feat: pnpm+turbo

.dockerignore

@@ -17,6 +17,22 @@ dist
 build
 reports
 dist
+eslint.config.mjs
+coverage
+helm
+tests
+reports
+README.md
+CHANGELOG.md
 commitlint.config.js
 jest.config.base.js
 typedoc.json
+node_modules
+.git
+.next
+dist
+.turbo
+prod
+local.json
+example
+.vscode

.github/PULL_REQUEST_TEMPLATE.md

@@ -4,13 +4,13 @@ Make sure you've read the contributing guidelines (CONTRIBUTING.md)
 
 | Question        | Answer |
 | --------------- | ------ |
-| Bug fix         | ✔/✖  |
-| New feature     | ✔/✖  |
-| Breaking change | ✔/✖  |
-| Deprecations    | ✔/✖  |
-| Documentation   | ✔/✖  |
-| Tests added     | ✔/✖  |
-| Chore           | ✔/✖  |
+| Bug fix         | ✔/✖    |
+| New feature     | ✔/✖    |
+| Breaking change | ✔/✖    |
+| Deprecations    | ✔/✖    |
+| Documentation   | ✔/✖    |
+| Tests added     | ✔/✖    |
+| Chore           | ✔/✖    |
 
 Related issues: #XXX , #XXX ...
 Closes #XXX ...

.github/actions/init-pnpm/action.yaml

@@ -0,0 +1,47 @@
+name: init-pnpm
+description: 'Initialize the repo with pnpm and install all the dependencies'
+inputs:
+  node-version:
+    description: 'Node.js version'
+    required: true
+    default: 24.x
+  install-filter:
+    description: 'Filter for pnpm install (e.g., --filter=packages/*)'
+    required: false
+runs:
+  using: composite
+  steps:
+    - name: Cache turbo build
+      uses: actions/cache@8b402f58fbc84540c8b491a91e594a4576fec3d7 # v5
+      with:
+        path: .turbo
+        key: ${{ runner.os }}-turbo-${{ github.sha }}
+        restore-keys: |
+          ${{ runner.os }}-turbo-
+    - name: Set up pnpm
+      uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4
+    - name: Set up Node.js
+      uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6
+      with:
+        node-version: ${{ inputs.node-version }}
+        cache: 'pnpm'
+    - name: Install TS Project dependencies
+      shell: bash
+      env:
+        INSTALL_FILTER: ${{ inputs.install-filter }}
+      run: |
+        if [ -n "$INSTALL_FILTER" ]; then
+          pnpm install --filter="$INSTALL_FILTER" --frozen-lockfile
+        else
+          pnpm install --frozen-lockfile
+        fi
+    - name: build
+      shell: bash
+      env:
+        INSTALL_FILTER: ${{ inputs.install-filter }}
+      run: |
+        if [ -n "$INSTALL_FILTER" ]; then
+          pnpm exec turbo run build --filter="$INSTALL_FILTER"
+        else
+          pnpm exec turbo run build --affected
+        fi

.github/workflows/build-and-push.yaml

@@ -1,103 +1,122 @@
 name: Build and Push Service Images
 
 on:
+  push:
+    tags:
+      - 'v*'
   workflow_dispatch:
-    inputs:
-      version:
-        description: 'Docker Image Version (e.g., v1.2.0)'
-        required: true
-        type: string
-      services:
-        description: 'Services to build (comma-separated, e.g., "auth,payment") or "all"'
-        required: true
-        default: 'all'
-        type: string
 
 jobs:
-  # JOB 1: Parse the inputs and determine which services to build
   setup:
     runs-on: ubuntu-latest
     outputs:
       matrix: ${{ steps.set-matrix.outputs.matrix }}
     steps:
-      - name: Checkout code
-        uses: actions/checkout@v5
+      - name: Check out TS Project Git repository
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6
 
-      - name: Generate Service Matrix
+      - name: Init nodejs
+        uses: ./.github/actions/init-pnpm
+        with:
+          install-filter: '.'
+      - name: Generate build matrix
         id: set-matrix
+        shell: bash
         run: |
-          INPUT_SERVICES="${{ github.event.inputs.services }}"
-
-          if [ "$INPUT_SERVICES" == "all" ]; then
-            # Scans the services directory and creates a JSON array of folder names
-            # Requires jq installed (standard on runner)
-            echo "Scanning packages for all services..."
-            MATRIX_JSON=$(ls -d packages/*/ | xargs -n 1 basename | jq -R -s -c 'split("\n")[:-1]')
-          else
-            # Splits comma-separated string into JSON array
-            echo "Parsing specific services: $INPUT_SERVICES"
-            MATRIX_JSON=$(echo "$INPUT_SERVICES" | jq -R -c 'split(",") | map(sub("^\\s+";"") | sub("\\s+$";""))')
-          fi
+          MATRIX_JSON=$(node scripts/generate-matrix.mjs)
+          echo "matrix=$MATRIX_JSON" >> "$GITHUB_OUTPUT"
 
-          echo "Target Services: $MATRIX_JSON"
-          echo "matrix=$MATRIX_JSON" >> $GITHUB_OUTPUT
-
-  # JOB 2: Build and Push in Parallel
-  build-and-push:
+  build-and-push-docker:
     needs: setup
     runs-on: ubuntu-latest
     strategy:
-      fail-fast: false
       matrix:
-        service: ${{ fromJson(needs.setup.outputs.matrix) }}
+        include: ${{ fromJson(needs.setup.outputs.matrix) }}
 
     permissions:
       contents: read
-      packages: write
 
     steps:
-      - name: Checkout code
-        uses: actions/checkout@v5
-
-      - name: Set up Node.js
-        uses: actions/setup-node@v6
-        with:
-          node-version: '24'
-          # cache: 'npm' # Uncomment if you want caching
-
-      # Login to Registry (Default: GitHub Container Registry)
+      - name: Check out TS Project Git repository
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6
+      - uses: docker/setup-buildx-action@v4
+        id: setup-buildx
       - name: Log in to the Container registry
-        uses: docker/login-action@v3
+        uses: docker/login-action@v4
         with:
           registry: ${{ secrets.ACR_URL }}
           username: ${{ secrets.ACR_PUSH_USER }}
           password: ${{ secrets.ACR_PUSH_TOKEN }}
-          # For Docker Hub, use secrets.DOCKER_USERNAME and secrets.DOCKER_PASSWORD
-
-      # Step to install dependencies.
-      # In a monorepo, you usually install at root to link workspaces.
-      - name: Install Dependencies
-        run: npm ci
+      - name: Init nodejs
+        uses: ./.github/actions/init-pnpm
+        with:
+          install-filter: './apps/*'
+      - name: Create new lockfile for the service
+        shell: bash
+        run: pnpm exec turbo prune ${{ matrix.service }} --docker
+      - name: cache pnpm store
+        uses: actions/cache@v5
+        with:
+          path: cache-mount
+
+          key: ${{ runner.os }}-pnpm-store-${{ matrix.service }}-${{ hashFiles('out/pnpm-lock.yaml') }}
+          restore-keys: |
+            ${{ runner.os }}-pnpm-store-${{ matrix.service }}-
+            ${{ runner.os }}-pnpm-store-
+      - name: Restore docker cache
+        uses: reproducible-containers/buildkit-cache-dance@v3
+        with:
+          builder: ${{ steps.setup-buildx.outputs.name }}
+          cache-dir: cache-mount
+          dockerfile: ${{ matrix.dockerfile }}
+      - name: Build and push
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          tags: ${{ secrets.ACR_URL }}/infra/${{ matrix.service }}:${{ matrix.version }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+          file: ${{ matrix.dockerfile }}
+          push: true
+
+  build-and-push-helm:
+    needs: setup
+    runs-on: ubuntu-latest
 
-      # The core requirement: Run the npm script
-      - name: Build Docker Image (npm script)
-        working-directory: packages/${{ matrix.service }}
-        run: npm run build:docker
+    permissions:
+      contents: read
 
-      # Retag and Push
-      - name: Tag and Push Image
+    steps:
+      - name: Check out TS Project Git repository
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6
+      - name: Init nodejs
+        uses: ./.github/actions/init-pnpm
+        with:
+          install-filter: '.'
+      - name: Log in to the Container registry
+        uses: docker/login-action@v4
+        with:
+          registry: ${{ secrets.ACR_URL }}
+          username: ${{ secrets.ACR_PUSH_USER }}
+          password: ${{ secrets.ACR_PUSH_TOKEN }}
+      - name: Get version from manifest
+        id: get_version
+        shell: bash
         run: |
-          SERVICE_NAME="${{ matrix.service }}"
-          VERSION="${{ github.event.inputs.version }}"
-
-          # The full target path (e.g., ghcr.io/user/repo/service:v1.0.0)
-          # We lowercase the repo name because docker requires lowercase
-          IMAGE_ID=$(echo "${{ secrets.ACR_URL }}/infra/$SERVICE_NAME" | tr '[:upper:]' '[:lower:]')
-
-          echo "Pushing image to: $IMAGE_ID:$VERSION"
-
-          # 1. Tag the locally built image (assuming local name is simply the service name)
-          docker tag $SERVICE_NAME:latest $IMAGE_ID:$VERSION
-
-          # 2. Push to registry
-          docker push $IMAGE_ID:$VERSION
+          VERSION=$(cat .release-please-manifest.json | jq -r '.["."]')
+          echo "version=$VERSION" >> "$GITHUB_OUTPUT"
+
+      - name: build dependencies
+        shell: bash
+        run: pnpm --filter "./apps/*" -rc --parallel exec 'helm dependency build ./helm || true'
+      - name: Push Chart to ACR
+        uses: appany/helm-oci-chart-releaser@v0.5.0
+        with:
+          name: ${{ github.event.repository.name }}
+          repository: helm/infra
+          tag: ${{ steps.get_version.outputs.version }}
+          path: ./helm
+          registry: ${{ secrets.ACR_URL }}
+          registry_username: ${{ secrets.ACR_PUSH_USER }}
+          registry_password: ${{ secrets.ACR_PUSH_TOKEN }}
+          update_dependencies: 'true' # Defaults to false