Merge branch 'master' into dry-dependabot-configuration

.github/workflows/admin.yml

@@ -17,6 +17,7 @@ jobs:
             admin:
               - '.github/workflows/**/*'
               - 'admin/**/*'
+
   build:
     if: needs.files-changed.outputs.admin == 'true'
     name: Build - Admin
@@ -31,26 +32,6 @@ jobs:
         run: npm install && npm run build
         working-directory: ./admin
 
-  docker-production:
-    if: needs.files-changed.outputs.admin == 'true'
-    name: Build Docker Production - Admin
-    needs: files-changed
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@9a9194f87191a7e9055e3e9b95b8cfb13023bb08 # v4.1.7
-      - name: Admin | Build Docker Production
-        run: docker compose -f docker-compose.yml build admin
-
-  docker-development:
-    if: needs.files-changed.outputs.admin == 'true'
-    name: Build Docker Development - Admin
-    needs: files-changed
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@9a9194f87191a7e9055e3e9b95b8cfb13023bb08 # v4.1.7
-      - name: Admin | Build Docker Development
-        run: docker compose build admin admin-storybook
-
   storybook:
     if: needs.files-changed.outputs.admin == 'true'
     name: Build Storybook - Admin

.github/workflows/backend.yml

@@ -32,26 +32,6 @@ jobs:
         run: npm install && npm run build
         working-directory: ./backend
 
-  docker-production:
-    if: needs.files-changed.outputs.backend == 'true'
-    name: Build Docker Production - Backend
-    needs: files-changed
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@9a9194f87191a7e9055e3e9b95b8cfb13023bb08 # v4.1.7
-      - name: Backend | Build Docker Production
-        run: docker compose -f docker-compose.yml build backend
-
-  docker-development:
-    if: needs.files-changed.outputs.backend == 'true'
-    name: Build Docker Development - Backend
-    needs: files-changed
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@9a9194f87191a7e9055e3e9b95b8cfb13023bb08 # v4.1.7
-      - name: Backend | Build Docker Development
-        run: docker compose build backend
-
   lint:
     if: needs.files-changed.outputs.backend == 'true'
     name: Lint - Backend

.github/workflows/docker.yml → .github/workflows/deployment.yml

@@ -1,19 +1,15 @@
-name: Create and publish Docker images
+name: Push/Deploy
 
-on:
-  push:
-    branches: ['master']
-
-env:
-  REGISTRY: ghcr.io
+on: push
 
 jobs:
-  build-and-push-image:
+  build-and-push-images:
     strategy:
       matrix:
         folder: [authentik, admin, backend, frontend, presenter]
     runs-on: ubuntu-latest
     env:
+      REGISTRY: ghcr.io
       IMAGE_NAME: ${{ github.repository }}/${{ matrix.folder }}
     permissions:
       contents: read
@@ -43,7 +39,7 @@ jobs:
             type=ref,event=branch
             type=ref,event=pr
             type=sha
-      - name: Build and push Docker image
+      - name: Build and push Docker images
         id: push
         uses: docker/build-push-action@a8d35412fb758de9162fd63e3fa3f0942bdedb4d
         with:
@@ -63,4 +59,28 @@ jobs:
       #     subject-digest: ${{ steps.push.outputs.digest }}
       #     push-to-registry: true
 
+  deploy-to-kubernetes:
+    runs-on: ubuntu-latest
+    if: github.ref == 'refs/heads/master'
+    needs: build-and-push-images
+    steps:
+      - uses: mdgreenwald/mozilla-sops-action@d9714e521cbaecdae64a89d2fdd576dd2aa97056 # v1.6.0
+      - uses: actions/checkout@9a9194f87191a7e9055e3e9b95b8cfb13023bb08 # v4.1.7
+      - run: |
+          mkdir -p ~/.config/sops/age
+          echo $SOPS_KEY | base64 --decode > ~/.config/sops/age/keys.txt
+        env:
+          SOPS_KEY: ${{ secrets.SOPS_KEY }}
+      - run: |
+          mkdir -p ~/.kube
+          sops decrypt ./infrastructure/helmfile/secrets/kubeconfig > ~/.kube/config
+      - run: echo "IMAGE_TAG=sha-$(echo $GITHUB_SHA | cut -c 1-7)" >> $GITHUB_ENV
+      - uses: helmfile/helmfile-action@314e6f498c8fb72ae64ed6f526e992a6a9a90e32 #v1.9.1
+        with:
+          helmfile-args: apply --environment master
+          helmfile-workdirectory: ./infrastructure/helmfile
+          helm-plugins: >
+            https://github.com/databus23/helm-diff,
+            https://github.com/jkroepke/helm-secrets
+
 

.github/workflows/frontend.yml

@@ -32,26 +32,6 @@ jobs:
         run: npm install && npm run build
         working-directory: ./frontend
 
-  docker-production:
-    if: needs.files-changed.outputs.frontend == 'true'
-    name: Build Docker Production - Frontend
-    needs: files-changed
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@9a9194f87191a7e9055e3e9b95b8cfb13023bb08 # v4.1.7
-      - name: Frontend | Build Docker Production
-        run: docker compose -f docker-compose.yml build frontend
-
-  docker-development:
-    if: needs.files-changed.outputs.frontend == 'true'
-    name: Build Docker Development - Frontend
-    needs: files-changed
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@9a9194f87191a7e9055e3e9b95b8cfb13023bb08 # v4.1.7
-      - name: Frontend | Build Docker Development
-        run: docker compose build frontend frontend-storybook
-
   storybook:
     if: needs.files-changed.outputs.frontend == 'true'
     name: Build Storybook - Frontend

.github/workflows/presenter.yml

@@ -32,26 +32,6 @@ jobs:
         run: npm install && npm run build
         working-directory: ./presenter
 
-  docker-production:
-    if: needs.files-changed.outputs.presenter == 'true'
-    name: Build Docker Production - Presenter
-    needs: files-changed
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@9a9194f87191a7e9055e3e9b95b8cfb13023bb08 # v4.1.7
-      - name: Presenter | Build Docker Production
-        run: docker compose -f docker-compose.yml build presenter
-
-  docker-development:
-    if: needs.files-changed.outputs.presenter == 'true'
-    name: Build Docker Development - Presenter
-    needs: files-changed
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@9a9194f87191a7e9055e3e9b95b8cfb13023bb08 # v4.1.7
-      - name: Presenter | Build Docker Development
-        run: docker compose build presenter presenter-storybook
-
   storybook:
     if: needs.files-changed.outputs.presenter == 'true'
     name: Build Storybook - Presenter

.github/workflows/release.yml

@@ -38,7 +38,7 @@ jobs:
       ##########################################################################
       # TODO: this will error on duplicate
       #- name: package-version-to-git-tag
-      #  uses: pkgdeps/git-tag-action@81b45ff87eb7f7bd49e76e2bed448990d4dd72b3 # v3.0.0
+      #  uses: pkgdeps/git-tag-action@ef111413f44ebe5cc05994e7f5b5b9edaaada08d # v3.0.0
       #  with:
       #    github_token: ${{ secrets.GITHUB_TOKEN }}
       #    github_repo: ${{ github.repository }}
@@ -49,7 +49,7 @@ jobs:
       # Push build tag to GitHub ###############################################
       ##########################################################################
       - name: package-version-to-git-tag + build number
-        uses: pkgdeps/git-tag-action@81b45ff87eb7f7bd49e76e2bed448990d4dd72b3 # v3.0.0
+        uses: pkgdeps/git-tag-action@ef111413f44ebe5cc05994e7f5b5b9edaaada08d # v3.0.0
         with:
           github_token: ${{ secrets.GITHUB_TOKEN }}
           github_repo: ${{ github.repository }}

.sops.yaml

@@ -0,0 +1,13 @@
+creation_rules:
+  - age:  >-
+      age1al36hkk8can83zpxq8qyy07gpv83hdw9vchfly5f264kanz405as283a00,
+      age1llp6k66265q3rzqemxpnq0x3562u20989vcjf65fl9s3hjhgcscq6mhnjw,
+      age1zycwtk6dkxj6vuqhj9jw7932ythky9p3att6df4z9qasyw8v5dxquejcmp,
+      age1t0ufylv5xfwhmcamu4gpwtay4wcuyqgzlkht4t04s9qjl8xjks9skxrt02,
+      age15g5mhkcrseuxq923j7vdnmrzq4eh08ujha864k8hc6ncrj5sqfcsqkkyr2
+
+# age1al36hkk8can83zpxq8qyy07gpv83hdw9vchfly5f264kanz405as283a00 SOPS_KEY github secret
+# age1llp6k66265q3rzqemxpnq0x3562u20989vcjf65fl9s3hjhgcscq6mhnjw @roschaefer
+# age1zycwtk6dkxj6vuqhj9jw7932ythky9p3att6df4z9qasyw8v5dxquejcmp @mahula
+# age1t0ufylv5xfwhmcamu4gpwtay4wcuyqgzlkht4t04s9qjl8xjks9skxrt02 @Bettelstab
+# age15g5mhkcrseuxq923j7vdnmrzq4eh08ujha864k8hc6ncrj5sqfcsqkkyr2 @trinity2701

admin/.env.production

@@ -1,5 +1,5 @@
 # META
-PUBLIC_ENV__META__BASE_URL="https://admin.master.dreammall.earth"
+PUBLIC_ENV__META__BASE_URL="https://admin.git.master.dreammall.earth"
 PUBLIC_ENV__META__DEFAULT_AUTHOR="IT Team 4 Change"
 PUBLIC_ENV__META__DEFAULT_DESCRIPTION="IT4C Frontend Boilerplate"
 PUBLIC_ENV__META__DEFAULT_TITLE="IT4C"

admin/package.json

@@ -110,7 +110,7 @@
     "prettier": "^3.3.3",
     "react": "^18.3.1",
     "react-dom": "^18.3.1",
-    "sass": "1.77.8",
+    "sass": "1.74.1",
     "sass-loader": "^16.0.0",
     "storybook": "^8.1.10",
     "stylelint": "^16.8.1",

frontend/.env.production

@@ -1,19 +1,19 @@
 # AUTH
-PUBLIC_ENV__AUTH__AUTHORITY="https://auth.master.dreammall.earth/application/o/dreammallearth/"
-PUBLIC_ENV__AUTH__AUTHORITY_SIGNUP_URI="https://auth.master.dreammall.earth/if/flow/dreammallearth-enrollment/"
-PUBLIC_ENV__AUTH__AUTHORITY_SIGNOUT_URI="https://auth.master.dreammall.earth/if/flow/dreammallearth-invalidation-flow/"
+PUBLIC_ENV__AUTH__AUTHORITY="https://auth.master.git.dreammall.earth/application/o/dreammallearth/"
+PUBLIC_ENV__AUTH__AUTHORITY_SIGNUP_URI="https://auth.master.git.dreammall.earth/if/flow/dreammallearth-enrollment/"
+PUBLIC_ENV__AUTH__AUTHORITY_SIGNOUT_URI="https://auth.master.git.dreammall.earth/if/flow/dreammallearth-invalidation-flow/"
 PUBLIC_ENV__AUTH__CLIENT_ID="G3g0sjCjph1NAyGeeu5Te5ltx1I7WZ0DGB8i6vOI"
-PUBLIC_ENV__AUTH__REDIRECT_URI="https://app.master.dreammall.earth/auth"
-PUBLIC_ENV__AUTH__SILENT_REDIRECT_URI="https://app.master.dreammall.earth/silent-refresh"
+PUBLIC_ENV__AUTH__REDIRECT_URI="https://app.master.git.dreammall.earth/auth"
+PUBLIC_ENV__AUTH__SILENT_REDIRECT_URI="https://app.master.git.dreammall.earth/silent-refresh"
 PUBLIC_ENV__AUTH__RESPONSE_TYPE="code"
 PUBLIC_ENV__AUTH__SCOPE="openid profile posts"
 PUBLIC_ENV__AUTH__ADMIN_GROUP="authentik Admins"
-PUBLIC_ENV__AUTH__ADMIN_REDIRECT_URI="https://admin.master.dreammall.earth/signin"
+PUBLIC_ENV__AUTH__ADMIN_REDIRECT_URI="https://admin.master.git.dreammall.earth/signin"
 
 # Endpoints
-PUBLIC_ENV__ENDPOINTS__GRAPHQL_URI=https://master.dreammall.earth/api/
-PUBLIC_ENV__ENDPOINTS__WEBSOCKET_URI=wss://master.dreammall.earth/api/subscriptions
+PUBLIC_ENV__ENDPOINTS__GRAPHQL_URI=https://master.git.dreammall.earth/api/
+PUBLIC_ENV__ENDPOINTS__WEBSOCKET_URI=wss://master.git.dreammall.earth/api/subscriptions
 
 # META
-PUBLIC_ENV__META__BASE_URL="https://app.master.dreammall.earth"
+PUBLIC_ENV__META__BASE_URL="https://app.master.git.dreammall.earth"
 PUBLIC_ENV__META__DEFAULT_AUTHOR="DreamMall Verlag GbR"