first commit

.eslintrc.js

@@ -0,0 +1,25 @@
+module.exports = {
+  parser: '@typescript-eslint/parser',
+  parserOptions: {
+    project: 'tsconfig.json',
+    tsconfigRootDir: __dirname,
+    sourceType: 'module',
+  },
+  plugins: ['@typescript-eslint/eslint-plugin'],
+  extends: [
+    'plugin:@typescript-eslint/recommended',
+    'plugin:prettier/recommended',
+  ],
+  root: true,
+  env: {
+    node: true,
+    jest: true,
+  },
+  ignorePatterns: ['.eslintrc.js'],
+  rules: {
+    '@typescript-eslint/interface-name-prefix': 'off',
+    '@typescript-eslint/explicit-function-return-type': 'off',
+    '@typescript-eslint/explicit-module-boundary-types': 'off',
+    '@typescript-eslint/no-explicit-any': 'off',
+  },
+};

.github/workflows/build-intention.json

@@ -0,0 +1,29 @@
+{
+  "event": {
+    "provider": "github-action-build",
+    "reason": "Job triggered",
+    "url": "JOB_URL"
+  },
+  "actions": [
+    {
+      "action": "package-build",
+      "id": "build",
+      "provision": [],
+      "service": {
+        "project": "hello",
+        "name": "vvsddsv",
+        "environment": "tools"
+      },
+      "package": {
+        "version": "",
+        "buildVersion": "",
+        "buildNumber": 0,
+        "name": "vvsddsv",
+        "type": "application/vnd.oci.image.layer.v1.tar"
+      }
+    }
+  ],
+  "user": {
+    "name": "github@internal"
+  }
+}

.github/workflows/build-intention.sh

@@ -0,0 +1,12 @@
+#!/usr/bin/env bash
+
+echo "===> Create Intention"
+# Create intention
+cat ./.github/workflows/build-intention.json | jq "\
+    .event.reason=\"${EVENT_REASON}\" | \
+    .event.url=\"https://github.com/${GITHUB_REPOSITORY}/actions/runs/${GITHUB_RUN_ID}\" | \
+    (.actions[] | select(.id == \"build\") .package.version) |= \"${PACKAGE_VERSION}\" | \
+    (.actions[] | select(.id == \"build\") .package.buildGuid) |= \"${PACKAGE_BUILD_GUID}\" | \
+    (.actions[] | select(.id == \"build\") .package.buildVersion) |= \"${PACKAGE_BUILD_VERSION}\" | \
+    (.actions[] | select(.id == \"build\") .package.buildNumber) |= ${PACKAGE_BUILD_NUMBER} \
+    " > intention.json

.github/workflows/build-release.yaml

@@ -0,0 +1,114 @@
+name: Build and release
+
+on:
+  push:
+    tags:
+      - 'v*'
+  pull_request:
+    branches:
+      - main
+  workflow_dispatch:
+
+concurrency:
+  group: ci-${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+env:
+  BROKER_URL: https://broker.io.nrs.gov.bc.ca
+  BROKER_JWT: ${{ secrets.BROKER_JWT }}
+  SERVICE_PROJECT: hello
+  SERVICE_NAME: vvsddsv
+
+jobs:
+  check_token_expiration:
+    uses: ./.github/workflows/check-token.yaml
+    secrets:
+      token: ${{ secrets.BROKER_JWT }}
+  build-release:
+    name: Build and release
+    runs-on: ubuntu-latest
+    needs: check_token_expiration
+    permissions:
+      contents: read
+      packages: write
+    outputs:
+      project_version: ${{ steps.set-build-output-parameters.outputs.project_version }}
+      intention_id: ${{ steps.set-intention-id.outputs.intention_id }}
+      branch: $${{ steps.set-branch.outputs.branch }}
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+            fetch-depth: 0
+            fetch-tags: true
+            ref: ${{ github.ref }}
+      - name: Setup ORAS
+        uses: oras-project/setup-oras@v1
+      - name: Set up Node
+        uses: actions/setup-node@v4
+        with:
+          node-version: 22
+          cache: 'npm'
+      - name: Set branch
+        id: set-branch
+        if: ${{ ! startsWith(github.ref, 'refs/tags/v') }}
+        run: |
+          if [[ ${{ startsWith(github.ref, 'refs/heads/') }} = true ]]; then
+            echo "branch=${{ github.ref_name }}" >> "$GITHUB_OUTPUT"
+          fi
+          if [[ ${{ startsWith(github.ref, 'refs/pull/') }} = true ]]; then
+            echo "branch=${{ github.head_ref }}" >> "$GITHUB_OUTPUT"
+          fi
+      - name: Set build output parameters
+        id: set-build-output-parameters
+        run: |
+          echo "project_version=1.0.0" >> $GITHUB_OUTPUT
+          echo "git_commit=$(git rev-parse --verify HEAD)" >> $GITHUB_OUTPUT
+          echo "build_guid=uuid::$(uuidgen)" >> $GITHUB_OUTPUT
+      - name: Build intention
+        run: sh ./.github/workflows/build-intention.sh
+        env:
+          EVENT_REASON: Build ${{ github.ref_name }}
+          GITHUB_REPOSITORY: ${{ github.repository}}
+          GITHUB_RUN_ID: ${{ github.run_id}}
+          PACKAGE_BUILD_GUID:  ${{ steps.set-build-output-parameters.outputs.build_guid }}
+          PACKAGE_BUILD_NUMBER: ${{ github.run_number }}
+          PACKAGE_BUILD_VERSION: ${{ steps.set-build-output-parameters.outputs.git_commit }}
+          PACKAGE_VERSION: ${{ steps.set-build-output-parameters.outputs.project_version }}
+      - name: Open intention
+        uses: bcgov-nr/action-broker-intention-open@v2
+        with:
+          broker_jwt: ${{ secrets.BROKER_JWT }}
+          intention_path: intention.json
+          quickstart: true
+      - name: Set intention ID for deployment job
+        id: set-intention-id
+        run: |
+          echo "intention_id=${INTENTION_ID}" >> $GITHUB_OUTPUT
+        env:
+          INTENTION_ID: ${{ env.INTENTION_ID }}
+      - name: npm ci
+        run: npm ci
+      - name: Build artifact
+        run: npm run build --if-present
+      - name: Push build
+        run: |
+          oras push ghcr.io/${{ github.repository_owner }}/${{ github.repository}}:${PROJECT_VERSION} dist
+          MANIFEST=$(oras manifest fetch ghcr.io/${{ github.repository_owner }}/${{ github.repository}}:${PROJECT_VERSION})
+          echo "artifact_sha256=$(echo $MANIFEST | jq -r '.layers[0].digest')" >> $GITHUB_OUTPUT
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          PROJECT_VERSION: ${{ steps.set-build-output-parameters.outputs.project_version }}
+      - name: Send build info
+        run: |
+          curl -s POST ${{ env.BROKER_URL }}/v1/intention/action/patch \
+              -H 'Content-Type: application/json' \
+              -H 'X-Broker-Token: '"${BUILD_TOKEN}"'' \
+              -d '{"package":{"checksum": "sha256:'${ARTIFACT_SHA256}'"}}'
+        env:
+          ARTIFACT_SHA256: ${{ steps.publish-artifact.outputs.artifact_sha256 }}
+          BUILD_TOKEN: ${{ env.ACTION_TOKEN_BUILD }}
+      - name: Close intention
+        uses: bcgov-nr/action-broker-intention-close@v1
+        with:
+          intention_token: ${{ env.INTENTION_TOKEN }}

.github/workflows/check-token.yaml

@@ -0,0 +1,37 @@
+name: Check token expiration
+
+on:
+  workflow_call:
+    inputs:
+      url:
+        description: "The Broker URL"
+        default: https://broker.io.nrs.gov.bc.ca
+        type: string
+    secrets:
+      token:
+        description: "The Broker token"
+        required: true
+
+jobs:
+  check-jwt:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Check token expiration
+        shell: bash
+        run: |
+          RESPONSE_CODE=$(curl -o /dev/null -s -w "%{http_code}" -X 'GET' \
+            ${{ inputs.url }}/v1/health/token-check \
+            -H 'accept: */*' \
+            -H 'Authorization: Bearer '"${{ secrets.token }}"'' \
+            )
+
+          if [ "$RESPONSE_CODE" -eq 401 ]; then
+            echo "Unauthorized (401)"
+            exit 1
+          elif [ "$RESPONSE_CODE" -eq 403 ]; then
+            echo "Invalid JWT: Block list has match"
+            exit 1
+          else
+            echo "Response code: $RESPONSE_CODE"
+          fi