Initial import

myrotvorets · Sep 26, 2023 · 33e4272 · 33e4272
commit 33e4272
Show file tree

Hide file tree

Showing 59 changed files with 9,819 additions and 0 deletions.
diff --git a/.c8rc.json b/.c8rc.json
@@ -0,0 +1,4 @@
+{
+    "extension": [".mts"],
+    "reporter": ["text", "lcov"]
+}
diff --git a/.devcontainer/.docker/identigraf/.dockerignore b/.devcontainer/.docker/identigraf/.dockerignore
@@ -0,0 +1 @@
+.gitkeep
diff --git a/.devcontainer/.docker/identigraf/Dockerfile b/.devcontainer/.docker/identigraf/Dockerfile
@@ -0,0 +1,13 @@
+FROM ghcr.io/sjinks/codespaces/nodejs:latest@sha256:74fe721fb452224b7ceb081b3b00873ef301d67d926773fd598a87fc19c66a04
+
+ENV SERVICE_NAME identigraf
+
+RUN \
+    apk add --no-cache nginx vips vips-cpp vips-dev && \
+    sed -i "s/user nginx;/user ${CONTAINER_USER};/" /etc/nginx/nginx.conf && \
+    chown -R "${CONTAINER_USER}:${CONTAINER_USER}" /run/nginx /var/log/nginx /var/lib/nginx
+
+COPY rootfs /
+WORKDIR /usr/src/service
+
+RUN chown -R "${CONTAINER_USER}:${CONTAINER_USER}" /usr/src/service
diff --git a/.devcontainer/.docker/identigraf/rootfs/etc/nginx/http.d/default.conf b/.devcontainer/.docker/identigraf/rootfs/etc/nginx/http.d/default.conf
@@ -0,0 +1,41 @@
+server {
+    listen 80;
+    server_name localhost;
+
+    client_body_buffer_size 10m;
+
+    proxy_http_version 1.1;
+    proxy_set_header Host $host;
+    proxy_set_header Accept-Encoding "";
+    proxy_set_header X-Forwarded-Proto $scheme;
+    proxy_set_header X-Forwarded-Host $host:$server_port;
+    proxy_set_header X-Forwarded-Server $host;
+    proxy_set_header X-Forwarded-Port $server_port;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_read_timeout 300s;
+
+    location / {
+        proxy_set_header traceparent "";
+        proxy_set_header tracestate "";
+        proxy_pass http://localhost:3000;
+    }
+
+    location /identigraf/v2/ {
+        proxy_set_header traceparent "";
+        proxy_set_header tracestate "";
+        proxy_pass http://localhost:3000/;
+    }
+
+    location /swagger/ {
+        proxy_pass http://swagger:8080;
+    }
+}
+
+server {
+    listen 9411;
+    server_name localhost;
+
+    location / {
+        proxy_pass http://zipkin:9411;
+    }
+}
diff --git a/.devcontainer/.docker/identigraf/rootfs/etc/service/identigraf b/.devcontainer/.docker/identigraf/rootfs/etc/service/identigraf
@@ -0,0 +1 @@
+../sv/identigraf/
diff --git a/.devcontainer/.docker/identigraf/rootfs/etc/service/nginx b/.devcontainer/.docker/identigraf/rootfs/etc/service/nginx
@@ -0,0 +1 @@
+../sv/nginx
diff --git a/.devcontainer/.docker/identigraf/rootfs/etc/sv/identigraf/down b/.devcontainer/.docker/identigraf/rootfs/etc/sv/identigraf/down
diff --git a/.devcontainer/.docker/identigraf/rootfs/etc/sv/identigraf/run b/.devcontainer/.docker/identigraf/rootfs/etc/sv/identigraf/run
@@ -0,0 +1,12 @@
+#!/bin/sh
+
+set -e
+exec 2>&1
+
+PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+SERVICE_USER="${CONTAINER_USER:-vscode}"
+
+: "${SERVICE_NAME:?}"
+
+install -d -o "${SERVICE_USER}" -g "${SERVICE_USER}" -m 0755 "/var/log/${SERVICE_NAME}"
+exec sudo -u "${SERVICE_USER}" -H /usr/local/bin/start-service.sh > "/var/log/${SERVICE_NAME}/start.log" 2>&1
diff --git a/.devcontainer/.docker/identigraf/rootfs/etc/sv/nginx/run b/.devcontainer/.docker/identigraf/rootfs/etc/sv/nginx/run
@@ -0,0 +1,16 @@
+#!/bin/sh
+
+set -eu
+
+PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+
+exec 2>&1
+
+NGINX_USER="${CONTAINER_USER:-vscode}"
+
+COMMAND=/usr/sbin/nginx
+PID_FILE=/run/nginx/nginx.pid
+
+/usr/bin/install -d -o "${NGINX_USER}" -g "${NGINX_USER}" "${PID_FILE%/*}" /var/log/nginx
+/usr/bin/install -d -o "${NGINX_USER}" -g "${NGINX_USER}" -m 0750 /var/lib/nginx
+exec "${COMMAND}" -c /etc/nginx/nginx.conf -g "pid ${PID_FILE}; daemon off;"
diff --git a/.devcontainer/.docker/identigraf/rootfs/usr/local/bin/post-create.sh b/.devcontainer/.docker/identigraf/rootfs/usr/local/bin/post-create.sh
@@ -0,0 +1,21 @@
+#!/bin/sh
+
+PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+
+cd /usr/src/service || exit 1
+
+if [ ! -f .npmrc.local ] || ! grep -q '//npm.pkg.github.com/:_authToken=' .npmrc.local; then
+    if [ -n "${GITHUB_TOKEN}" ]; then
+        echo "Using GITHUB_TOKEN to authenticate to npm.pkg.github.com"
+        echo "//npm.pkg.github.com/:_authToken=${GITHUB_TOKEN}" >> .npmrc.local
+    elif [ -n "${READ_PACKAGES_TOKEN}" ]; then
+        echo "Using READ_PACKAGES_TOKEN to authenticate to npm.pkg.github.com"
+        echo "//npm.pkg.github.com/:_authToken=${READ_PACKAGES_TOKEN}" >> .npmrc.local
+    else
+        echo "WARNING: Neither GITHUB_TOKEN nor READ_PACKAGES_TOKEN is available; package download may fail."
+    fi
+else
+    echo ".npmrc.local already exists and has an authentication token for npm.pkg.github.com"
+fi
+
+sudo sv start identigraf
diff --git a/.devcontainer/.docker/identigraf/rootfs/usr/local/bin/start-service.sh b/.devcontainer/.docker/identigraf/rootfs/usr/local/bin/start-service.sh
@@ -0,0 +1,22 @@
+#!/bin/sh
+
+PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+
+: "${SERVICE_NAME:?}"
+
+cd /usr/src/service || exit 1
+
+export NPM_CONFIG_AUDIT=0
+
+if [ ! -d node_modules ]; then
+    npm ci --ignore-scripts --userconfig .npmrc.local && npm rebuild && npm run prepare --if-present
+else
+    npm install --ignore-scripts --userconfig .npmrc.local && npm rebuild && npm run prepare --if-present
+fi
+
+if [ ! -d node_modules ]; then
+    echo "FATAL: Failed to install dependencies"
+    exit 1
+fi
+
+npm run start:dev 2>&1 | tee -a "/var/log/${SERVICE_NAME}/${SERVICE_NAME}.log"
diff --git a/.devcontainer/.docker/identigraf/rootfs/usr/src/service/.gitkeep b/.devcontainer/.docker/identigraf/rootfs/usr/src/service/.gitkeep
diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
@@ -0,0 +1,57 @@
+{
+    "name": "IDentigraF",
+    "dockerComposeFile": "docker-compose.yml",
+    "service": "identigraf",
+    "workspaceFolder": "/usr/src/service",
+    "forwardPorts": [80, 9411],
+    "portsAttributes": {
+        "80": {
+            "label": "Application (Frontend)",
+            "onAutoForward": "notify"
+        },
+        "3000": {
+            "label": "Application (Backend)",
+            "onAutoForward": "ignore"
+        },
+        "9411": {
+            "label": "Zipkin",
+            "onAutoForward": "notify"
+        }
+    },
+    "remoteUser": "vscode",
+    "postCreateCommand": "/usr/local/bin/post-create.sh",
+    "secrets": {
+        "READ_PACKAGES_TOKEN": {
+            "description": "Personal access token to install packages from ghcr.io"
+        },
+        "FACEX_URL": {
+            "description": "URL of the FaceX API"
+        }
+    },
+    "customizations": {
+        "codespaces": {
+            "repositories": {
+                "myrotvorets/psb-api-identigraf": {
+                    "permissions": {
+                        "packages": "read"
+                    }
+                }
+            }
+        },
+        "vscode": {
+            "extensions": [
+                "dlech.chmod",
+                "dbaeumer.vscode-eslint",
+                "esbenp.prettier-vscode",
+                "timonwong.shellcheck",
+                "ms-azuretools.vscode-docker",
+                "zhiayang.tabindentspacealign",
+                "42Crunch.vscode-openapi",
+                "natqe.reload"
+            ],
+            "settings": {
+                "files.autoSave": "onWindowChange"
+            }
+        }
+    }
+}
diff --git a/.devcontainer/docker-compose.yml b/.devcontainer/docker-compose.yml
@@ -0,0 +1,31 @@
+services:
+  identigraf:
+    build:
+      context: .docker/identigraf
+      dockerfile: Dockerfile
+    environment:
+      - NODE_ENV=development
+      - NO_UPDATE_NOTIFIER=true
+      - NPM_CONFIG_FUND=0
+      - SUPPRESS_SUPPORT=1
+      - HTTPS=0
+      - PORT=3000
+      - ENABLE_TRACING=1
+      - OTEL_EXPORTER_ZIPKIN_ENDPOINT=http://zipkin:9411/api/v2/spans
+      - HAVE_SWAGGER=true
+      - FACEX_URL
+      - npm_config_userconfig=/usr/src/service/.npmrc.local
+    restart: always
+    volumes:
+      - "../:/usr/src/service"
+    working_dir: /usr/src/service
+
+  zipkin:
+    image: openzipkin/zipkin:latest@sha256:5fd55e6a109233b36d419d7fd2449588d17a6e4da7ed7a3fd0d09c86f1c75a15
+    restart: always
+
+  swagger:
+    image: swaggerapi/swagger-ui:latest@sha256:3b4f51470fed56b1ce5a064f57ce7a0d585f50192731f458e7b376713b286d57
+    environment:
+      - SWAGGER_JSON_URL=/specs/identigraf-private.yaml
+      - BASE_URL=/swagger
diff --git a/.dockerignore b/.dockerignore
@@ -0,0 +1,10 @@
+*
+!.npmrc
+!.npmrc.local
+!src
+!package.json
+!package-lock.json
+!tsconfig.json
+
+src/**/.git
+*.d.ts
diff --git a/.eslintignore b/.eslintignore
@@ -0,0 +1,5 @@
+dist/**
+node_modules/**
+*.cjs
+*.mjs
+
diff --git a/.eslintrc.json b/.eslintrc.json
@@ -0,0 +1,16 @@
+{
+  "parserOptions": {
+    "project": ["./tsconfig.json"],
+    "sourceType": "module"
+  },
+  "extends": [
+    "@myrotvorets/myrotvorets-ts",
+    "plugin:mocha/recommended"
+  ],
+  "root": true,
+  "env": {
+    "es2022": true,
+    "mocha": true,
+    "node": true
+  }
+}
diff --git a/.github/renovate.json b/.github/renovate.json
@@ -0,0 +1,6 @@
+{
+    "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+    "extends": [
+        "local>myrotvorets/.github:renovate-config"
+    ]
+}
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -0,0 +1,44 @@
+name: Build and Test
+
+on:
+  push:
+    branches:
+      - '**'
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    if: ${{ !contains(github.event.head_commit.message, '[ci skip]') || github.event_name == 'workflow_dispatch' }}
+    name: Build and test
+    strategy:
+      matrix:
+        node:
+          - { name: Current, version: current }
+          - { name: LTS,     version: lts/* }
+    permissions:
+      contents: read
+      packages: read
+    steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 # v2.5.1
+        with:
+          disable-sudo: true
+          egress-policy: block
+          allowed-endpoints: >
+            api.github.com:443
+            github.com:443
+            nodejs.org:443
+            npm.pkg.github.com:443
+            objects.githubusercontent.com:443
+            pkg-npm.githubusercontent.com:443
+            registry.npmjs.org:443
+
+      - name: Build and test
+        uses: myrotvorets/composite-actions/build-test-nodejs@master
+        with:
+          node-version: ${{ matrix.node.version }}
+          registry-url: https://npm.pkg.github.com
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -0,0 +1,54 @@
+name: CodeQL
+
+on:
+  push:
+    branches:
+      - master
+  pull_request:
+    branches:
+      - master
+  schedule:
+    - cron: "47 19 * * 3"
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+    strategy:
+      fail-fast: false
+      matrix:
+        language:
+          - javascript
+    steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 # v2.5.1
+        with:
+          disable-sudo: true
+          egress-policy: block
+          allowed-endpoints: >
+            api.github.com:443
+            github.com:443
+            uploads.github.com:443
+
+      - name: Checkout
+        uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
+        with:
+          submodules: recursive
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@6a28655e3dcb49cb0840ea372fd6d17733edd8a4 # v2.21.8
+        with:
+          languages: ${{ matrix.language }}
+          queries: +security-and-quality
+
+      - name: Autobuild
+        uses: github/codeql-action/autobuild@6a28655e3dcb49cb0840ea372fd6d17733edd8a4 # v2.21.8
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@6a28655e3dcb49cb0840ea372fd6d17733edd8a4 # v2.21.8
+        with:
+          category: "/language:${{ matrix.language }}"