chore(ci): Align GH Workflows with Docker SSoT, new paths; minimal SSoT guard; staticAnalysis (#23)

* chore(MP-21): snapshot pre-refactor state (Epic 1) * chore(MP-22): scaffold new repo structure, relocate Docker Compose, move frontend/backend modules, update Makefile; add docs mapping and env template * MP-22 Epic 2: Erfolgreich umgesetzt und verifiziert * MP-23 Epic 3: Gradle/Build Governance zentralisieren * MP-23 Epic 3: Gradle/Build Governance zentralisieren * chore(devops)!: Docker-SSoT (.env) konsolidiert, Compose-Mounts ergänzt, Makefile entfernt - ENV Single Source of Truth - docker/.env.example neu (inkl. REDIS_PASSWORD, Ports, Build-Overrides) - config/.env(.example) als DEPRECATED markiert (Verweis auf docker/.env[.example]) - Docker Compose vereinheitlicht (docker/docker-compose.yaml) - Postgres: zentralen postgresql.conf mounten (../config/postgres/postgresql.conf) und Start mit -c config_file=/etc/postgresql/postgresql.conf - Redis: zentralen redis.conf mounten (../config/redis/redis.conf) und Start via "redis-server … ${REDIS_PASSWORD:+--requirepass $REDIS_PASSWORD}" - Web-Nginx: ../config/nginx/nginx.prod.conf → /etc/nginx/nginx.conf (ro) - Monitoring: Prometheus/Grafana nutzen ../config/monitoring/* als SSoT - Frontend/DI/Network (MP-23 Grundlage) - :frontend:core:network Modul mit Koin `apiClient` (Ktor + JSON/Retry/Timeout/Logging) - Plattform-Basis-URL-Auflösung (JVM: ENV API_BASE_URL; JS: globalThis.API_BASE_URL / Same-Origin) - Web index.html setzt API_BASE_URL (Query `?apiBaseUrl=…` > Same-Origin > Fallback) - Build/Gradle & Module-Refs - settings.gradle.kts: neue Frontend-/Backend-Pfade bereits inkludiert - Features/Shell: Abhängigkeiten auf :frontend:shared / :frontend:core:* angepasst - Ping-API-Refs auf :backend:services:ping:ping-api vereinheitlicht - Dockerfiles angepasst - backend/infrastructure/gateway/Dockerfile → Tasks/Pfade auf :backend:gateway - backend/services/ping/Dockerfile → Tasks/Pfade auf :backend:services:ping:ping-service - Static Analysis / Guards - config/detekt/detekt.yml hinzugefügt - Leichter Arch-Guard (Frontend) gegen manuelle Authorization-Header vorbereitet - Doku - docs/ARCHITECTURE.md (Struktur, Mapping, Next Steps) ergänzt - docs/adr/README.md angelegt BREAKING CHANGES: - Makefile komplett entfernt (bitte direkt `docker compose` verwenden) - ENV-Quelle ist jetzt docker/.env (statt config/.env oder Root) - Compose-Datei unter docker/docker-compose.yaml (nicht mehr compose.yaml im Repo-Root) Verifikation (lokal): - ENV anlegen: `cp docker/.env.example docker/.env` (Werte anpassen) - Compose prüfen: `docker compose --env-file docker/.env -f docker/docker-compose.yaml config` - Infrastruktur: `docker compose --env-file docker/.env -f docker/docker-compose.yaml -p meldestelle up -d postgres redis keycloak web-app` - Services bauen: `docker compose --env-file docker/.env -f docker/docker-compose.yaml -p meldestelle build api-gateway ping-service --no-cache --progress=plain` Refs: MP-22 (Epic 2), MP-23 (Epic 3) * chore(devops)!: Docker-SSoT (.env) konsolidiert, Compose-Mounts ergänzt, Makefile entfernt - ENV Single Source of Truth - docker/.env.example neu (inkl. REDIS_PASSWORD, Ports, Build-Overrides) - config/.env(.example) als DEPRECATED markiert (Verweis auf docker/.env[.example]) - Docker Compose vereinheitlicht (docker/docker-compose.yaml) - Postgres: zentralen postgresql.conf mounten (../config/postgres/postgresql.conf) und Start mit -c config_file=/etc/postgresql/postgresql.conf - Redis: zentralen redis.conf mounten (../config/redis/redis.conf) und Start via "redis-server … ${REDIS_PASSWORD:+--requirepass $REDIS_PASSWORD}" - Web-Nginx: ../config/nginx/nginx.prod.conf → /etc/nginx/nginx.conf (ro) - Monitoring: Prometheus/Grafana nutzen ../config/monitoring/* als SSoT - Frontend/DI/Network (MP-23 Grundlage) - :frontend:core:network Modul mit Koin `apiClient` (Ktor + JSON/Retry/Timeout/Logging) - Plattform-Basis-URL-Auflösung (JVM: ENV API_BASE_URL; JS: globalThis.API_BASE_URL / Same-Origin) - Web index.html setzt API_BASE_URL (Query `?apiBaseUrl=…` > Same-Origin > Fallback) - Build/Gradle & Module-Refs - settings.gradle.kts: neue Frontend-/Backend-Pfade bereits inkludiert - Features/Shell: Abhängigkeiten auf :frontend:shared / :frontend:core:* angepasst - Ping-API-Refs auf :backend:services:ping:ping-api vereinheitlicht - Dockerfiles angepasst - backend/infrastructure/gateway/Dockerfile → Tasks/Pfade auf :backend:gateway - backend/services/ping/Dockerfile → Tasks/Pfade auf :backend:services:ping:ping-service - Static Analysis / Guards - config/detekt/detekt.yml hinzugefügt - Leichter Arch-Guard (Frontend) gegen manuelle Authorization-Header vorbereitet - Doku - docs/ARCHITECTURE.md (Struktur, Mapping, Next Steps) ergänzt - docs/adr/README.md angelegt BREAKING CHANGES: - Makefile komplett entfernt (bitte direkt `docker compose` verwenden) - ENV-Quelle ist jetzt docker/.env (statt config/.env oder Root) - Compose-Datei unter docker/docker-compose.yaml (nicht mehr compose.yaml im Repo-Root) Verifikation (lokal): - ENV anlegen: `cp docker/.env.example docker/.env` (Werte anpassen) - Compose prüfen: `docker compose --env-file docker/.env -f docker/docker-compose.yaml config` - Infrastruktur: `docker compose --env-file docker/.env -f docker/docker-compose.yaml -p meldestelle up -d postgres redis keycloak web-app` - Services bauen: `docker compose --env-file docker/.env -f docker/docker-compose.yaml -p meldestelle build api-gateway ping-service --no-cache --progress=plain` Refs: MP-22 (Epic 2), MP-23 (Epic 3) * chore(devops)!: Docker-SSoT (.env) konsolidiert, Compose-Mounts ergänzt, Makefile entfernt - ENV Single Source of Truth - docker/.env.example neu (inkl. REDIS_PASSWORD, Ports, Build-Overrides) - config/.env(.example) als DEPRECATED markiert (Verweis auf docker/.env[.example]) - Docker Compose vereinheitlicht (docker/docker-compose.yaml) - Postgres: zentralen postgresql.conf mounten (../config/postgres/postgresql.conf) und Start mit -c config_file=/etc/postgresql/postgresql.conf - Redis: zentralen redis.conf mounten (../config/redis/redis.conf) und Start via "redis-server … ${REDIS_PASSWORD:+--requirepass $REDIS_PASSWORD}" - Web-Nginx: ../config/nginx/nginx.prod.conf → /etc/nginx/nginx.conf (ro) - Monitoring: Prometheus/Grafana nutzen ../config/monitoring/* als SSoT - Frontend/DI/Network (MP-23 Grundlage) - :frontend:core:network Modul mit Koin `apiClient` (Ktor + JSON/Retry/Timeout/Logging) - Plattform-Basis-URL-Auflösung (JVM: ENV API_BASE_URL; JS: globalThis.API_BASE_URL / Same-Origin) - Web index.html setzt API_BASE_URL (Query `?apiBaseUrl=…` > Same-Origin > Fallback) - Build/Gradle & Module-Refs - settings.gradle.kts: neue Frontend-/Backend-Pfade bereits inkludiert - Features/Shell: Abhängigkeiten auf :frontend:shared / :frontend:core:* angepasst - Ping-API-Refs auf :backend:services:ping:ping-api vereinheitlicht - Dockerfiles angepasst - backend/infrastructure/gateway/Dockerfile → Tasks/Pfade auf :backend:gateway - backend/services/ping/Dockerfile → Tasks/Pfade auf :backend:services:ping:ping-service - Static Analysis / Guards - config/detekt/detekt.yml hinzugefügt - Leichter Arch-Guard (Frontend) gegen manuelle Authorization-Header vorbereitet - Doku - docs/ARCHITECTURE.md (Struktur, Mapping, Next Steps) ergänzt - docs/adr/README.md angelegt BREAKING CHANGES: - Makefile komplett entfernt (bitte direkt `docker compose` verwenden) - ENV-Quelle ist jetzt docker/.env (statt config/.env oder Root) - Compose-Datei unter docker/docker-compose.yaml (nicht mehr compose.yaml im Repo-Root) Verifikation (lokal): - ENV anlegen: `cp docker/.env.example docker/.env` (Werte anpassen) - Compose prüfen: `docker compose --env-file docker/.env -f docker/docker-compose.yaml config` - Infrastruktur: `docker compose --env-file docker/.env -f docker/docker-compose.yaml -p meldestelle up -d postgres redis keycloak web-app` - Services bauen: `docker compose --env-file docker/.env -f docker/docker-compose.yaml -p meldestelle build api-gateway ping-service --no-cache --progress=plain` Refs: MP-22 (Epic 2), MP-23 (Epic 3) * chore(ci): Workflows an Docker-SSoT & neue Struktur angepasst, minimaler SSoT-Guard - ssot-guard.yml: Option B (minimal) → `docker compose -f docker/docker-compose.yaml config` als Lint - integration-tests.yml: `./gradlew staticAnalysis` vor Integrationstests - docs-kdoc-sync.yml: Dokka-Task Fallback (dokkaGfmAll || dokkaGfm), YouTrack-Sync nur wenn Script vorhanden - deploy-proxmox.yml: Compose-Pfade auf docker/docker-compose.yaml + `--env-file docker/.env`; Build/Test Schritte vereinheitlicht - ci-main.yml: SSoT-Skripte per `if: hashFiles(...)` guarded, Compose-Lint Fallback; OpenAPI‑Pfad → backend/gateway; ADR‑Pfade → docs/adr/**; `staticAnalysis` in Build integriert - youtrack-sync.yml: unverändert (funktional) Refs: MP-22, MP-23 * chore(ci): Workflows an Docker-SSoT & neue Struktur angepasst, minimaler SSoT-Guard - ssot-guard.yml: Option B (minimal) → `docker compose -f docker/docker-compose.yaml config` als Lint - integration-tests.yml: `./gradlew staticAnalysis` vor Integrationstests - docs-kdoc-sync.yml: Dokka-Task Fallback (dokkaGfmAll || dokkaGfm), YouTrack-Sync nur wenn Script vorhanden - deploy-proxmox.yml: Compose-Pfade auf docker/docker-compose.yaml + `--env-file docker/.env`; Build/Test Schritte vereinheitlicht - ci-main.yml: SSoT-Skripte per `if: hashFiles(...)` guarded, Compose-Lint Fallback; OpenAPI‑Pfad → backend/gateway; ADR‑Pfade → docs/adr/**; `staticAnalysis` in Build integriert - youtrack-sync.yml: unverändert (funktional) Refs: MP-22, MP-23 * fix(ci): create .env from example before validating compose config * fix(ci): update ssot-guard filename (.yaml) and sync workflow state * fixing * fix(webpack): correct sql.js fallback configuration for webpack 5
2025-12-03 12:03:40 +01:00
parent 034892e890
commit 95fe3e0573
365 changed files with 2283 additions and 15142 deletions
@@ -14,7 +14,6 @@ kotlin {
  js(IR) {
    browser()
 //        nodejs()
-    binaries.executable()
  }

  // WASM, nur wenn explizit aktiviert
@@ -22,14 +21,13 @@ kotlin {
    @OptIn(org.jetbrains.kotlin.gradle.ExperimentalWasmDsl::class)
    wasmJs {
      browser()
-      binaries.executable()
    }
  }

  sourceSets {
    commonMain.dependencies {
      // Shared module dependency
-      implementation(project(":clients:shared"))
+      implementation(projects.frontend.shared)

      // Compose dependencies
      implementation(compose.runtime)
@@ -0,0 +1,51 @@
+@file:OptIn(ExperimentalKotlinGradlePluginApi::class)
+
+import org.jetbrains.kotlin.gradle.ExperimentalKotlinGradlePluginApi
+
+plugins {
+  alias(libs.plugins.kotlinMultiplatform)
+  alias(libs.plugins.kotlinSerialization)
+  alias(libs.plugins.sqldelight)
+}
+
+kotlin {
+  jvmToolchain(21)
+
+  jvm()
+  js {
+    browser {
+      testTask { enabled = false }
+    }
+  }
+
+  sourceSets {
+    commonMain.dependencies {
+      implementation(libs.koin.core)
+      implementation(libs.sqldelight.coroutines)
+      implementation(libs.kotlinx.coroutines.core)
+    }
+
+    jvmMain.dependencies {
+      implementation(libs.sqldelight.driver.sqlite)
+    }
+
+    jsMain.dependencies {
+      implementation(libs.sqldelight.driver.webworker)
+      implementation(npm("@cashapp/sqldelight-sqljs-worker", libs.versions.sqldelight.get()))
+      implementation(npm("sql.js", "^1.8.0"))
+    }
+
+    commonTest.dependencies {
+      implementation(libs.kotlin.test)
+    }
+  }
+}
+
+sqldelight {
+  databases {
+    register("MeldestelleDb") {
+      packageName.set("at.mocode.frontend.core.localdb")
+      // Sources are placed under src/commonMain/sqldelight by convention
+    }
+  }
+}
@@ -0,0 +1,21 @@
+package at.mocode.frontend.core.localdb
+
+import app.cash.sqldelight.db.SqlDriver
+import org.koin.dsl.module
+
+// Generated database class name from SQLDelight configuration
+expect class DatabaseDriverFactory() {
+  suspend fun createDriver(): SqlDriver
+}
+
+// Convenience to create the typed database from a driver
+expect class DatabaseProvider() {
+  suspend fun createDatabase(): MeldestelleDb
+}
+
+// Koin module that exposes the database as a singleton
+val localDbModule = module {
+  single { DatabaseDriverFactory() }
+  // Provide only the suspend-capable provider; consumers create the DB in a coroutine
+  single { DatabaseProvider() }
+}
@@ -0,0 +1,10 @@
+CREATE TABLE LocalSettings (
+    key TEXT NOT NULL PRIMARY KEY,
+    value TEXT NOT NULL
+);
+
+insertOrReplace:
+INSERT OR REPLACE INTO LocalSettings(key, value) VALUES (?, ?);
+
+selectAll:
+SELECT * FROM LocalSettings;
@@ -0,0 +1,25 @@
+package at.mocode.frontend.core.localdb
+
+import app.cash.sqldelight.db.SqlDriver
+import app.cash.sqldelight.driver.worker.WebWorkerDriver
+import kotlinx.coroutines.await
+import org.w3c.dom.Worker
+
+actual class DatabaseDriverFactory {
+  actual suspend fun createDriver(): SqlDriver {
+    val worker = js(
+      "new Worker(new URL('@cashapp/sqldelight-sqljs-worker/sqljs.worker.js', import.meta.url))"
+    ) as Worker
+    val driver = WebWorkerDriver(worker)
+    // Create schema asynchronously
+    MeldestelleDb.Schema.create(driver).await()
+    return driver
+  }
+}
+
+actual class DatabaseProvider {
+  actual suspend fun createDatabase(): MeldestelleDb {
+    val driver = DatabaseDriverFactory().createDriver()
+    return MeldestelleDb(driver)
+  }
+}
@@ -0,0 +1,20 @@
+package at.mocode.frontend.core.localdb
+
+import app.cash.sqldelight.db.SqlDriver
+import app.cash.sqldelight.driver.jdbc.sqlite.JdbcSqliteDriver
+
+actual class DatabaseDriverFactory {
+  actual suspend fun createDriver(): SqlDriver {
+    val driver = JdbcSqliteDriver(JdbcSqliteDriver.IN_MEMORY)
+    // Create schema on first run (in-memory is always new)
+    MeldestelleDb.Schema.create(driver)
+    return driver
+  }
+}
+
+actual class DatabaseProvider {
+  actual suspend fun createDatabase(): MeldestelleDb {
+    val driver = DatabaseDriverFactory().createDriver()
+    return MeldestelleDb(driver)
+  }
+}
@@ -18,14 +18,12 @@ kotlin {

  js {
    browser()
-    binaries.executable()
  }

  if (enableWasm) {
    @OptIn(org.jetbrains.kotlin.gradle.ExperimentalWasmDsl::class)
    wasmJs {
      browser()
-      binaries.executable()
    }
  }

@@ -0,0 +1,70 @@
+@file:OptIn(ExperimentalKotlinGradlePluginApi::class)
+
+import org.jetbrains.kotlin.gradle.ExperimentalKotlinGradlePluginApi
+import org.jetbrains.kotlin.gradle.dsl.JvmTarget
+
+plugins {
+  alias(libs.plugins.kotlinMultiplatform)
+  alias(libs.plugins.kotlinSerialization)
+}
+
+kotlin {
+  val enableWasm = providers.gradleProperty("enableWasm").orNull == "true"
+
+  jvmToolchain(21)
+
+  jvm()
+  js {
+    browser {
+      testTask { enabled = false }
+    }
+  }
+
+  if (enableWasm) {
+    @OptIn(org.jetbrains.kotlin.gradle.ExperimentalWasmDsl::class)
+    wasmJs { browser() }
+  }
+
+  sourceSets {
+    commonMain.dependencies {
+      // Ktor Client core + JSON and Auth + Logging + Timeouts + Retry
+      api(libs.ktor.client.core)
+      implementation(libs.ktor.client.contentNegotiation)
+      implementation(libs.ktor.client.serialization.kotlinx.json)
+      implementation(libs.ktor.client.auth)
+      implementation(libs.ktor.client.logging)
+      // ktor-client-resources optional; disabled until version is added to catalog
+
+      // Kotlinx core bundles
+      implementation(libs.bundles.kotlinx.core)
+
+      // DI (Koin)
+      api(libs.koin.core)
+
+      // Project modules via typesafe accessors
+      // (none here; kept for consistency)
+    }
+
+    jvmMain.dependencies {
+      implementation(libs.ktor.client.cio)
+    }
+
+    jsMain.dependencies {
+      implementation(libs.ktor.client.js)
+    }
+
+    if (enableWasm) {
+      val wasmJsMain = getByName("wasmJsMain")
+      wasmJsMain.dependencies {
+        implementation(libs.ktor.client.js)
+      }
+    }
+  }
+}
+
+tasks.withType<org.jetbrains.kotlin.gradle.tasks.KotlinCompile> {
+  compilerOptions {
+    jvmTarget.set(JvmTarget.JVM_21)
+    freeCompilerArgs.addAll("-opt-in=kotlin.RequiresOptIn")
+  }
+}
@@ -0,0 +1,17 @@
+package at.mocode.frontend.core.network
+
+import kotlin.native.concurrent.ThreadLocal
+
+/**
+ * Network configuration with sensible defaults and environment overrides.
+ * Defaults to the local API Gateway on port 8081.
+ */
+@ThreadLocal
+object NetworkConfig {
+  /**
+   * Base URL for the API Gateway.
+   * JVM: reads from ENV `API_BASE_URL`, falling back to http://localhost:8081
+   * JS/WASM: uses compile-time or runtime override if provided, otherwise http://localhost:8081
+   */
+  val baseUrl: String = PlatformConfig.resolveApiBaseUrl()
+}
@@ -0,0 +1,75 @@
+package at.mocode.frontend.core.network
+
+import io.ktor.client.HttpClient
+import io.ktor.client.plugins.HttpRequestRetry
+import io.ktor.client.plugins.HttpTimeout
+import io.ktor.client.plugins.auth.Auth
+import io.ktor.client.plugins.contentnegotiation.ContentNegotiation
+import io.ktor.client.plugins.defaultRequest
+import io.ktor.client.plugins.logging.LogLevel
+import io.ktor.client.plugins.logging.Logger
+import io.ktor.client.plugins.logging.Logging
+import io.ktor.client.request.url
+import io.ktor.serialization.kotlinx.json.json
+import kotlinx.serialization.json.Json
+import org.koin.core.qualifier.named
+import org.koin.dsl.module
+
+/**
+ * Koin module that provides a preconfigured Ktor HttpClient under the named qualifier "apiClient".
+ * The client uses the environment-aware base URL from NetworkConfig.
+ */
+val networkModule = module {
+  single(named("apiClient")) {
+    HttpClient {
+      // JSON (kotlinx) configuration
+      install(ContentNegotiation) {
+        json(
+          Json {
+            ignoreUnknownKeys = true
+            isLenient = true
+            encodeDefaults = true
+          }
+        )
+      }
+
+      // Request timeouts
+      install(HttpTimeout) {
+        requestTimeoutMillis = 15_000
+        connectTimeoutMillis = 10_000
+        socketTimeoutMillis = 15_000
+      }
+
+      // Automatic simple retry on network exceptions and 5xx
+      install(HttpRequestRetry) {
+        maxRetries = 3
+        retryIf { _, response ->
+          val s = response?.status?.value ?: 0
+          s == 0 || s >= 500
+        }
+        exponentialDelay()
+      }
+
+      // Authentication plugin (Bearer refresh can be wired later)
+      install(Auth) {
+        // TODO: Wire token provider/refresh when auth is implemented
+      }
+
+      // Logging for development
+      install(Logging) {
+        logger = object : Logger {
+          override fun log(message: String) {
+            println("[apiClient] $message")
+          }
+        }
+        level = LogLevel.INFO
+      }
+
+      // Set base URL
+      defaultRequest {
+        // Set only the base URL; endpoints will append paths
+        url(NetworkConfig.baseUrl)
+      }
+    }
+  }
+}
@@ -0,0 +1,5 @@
+package at.mocode.frontend.core.network
+
+expect object PlatformConfig {
+  fun resolveApiBaseUrl(): String
+}
@@ -0,0 +1,29 @@
+package at.mocode.frontend.core.network
+
+import kotlinx.browser.window
+
+@Suppress("UnsafeCastFromDynamic")
+actual object PlatformConfig {
+  actual fun resolveApiBaseUrl(): String {
+    // 1) Prefer a global JS variable (can be injected by index.html or nginx)
+    val global =
+      js("typeof globalThis !== 'undefined' ? globalThis : (typeof window !== 'undefined' ? window : (typeof self !== 'undefined' ? self : {}))")
+    val fromGlobal = try {
+      (global.API_BASE_URL as? String)?.trim().orEmpty()
+    } catch (_: dynamic) {
+      ""
+    }
+    if (fromGlobal.isNotEmpty()) return fromGlobal.removeSuffix("/")
+
+    // 2) Try window location origin (same origin gateway/proxy setup)
+    val origin = try {
+      window.location.origin
+    } catch (_: dynamic) {
+      null
+    }
+    if (!origin.isNullOrBlank()) return origin.removeSuffix("/")
+
+    // 3) Fallback to the local gateway
+    return "http://localhost:8081"
+  }
+}
@@ -0,0 +1,11 @@
+package at.mocode.frontend.core.network
+
+actual object PlatformConfig {
+  actual fun resolveApiBaseUrl(): String {
+    // Prefer environment variable
+    val env = System.getenv("API_BASE_URL")?.trim().orEmpty()
+    if (env.isNotEmpty()) return env.removeSuffix("/")
+    // Fallback default to the local gateway
+    return "http://localhost:8081"
+  }
+}