enable turbo caching on the linting

Reviewed-on: #3

.github/workflows/build-monorepo.yaml

@@ -8,6 +8,10 @@ on:
       PROJECT_ID:
         required: true
         type: string
+      DOCKER_REGISTRY:
+        required: false
+        type: string
+        default: git.kvant.cloud
 
 jobs:
   build_and_push:
@@ -26,10 +30,12 @@ jobs:
           tags: |
             type=ref,event=branch,branch=dev,suffix=-{{sha}},optional=true
             type=ref,event=branch,branch=dev,value=dev,optional=true
-            type=match,event=tag,pattern=v(.*),group=1,prefix=v,optional=true
+            type=match,event=tag,pattern=.*_?(v\d+\.\d+\.\d+(?:-[\w\d.-]+)?),group=1,prefix=,optional=true
+            type=match,event=tag,pattern=.*_?(v\d+\.\d+\.\d+(?:-[\w\d.-]+)?),value=latest,optional=true
+            type=match,event=tag,pattern=.*v(\\d+\\.\\d+\\.\\d+).*,group=1,prefix=v,optional=true
 
       - name: Print (debug) Docker meta JSON
-        uses: https://github.com/actions/github-script@v7
+        uses: https://github.com/actions/github-script@v8
         with:
           script: |
             const json = JSON.parse(process.env.JSON_STRING);
@@ -45,7 +51,7 @@ jobs:
       - name: Login into gitea registry
         uses: docker/login-action@v3
         with:
-          registry: git.kvant.cloud
+          registry: ${{ inputs.DOCKER_REGISTRY }}
           username: ${{ inputs.PACKAGE_WRITER_USERNAME }}
           password: ${{ secrets.PACKAGE_WRITER_TOKEN }}
 

.github/workflows/build.yaml

@@ -5,6 +5,10 @@ on:
       PACKAGE_WRITER_USERNAME:
         required: true
         type: string
+      DOCKER_REGISTRY:
+        required: false
+        type: string
+        default: git.kvant.cloud
 jobs:
   build_and_push:
     runs-on: ubuntu-latest
@@ -22,13 +26,11 @@ jobs:
           tags: |
             type=ref,event=branch,branch=dev,suffix=-{{sha}},optional=true
             type=ref,event=branch,branch=dev,value=dev,optional=true
-            type=match,event=tag,pattern=v(.*),group=1,prefix=v,optional=true
-            type=match,event=tag,pattern=v(.*),value=latest,optional=true
-          flavor: |
-            latest=false
+            type=match,event=tag,pattern=v(\d+\.\d+\.\d+(?:-[\w\d.-]+)?),group=1,prefix=v,optional=true
+            type=match,event=tag,pattern=v(\d+\.\d+\.\d+(?:-[\w\d.-]+)?),value=latest,optional=true
 
       - name: Print (debug) Docker meta JSON
-        uses: https://github.com/actions/github-script@v7
+        uses: https://github.com/actions/github-script@v8
         with:
           script: |
             const json = JSON.parse(process.env.JSON_STRING);
@@ -38,13 +40,18 @@ jobs:
             console.log(JSON.stringify(json, null, 2));
             console.log("");
             console.log("------------------------------------------------------------");
+            console.log("Container meta runtime env:")
+            console.log("IMAGE_TAG:  ${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.version'] }}")
+            console.log("VCS_REF:    ${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.revision'] }}")
+            console.log("BUILD_DATE: ${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.created'] }}")
+            console.log("------------------------------------------------------------");
         env:
           JSON_STRING: ${{ steps.meta.outputs.json }}
 
       - name: Login into gitea registry
         uses: docker/login-action@v3
         with:
-          registry: git.kvant.cloud
+          registry: ${{ inputs.DOCKER_REGISTRY }}
           username: ${{ inputs.PACKAGE_WRITER_USERNAME }}
           password: ${{ secrets.PACKAGE_WRITER_TOKEN }}
 

.github/workflows/lint.yaml

@@ -17,7 +17,23 @@ on:
       TEST_SCRIPT:
         required: false
         type: string
-        default: yarn run test --ci --passWithNoTests --coverage
+        default: yarn run test
+      LINT_SCRIPT:
+        required: false
+        type: string
+        default: yarn run lint
+      CHECK_TYPES_SCRIPT:
+        required: false
+        type: string
+        default: yarn run check-types
+      INSTALL_SCRIPT:
+        required: false
+        type: string
+        default: yarn install --immutable --inline-builds
+      NODE_VERSION:
+        required: false
+        type: string
+        default: "24"
 
 jobs:
   linting_type_checking:
@@ -25,14 +41,18 @@ jobs:
     env:
       NO_YARN_POSTINSTALL: 1
       FONTAWESOME_PACKAGE_TOKEN: ${{ secrets.FONTAWESOME_PACKAGE_TOKEN }}
+      TURBO_TOKEN: ${{ secrets.TURBO_TOKEN }}
+      TURBO_API: ${{ vars.TURBO_API }}
+      TURBO_TEAM: ${{ vars.TURBO_TEAM }}
+      TURBO_URL: ${{ vars.TURBO_URL }}
     steps:
       - name: Checkout repository
         uses: actions/checkout@v5
 
       - name: Set up Node.js and Corepack
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@v6
         with:
-          node-version: "22"
+          node-version: ${{ inputs.NODE_VERSION }}
 
       - name: Enable Corepack
         run: |
@@ -40,7 +60,7 @@ jobs:
 
       - name: Install dependencies
         run: |
-          yarn install --immutable --inline-builds
+          ${{ inputs.INSTALL_SCRIPT }}
 
       - name: Setup repostitory
         run: |
@@ -48,11 +68,11 @@ jobs:
 
       - name: Lint source code (eslint)
         run: |
-          yarn run lint --max-warnings=0
+          ${{ inputs.LINT_SCRIPT }}
 
       - name: Static type checking (TypeScript)
         run: |
-          yarn run check-types
+          ${{ inputs.CHECK_TYPES_SCRIPT }}
 
       - name: Run tests
         if: ${{ inputs.TESTS_ENABLED == true }}
@@ -60,7 +80,7 @@ jobs:
           ${{ inputs.TEST_SCRIPT }}
 
       - name: Static code analysis with SonarQube
-        uses: https://github.com/SonarSource/sonarqube-scan-action@v5
+        uses: https://github.com/SonarSource/sonarqube-scan-action@v6
         if: ${{ inputs.SONARQUBE_ENABLED == true }}
         env:
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

README.md

@@ -8,36 +8,60 @@ GitHub (forgejo) pipelines and other CI/CD utilities for the frontends Phoenix T
 
 ## .Github Workflows: Build and push containers
 
+### Docker / Container build
+
 Containers are built using dedicated `Dockerfile`s located in the `/docker` directory within each project repository. After the build, the images are pushed to the registry.
 
-### `Build Standalone`
+### Tagging
+
+Only tags following the specified patterns will be considered within container tags. Any other patterns will be ignored, ensuring adherence to the established tagging policy.
+
+#### Standalone
+
+- v1.0.0
+- v1.0.0-\<anything\>
+
+#### Monorepo
+
+- <project_id>\_v1.0.0
+- <project_id>\_v1.0.0-\<anything\>
+
+### Pipelines
+
+#### `Build`
 
 A standard single-repository project with a `package.json` file located at the root, managing dependencies for the entire project.
 
-##### Vars (inherited)
+###### Vars (inherited)
+
+Setuped on org or repo level.
 
 | Key          | Description     | Required |
 | ------------ | --------------- | -------- |
 | `IMAGE_PATH` | Image base path | ✓        |
 
-##### Inputs
+###### Inputs
 
 | Key                       | Description                     | Required |
 | ------------------------- | ------------------------------- | -------- |
 | `PACKAGE_WRITER_USERNAME` | User name of the package writer | ✓        |
 
-##### Secrets
+###### Secrets
+
+Note: Secrets must be explicitly passed to workflows, even if they are defined at the repository or organization level. This is due to the way Forgejo handles secrets in workflows.
 
 | Key                         | Description                                               | Required |
 | --------------------------- | --------------------------------------------------------- | -------- |
 | `PACKAGE_WRITE_TOKEN`       | Accesstoken of the package writer                         | ✓        |
 | `FONTAWESOME_PACKAGE_TOKEN` | Fontawesome Pro library token (Only needed if FA in use ) |          |
 
-### `Build Monorepo`
+#### `Build-Monorepo`
 
 A monorepo project based on Turborepo, with individual projects located under the `/apps/<PROJECT_ID>` directory.
 
-##### Vars (inherited)
+###### Vars (inherited)
+
+Setuped on org or repo level.
 
 | Key               | Description        | Required |
 | ----------------- | ------------------ | -------- |
@@ -45,14 +69,16 @@ A monorepo project based on Turborepo, with individual projects located under th
 | `TURBO_TEAM`      | Turbo repo team ID |          |
 | `TURBO_API`       | Turbo repo api url |          |
 
-##### Inputs
+###### Inputs
 
 | Key                       | Description                     | Required |
 | ------------------------- | ------------------------------- | -------- |
 | `PACKAGE_WRITER_USERNAME` | User name of the package writer | ✓        |
 | `PROJECT_ID`              | ID of the projcet               | ✓        |
 
-##### Secrets
+###### Secrets
+
+Note: Secrets must be explicitly passed to workflows, even if they are defined at the repository or organization level. This is due to the way Forgejo handles secrets in workflows.
 
 | Key                         | Description                                        | Required |
 | --------------------------- | -------------------------------------------------- | -------- |
@@ -62,11 +88,15 @@ A monorepo project based on Turborepo, with individual projects located under th
 
 ## .Github Workflows: Linting, type checking, code analyzis, dependency tracking
 
-### `Lint`
+### Pipelines
+
+#### `Lint`
 
 Linting, type checking, sonarqube, dependency tracking, any testing
 
-##### Vars (inherited)
+###### Vars (inherited)
+
+Setuped on org or repo level.
 
 | Key              | Description                                       | Required |
 | ---------------- | ------------------------------------------------- | -------- |
@@ -74,18 +104,20 @@ Linting, type checking, sonarqube, dependency tracking, any testing
 | `TURBO_API`      | Turbo repo api url (only applicable on monorepos) |          |
 | `SONAR_HOST_URL` | Sonarqube Host (required if sonarqube is enabled) |          |
 
-##### Inputs
+###### Inputs
 
-| Key                 | Description                                                                        | Required |
-| ------------------- | ---------------------------------------------------------------------------------- | -------- |
-| `SONARQUBE_ENABLED` | Send source to sonarqube for code analysis; default: `false`                       |          |
-| `TESTS_ENABLED`     | Enable test suites; default: `false`                                               |          |
-| `SETUP_REPO_SCRIPT` | Script which runs after install for setting up the repo; default: `yarn run setup` |          |
-| `TEST_SCRIPT`       | Script which runs when tests are enabled; default: `yarn run test:coverage:lcov`   |          |
+| Key                  | Description                                                                        | Required |
+| -------------------- | ---------------------------------------------------------------------------------- | -------- |
+| `SONARQUBE_ENABLED`  | Send source to sonarqube for code analysis; default: `false`                       |          |
+| `TESTS_ENABLED`      | Enable test suites; default: `false`                                               |          |
+| `SETUP_REPO_SCRIPT`  | Script which runs after install for setting up the repo; default: `yarn run setup` |          |
+| `TEST_SCRIPT`        | Script which runs when tests are enabled; default: `yarn run test`                 |          |
+| `LINT_SCRIPT`        | Script which runs eslint; default: `yarn run lint`                                 |          |
+| `CHECK_TYPES_SCRIPT` | Script which runs tsc type checking: `yarn run check-types`                        |          |
 
-TEST_SCRIPT
+###### Secrets
 
-##### Secrets
+Note: Secrets must be explicitly passed to workflows, even if they are defined at the repository or organization level. This is due to the way Forgejo handles secrets in workflows.
 
 | Key                         | Description                                                 | Required |
 | --------------------------- | ----------------------------------------------------------- | -------- |