feat: Update build, publish, deploy system [DEV-1805] (#38)

* fix(no-release): DID provider init logic
* fix(deps): Move devDependencies out of dependencies block
* fix: Run with miniflare
* add: GitHub Action for DO Apps deployment
* fix(deps): Version bump
* fix: NPM config
* refactor: Use auth0 service endpoint from secrets
* fix: Staging Deployment on DO Apps
* chore: Add README
* fix(deps): Version bump dependencies
 - @semantic-release/github 8.0.6
 - ts-loader 9.3.1
 - prettier 2.7.1
 - terser-webpack-plugin
 - semantic-release 19.0.5
* Update .dockerignore
* Remove redundant Docker image metadata
* Changed build image names and labels
* Rename staging image
* fix: Updated Dockerfile to use default node user
* Turn verbose mode off in linter
* Update gitignore and remove agent.yml
* Add a start command for NPM
* Remove custom shell entrypoint in Dockerfile
Removed the custom entrypoint script call in Dockerfile, since most of this can be handled as build/run time variables
* Remove line breaks
* Change port to Miniflare default
* Delete default agent.yml config
* Delete scripts folder
* Delete docker-compose.yml
* refactor: Constants and Dockerfile
* fix: Dockerfile ENV definition
* fix: Labels for docker image
* Update Dockerfile
* Update build.yml
* Change commitlint file
* Remove variables from Wrangler
* Update Dockerfile
* Set build stage target
* Update Dockerfile
* Update Dockerfile
* Add curl and log errors
* wip --skip-ci
* Create dependabot.yml
* Add release guard
* Add staging URL
* Fix package lock
* Update Dockerfile

Signed-off-by: jay-dee7 <[email protected]>
Co-authored-by: Ankur Banerjee <[email protected]>

.dockerignore

@@ -1 +1,9 @@
-node_modules/
+# Skip unncecessary folders
+dist/**
+node_modules/**
+.github/**
+
+# Skip unnecessary files
+**/*.md
+Dockerfile**
+docker-compose.yml

.github/dependabot.yml

@@ -0,0 +1,42 @@
+#################################
+# GitHub Dependabot Config info #
+#################################
+
+version: 2
+updates:
+
+  # Maintain dependencies for GitHub Actions
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+
+  # Maintain dependencies for NPM
+  - package-ecosystem: "npm"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+
+  # Maintain dependencies for Docker
+  - package-ecosystem: "docker"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+
+  # Maintain dependencies for Golang
+  - package-ecosystem: "gomod"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+
+  # Maintain dependencies for Terraform
+  - package-ecosystem: "terraform"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+
+  # Maintain dependencies for Python
+  - package-ecosystem: "pip"
+    directory: "/"
+    schedule:
+      interval: "weekly"

.github/workflows/build.yml

@@ -6,25 +6,47 @@ defaults:
     shell: bash
 
 jobs:
-  build:
-    name: "Build Node.js"
+  build-docker:
+    name: "Build Docker image"
     runs-on: ubuntu-latest
-
+    env:
+      IMAGE_NAME: registry.digitalocean.com/${{ github.repository }}
+
     steps:
       - uses: actions/checkout@v3
-        with:
-          fetch-depth: 0
 
-      - uses: actions/setup-node@v3
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+        id: buildx
+        with:
+          install: true
+          version: latest
+
+      - name: Configure Docker image metadata
+        id: meta
+        uses: docker/metadata-action@v4
         with:
-          node-version: '16.x'
-          # cache: 'npm' <--- Commenting out, see: https://github.com/bahmutov/npm-install/issues/80, as of 13th of June 2022.
-          # cache-dependency-path: '**/package-lock.json' <--- Commenting out, see: https://github.com/bahmutov/npm-install/issues/80, as of 13th of June 2022.
+          images: ${{ env.IMAGE_NAME }}
+          tags: |
+            type=ref,event=branch
+            type=raw,value=staging-latest
+            type=sha,format=long
 
-      - name: "Clean install dependencies"
-        run: npm install
-        env:
-          NPM_GITHUB_PAT: ${{ secrets.NPM_GITHUB_PAT }}
+      - name: Build image
+        uses: docker/build-push-action@v3
+        with:
+          context: .
+          file: Dockerfile
+          platforms: linux/amd64
+          load: true
+          target: runner
+          tags: ${{ steps.meta.outputs.tags }}
+
+      - name: Save Docker image
+        run:  docker save ${{ env.IMAGE_NAME }} > credential-service-staging.tar
 
-      - name: "Run npm build"
-        run: npm run build
+      - name: Upload build image as artifact
+        uses: actions/upload-artifact@v3
+        with:
+          name: credential-service-staging
+          path: credential-service-staging.tar

.github/workflows/deploy.yml

@@ -6,85 +6,32 @@ defaults:
     shell: bash
 
 jobs:
-  staging-deploy:
-    name: "Cloudflare - Staging"
+  deploy-staging:
+    name: "Staging Deploy"
     runs-on: ubuntu-latest
-    environment:
+    continue-on-error: true
+    env: 
+      IMAGE_NAME: registry.digitalocean.com/${{ github.repository }}
+    environment: 
       name: staging
-      url: https://credential-service-staging.cheqd.io/
+      url: https://credential-service-staging.cheqd.net
 
     steps:
-      - uses: actions/checkout@v3
-
-      - uses: actions/setup-node@v3
+      - name: Install DigitalOcean CLI
+        uses: digitalocean/action-doctl@v2
         with:
-          node-version: '16.x'
-          # cache: 'npm' <--- Commenting out, see: https://github.com/bahmutov/npm-install/issues/80, as of 13th of June 2022.
+          token: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }}
 
-      - name: Publish to Cloudflare
-        uses: cloudflare/[email protected]
-        with:
-          accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
-          apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }}
-          environment: staging
-          secrets: |
-            _ISSUER_ID
-            _ISSUER_ID_PRIVATE_KEY_HEX
-            _ISSUER_ID_PUBLIC_KEY_HEX
-            _ISSUER_ID_KID
-            _ISSUER_ID_METHOD_SPECIFIC_ID
-            _ISSUER_ID_METHOD
-          wranglerVersion: '2.0.7'
-          preCommands: npm install
-          command: publish --env staging
-        env:
-          NPM_GITHUB_PAT: ${{ secrets.NPM_GITHUB_PAT }}
-          _ISSUER_ID: ${{ secrets._ISSUER_ID }}
-          _ISSUER_ID_PRIVATE_KEY_HEX: ${{ secrets._ISSUER_ID_PRIVATE_KEY_HEX }}
-          _ISSUER_ID_PUBLIC_KEY_HEX: ${{ secrets._ISSUER_ID_PUBLIC_KEY_HEX }}
-          _ISSUER_ID_KID: ${{ secrets._ISSUER_ID_KID }}
-          _ISSUER_ID_METHOD_SPECIFIC_ID: ${{ secrets._ISSUER_ID_METHOD_SPECIFIC_ID }}
-          _ISSUER_ID_METHOD: ${{ secrets._ISSUER_ID_METHOD }}
-
-  production-deploy:
-    name: "Cloudflare - Production"
-    needs: staging-deploy
-    if: ${{ success() && ( github.ref_name == 'main' ) }}
-    runs-on: ubuntu-latest
-    # permissions:
-    #   security-events: write
-    environment:
-      name: production
-      url: https://credential-service.cheqd.io/
+      - name: Login to DOCR
+        run: doctl registry login --expiry-seconds 600
 
-    steps:
-      - uses: actions/checkout@v3
-
-      - uses: actions/setup-node@v3
+      - name: Download docker image
+        uses: actions/download-artifact@v3
         with:
-          node-version: '16.x'
-          # cache: 'npm' <--- Commenting out, see: https://github.com/bahmutov/npm-install/issues/80, as of 13th of June 2022.
+          name: credential-service-staging
 
-      - name: Publish to Cloudflare
-        uses: cloudflare/[email protected]
-        with:
-          accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
-          apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }}
-          secrets: |
-            _ISSUER_ID
-            _ISSUER_ID_PRIVATE_KEY_HEX
-            _ISSUER_ID_PUBLIC_KEY_HEX
-            _ISSUER_ID_KID
-            _ISSUER_ID_METHOD_SPECIFIC_ID
-            _ISSUER_ID_METHOD
-          wranglerVersion: '2.0.7'
-          preCommands: npm install
-          command: publish
-        env:
-          NPM_GITHUB_PAT: ${{ secrets.NPM_GITHUB_PAT }}
-          _ISSUER_ID: ${{ secrets._ISSUER_ID }}
-          _ISSUER_ID_PRIVATE_KEY_HEX: ${{ secrets._ISSUER_ID_PRIVATE_KEY_HEX }}
-          _ISSUER_ID_PUBLIC_KEY_HEX: ${{ secrets._ISSUER_ID_PUBLIC_KEY_HEX }}
-          _ISSUER_ID_KID: ${{ secrets._ISSUER_ID_KID }}
-          _ISSUER_ID_METHOD_SPECIFIC_ID: ${{ secrets._ISSUER_ID_METHOD_SPECIFIC_ID }}
-          _ISSUER_ID_METHOD: ${{ secrets._ISSUER_ID_METHOD }}
+      - name: Load Docker image
+        run: docker image load --input credential-service-staging.tar
+
+      - name: Push images to DOCR
+        run: docker image push --all-tags ${{ env.IMAGE_NAME }}

.github/workflows/dispatch.yml

@@ -21,9 +21,9 @@ jobs:
     uses: ./.github/workflows/deploy.yml
     secrets: inherit
 
-  # call-release:
-  #   name: "Release"
-  #   needs: call-build
-  #   if: ${{ github.ref_protected == true }}
-  #   uses: ./.github/workflows/release.yml
-  #   secrets: inherit
+  call-release:
+    name: "Release"
+    needs: call-build
+    if: ${{ github.ref_protected == true }}
+    uses: ./.github/workflows/release.yml
+    secrets: inherit

.github/workflows/lint.yml

@@ -18,7 +18,6 @@ jobs:
         with:
           config-file: '.github/linters/mlc_config.json'
           use-quiet-mode: 'yes'
-          use-verbose-mode: 'yes'
 
   super-lint:
     name: "Super Linter"

.github/workflows/pull-request.yml

@@ -30,4 +30,4 @@ jobs:
           # to override config-conventional rules, specify a relative path to your rules module, actions/checkout is required for this setting!
           commitlintRulesPath: "./.github/linters/.commitlint.rules.js" # default: undefined
           # if the PR contains a single commit, fail if the commit message and the PR title do not match
-          commitTitleMatch: "false" # default: 'true'
+          commitTitleMatch: false # default: 'true'

.github/workflows/release.yml

@@ -4,12 +4,18 @@ on:
 defaults:
   run:
     shell: bash
+permissions:
+  contents: write
+  packages: write
+
 
 jobs:
-  release:
+  release-npm:
     name: "Semantic Release"
     runs-on: ubuntu-latest
-
+    outputs:
+      VERSION: ${{ steps.set-version.outputs.VERSION }}
+
     steps:
       - uses: actions/checkout@v3
         with:
@@ -18,7 +24,7 @@ jobs:
 
       - uses: actions/setup-node@v3
         with:
-          node-version: '16.x'
+          node-version: 16
           cache: 'npm'
           cache-dependency-path: '**/package-lock.json'
 
@@ -40,3 +46,74 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ steps.app-token.outputs.token }}
           NPM_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Set version number
+        id: set-version
+        run: |
+          VERSION=$( git describe --tags ${{ github.sha }})
+          echo ::set-output name=VERSION::"$VERSION"
+
+
+  release-docker:
+    name: "Release Docker image"
+    needs: release-npm
+    runs-on: ubuntu-latest
+    if: ${{ ( github.ref_name == 'main' ) }}
+    env:
+      IMAGE_NAME: registry.digitalocean.com/${{ github.repository }}
+    environment: 
+      name: production
+      url: https://credential-service.cheqd.net
+
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          persist-credentials: false
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+        id: buildx
+        with:
+          install: true
+          version: latest
+
+      - name: Install DigitalOcean CLI
+        uses: digitalocean/action-doctl@v2
+        with:
+          token: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }}
+
+      - name: Login to DOCR
+        run: doctl registry login --expiry-seconds 600
+
+      - name: Configure Docker image metadata
+        id: meta
+        uses: docker/metadata-action@v4
+        with:
+          images: |
+            ${{ env.IMAGE_NAME }}
+          flavor: |
+            latest=auto
+          tags: |
+            type=semver,pattern={{version}},value=${{ needs.release-npm.outputs.VERSION }}
+            type=raw,value=production-latest
+            type=sha,format=long
+          labels: |
+            org.opencontainers.image.description="Cheqd Credential Service"
+            org.opencontainers.image.source="https://github.com/cheqd/credential-service"
+            org.opencontainers.image.vendor="Cheqd Foundation Limited"
+            org.opencontainers.image.created={{date 'dddd, MMMM Do YYYY, h:mm:ss a'}}
+            org.opencontainers.image.documentation="https://docs.cheqd.io/node"
+      
+      - name: Build image with labels
+        uses: docker/build-push-action@v3
+        with:
+          context: .
+          file: Dockerfile
+          platforms: linux/amd64
+          load: true
+          target: runner
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+
+      - name: Push image to DigitalOcean Container Registry
+        run: docker image push --all-tags ${{ env.IMAGE_NAME }}

.gitignore

@@ -5,6 +5,8 @@ tsconfig.tsbuildinfo
 worker/
 transpiled
 .env
+.env*
+.snyk
 
 ### GENERAL EXCLUSIONS ###
 
@@ -16,7 +18,7 @@ transpiled
 ## Dependency directory
 ## Commenting this out is preferred by some people, see
 ## https://docs.npmjs.com/misc/faq#should-i-check-my-node_modules-folder-into-git
-node_modules/
+node_modules/**
 
 # Book build output
 _book

.npmrc

@@ -1,2 +1,2 @@
-@cheqd:registry=https://npm.pkg.github.com
-//npm.pkg.github.com/:_authToken=${NPM_GITHUB_PAT}
+@cheqd:registry=https://registry.npmjs.org/
+access=public