First project template

Author: lukasz-wal

.github/workflows/build-docker-image.yml

@@ -0,0 +1,68 @@
+name: Build docker image
+run-name: "Build image for ${{ github.ref_name }} triggered by ${{ github.actor }} for ${{ inputs.environment }}; version: ${{ inputs.version || 'N/A'}}"
+
+on:
+  workflow_call:
+    inputs:
+      version:
+        required: false
+        type: string
+      commit_sha:
+        required: false
+        type: string
+
+env:
+  ECR_REPOSITORY: "filecoin-oracle-service"
+
+jobs:
+  build_and_push:
+    runs-on: ubuntu-latest
+    environment: production-fidl
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ inputs.commit_sha }}
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          driver-opts: network=host
+
+      - name: Install deps
+        run: npm ci
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: us-east-1
+
+      - name: Login to Amazon ECR
+        uses: aws-actions/amazon-ecr-login@v2
+        with:
+          mask-password: "true"
+          registry-type: public
+
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          flavor: latest=false
+          images: public.ecr.aws/f4h6r4m9/${{ env.ECR_REPOSITORY }}
+          tags: |
+            type=semver,pattern={{version}},value=${{ inputs.version }},enable=${{inputs.version != ''}}
+            type=ref,event=branch,pattern={{branch}}
+            type=ref,event=pr,pattern={{branch}}
+
+      - name: Build tag and push Docker image
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+          github-token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/code-check.yml

@@ -0,0 +1,21 @@
+name: Check linter, formatting, tests
+
+on:
+  workflow_call:
+
+jobs:
+  format_and_lint:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Install deps
+        run: npm ci
+
+      - name: Code format
+        run: npm run format
+
+      - name: Lint code
+        run: npm run lint

.github/workflows/manually-trigger-deploy.yml

@@ -0,0 +1,36 @@
+name: Manually trigger deploy to staging or production
+run-name: "Manually deploy ${{ github.ref_name }} triggered by ${{ github.actor }}; version: ${{ inputs.version }}"
+
+on:
+  workflow_dispatch:
+    inputs:
+      version:
+        description: "Enter the version number"
+        required: true
+        default: "main"
+      environment:
+        required: false
+        description: "Select the environment to deploy to"
+        type: choice
+        options:
+          - production
+        default: production
+
+permissions:
+  id-token: write
+  contents: read
+
+jobs:
+  trigger-production-deploy:
+    runs-on: ubuntu-latest
+    if: ${{ github.ref_name == 'main' && inputs.version != '' && inputs.environment == 'production' }}
+    steps:
+      - name: Trigger production deploy
+        uses: neti-filplus-infra/filplus-deploy-action@main
+        with:
+          version: ${{ inputs.version }}
+          environment: production
+          ecr-repository: filecoin-oracle-service
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_IMAGE_DEPLOYER }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_IMAGE_DEPLOYER }}
+          aws-region: us-east-1

.github/workflows/publish-new-build.yml

@@ -0,0 +1,124 @@
+name: Publish new build
+run-name: "Publish new images for ${{ github.ref_name }} triggered by ${{ github.actor }}; version: ${{ inputs.version || 'N/A'}}"
+
+on:
+  pull_request:
+    types: [opened, synchronize]
+  push:
+    branches:
+      - main
+  workflow_dispatch:
+    inputs:
+      version:
+        description: "Enter the version number"
+        required: true
+      deploy-to-production:
+        description: "Deploy the new version on production?"
+        required: false
+        type: boolean
+        default: false
+
+permissions:
+  contents: write
+
+jobs:
+  code-check:
+    uses: ./.github/workflows/code-check.yml
+
+  bump-version:
+    runs-on: ubuntu-latest
+    if: ${{ github.ref_name == 'main' && inputs.version != '' }}
+    needs:
+      - code-check
+    outputs:
+      commit_sha: ${{ steps.commit-version.outputs.commit_sha }}
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Install semver
+        run: npm install semver
+
+      - name: Get current version
+        run: echo "current_version=$(jq -r '.version' package.json)" >> $GITHUB_ENV
+
+      - name: Validate and set new version
+        run: |
+          new_version="${{ inputs.version }}"
+          current_version="${{ env.current_version }}"
+
+          if npx semver $new_version -r "<=$current_version"; then
+            echo "Error: New version ($new_version) is lowest or the same as current ($current_version)"
+            exit 1
+          fi
+
+      - name: Bump version
+        run: |
+          npm version ${{ inputs.version }} --no-git-tag-version
+
+      - name: Git config
+        run: |
+          git config user.name "${GITHUB_ACTOR}"
+          git config user.email "${GITHUB_ACTOR}@users.noreply.github.com"
+
+      - name: Commit version change
+        id: commit-version
+        run: |
+          git commit -am "Update version to ${{ inputs.version }}"
+          git push origin main
+          echo "commit_sha=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT
+
+  build-and-publish:
+    needs:
+      - code-check
+      - bump-version
+    if: |
+      always() &&
+      !contains(needs.*.result, 'failure') &&
+      !contains(needs.*.result, 'cancelled')
+    uses: ./.github/workflows/build-docker-image.yml
+    with:
+      version: ${{ inputs.version }}
+      commit_sha: ${{ github.ref_name == 'main' && inputs.version != '' && needs.bump-version.outputs.commit_sha || '' }}
+    secrets: inherit
+
+  git-tag:
+    runs-on: ubuntu-latest
+    needs:
+      - bump-version
+      - build-and-publish
+    if: |
+      ${{ github.ref_name == 'main' && inputs.version != '' }} &&
+      always() &&
+      !contains(needs.*.result, 'failure') &&
+      !contains(needs.*.result, 'cancelled')
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ needs.bump-version.outputs.commit_sha }}
+
+      - name: Create and push tag
+        run: |
+          TAG_NAME="v${{ inputs.version }}"
+          git tag $TAG_NAME
+          git push origin $TAG_NAME
+
+  trigger-production-deploy:
+    runs-on: ubuntu-latest
+    needs:
+      - code-check
+      - build-and-publish
+    if: ${{ inputs.version != '' && inputs.deploy-to-production == true }}
+    environment: production-fidl
+    steps:
+      - name: Trigger production deploy
+        uses: neti-filplus-infra/filplus-deploy-action@main
+        with:
+          version: ${{ inputs.version }}
+          environment: production
+          ecr-repository: filecoin-oracle-service
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_IMAGE_DEPLOYER }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_IMAGE_DEPLOYER }}
+          aws-region: us-east-1

.prettierrc

@@ -0,0 +1,4 @@
+{
+  "singleQuote": false,
+  "trailingComma": "all"
+}

Dockerfile

@@ -1,6 +1,13 @@
-FROM node:24-alpine
+FROM node:24-alpine AS build
 WORKDIR /app
 COPY package*.json ./
-RUN npm ci --production
+RUN npm ci
 COPY . .
-CMD ["node", "index.js"]
+RUN npm run build
+
+FROM node:24-alpine
+WORKDIR /app
+COPY package*.json ./
+RUN npm ci --omit=dev
+COPY --from=build /app/dist ./dist
+CMD ["node", "dist/index.js"]

eslint.config.ts

@@ -0,0 +1,9 @@
+import js from "@eslint/js";
+import globals from "globals";
+import tseslint from "typescript-eslint";
+import { defineConfig } from "eslint/config";
+
+export default defineConfig([
+  { files: ["**/*.{js,mjs,cjs,ts,mts,cts}"], plugins: { js }, extends: ["js/recommended"], languageOptions: { globals: globals.browser } },
+  tseslint.configs.recommended,
+]);