Merge branch 'main' into feat/user-auth

# Conflicts:
#	.github/actions/build-and-deploy-api/action.yml
#	.github/workflows/next-deployment.yml
#	apps/api/.env.template
#	apps/api/src/app/app.module.ts
#	package-lock.json

.github/actions/build-and-deploy-api/action.yml

@@ -1,19 +1,13 @@
 name: 'build-and-deploy-api'
-description: 'Builds API Project for Production and Deploys it to a given WA Slot'
+description: 'Builds API project for production and deploys it to a given environment'
 
 inputs:
   releaseVersion:
     required: true
     description: "Release Version (Commit or Tag)"
-  slot:
+  deploymentEnv:
     required: true
-    description: "Slot Identifier"
-  mongoUri:
-    required: true
-    description: "Mongo Connection URI"
-  sentryKey:
-    required: true
-    description: "Sentry DSN Key"
+    description: "Deployment Environment"
   sentryAuthToken:
     required: true
     description: "Sentry Auth Token"
@@ -26,18 +20,9 @@ inputs:
   containerRegistryPassword:
     required: true
     description: "Container registry password"
-  aadb2cTenantName:
-    required: false
-    description: "Azure AD B2C Tenant Name"
-  aadb2cClientId:
-    required: false
-    description: "Azure AD B2C Client ID"
-  aadb2cIssuer:
-    required: false
-    description: "Azure AD B2C Token Issuer URL"
-  aadb2cPolicy:
-    required: false
-    description: "Azure AD B2C Sign In Policy"
+  containerTag:
+    required: true
+    description: "Container tag"
 outputs:
   url:
     description: "API URL"
@@ -54,6 +39,11 @@ runs:
         registry: ${{ inputs.containerRegistryUrl }}
         username: ${{ inputs.containerRegistryUsername }}
         password: ${{ inputs.containerRegistryPassword }}
+    - name: Create Environment
+      run: envsubst < apps/api/src/app/environment.template > apps/api/src/app/environment.ts
+      shell: bash
+      env:
+        RELEASE_VERSION: ${{ inputs.releaseVersion }}
     - name: Build app
       run: |
         npx nx build api --prod
@@ -67,24 +57,12 @@ runs:
         context: ./
         file: ./apps/api/Dockerfile
         build-args: |
-          NODE_VERSION=${{ steps.node-version-check.outputs.node-version}}
+          NODE_VERSION=${{ steps.node-version-check.outputs.node-version }}
         push: true
         tags: |
-          ghcr.io/kordis-leitstelle/kordis-api:${{ inputs.releaseVersion}}
+          ${{ inputs.containerTag }}
         cache-from: type=gha
         cache-to: type=gha,mode=max
-    - name: Set environment for deployment
-      run: envsubst < apps/api/src/.env.template > dist/apps/api/.env
-      env:
-        MONGODB_URI: ${{ inputs.mongoUri }}
-        ENVIRONMENT_NAME: ${{ inputs.slot }}
-        RELEASE_VERSION: ${{ inputs.releaseVersion }}
-        SENTRY_KEY: ${{ inputs.sentryKey }}
-        AADB2C_TENANT_NAME: ${{ inputs.aadb2cTenantName }}
-        AADB2C_CLIENT_ID: ${{ inputs.aadb2cClientId }}
-        AADB2C_SIGN_IN_POLICY: ${{ inputs.aadb2cPolicy }}
-        AADB2C_ISSUER: ${{ inputs.aadb2cIssuer }}
-      shell: bash
     - name: Deploy API
       id: wa-deployment
       run: echo "url=placeholder" >> $GITHUB_OUTPUT
@@ -96,6 +74,6 @@ runs:
         SENTRY_ORG: kordis-leitstelle
         SENTRY_PROJECT: kordis-api
       with:
-        environment: ${{ inputs.slot }}
+        environment: ${{ inputs.deploymentEnv }}
         version: ${{ inputs.releaseVersion }}
         sourcemaps: ./dist/apps/api

.github/actions/build-and-deploy-spa/action.yml

@@ -1,25 +1,28 @@
 name: 'build-and-deploy-spa'
-description: 'Builds SPA Project for Production and Deploys it to a given SWA Environment'
+description: 'Builds SPA project for production and deploys it to a given environment'
 
 inputs:
-  apiUrl:
-    required: true
-    description: "Base URL of the API"
-  oauthConfig:
-    required: true
-    description: "OAuthConfig from the angular-oauth2-oidc package"
   releaseVersion:
     required: true
     description: "Release Version (Commit or Tag)"
   deploymentEnv:
     required: true
     description: "Deployment Environment"
-  sentryKey:
-    required: true
-    description: "Sentry DSN Key"
   sentryAuthToken:
     required: true
     description: "Sentry Auth Token"
+  containerRegistryUrl:
+    required: true
+    description: "Container registry url"
+  containerRegistryUsername:
+    required: true
+    description: "Container registry username"
+  containerRegistryPassword:
+    required: true
+    description: "Container registry password"
+  containerTag:
+    required: true
+    description: "Container tag"
 outputs:
   url:
     description: "SPA URL"
@@ -28,25 +31,38 @@ outputs:
 runs:
   using: "composite"
   steps:
-    - name: Generate Third-Party Licenses
-      run: npx  --yes [email protected] --input package.json --output apps/spa/src/assets/third-party-licenses.txt --ci
-      shell: bash
-    - run: |
-        envsubst < apps/spa/src/environments/environment.template > apps/spa/src/environments/environment.prod.ts
-        npx nx build spa --prod
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v3
+    - name: Login to GitHub Container Registry
+      uses: docker/login-action@v3
+      with:
+        registry: ${{ inputs.containerRegistryUrl }}
+        username: ${{ inputs.containerRegistryUsername }}
+        password: ${{ inputs.containerRegistryPassword }}
+    - run: envsubst < apps/spa/src/environments/environment.template > apps/spa/src/environments/environment.ts
       shell: bash
       env:
         IS_PRODUCTION: true
-        ENVIRONMENT_NAME: ${{ inputs.deploymentEnv }}
-        API_URL: ${{ inputs.apiUrl }}
-        OAUTH_CONFIG: ${{ inputs.oauthConfig }}
         RELEASE_VERSION: ${{ inputs.releaseVersion }}
-        SENTRY_KEY: ${{ inputs.sentryKey }}
+    - run: |
+        npx nx build spa --prod
+        npx --yes [email protected] --input package.json --output dist/apps/spa/browser/assets/third-party-licenses.txt --ci
+      shell: bash
+    - name: Build and push image
+      uses: docker/build-push-action@v5
+      with:
+        context: ./
+        file: ./apps/spa/docker/Dockerfile
+        push: true
+        tags: |
+          ${{ inputs.containerTag }}
+        cache-from: type=gha
+        cache-to: type=gha,mode=max
     - name: Deploy SPA
       id: spa-deployment
       shell: bash
       run: echo "url=placeholder" >> $GITHUB_OUTPUT
-    - name: Build SPA with source maps
+    - name: Build SPA with source maps for sentry
       run: npx nx build spa --prod --source-map=true
       shell: bash
     - name: Create Sentry release

.github/workflows/ci.yml

@@ -39,28 +39,33 @@ jobs:
       - name: Merge Coverage files
         run: '[ -d "./coverage/" ] && ./node_modules/.bin/lcov-result-merger ./coverage/**/lcov.info ./coverage/lcov.info || exit 0'
 
-      - name: Create SPA Environment File
-        run: envsubst < apps/spa/src/environments/environment.template > apps/spa/src/environments/environment.prod.ts
+      - name: Create Environments
+        run: |
+          envsubst < apps/spa/src/environments/environment.template > apps/spa/src/environments/environment.ts
+          envsubst < apps/api/src/app/environment.template > apps/api/src/app/environment.ts
         env:
           IS_PRODUCTION: true
           ENVIRONMENT_NAME: 'ci'
           RELEASE_VERSION: ${{ github.sha }}
-          API_URL: http://localhost:3000/
-          OAUTH_CONFIG: undefined
       - name: Build
-        run: npx nx run-many -t build --all --parallel=3
+        run: |
+          npx nx run-many -t build --all --parallel=3
+          docker build -t kordis-api:${{ github.sha }} -f ./apps/api/Dockerfile --build-arg NODE_VERSION=$(cat .nvmrc | tr -cd '[:digit:].') . &
+          docker build -t kordis-spa:${{ github.sha }} -f ./apps/spa/docker/Dockerfile . &
+          wait
+      - name: Install Chromium for E2Es
+        run: npx -y playwright install chromium
       - name: Start and prepare MongoDB for E2Es
         run: ./tools/db/kordis-db.sh init e2edb
+      - name: Start API and SPA containers
+        run: |
+          docker run -d -p 3000:3333 -e MONGODB_URI=mongodb://host.docker.internal:27017/e2edb kordis-api:${{ github.sha }}
+          docker run -d -p 4200:8080 -e API_URL=http://localhost:3000 kordis-spa:${{ github.sha }}
       - name: Run E2Es
-        run: npm run serve:all:prod & (npx wait-on tcp:3000 && npx wait-on http://localhost:4200 && npx nx e2e spa-e2e)
+        run: npx wait-on -t 30s tcp:3000 && npx wait-on -t 30s http://localhost:4200 && npx nx e2e spa-e2e --skipInstall
         env:
           E2E_BASE_URL: http://localhost:4200/
-          MONGODB_URI: mongodb://127.0.0.1:27017/e2edb
-          ENVIRONMENT_NAME: 'ci'
-          RELEASE_VERSION: ${{ github.sha }}
-          SENTRY_KEY: ${{ secrets.SENTRY_KEY }}
-          PORT: 3000
-      - uses: actions/upload-artifact@v3
+      - uses: actions/upload-artifact@v4
         if: failure()
         with:
           name: e2e-test-results

.github/workflows/codeql.yml

@@ -27,11 +27,11 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v2
+        uses: github/codeql-action/init@v3
         with:
           languages: ${{ matrix.language }}
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v2
+        uses: github/codeql-action/analyze@v3
         with:
           category: '/language:${{matrix.language}}'

.github/workflows/next-deployment.yml

@@ -29,18 +29,13 @@ jobs:
         id: api-deployment
         uses: ./.github/actions/build-and-deploy-api
         with:
-          slot: "next"
+          deploymentEnv: "next"
           releaseVersion: ${{ github.sha }}
-          mongoUri: ${{ secrets.DEV_MONGODB_URI }}
-          sentryKey: ${{ secrets.API_SENTRY_KEY }}
           sentryAuthToken: ${{ secrets.SENTRY_AUTH_TOKEN }}
           containerRegistryUrl: ghcr.io
           containerRegistryUsername: ${{ github.actor }}
           containerRegistryPassword: ${{ secrets.GITHUB_TOKEN }}
-          aadb2cTenantName: ${{ secrets.AADB2C_TENANT }}
-          aadb2cClientId: ${{ secrets.DEV_AADB2C_CLIENT_ID }}
-          aadb2cIssuer: ${{ secrets.DEV_AADB2C_ISSUER }}
-          aadb2cPolicy: ${{ secrets.AADB2C_SIGN_IN_POLICY }}
+          containerTag: ghcr.io/kordis-leitstelle/kordis-api:${{ github.sha }}
       - name: Apply Database Migrations
         run: echo "add again once infrastructure is set up" # ./tools/db/kordis-db.sh apply-pending-migrations
         env:
@@ -51,12 +46,13 @@ jobs:
         id: spa-deployment
         uses: ./.github/actions/build-and-deploy-spa
         with:
-          apiUrl: ${{ steps.api-deployment.outputs.url }}
-          oauthConfig: ${{ secrets.DEV_OAUTH_CONFIG }}
           releaseVersion: ${{ github.sha }}
           deploymentEnv: "next"
-          sentryKey: ${{ secrets.SPA_SENTRY_KEY }}
           sentryAuthToken: ${{ secrets.SENTRY_AUTH_TOKEN }}
+          containerRegistryUrl: ghcr.io
+          containerRegistryUsername: ${{ github.actor }}
+          containerRegistryPassword: ${{ secrets.GITHUB_TOKEN }}
+          containerTag: ghcr.io/kordis-leitstelle/kordis-spa:${{ github.sha }}
 
   e2e:
     needs: deployment
@@ -73,7 +69,7 @@ jobs:
         env:
           E2E_BASE_URL: ${{ needs.deployment.outputs.spaUrl }}
           AADB2C_TEST_USERS: ${{ secrets.E2E_TEST_USERS }}
-      - uses: actions/upload-artifact@v3
+      - uses: actions/upload-artifact@v4
         if: failure()
         with:
           name: e2e-test-results

.github/workflows/nx-migration-checker.yml

@@ -17,7 +17,7 @@ jobs:
           node-version-file: '.nvmrc'
           cache: 'npm'
       - run: npm ci
-      - uses: timonmasberg/[email protected].8
+      - uses: timonmasberg/[email protected].12
         with:
           repoToken: ${{ secrets.WORKFLOW_PAT }}
           prTitle: 'chore(deps): migrate nx to $VERSION'

.github/workflows/preview-deployment.yml

@@ -81,23 +81,25 @@ jobs:
         id: api-deployment
         uses: ./.github/actions/build-and-deploy-api
         with:
-          slot: "pr${{ github.event.issue.number }}"
+          deploymentEnv: "pr${{ github.event.issue.number }}"
           releaseVersion: ${{ steps.set-pr-sha.outputs.head_sha }}
-          sentryKey: ${{ secrets.API_SENTRY_KEY }}
           sentryAuthToken: ${{ secrets.SENTRY_AUTH_TOKEN }}
           containerRegistryUrl: ghcr.io
           containerRegistryUsername: ${{ github.actor }}
           containerRegistryPassword: ${{ secrets.GITHUB_TOKEN }}
+          containerTag: ghcr.io/kordis-leitstelle/kordis-api:${{ steps.set-pr-sha.outputs.head_sha }}
+
       - name: Build and Deploy SPA
         id: spa-deployment
         uses: ./.github/actions/build-and-deploy-spa
         with:
-          apiUrl: ${{ steps.api-deployment.outputs.url }}
-          oauthConfig: ${{ secrets.DEV_OAUTH_CONFIG }}
           releaseVersion: ${{ steps.set-pr-sha.outputs.head_sha }}
           deploymentEnv: "pr${{ github.event.issue.number }}"
-          sentryKey: ${{ secrets.SPA_SENTRY_KEY }}
           sentryAuthToken: ${{ secrets.SENTRY_AUTH_TOKEN }}
+          containerRegistryUrl: ghcr.io
+          containerRegistryUsername: ${{ github.actor }}
+          containerRegistryPassword: ${{ secrets.GITHUB_TOKEN }}
+          containerTag: ghcr.io/kordis-leitstelle/kordis-spa:${{ steps.set-pr-sha.outputs.head_sha }}
       - name: Update PR Preview Comment
         uses: peter-evans/[email protected]
         with:
@@ -110,7 +112,7 @@ jobs:
             Commit SHA: ${{ steps.set-pr-sha.outputs.head_sha }}
           reactions: "rocket"
       - name: AZ B2C Tenant Login
-        uses: azure/login@v1.5.1
+        uses: azure/login@v1.6.1
         with:
           creds: '${{ secrets.AZURE_AADB2C_CREDENTIALS }}'
           allow-no-subscriptions: true
@@ -163,23 +165,25 @@ jobs:
         id: api-deployment
         uses: ./.github/actions/build-and-deploy-api
         with:
-          slot: "pr${{ github.event.pull_request.number }}"
+          deploymentEnv: "pr${{ github.event.pull_request.number }}"
           releaseVersion: ${{ github.event.pull_request.head.sha }}
-          sentryKey: ${{ secrets.API_SENTRY_KEY }}
           sentryAuthToken: ${{ secrets.SENTRY_AUTH_TOKEN }}
           containerRegistryUrl: ghcr.io
           containerRegistryUsername: ${{ github.actor }}
           containerRegistryPassword: ${{ secrets.GITHUB_TOKEN }}
+          containerTag: ghcr.io/kordis-leitstelle/kordis-api:${{ github.event.pull_request.head.sha }}
       - name: Build and Deploy SPA
         id: spa-deployment
         uses: ./.github/actions/build-and-deploy-spa
         with:
-          apiUrl: ${{ steps.api-deployment.outputs.url }}
-          oauthConfig: ${{ secrets.DEV_OAUTH_CONFIG }}
-          releaseVersion: ${{ github.event.pull_request.head.sha  }}
+          releaseVersion: ${{ github.event.pull_request.head.sha }}
           deploymentEnv: "pr${{ github.event.pull_request.number }}"
-          sentryKey: ${{ secrets.SPA_SENTRY_KEY }}
           sentryAuthToken: ${{ secrets.SENTRY_AUTH_TOKEN }}
+          containerRegistryUrl: ghcr.io
+          containerRegistryUsername: ${{ github.actor }}
+          containerRegistryPassword: ${{ secrets.GITHUB_TOKEN }}
+          containerTag: ghcr.io/kordis-leitstelle/kordis-spa:${{ github.event.pull_request.head.sha }}
+
       - name: Update PR Preview Comment
         uses: peter-evans/[email protected]
         with:
@@ -217,7 +221,7 @@ jobs:
             🏁 This PR has been closed. No deployment preview is available.
           reactions: "hooray"
       - name: AZ B2C Tenant Login
-        uses: azure/login@v1.5.1
+        uses: azure/login@v1.6.1
         with:
           creds: '${{ secrets.AZURE_AADB2C_CREDENTIALS }}'
           allow-no-subscriptions: true

.gitignore

@@ -47,6 +47,5 @@ playwright/.auth
 # Environments
 apps/api/.env
 apps/spa-e2e/.env
-apps/spa/src/environments/environment.prod.ts
 
-.nx/cache
+.nx/cache

.prettierignore

@@ -8,7 +8,9 @@ package-lock.json
 .angular
 
 apps/api/src/main.ts
+apps/spa/src/assets/config.template.json
+libs/spa/observability/src/lib/services/sentry-observability.service.spec.ts
 
 /.nx/cache
 
-migrations.json
+migrations.json