENTIALS:                service principal that has access to the Azure WebApp
-#   AZURE_WEBAPP_PUBLISH_PROFILE_DEV: publish profile for the Azure WebApp  NOTE: The name of the secret changes.  For dev, it ends in `_DEV`.  Production does not have an extension.
-#
-# Environment Variables:
-#   APPLICATION_TYPE:   type of application that is being deployed; used to add a label to the Docker image (values: api | web | worker)
-#   AZURE_WEBAPP_NAME:  name of the Azure WebApp being deployed
-#   DEPLOY_ENVIRONMENT:   environment that the code is being deployed to; used to add a label to the Docker image (values: dev | prod)
-#   DEPLOY_DOCKER_TAG:  the tag used for deploying a specific Docker image to Azure.  For dev, use the `github.sha`.  For production, use the SEMVER
-#                       version of the release.  Make sure to add this tag to the `DOCKER_TAGS` in the `Build and push Docker image` step.
-#   DOCKER_IMAGE_NAME:  name of the Docker image that is being built and pushed to ghcr.io.
-
-env:
-  APPLICATION_TYPE: api
-  AZURE_WEBAPP_NAME: clearlydefined-api-dev
-  DEPLOY_ENVIRONMENT: dev
-  DEPLOY_DOCKER_TAG: ${{ github.sha }}
-  DOCKER_IMAGE_NAME: ghcr.io/${{ github.repository_owner }}/${{ github.repository }}-dev
-
 jobs:
   build-and-deploy:
-    name: Build and Deploy
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-
-      - name: Log into ghcr registry
-        uses: docker/login-action@v3.0.0
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }} # user that kicked off the action
-          password: ${{ secrets.GITHUB_TOKEN }} # token created when the action launched (short lived)
-
-      - name: Build and push Docker image
-        env:
-          DOCKER_TAGS: |
-            ${{ env.DOCKER_IMAGE_NAME }}:${{ env.DEPLOY_DOCKER_TAG }}
-        uses: docker/build-push-action@v5.1.0
-        with:
-          context: .
-          push: true
-          file: Dockerfile
-          tags: ${{ env.DOCKER_TAGS }}
-          labels: |
-            env=${{ env.DEPLOY_ENVIRONMENT }}
-            type=${{ env.APPLICATION_TYPE }}
-
-      - name: Login for Azure cli commands
-        uses: azure/login@v1.6.1
-        with:
-          creds: ${{ secrets.AZURE_CREDENTIALS }}
-
-      - name: Set DOCKER configs in Azure web app
-        uses: azure/appservice-settings@v1.1.1
-        with:
-          app-name: ${{ env.AZURE_WEBAPP_NAME }}
-          app-settings-json: |
-            [
-              {
-                "name": "DOCKER_CUSTOM_IMAGE_NAME",
-                "value": "${{ env.DOCKER_IMAGE_NAME }}:${{ env.DEPLOY_DOCKER_TAG }}",
-                "slotSetting": false
-              },
-              {
-                "name": "DOCKER_REGISTRY_SERVER_URL",
-                "value": "https://ghcr.io",
-                "slotSetting": false
-              },
-              {
-                  "name": "BUILD_SHA",
-                  "value": "${{ github.sha }}",
-                  "slotSetting": false
-              }
-            ]
-
-      - name: Deploy to Azure WebApp
-        uses: azure/webapps-deploy@v3.0.0
-        with:
-          app-name: ${{ env.AZURE_WEBAPP_NAME }}
-          publish-profile: ${{ secrets.AZURE_WEBAPP_PUBLISH_PROFILE_DEV }}
-          images: '${{ env.DOCKER_IMAGE_NAME }}:${{ env.DEPLOY_DOCKER_TAG }}'
+    uses: clearlydefined/operations/.github/workflows/app-build-and-deploy.yml@v1.0.0
+    secrets: 
+      AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }}
+      AZURE_WEBAPP_PUBLISH_PROFILE: ${{ secrets.AZURE_WEBAPP_PUBLISH_PROFILE_DEV }}
+      DEPLOY_TOKEN: ${{ secrets.DEPLOY_TOKEN }}
+      PRODUCTION_DEPLOYERS: ${{ secrets.PRODUCTION_DEPLOYERS }}
+    with:
+      deploy-env: dev
+      application-type: api
+      azure-app-base-name: clearlydefined-api
+      azure-app-name-postfix: -dev

.github/workflows/build-and-deploy-prod.yml

@@ -0,0 +1,36 @@
+# This workflow will build a docker image, push it to ghcr.io, and deploy it to an Azure WebApp.
+name: Build and Deploy -- PROD
+
+on:
+  workflow_dispatch:
+  release:
+    types: [published]
+
+jobs:
+  determine-trigger:
+    name: Determine if this was triggered by a release or workflow_dispatch
+    runs-on: ubuntu-latest
+    outputs:
+      is-release: ${{ env.IS_RELEASE }}
+    steps:
+      - name: Check if this was triggered by a release
+        id: release
+        run: |
+          echo "IS_RELEASE"=${{ github.event_name == 'release' }} >> $GITHUB_ENV
+
+  build-and-deploy-prod:
+    uses: clearlydefined/operations/.github/workflows/app-build-and-deploy.yml@v1.0.0
+    needs: determine-trigger
+    secrets: 
+      AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }}
+      AZURE_WEBAPP_PUBLISH_PROFILE: ${{ secrets.AZURE_WEBAPP_PUBLISH_PROFILE_PROD }}
+      AZURE_SECONDARY_WEBAPP_PUBLISH_PROFILE: ${{ secrets.AZURE_WEBAPP_PUBLISH_PROFILE_PROD_EU }}
+      DEPLOY_TOKEN: ${{ secrets.DEPLOY_TOKEN }}
+      PRODUCTION_DEPLOYERS: ${{ secrets.PRODUCTION_DEPLOYERS }}
+    with:
+      deploy-env: prod
+      application-type: api
+      azure-app-base-name: clearlydefined-api
+      azure-app-name-postfix: -prod
+      secondary-azure-app-name-postfix: -prod-europe
+      is-release: ${{ needs.determine-trigger.outputs.is-release }}

.github/workflows/test.yml

@@ -12,7 +12,7 @@ permissions:
   contents: read
 
 jobs:
-  build:
+  test:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
@@ -23,7 +23,7 @@ jobs:
           cache: 'npm'
 
       - name: Install dependencies
-        run: npm install
+        run: npm ci
 
       - name: Run tests
         run: npm test

.github/workflows/update-scancode-licensedb.yml

@@ -30,7 +30,7 @@ jobs:
         node ./scripts/transform-scancode-licensedb.js
 
     - name: Create Pull Request
-      uses: peter-evans/create-pull-request@v6.0.1
+      uses: peter-evans/create-pull-request@v6.0.4
       with:
         add-paths: lib/scancodeMap.js
         commit-message: Update ScanCode license mapping

.prettierignore

@@ -0,0 +1,5 @@
+.github/workflows/*
+.vscode/launch.json
+schemas/*.json
+test/**/*.json
+test/**/*.yaml

.prettierrc.json

@@ -0,0 +1,7 @@
+{
+  "arrowParens": "avoid",
+  "printWidth": 120,
+  "singleQuote": true,
+  "semi": false,
+  "trailingComma": "none"
+}

.vscode/extensions.json

@@ -0,0 +1,3 @@
+{
+  "recommendations": ["esbenp.prettier-vscode", "dbaeumer.vscode-eslint"]
+}

.vscode/settings.json

@@ -1,4 +1,5 @@
 {
+  "editor.defaultFormatter": "esbenp.prettier-vscode",
   "editor.formatOnSave": true,
   "editor.tabSize": 2
 }