641: wip

.github/composite/build-image/action.yml

@@ -0,0 +1,77 @@
+name: "Build & Upload Docker Image"
+description: "Build & (optionally) upload Docker Image to Docker Registry"
+
+inputs:
+  GPG_PRIVATE_KEY:
+    description: "GPG Private Key"
+    required: true
+  GPG_PASSPHRASE:
+    description: "GPG Passphrase"
+    required: true
+  DOCKER_UPLOAD:
+    description: "Boolean indicating whether the image should be uploaded to Docker registry or not."
+    required: false
+    default: true
+  TAG_PREFIX:
+    description: "Docker tags prefix"
+    required: false
+  SERVER_PROFILES:
+    description: "Profile(s) to apply to Codebloom instance."
+    required: false
+    default: prod
+
+runs:
+  using: "composite"
+  steps:
+    - name: Disable man-db
+      uses: ./.github/composite/disable-mandb
+
+    - name: Set up pnpm
+      uses: pnpm/action-setup@master
+      with:
+        version: 10.24.0
+        cache: true
+        cache_dependency_path: js/pnpm-lock.yaml
+        package_json_file: js/package.json
+
+    - name: Set up OpenJDK 25
+      uses: actions/setup-java@v4
+      with:
+        distribution: "temurin"
+        java-version: "25"
+        cache: "maven"
+
+    - name: Set up bun
+      uses: oven-sh/setup-bun@v2
+      with:
+        bun-version: latest
+
+    - name: Cache Bun dependencies
+      uses: actions/cache@v4
+      with:
+        path: ~/.bun/install/cache
+        key: ${{ runner.os }}-bun-${{ hashFiles('.github/scripts/bun.lock') }}
+        restore-keys: |
+          ${{ runner.os }}-bun-
+
+    - name: Install deps
+      shell: bash
+      run: bun install --cwd .github/scripts --frozen-lockfile
+
+    - name: Load secrets
+      uses: ./.github/composite/load-secrets
+      with:
+        GPG_PRIVATE_KEY: ${{ inputs.GPG_PRIVATE_KEY }}
+        GPG_PASSPHRASE: ${{ inputs.GPG_PASSPHRASE }}
+        UNLOAD_ENVIRONMENTS: ci,ci-app
+
+    - name: Expose GitHub Runtime
+      uses: crazy-max/ghaction-github-runtime@v3
+
+    - name: Run script
+      shell: bash
+      run: bun .github/scripts/build-image.ts
+      env:
+        DOCKER_UPLOAD: ${{ inputs.DOCKER_UPLOAD }}
+        TAG_PREFIX: ${{ inputs.TAG_PREFIX }}
+        SERVER_PROFILES: ${{ inputs.SERVER_PROFILES }}

.github/composite/load-secrets/action.yml

@@ -37,8 +37,24 @@ runs:
       shell: bash
       run: git-crypt --version
 
-    - name: Run load secrets script
+    - uses: oven-sh/setup-bun@v2
+      with:
+        bun-version: latest
+
+    - name: Cache Bun dependencies
+      uses: actions/cache@v4
+      with:
+        path: ~/.bun/install/cache
+        key: ${{ runner.os }}-bun-${{ hashFiles('**/pnpm-lock.yaml') }}
+        restore-keys: |
+          ${{ runner.os }}-bun-
+
+    - name: Install deps
+      shell: bash
+      run: bun install --cwd .github/scripts --frozen-lockfile
+
+    - name: Run script
       shell: bash
-      run: bash .github/scripts/load-secrets.sh
+      run: bun .github/scripts/load-secrets.ts
       env:
         UNLOAD_ENVIRONMENTS: ${{ inputs.UNLOAD_ENVIRONMENTS }}

.github/composite/test/backend-pre-test/action.yml

@@ -20,6 +20,22 @@ runs:
         javac -version
         echo "JAVA_HOME=$JAVA_HOME"
 
+    - uses: oven-sh/setup-bun@v2
+      with:
+        bun-version: latest
+
+    - name: Cache Bun dependencies
+      uses: actions/cache@v4
+      with:
+        path: ~/.bun/install/cache
+        key: ${{ runner.os }}-bun-${{ hashFiles('.github/scripts/bun.lock') }}
+        restore-keys: |
+          ${{ runner.os }}-bun-
+
+    - name: Install deps
+      shell: bash
+      run: bun install --cwd .github/scripts --frozen-lockfile
+
     - name: Run script
       shell: bash
-      run: bash .github/scripts/run-backend-compile-tests.sh
+      run: bun .github/scripts/run-backend-compile-tests.ts

.github/composite/test/backend-test/action.yml

@@ -0,0 +1,68 @@
+name: "Backend test"
+description: "Run backend tests"
+
+inputs:
+  GPG_PRIVATE_KEY:
+    description: "GPG Private Key"
+    required: true
+  GPG_PASSPHRASE:
+    description: "GPG Passphrase"
+    required: true
+  UPLOAD_TEST_COV:
+    description: "Boolean indicating whether tests should be uploaded to Codecov or not."
+    required: false
+    default: true
+
+runs:
+  using: "composite"
+  steps:
+    - name: Disable man-db
+      uses: ./.github/composite/disable-mandb
+
+    - name: Set up OpenJDK 25
+      uses: actions/setup-java@v4
+      with:
+        distribution: "temurin"
+        java-version: "25"
+        cache: "maven"
+
+    - name: Set up bun
+      uses: oven-sh/setup-bun@v2
+      with:
+        bun-version: latest
+
+    - name: Cache Bun dependencies
+      uses: actions/cache@v4
+      with:
+        path: ~/.bun/install/cache
+        key: ${{ runner.os }}-bun-${{ hashFiles('.github/scripts/bun.lock') }}
+        restore-keys: |
+          ${{ runner.os }}-bun-
+
+    - name: Install deps
+      shell: bash
+      run: bun install --cwd .github/scripts --frozen-lockfile
+
+    - name: Load secrets
+      uses: ./.github/composite/load-secrets
+      with:
+        GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
+        GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
+        UNLOAD_ENVIRONMENTS: ci-app
+
+    - name: Run script
+      shell: bash
+      run: bun .github/scripts/run-backend-tests.ts
+
+    - name: Upload JaCoCo HTML report
+      uses: actions/upload-artifact@v4
+      if: ${{ inputs.UPLOAD_TEST_COV == true }}
+      with:
+        name: jacoco-report
+        path: target/site/jacoco/
+
+    - name: Upload coverage reports to Codecov
+      uses: codecov/codecov-action@v5
+      if: ${{ inputs.UPLOAD_TEST_COV == true }}
+      with:
+        token: ${{ secrets.CODECOV_TOKEN }}

.github/composite/test/frontend-test/action.yml

@@ -0,0 +1,59 @@
+name: "Frontend Test"
+description: "Run frontend tests"
+
+inputs:
+  GPG_PRIVATE_KEY:
+    description: "GPG Private Key"
+    required: true
+  GPG_PASSPHRASE:
+    description: "GPG Passphrase"
+    required: true
+
+runs:
+  using: "composite"
+  steps:
+    - name: Disable man-db
+      uses: ./.github/composite/disable-mandb
+
+    - name: Set up pnpm
+      uses: pnpm/action-setup@master
+      with:
+        version: 10.24.0
+        cache: true
+        cache_dependency_path: js/pnpm-lock.yaml
+        package_json_file: js/package.json
+
+    - name: Set up OpenJDK 25
+      uses: actions/setup-java@v4
+      with:
+        distribution: "temurin"
+        java-version: "25"
+        cache: "maven"
+
+    - name: Set up bun
+      uses: oven-sh/setup-bun@v2
+      with:
+        bun-version: latest
+
+    - name: Cache Bun dependencies
+      uses: actions/cache@v4
+      with:
+        path: ~/.bun/install/cache
+        key: ${{ runner.os }}-bun-${{ hashFiles('.github/scripts/bun.lock') }}
+        restore-keys: |
+          ${{ runner.os }}-bun-
+
+    - name: Install deps
+      shell: bash
+      run: bun install --cwd .github/scripts --frozen-lockfile
+
+    - name: Load secrets
+      uses: ./.github/composite/load-secrets
+      with:
+        GPG_PRIVATE_KEY: ${{ inputs.GPG_PRIVATE_KEY }}
+        GPG_PASSPHRASE: ${{ inputs.GPG_PASSPHRASE }}
+        UNLOAD_ENVIRONMENTS: ci-app
+
+    - name: Run script
+      shell: bash
+      run: bun .github/scripts/run-frontend-tests.ts

.github/scripts/build-image.ts

@@ -0,0 +1,95 @@
+import { $ } from "bun";
+import { db } from "./fn/run-local-db";
+import { backend } from "./fn/run-backend-instance";
+
+process.env.TZ = "America/New_York";
+
+const tagPrefix = process.env.TAG_PREFIX || "";
+const shouldDockerUpload = Boolean(process.env.DOCKER_UPLOAD) || false;
+const serverProfiles = process.env.SERVER_PROFILES || "prod";
+
+const dockerHubPat = process.env.DOCKER_HUB_PAT;
+if (!dockerHubPat) {
+  throw new Error("DOCKER_HUB_PAT is required.");
+}
+
+async function main() {
+  try {
+    await db.start();
+    await backend.start();
+
+    await $`corepack enable pnpm`;
+    await $`pnpm --dir js i -D --frozen-lockfile`;
+    await $`pnpm --dir js run generate`;
+
+    // copy old tz format from build-image.sh
+    const timestamp = new Date()
+      .toLocaleString("en-US", {
+        timeZone: process.env.TZ,
+        year: "numeric",
+        month: "2-digit",
+        day: "2-digit",
+        hour: "2-digit",
+        minute: "2-digit",
+        second: "2-digit",
+        hour12: false,
+      })
+      .replace(/(\d+)\/(\d+)\/(\d+),\s(\d+):(\d+):(\d+)/, "$3.$1.$2-$4.$5.$6");
+
+    const gitSha = (await $`git rev-parse --short HEAD`.text()).trim();
+
+    const tags = [
+      `tahminator/codebloom:${tagPrefix}latest`,
+      `tahminator/codebloom:${tagPrefix}${timestamp}`,
+      `tahminator/codebloom:${tagPrefix}${gitSha}`,
+    ];
+
+    console.log("Building image with following tags:");
+    tags.forEach((tag) => console.log(tag));
+
+    if (dockerHubPat) {
+      console.log("DOCKER_HUB_PAT found");
+    } else {
+      console.log("DOCKER_HUB_PAT missing or empty");
+    }
+
+    await $`echo ${dockerHubPat} | docker login -u tahminator --password-stdin`;
+
+    try {
+      await $`docker buildx create --use --name codebloom-builder`;
+    } catch {
+      await $`docker buildx use codebloom-builder`;
+    }
+
+    const buildMode = shouldDockerUpload ? "--push" : "--load";
+
+    const viteStagingArg =
+      serverProfiles === "stg" ? ["--build-arg", "VITE_STAGING=true"] : [];
+
+    const tagArgs = tags.flatMap((tag) => ["--tag", tag]);
+
+    await $`docker buildx build ${buildMode} \
+              --file infra/Dockerfile \
+              --build-arg SERVER_PROFILES=${serverProfiles} \
+              --build-arg COMMIT_SHA=${gitSha} \
+              --cache-from=type=gha \
+              --cache-to=type=gha,mode=max \
+              ${viteStagingArg} \
+              ${tagArgs} \
+              .`.quiet();
+
+    console.log("Image pushed successfully.");
+  } finally {
+    await backend.end();
+    await db.end();
+  }
+}
+
+main()
+  .then(() => {
+    process.exit(0);
+  })
+  .catch((e) => {
+    console.error(e);
+    process.exit(1);
+  });