Merge branch 'feature/25-00-NC-feat-church-invites' of https://github.com/JesusFilm/core into feature/25-00-NC-feat-church-invites

Author: Kneesal

.github/workflows/api-deploy-prod.yml

@@ -3,8 +3,50 @@ on:
   push:
     branches:
       - main
+permissions:
+  contents: read
+  checks: write
 jobs:
+  affected:
+    runs-on: blacksmith-2vcpu-ubuntu-2204
+    strategy:
+      matrix:
+        node-version: [22]
+    env:
+      NX_CLOUD_ACCESS_TOKEN: ${{ secrets.NX_CLOUD_ACCESS_TOKEN }}
+    outputs:
+      matrix: ${{ steps.set-matrix.outputs.matrix }}
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - uses: useblacksmith/setup-node@v5
+        with:
+          node-version: ${{ matrix.node-version }}
+      - name: Get Node Version
+        id: node-version
+        run: echo "version=$(node -v)" >> $GITHUB_OUTPUT
+      - name: Mount NPM Cache
+        uses: useblacksmith/stickydisk@v1
+        with:
+          key: ${{ github.repository }}-${{ steps.node-version.outputs.version }}-npm-cache
+          path: ~/.npm
+      - name: Mount node_modules
+        uses: useblacksmith/stickydisk@v1
+        with:
+          key: ${{ github.repository }}-${{ steps.node-version.outputs.version }}-node-modules
+          path: ./node_modules
+      - name: NPM Install
+        run: npm install --silent
+      - uses: nrwl/nx-set-shas@v4
+      - id: set-matrix
+        name: set matrix app to affected array
+        run: |
+          echo "matrix=$(npx ts-node tools/scripts/affected-apps.ts --projects apis/*)" >> $GITHUB_OUTPUT
+          cat $GITHUB_OUTPUT
   api-analytics:
+    needs: affected
+    if: contains(needs.affected.outputs.matrix, 'api-analytics')
     uses: JesusFilm/core/.github/workflows/api-deploy-worker.yml@main
     with:
       name: api-analytics
@@ -17,7 +59,10 @@ jobs:
       JFP_AWS_ACCESS_KEY_ID: ${{ secrets.JFP_AWS_ACCESS_KEY_ID }}
       JFP_AWS_SECRET_ACCESS_KEY: ${{ secrets.JFP_AWS_SECRET_ACCESS_KEY }}
       AWS_NETWORK_CONFIG: ${{ secrets.AWS_NETWORK_CONFIG }}
+      NX_CLOUD_ACCESS_TOKEN: ${{ secrets.NX_CLOUD_ACCESS_TOKEN }}
   api-journeys:
+    needs: affected
+    if: contains(needs.affected.outputs.matrix, 'api-journeys')
     uses: JesusFilm/core/.github/workflows/api-deploy-worker.yml@main
     with:
       name: api-journeys
@@ -30,7 +75,10 @@ jobs:
       JFP_AWS_ACCESS_KEY_ID: ${{ secrets.JFP_AWS_ACCESS_KEY_ID }}
       JFP_AWS_SECRET_ACCESS_KEY: ${{ secrets.JFP_AWS_SECRET_ACCESS_KEY }}
       AWS_NETWORK_CONFIG: ${{ secrets.AWS_NETWORK_CONFIG }}
+      NX_CLOUD_ACCESS_TOKEN: ${{ secrets.NX_CLOUD_ACCESS_TOKEN }}
   api-journeys-modern:
+    needs: affected
+    if: contains(needs.affected.outputs.matrix, 'api-journeys-modern')
     uses: JesusFilm/core/.github/workflows/api-deploy-worker.yml@main
     with:
       name: api-journeys-modern
@@ -43,7 +91,10 @@ jobs:
       JFP_AWS_ACCESS_KEY_ID: ${{ secrets.JFP_AWS_ACCESS_KEY_ID }}
       JFP_AWS_SECRET_ACCESS_KEY: ${{ secrets.JFP_AWS_SECRET_ACCESS_KEY }}
       AWS_NETWORK_CONFIG: ${{ secrets.AWS_NETWORK_CONFIG }}
+      NX_CLOUD_ACCESS_TOKEN: ${{ secrets.NX_CLOUD_ACCESS_TOKEN }}
   api-users:
+    needs: affected
+    if: contains(needs.affected.outputs.matrix, 'api-users')
     uses: JesusFilm/core/.github/workflows/api-deploy-worker.yml@main
     with:
       name: api-users
@@ -56,7 +107,10 @@ jobs:
       JFP_AWS_ACCESS_KEY_ID: ${{ secrets.JFP_AWS_ACCESS_KEY_ID }}
       JFP_AWS_SECRET_ACCESS_KEY: ${{ secrets.JFP_AWS_SECRET_ACCESS_KEY }}
       AWS_NETWORK_CONFIG: ${{ secrets.AWS_NETWORK_CONFIG }}
+      NX_CLOUD_ACCESS_TOKEN: ${{ secrets.NX_CLOUD_ACCESS_TOKEN }}
   api-languages:
+    needs: affected
+    if: contains(needs.affected.outputs.matrix, 'api-languages')
     uses: JesusFilm/core/.github/workflows/api-deploy-worker.yml@main
     with:
       name: api-languages
@@ -69,7 +123,10 @@ jobs:
       JFP_AWS_ACCESS_KEY_ID: ${{ secrets.JFP_AWS_ACCESS_KEY_ID }}
       JFP_AWS_SECRET_ACCESS_KEY: ${{ secrets.JFP_AWS_SECRET_ACCESS_KEY }}
       AWS_NETWORK_CONFIG: ${{ secrets.AWS_NETWORK_CONFIG }}
+      NX_CLOUD_ACCESS_TOKEN: ${{ secrets.NX_CLOUD_ACCESS_TOKEN }}
   api-media:
+    needs: affected
+    if: contains(needs.affected.outputs.matrix, 'api-media')
     uses: JesusFilm/core/.github/workflows/api-deploy-worker.yml@main
     with:
       name: api-media
@@ -82,8 +139,11 @@ jobs:
       JFP_AWS_ACCESS_KEY_ID: ${{ secrets.JFP_AWS_ACCESS_KEY_ID }}
       JFP_AWS_SECRET_ACCESS_KEY: ${{ secrets.JFP_AWS_SECRET_ACCESS_KEY }}
       AWS_NETWORK_CONFIG: ${{ secrets.AWS_NETWORK_CONFIG }}
+      NX_CLOUD_ACCESS_TOKEN: ${{ secrets.NX_CLOUD_ACCESS_TOKEN }}
 
   api-gateway:
+    needs: affected
+    if: contains(needs.affected.outputs.matrix, 'api-gateway')
     uses: JesusFilm/core/.github/workflows/api-gateway-prod-worker.yml@main
     secrets:
       AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}

.github/workflows/api-deploy-stage.yml

@@ -3,8 +3,50 @@ on:
   push:
     branches:
       - stage
+permissions:
+  contents: read
+  checks: write
 jobs:
+  affected:
+    runs-on: blacksmith-2vcpu-ubuntu-2204
+    strategy:
+      matrix:
+        node-version: [22]
+    env:
+      NX_CLOUD_ACCESS_TOKEN: ${{ secrets.NX_CLOUD_ACCESS_TOKEN }}
+    outputs:
+      matrix: ${{ steps.set-matrix.outputs.matrix }}
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - uses: useblacksmith/setup-node@v5
+        with:
+          node-version: ${{ matrix.node-version }}
+      - name: Get Node Version
+        id: node-version
+        run: echo "version=$(node -v)" >> $GITHUB_OUTPUT
+      - name: Mount NPM Cache
+        uses: useblacksmith/stickydisk@v1
+        with:
+          key: ${{ github.repository }}-${{ steps.node-version.outputs.version }}-npm-cache
+          path: ~/.npm
+      - name: Mount node_modules
+        uses: useblacksmith/stickydisk@v1
+        with:
+          key: ${{ github.repository }}-${{ steps.node-version.outputs.version }}-node-modules
+          path: ./node_modules
+      - name: NPM Install
+        run: npm install --silent
+      - uses: nrwl/nx-set-shas@v4
+      - id: set-matrix
+        name: set matrix app to affected array
+        run: |
+          echo "matrix=$(npx ts-node tools/scripts/affected-apps.ts --projects apis/*)" >> $GITHUB_OUTPUT
+          cat $GITHUB_OUTPUT
   api-analytics:
+    needs: affected
+    if: contains(needs.affected.outputs.matrix, 'api-analytics')
     uses: JesusFilm/core/.github/workflows/api-deploy-worker.yml@stage
     with:
       name: api-analytics
@@ -17,7 +59,10 @@ jobs:
       JFP_AWS_ACCESS_KEY_ID: ${{ secrets.JFP_AWS_ACCESS_KEY_ID }}
       JFP_AWS_SECRET_ACCESS_KEY: ${{ secrets.JFP_AWS_SECRET_ACCESS_KEY }}
       AWS_NETWORK_CONFIG: ${{ secrets.AWS_NETWORK_CONFIG }}
+      NX_CLOUD_ACCESS_TOKEN: ${{ secrets.NX_CLOUD_ACCESS_TOKEN }}
   api-journeys:
+    needs: affected
+    if: contains(needs.affected.outputs.matrix, 'api-journeys')
     uses: JesusFilm/core/.github/workflows/api-deploy-worker.yml@stage
     with:
       name: api-journeys
@@ -30,7 +75,10 @@ jobs:
       JFP_AWS_ACCESS_KEY_ID: ${{ secrets.JFP_AWS_ACCESS_KEY_ID }}
       JFP_AWS_SECRET_ACCESS_KEY: ${{ secrets.JFP_AWS_SECRET_ACCESS_KEY }}
       AWS_NETWORK_CONFIG: ${{ secrets.AWS_NETWORK_CONFIG }}
+      NX_CLOUD_ACCESS_TOKEN: ${{ secrets.NX_CLOUD_ACCESS_TOKEN }}
   api-journeys-modern:
+    needs: affected
+    if: contains(needs.affected.outputs.matrix, 'api-journeys-modern')
     uses: JesusFilm/core/.github/workflows/api-deploy-worker.yml@stage
     with:
       name: api-journeys-modern
@@ -43,7 +91,10 @@ jobs:
       JFP_AWS_ACCESS_KEY_ID: ${{ secrets.JFP_AWS_ACCESS_KEY_ID }}
       JFP_AWS_SECRET_ACCESS_KEY: ${{ secrets.JFP_AWS_SECRET_ACCESS_KEY }}
       AWS_NETWORK_CONFIG: ${{ secrets.AWS_NETWORK_CONFIG }}
+      NX_CLOUD_ACCESS_TOKEN: ${{ secrets.NX_CLOUD_ACCESS_TOKEN }}
   api-users:
+    needs: affected
+    if: contains(needs.affected.outputs.matrix, 'api-users')
     uses: JesusFilm/core/.github/workflows/api-deploy-worker.yml@stage
     with:
       name: api-users
@@ -56,7 +107,10 @@ jobs:
       JFP_AWS_ACCESS_KEY_ID: ${{ secrets.JFP_AWS_ACCESS_KEY_ID }}
       JFP_AWS_SECRET_ACCESS_KEY: ${{ secrets.JFP_AWS_SECRET_ACCESS_KEY }}
       AWS_NETWORK_CONFIG: ${{ secrets.AWS_NETWORK_CONFIG }}
+      NX_CLOUD_ACCESS_TOKEN: ${{ secrets.NX_CLOUD_ACCESS_TOKEN }}
   api-languages:
+    needs: affected
+    if: contains(needs.affected.outputs.matrix, 'api-languages')
     uses: JesusFilm/core/.github/workflows/api-deploy-worker.yml@stage
     with:
       name: api-languages
@@ -69,7 +123,10 @@ jobs:
       JFP_AWS_ACCESS_KEY_ID: ${{ secrets.JFP_AWS_ACCESS_KEY_ID }}
       JFP_AWS_SECRET_ACCESS_KEY: ${{ secrets.JFP_AWS_SECRET_ACCESS_KEY }}
       AWS_NETWORK_CONFIG: ${{ secrets.AWS_NETWORK_CONFIG }}
+      NX_CLOUD_ACCESS_TOKEN: ${{ secrets.NX_CLOUD_ACCESS_TOKEN }}
   api-media:
+    needs: affected
+    if: contains(needs.affected.outputs.matrix, 'api-media')
     uses: JesusFilm/core/.github/workflows/api-deploy-worker.yml@stage
     with:
       name: api-media
@@ -82,8 +139,11 @@ jobs:
       JFP_AWS_ACCESS_KEY_ID: ${{ secrets.JFP_AWS_ACCESS_KEY_ID }}
       JFP_AWS_SECRET_ACCESS_KEY: ${{ secrets.JFP_AWS_SECRET_ACCESS_KEY }}
       AWS_NETWORK_CONFIG: ${{ secrets.AWS_NETWORK_CONFIG }}
+      NX_CLOUD_ACCESS_TOKEN: ${{ secrets.NX_CLOUD_ACCESS_TOKEN }}
 
   api-gateway:
+    needs: affected
+    if: contains(needs.affected.outputs.matrix, 'api-gateway')
     uses: JesusFilm/core/.github/workflows/api-gateway-stage-worker.yml@stage
     secrets:
       AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}

.github/workflows/api-deploy-worker.yml

@@ -26,17 +26,23 @@ on:
         required: true
       AWS_NETWORK_CONFIG:
         required: true
+      NX_CLOUD_ACCESS_TOKEN:
+        required: true
+permissions:
+  contents: read
+  checks: write
 
 jobs:
   build-and-deploy:
-    environment: Production
+    environment: ${{ inputs.env }}
     env:
       HIVE_TOKEN: ${{ secrets.HIVE_TOKEN }}
       ENV_SUFFIX: ${{ inputs.branch }}
       ECS_CLUSTER: jfp-ecs-cluster-${{ inputs.env }}
       ECS_SERVICE: ${{ inputs.name}}-${{ inputs.env }}-service
       ECR_REPOSITORY: jfp-${{ inputs.name }}-${{ inputs.env }}
       IMAGE_TAG: ${{ github.sha }}
+      NX_CLOUD_ACCESS_TOKEN: ${{ secrets.NX_CLOUD_ACCESS_TOKEN }}
     runs-on: blacksmith-2vcpu-ubuntu-2204
     strategy:
       matrix:
@@ -69,20 +75,13 @@ jobs:
           path: ./node_modules
       - name: NPM Install
         run: npm install --silent
-      - name: Get affected apps
-        run: |
-          echo "apps=$(npx ts-node tools/scripts/affected-apps.ts --projects apis/api-*)" >> $GITHUB_OUTPUT
-          cat $GITHUB_OUTPUT
-        id: affected-apps
       - name: Prisma Generate
-        if: contains(steps.affected-apps.outputs.apps, inputs.name)
         uses: mansagroup/nrwl-nx-action@v3
         with:
           targets: prisma-generate
         env:
           DISABLE_ERD: true
       - name: Build ${{ inputs.name }}
-        if: contains(steps.affected-apps.outputs.apps, inputs.name)
         uses: mansagroup/nrwl-nx-action@v3
         with:
           targets: build
@@ -91,24 +90,20 @@ jobs:
 
       # ECS Deployment
       - name: Configure ECS AWS credentials
-        if: contains(steps.affected-apps.outputs.apps, inputs.name)
         uses: aws-actions/configure-aws-credentials@v4
         with:
           aws-access-key-id: ${{ secrets.JFP_AWS_ACCESS_KEY_ID }}
           aws-secret-access-key: ${{ secrets.JFP_AWS_SECRET_ACCESS_KEY }}
           aws-region: ${{ secrets.AWS_DEFAULT_REGION }}
 
       - name: Login to Amazon ECR
-        if: contains(steps.affected-apps.outputs.apps, inputs.name)
         id: login-ecr-ecs
         uses: aws-actions/amazon-ecr-login@v2
 
       - name: Set up Docker Buildx
-        if: contains(steps.affected-apps.outputs.apps, inputs.name)
         uses: docker/setup-buildx-action@v3
 
       - name: Build and push Docker image to Amazon ECR
-        if: contains(steps.affected-apps.outputs.apps, inputs.name)
         id: build-image-ecs
         uses: useblacksmith/build-push-action@v1
         with:
@@ -122,16 +117,13 @@ jobs:
             SERVICE_VERSION=${{ env.IMAGE_TAG }}
 
       - name: Set image output
-        if: contains(steps.affected-apps.outputs.apps, inputs.name)
         run: |
           echo "image=${{ steps.login-ecr-ecs.outputs.registry }}/${{ env.ECR_REPOSITORY }}:${{ env.IMAGE_TAG }}" >> $GITHUB_OUTPUT
 
       - name: Restart task definition
-        if: contains(steps.affected-apps.outputs.apps, inputs.name)
         run: |
           aws ecs update-service --force-new-deployment --service $ECS_SERVICE --cluster $ECS_CLUSTER
 
       - name: Update Hive managed subgraph
-        if: contains(steps.affected-apps.outputs.apps, inputs.name)
         run: |
           npx hive schema:publish apis/${{ inputs.name }}/schema.graphql --service ${{ inputs.name }} --url ${{ inputs.endpoint_url }} --github