make repository public

Signed-off-by: Timo Glastra <timo@animo.id>

.env.example

@@ -0,0 +1,10 @@
+PORT=3000
+HSM=node
+POSTGRES_PASSWORD=
+POSTGRES_USER=
+POSTGRES_HOST=
+POSTGRES_PORT=
+POSTGRES_DATABASE=
+POSTGRES_CA_PATH=
+GOOGLE_APPLICATION_CREDENTIALS_JSON=
+WALLET_PROVIDER_P256_PRIVATE_JWK='{"kty":"EC","x":"X8zXZKsb4i9PsjyZbfu7BR5KkqCurSJi34FytGFWo5w","y":"AKU94AcCkNnKfRRbDB4hygU7_UcpuKFJdRmAIc3ws_I","crv":"P-256","d":"eUWJiIyLqqDjPktYzaCtjsLbUwa8D4nThK_C38k4uLE"}'

.github/workflows/cd.yaml

@@ -0,0 +1,80 @@
+name: Continuous Deployment
+
+on:
+  workflow_dispatch:
+    inputs:
+      build:
+        default: true
+        type: boolean
+        required: false
+        description: Build the app before deploying
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
+  SERVER: server
+
+jobs:
+  build-and-push-image-server:
+    runs-on: ubuntu-latest
+    if: inputs.build == true && github.ref == 'refs/heads/main'
+    permissions:
+      contents: read
+      packages: write
+
+    defaults:
+      run:
+        working-directory: ${{ env.SERVER }}
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v2
+
+      - name: Log in to the Container registry
+        uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}/${{ env.SERVER }}
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@ad44023a93711e3deb337508980b4b5e9bcdc5dc
+        with:
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+
+  deploy:
+    # Only run on main branch
+    runs-on: ubuntu-latest
+    needs: build-and-push-image-server
+    if: |
+      always() &&
+      (needs.build-and-push-image-server.result == 'success' || needs.build-and-push-image-server.result == 'skipped') &&
+      github.ref == 'refs/heads/main'
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v2
+
+      - name: Copy stack file to remote
+        uses: garygrossgarten/github-action-scp@v0.7.3
+        with:
+          local: docker-compose.yml
+          remote: funke-wallet-service-provider/docker-compose.yml
+          host: dashboard.dev.animo.id
+          username: root
+          privateKey: ${{ secrets.DOCKER_SSH_PRIVATE_KEY }}
+
+      - name: Deploy to Docker Swarm via SSH action
+        uses: appleboy/ssh-action@v0.1.4
+        with:
+          host: dashboard.dev.animo.id
+          username: root
+          key: ${{ secrets.DOCKER_SSH_PRIVATE_KEY }}
+          script: |
+            docker stack deploy --compose-file funke-wallet-service-provider/docker-compose.yml funke-wallet-service-provider --with-registry-auth

.github/workflows/ci.yaml

@@ -0,0 +1,29 @@
+name: 'Continous Integration'
+
+on:
+  push:
+    branches: [main]
+
+  pull_request:
+    types: [opened, synchronize]
+
+jobs:
+    continous-integration:
+        name: 'Continuous Integration'
+        runs-on: ubuntu-latest
+
+        steps:
+            - uses: actions/checkout@v4
+
+            - uses: pnpm/action-setup@v4
+              with:
+                  version: 9
+
+            - name: Install dependencies
+              run: pnpm install
+
+            - name: Check formatting
+              run: pnpm style:check
+
+            - name: Build
+              run: pnpm build

.gitignore

@@ -0,0 +1,5 @@
+.DS_Store
+node_modules
+build
+.env
+google_credentials.json

biome.json

@@ -0,0 +1,43 @@
+{
+  "$schema": "https://biomejs.dev/schemas/1.9.4/schema.json",
+  "files": {
+    "maxSize": 10000000
+  },
+  "formatter": {
+    "lineWidth": 120,
+    "indentStyle": "space"
+  },
+  "javascript": {
+    "parser": {
+      "unsafeParameterDecoratorsEnabled": true
+    },
+    "formatter": {
+      "semicolons": "asNeeded",
+      "quoteStyle": "single",
+      "trailingCommas": "es5",
+      "lineWidth": 120,
+      "indentStyle": "space"
+    }
+  },
+  "json": {
+    "parser": {
+      "allowComments": true
+    }
+  },
+  "vcs": {
+    "enabled": true,
+    "clientKind": "git",
+    "useIgnoreFile": true
+  },
+  "organizeImports": {
+    "enabled": true
+  },
+  "linter": {
+    "enabled": true,
+    "rules": {
+      "performance": {
+        "noAccumulatingSpread": "off"
+      }
+    }
+  }
+}

certificates/digital_ocean.cert

@@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIEQTCCAqmgAwIBAgIUcLIb2qSAI+gdIhnWN/GifNrRRZ8wDQYJKoZIhvcNAQEM
+BQAwOjE4MDYGA1UEAwwvMmY1MTMyNTctYjE5Ny00ZjYwLTk4YjQtMDkzNDI5Y2Uw
+NGU4IFByb2plY3QgQ0EwHhcNMjExMTA2MTgwNDE4WhcNMzExMTA0MTgwNDE4WjA6
+MTgwNgYDVQQDDC8yZjUxMzI1Ny1iMTk3LTRmNjAtOThiNC0wOTM0MjljZTA0ZTgg
+UHJvamVjdCBDQTCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBANTH0oia
+lwvf1IkbYlhv9qYG6CjldRw1oa6CZR0/kuqYlJe5AWicCduA4NmTAM/+u+lS1dCG
+isySSjiDMFrt1DburVdu4u5XqqnItcPfq/YAnvEdlh2jqOVqHJHvhT7sMf8X7LrM
+ARYiaewTsxrYWNYYB93DIsNQj4SSjVCFLl6EbQ5PTAfwTm5RJSEMWqet+ieVCZwX
+9ZICTq5gwmnb0+DDnaa0LvPExeqyhWRX369Wt5kXGxOz0kWYj1+mbOBNdjzOa4Xr
+sWZm9E8VREgiThWOQDKlgV+pU88IIavZ1FUbH2gqfsJWewxnWoqzTIdPQweL9sfr
+ZY9uDTuPekHwdvXT3GUMuu/mITGF07kvx3bR3XUp1NQ1GPJ7NTzXlekvBi6vsztf
+JyX2Ok2WObVVr382cB4Qfart+VCd5YCVP/zH4/ZZoyNFNKZUZhjGbWhZ2uMOjJ7S
+TBe87dyxUAvHP1jQkmMksVPCTBjZG1v7ANB8chNITzIiiVSoZLNljaXIRwIDAQAB
+oz8wPTAdBgNVHQ4EFgQUxoRStbb/QheA7Ht97NGbQn1G++swDwYDVR0TBAgwBgEB
+/wIBADALBgNVHQ8EBAMCAQYwDQYJKoZIhvcNAQEMBQADggGBAAUzkkH42MSi9+Wf
+TGe8IVbu0/BqJLteNxzCGh8BmKAAtbMC241QEWx7EgMSXYLQix311VW00dWrfs6Q
+xb1cv3yg5rwElUJS1EwEn8MPADb+x3a/C0kAVV1NlUwNb5qrKKY7Sv3ltTs2QzcF
+Jo0/nSqyVIChvqRUZM4TkBnM6kaG5ZAMWFfa1XNgXmi5FFPxwRlHS5RdoBzRqk26
+EUm6A1ZLRJn0Xz1/99duTXToQmwgWxazQ+mGA5BleMYlpF8CL6mw2rugX+hrvrj8
+Jy9MoqD5E6Q9EEDc0C6DA9gYjiO43BIqrV76FxHQjGHZI4e4VdEJnP/d15AoMaD8
+HRAdRk6TBYmXLclhw1mN56n+0TIVvodx8POZBgcPn1ieknO89SUyDtDxKd2RaBsX
+JJdPn3AObkefzOHpK+YN4tn/Cy5qs6CWXOGvvp/2tRCrr84pshla+Y+T1Wxq9yWu
+HY4yxDHVkasHB1cs/weRIQgnWq12c+FxMs3JTGGWzhwYUXwA8Q==
+-----END CERTIFICATE-----

docker-compose.yaml

@@ -0,0 +1,28 @@
+version: "3.5"
+
+services:
+  server:
+    image: ghcr.io/animo/funke-wallet-service-provider/server:main
+    deploy:
+      placement:
+        constraints:
+          - node.role == worker
+      labels:
+        traefik.enable: "true"
+
+        traefik.http.routers.funke-wallet-service-provider.rule: Host(`wsp.funke.animo.id`)
+        traefik.http.routers.funke-wallet-service-provider.entrypoints: web-secure
+        traefik.http.routers.funke-wallet-service-provider.tls.certresolver: zerossl
+        traefik.http.routers.funke-wallet-service-provider.service: funke-wallet-service-provider-service
+        traefik.http.services.funke-wallet-service-provider-service.loadbalancer.server.port: 3000
+
+    networks:
+      - traefik
+
+    ports:
+      - "3000"
+
+networks:
+  traefik:
+    external: true
+    name: traefik

dockerfile

@@ -0,0 +1,19 @@
+FROM node:20-slim AS base
+ENV PNPM_HOME="/pnpm"
+ENV PATH="$PNPM_HOME:$PATH"
+RUN corepack enable
+COPY . /app
+WORKDIR /app
+
+FROM base AS prod-deps
+RUN --mount=type=cache,id=pnpm,target=/pnpm/store pnpm install --prod --frozen-lockfile
+
+FROM base AS build
+RUN --mount=type=cache,id=pnpm,target=/pnpm/store pnpm install --frozen-lockfile
+RUN pnpm run build
+
+FROM base
+COPY --from=prod-deps /app/node_modules /app/node_modules
+COPY --from=build /app/build /app/build
+EXPOSE 3000
+CMD [ "pnpm", "start" ]

package.json

@@ -0,0 +1,35 @@
+{
+  "name": "funke-wallet-service-provider",
+  "scripts": {
+    "dev": "ts-node src/index.ts",
+    "build": "tsc",
+    "start": "node build/index.js",
+    "style:check": "biome check .",
+    "style:fix": "pnpm style:check --write --unsafe",
+    "test": "ts-node scripts/test.ts"
+  },
+  "dependencies": {
+    "@animo-id/oauth2": "0.2.0-alpha-20241126193353",
+    "@google-cloud/kms": "^4.5.0",
+    "@multiformats/base-x": "^4.0.1",
+    "@peculiar/asn1-schema": "^2.3.13",
+    "@peculiar/asn1-x509": "^2.3.13",
+    "base58": "^2.0.1",
+    "dotenv": "^16.4.5",
+    "express": "^4.21.1",
+    "jose": "^5.9.6",
+    "pg": "^8.13.1",
+    "uuid": "^11.0.3",
+    "zod": "^3.23.8"
+  },
+  "devDependencies": {
+    "@biomejs/biome": "1.9.4",
+    "@types/body-parser": "^1.19.5",
+    "@types/express": "^5.0.0",
+    "@types/node": "^22.9.0",
+    "@types/pg": "^8.11.10",
+    "axios": "^1.7.7",
+    "ts-node": "^10.9.2",
+    "typescript": "^5.6.3"
+  }
+}