BRIC-4: Init composable-ui React frontend

.dockerignore

@@ -0,0 +1,14 @@
+node_modules
+dist
+coverage
+.git
+.github
+.vscode
+.idea
+*.md
+.env*
+.scannerwork
+.trivyignore
+trivy-report*.json
+sonar-project.properties
+*.tsbuildinfo

.env.example

@@ -0,0 +1,2 @@
+VITE_API_BASE_URL=http://localhost:8010
+VITE_WS_BASE_URL=ws://localhost:8010

.github/workflows/cd.yaml

@@ -0,0 +1,127 @@
+name: CD
+
+on:
+  pull_request:
+    types: [closed]
+  issue_comment:
+    types: [created]
+
+permissions:
+  contents: read
+  pull-requests: write
+
+jobs:
+  build-and-push:
+    if: >
+      (github.event_name == 'pull_request' && github.event.pull_request.merged == true) ||
+      (github.event_name == 'issue_comment' && github.event.issue.pull_request && contains(github.event.comment.body, '/deploy'))
+    runs-on: ubuntu-latest
+    steps:
+      - name: Get deploy SHA
+        id: sha
+        uses: actions/github-script@v7
+        with:
+          script: |
+            if (context.eventName === 'issue_comment') {
+              const pr = await github.rest.pulls.get({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                pull_number: context.issue.number,
+              });
+              return pr.data.head.sha;
+            }
+            return context.sha;
+          result-encoding: string
+
+      - name: Add deploy reaction
+        if: github.event_name == 'issue_comment'
+        uses: actions/github-script@v7
+        with:
+          script: |
+            await github.rest.reactions.createForIssueComment({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              comment_id: context.payload.comment.id,
+              content: 'rocket',
+            });
+
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ steps.sha.outputs.result }}
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Build Docker image for scanning (amd64)
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: ./Dockerfile
+          load: true
+          platforms: linux/amd64
+          tags: kaiohz/pickpro:composable-ui-scan
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      - name: Trivy Image Scan (report)
+        uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1
+        with:
+          image-ref: 'kaiohz/pickpro:composable-ui-scan'
+          format: 'table'
+          severity: 'CRITICAL,HIGH,MEDIUM'
+          exit-code: '0'
+          trivy-config: trivy.yaml
+          trivy-version: 'v0.69.3'
+
+      - name: Trivy Image Scan (CRITICAL gate)
+        uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1
+        with:
+          image-ref: 'kaiohz/pickpro:composable-ui-scan'
+          format: 'table'
+          severity: 'CRITICAL'
+          exit-code: '1'
+          trivy-config: trivy.yaml
+          trivy-version: 'v0.69.3'
+
+      - name: Build and push Docker image (multi-platform)
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: ./Dockerfile
+          push: true
+          platforms: linux/amd64,linux/arm64
+          tags: |
+            kaiohz/pickpro:composable-ui-${{ steps.sha.outputs.result }}
+            kaiohz/pickpro:composable-ui-latest
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      - name: Checkout flux repository
+        run: |
+          git clone https://x-access-token:${{ secrets.FLUX_REPO_TOKEN }}@github.com/SoluDevTech/flux.git flux-repo
+
+      - name: Update deployment image tag
+        run: |
+          DEPLOYMENT_FILE="flux-repo/dev/bricks/composable-ui/deployment.yaml"
+          if [ -f "$DEPLOYMENT_FILE" ]; then
+            sed -i 's|image: kaiohz/pickpro:composable-ui-.*|image: kaiohz/pickpro:composable-ui-${{ steps.sha.outputs.result }}|g' "$DEPLOYMENT_FILE"
+          else
+            echo "Error: Deployment file not found at $DEPLOYMENT_FILE"
+            exit 1
+          fi
+
+      - name: Commit and push changes
+        run: |
+          cd flux-repo
+          git config user.name "github-actions[bot]"
+          git config user.email "github-actions[bot]@users.noreply.github.com"
+          git add dev/bricks/composable-ui/deployment.yaml
+          git commit -m "Update composable-ui image to ${{ steps.sha.outputs.result }}" || echo "No changes to commit"
+          git push https://x-access-token:${{ secrets.FLUX_REPO_TOKEN }}@github.com/SoluDevTech/flux.git main

.github/workflows/ci.yaml

@@ -0,0 +1,60 @@
+name: CI
+
+on:
+  pull_request:
+    types: [opened, synchronize, reopened]
+
+permissions:
+  contents: read
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Setup Bun
+        uses: oven-sh/setup-bun@v1
+
+      - name: Install dependencies
+        run: bun install --frozen-lockfile || bun install
+
+      - name: Run build check
+        run: bun run build
+
+      - name: Run tests with coverage
+        run: bun run test --coverage
+
+      - name: Trivy FS Scan (report)
+        uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1
+        with:
+          scan-type: 'fs'
+          scan-ref: '.'
+          format: 'table'
+          severity: 'CRITICAL,HIGH,MEDIUM'
+          exit-code: '0'
+          trivy-config: trivy.yaml
+          trivy-version: 'v0.69.3'
+
+      - name: Trivy FS Scan (CRITICAL gate)
+        uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1
+        with:
+          scan-type: 'fs'
+          scan-ref: '.'
+          format: 'table'
+          severity: 'CRITICAL'
+          exit-code: '1'
+          trivy-config: trivy.yaml
+          trivy-version: 'v0.69.3'
+
+      - name: SonarQube Scan
+        uses: SonarSource/sonarqube-scan-action@v5
+        env:
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+          SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
+        with:
+          args: >
+            -Dsonar.qualitygate.wait=false

.gitignore

@@ -0,0 +1,36 @@
+# Logs
+logs
+*.log
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+pnpm-debug.log*
+lerna-debug.log*
+
+node_modules
+dist
+dist-ssr
+*.local
+
+# Editor directories and files
+.vscode/*
+!.vscode/extensions.json
+.idea
+.DS_Store
+*.suo
+*.ntvs*
+*.njsproj
+*.sln
+*.sw?
+
+# Testing
+coverage
+
+# TypeScript build artifacts
+*.tsbuildinfo
+
+# Environment
+.env
+.env.local
+.env.*.local
+.scannerwork

Dockerfile

@@ -0,0 +1,33 @@
+FROM oven/bun:1 AS deps
+
+WORKDIR /app
+
+COPY package.json bun.lock ./
+
+RUN bun install --frozen-lockfile || bun install
+
+FROM deps AS builder
+
+COPY . .
+
+RUN bun run build
+
+FROM nginx:alpine AS production
+
+RUN apk update && apk upgrade --no-cache && apk add --no-cache dumb-init
+
+RUN rm -rf /usr/share/nginx/html/* && \
+    rm /etc/nginx/conf.d/default.conf
+
+COPY --from=builder /app/dist /usr/share/nginx/html
+
+COPY nginx.conf /etc/nginx/conf.d/default.conf
+
+EXPOSE 80
+
+HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
+    CMD wget --no-verbose --tries=1 --spider http://127.0.0.1:80/ || exit 1
+
+ENTRYPOINT ["dumb-init", "--"]
+
+CMD ["nginx", "-g", "daemon off;"]

Makefile

@@ -0,0 +1,13 @@
+.PHONY: trivy-fs trivy-image trivy-fs-critical trivy-image-critical
+
+trivy-fs:
+	trivy fs --severity CRITICAL,HIGH,MEDIUM --config trivy.yaml .
+
+trivy-image:
+	trivy image --severity CRITICAL,HIGH,MEDIUM --config trivy.yaml kaiohz/pickpro:composable-ui-latest
+
+trivy-fs-critical:
+	trivy fs --severity CRITICAL --exit-code 1 --config trivy.yaml .
+
+trivy-image-critical:
+	trivy image --severity CRITICAL --exit-code 1 --config trivy.yaml kaiohz/pickpro:composable-ui-latest