@catladder/pipeline 1.163.0 → 1.163.2

package/examples/__snapshots__/kubernetes-with-mongodb.test.ts.snap

@@ -1,2574 +1,1903 @@
 // Jest Snapshot v1, https://goo.gl/fbAQLP
 
-exports[`matches snapshot for kubernetes-with-mongodb 1`] = `
-{
-  "mainBranch": {
-    "image": "path/to/docker/jobs-default:the-version",
-    "jobs": {
-      "api ↩️ Rollback ⚠️ | dev ": {
-        "allow_failure": true,
-        "artifacts": {
-          "reports": {
-            "dotenv": "gitlab_environment.env",
-          },
-        },
-        "environment": {
-          "action": "access",
-          "name": "dev/api",
-          "url": "$CL_GITLAB_ENVIRONMENT_URL",
-        },
-        "image": "path/to/docker/kubernetes:the-version",
-        "interruptible": true,
-        "needs": [],
-        "retry": {
-          "max": 2,
-          "when": [
-            "runner_system_failure",
-            "stuck_or_timeout_failure",
-          ],
-        },
-        "rules": [
-          {
-            "when": "manual",
-          },
-        ],
-        "script": [
-          "echo -e "\\e[0Ksection_start:$(date +%s):injectvars[collapsed=true]\\r\\e[0KInjecting variables"",
-          "export ENV_SHORT="dev"",
-          "export APP_DIR="api"",
-          "export ENV_TYPE="dev"",
-          "export BUILD_INFO_BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"",
-          "export BUILD_INFO_BUILD_TIME="$CI_JOB_STARTED_AT"",
-          "export BUILD_INFO_CURRENT_VERSION="$(tag=$(git ls-remote origin "refs/tags/v*[0-9]" 2>/dev/null | cut -f 2- | sort -V | tail -1 | sed 's/refs\\/tags\\/v//'); [ -z "$tag" ] && echo "0.0.0" || echo "$tag")"",
-          "export HOST="api.dev.test-app.pan.panter.cloud"",
-          "export ROOT_URL="https://api.dev.test-app.pan.panter.cloud"",
-          "export HOST_INTERNAL="api.dev.test-app.pan.panter.cloud"",
-          "export HOST_CANONICAL="api.dev.test-app.pan.panter.cloud"",
-          "export ROOT_URL_INTERNAL="https://api.dev.test-app.pan.panter.cloud"",
-          "export KUBE_NAMESPACE="pan-test-app-dev"",
-          "export KUBE_APP_NAME="api"",
-          "export KUBE_APP_NAME_PREFIX=""",
-          "export MONGODB_ROOT_PASSWORD="$CL_dev_api_MONGODB_ROOT_PASSWORD"",
-          "export MONGODB_REPLICASET_KEY="$CL_dev_api_MONGODB_REPLICASET_KEY"",
-          "export _ALL_ENV_VAR_KEYS="[\\"ENV_SHORT\\",\\"APP_DIR\\",\\"ENV_TYPE\\",\\"BUILD_INFO_BUILD_ID\\",\\"BUILD_INFO_BUILD_TIME\\",\\"BUILD_INFO_CURRENT_VERSION\\",\\"HOST\\",\\"ROOT_URL\\",\\"HOST_INTERNAL\\",\\"HOST_CANONICAL\\",\\"ROOT_URL_INTERNAL\\",\\"KUBE_NAMESPACE\\",\\"KUBE_APP_NAME\\",\\"KUBE_APP_NAME_PREFIX\\",\\"MONGODB_ROOT_PASSWORD\\",\\"MONGODB_REPLICASET_KEY\\"]"",
-          "export RELEASE_NAME="pan-test-app-dev-api"",
-          "export HELM_EXPERIMENTAL_OCI="1"",
-          "export KUBE_DOCKER_IMAGE_PULL_SECRET="gitlab-registry-api"",
-          "export HELM_GITLAB_CHART_NAME="/helm-charts/the-panter-chart"",
-          "export HELM_ARGS=""",
-          "export COMPONENT_NAME="api"",
-          "export BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"",
-          "echo -e "\\e[0Ksection_end:$(date +%s):injectvars\\r\\e[0K"",
-          "kubectl config set-cluster "kube-pan-test-app-dev-api" --server="$CL_dev_api_KUBE_URL" --certificate-authority <(echo $CL_dev_api_KUBE_CA_PEM | base64 -d) --embed-certs=true",
-          "kubectl config set-credentials "kube-pan-test-app-dev-api" --token="$CL_dev_api_KUBE_TOKEN"",
-          "kubectl config set-context "kube-pan-test-app-dev-api" --cluster="kube-pan-test-app-dev-api" --user="kube-pan-test-app-dev-api" --namespace="pan-test-app-dev"",
-          "kubectl config use-context "kube-pan-test-app-dev-api"",
-          "kubernetesRollback",
-          "echo "CL_GITLAB_ENVIRONMENT_URL=https://api.dev.test-app.pan.panter.cloud" >> gitlab_environment.env",
-        ],
-        "stage": "rollback dev",
-        "variables": {
-          "GIT_STRATEGY": "none",
-          "KUBERNETES_CPU_REQUEST": "0.22",
-          "KUBERNETES_MEMORY_LIMIT": "400Mi",
-          "KUBERNETES_MEMORY_REQUEST": "200Mi",
-        },
-      },
-      "api 👮 lint": {
-        "cache": [
-          {
-            "key": "api-yarn",
-            "paths": [
-              "api/.yarn",
-            ],
-            "policy": "pull-push",
-          },
-          {
-            "key": "api-node-modules",
-            "paths": [
-              "api/node_modules",
-            ],
-            "policy": "pull-push",
-          },
-        ],
-        "image": "path/to/docker/jobs-default:the-version",
-        "interruptible": true,
-        "needs": [],
-        "retry": {
-          "max": 2,
-          "when": [
-            "runner_system_failure",
-            "stuck_or_timeout_failure",
-          ],
-        },
-        "script": [
-          "echo -e "\\e[0Ksection_start:$(date +%s):injectvars[collapsed=true]\\r\\e[0KInjecting variables"",
-          "export APP_PATH="api"",
-          "echo -e "\\e[0Ksection_end:$(date +%s):injectvars\\r\\e[0K"",
-          "echo -e "\\e[0Ksection_start:$(date +%s):nodeinstall[collapsed=true]\\r\\e[0KEnsure node version"",
-          "if [ -f ~/.nvm/nvm.sh ];  then source ~/.nvm/nvm.sh; fi",
-          "if command -v nvm &> /dev/null && [ -f ./.nvmrc ]; then nvm install; fi",
-          "echo -e "\\e[0Ksection_end:$(date +%s):nodeinstall\\r\\e[0K"",
-          "cd api",
-          "echo -e "\\e[0Ksection_start:$(date +%s):nodeinstall[collapsed=true]\\r\\e[0KEnsure node version"",
-          "if [ -f ~/.nvm/nvm.sh ];  then source ~/.nvm/nvm.sh; fi",
-          "if command -v nvm &> /dev/null && [ -f ./.nvmrc ]; then nvm install; fi",
-          "echo -e "\\e[0Ksection_end:$(date +%s):nodeinstall\\r\\e[0K"",
-          "echo -e "\\e[0Ksection_start:$(date +%s):yarninstall[collapsed=true]\\r\\e[0KYarn install"",
-          "yarn install --immutable",
-          "echo -e "\\e[0Ksection_end:$(date +%s):yarninstall\\r\\e[0K"",
-          "yarn lint",
-        ],
-        "stage": "test",
-        "variables": {
-          "KUBERNETES_CPU_REQUEST": "0.45",
-          "KUBERNETES_MEMORY_LIMIT": "4Gi",
-          "KUBERNETES_MEMORY_REQUEST": "1Gi",
-        },
-      },
-      "api 🔨 app | dev ": {
-        "artifacts": {
-          "expire_in": "1 day",
-          "paths": [
-            "api/__build_info.json",
-            "api/.next",
-            "api/dist",
-          ],
-          "reports": {
-            "junit": undefined,
-          },
-          "when": "always",
-        },
-        "cache": [
-          {
-            "key": "api-yarn",
-            "paths": [
-              "api/.yarn",
-            ],
-            "policy": "pull-push",
-          },
-          {
-            "key": "api-node-modules",
-            "paths": [
-              "api/node_modules",
-            ],
-            "policy": "pull-push",
-          },
-          {
-            "key": "api-next-cache",
-            "paths": [
-              "api/.next/cache",
-            ],
-            "policy": "pull-push",
-          },
-        ],
-        "image": "path/to/docker/jobs-default:the-version",
-        "interruptible": true,
-        "needs": [],
-        "retry": {
-          "max": 2,
-          "when": [
-            "runner_system_failure",
-            "stuck_or_timeout_failure",
-          ],
-        },
-        "script": [
-          "echo -e "\\e[0Ksection_start:$(date +%s):injectvars[collapsed=true]\\r\\e[0KInjecting variables"",
-          "export ENV_SHORT="dev"",
-          "export APP_DIR="api"",
-          "export ENV_TYPE="dev"",
-          "export BUILD_INFO_BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"",
-          "export BUILD_INFO_BUILD_TIME="$CI_JOB_STARTED_AT"",
-          "export BUILD_INFO_CURRENT_VERSION="$(tag=$(git ls-remote origin "refs/tags/v*[0-9]" 2>/dev/null | cut -f 2- | sort -V | tail -1 | sed 's/refs\\/tags\\/v//'); [ -z "$tag" ] && echo "0.0.0" || echo "$tag")"",
-          "export HOST="api.dev.test-app.pan.panter.cloud"",
-          "export ROOT_URL="https://api.dev.test-app.pan.panter.cloud"",
-          "export HOST_INTERNAL="api.dev.test-app.pan.panter.cloud"",
-          "export HOST_CANONICAL="api.dev.test-app.pan.panter.cloud"",
-          "export ROOT_URL_INTERNAL="https://api.dev.test-app.pan.panter.cloud"",
-          "export KUBE_NAMESPACE="pan-test-app-dev"",
-          "export KUBE_APP_NAME="api"",
-          "export KUBE_APP_NAME_PREFIX=""",
-          "export MONGODB_ROOT_PASSWORD="$CL_dev_api_MONGODB_ROOT_PASSWORD"",
-          "export MONGODB_REPLICASET_KEY="$CL_dev_api_MONGODB_REPLICASET_KEY"",
-          "export _ALL_ENV_VAR_KEYS="[\\"ENV_SHORT\\",\\"APP_DIR\\",\\"ENV_TYPE\\",\\"BUILD_INFO_BUILD_ID\\",\\"BUILD_INFO_BUILD_TIME\\",\\"BUILD_INFO_CURRENT_VERSION\\",\\"HOST\\",\\"ROOT_URL\\",\\"HOST_INTERNAL\\",\\"HOST_CANONICAL\\",\\"ROOT_URL_INTERNAL\\",\\"KUBE_NAMESPACE\\",\\"KUBE_APP_NAME\\",\\"KUBE_APP_NAME_PREFIX\\",\\"MONGODB_ROOT_PASSWORD\\",\\"MONGODB_REPLICASET_KEY\\"]"",
-          "echo -e "\\e[0Ksection_end:$(date +%s):injectvars\\r\\e[0K"",
-          "echo '{"id":"$(git describe --tags 2>/dev/null || git rev-parse HEAD)","time":"$CI_JOB_STARTED_AT"}' > api/__build_info.json",
-          "echo -e "\\e[0Ksection_start:$(date +%s):nodeinstall[collapsed=true]\\r\\e[0KEnsure node version"",
-          "if [ -f ~/.nvm/nvm.sh ];  then source ~/.nvm/nvm.sh; fi",
-          "if command -v nvm &> /dev/null && [ -f ./.nvmrc ]; then nvm install; fi",
-          "echo -e "\\e[0Ksection_end:$(date +%s):nodeinstall\\r\\e[0K"",
-          "cd api",
-          "echo -e "\\e[0Ksection_start:$(date +%s):nodeinstall[collapsed=true]\\r\\e[0KEnsure node version"",
-          "if [ -f ~/.nvm/nvm.sh ];  then source ~/.nvm/nvm.sh; fi",
-          "if command -v nvm &> /dev/null && [ -f ./.nvmrc ]; then nvm install; fi",
-          "echo -e "\\e[0Ksection_end:$(date +%s):nodeinstall\\r\\e[0K"",
-          "echo -e "\\e[0Ksection_start:$(date +%s):yarninstall[collapsed=true]\\r\\e[0KYarn install"",
-          "yarn install --immutable",
-          "echo -e "\\e[0Ksection_end:$(date +%s):yarninstall\\r\\e[0K"",
-          "yarn build",
-        ],
-        "stage": "build",
-        "variables": {
-          "KUBERNETES_CPU_REQUEST": "0.45",
-          "KUBERNETES_MEMORY_LIMIT": "4Gi",
-          "KUBERNETES_MEMORY_REQUEST": "1Gi",
-        },
-      },
-      "api 🔨 docker | dev ": {
-        "cache": [
-          {
-            "key": "api-yarn",
-            "paths": [
-              "api/.yarn",
-            ],
-            "policy": "pull",
-          },
-        ],
-        "image": "path/to/docker/docker-build:the-version",
-        "interruptible": true,
-        "needs": [
-          "api 🔨 app | dev ",
-        ],
-        "retry": {
-          "max": 2,
-          "when": [
-            "runner_system_failure",
-            "stuck_or_timeout_failure",
-          ],
-        },
-        "script": [
-          "echo -e "\\e[0Ksection_start:$(date +%s):injectvars[collapsed=true]\\r\\e[0KInjecting variables"",
-          "export APP_DIR="api"",
-          "export DOCKER_BUILD_CONTEXT="."",
-          "export DOCKER_REGISTRY="$CI_REGISTRY"",
-          "export DOCKER_CACHE_IMAGE="$CI_REGISTRY_IMAGE/caches/api"",
-          "export DOCKER_IMAGE_NAME="dev/api"",
-          "export DOCKER_IMAGE="$CI_REGISTRY_IMAGE/$DOCKER_IMAGE_NAME"",
-          "export DOCKER_IMAGE_TAG="$CI_COMMIT_SHA"",
-          "export DOCKER_COPY_AND_INSTALL_APP="COPY --chown=node:node $APP_DIR .
-RUN yarn plugin import workspace-tools
-RUN yarn workspaces focus --production && yarn rebuild"",
-          "export DOCKER_COPY_WORKSPACE_FILES="COPY --chown=node:node api/package.json /app/api/package.json
-COPY --chown=node:node api/yarn.lock /app/api/yarn.lock
-COPY --chown=node:node .yarnrc.yml /app/.yarnrc.yml
-COPY --chown=node:node .yarn /app/.yarn"",
-          "echo -e "\\e[0Ksection_end:$(date +%s):injectvars\\r\\e[0K"",
-          "ensureNodeDockerfile",
-          "echo -e "\\e[0Ksection_start:$(date +%s):docker-login[collapsed=true]\\r\\e[0KDocker Login"",
-          "docker login --username gitlab-ci-token --password $CI_JOB_TOKEN $CI_REGISTRY",
-          "echo -e "\\e[0Ksection_end:$(date +%s):docker-login\\r\\e[0K"",
-          "echo -e "\\e[0Ksection_start:$(date +%s):docker-build[collapsed=true]\\r\\e[0KDocker build"",
-          "docker build --network host --cache-from $DOCKER_CACHE_IMAGE --tag $DOCKER_IMAGE:$DOCKER_IMAGE_TAG -f $APP_DIR/Dockerfile $DOCKER_BUILD_CONTEXT --build-arg BUILDKIT_INLINE_CACHE=1",
-          "echo -e "\\e[0Ksection_end:$(date +%s):docker-build\\r\\e[0K"",
-          "echo -e "\\e[0Ksection_start:$(date +%s):docker-push[collapsed=true]\\r\\e[0KDocker push and tag"",
-          "docker push $DOCKER_IMAGE:$DOCKER_IMAGE_TAG",
-          "docker tag $DOCKER_IMAGE:$DOCKER_IMAGE_TAG $DOCKER_CACHE_IMAGE",
-          "docker push $DOCKER_CACHE_IMAGE",
-          "echo -e "\\e[0Ksection_end:$(date +%s):docker-push\\r\\e[0K"",
-        ],
-        "services": [
-          {
-            "command": [
-              "--tls=false",
-            ],
-            "name": "docker:24.0.6-dind",
-          },
-        ],
-        "stage": "build",
-        "variables": {
-          "DOCKER_BUILDKIT": "1",
-          "DOCKER_DRIVER": "overlay2",
-          "DOCKER_HOST": "tcp://0.0.0.0:2375",
-          "DOCKER_TLS_CERTDIR": "",
-          "KUBERNETES_CPU_REQUEST": "0.45",
-          "KUBERNETES_MEMORY_LIMIT": "2Gi",
-          "KUBERNETES_MEMORY_REQUEST": "1Gi",
-        },
-      },
-      "api 🚀 Deploy | dev ": {
-        "allow_failure": false,
-        "artifacts": {
-          "reports": {
-            "dotenv": "gitlab_environment.env",
-          },
-        },
-        "environment": {
-          "auto_stop_in": "4 weeks",
-          "name": "dev/api",
-          "on_stop": "api 🛑 Stop ⚠️ | dev ",
-          "url": "$CL_GITLAB_ENVIRONMENT_URL",
-        },
-        "image": "path/to/docker/kubernetes:the-version",
-        "interruptible": true,
-        "needs": [
-          {
-            "artifacts": false,
-            "job": "api 👮 lint",
-          },
-          {
-            "artifacts": false,
-            "job": "api 🔨 app | dev ",
-          },
-          {
-            "artifacts": false,
-            "job": "api 🔨 docker | dev ",
-          },
-          {
-            "artifacts": false,
-            "job": "api 🧪 test",
-          },
-          {
-            "artifacts": true,
-            "job": "api 🧾 sbom | dev ",
-          },
-          {
-            "artifacts": false,
-            "job": "api 🛡 audit",
-          },
-        ],
-        "retry": {
-          "max": 2,
-          "when": [
-            "runner_system_failure",
-            "stuck_or_timeout_failure",
-          ],
-        },
-        "rules": [
-          {
-            "when": "on_success",
-          },
-        ],
-        "script": [
-          "echo -e "\\e[0Ksection_start:$(date +%s):injectvars[collapsed=true]\\r\\e[0KInjecting variables"",
-          "export ENV_SHORT="dev"",
-          "export APP_DIR="api"",
-          "export ENV_TYPE="dev"",
-          "export BUILD_INFO_BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"",
-          "export BUILD_INFO_BUILD_TIME="$CI_JOB_STARTED_AT"",
-          "export BUILD_INFO_CURRENT_VERSION="$(tag=$(git ls-remote origin "refs/tags/v*[0-9]" 2>/dev/null | cut -f 2- | sort -V | tail -1 | sed 's/refs\\/tags\\/v//'); [ -z "$tag" ] && echo "0.0.0" || echo "$tag")"",
-          "export HOST="api.dev.test-app.pan.panter.cloud"",
-          "export ROOT_URL="https://api.dev.test-app.pan.panter.cloud"",
-          "export HOST_INTERNAL="api.dev.test-app.pan.panter.cloud"",
-          "export HOST_CANONICAL="api.dev.test-app.pan.panter.cloud"",
-          "export ROOT_URL_INTERNAL="https://api.dev.test-app.pan.panter.cloud"",
-          "export KUBE_NAMESPACE="pan-test-app-dev"",
-          "export KUBE_APP_NAME="api"",
-          "export KUBE_APP_NAME_PREFIX=""",
-          "export MONGODB_ROOT_PASSWORD="$CL_dev_api_MONGODB_ROOT_PASSWORD"",
-          "export MONGODB_REPLICASET_KEY="$CL_dev_api_MONGODB_REPLICASET_KEY"",
-          "export _ALL_ENV_VAR_KEYS="[\\"ENV_SHORT\\",\\"APP_DIR\\",\\"ENV_TYPE\\",\\"BUILD_INFO_BUILD_ID\\",\\"BUILD_INFO_BUILD_TIME\\",\\"BUILD_INFO_CURRENT_VERSION\\",\\"HOST\\",\\"ROOT_URL\\",\\"HOST_INTERNAL\\",\\"HOST_CANONICAL\\",\\"ROOT_URL_INTERNAL\\",\\"KUBE_NAMESPACE\\",\\"KUBE_APP_NAME\\",\\"KUBE_APP_NAME_PREFIX\\",\\"MONGODB_ROOT_PASSWORD\\",\\"MONGODB_REPLICASET_KEY\\"]"",
-          "export DOCKER_REGISTRY="$CI_REGISTRY"",
-          "export DOCKER_CACHE_IMAGE="$CI_REGISTRY_IMAGE/caches/api"",
-          "export DOCKER_IMAGE_NAME="dev/api"",
-          "export DOCKER_IMAGE="$CI_REGISTRY_IMAGE/$DOCKER_IMAGE_NAME"",
-          "export DOCKER_IMAGE_TAG="$CI_COMMIT_SHA"",
-          "export RELEASE_NAME="pan-test-app-dev-api"",
-          "export HELM_EXPERIMENTAL_OCI="1"",
-          "export KUBE_DOCKER_IMAGE_PULL_SECRET="gitlab-registry-api"",
-          "export HELM_GITLAB_CHART_NAME="/helm-charts/the-panter-chart"",
-          "export HELM_ARGS=""",
-          "export COMPONENT_NAME="api"",
-          "export BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"",
-          "echo -e "\\e[0Ksection_end:$(date +%s):injectvars\\r\\e[0K"",
-          "kubectl config set-cluster "kube-pan-test-app-dev-api" --server="$CL_dev_api_KUBE_URL" --certificate-authority <(echo $CL_dev_api_KUBE_CA_PEM | base64 -d) --embed-certs=true",
-          "kubectl config set-credentials "kube-pan-test-app-dev-api" --token="$CL_dev_api_KUBE_TOKEN"",
-          "kubectl config set-context "kube-pan-test-app-dev-api" --cluster="kube-pan-test-app-dev-api" --user="kube-pan-test-app-dev-api" --namespace="pan-test-app-dev"",
-          "kubectl config use-context "kube-pan-test-app-dev-api"",
-          "echo -e "\\e[0Ksection_start:$(date +%s):writeallvalues[collapsed=true]\\r\\e[0KWrite __all_values.yml for helm deployment"",
-          "cat > __all_values.yml <<EOF
-env:
-  secret:
-    MONGODB_ROOT_PASSWORD: |-
-$(printf %s "$CL_dev_api_MONGODB_ROOT_PASSWORD" | sed 's/^/      /')
-    MONGODB_REPLICASET_KEY: |-
-$(printf %s "$CL_dev_api_MONGODB_REPLICASET_KEY" | sed 's/^/      /')
-    MONGO_URL: |-
-      mongodb://root:$CL_dev_api_MONGODB_ROOT_PASSWORD@api-mongodb-0.api-mongodb-headless.pan-test-app-dev.svc.cluster.local:27017,api-mongodb-1.api-mongodb-headless.pan-test-app-dev.svc.cluster.local:27017/app?replicaSet=rs0&authSource=admin
-    MONGO_OPLOG_URL: |-
-      mongodb://root:$CL_dev_api_MONGODB_ROOT_PASSWORD@api-mongodb-0.api-mongodb-headless.pan-test-app-dev.svc.cluster.local:27017,api-mongodb-1.api-mongodb-headless.pan-test-app-dev.svc.cluster.local:27017/local?replicaSet=rs0&authSource=admin
-  public:
-    ENV_SHORT: |-
-      dev
-    APP_DIR: |-
-      api
-    ENV_TYPE: |-
-      dev
-    BUILD_INFO_BUILD_ID: |-
-$(printf %s "$(git describe --tags 2>/dev/null || git rev-parse HEAD)" | sed 's/^/      /')
-    BUILD_INFO_BUILD_TIME: |-
-$(printf %s "$CI_JOB_STARTED_AT" | sed 's/^/      /')
-    BUILD_INFO_CURRENT_VERSION: |-
-$(printf %s "$(tag=$(git ls-remote origin "refs/tags/v*[0-9]" 2>/dev/null | cut -f 2- | sort -V | tail -1 | sed 's/refs\\/tags\\/v//'); [ -z "$tag" ] && echo "0.0.0" || echo "$tag")" | sed 's/^/      /')
-    HOST: |-
-      api.dev.test-app.pan.panter.cloud
-    ROOT_URL: |-
-      https://api.dev.test-app.pan.panter.cloud
-    HOST_INTERNAL: |-
-      api.dev.test-app.pan.panter.cloud
-    HOST_CANONICAL: |-
-      api.dev.test-app.pan.panter.cloud
-    ROOT_URL_INTERNAL: |-
-      https://api.dev.test-app.pan.panter.cloud
-    KUBE_NAMESPACE: |-
-      pan-test-app-dev
-    KUBE_APP_NAME: |-
-      api
-    KUBE_APP_NAME_PREFIX: ""
-    _ALL_ENV_VAR_KEYS: |-
-      ["ENV_SHORT","APP_DIR","ENV_TYPE","BUILD_INFO_BUILD_ID","BUILD_INFO_BUILD_TIME","BUILD_INFO_CURRENT_VERSION","HOST","ROOT_URL","HOST_INTERNAL","HOST_CANONICAL","ROOT_URL_INTERNAL","KUBE_NAMESPACE","KUBE_APP_NAME","KUBE_APP_NAME_PREFIX","MONGODB_ROOT_PASSWORD","MONGODB_REPLICASET_KEY"]
-application:
-  host: |-
-    api.dev.test-app.pan.panter.cloud
-  command: |-
-    node main.js
-  livenessProbe:
-    httpGet:
-      path: |-
-        __health
-  readinessProbe:
-    httpGet:
-      path: |-
-        __health
-  startupProbe:
-    httpGet:
-      path: |-
-        __health
-mongodb:
-  enabled: true
-  auth:
-    enabled: true
-    rootPassword: |-
-      $CL_dev_api_MONGODB_ROOT_PASSWORD
-    replicaSetKey: |-
-      $CL_dev_api_MONGODB_REPLICASET_KEY
-  persistence:
-    storageClass: |-
-      premium-rwo
-  backup:
-    enabled: false
-    hostToBackup: |-
-      api-mongodb-0.api-mongodb-headless.pan-test-app-dev.svc.cluster.local:27017
-    pvcToBackup: |-
-      datadir-api-mongodb-0
-    image: |-
-      mrelite/kubectlmongoshell:v1.0
-    schedule: |-
-      0 4 * * *
-    volumeSnapshotClass: |-
-      snapshotclass
-  architecture: |-
-    replicaset
-  tolerations:
-    - key: |-
-        mongodb
-      operator: |-
-        Equal
-      value: |-
-        true
-      effect: |-
-        NoSchedule
+exports[`matches snapshot for kubernetes-with-mongodb local pipeline YAML 1`] = `
+"image: path/to/docker/jobs-default:the-version
+stages:
+  - setup
+  - setup dev
+  - setup review
+  - setup stage
+  - setup prod
+  - test
+  - test dev
+  - test review
+  - test stage
+  - test prod
+  - build
+  - build dev
+  - build review
+  - build stage
+  - build prod
+  - deploy
+  - deploy dev
+  - deploy review
+  - deploy stage
+  - deploy prod
+  - verify
+  - verify dev
+  - verify review
+  - verify stage
+  - verify prod
+  - rollback
+  - rollback dev
+  - rollback review
+  - rollback stage
+  - rollback prod
+  - stop
+  - stop dev
+  - stop review
+  - stop stage
+  - stop prod
+  - release
+variables:
+  FF_USE_FASTZIP: 'true'
+  ARTIFACT_COMPRESSION_LEVEL: fast
+  CACHE_COMPRESSION_LEVEL: fast
+  TRANSFER_METER_FREQUENCY: 5s
+  GIT_DEPTH: '1'
+api 🛡 audit:
+  stage: test
+  image: path/to/docker/jobs-default:the-version
+  variables:
+    KUBERNETES_CPU_REQUEST: '0.45'
+    KUBERNETES_MEMORY_REQUEST: 1Gi
+    KUBERNETES_MEMORY_LIMIT: 4Gi
+  script:
+    - echo -e "\\e[0Ksection_start:$(date +%s):injectvars[collapsed=true]\\r\\e[0KInjecting variables"
+    - export APP_PATH="api"
+    - echo -e "\\e[0Ksection_end:$(date +%s):injectvars\\r\\e[0K"
+    - cd api
+    - yarn npm audit --environment production
+  rules:
+    - when: never
+      if: $CI_COMMIT_MESSAGE =~ /^chore\\(release\\).*/
+    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
+    - if: $CI_MERGE_REQUEST_ID
+  needs: []
+  retry: &a1
+    max: 2
+    when:
+      - runner_system_failure
+      - stuck_or_timeout_failure
+  interruptible: true
+  allow_failure: true
+api 👮 lint:
+  stage: test
+  image: path/to/docker/jobs-default:the-version
+  variables:
+    KUBERNETES_CPU_REQUEST: '0.45'
+    KUBERNETES_MEMORY_REQUEST: 1Gi
+    KUBERNETES_MEMORY_LIMIT: 4Gi
+  script:
+    - echo -e "\\e[0Ksection_start:$(date +%s):injectvars[collapsed=true]\\r\\e[0KInjecting variables"
+    - export APP_PATH="api"
+    - echo -e "\\e[0Ksection_end:$(date +%s):injectvars\\r\\e[0K"
+    - echo -e "\\e[0Ksection_start:$(date +%s):nodeinstall[collapsed=true]\\r\\e[0KEnsure node version"
+    - if [ -f ~/.nvm/nvm.sh ];  then source ~/.nvm/nvm.sh; fi
+    - if command -v nvm &> /dev/null && [ -f ./.nvmrc ]; then nvm install; fi
+    - echo -e "\\e[0Ksection_end:$(date +%s):nodeinstall\\r\\e[0K"
+    - cd api
+    - echo -e "\\e[0Ksection_start:$(date +%s):nodeinstall[collapsed=true]\\r\\e[0KEnsure node version"
+    - if [ -f ~/.nvm/nvm.sh ];  then source ~/.nvm/nvm.sh; fi
+    - if command -v nvm &> /dev/null && [ -f ./.nvmrc ]; then nvm install; fi
+    - echo -e "\\e[0Ksection_end:$(date +%s):nodeinstall\\r\\e[0K"
+    - echo -e "\\e[0Ksection_start:$(date +%s):yarninstall[collapsed=true]\\r\\e[0KYarn install"
+    - yarn install --immutable
+    - echo -e "\\e[0Ksection_end:$(date +%s):yarninstall\\r\\e[0K"
+    - yarn lint
+  cache:
+    - key: api-yarn
+      policy: pull-push
+      paths:
+        - api/.yarn
+    - key: api-node-modules
+      policy: pull-push
+      paths:
+        - api/node_modules
+  rules:
+    - when: never
+      if: $CI_COMMIT_MESSAGE =~ /^chore\\(release\\).*/
+    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
+    - if: $CI_MERGE_REQUEST_ID
+  needs: []
+  retry: *a1
+  interruptible: true
+api 🧪 test:
+  stage: test
+  image: path/to/docker/jobs-testing-chrome:the-version
+  variables:
+    KUBERNETES_CPU_REQUEST: '0.45'
+    KUBERNETES_MEMORY_REQUEST: 1Gi
+    KUBERNETES_MEMORY_LIMIT: 4Gi
+  script:
+    - echo -e "\\e[0Ksection_start:$(date +%s):injectvars[collapsed=true]\\r\\e[0KInjecting variables"
+    - export APP_PATH="api"
+    - echo -e "\\e[0Ksection_end:$(date +%s):injectvars\\r\\e[0K"
+    - echo -e "\\e[0Ksection_start:$(date +%s):nodeinstall[collapsed=true]\\r\\e[0KEnsure node version"
+    - if [ -f ~/.nvm/nvm.sh ];  then source ~/.nvm/nvm.sh; fi
+    - if command -v nvm &> /dev/null && [ -f ./.nvmrc ]; then nvm install; fi
+    - echo -e "\\e[0Ksection_end:$(date +%s):nodeinstall\\r\\e[0K"
+    - cd api
+    - echo -e "\\e[0Ksection_start:$(date +%s):nodeinstall[collapsed=true]\\r\\e[0KEnsure node version"
+    - if [ -f ~/.nvm/nvm.sh ];  then source ~/.nvm/nvm.sh; fi
+    - if command -v nvm &> /dev/null && [ -f ./.nvmrc ]; then nvm install; fi
+    - echo -e "\\e[0Ksection_end:$(date +%s):nodeinstall\\r\\e[0K"
+    - echo -e "\\e[0Ksection_start:$(date +%s):yarninstall[collapsed=true]\\r\\e[0KYarn install"
+    - yarn install --immutable
+    - echo -e "\\e[0Ksection_end:$(date +%s):yarninstall\\r\\e[0K"
+    - yarn test
+  cache:
+    - key: api-yarn
+      policy: pull-push
+      paths:
+        - api/.yarn
+    - key: api-node-modules
+      policy: pull-push
+      paths:
+        - api/node_modules
+  rules:
+    - when: never
+      if: $CI_COMMIT_MESSAGE =~ /^chore\\(release\\).*/
+    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
+    - if: $CI_MERGE_REQUEST_ID
+  needs: []
+  retry: *a1
+  interruptible: true
+'api 🔨 app | dev ':
+  stage: build
+  image: path/to/docker/jobs-default:the-version
+  variables:
+    KUBERNETES_CPU_REQUEST: '0.45'
+    KUBERNETES_MEMORY_REQUEST: 1Gi
+    KUBERNETES_MEMORY_LIMIT: 4Gi
+  script:
+    - echo -e "\\e[0Ksection_start:$(date +%s):injectvars[collapsed=true]\\r\\e[0KInjecting variables"
+    - export ENV_SHORT="dev"
+    - export APP_DIR="api"
+    - export ENV_TYPE="dev"
+    - export BUILD_INFO_BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"
+    - export BUILD_INFO_BUILD_TIME="$CI_JOB_STARTED_AT"
+    - export BUILD_INFO_CURRENT_VERSION="$(tag=$(git ls-remote origin "refs/tags/v*[0-9]" 2>/dev/null | cut -f 2- | sort -V | tail -1 | sed 's/refs\\/tags\\/v//'); [ -z "$tag" ] && echo "0.0.0" || echo "$tag")"
+    - export HOST="api.dev.test-app.pan.panter.cloud"
+    - export ROOT_URL="https://api.dev.test-app.pan.panter.cloud"
+    - export HOST_INTERNAL="api.dev.test-app.pan.panter.cloud"
+    - export HOST_CANONICAL="api.dev.test-app.pan.panter.cloud"
+    - export ROOT_URL_INTERNAL="https://api.dev.test-app.pan.panter.cloud"
+    - export KUBE_NAMESPACE="pan-test-app-dev"
+    - export KUBE_APP_NAME="api"
+    - export KUBE_APP_NAME_PREFIX=""
+    - export MONGODB_ROOT_PASSWORD="$CL_dev_api_MONGODB_ROOT_PASSWORD"
+    - export MONGODB_REPLICASET_KEY="$CL_dev_api_MONGODB_REPLICASET_KEY"
+    - export _ALL_ENV_VAR_KEYS="[\\"ENV_SHORT\\",\\"APP_DIR\\",\\"ENV_TYPE\\",\\"BUILD_INFO_BUILD_ID\\",\\"BUILD_INFO_BUILD_TIME\\",\\"BUILD_INFO_CURRENT_VERSION\\",\\"HOST\\",\\"ROOT_URL\\",\\"HOST_INTERNAL\\",\\"HOST_CANONICAL\\",\\"ROOT_URL_INTERNAL\\",\\"KUBE_NAMESPACE\\",\\"KUBE_APP_NAME\\",\\"KUBE_APP_NAME_PREFIX\\",\\"MONGODB_ROOT_PASSWORD\\",\\"MONGODB_REPLICASET_KEY\\"]"
+    - echo -e "\\e[0Ksection_end:$(date +%s):injectvars\\r\\e[0K"
+    - echo '{"id":"$(git describe --tags 2>/dev/null || git rev-parse HEAD)","time":"$CI_JOB_STARTED_AT"}' > api/__build_info.json
+    - echo -e "\\e[0Ksection_start:$(date +%s):nodeinstall[collapsed=true]\\r\\e[0KEnsure node version"
+    - if [ -f ~/.nvm/nvm.sh ];  then source ~/.nvm/nvm.sh; fi
+    - if command -v nvm &> /dev/null && [ -f ./.nvmrc ]; then nvm install; fi
+    - echo -e "\\e[0Ksection_end:$(date +%s):nodeinstall\\r\\e[0K"
+    - cd api
+    - echo -e "\\e[0Ksection_start:$(date +%s):nodeinstall[collapsed=true]\\r\\e[0KEnsure node version"
+    - if [ -f ~/.nvm/nvm.sh ];  then source ~/.nvm/nvm.sh; fi
+    - if command -v nvm &> /dev/null && [ -f ./.nvmrc ]; then nvm install; fi
+    - echo -e "\\e[0Ksection_end:$(date +%s):nodeinstall\\r\\e[0K"
+    - echo -e "\\e[0Ksection_start:$(date +%s):yarninstall[collapsed=true]\\r\\e[0KYarn install"
+    - yarn install --immutable
+    - echo -e "\\e[0Ksection_end:$(date +%s):yarninstall\\r\\e[0K"
+    - yarn build
+  cache:
+    - key: api-yarn
+      policy: pull-push
+      paths:
+        - api/.yarn
+    - key: api-node-modules
+      policy: pull-push
+      paths:
+        - api/node_modules
+    - key: api-next-cache
+      policy: pull-push
+      paths:
+        - api/.next/cache
+  artifacts:
+    paths:
+      - api/__build_info.json
+      - api/.next
+      - api/dist
+    expire_in: 1 day
+    when: always
+    reports: {}
+  rules:
+    - when: never
+      if: $CI_COMMIT_MESSAGE =~ /^chore\\(release\\).*/
+    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
+  needs: []
+  retry: *a1
+  interruptible: true
+'api 🔨 docker | dev ':
+  stage: build
+  image: path/to/docker/docker-build:the-version
+  services:
+    - name: docker:24.0.6-dind
+      command:
+        - --tls=false
+  variables:
+    DOCKER_HOST: tcp://0.0.0.0:2375
+    DOCKER_TLS_CERTDIR: ''
+    DOCKER_DRIVER: overlay2
+    DOCKER_BUILDKIT: '1'
+    KUBERNETES_CPU_REQUEST: '0.45'
+    KUBERNETES_MEMORY_REQUEST: 1Gi
+    KUBERNETES_MEMORY_LIMIT: 2Gi
+  script:
+    - echo -e "\\e[0Ksection_start:$(date +%s):injectvars[collapsed=true]\\r\\e[0KInjecting variables"
+    - export APP_DIR="api"
+    - export DOCKER_BUILD_CONTEXT="."
+    - export DOCKER_REGISTRY="$CI_REGISTRY"
+    - export DOCKER_CACHE_IMAGE="$CI_REGISTRY_IMAGE/caches/api"
+    - export DOCKER_IMAGE_NAME="dev/api"
+    - export DOCKER_IMAGE="$CI_REGISTRY_IMAGE/$DOCKER_IMAGE_NAME"
+    - export DOCKER_IMAGE_TAG="$CI_COMMIT_SHA"
+    - |-
+      export DOCKER_COPY_AND_INSTALL_APP="COPY --chown=node:node $APP_DIR .
+      RUN yarn plugin import workspace-tools
+      RUN yarn workspaces focus --production && yarn rebuild"
+    - |-
+      export DOCKER_COPY_WORKSPACE_FILES="COPY --chown=node:node api/package.json /app/api/package.json
+      COPY --chown=node:node api/yarn.lock /app/api/yarn.lock
+      COPY --chown=node:node .yarnrc.yml /app/.yarnrc.yml
+      COPY --chown=node:node .yarn /app/.yarn"
+    - echo -e "\\e[0Ksection_end:$(date +%s):injectvars\\r\\e[0K"
+    - ensureNodeDockerfile
+    - echo -e "\\e[0Ksection_start:$(date +%s):docker-login[collapsed=true]\\r\\e[0KDocker Login"
+    - docker login --username gitlab-ci-token --password $CI_JOB_TOKEN $CI_REGISTRY
+    - echo -e "\\e[0Ksection_end:$(date +%s):docker-login\\r\\e[0K"
+    - echo -e "\\e[0Ksection_start:$(date +%s):docker-build[collapsed=true]\\r\\e[0KDocker build"
+    - docker build --network host --cache-from $DOCKER_CACHE_IMAGE --tag $DOCKER_IMAGE:$DOCKER_IMAGE_TAG -f $APP_DIR/Dockerfile $DOCKER_BUILD_CONTEXT --build-arg BUILDKIT_INLINE_CACHE=1
+    - echo -e "\\e[0Ksection_end:$(date +%s):docker-build\\r\\e[0K"
+    - echo -e "\\e[0Ksection_start:$(date +%s):docker-push[collapsed=true]\\r\\e[0KDocker push and tag"
+    - docker push $DOCKER_IMAGE:$DOCKER_IMAGE_TAG
+    - docker tag $DOCKER_IMAGE:$DOCKER_IMAGE_TAG $DOCKER_CACHE_IMAGE
+    - docker push $DOCKER_CACHE_IMAGE
+    - echo -e "\\e[0Ksection_end:$(date +%s):docker-push\\r\\e[0K"
+  cache:
+    - key: api-yarn
+      policy: pull
+      paths:
+        - api/.yarn
+  rules:
+    - when: never
+      if: $CI_COMMIT_MESSAGE =~ /^chore\\(release\\).*/
+    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
+  needs:
+    - 'api 🔨 app | dev '
+  retry: *a1
+  interruptible: true
+'api 🧾 sbom | dev ':
+  stage: build
+  image: aquasec/trivy:0.38.3
+  variables: {}
+  script:
+    - echo -e "\\e[0Ksection_start:$(date +%s):injectvars[collapsed=true]\\r\\e[0KInjecting variables"
+    - echo -e "\\e[0Ksection_end:$(date +%s):injectvars\\r\\e[0K"
+    - trivy fs --quiet --format cyclonedx --output "__sbom.json" api
+  artifacts:
+    paths:
+      - __sbom.json
+  rules:
+    - when: never
+      if: $CI_COMMIT_MESSAGE =~ /^chore\\(release\\).*/
+    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
+  needs: []
+  retry: *a1
+  interruptible: true
+  allow_failure: true
+'api 🚀 Deploy | dev ':
+  stage: deploy dev
+  image: path/to/docker/kubernetes:the-version
+  variables:
+    KUBERNETES_CPU_REQUEST: '0.22'
+    KUBERNETES_MEMORY_REQUEST: 200Mi
+    KUBERNETES_MEMORY_LIMIT: 400Mi
+  script:
+    - echo -e "\\e[0Ksection_start:$(date +%s):injectvars[collapsed=true]\\r\\e[0KInjecting variables"
+    - export ENV_SHORT="dev"
+    - export APP_DIR="api"
+    - export ENV_TYPE="dev"
+    - export BUILD_INFO_BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"
+    - export BUILD_INFO_BUILD_TIME="$CI_JOB_STARTED_AT"
+    - export BUILD_INFO_CURRENT_VERSION="$(tag=$(git ls-remote origin "refs/tags/v*[0-9]" 2>/dev/null | cut -f 2- | sort -V | tail -1 | sed 's/refs\\/tags\\/v//'); [ -z "$tag" ] && echo "0.0.0" || echo "$tag")"
+    - export HOST="api.dev.test-app.pan.panter.cloud"
+    - export ROOT_URL="https://api.dev.test-app.pan.panter.cloud"
+    - export HOST_INTERNAL="api.dev.test-app.pan.panter.cloud"
+    - export HOST_CANONICAL="api.dev.test-app.pan.panter.cloud"
+    - export ROOT_URL_INTERNAL="https://api.dev.test-app.pan.panter.cloud"
+    - export KUBE_NAMESPACE="pan-test-app-dev"
+    - export KUBE_APP_NAME="api"
+    - export KUBE_APP_NAME_PREFIX=""
+    - export MONGODB_ROOT_PASSWORD="$CL_dev_api_MONGODB_ROOT_PASSWORD"
+    - export MONGODB_REPLICASET_KEY="$CL_dev_api_MONGODB_REPLICASET_KEY"
+    - export _ALL_ENV_VAR_KEYS="[\\"ENV_SHORT\\",\\"APP_DIR\\",\\"ENV_TYPE\\",\\"BUILD_INFO_BUILD_ID\\",\\"BUILD_INFO_BUILD_TIME\\",\\"BUILD_INFO_CURRENT_VERSION\\",\\"HOST\\",\\"ROOT_URL\\",\\"HOST_INTERNAL\\",\\"HOST_CANONICAL\\",\\"ROOT_URL_INTERNAL\\",\\"KUBE_NAMESPACE\\",\\"KUBE_APP_NAME\\",\\"KUBE_APP_NAME_PREFIX\\",\\"MONGODB_ROOT_PASSWORD\\",\\"MONGODB_REPLICASET_KEY\\"]"
+    - export DOCKER_REGISTRY="$CI_REGISTRY"
+    - export DOCKER_CACHE_IMAGE="$CI_REGISTRY_IMAGE/caches/api"
+    - export DOCKER_IMAGE_NAME="dev/api"
+    - export DOCKER_IMAGE="$CI_REGISTRY_IMAGE/$DOCKER_IMAGE_NAME"
+    - export DOCKER_IMAGE_TAG="$CI_COMMIT_SHA"
+    - export RELEASE_NAME="pan-test-app-dev-api"
+    - export HELM_EXPERIMENTAL_OCI="1"
+    - export KUBE_DOCKER_IMAGE_PULL_SECRET="gitlab-registry-api"
+    - export HELM_GITLAB_CHART_NAME="/helm-charts/the-panter-chart"
+    - export HELM_ARGS=""
+    - export COMPONENT_NAME="api"
+    - export BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"
+    - echo -e "\\e[0Ksection_end:$(date +%s):injectvars\\r\\e[0K"
+    - kubectl config set-cluster "kube-pan-test-app-dev-api" --server="$CL_dev_api_KUBE_URL" --certificate-authority <(echo $CL_dev_api_KUBE_CA_PEM | base64 -d) --embed-certs=true
+    - kubectl config set-credentials "kube-pan-test-app-dev-api" --token="$CL_dev_api_KUBE_TOKEN"
+    - kubectl config set-context "kube-pan-test-app-dev-api" --cluster="kube-pan-test-app-dev-api" --user="kube-pan-test-app-dev-api" --namespace="pan-test-app-dev"
+    - kubectl config use-context "kube-pan-test-app-dev-api"
+    - echo -e "\\e[0Ksection_start:$(date +%s):writeallvalues[collapsed=true]\\r\\e[0KWrite __all_values.yml for helm deployment"
+    - |
+      cat > __all_values.yml <<EOF
+      env:
+        secret:
+          MONGODB_ROOT_PASSWORD: |-
+      $(printf %s "$CL_dev_api_MONGODB_ROOT_PASSWORD" | sed 's/^/      /')
+          MONGODB_REPLICASET_KEY: |-
+      $(printf %s "$CL_dev_api_MONGODB_REPLICASET_KEY" | sed 's/^/      /')
+          MONGO_URL: |-
+            mongodb://root:$CL_dev_api_MONGODB_ROOT_PASSWORD@api-mongodb-0.api-mongodb-headless.pan-test-app-dev.svc.cluster.local:27017,api-mongodb-1.api-mongodb-headless.pan-test-app-dev.svc.cluster.local:27017/app?replicaSet=rs0&authSource=admin
+          MONGO_OPLOG_URL: |-
+            mongodb://root:$CL_dev_api_MONGODB_ROOT_PASSWORD@api-mongodb-0.api-mongodb-headless.pan-test-app-dev.svc.cluster.local:27017,api-mongodb-1.api-mongodb-headless.pan-test-app-dev.svc.cluster.local:27017/local?replicaSet=rs0&authSource=admin
+        public:
+          ENV_SHORT: |-
+            dev
+          APP_DIR: |-
+            api
+          ENV_TYPE: |-
+            dev
+          BUILD_INFO_BUILD_ID: |-
+      $(printf %s "$(git describe --tags 2>/dev/null || git rev-parse HEAD)" | sed 's/^/      /')
+          BUILD_INFO_BUILD_TIME: |-
+      $(printf %s "$CI_JOB_STARTED_AT" | sed 's/^/      /')
+          BUILD_INFO_CURRENT_VERSION: |-
+      $(printf %s "$(tag=$(git ls-remote origin "refs/tags/v*[0-9]" 2>/dev/null | cut -f 2- | sort -V | tail -1 | sed 's/refs\\/tags\\/v//'); [ -z "$tag" ] && echo "0.0.0" || echo "$tag")" | sed 's/^/      /')
+          HOST: |-
+            api.dev.test-app.pan.panter.cloud
+          ROOT_URL: |-
+            https://api.dev.test-app.pan.panter.cloud
+          HOST_INTERNAL: |-
+            api.dev.test-app.pan.panter.cloud
+          HOST_CANONICAL: |-
+            api.dev.test-app.pan.panter.cloud
+          ROOT_URL_INTERNAL: |-
+            https://api.dev.test-app.pan.panter.cloud
+          KUBE_NAMESPACE: |-
+            pan-test-app-dev
+          KUBE_APP_NAME: |-
+            api
+          KUBE_APP_NAME_PREFIX: ""
+          _ALL_ENV_VAR_KEYS: |-
+            ["ENV_SHORT","APP_DIR","ENV_TYPE","BUILD_INFO_BUILD_ID","BUILD_INFO_BUILD_TIME","BUILD_INFO_CURRENT_VERSION","HOST","ROOT_URL","HOST_INTERNAL","HOST_CANONICAL","ROOT_URL_INTERNAL","KUBE_NAMESPACE","KUBE_APP_NAME","KUBE_APP_NAME_PREFIX","MONGODB_ROOT_PASSWORD","MONGODB_REPLICASET_KEY"]
+      application:
+        host: |-
+          api.dev.test-app.pan.panter.cloud
+        command: |-
+          node main.js
+        livenessProbe:
+          httpGet:
+            path: |-
+              __health
+        readinessProbe:
+          httpGet:
+            path: |-
+              __health
+        startupProbe:
+          httpGet:
+            path: |-
+              __health
+      mongodb:
+        enabled: true
+        auth:
+          enabled: true
+          rootPassword: |-
+            $CL_dev_api_MONGODB_ROOT_PASSWORD
+          replicaSetKey: |-
+            $CL_dev_api_MONGODB_REPLICASET_KEY
+        persistence:
+          storageClass: |-
+            premium-rwo
+        backup:
+          enabled: false
+          hostToBackup: |-
+            api-mongodb-0.api-mongodb-headless.pan-test-app-dev.svc.cluster.local:27017
+          pvcToBackup: |-
+            datadir-api-mongodb-0
+          image: |-
+            mrelite/kubectlmongoshell:v1.0
+          schedule: |-
+            0 4 * * *
+          volumeSnapshotClass: |-
+            snapshotclass
+        architecture: |-
+          replicaset
+        tolerations:
+          - key: |-
+              mongodb
+            operator: |-
+              Equal
+            value: |-
+              true
+            effect: |-
+              NoSchedule
 
-EOF
-",
-          "echo -e "\\e[0Ksection_end:$(date +%s):writeallvalues\\r\\e[0K"",
-          "kubernetesCreateSecret",
-          "kubernetesDeploy",
-          "echo 'Uploading SBOM to Dependency Track'",
-          "/dtrackuploader https://dep.panter.swiss/ "$DT_KEY_PROD" upload "pan-test-app/api" "https://api.dev.test-app.pan.panter.cloud" "__sbom.json" vex.json || true",
-          "echo deployment successful 😻",
-          "echo "CL_GITLAB_ENVIRONMENT_URL=https://api.dev.test-app.pan.panter.cloud" >> gitlab_environment.env",
-        ],
-        "stage": "deploy dev",
-        "variables": {
-          "KUBERNETES_CPU_REQUEST": "0.22",
-          "KUBERNETES_MEMORY_LIMIT": "400Mi",
-          "KUBERNETES_MEMORY_REQUEST": "200Mi",
-        },
-      },
-      "api 🛑 Stop ⚠️ | dev ": {
-        "allow_failure": true,
-        "artifacts": {
-          "reports": {
-            "dotenv": "gitlab_environment.env",
-          },
-        },
-        "environment": {
-          "action": "stop",
-          "name": "dev/api",
-          "url": "$CL_GITLAB_ENVIRONMENT_URL",
-        },
-        "image": "path/to/docker/kubernetes:the-version",
-        "interruptible": true,
-        "needs": [],
-        "retry": {
-          "max": 2,
-          "when": [
-            "runner_system_failure",
-            "stuck_or_timeout_failure",
-          ],
-        },
-        "rules": [
-          {
-            "if": "$CI_COMMIT_BRANCH =~ /^[0-9]+\\.([0-9]+|x)\\.x$/",
-            "when": "on_success",
-          },
-          {
-            "when": "manual",
-          },
-        ],
-        "script": [
-          "echo -e "\\e[0Ksection_start:$(date +%s):injectvars[collapsed=true]\\r\\e[0KInjecting variables"",
-          "export ENV_SHORT="dev"",
-          "export APP_DIR="api"",
-          "export ENV_TYPE="dev"",
-          "export BUILD_INFO_BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"",
-          "export BUILD_INFO_BUILD_TIME="$CI_JOB_STARTED_AT"",
-          "export BUILD_INFO_CURRENT_VERSION="$(tag=$(git ls-remote origin "refs/tags/v*[0-9]" 2>/dev/null | cut -f 2- | sort -V | tail -1 | sed 's/refs\\/tags\\/v//'); [ -z "$tag" ] && echo "0.0.0" || echo "$tag")"",
-          "export HOST="api.dev.test-app.pan.panter.cloud"",
-          "export ROOT_URL="https://api.dev.test-app.pan.panter.cloud"",
-          "export HOST_INTERNAL="api.dev.test-app.pan.panter.cloud"",
-          "export HOST_CANONICAL="api.dev.test-app.pan.panter.cloud"",
-          "export ROOT_URL_INTERNAL="https://api.dev.test-app.pan.panter.cloud"",
-          "export KUBE_NAMESPACE="pan-test-app-dev"",
-          "export KUBE_APP_NAME="api"",
-          "export KUBE_APP_NAME_PREFIX=""",
-          "export MONGODB_ROOT_PASSWORD="$CL_dev_api_MONGODB_ROOT_PASSWORD"",
-          "export MONGODB_REPLICASET_KEY="$CL_dev_api_MONGODB_REPLICASET_KEY"",
-          "export _ALL_ENV_VAR_KEYS="[\\"ENV_SHORT\\",\\"APP_DIR\\",\\"ENV_TYPE\\",\\"BUILD_INFO_BUILD_ID\\",\\"BUILD_INFO_BUILD_TIME\\",\\"BUILD_INFO_CURRENT_VERSION\\",\\"HOST\\",\\"ROOT_URL\\",\\"HOST_INTERNAL\\",\\"HOST_CANONICAL\\",\\"ROOT_URL_INTERNAL\\",\\"KUBE_NAMESPACE\\",\\"KUBE_APP_NAME\\",\\"KUBE_APP_NAME_PREFIX\\",\\"MONGODB_ROOT_PASSWORD\\",\\"MONGODB_REPLICASET_KEY\\"]"",
-          "export RELEASE_NAME="pan-test-app-dev-api"",
-          "export HELM_EXPERIMENTAL_OCI="1"",
-          "export KUBE_DOCKER_IMAGE_PULL_SECRET="gitlab-registry-api"",
-          "export HELM_GITLAB_CHART_NAME="/helm-charts/the-panter-chart"",
-          "export HELM_ARGS=""",
-          "export COMPONENT_NAME="api"",
-          "export BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"",
-          "echo -e "\\e[0Ksection_end:$(date +%s):injectvars\\r\\e[0K"",
-          "kubectl config set-cluster "kube-pan-test-app-dev-api" --server="$CL_dev_api_KUBE_URL" --certificate-authority <(echo $CL_dev_api_KUBE_CA_PEM | base64 -d) --embed-certs=true",
-          "kubectl config set-credentials "kube-pan-test-app-dev-api" --token="$CL_dev_api_KUBE_TOKEN"",
-          "kubectl config set-context "kube-pan-test-app-dev-api" --cluster="kube-pan-test-app-dev-api" --user="kube-pan-test-app-dev-api" --namespace="pan-test-app-dev"",
-          "kubectl config use-context "kube-pan-test-app-dev-api"",
-          "kubernetesDelete",
-          "echo 'Disabling component in Dependency Track'",
-          "/dtrackuploader https://dep.panter.swiss/ "$DT_KEY_PROD" disable "pan-test-app/api" "https://api.dev.test-app.pan.panter.cloud" || true",
-          "echo "CL_GITLAB_ENVIRONMENT_URL=https://api.dev.test-app.pan.panter.cloud" >> gitlab_environment.env",
-        ],
-        "stage": "stop dev",
-        "variables": {
-          "GIT_STRATEGY": "none",
-          "KUBERNETES_CPU_REQUEST": "0.22",
-          "KUBERNETES_MEMORY_LIMIT": "400Mi",
-          "KUBERNETES_MEMORY_REQUEST": "200Mi",
-        },
-      },
-      "api 🛡 audit": {
-        "allow_failure": true,
-        "image": "path/to/docker/jobs-default:the-version",
-        "interruptible": true,
-        "needs": [],
-        "retry": {
-          "max": 2,
-          "when": [
-            "runner_system_failure",
-            "stuck_or_timeout_failure",
-          ],
-        },
-        "script": [
-          "echo -e "\\e[0Ksection_start:$(date +%s):injectvars[collapsed=true]\\r\\e[0KInjecting variables"",
-          "export APP_PATH="api"",
-          "echo -e "\\e[0Ksection_end:$(date +%s):injectvars\\r\\e[0K"",
-          "cd api",
-          "yarn npm audit --environment production",
-        ],
-        "stage": "test",
-        "variables": {
-          "KUBERNETES_CPU_REQUEST": "0.45",
-          "KUBERNETES_MEMORY_LIMIT": "4Gi",
-          "KUBERNETES_MEMORY_REQUEST": "1Gi",
-        },
-      },
-      "api 🧪 test": {
-        "cache": [
-          {
-            "key": "api-yarn",
-            "paths": [
-              "api/.yarn",
-            ],
-            "policy": "pull-push",
-          },
-          {
-            "key": "api-node-modules",
-            "paths": [
-              "api/node_modules",
-            ],
-            "policy": "pull-push",
-          },
-        ],
-        "image": "path/to/docker/jobs-testing-chrome:the-version",
-        "interruptible": true,
-        "needs": [],
-        "retry": {
-          "max": 2,
-          "when": [
-            "runner_system_failure",
-            "stuck_or_timeout_failure",
-          ],
-        },
-        "script": [
-          "echo -e "\\e[0Ksection_start:$(date +%s):injectvars[collapsed=true]\\r\\e[0KInjecting variables"",
-          "export APP_PATH="api"",
-          "echo -e "\\e[0Ksection_end:$(date +%s):injectvars\\r\\e[0K"",
-          "echo -e "\\e[0Ksection_start:$(date +%s):nodeinstall[collapsed=true]\\r\\e[0KEnsure node version"",
-          "if [ -f ~/.nvm/nvm.sh ];  then source ~/.nvm/nvm.sh; fi",
-          "if command -v nvm &> /dev/null && [ -f ./.nvmrc ]; then nvm install; fi",
-          "echo -e "\\e[0Ksection_end:$(date +%s):nodeinstall\\r\\e[0K"",
-          "cd api",
-          "echo -e "\\e[0Ksection_start:$(date +%s):nodeinstall[collapsed=true]\\r\\e[0KEnsure node version"",
-          "if [ -f ~/.nvm/nvm.sh ];  then source ~/.nvm/nvm.sh; fi",
-          "if command -v nvm &> /dev/null && [ -f ./.nvmrc ]; then nvm install; fi",
-          "echo -e "\\e[0Ksection_end:$(date +%s):nodeinstall\\r\\e[0K"",
-          "echo -e "\\e[0Ksection_start:$(date +%s):yarninstall[collapsed=true]\\r\\e[0KYarn install"",
-          "yarn install --immutable",
-          "echo -e "\\e[0Ksection_end:$(date +%s):yarninstall\\r\\e[0K"",
-          "yarn test",
-        ],
-        "stage": "test",
-        "variables": {
-          "KUBERNETES_CPU_REQUEST": "0.45",
-          "KUBERNETES_MEMORY_LIMIT": "4Gi",
-          "KUBERNETES_MEMORY_REQUEST": "1Gi",
-        },
-      },
-      "api 🧾 sbom | dev ": {
-        "allow_failure": true,
-        "artifacts": {
-          "paths": [
-            "__sbom.json",
-          ],
-        },
-        "image": "aquasec/trivy:0.38.3",
-        "interruptible": true,
-        "needs": [],
-        "retry": {
-          "max": 2,
-          "when": [
-            "runner_system_failure",
-            "stuck_or_timeout_failure",
-          ],
-        },
-        "script": [
-          "echo -e "\\e[0Ksection_start:$(date +%s):injectvars[collapsed=true]\\r\\e[0KInjecting variables"",
-          "echo -e "\\e[0Ksection_end:$(date +%s):injectvars\\r\\e[0K"",
-          "trivy fs --quiet --format cyclonedx --output "__sbom.json" api",
-        ],
-        "stage": "build",
-        "variables": {},
-      },
-    },
-    "stages": [
-      "setup",
-      "setup dev",
-      "setup review",
-      "setup stage",
-      "setup prod",
-      "test",
-      "test dev",
-      "test review",
-      "test stage",
-      "test prod",
-      "build",
-      "build dev",
-      "build review",
-      "build stage",
-      "build prod",
-      "deploy",
-      "deploy dev",
-      "deploy review",
-      "deploy stage",
-      "deploy prod",
-      "verify",
-      "verify dev",
-      "verify review",
-      "verify stage",
-      "verify prod",
-      "rollback",
-      "rollback dev",
-      "rollback review",
-      "rollback stage",
-      "rollback prod",
-      "stop",
-      "stop dev",
-      "stop review",
-      "stop stage",
-      "stop prod",
-    ],
-    "variables": {
-      "ARTIFACT_COMPRESSION_LEVEL": "fast",
-      "CACHE_COMPRESSION_LEVEL": "fast",
-      "FF_USE_FASTZIP": "true",
-      "GIT_DEPTH": "1",
-      "TRANSFER_METER_FREQUENCY": "5s",
-    },
-    "workflow": {
-      "rules": [
-        {
-          "if": "$CI_COMMIT_TAG",
-        },
-        {
-          "if": "$CI_COMMIT_MESSAGE =~ /^chore\\(release\\).*/",
-          "when": "never",
-        },
-        {
-          "if": "$CI_PIPELINE_SOURCE  == "schedule"",
-          "when": "never",
-        },
-        {
-          "if": "$CI_COMMIT_BRANCH =~ /^[0-9]+.([0-9]+|x).x$/",
-        },
-        {
-          "if": "$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH",
-        },
-        {
-          "if": "$CI_MERGE_REQUEST_ID",
-        },
-      ],
-    },
-  },
-  "mr": {
-    "image": "path/to/docker/jobs-default:the-version",
-    "jobs": {
-      "api ↩️ Rollback ⚠️ | review ": {
-        "allow_failure": true,
-        "artifacts": {
-          "reports": {
-            "dotenv": "gitlab_environment.env",
-          },
-        },
-        "environment": {
-          "action": "access",
-          "name": "review/$CI_COMMIT_REF_NAME/api",
-          "url": "$CL_GITLAB_ENVIRONMENT_URL",
-        },
-        "image": "path/to/docker/kubernetes:the-version",
-        "interruptible": true,
-        "needs": [],
-        "retry": {
-          "max": 2,
-          "when": [
-            "runner_system_failure",
-            "stuck_or_timeout_failure",
-          ],
-        },
-        "rules": [
-          {
-            "when": "manual",
-          },
-        ],
-        "script": [
-          "echo -e "\\e[0Ksection_start:$(date +%s):injectvars[collapsed=true]\\r\\e[0KInjecting variables"",
-          "export ENV_SHORT="review"",
-          "export APP_DIR="api"",
-          "export ENV_TYPE="review"",
-          "export BUILD_INFO_BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"",
-          "export BUILD_INFO_BUILD_TIME="$CI_JOB_STARTED_AT"",
-          "export BUILD_INFO_CURRENT_VERSION="$(tag=$(git ls-remote origin "refs/tags/v*[0-9]" 2>/dev/null | cut -f 2- | sort -V | tail -1 | sed 's/refs\\/tags\\/v//'); [ -z "$tag" ] && echo "0.0.0" || echo "$tag")"",
-          "export HOST="api.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; }).review.test-app.pan.panter.cloud"",
-          "export ROOT_URL="https://api.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; }).review.test-app.pan.panter.cloud"",
-          "export HOST_INTERNAL="api.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; }).review.test-app.pan.panter.cloud"",
-          "export HOST_CANONICAL="api.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; }).review.test-app.pan.panter.cloud"",
-          "export ROOT_URL_INTERNAL="https://api.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; }).review.test-app.pan.panter.cloud"",
-          "export KUBE_NAMESPACE="pan-test-app-review"",
-          "export KUBE_APP_NAME="$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-api"",
-          "export KUBE_APP_NAME_PREFIX="$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-"",
-          "export MONGODB_ROOT_PASSWORD="$CL_review_api_MONGODB_ROOT_PASSWORD"",
-          "export MONGODB_REPLICASET_KEY="$CL_review_api_MONGODB_REPLICASET_KEY"",
-          "export _ALL_ENV_VAR_KEYS="[\\"ENV_SHORT\\",\\"APP_DIR\\",\\"ENV_TYPE\\",\\"BUILD_INFO_BUILD_ID\\",\\"BUILD_INFO_BUILD_TIME\\",\\"BUILD_INFO_CURRENT_VERSION\\",\\"HOST\\",\\"ROOT_URL\\",\\"HOST_INTERNAL\\",\\"HOST_CANONICAL\\",\\"ROOT_URL_INTERNAL\\",\\"KUBE_NAMESPACE\\",\\"KUBE_APP_NAME\\",\\"KUBE_APP_NAME_PREFIX\\",\\"MONGODB_ROOT_PASSWORD\\",\\"MONGODB_REPLICASET_KEY\\"]"",
-          "export RELEASE_NAME="pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-api"",
-          "export HELM_EXPERIMENTAL_OCI="1"",
-          "export KUBE_DOCKER_IMAGE_PULL_SECRET="gitlab-registry-api"",
-          "export HELM_GITLAB_CHART_NAME="/helm-charts/the-panter-chart"",
-          "export HELM_ARGS=""",
-          "export COMPONENT_NAME="api"",
-          "export BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"",
-          "echo -e "\\e[0Ksection_end:$(date +%s):injectvars\\r\\e[0K"",
-          "kubectl config set-cluster "kube-pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-api" --server="$CL_review_api_KUBE_URL" --certificate-authority <(echo $CL_review_api_KUBE_CA_PEM | base64 -d) --embed-certs=true",
-          "kubectl config set-credentials "kube-pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-api" --token="$CL_review_api_KUBE_TOKEN"",
-          "kubectl config set-context "kube-pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-api" --cluster="kube-pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-api" --user="kube-pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-api" --namespace="pan-test-app-review"",
-          "kubectl config use-context "kube-pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-api"",
-          "kubernetesRollback",
-          "echo "CL_GITLAB_ENVIRONMENT_URL=https://api.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; }).review.test-app.pan.panter.cloud" >> gitlab_environment.env",
-        ],
-        "stage": "rollback review",
-        "variables": {
-          "GIT_STRATEGY": "none",
-          "KUBERNETES_CPU_REQUEST": "0.22",
-          "KUBERNETES_MEMORY_LIMIT": "400Mi",
-          "KUBERNETES_MEMORY_REQUEST": "200Mi",
-        },
-      },
-      "api 👮 lint": {
-        "cache": [
-          {
-            "key": "api-yarn",
-            "paths": [
-              "api/.yarn",
-            ],
-            "policy": "pull-push",
-          },
-          {
-            "key": "api-node-modules",
-            "paths": [
-              "api/node_modules",
-            ],
-            "policy": "pull-push",
-          },
-        ],
-        "image": "path/to/docker/jobs-default:the-version",
-        "interruptible": true,
-        "needs": [],
-        "retry": {
-          "max": 2,
-          "when": [
-            "runner_system_failure",
-            "stuck_or_timeout_failure",
-          ],
-        },
-        "script": [
-          "echo -e "\\e[0Ksection_start:$(date +%s):injectvars[collapsed=true]\\r\\e[0KInjecting variables"",
-          "export APP_PATH="api"",
-          "echo -e "\\e[0Ksection_end:$(date +%s):injectvars\\r\\e[0K"",
-          "echo -e "\\e[0Ksection_start:$(date +%s):nodeinstall[collapsed=true]\\r\\e[0KEnsure node version"",
-          "if [ -f ~/.nvm/nvm.sh ];  then source ~/.nvm/nvm.sh; fi",
-          "if command -v nvm &> /dev/null && [ -f ./.nvmrc ]; then nvm install; fi",
-          "echo -e "\\e[0Ksection_end:$(date +%s):nodeinstall\\r\\e[0K"",
-          "cd api",
-          "echo -e "\\e[0Ksection_start:$(date +%s):nodeinstall[collapsed=true]\\r\\e[0KEnsure node version"",
-          "if [ -f ~/.nvm/nvm.sh ];  then source ~/.nvm/nvm.sh; fi",
-          "if command -v nvm &> /dev/null && [ -f ./.nvmrc ]; then nvm install; fi",
-          "echo -e "\\e[0Ksection_end:$(date +%s):nodeinstall\\r\\e[0K"",
-          "echo -e "\\e[0Ksection_start:$(date +%s):yarninstall[collapsed=true]\\r\\e[0KYarn install"",
-          "yarn install --immutable",
-          "echo -e "\\e[0Ksection_end:$(date +%s):yarninstall\\r\\e[0K"",
-          "yarn lint",
-        ],
-        "stage": "test",
-        "variables": {
-          "KUBERNETES_CPU_REQUEST": "0.45",
-          "KUBERNETES_MEMORY_LIMIT": "4Gi",
-          "KUBERNETES_MEMORY_REQUEST": "1Gi",
-        },
-      },
-      "api 🔨 app | review ": {
-        "artifacts": {
-          "expire_in": "1 day",
-          "paths": [
-            "api/__build_info.json",
-            "api/.next",
-            "api/dist",
-          ],
-          "reports": {
-            "junit": undefined,
-          },
-          "when": "always",
-        },
-        "cache": [
-          {
-            "key": "api-yarn",
-            "paths": [
-              "api/.yarn",
-            ],
-            "policy": "pull-push",
-          },
-          {
-            "key": "api-node-modules",
-            "paths": [
-              "api/node_modules",
-            ],
-            "policy": "pull-push",
-          },
-          {
-            "key": "api-next-cache",
-            "paths": [
-              "api/.next/cache",
-            ],
-            "policy": "pull-push",
-          },
-        ],
-        "image": "path/to/docker/jobs-default:the-version",
-        "interruptible": true,
-        "needs": [],
-        "retry": {
-          "max": 2,
-          "when": [
-            "runner_system_failure",
-            "stuck_or_timeout_failure",
-          ],
-        },
-        "script": [
-          "echo -e "\\e[0Ksection_start:$(date +%s):injectvars[collapsed=true]\\r\\e[0KInjecting variables"",
-          "export ENV_SHORT="review"",
-          "export APP_DIR="api"",
-          "export ENV_TYPE="review"",
-          "export BUILD_INFO_BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"",
-          "export BUILD_INFO_BUILD_TIME="$CI_JOB_STARTED_AT"",
-          "export BUILD_INFO_CURRENT_VERSION="$(tag=$(git ls-remote origin "refs/tags/v*[0-9]" 2>/dev/null | cut -f 2- | sort -V | tail -1 | sed 's/refs\\/tags\\/v//'); [ -z "$tag" ] && echo "0.0.0" || echo "$tag")"",
-          "export HOST="api.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; }).review.test-app.pan.panter.cloud"",
-          "export ROOT_URL="https://api.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; }).review.test-app.pan.panter.cloud"",
-          "export HOST_INTERNAL="api.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; }).review.test-app.pan.panter.cloud"",
-          "export HOST_CANONICAL="api.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; }).review.test-app.pan.panter.cloud"",
-          "export ROOT_URL_INTERNAL="https://api.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; }).review.test-app.pan.panter.cloud"",
-          "export KUBE_NAMESPACE="pan-test-app-review"",
-          "export KUBE_APP_NAME="$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-api"",
-          "export KUBE_APP_NAME_PREFIX="$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-"",
-          "export MONGODB_ROOT_PASSWORD="$CL_review_api_MONGODB_ROOT_PASSWORD"",
-          "export MONGODB_REPLICASET_KEY="$CL_review_api_MONGODB_REPLICASET_KEY"",
-          "export _ALL_ENV_VAR_KEYS="[\\"ENV_SHORT\\",\\"APP_DIR\\",\\"ENV_TYPE\\",\\"BUILD_INFO_BUILD_ID\\",\\"BUILD_INFO_BUILD_TIME\\",\\"BUILD_INFO_CURRENT_VERSION\\",\\"HOST\\",\\"ROOT_URL\\",\\"HOST_INTERNAL\\",\\"HOST_CANONICAL\\",\\"ROOT_URL_INTERNAL\\",\\"KUBE_NAMESPACE\\",\\"KUBE_APP_NAME\\",\\"KUBE_APP_NAME_PREFIX\\",\\"MONGODB_ROOT_PASSWORD\\",\\"MONGODB_REPLICASET_KEY\\"]"",
-          "echo -e "\\e[0Ksection_end:$(date +%s):injectvars\\r\\e[0K"",
-          "echo '{"id":"$(git describe --tags 2>/dev/null || git rev-parse HEAD)","time":"$CI_JOB_STARTED_AT"}' > api/__build_info.json",
-          "echo -e "\\e[0Ksection_start:$(date +%s):nodeinstall[collapsed=true]\\r\\e[0KEnsure node version"",
-          "if [ -f ~/.nvm/nvm.sh ];  then source ~/.nvm/nvm.sh; fi",
-          "if command -v nvm &> /dev/null && [ -f ./.nvmrc ]; then nvm install; fi",
-          "echo -e "\\e[0Ksection_end:$(date +%s):nodeinstall\\r\\e[0K"",
-          "cd api",
-          "echo -e "\\e[0Ksection_start:$(date +%s):nodeinstall[collapsed=true]\\r\\e[0KEnsure node version"",
-          "if [ -f ~/.nvm/nvm.sh ];  then source ~/.nvm/nvm.sh; fi",
-          "if command -v nvm &> /dev/null && [ -f ./.nvmrc ]; then nvm install; fi",
-          "echo -e "\\e[0Ksection_end:$(date +%s):nodeinstall\\r\\e[0K"",
-          "echo -e "\\e[0Ksection_start:$(date +%s):yarninstall[collapsed=true]\\r\\e[0KYarn install"",
-          "yarn install --immutable",
-          "echo -e "\\e[0Ksection_end:$(date +%s):yarninstall\\r\\e[0K"",
-          "yarn build",
-        ],
-        "stage": "build",
-        "variables": {
-          "KUBERNETES_CPU_REQUEST": "0.45",
-          "KUBERNETES_MEMORY_LIMIT": "4Gi",
-          "KUBERNETES_MEMORY_REQUEST": "1Gi",
-        },
-      },
-      "api 🔨 docker | review ": {
-        "cache": [
-          {
-            "key": "api-yarn",
-            "paths": [
-              "api/.yarn",
-            ],
-            "policy": "pull",
-          },
-        ],
-        "image": "path/to/docker/docker-build:the-version",
-        "interruptible": true,
-        "needs": [
-          "api 🔨 app | review ",
-        ],
-        "retry": {
-          "max": 2,
-          "when": [
-            "runner_system_failure",
-            "stuck_or_timeout_failure",
-          ],
-        },
-        "script": [
-          "echo -e "\\e[0Ksection_start:$(date +%s):injectvars[collapsed=true]\\r\\e[0KInjecting variables"",
-          "export APP_DIR="api"",
-          "export DOCKER_BUILD_CONTEXT="."",
-          "export DOCKER_REGISTRY="$CI_REGISTRY"",
-          "export DOCKER_CACHE_IMAGE="$CI_REGISTRY_IMAGE/caches/api"",
-          "export DOCKER_IMAGE_NAME="review/api"",
-          "export DOCKER_IMAGE="$CI_REGISTRY_IMAGE/$DOCKER_IMAGE_NAME"",
-          "export DOCKER_IMAGE_TAG="$CI_COMMIT_SHA"",
-          "export DOCKER_COPY_AND_INSTALL_APP="COPY --chown=node:node $APP_DIR .
-RUN yarn plugin import workspace-tools
-RUN yarn workspaces focus --production && yarn rebuild"",
-          "export DOCKER_COPY_WORKSPACE_FILES="COPY --chown=node:node api/package.json /app/api/package.json
-COPY --chown=node:node api/yarn.lock /app/api/yarn.lock
-COPY --chown=node:node .yarnrc.yml /app/.yarnrc.yml
-COPY --chown=node:node .yarn /app/.yarn"",
-          "echo -e "\\e[0Ksection_end:$(date +%s):injectvars\\r\\e[0K"",
-          "ensureNodeDockerfile",
-          "echo -e "\\e[0Ksection_start:$(date +%s):docker-login[collapsed=true]\\r\\e[0KDocker Login"",
-          "docker login --username gitlab-ci-token --password $CI_JOB_TOKEN $CI_REGISTRY",
-          "echo -e "\\e[0Ksection_end:$(date +%s):docker-login\\r\\e[0K"",
-          "echo -e "\\e[0Ksection_start:$(date +%s):docker-build[collapsed=true]\\r\\e[0KDocker build"",
-          "docker build --network host --cache-from $DOCKER_CACHE_IMAGE --tag $DOCKER_IMAGE:$DOCKER_IMAGE_TAG -f $APP_DIR/Dockerfile $DOCKER_BUILD_CONTEXT --build-arg BUILDKIT_INLINE_CACHE=1",
-          "echo -e "\\e[0Ksection_end:$(date +%s):docker-build\\r\\e[0K"",
-          "echo -e "\\e[0Ksection_start:$(date +%s):docker-push[collapsed=true]\\r\\e[0KDocker push and tag"",
-          "docker push $DOCKER_IMAGE:$DOCKER_IMAGE_TAG",
-          "docker tag $DOCKER_IMAGE:$DOCKER_IMAGE_TAG $DOCKER_CACHE_IMAGE",
-          "docker push $DOCKER_CACHE_IMAGE",
-          "echo -e "\\e[0Ksection_end:$(date +%s):docker-push\\r\\e[0K"",
-        ],
-        "services": [
-          {
-            "command": [
-              "--tls=false",
-            ],
-            "name": "docker:24.0.6-dind",
-          },
-        ],
-        "stage": "build",
-        "variables": {
-          "DOCKER_BUILDKIT": "1",
-          "DOCKER_DRIVER": "overlay2",
-          "DOCKER_HOST": "tcp://0.0.0.0:2375",
-          "DOCKER_TLS_CERTDIR": "",
-          "KUBERNETES_CPU_REQUEST": "0.45",
-          "KUBERNETES_MEMORY_LIMIT": "2Gi",
-          "KUBERNETES_MEMORY_REQUEST": "1Gi",
-        },
-      },
-      "api 🚀 Deploy | review ": {
-        "allow_failure": false,
-        "artifacts": {
-          "reports": {
-            "dotenv": "gitlab_environment.env",
-          },
-        },
-        "environment": {
-          "auto_stop_in": "1 week",
-          "name": "review/$CI_COMMIT_REF_NAME/api",
-          "on_stop": "api 🛑 Stop ⚠️ | review ",
-          "url": "$CL_GITLAB_ENVIRONMENT_URL",
-        },
-        "image": "path/to/docker/kubernetes:the-version",
-        "interruptible": true,
-        "needs": [
-          {
-            "artifacts": false,
-            "job": "api 👮 lint",
-          },
-          {
-            "artifacts": false,
-            "job": "api 🔨 app | review ",
-          },
-          {
-            "artifacts": false,
-            "job": "api 🔨 docker | review ",
-          },
-          {
-            "artifacts": false,
-            "job": "api 🧪 test",
-          },
-          {
-            "artifacts": true,
-            "job": "api 🧾 sbom | review ",
-          },
-          {
-            "artifacts": false,
-            "job": "api 🛡 audit",
-          },
-        ],
-        "retry": {
-          "max": 2,
-          "when": [
-            "runner_system_failure",
-            "stuck_or_timeout_failure",
-          ],
-        },
-        "rules": [
-          {
-            "when": "on_success",
-          },
-        ],
-        "script": [
-          "echo -e "\\e[0Ksection_start:$(date +%s):injectvars[collapsed=true]\\r\\e[0KInjecting variables"",
-          "export ENV_SHORT="review"",
-          "export APP_DIR="api"",
-          "export ENV_TYPE="review"",
-          "export BUILD_INFO_BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"",
-          "export BUILD_INFO_BUILD_TIME="$CI_JOB_STARTED_AT"",
-          "export BUILD_INFO_CURRENT_VERSION="$(tag=$(git ls-remote origin "refs/tags/v*[0-9]" 2>/dev/null | cut -f 2- | sort -V | tail -1 | sed 's/refs\\/tags\\/v//'); [ -z "$tag" ] && echo "0.0.0" || echo "$tag")"",
-          "export HOST="api.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; }).review.test-app.pan.panter.cloud"",
-          "export ROOT_URL="https://api.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; }).review.test-app.pan.panter.cloud"",
-          "export HOST_INTERNAL="api.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; }).review.test-app.pan.panter.cloud"",
-          "export HOST_CANONICAL="api.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; }).review.test-app.pan.panter.cloud"",
-          "export ROOT_URL_INTERNAL="https://api.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; }).review.test-app.pan.panter.cloud"",
-          "export KUBE_NAMESPACE="pan-test-app-review"",
-          "export KUBE_APP_NAME="$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-api"",
-          "export KUBE_APP_NAME_PREFIX="$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-"",
-          "export MONGODB_ROOT_PASSWORD="$CL_review_api_MONGODB_ROOT_PASSWORD"",
-          "export MONGODB_REPLICASET_KEY="$CL_review_api_MONGODB_REPLICASET_KEY"",
-          "export _ALL_ENV_VAR_KEYS="[\\"ENV_SHORT\\",\\"APP_DIR\\",\\"ENV_TYPE\\",\\"BUILD_INFO_BUILD_ID\\",\\"BUILD_INFO_BUILD_TIME\\",\\"BUILD_INFO_CURRENT_VERSION\\",\\"HOST\\",\\"ROOT_URL\\",\\"HOST_INTERNAL\\",\\"HOST_CANONICAL\\",\\"ROOT_URL_INTERNAL\\",\\"KUBE_NAMESPACE\\",\\"KUBE_APP_NAME\\",\\"KUBE_APP_NAME_PREFIX\\",\\"MONGODB_ROOT_PASSWORD\\",\\"MONGODB_REPLICASET_KEY\\"]"",
-          "export DOCKER_REGISTRY="$CI_REGISTRY"",
-          "export DOCKER_CACHE_IMAGE="$CI_REGISTRY_IMAGE/caches/api"",
-          "export DOCKER_IMAGE_NAME="review/api"",
-          "export DOCKER_IMAGE="$CI_REGISTRY_IMAGE/$DOCKER_IMAGE_NAME"",
-          "export DOCKER_IMAGE_TAG="$CI_COMMIT_SHA"",
-          "export RELEASE_NAME="pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-api"",
-          "export HELM_EXPERIMENTAL_OCI="1"",
-          "export KUBE_DOCKER_IMAGE_PULL_SECRET="gitlab-registry-api"",
-          "export HELM_GITLAB_CHART_NAME="/helm-charts/the-panter-chart"",
-          "export HELM_ARGS=""",
-          "export COMPONENT_NAME="api"",
-          "export BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"",
-          "echo -e "\\e[0Ksection_end:$(date +%s):injectvars\\r\\e[0K"",
-          "kubectl config set-cluster "kube-pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-api" --server="$CL_review_api_KUBE_URL" --certificate-authority <(echo $CL_review_api_KUBE_CA_PEM | base64 -d) --embed-certs=true",
-          "kubectl config set-credentials "kube-pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-api" --token="$CL_review_api_KUBE_TOKEN"",
-          "kubectl config set-context "kube-pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-api" --cluster="kube-pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-api" --user="kube-pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-api" --namespace="pan-test-app-review"",
-          "kubectl config use-context "kube-pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-api"",
-          "echo -e "\\e[0Ksection_start:$(date +%s):writeallvalues[collapsed=true]\\r\\e[0KWrite __all_values.yml for helm deployment"",
-          "cat > __all_values.yml <<EOF
-env:
-  secret:
-    MONGODB_ROOT_PASSWORD: |-
-$(printf %s "$CL_review_api_MONGODB_ROOT_PASSWORD" | sed 's/^/      /')
-    MONGODB_REPLICASET_KEY: |-
-$(printf %s "$CL_review_api_MONGODB_REPLICASET_KEY" | sed 's/^/      /')
-    MONGO_URL: |-
-      mongodb://root:$CL_review_api_MONGODB_ROOT_PASSWORD@$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-api-mongodb-0.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-api-mongodb-headless.pan-test-app-review.svc.cluster.local:27017,$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-api-mongodb-1.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-api-mongodb-headless.pan-test-app-review.svc.cluster.local:27017/app?replicaSet=rs0&authSource=admin
-    MONGO_OPLOG_URL: |-
-      mongodb://root:$CL_review_api_MONGODB_ROOT_PASSWORD@$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-api-mongodb-0.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-api-mongodb-headless.pan-test-app-review.svc.cluster.local:27017,$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-api-mongodb-1.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-api-mongodb-headless.pan-test-app-review.svc.cluster.local:27017/local?replicaSet=rs0&authSource=admin
-  public:
-    ENV_SHORT: |-
-      review
-    APP_DIR: |-
-      api
-    ENV_TYPE: |-
-      review
-    BUILD_INFO_BUILD_ID: |-
-$(printf %s "$(git describe --tags 2>/dev/null || git rev-parse HEAD)" | sed 's/^/      /')
-    BUILD_INFO_BUILD_TIME: |-
-$(printf %s "$CI_JOB_STARTED_AT" | sed 's/^/      /')
-    BUILD_INFO_CURRENT_VERSION: |-
-$(printf %s "$(tag=$(git ls-remote origin "refs/tags/v*[0-9]" 2>/dev/null | cut -f 2- | sort -V | tail -1 | sed 's/refs\\/tags\\/v//'); [ -z "$tag" ] && echo "0.0.0" || echo "$tag")" | sed 's/^/      /')
-    HOST: |-
-$(printf %s "api.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; }).review.test-app.pan.panter.cloud" | sed 's/^/      /')
-    ROOT_URL: |-
-$(printf %s "https://api.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; }).review.test-app.pan.panter.cloud" | sed 's/^/      /')
-    HOST_INTERNAL: |-
-$(printf %s "api.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; }).review.test-app.pan.panter.cloud" | sed 's/^/      /')
-    HOST_CANONICAL: |-
-$(printf %s "api.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; }).review.test-app.pan.panter.cloud" | sed 's/^/      /')
-    ROOT_URL_INTERNAL: |-
-$(printf %s "https://api.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; }).review.test-app.pan.panter.cloud" | sed 's/^/      /')
-    KUBE_NAMESPACE: |-
-      pan-test-app-review
-    KUBE_APP_NAME: |-
-$(printf %s "$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-api" | sed 's/^/      /')
-    KUBE_APP_NAME_PREFIX: |-
-$(printf %s "$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-" | sed 's/^/      /')
-    _ALL_ENV_VAR_KEYS: |-
-      ["ENV_SHORT","APP_DIR","ENV_TYPE","BUILD_INFO_BUILD_ID","BUILD_INFO_BUILD_TIME","BUILD_INFO_CURRENT_VERSION","HOST","ROOT_URL","HOST_INTERNAL","HOST_CANONICAL","ROOT_URL_INTERNAL","KUBE_NAMESPACE","KUBE_APP_NAME","KUBE_APP_NAME_PREFIX","MONGODB_ROOT_PASSWORD","MONGODB_REPLICASET_KEY"]
-application:
-  host: |-
-$(printf %s "api.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; }).review.test-app.pan.panter.cloud" | sed 's/^/    /')
-  command: |-
-    node main.js
-  livenessProbe:
-    httpGet:
-      path: |-
-        __health
-  readinessProbe:
-    httpGet:
-      path: |-
-        __health
-  startupProbe:
-    httpGet:
-      path: |-
-        __health
-mongodb:
-  enabled: true
-  auth:
-    enabled: true
-    rootPassword: |-
-      $CL_review_api_MONGODB_ROOT_PASSWORD
-    replicaSetKey: |-
-      $CL_review_api_MONGODB_REPLICASET_KEY
-  persistence:
-    storageClass: |-
-      premium-rwo
-  backup:
-    enabled: false
-    hostToBackup: |-
-      $([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-api-mongodb-0.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-api-mongodb-headless.pan-test-app-review.svc.cluster.local:27017
-    pvcToBackup: |-
-      datadir-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-api-mongodb-0
-    image: |-
-      mrelite/kubectlmongoshell:v1.0
-    schedule: |-
-      0 4 * * *
-    volumeSnapshotClass: |-
-      snapshotclass
-  architecture: |-
-    replicaset
-  tolerations:
-    - key: |-
-        mongodb
-      operator: |-
-        Equal
-      value: |-
-        true
-      effect: |-
-        NoSchedule
+      EOF
+    - echo -e "\\e[0Ksection_end:$(date +%s):writeallvalues\\r\\e[0K"
+    - kubernetesCreateSecret
+    - kubernetesDeploy
+    - echo 'Uploading SBOM to Dependency Track'
+    - /dtrackuploader https://dep.panter.swiss/ "$DT_KEY_PROD" upload "pan-test-app/api" "https://api.dev.test-app.pan.panter.cloud" "__sbom.json" vex.json || true
+    - echo deployment successful 😻
+    - echo "CL_GITLAB_ENVIRONMENT_URL=https://api.dev.test-app.pan.panter.cloud" >> gitlab_environment.env
+  environment:
+    name: dev/api
+    url: $CL_GITLAB_ENVIRONMENT_URL
+    on_stop: 'api 🛑 Stop ⚠️ | dev '
+    auto_stop_in: 4 weeks
+  artifacts:
+    reports:
+      dotenv: gitlab_environment.env
+  rules:
+    - when: never
+      if: $CI_COMMIT_MESSAGE =~ /^chore\\(release\\).*/
+    - when: on_success
+      if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
+  needs:
+    - job: api 👮 lint
+      artifacts: false
+    - job: 'api 🔨 app | dev '
+      artifacts: false
+    - job: 'api 🔨 docker | dev '
+      artifacts: false
+    - job: api 🧪 test
+      artifacts: false
+    - job: 'api 🧾 sbom | dev '
+      artifacts: true
+    - job: api 🛡 audit
+      artifacts: false
+  retry: *a1
+  interruptible: true
+  allow_failure: false
+'api 🛑 Stop ⚠️ | dev ':
+  stage: stop dev
+  image: path/to/docker/kubernetes:the-version
+  variables:
+    KUBERNETES_CPU_REQUEST: '0.22'
+    KUBERNETES_MEMORY_REQUEST: 200Mi
+    KUBERNETES_MEMORY_LIMIT: 400Mi
+    GIT_STRATEGY: none
+  script:
+    - echo -e "\\e[0Ksection_start:$(date +%s):injectvars[collapsed=true]\\r\\e[0KInjecting variables"
+    - export ENV_SHORT="dev"
+    - export APP_DIR="api"
+    - export ENV_TYPE="dev"
+    - export BUILD_INFO_BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"
+    - export BUILD_INFO_BUILD_TIME="$CI_JOB_STARTED_AT"
+    - export BUILD_INFO_CURRENT_VERSION="$(tag=$(git ls-remote origin "refs/tags/v*[0-9]" 2>/dev/null | cut -f 2- | sort -V | tail -1 | sed 's/refs\\/tags\\/v//'); [ -z "$tag" ] && echo "0.0.0" || echo "$tag")"
+    - export HOST="api.dev.test-app.pan.panter.cloud"
+    - export ROOT_URL="https://api.dev.test-app.pan.panter.cloud"
+    - export HOST_INTERNAL="api.dev.test-app.pan.panter.cloud"
+    - export HOST_CANONICAL="api.dev.test-app.pan.panter.cloud"
+    - export ROOT_URL_INTERNAL="https://api.dev.test-app.pan.panter.cloud"
+    - export KUBE_NAMESPACE="pan-test-app-dev"
+    - export KUBE_APP_NAME="api"
+    - export KUBE_APP_NAME_PREFIX=""
+    - export MONGODB_ROOT_PASSWORD="$CL_dev_api_MONGODB_ROOT_PASSWORD"
+    - export MONGODB_REPLICASET_KEY="$CL_dev_api_MONGODB_REPLICASET_KEY"
+    - export _ALL_ENV_VAR_KEYS="[\\"ENV_SHORT\\",\\"APP_DIR\\",\\"ENV_TYPE\\",\\"BUILD_INFO_BUILD_ID\\",\\"BUILD_INFO_BUILD_TIME\\",\\"BUILD_INFO_CURRENT_VERSION\\",\\"HOST\\",\\"ROOT_URL\\",\\"HOST_INTERNAL\\",\\"HOST_CANONICAL\\",\\"ROOT_URL_INTERNAL\\",\\"KUBE_NAMESPACE\\",\\"KUBE_APP_NAME\\",\\"KUBE_APP_NAME_PREFIX\\",\\"MONGODB_ROOT_PASSWORD\\",\\"MONGODB_REPLICASET_KEY\\"]"
+    - export RELEASE_NAME="pan-test-app-dev-api"
+    - export HELM_EXPERIMENTAL_OCI="1"
+    - export KUBE_DOCKER_IMAGE_PULL_SECRET="gitlab-registry-api"
+    - export HELM_GITLAB_CHART_NAME="/helm-charts/the-panter-chart"
+    - export HELM_ARGS=""
+    - export COMPONENT_NAME="api"
+    - export BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"
+    - echo -e "\\e[0Ksection_end:$(date +%s):injectvars\\r\\e[0K"
+    - kubectl config set-cluster "kube-pan-test-app-dev-api" --server="$CL_dev_api_KUBE_URL" --certificate-authority <(echo $CL_dev_api_KUBE_CA_PEM | base64 -d) --embed-certs=true
+    - kubectl config set-credentials "kube-pan-test-app-dev-api" --token="$CL_dev_api_KUBE_TOKEN"
+    - kubectl config set-context "kube-pan-test-app-dev-api" --cluster="kube-pan-test-app-dev-api" --user="kube-pan-test-app-dev-api" --namespace="pan-test-app-dev"
+    - kubectl config use-context "kube-pan-test-app-dev-api"
+    - kubernetesDelete
+    - echo 'Disabling component in Dependency Track'
+    - /dtrackuploader https://dep.panter.swiss/ "$DT_KEY_PROD" disable "pan-test-app/api" "https://api.dev.test-app.pan.panter.cloud" || true
+    - echo "CL_GITLAB_ENVIRONMENT_URL=https://api.dev.test-app.pan.panter.cloud" >> gitlab_environment.env
+  environment:
+    name: dev/api
+    url: $CL_GITLAB_ENVIRONMENT_URL
+    action: stop
+  artifacts:
+    reports:
+      dotenv: gitlab_environment.env
+  rules:
+    - if: $CI_COMMIT_BRANCH =~ /^[0-9]+\\.([0-9]+|x)\\.x$/
+      when: on_success
+    - when: never
+      if: $CI_COMMIT_MESSAGE =~ /^chore\\(release\\).*/
+    - when: manual
+      if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
+  needs: []
+  retry: *a1
+  interruptible: true
+  allow_failure: true
+'api ↩️ Rollback ⚠️ | dev ':
+  stage: rollback dev
+  image: path/to/docker/kubernetes:the-version
+  variables:
+    KUBERNETES_CPU_REQUEST: '0.22'
+    KUBERNETES_MEMORY_REQUEST: 200Mi
+    KUBERNETES_MEMORY_LIMIT: 400Mi
+    GIT_STRATEGY: none
+  script:
+    - echo -e "\\e[0Ksection_start:$(date +%s):injectvars[collapsed=true]\\r\\e[0KInjecting variables"
+    - export ENV_SHORT="dev"
+    - export APP_DIR="api"
+    - export ENV_TYPE="dev"
+    - export BUILD_INFO_BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"
+    - export BUILD_INFO_BUILD_TIME="$CI_JOB_STARTED_AT"
+    - export BUILD_INFO_CURRENT_VERSION="$(tag=$(git ls-remote origin "refs/tags/v*[0-9]" 2>/dev/null | cut -f 2- | sort -V | tail -1 | sed 's/refs\\/tags\\/v//'); [ -z "$tag" ] && echo "0.0.0" || echo "$tag")"
+    - export HOST="api.dev.test-app.pan.panter.cloud"
+    - export ROOT_URL="https://api.dev.test-app.pan.panter.cloud"
+    - export HOST_INTERNAL="api.dev.test-app.pan.panter.cloud"
+    - export HOST_CANONICAL="api.dev.test-app.pan.panter.cloud"
+    - export ROOT_URL_INTERNAL="https://api.dev.test-app.pan.panter.cloud"
+    - export KUBE_NAMESPACE="pan-test-app-dev"
+    - export KUBE_APP_NAME="api"
+    - export KUBE_APP_NAME_PREFIX=""
+    - export MONGODB_ROOT_PASSWORD="$CL_dev_api_MONGODB_ROOT_PASSWORD"
+    - export MONGODB_REPLICASET_KEY="$CL_dev_api_MONGODB_REPLICASET_KEY"
+    - export _ALL_ENV_VAR_KEYS="[\\"ENV_SHORT\\",\\"APP_DIR\\",\\"ENV_TYPE\\",\\"BUILD_INFO_BUILD_ID\\",\\"BUILD_INFO_BUILD_TIME\\",\\"BUILD_INFO_CURRENT_VERSION\\",\\"HOST\\",\\"ROOT_URL\\",\\"HOST_INTERNAL\\",\\"HOST_CANONICAL\\",\\"ROOT_URL_INTERNAL\\",\\"KUBE_NAMESPACE\\",\\"KUBE_APP_NAME\\",\\"KUBE_APP_NAME_PREFIX\\",\\"MONGODB_ROOT_PASSWORD\\",\\"MONGODB_REPLICASET_KEY\\"]"
+    - export RELEASE_NAME="pan-test-app-dev-api"
+    - export HELM_EXPERIMENTAL_OCI="1"
+    - export KUBE_DOCKER_IMAGE_PULL_SECRET="gitlab-registry-api"
+    - export HELM_GITLAB_CHART_NAME="/helm-charts/the-panter-chart"
+    - export HELM_ARGS=""
+    - export COMPONENT_NAME="api"
+    - export BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"
+    - echo -e "\\e[0Ksection_end:$(date +%s):injectvars\\r\\e[0K"
+    - kubectl config set-cluster "kube-pan-test-app-dev-api" --server="$CL_dev_api_KUBE_URL" --certificate-authority <(echo $CL_dev_api_KUBE_CA_PEM | base64 -d) --embed-certs=true
+    - kubectl config set-credentials "kube-pan-test-app-dev-api" --token="$CL_dev_api_KUBE_TOKEN"
+    - kubectl config set-context "kube-pan-test-app-dev-api" --cluster="kube-pan-test-app-dev-api" --user="kube-pan-test-app-dev-api" --namespace="pan-test-app-dev"
+    - kubectl config use-context "kube-pan-test-app-dev-api"
+    - kubernetesRollback
+    - echo "CL_GITLAB_ENVIRONMENT_URL=https://api.dev.test-app.pan.panter.cloud" >> gitlab_environment.env
+  environment:
+    name: dev/api
+    url: $CL_GITLAB_ENVIRONMENT_URL
+    action: access
+  artifacts:
+    reports:
+      dotenv: gitlab_environment.env
+  rules:
+    - when: never
+      if: $CI_COMMIT_MESSAGE =~ /^chore\\(release\\).*/
+    - when: manual
+      if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
+  needs: []
+  retry: *a1
+  interruptible: true
+  allow_failure: true
+'api 🔨 app | review ':
+  stage: build
+  image: path/to/docker/jobs-default:the-version
+  variables:
+    KUBERNETES_CPU_REQUEST: '0.45'
+    KUBERNETES_MEMORY_REQUEST: 1Gi
+    KUBERNETES_MEMORY_LIMIT: 4Gi
+  script:
+    - echo -e "\\e[0Ksection_start:$(date +%s):injectvars[collapsed=true]\\r\\e[0KInjecting variables"
+    - export ENV_SHORT="review"
+    - export APP_DIR="api"
+    - export ENV_TYPE="review"
+    - export BUILD_INFO_BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"
+    - export BUILD_INFO_BUILD_TIME="$CI_JOB_STARTED_AT"
+    - export BUILD_INFO_CURRENT_VERSION="$(tag=$(git ls-remote origin "refs/tags/v*[0-9]" 2>/dev/null | cut -f 2- | sort -V | tail -1 | sed 's/refs\\/tags\\/v//'); [ -z "$tag" ] && echo "0.0.0" || echo "$tag")"
+    - export HOST="api.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; }).review.test-app.pan.panter.cloud"
+    - export ROOT_URL="https://api.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; }).review.test-app.pan.panter.cloud"
+    - export HOST_INTERNAL="api.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; }).review.test-app.pan.panter.cloud"
+    - export HOST_CANONICAL="api.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; }).review.test-app.pan.panter.cloud"
+    - export ROOT_URL_INTERNAL="https://api.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; }).review.test-app.pan.panter.cloud"
+    - export KUBE_NAMESPACE="pan-test-app-review"
+    - export KUBE_APP_NAME="$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-api"
+    - export KUBE_APP_NAME_PREFIX="$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-"
+    - export MONGODB_ROOT_PASSWORD="$CL_review_api_MONGODB_ROOT_PASSWORD"
+    - export MONGODB_REPLICASET_KEY="$CL_review_api_MONGODB_REPLICASET_KEY"
+    - export _ALL_ENV_VAR_KEYS="[\\"ENV_SHORT\\",\\"APP_DIR\\",\\"ENV_TYPE\\",\\"BUILD_INFO_BUILD_ID\\",\\"BUILD_INFO_BUILD_TIME\\",\\"BUILD_INFO_CURRENT_VERSION\\",\\"HOST\\",\\"ROOT_URL\\",\\"HOST_INTERNAL\\",\\"HOST_CANONICAL\\",\\"ROOT_URL_INTERNAL\\",\\"KUBE_NAMESPACE\\",\\"KUBE_APP_NAME\\",\\"KUBE_APP_NAME_PREFIX\\",\\"MONGODB_ROOT_PASSWORD\\",\\"MONGODB_REPLICASET_KEY\\"]"
+    - echo -e "\\e[0Ksection_end:$(date +%s):injectvars\\r\\e[0K"
+    - echo '{"id":"$(git describe --tags 2>/dev/null || git rev-parse HEAD)","time":"$CI_JOB_STARTED_AT"}' > api/__build_info.json
+    - echo -e "\\e[0Ksection_start:$(date +%s):nodeinstall[collapsed=true]\\r\\e[0KEnsure node version"
+    - if [ -f ~/.nvm/nvm.sh ];  then source ~/.nvm/nvm.sh; fi
+    - if command -v nvm &> /dev/null && [ -f ./.nvmrc ]; then nvm install; fi
+    - echo -e "\\e[0Ksection_end:$(date +%s):nodeinstall\\r\\e[0K"
+    - cd api
+    - echo -e "\\e[0Ksection_start:$(date +%s):nodeinstall[collapsed=true]\\r\\e[0KEnsure node version"
+    - if [ -f ~/.nvm/nvm.sh ];  then source ~/.nvm/nvm.sh; fi
+    - if command -v nvm &> /dev/null && [ -f ./.nvmrc ]; then nvm install; fi
+    - echo -e "\\e[0Ksection_end:$(date +%s):nodeinstall\\r\\e[0K"
+    - echo -e "\\e[0Ksection_start:$(date +%s):yarninstall[collapsed=true]\\r\\e[0KYarn install"
+    - yarn install --immutable
+    - echo -e "\\e[0Ksection_end:$(date +%s):yarninstall\\r\\e[0K"
+    - yarn build
+  cache:
+    - key: api-yarn
+      policy: pull-push
+      paths:
+        - api/.yarn
+    - key: api-node-modules
+      policy: pull-push
+      paths:
+        - api/node_modules
+    - key: api-next-cache
+      policy: pull-push
+      paths:
+        - api/.next/cache
+  artifacts:
+    paths:
+      - api/__build_info.json
+      - api/.next
+      - api/dist
+    expire_in: 1 day
+    when: always
+    reports: {}
+  rules:
+    - if: $CI_MERGE_REQUEST_ID
+  needs: []
+  retry: *a1
+  interruptible: true
+'api 🔨 docker | review ':
+  stage: build
+  image: path/to/docker/docker-build:the-version
+  services:
+    - name: docker:24.0.6-dind
+      command:
+        - --tls=false
+  variables:
+    DOCKER_HOST: tcp://0.0.0.0:2375
+    DOCKER_TLS_CERTDIR: ''
+    DOCKER_DRIVER: overlay2
+    DOCKER_BUILDKIT: '1'
+    KUBERNETES_CPU_REQUEST: '0.45'
+    KUBERNETES_MEMORY_REQUEST: 1Gi
+    KUBERNETES_MEMORY_LIMIT: 2Gi
+  script:
+    - echo -e "\\e[0Ksection_start:$(date +%s):injectvars[collapsed=true]\\r\\e[0KInjecting variables"
+    - export APP_DIR="api"
+    - export DOCKER_BUILD_CONTEXT="."
+    - export DOCKER_REGISTRY="$CI_REGISTRY"
+    - export DOCKER_CACHE_IMAGE="$CI_REGISTRY_IMAGE/caches/api"
+    - export DOCKER_IMAGE_NAME="review/api"
+    - export DOCKER_IMAGE="$CI_REGISTRY_IMAGE/$DOCKER_IMAGE_NAME"
+    - export DOCKER_IMAGE_TAG="$CI_COMMIT_SHA"
+    - |-
+      export DOCKER_COPY_AND_INSTALL_APP="COPY --chown=node:node $APP_DIR .
+      RUN yarn plugin import workspace-tools
+      RUN yarn workspaces focus --production && yarn rebuild"
+    - |-
+      export DOCKER_COPY_WORKSPACE_FILES="COPY --chown=node:node api/package.json /app/api/package.json
+      COPY --chown=node:node api/yarn.lock /app/api/yarn.lock
+      COPY --chown=node:node .yarnrc.yml /app/.yarnrc.yml
+      COPY --chown=node:node .yarn /app/.yarn"
+    - echo -e "\\e[0Ksection_end:$(date +%s):injectvars\\r\\e[0K"
+    - ensureNodeDockerfile
+    - echo -e "\\e[0Ksection_start:$(date +%s):docker-login[collapsed=true]\\r\\e[0KDocker Login"
+    - docker login --username gitlab-ci-token --password $CI_JOB_TOKEN $CI_REGISTRY
+    - echo -e "\\e[0Ksection_end:$(date +%s):docker-login\\r\\e[0K"
+    - echo -e "\\e[0Ksection_start:$(date +%s):docker-build[collapsed=true]\\r\\e[0KDocker build"
+    - docker build --network host --cache-from $DOCKER_CACHE_IMAGE --tag $DOCKER_IMAGE:$DOCKER_IMAGE_TAG -f $APP_DIR/Dockerfile $DOCKER_BUILD_CONTEXT --build-arg BUILDKIT_INLINE_CACHE=1
+    - echo -e "\\e[0Ksection_end:$(date +%s):docker-build\\r\\e[0K"
+    - echo -e "\\e[0Ksection_start:$(date +%s):docker-push[collapsed=true]\\r\\e[0KDocker push and tag"
+    - docker push $DOCKER_IMAGE:$DOCKER_IMAGE_TAG
+    - docker tag $DOCKER_IMAGE:$DOCKER_IMAGE_TAG $DOCKER_CACHE_IMAGE
+    - docker push $DOCKER_CACHE_IMAGE
+    - echo -e "\\e[0Ksection_end:$(date +%s):docker-push\\r\\e[0K"
+  cache:
+    - key: api-yarn
+      policy: pull
+      paths:
+        - api/.yarn
+  rules:
+    - if: $CI_MERGE_REQUEST_ID
+  needs:
+    - 'api 🔨 app | review '
+  retry: *a1
+  interruptible: true
+'api 🧾 sbom | review ':
+  stage: build
+  image: aquasec/trivy:0.38.3
+  variables: {}
+  script:
+    - echo -e "\\e[0Ksection_start:$(date +%s):injectvars[collapsed=true]\\r\\e[0KInjecting variables"
+    - echo -e "\\e[0Ksection_end:$(date +%s):injectvars\\r\\e[0K"
+    - trivy fs --quiet --format cyclonedx --output "__sbom.json" api
+  artifacts:
+    paths:
+      - __sbom.json
+  rules:
+    - if: $CI_MERGE_REQUEST_ID
+  needs: []
+  retry: *a1
+  interruptible: true
+  allow_failure: true
+'api 🚀 Deploy | review ':
+  stage: deploy review
+  image: path/to/docker/kubernetes:the-version
+  variables:
+    KUBERNETES_CPU_REQUEST: '0.22'
+    KUBERNETES_MEMORY_REQUEST: 200Mi
+    KUBERNETES_MEMORY_LIMIT: 400Mi
+  script:
+    - echo -e "\\e[0Ksection_start:$(date +%s):injectvars[collapsed=true]\\r\\e[0KInjecting variables"
+    - export ENV_SHORT="review"
+    - export APP_DIR="api"
+    - export ENV_TYPE="review"
+    - export BUILD_INFO_BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"
+    - export BUILD_INFO_BUILD_TIME="$CI_JOB_STARTED_AT"
+    - export BUILD_INFO_CURRENT_VERSION="$(tag=$(git ls-remote origin "refs/tags/v*[0-9]" 2>/dev/null | cut -f 2- | sort -V | tail -1 | sed 's/refs\\/tags\\/v//'); [ -z "$tag" ] && echo "0.0.0" || echo "$tag")"
+    - export HOST="api.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; }).review.test-app.pan.panter.cloud"
+    - export ROOT_URL="https://api.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; }).review.test-app.pan.panter.cloud"
+    - export HOST_INTERNAL="api.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; }).review.test-app.pan.panter.cloud"
+    - export HOST_CANONICAL="api.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; }).review.test-app.pan.panter.cloud"
+    - export ROOT_URL_INTERNAL="https://api.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; }).review.test-app.pan.panter.cloud"
+    - export KUBE_NAMESPACE="pan-test-app-review"
+    - export KUBE_APP_NAME="$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-api"
+    - export KUBE_APP_NAME_PREFIX="$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-"
+    - export MONGODB_ROOT_PASSWORD="$CL_review_api_MONGODB_ROOT_PASSWORD"
+    - export MONGODB_REPLICASET_KEY="$CL_review_api_MONGODB_REPLICASET_KEY"
+    - export _ALL_ENV_VAR_KEYS="[\\"ENV_SHORT\\",\\"APP_DIR\\",\\"ENV_TYPE\\",\\"BUILD_INFO_BUILD_ID\\",\\"BUILD_INFO_BUILD_TIME\\",\\"BUILD_INFO_CURRENT_VERSION\\",\\"HOST\\",\\"ROOT_URL\\",\\"HOST_INTERNAL\\",\\"HOST_CANONICAL\\",\\"ROOT_URL_INTERNAL\\",\\"KUBE_NAMESPACE\\",\\"KUBE_APP_NAME\\",\\"KUBE_APP_NAME_PREFIX\\",\\"MONGODB_ROOT_PASSWORD\\",\\"MONGODB_REPLICASET_KEY\\"]"
+    - export DOCKER_REGISTRY="$CI_REGISTRY"
+    - export DOCKER_CACHE_IMAGE="$CI_REGISTRY_IMAGE/caches/api"
+    - export DOCKER_IMAGE_NAME="review/api"
+    - export DOCKER_IMAGE="$CI_REGISTRY_IMAGE/$DOCKER_IMAGE_NAME"
+    - export DOCKER_IMAGE_TAG="$CI_COMMIT_SHA"
+    - export RELEASE_NAME="pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-api"
+    - export HELM_EXPERIMENTAL_OCI="1"
+    - export KUBE_DOCKER_IMAGE_PULL_SECRET="gitlab-registry-api"
+    - export HELM_GITLAB_CHART_NAME="/helm-charts/the-panter-chart"
+    - export HELM_ARGS=""
+    - export COMPONENT_NAME="api"
+    - export BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"
+    - echo -e "\\e[0Ksection_end:$(date +%s):injectvars\\r\\e[0K"
+    - kubectl config set-cluster "kube-pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-api" --server="$CL_review_api_KUBE_URL" --certificate-authority <(echo $CL_review_api_KUBE_CA_PEM | base64 -d) --embed-certs=true
+    - kubectl config set-credentials "kube-pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-api" --token="$CL_review_api_KUBE_TOKEN"
+    - kubectl config set-context "kube-pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-api" --cluster="kube-pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-api" --user="kube-pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-api" --namespace="pan-test-app-review"
+    - kubectl config use-context "kube-pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-api"
+    - echo -e "\\e[0Ksection_start:$(date +%s):writeallvalues[collapsed=true]\\r\\e[0KWrite __all_values.yml for helm deployment"
+    - |
+      cat > __all_values.yml <<EOF
+      env:
+        secret:
+          MONGODB_ROOT_PASSWORD: |-
+      $(printf %s "$CL_review_api_MONGODB_ROOT_PASSWORD" | sed 's/^/      /')
+          MONGODB_REPLICASET_KEY: |-
+      $(printf %s "$CL_review_api_MONGODB_REPLICASET_KEY" | sed 's/^/      /')
+          MONGO_URL: |-
+            mongodb://root:$CL_review_api_MONGODB_ROOT_PASSWORD@$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-api-mongodb-0.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-api-mongodb-headless.pan-test-app-review.svc.cluster.local:27017,$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-api-mongodb-1.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-api-mongodb-headless.pan-test-app-review.svc.cluster.local:27017/app?replicaSet=rs0&authSource=admin
+          MONGO_OPLOG_URL: |-
+            mongodb://root:$CL_review_api_MONGODB_ROOT_PASSWORD@$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-api-mongodb-0.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-api-mongodb-headless.pan-test-app-review.svc.cluster.local:27017,$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-api-mongodb-1.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-api-mongodb-headless.pan-test-app-review.svc.cluster.local:27017/local?replicaSet=rs0&authSource=admin
+        public:
+          ENV_SHORT: |-
+            review
+          APP_DIR: |-
+            api
+          ENV_TYPE: |-
+            review
+          BUILD_INFO_BUILD_ID: |-
+      $(printf %s "$(git describe --tags 2>/dev/null || git rev-parse HEAD)" | sed 's/^/      /')
+          BUILD_INFO_BUILD_TIME: |-
+      $(printf %s "$CI_JOB_STARTED_AT" | sed 's/^/      /')
+          BUILD_INFO_CURRENT_VERSION: |-
+      $(printf %s "$(tag=$(git ls-remote origin "refs/tags/v*[0-9]" 2>/dev/null | cut -f 2- | sort -V | tail -1 | sed 's/refs\\/tags\\/v//'); [ -z "$tag" ] && echo "0.0.0" || echo "$tag")" | sed 's/^/      /')
+          HOST: |-
+      $(printf %s "api.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; }).review.test-app.pan.panter.cloud" | sed 's/^/      /')
+          ROOT_URL: |-
+      $(printf %s "https://api.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; }).review.test-app.pan.panter.cloud" | sed 's/^/      /')
+          HOST_INTERNAL: |-
+      $(printf %s "api.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; }).review.test-app.pan.panter.cloud" | sed 's/^/      /')
+          HOST_CANONICAL: |-
+      $(printf %s "api.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; }).review.test-app.pan.panter.cloud" | sed 's/^/      /')
+          ROOT_URL_INTERNAL: |-
+      $(printf %s "https://api.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; }).review.test-app.pan.panter.cloud" | sed 's/^/      /')
+          KUBE_NAMESPACE: |-
+            pan-test-app-review
+          KUBE_APP_NAME: |-
+      $(printf %s "$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-api" | sed 's/^/      /')
+          KUBE_APP_NAME_PREFIX: |-
+      $(printf %s "$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-" | sed 's/^/      /')
+          _ALL_ENV_VAR_KEYS: |-
+            ["ENV_SHORT","APP_DIR","ENV_TYPE","BUILD_INFO_BUILD_ID","BUILD_INFO_BUILD_TIME","BUILD_INFO_CURRENT_VERSION","HOST","ROOT_URL","HOST_INTERNAL","HOST_CANONICAL","ROOT_URL_INTERNAL","KUBE_NAMESPACE","KUBE_APP_NAME","KUBE_APP_NAME_PREFIX","MONGODB_ROOT_PASSWORD","MONGODB_REPLICASET_KEY"]
+      application:
+        host: |-
+      $(printf %s "api.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; }).review.test-app.pan.panter.cloud" | sed 's/^/    /')
+        command: |-
+          node main.js
+        livenessProbe:
+          httpGet:
+            path: |-
+              __health
+        readinessProbe:
+          httpGet:
+            path: |-
+              __health
+        startupProbe:
+          httpGet:
+            path: |-
+              __health
+      mongodb:
+        enabled: true
+        auth:
+          enabled: true
+          rootPassword: |-
+            $CL_review_api_MONGODB_ROOT_PASSWORD
+          replicaSetKey: |-
+            $CL_review_api_MONGODB_REPLICASET_KEY
+        persistence:
+          storageClass: |-
+            premium-rwo
+        backup:
+          enabled: false
+          hostToBackup: |-
+            $([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-api-mongodb-0.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-api-mongodb-headless.pan-test-app-review.svc.cluster.local:27017
+          pvcToBackup: |-
+            datadir-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-api-mongodb-0
+          image: |-
+            mrelite/kubectlmongoshell:v1.0
+          schedule: |-
+            0 4 * * *
+          volumeSnapshotClass: |-
+            snapshotclass
+        architecture: |-
+          replicaset
+        tolerations:
+          - key: |-
+              mongodb
+            operator: |-
+              Equal
+            value: |-
+              true
+            effect: |-
+              NoSchedule
 
-EOF
-",
-          "echo -e "\\e[0Ksection_end:$(date +%s):writeallvalues\\r\\e[0K"",
-          "kubernetesCreateSecret",
-          "kubernetesDeploy",
-          "echo 'Uploading SBOM to Dependency Track'",
-          "/dtrackuploader https://dep.panter.swiss/ "$DT_KEY_PROD" upload "pan-test-app/api" "https://api.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; }).review.test-app.pan.panter.cloud" "__sbom.json" vex.json || true",
-          "echo deployment successful 😻",
-          "echo "CL_GITLAB_ENVIRONMENT_URL=https://api.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; }).review.test-app.pan.panter.cloud" >> gitlab_environment.env",
-        ],
-        "stage": "deploy review",
-        "variables": {
-          "KUBERNETES_CPU_REQUEST": "0.22",
-          "KUBERNETES_MEMORY_LIMIT": "400Mi",
-          "KUBERNETES_MEMORY_REQUEST": "200Mi",
-        },
-      },
-      "api 🛑 Stop ⚠️ | review ": {
-        "allow_failure": true,
-        "artifacts": {
-          "reports": {
-            "dotenv": "gitlab_environment.env",
-          },
-        },
-        "environment": {
-          "action": "stop",
-          "name": "review/$CI_COMMIT_REF_NAME/api",
-          "url": "$CL_GITLAB_ENVIRONMENT_URL",
-        },
-        "image": "path/to/docker/kubernetes:the-version",
-        "interruptible": true,
-        "needs": [],
-        "retry": {
-          "max": 2,
-          "when": [
-            "runner_system_failure",
-            "stuck_or_timeout_failure",
-          ],
-        },
-        "rules": [
-          {
-            "if": "$CI_COMMIT_BRANCH =~ /^[0-9]+\\.([0-9]+|x)\\.x$/",
-            "when": "on_success",
-          },
-          {
-            "when": "manual",
-          },
-        ],
-        "script": [
-          "echo -e "\\e[0Ksection_start:$(date +%s):injectvars[collapsed=true]\\r\\e[0KInjecting variables"",
-          "export ENV_SHORT="review"",
-          "export APP_DIR="api"",
-          "export ENV_TYPE="review"",
-          "export BUILD_INFO_BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"",
-          "export BUILD_INFO_BUILD_TIME="$CI_JOB_STARTED_AT"",
-          "export BUILD_INFO_CURRENT_VERSION="$(tag=$(git ls-remote origin "refs/tags/v*[0-9]" 2>/dev/null | cut -f 2- | sort -V | tail -1 | sed 's/refs\\/tags\\/v//'); [ -z "$tag" ] && echo "0.0.0" || echo "$tag")"",
-          "export HOST="api.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; }).review.test-app.pan.panter.cloud"",
-          "export ROOT_URL="https://api.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; }).review.test-app.pan.panter.cloud"",
-          "export HOST_INTERNAL="api.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; }).review.test-app.pan.panter.cloud"",
-          "export HOST_CANONICAL="api.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; }).review.test-app.pan.panter.cloud"",
-          "export ROOT_URL_INTERNAL="https://api.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; }).review.test-app.pan.panter.cloud"",
-          "export KUBE_NAMESPACE="pan-test-app-review"",
-          "export KUBE_APP_NAME="$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-api"",
-          "export KUBE_APP_NAME_PREFIX="$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-"",
-          "export MONGODB_ROOT_PASSWORD="$CL_review_api_MONGODB_ROOT_PASSWORD"",
-          "export MONGODB_REPLICASET_KEY="$CL_review_api_MONGODB_REPLICASET_KEY"",
-          "export _ALL_ENV_VAR_KEYS="[\\"ENV_SHORT\\",\\"APP_DIR\\",\\"ENV_TYPE\\",\\"BUILD_INFO_BUILD_ID\\",\\"BUILD_INFO_BUILD_TIME\\",\\"BUILD_INFO_CURRENT_VERSION\\",\\"HOST\\",\\"ROOT_URL\\",\\"HOST_INTERNAL\\",\\"HOST_CANONICAL\\",\\"ROOT_URL_INTERNAL\\",\\"KUBE_NAMESPACE\\",\\"KUBE_APP_NAME\\",\\"KUBE_APP_NAME_PREFIX\\",\\"MONGODB_ROOT_PASSWORD\\",\\"MONGODB_REPLICASET_KEY\\"]"",
-          "export RELEASE_NAME="pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-api"",
-          "export HELM_EXPERIMENTAL_OCI="1"",
-          "export KUBE_DOCKER_IMAGE_PULL_SECRET="gitlab-registry-api"",
-          "export HELM_GITLAB_CHART_NAME="/helm-charts/the-panter-chart"",
-          "export HELM_ARGS=""",
-          "export COMPONENT_NAME="api"",
-          "export BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"",
-          "echo -e "\\e[0Ksection_end:$(date +%s):injectvars\\r\\e[0K"",
-          "kubectl config set-cluster "kube-pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-api" --server="$CL_review_api_KUBE_URL" --certificate-authority <(echo $CL_review_api_KUBE_CA_PEM | base64 -d) --embed-certs=true",
-          "kubectl config set-credentials "kube-pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-api" --token="$CL_review_api_KUBE_TOKEN"",
-          "kubectl config set-context "kube-pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-api" --cluster="kube-pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-api" --user="kube-pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-api" --namespace="pan-test-app-review"",
-          "kubectl config use-context "kube-pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-api"",
-          "kubernetesDelete",
-          "echo 'Disabling component in Dependency Track'",
-          "/dtrackuploader https://dep.panter.swiss/ "$DT_KEY_PROD" disable "pan-test-app/api" "https://api.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; }).review.test-app.pan.panter.cloud" || true",
-          "echo "CL_GITLAB_ENVIRONMENT_URL=https://api.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; }).review.test-app.pan.panter.cloud" >> gitlab_environment.env",
-        ],
-        "stage": "stop review",
-        "variables": {
-          "GIT_STRATEGY": "none",
-          "KUBERNETES_CPU_REQUEST": "0.22",
-          "KUBERNETES_MEMORY_LIMIT": "400Mi",
-          "KUBERNETES_MEMORY_REQUEST": "200Mi",
-        },
-      },
-      "api 🛡 audit": {
-        "allow_failure": true,
-        "image": "path/to/docker/jobs-default:the-version",
-        "interruptible": true,
-        "needs": [],
-        "retry": {
-          "max": 2,
-          "when": [
-            "runner_system_failure",
-            "stuck_or_timeout_failure",
-          ],
-        },
-        "script": [
-          "echo -e "\\e[0Ksection_start:$(date +%s):injectvars[collapsed=true]\\r\\e[0KInjecting variables"",
-          "export APP_PATH="api"",
-          "echo -e "\\e[0Ksection_end:$(date +%s):injectvars\\r\\e[0K"",
-          "cd api",
-          "yarn npm audit --environment production",
-        ],
-        "stage": "test",
-        "variables": {
-          "KUBERNETES_CPU_REQUEST": "0.45",
-          "KUBERNETES_MEMORY_LIMIT": "4Gi",
-          "KUBERNETES_MEMORY_REQUEST": "1Gi",
-        },
-      },
-      "api 🧪 test": {
-        "cache": [
-          {
-            "key": "api-yarn",
-            "paths": [
-              "api/.yarn",
-            ],
-            "policy": "pull-push",
-          },
-          {
-            "key": "api-node-modules",
-            "paths": [
-              "api/node_modules",
-            ],
-            "policy": "pull-push",
-          },
-        ],
-        "image": "path/to/docker/jobs-testing-chrome:the-version",
-        "interruptible": true,
-        "needs": [],
-        "retry": {
-          "max": 2,
-          "when": [
-            "runner_system_failure",
-            "stuck_or_timeout_failure",
-          ],
-        },
-        "script": [
-          "echo -e "\\e[0Ksection_start:$(date +%s):injectvars[collapsed=true]\\r\\e[0KInjecting variables"",
-          "export APP_PATH="api"",
-          "echo -e "\\e[0Ksection_end:$(date +%s):injectvars\\r\\e[0K"",
-          "echo -e "\\e[0Ksection_start:$(date +%s):nodeinstall[collapsed=true]\\r\\e[0KEnsure node version"",
-          "if [ -f ~/.nvm/nvm.sh ];  then source ~/.nvm/nvm.sh; fi",
-          "if command -v nvm &> /dev/null && [ -f ./.nvmrc ]; then nvm install; fi",
-          "echo -e "\\e[0Ksection_end:$(date +%s):nodeinstall\\r\\e[0K"",
-          "cd api",
-          "echo -e "\\e[0Ksection_start:$(date +%s):nodeinstall[collapsed=true]\\r\\e[0KEnsure node version"",
-          "if [ -f ~/.nvm/nvm.sh ];  then source ~/.nvm/nvm.sh; fi",
-          "if command -v nvm &> /dev/null && [ -f ./.nvmrc ]; then nvm install; fi",
-          "echo -e "\\e[0Ksection_end:$(date +%s):nodeinstall\\r\\e[0K"",
-          "echo -e "\\e[0Ksection_start:$(date +%s):yarninstall[collapsed=true]\\r\\e[0KYarn install"",
-          "yarn install --immutable",
-          "echo -e "\\e[0Ksection_end:$(date +%s):yarninstall\\r\\e[0K"",
-          "yarn test",
-        ],
-        "stage": "test",
-        "variables": {
-          "KUBERNETES_CPU_REQUEST": "0.45",
-          "KUBERNETES_MEMORY_LIMIT": "4Gi",
-          "KUBERNETES_MEMORY_REQUEST": "1Gi",
-        },
-      },
-      "api 🧾 sbom | review ": {
-        "allow_failure": true,
-        "artifacts": {
-          "paths": [
-            "__sbom.json",
-          ],
-        },
-        "image": "aquasec/trivy:0.38.3",
-        "interruptible": true,
-        "needs": [],
-        "retry": {
-          "max": 2,
-          "when": [
-            "runner_system_failure",
-            "stuck_or_timeout_failure",
-          ],
-        },
-        "script": [
-          "echo -e "\\e[0Ksection_start:$(date +%s):injectvars[collapsed=true]\\r\\e[0KInjecting variables"",
-          "echo -e "\\e[0Ksection_end:$(date +%s):injectvars\\r\\e[0K"",
-          "trivy fs --quiet --format cyclonedx --output "__sbom.json" api",
-        ],
-        "stage": "build",
-        "variables": {},
-      },
-    },
-    "stages": [
-      "setup",
-      "setup dev",
-      "setup review",
-      "setup stage",
-      "setup prod",
-      "test",
-      "test dev",
-      "test review",
-      "test stage",
-      "test prod",
-      "build",
-      "build dev",
-      "build review",
-      "build stage",
-      "build prod",
-      "deploy",
-      "deploy dev",
-      "deploy review",
-      "deploy stage",
-      "deploy prod",
-      "verify",
-      "verify dev",
-      "verify review",
-      "verify stage",
-      "verify prod",
-      "rollback",
-      "rollback dev",
-      "rollback review",
-      "rollback stage",
-      "rollback prod",
-      "stop",
-      "stop dev",
-      "stop review",
-      "stop stage",
-      "stop prod",
-    ],
-    "variables": {
-      "ARTIFACT_COMPRESSION_LEVEL": "fast",
-      "CACHE_COMPRESSION_LEVEL": "fast",
-      "FF_USE_FASTZIP": "true",
-      "GIT_DEPTH": "1",
-      "TRANSFER_METER_FREQUENCY": "5s",
-    },
-    "workflow": {
-      "rules": [
-        {
-          "if": "$CI_COMMIT_TAG",
-        },
-        {
-          "if": "$CI_COMMIT_MESSAGE =~ /^chore\\(release\\).*/",
-          "when": "never",
-        },
-        {
-          "if": "$CI_PIPELINE_SOURCE  == "schedule"",
-          "when": "never",
-        },
-        {
-          "if": "$CI_COMMIT_BRANCH =~ /^[0-9]+.([0-9]+|x).x$/",
-        },
-        {
-          "if": "$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH",
-        },
-        {
-          "if": "$CI_MERGE_REQUEST_ID",
-        },
-      ],
-    },
-  },
-  "taggedRelease": {
-    "image": "path/to/docker/jobs-default:the-version",
-    "jobs": {
-      "api ↩️ Rollback ⚠️ | prod ": {
-        "allow_failure": true,
-        "artifacts": {
-          "reports": {
-            "dotenv": "gitlab_environment.env",
-          },
-        },
-        "environment": {
-          "action": "access",
-          "name": "prod/api",
-          "url": "$CL_GITLAB_ENVIRONMENT_URL",
-        },
-        "image": "path/to/docker/kubernetes:the-version",
-        "interruptible": true,
-        "needs": [],
-        "retry": {
-          "max": 2,
-          "when": [
-            "runner_system_failure",
-            "stuck_or_timeout_failure",
-          ],
-        },
-        "rules": [
-          {
-            "when": "manual",
-          },
-        ],
-        "script": [
-          "echo -e "\\e[0Ksection_start:$(date +%s):injectvars[collapsed=true]\\r\\e[0KInjecting variables"",
-          "export ENV_SHORT="prod"",
-          "export APP_DIR="api"",
-          "export ENV_TYPE="prod"",
-          "export BUILD_INFO_BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"",
-          "export BUILD_INFO_BUILD_TIME="$CI_JOB_STARTED_AT"",
-          "export BUILD_INFO_CURRENT_VERSION="$(tag=$(git ls-remote origin "refs/tags/v*[0-9]" 2>/dev/null | cut -f 2- | sort -V | tail -1 | sed 's/refs\\/tags\\/v//'); [ -z "$tag" ] && echo "0.0.0" || echo "$tag")"",
-          "export HOST="api.prod.test-app.pan.panter.cloud"",
-          "export ROOT_URL="https://api.prod.test-app.pan.panter.cloud"",
-          "export HOST_INTERNAL="api.prod.test-app.pan.panter.cloud"",
-          "export HOST_CANONICAL="api.prod.test-app.pan.panter.cloud"",
-          "export ROOT_URL_INTERNAL="https://api.prod.test-app.pan.panter.cloud"",
-          "export KUBE_NAMESPACE="pan-test-app-prod"",
-          "export KUBE_APP_NAME="api"",
-          "export KUBE_APP_NAME_PREFIX=""",
-          "export MONGODB_ROOT_PASSWORD="$CL_prod_api_MONGODB_ROOT_PASSWORD"",
-          "export MONGODB_REPLICASET_KEY="$CL_prod_api_MONGODB_REPLICASET_KEY"",
-          "export _ALL_ENV_VAR_KEYS="[\\"ENV_SHORT\\",\\"APP_DIR\\",\\"ENV_TYPE\\",\\"BUILD_INFO_BUILD_ID\\",\\"BUILD_INFO_BUILD_TIME\\",\\"BUILD_INFO_CURRENT_VERSION\\",\\"HOST\\",\\"ROOT_URL\\",\\"HOST_INTERNAL\\",\\"HOST_CANONICAL\\",\\"ROOT_URL_INTERNAL\\",\\"KUBE_NAMESPACE\\",\\"KUBE_APP_NAME\\",\\"KUBE_APP_NAME_PREFIX\\",\\"MONGODB_ROOT_PASSWORD\\",\\"MONGODB_REPLICASET_KEY\\"]"",
-          "export RELEASE_NAME="pan-test-app-prod-api"",
-          "export HELM_EXPERIMENTAL_OCI="1"",
-          "export KUBE_DOCKER_IMAGE_PULL_SECRET="gitlab-registry-api"",
-          "export HELM_GITLAB_CHART_NAME="/helm-charts/the-panter-chart"",
-          "export HELM_ARGS=""",
-          "export COMPONENT_NAME="api"",
-          "export BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"",
-          "echo -e "\\e[0Ksection_end:$(date +%s):injectvars\\r\\e[0K"",
-          "kubectl config set-cluster "kube-pan-test-app-prod-api" --server="$CL_prod_api_KUBE_URL" --certificate-authority <(echo $CL_prod_api_KUBE_CA_PEM | base64 -d) --embed-certs=true",
-          "kubectl config set-credentials "kube-pan-test-app-prod-api" --token="$CL_prod_api_KUBE_TOKEN"",
-          "kubectl config set-context "kube-pan-test-app-prod-api" --cluster="kube-pan-test-app-prod-api" --user="kube-pan-test-app-prod-api" --namespace="pan-test-app-prod"",
-          "kubectl config use-context "kube-pan-test-app-prod-api"",
-          "kubernetesRollback",
-          "echo "CL_GITLAB_ENVIRONMENT_URL=https://api.prod.test-app.pan.panter.cloud" >> gitlab_environment.env",
-        ],
-        "stage": "rollback prod",
-        "variables": {
-          "GIT_STRATEGY": "none",
-          "KUBERNETES_CPU_REQUEST": "0.22",
-          "KUBERNETES_MEMORY_LIMIT": "400Mi",
-          "KUBERNETES_MEMORY_REQUEST": "200Mi",
-        },
-      },
-      "api ↩️ Rollback ⚠️ | stage ": {
-        "allow_failure": true,
-        "artifacts": {
-          "reports": {
-            "dotenv": "gitlab_environment.env",
-          },
-        },
-        "environment": {
-          "action": "access",
-          "name": "stage/api",
-          "url": "$CL_GITLAB_ENVIRONMENT_URL",
-        },
-        "image": "path/to/docker/kubernetes:the-version",
-        "interruptible": true,
-        "needs": [],
-        "retry": {
-          "max": 2,
-          "when": [
-            "runner_system_failure",
-            "stuck_or_timeout_failure",
-          ],
-        },
-        "rules": [
-          {
-            "when": "manual",
-          },
-        ],
-        "script": [
-          "echo -e "\\e[0Ksection_start:$(date +%s):injectvars[collapsed=true]\\r\\e[0KInjecting variables"",
-          "export ENV_SHORT="stage"",
-          "export APP_DIR="api"",
-          "export ENV_TYPE="stage"",
-          "export BUILD_INFO_BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"",
-          "export BUILD_INFO_BUILD_TIME="$CI_JOB_STARTED_AT"",
-          "export BUILD_INFO_CURRENT_VERSION="$(tag=$(git ls-remote origin "refs/tags/v*[0-9]" 2>/dev/null | cut -f 2- | sort -V | tail -1 | sed 's/refs\\/tags\\/v//'); [ -z "$tag" ] && echo "0.0.0" || echo "$tag")"",
-          "export HOST="api.stage.test-app.pan.panter.cloud"",
-          "export ROOT_URL="https://api.stage.test-app.pan.panter.cloud"",
-          "export HOST_INTERNAL="api.stage.test-app.pan.panter.cloud"",
-          "export HOST_CANONICAL="api.stage.test-app.pan.panter.cloud"",
-          "export ROOT_URL_INTERNAL="https://api.stage.test-app.pan.panter.cloud"",
-          "export KUBE_NAMESPACE="pan-test-app-stage"",
-          "export KUBE_APP_NAME="api"",
-          "export KUBE_APP_NAME_PREFIX=""",
-          "export MONGODB_ROOT_PASSWORD="$CL_stage_api_MONGODB_ROOT_PASSWORD"",
-          "export MONGODB_REPLICASET_KEY="$CL_stage_api_MONGODB_REPLICASET_KEY"",
-          "export _ALL_ENV_VAR_KEYS="[\\"ENV_SHORT\\",\\"APP_DIR\\",\\"ENV_TYPE\\",\\"BUILD_INFO_BUILD_ID\\",\\"BUILD_INFO_BUILD_TIME\\",\\"BUILD_INFO_CURRENT_VERSION\\",\\"HOST\\",\\"ROOT_URL\\",\\"HOST_INTERNAL\\",\\"HOST_CANONICAL\\",\\"ROOT_URL_INTERNAL\\",\\"KUBE_NAMESPACE\\",\\"KUBE_APP_NAME\\",\\"KUBE_APP_NAME_PREFIX\\",\\"MONGODB_ROOT_PASSWORD\\",\\"MONGODB_REPLICASET_KEY\\"]"",
-          "export RELEASE_NAME="pan-test-app-stage-api"",
-          "export HELM_EXPERIMENTAL_OCI="1"",
-          "export KUBE_DOCKER_IMAGE_PULL_SECRET="gitlab-registry-api"",
-          "export HELM_GITLAB_CHART_NAME="/helm-charts/the-panter-chart"",
-          "export HELM_ARGS=""",
-          "export COMPONENT_NAME="api"",
-          "export BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"",
-          "echo -e "\\e[0Ksection_end:$(date +%s):injectvars\\r\\e[0K"",
-          "kubectl config set-cluster "kube-pan-test-app-stage-api" --server="$CL_stage_api_KUBE_URL" --certificate-authority <(echo $CL_stage_api_KUBE_CA_PEM | base64 -d) --embed-certs=true",
-          "kubectl config set-credentials "kube-pan-test-app-stage-api" --token="$CL_stage_api_KUBE_TOKEN"",
-          "kubectl config set-context "kube-pan-test-app-stage-api" --cluster="kube-pan-test-app-stage-api" --user="kube-pan-test-app-stage-api" --namespace="pan-test-app-stage"",
-          "kubectl config use-context "kube-pan-test-app-stage-api"",
-          "kubernetesRollback",
-          "echo "CL_GITLAB_ENVIRONMENT_URL=https://api.stage.test-app.pan.panter.cloud" >> gitlab_environment.env",
-        ],
-        "stage": "rollback stage",
-        "variables": {
-          "GIT_STRATEGY": "none",
-          "KUBERNETES_CPU_REQUEST": "0.22",
-          "KUBERNETES_MEMORY_LIMIT": "400Mi",
-          "KUBERNETES_MEMORY_REQUEST": "200Mi",
-        },
-      },
-      "api 🔨 app | prod ": {
-        "artifacts": {
-          "expire_in": "1 day",
-          "paths": [
-            "api/__build_info.json",
-            "api/.next",
-            "api/dist",
-          ],
-          "reports": {
-            "junit": undefined,
-          },
-          "when": "always",
-        },
-        "cache": [
-          {
-            "key": "api-yarn",
-            "paths": [
-              "api/.yarn",
-            ],
-            "policy": "pull-push",
-          },
-          {
-            "key": "api-node-modules",
-            "paths": [
-              "api/node_modules",
-            ],
-            "policy": "pull-push",
-          },
-          {
-            "key": "api-next-cache",
-            "paths": [
-              "api/.next/cache",
-            ],
-            "policy": "pull-push",
-          },
-        ],
-        "image": "path/to/docker/jobs-default:the-version",
-        "interruptible": true,
-        "needs": [],
-        "retry": {
-          "max": 2,
-          "when": [
-            "runner_system_failure",
-            "stuck_or_timeout_failure",
-          ],
-        },
-        "script": [
-          "echo -e "\\e[0Ksection_start:$(date +%s):injectvars[collapsed=true]\\r\\e[0KInjecting variables"",
-          "export ENV_SHORT="prod"",
-          "export APP_DIR="api"",
-          "export ENV_TYPE="prod"",
-          "export BUILD_INFO_BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"",
-          "export BUILD_INFO_BUILD_TIME="$CI_JOB_STARTED_AT"",
-          "export BUILD_INFO_CURRENT_VERSION="$(tag=$(git ls-remote origin "refs/tags/v*[0-9]" 2>/dev/null | cut -f 2- | sort -V | tail -1 | sed 's/refs\\/tags\\/v//'); [ -z "$tag" ] && echo "0.0.0" || echo "$tag")"",
-          "export HOST="api.prod.test-app.pan.panter.cloud"",
-          "export ROOT_URL="https://api.prod.test-app.pan.panter.cloud"",
-          "export HOST_INTERNAL="api.prod.test-app.pan.panter.cloud"",
-          "export HOST_CANONICAL="api.prod.test-app.pan.panter.cloud"",
-          "export ROOT_URL_INTERNAL="https://api.prod.test-app.pan.panter.cloud"",
-          "export KUBE_NAMESPACE="pan-test-app-prod"",
-          "export KUBE_APP_NAME="api"",
-          "export KUBE_APP_NAME_PREFIX=""",
-          "export MONGODB_ROOT_PASSWORD="$CL_prod_api_MONGODB_ROOT_PASSWORD"",
-          "export MONGODB_REPLICASET_KEY="$CL_prod_api_MONGODB_REPLICASET_KEY"",
-          "export _ALL_ENV_VAR_KEYS="[\\"ENV_SHORT\\",\\"APP_DIR\\",\\"ENV_TYPE\\",\\"BUILD_INFO_BUILD_ID\\",\\"BUILD_INFO_BUILD_TIME\\",\\"BUILD_INFO_CURRENT_VERSION\\",\\"HOST\\",\\"ROOT_URL\\",\\"HOST_INTERNAL\\",\\"HOST_CANONICAL\\",\\"ROOT_URL_INTERNAL\\",\\"KUBE_NAMESPACE\\",\\"KUBE_APP_NAME\\",\\"KUBE_APP_NAME_PREFIX\\",\\"MONGODB_ROOT_PASSWORD\\",\\"MONGODB_REPLICASET_KEY\\"]"",
-          "echo -e "\\e[0Ksection_end:$(date +%s):injectvars\\r\\e[0K"",
-          "echo '{"id":"$(git describe --tags 2>/dev/null || git rev-parse HEAD)","time":"$CI_JOB_STARTED_AT"}' > api/__build_info.json",
-          "echo -e "\\e[0Ksection_start:$(date +%s):nodeinstall[collapsed=true]\\r\\e[0KEnsure node version"",
-          "if [ -f ~/.nvm/nvm.sh ];  then source ~/.nvm/nvm.sh; fi",
-          "if command -v nvm &> /dev/null && [ -f ./.nvmrc ]; then nvm install; fi",
-          "echo -e "\\e[0Ksection_end:$(date +%s):nodeinstall\\r\\e[0K"",
-          "cd api",
-          "echo -e "\\e[0Ksection_start:$(date +%s):nodeinstall[collapsed=true]\\r\\e[0KEnsure node version"",
-          "if [ -f ~/.nvm/nvm.sh ];  then source ~/.nvm/nvm.sh; fi",
-          "if command -v nvm &> /dev/null && [ -f ./.nvmrc ]; then nvm install; fi",
-          "echo -e "\\e[0Ksection_end:$(date +%s):nodeinstall\\r\\e[0K"",
-          "echo -e "\\e[0Ksection_start:$(date +%s):yarninstall[collapsed=true]\\r\\e[0KYarn install"",
-          "yarn install --immutable",
-          "echo -e "\\e[0Ksection_end:$(date +%s):yarninstall\\r\\e[0K"",
-          "yarn build",
-        ],
-        "stage": "build",
-        "variables": {
-          "KUBERNETES_CPU_REQUEST": "0.45",
-          "KUBERNETES_MEMORY_LIMIT": "4Gi",
-          "KUBERNETES_MEMORY_REQUEST": "1Gi",
-        },
-      },
-      "api 🔨 app | stage ": {
-        "artifacts": {
-          "expire_in": "1 day",
-          "paths": [
-            "api/__build_info.json",
-            "api/.next",
-            "api/dist",
-          ],
-          "reports": {
-            "junit": undefined,
-          },
-          "when": "always",
-        },
-        "cache": [
-          {
-            "key": "api-yarn",
-            "paths": [
-              "api/.yarn",
-            ],
-            "policy": "pull-push",
-          },
-          {
-            "key": "api-node-modules",
-            "paths": [
-              "api/node_modules",
-            ],
-            "policy": "pull-push",
-          },
-          {
-            "key": "api-next-cache",
-            "paths": [
-              "api/.next/cache",
-            ],
-            "policy": "pull-push",
-          },
-        ],
-        "image": "path/to/docker/jobs-default:the-version",
-        "interruptible": true,
-        "needs": [],
-        "retry": {
-          "max": 2,
-          "when": [
-            "runner_system_failure",
-            "stuck_or_timeout_failure",
-          ],
-        },
-        "script": [
-          "echo -e "\\e[0Ksection_start:$(date +%s):injectvars[collapsed=true]\\r\\e[0KInjecting variables"",
-          "export ENV_SHORT="stage"",
-          "export APP_DIR="api"",
-          "export ENV_TYPE="stage"",
-          "export BUILD_INFO_BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"",
-          "export BUILD_INFO_BUILD_TIME="$CI_JOB_STARTED_AT"",
-          "export BUILD_INFO_CURRENT_VERSION="$(tag=$(git ls-remote origin "refs/tags/v*[0-9]" 2>/dev/null | cut -f 2- | sort -V | tail -1 | sed 's/refs\\/tags\\/v//'); [ -z "$tag" ] && echo "0.0.0" || echo "$tag")"",
-          "export HOST="api.stage.test-app.pan.panter.cloud"",
-          "export ROOT_URL="https://api.stage.test-app.pan.panter.cloud"",
-          "export HOST_INTERNAL="api.stage.test-app.pan.panter.cloud"",
-          "export HOST_CANONICAL="api.stage.test-app.pan.panter.cloud"",
-          "export ROOT_URL_INTERNAL="https://api.stage.test-app.pan.panter.cloud"",
-          "export KUBE_NAMESPACE="pan-test-app-stage"",
-          "export KUBE_APP_NAME="api"",
-          "export KUBE_APP_NAME_PREFIX=""",
-          "export MONGODB_ROOT_PASSWORD="$CL_stage_api_MONGODB_ROOT_PASSWORD"",
-          "export MONGODB_REPLICASET_KEY="$CL_stage_api_MONGODB_REPLICASET_KEY"",
-          "export _ALL_ENV_VAR_KEYS="[\\"ENV_SHORT\\",\\"APP_DIR\\",\\"ENV_TYPE\\",\\"BUILD_INFO_BUILD_ID\\",\\"BUILD_INFO_BUILD_TIME\\",\\"BUILD_INFO_CURRENT_VERSION\\",\\"HOST\\",\\"ROOT_URL\\",\\"HOST_INTERNAL\\",\\"HOST_CANONICAL\\",\\"ROOT_URL_INTERNAL\\",\\"KUBE_NAMESPACE\\",\\"KUBE_APP_NAME\\",\\"KUBE_APP_NAME_PREFIX\\",\\"MONGODB_ROOT_PASSWORD\\",\\"MONGODB_REPLICASET_KEY\\"]"",
-          "echo -e "\\e[0Ksection_end:$(date +%s):injectvars\\r\\e[0K"",
-          "echo '{"id":"$(git describe --tags 2>/dev/null || git rev-parse HEAD)","time":"$CI_JOB_STARTED_AT"}' > api/__build_info.json",
-          "echo -e "\\e[0Ksection_start:$(date +%s):nodeinstall[collapsed=true]\\r\\e[0KEnsure node version"",
-          "if [ -f ~/.nvm/nvm.sh ];  then source ~/.nvm/nvm.sh; fi",
-          "if command -v nvm &> /dev/null && [ -f ./.nvmrc ]; then nvm install; fi",
-          "echo -e "\\e[0Ksection_end:$(date +%s):nodeinstall\\r\\e[0K"",
-          "cd api",
-          "echo -e "\\e[0Ksection_start:$(date +%s):nodeinstall[collapsed=true]\\r\\e[0KEnsure node version"",
-          "if [ -f ~/.nvm/nvm.sh ];  then source ~/.nvm/nvm.sh; fi",
-          "if command -v nvm &> /dev/null && [ -f ./.nvmrc ]; then nvm install; fi",
-          "echo -e "\\e[0Ksection_end:$(date +%s):nodeinstall\\r\\e[0K"",
-          "echo -e "\\e[0Ksection_start:$(date +%s):yarninstall[collapsed=true]\\r\\e[0KYarn install"",
-          "yarn install --immutable",
-          "echo -e "\\e[0Ksection_end:$(date +%s):yarninstall\\r\\e[0K"",
-          "yarn build",
-        ],
-        "stage": "build",
-        "variables": {
-          "KUBERNETES_CPU_REQUEST": "0.45",
-          "KUBERNETES_MEMORY_LIMIT": "4Gi",
-          "KUBERNETES_MEMORY_REQUEST": "1Gi",
-        },
-      },
-      "api 🔨 docker | prod ": {
-        "cache": [
-          {
-            "key": "api-yarn",
-            "paths": [
-              "api/.yarn",
-            ],
-            "policy": "pull",
-          },
-        ],
-        "image": "path/to/docker/docker-build:the-version",
-        "interruptible": true,
-        "needs": [
-          "api 🔨 app | prod ",
-        ],
-        "retry": {
-          "max": 2,
-          "when": [
-            "runner_system_failure",
-            "stuck_or_timeout_failure",
-          ],
-        },
-        "script": [
-          "echo -e "\\e[0Ksection_start:$(date +%s):injectvars[collapsed=true]\\r\\e[0KInjecting variables"",
-          "export APP_DIR="api"",
-          "export DOCKER_BUILD_CONTEXT="."",
-          "export DOCKER_REGISTRY="$CI_REGISTRY"",
-          "export DOCKER_CACHE_IMAGE="$CI_REGISTRY_IMAGE/caches/api"",
-          "export DOCKER_IMAGE_NAME="prod/api"",
-          "export DOCKER_IMAGE="$CI_REGISTRY_IMAGE/$DOCKER_IMAGE_NAME"",
-          "export DOCKER_IMAGE_TAG="$CI_COMMIT_SHA"",
-          "export DOCKER_COPY_AND_INSTALL_APP="COPY --chown=node:node $APP_DIR .
-RUN yarn plugin import workspace-tools
-RUN yarn workspaces focus --production && yarn rebuild"",
-          "export DOCKER_COPY_WORKSPACE_FILES="COPY --chown=node:node api/package.json /app/api/package.json
-COPY --chown=node:node api/yarn.lock /app/api/yarn.lock
-COPY --chown=node:node .yarnrc.yml /app/.yarnrc.yml
-COPY --chown=node:node .yarn /app/.yarn"",
-          "echo -e "\\e[0Ksection_end:$(date +%s):injectvars\\r\\e[0K"",
-          "ensureNodeDockerfile",
-          "echo -e "\\e[0Ksection_start:$(date +%s):docker-login[collapsed=true]\\r\\e[0KDocker Login"",
-          "docker login --username gitlab-ci-token --password $CI_JOB_TOKEN $CI_REGISTRY",
-          "echo -e "\\e[0Ksection_end:$(date +%s):docker-login\\r\\e[0K"",
-          "echo -e "\\e[0Ksection_start:$(date +%s):docker-build[collapsed=true]\\r\\e[0KDocker build"",
-          "docker build --network host --cache-from $DOCKER_CACHE_IMAGE --tag $DOCKER_IMAGE:$DOCKER_IMAGE_TAG -f $APP_DIR/Dockerfile $DOCKER_BUILD_CONTEXT --build-arg BUILDKIT_INLINE_CACHE=1",
-          "echo -e "\\e[0Ksection_end:$(date +%s):docker-build\\r\\e[0K"",
-          "echo -e "\\e[0Ksection_start:$(date +%s):docker-push[collapsed=true]\\r\\e[0KDocker push and tag"",
-          "docker push $DOCKER_IMAGE:$DOCKER_IMAGE_TAG",
-          "docker tag $DOCKER_IMAGE:$DOCKER_IMAGE_TAG $DOCKER_CACHE_IMAGE",
-          "docker push $DOCKER_CACHE_IMAGE",
-          "echo -e "\\e[0Ksection_end:$(date +%s):docker-push\\r\\e[0K"",
-        ],
-        "services": [
-          {
-            "command": [
-              "--tls=false",
-            ],
-            "name": "docker:24.0.6-dind",
-          },
-        ],
-        "stage": "build",
-        "variables": {
-          "DOCKER_BUILDKIT": "1",
-          "DOCKER_DRIVER": "overlay2",
-          "DOCKER_HOST": "tcp://0.0.0.0:2375",
-          "DOCKER_TLS_CERTDIR": "",
-          "KUBERNETES_CPU_REQUEST": "0.45",
-          "KUBERNETES_MEMORY_LIMIT": "2Gi",
-          "KUBERNETES_MEMORY_REQUEST": "1Gi",
-        },
-      },
-      "api 🔨 docker | stage ": {
-        "cache": [
-          {
-            "key": "api-yarn",
-            "paths": [
-              "api/.yarn",
-            ],
-            "policy": "pull",
-          },
-        ],
-        "image": "path/to/docker/docker-build:the-version",
-        "interruptible": true,
-        "needs": [
-          "api 🔨 app | stage ",
-        ],
-        "retry": {
-          "max": 2,
-          "when": [
-            "runner_system_failure",
-            "stuck_or_timeout_failure",
-          ],
-        },
-        "script": [
-          "echo -e "\\e[0Ksection_start:$(date +%s):injectvars[collapsed=true]\\r\\e[0KInjecting variables"",
-          "export APP_DIR="api"",
-          "export DOCKER_BUILD_CONTEXT="."",
-          "export DOCKER_REGISTRY="$CI_REGISTRY"",
-          "export DOCKER_CACHE_IMAGE="$CI_REGISTRY_IMAGE/caches/api"",
-          "export DOCKER_IMAGE_NAME="stage/api"",
-          "export DOCKER_IMAGE="$CI_REGISTRY_IMAGE/$DOCKER_IMAGE_NAME"",
-          "export DOCKER_IMAGE_TAG="$CI_COMMIT_SHA"",
-          "export DOCKER_COPY_AND_INSTALL_APP="COPY --chown=node:node $APP_DIR .
-RUN yarn plugin import workspace-tools
-RUN yarn workspaces focus --production && yarn rebuild"",
-          "export DOCKER_COPY_WORKSPACE_FILES="COPY --chown=node:node api/package.json /app/api/package.json
-COPY --chown=node:node api/yarn.lock /app/api/yarn.lock
-COPY --chown=node:node .yarnrc.yml /app/.yarnrc.yml
-COPY --chown=node:node .yarn /app/.yarn"",
-          "echo -e "\\e[0Ksection_end:$(date +%s):injectvars\\r\\e[0K"",
-          "ensureNodeDockerfile",
-          "echo -e "\\e[0Ksection_start:$(date +%s):docker-login[collapsed=true]\\r\\e[0KDocker Login"",
-          "docker login --username gitlab-ci-token --password $CI_JOB_TOKEN $CI_REGISTRY",
-          "echo -e "\\e[0Ksection_end:$(date +%s):docker-login\\r\\e[0K"",
-          "echo -e "\\e[0Ksection_start:$(date +%s):docker-build[collapsed=true]\\r\\e[0KDocker build"",
-          "docker build --network host --cache-from $DOCKER_CACHE_IMAGE --tag $DOCKER_IMAGE:$DOCKER_IMAGE_TAG -f $APP_DIR/Dockerfile $DOCKER_BUILD_CONTEXT --build-arg BUILDKIT_INLINE_CACHE=1",
-          "echo -e "\\e[0Ksection_end:$(date +%s):docker-build\\r\\e[0K"",
-          "echo -e "\\e[0Ksection_start:$(date +%s):docker-push[collapsed=true]\\r\\e[0KDocker push and tag"",
-          "docker push $DOCKER_IMAGE:$DOCKER_IMAGE_TAG",
-          "docker tag $DOCKER_IMAGE:$DOCKER_IMAGE_TAG $DOCKER_CACHE_IMAGE",
-          "docker push $DOCKER_CACHE_IMAGE",
-          "echo -e "\\e[0Ksection_end:$(date +%s):docker-push\\r\\e[0K"",
-        ],
-        "services": [
-          {
-            "command": [
-              "--tls=false",
-            ],
-            "name": "docker:24.0.6-dind",
-          },
-        ],
-        "stage": "build",
-        "variables": {
-          "DOCKER_BUILDKIT": "1",
-          "DOCKER_DRIVER": "overlay2",
-          "DOCKER_HOST": "tcp://0.0.0.0:2375",
-          "DOCKER_TLS_CERTDIR": "",
-          "KUBERNETES_CPU_REQUEST": "0.45",
-          "KUBERNETES_MEMORY_LIMIT": "2Gi",
-          "KUBERNETES_MEMORY_REQUEST": "1Gi",
-        },
-      },
-      "api 🚀 Deploy | prod ": {
-        "allow_failure": true,
-        "artifacts": {
-          "reports": {
-            "dotenv": "gitlab_environment.env",
-          },
-        },
-        "environment": {
-          "auto_stop_in": undefined,
-          "name": "prod/api",
-          "on_stop": "api 🛑 Stop ⚠️ | prod ",
-          "url": "$CL_GITLAB_ENVIRONMENT_URL",
-        },
-        "image": "path/to/docker/kubernetes:the-version",
-        "interruptible": true,
-        "needs": [
-          {
-            "artifacts": false,
-            "job": "api 🔨 app | prod ",
-          },
-          {
-            "artifacts": false,
-            "job": "api 🔨 docker | prod ",
-          },
-          {
-            "artifacts": true,
-            "job": "api 🧾 sbom | prod ",
-          },
-        ],
-        "retry": {
-          "max": 2,
-          "when": [
-            "runner_system_failure",
-            "stuck_or_timeout_failure",
-          ],
-        },
-        "rules": [
-          {
-            "when": "manual",
-          },
-        ],
-        "script": [
-          "echo -e "\\e[0Ksection_start:$(date +%s):injectvars[collapsed=true]\\r\\e[0KInjecting variables"",
-          "export ENV_SHORT="prod"",
-          "export APP_DIR="api"",
-          "export ENV_TYPE="prod"",
-          "export BUILD_INFO_BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"",
-          "export BUILD_INFO_BUILD_TIME="$CI_JOB_STARTED_AT"",
-          "export BUILD_INFO_CURRENT_VERSION="$(tag=$(git ls-remote origin "refs/tags/v*[0-9]" 2>/dev/null | cut -f 2- | sort -V | tail -1 | sed 's/refs\\/tags\\/v//'); [ -z "$tag" ] && echo "0.0.0" || echo "$tag")"",
-          "export HOST="api.prod.test-app.pan.panter.cloud"",
-          "export ROOT_URL="https://api.prod.test-app.pan.panter.cloud"",
-          "export HOST_INTERNAL="api.prod.test-app.pan.panter.cloud"",
-          "export HOST_CANONICAL="api.prod.test-app.pan.panter.cloud"",
-          "export ROOT_URL_INTERNAL="https://api.prod.test-app.pan.panter.cloud"",
-          "export KUBE_NAMESPACE="pan-test-app-prod"",
-          "export KUBE_APP_NAME="api"",
-          "export KUBE_APP_NAME_PREFIX=""",
-          "export MONGODB_ROOT_PASSWORD="$CL_prod_api_MONGODB_ROOT_PASSWORD"",
-          "export MONGODB_REPLICASET_KEY="$CL_prod_api_MONGODB_REPLICASET_KEY"",
-          "export _ALL_ENV_VAR_KEYS="[\\"ENV_SHORT\\",\\"APP_DIR\\",\\"ENV_TYPE\\",\\"BUILD_INFO_BUILD_ID\\",\\"BUILD_INFO_BUILD_TIME\\",\\"BUILD_INFO_CURRENT_VERSION\\",\\"HOST\\",\\"ROOT_URL\\",\\"HOST_INTERNAL\\",\\"HOST_CANONICAL\\",\\"ROOT_URL_INTERNAL\\",\\"KUBE_NAMESPACE\\",\\"KUBE_APP_NAME\\",\\"KUBE_APP_NAME_PREFIX\\",\\"MONGODB_ROOT_PASSWORD\\",\\"MONGODB_REPLICASET_KEY\\"]"",
-          "export DOCKER_REGISTRY="$CI_REGISTRY"",
-          "export DOCKER_CACHE_IMAGE="$CI_REGISTRY_IMAGE/caches/api"",
-          "export DOCKER_IMAGE_NAME="prod/api"",
-          "export DOCKER_IMAGE="$CI_REGISTRY_IMAGE/$DOCKER_IMAGE_NAME"",
-          "export DOCKER_IMAGE_TAG="$CI_COMMIT_SHA"",
-          "export RELEASE_NAME="pan-test-app-prod-api"",
-          "export HELM_EXPERIMENTAL_OCI="1"",
-          "export KUBE_DOCKER_IMAGE_PULL_SECRET="gitlab-registry-api"",
-          "export HELM_GITLAB_CHART_NAME="/helm-charts/the-panter-chart"",
-          "export HELM_ARGS=""",
-          "export COMPONENT_NAME="api"",
-          "export BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"",
-          "echo -e "\\e[0Ksection_end:$(date +%s):injectvars\\r\\e[0K"",
-          "kubectl config set-cluster "kube-pan-test-app-prod-api" --server="$CL_prod_api_KUBE_URL" --certificate-authority <(echo $CL_prod_api_KUBE_CA_PEM | base64 -d) --embed-certs=true",
-          "kubectl config set-credentials "kube-pan-test-app-prod-api" --token="$CL_prod_api_KUBE_TOKEN"",
-          "kubectl config set-context "kube-pan-test-app-prod-api" --cluster="kube-pan-test-app-prod-api" --user="kube-pan-test-app-prod-api" --namespace="pan-test-app-prod"",
-          "kubectl config use-context "kube-pan-test-app-prod-api"",
-          "echo -e "\\e[0Ksection_start:$(date +%s):writeallvalues[collapsed=true]\\r\\e[0KWrite __all_values.yml for helm deployment"",
-          "cat > __all_values.yml <<EOF
-env:
-  secret:
-    MONGODB_ROOT_PASSWORD: |-
-$(printf %s "$CL_prod_api_MONGODB_ROOT_PASSWORD" | sed 's/^/      /')
-    MONGODB_REPLICASET_KEY: |-
-$(printf %s "$CL_prod_api_MONGODB_REPLICASET_KEY" | sed 's/^/      /')
-    MONGO_URL: |-
-      mongodb://root:$CL_prod_api_MONGODB_ROOT_PASSWORD@api-mongodb-0.api-mongodb-headless.pan-test-app-prod.svc.cluster.local:27017,api-mongodb-1.api-mongodb-headless.pan-test-app-prod.svc.cluster.local:27017/app?replicaSet=rs0&authSource=admin
-    MONGO_OPLOG_URL: |-
-      mongodb://root:$CL_prod_api_MONGODB_ROOT_PASSWORD@api-mongodb-0.api-mongodb-headless.pan-test-app-prod.svc.cluster.local:27017,api-mongodb-1.api-mongodb-headless.pan-test-app-prod.svc.cluster.local:27017/local?replicaSet=rs0&authSource=admin
-  public:
-    ENV_SHORT: |-
-      prod
-    APP_DIR: |-
-      api
-    ENV_TYPE: |-
-      prod
-    BUILD_INFO_BUILD_ID: |-
-$(printf %s "$(git describe --tags 2>/dev/null || git rev-parse HEAD)" | sed 's/^/      /')
-    BUILD_INFO_BUILD_TIME: |-
-$(printf %s "$CI_JOB_STARTED_AT" | sed 's/^/      /')
-    BUILD_INFO_CURRENT_VERSION: |-
-$(printf %s "$(tag=$(git ls-remote origin "refs/tags/v*[0-9]" 2>/dev/null | cut -f 2- | sort -V | tail -1 | sed 's/refs\\/tags\\/v//'); [ -z "$tag" ] && echo "0.0.0" || echo "$tag")" | sed 's/^/      /')
-    HOST: |-
-      api.prod.test-app.pan.panter.cloud
-    ROOT_URL: |-
-      https://api.prod.test-app.pan.panter.cloud
-    HOST_INTERNAL: |-
-      api.prod.test-app.pan.panter.cloud
-    HOST_CANONICAL: |-
-      api.prod.test-app.pan.panter.cloud
-    ROOT_URL_INTERNAL: |-
-      https://api.prod.test-app.pan.panter.cloud
-    KUBE_NAMESPACE: |-
-      pan-test-app-prod
-    KUBE_APP_NAME: |-
-      api
-    KUBE_APP_NAME_PREFIX: ""
-    _ALL_ENV_VAR_KEYS: |-
-      ["ENV_SHORT","APP_DIR","ENV_TYPE","BUILD_INFO_BUILD_ID","BUILD_INFO_BUILD_TIME","BUILD_INFO_CURRENT_VERSION","HOST","ROOT_URL","HOST_INTERNAL","HOST_CANONICAL","ROOT_URL_INTERNAL","KUBE_NAMESPACE","KUBE_APP_NAME","KUBE_APP_NAME_PREFIX","MONGODB_ROOT_PASSWORD","MONGODB_REPLICASET_KEY"]
-application:
-  host: |-
-    api.prod.test-app.pan.panter.cloud
-  command: |-
-    node main.js
-  livenessProbe:
-    httpGet:
-      path: |-
-        __health
-  readinessProbe:
-    httpGet:
-      path: |-
-        __health
-  startupProbe:
-    httpGet:
-      path: |-
-        __health
-mongodb:
-  enabled: true
-  auth:
-    enabled: true
-    rootPassword: |-
-      $CL_prod_api_MONGODB_ROOT_PASSWORD
-    replicaSetKey: |-
-      $CL_prod_api_MONGODB_REPLICASET_KEY
-  persistence:
-    storageClass: |-
-      premium-rwo
-  backup:
-    enabled: true
-    hostToBackup: |-
-      api-mongodb-0.api-mongodb-headless.pan-test-app-prod.svc.cluster.local:27017
-    pvcToBackup: |-
-      datadir-api-mongodb-0
-    image: |-
-      mrelite/kubectlmongoshell:v1.0
-    schedule: |-
-      0 4 * * *
-    volumeSnapshotClass: |-
-      snapshotclass
-  architecture: |-
-    replicaset
-  tolerations:
-    - key: |-
-        mongodb
-      operator: |-
-        Equal
-      value: |-
-        true
-      effect: |-
-        NoSchedule
+      EOF
+    - echo -e "\\e[0Ksection_end:$(date +%s):writeallvalues\\r\\e[0K"
+    - kubernetesCreateSecret
+    - kubernetesDeploy
+    - echo 'Uploading SBOM to Dependency Track'
+    - /dtrackuploader https://dep.panter.swiss/ "$DT_KEY_PROD" upload "pan-test-app/api" "https://api.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; }).review.test-app.pan.panter.cloud" "__sbom.json" vex.json || true
+    - echo deployment successful 😻
+    - echo "CL_GITLAB_ENVIRONMENT_URL=https://api.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; }).review.test-app.pan.panter.cloud" >> gitlab_environment.env
+  environment:
+    name: review/$CI_COMMIT_REF_NAME/api
+    url: $CL_GITLAB_ENVIRONMENT_URL
+    on_stop: 'api 🛑 Stop ⚠️ | review '
+    auto_stop_in: 1 week
+  artifacts:
+    reports:
+      dotenv: gitlab_environment.env
+  rules:
+    - when: on_success
+      if: $CI_MERGE_REQUEST_ID
+  needs:
+    - job: api 👮 lint
+      artifacts: false
+    - job: 'api 🔨 app | review '
+      artifacts: false
+    - job: 'api 🔨 docker | review '
+      artifacts: false
+    - job: api 🧪 test
+      artifacts: false
+    - job: 'api 🧾 sbom | review '
+      artifacts: true
+    - job: api 🛡 audit
+      artifacts: false
+  retry: *a1
+  interruptible: true
+  allow_failure: false
+'api 🛑 Stop ⚠️ | review ':
+  stage: stop review
+  image: path/to/docker/kubernetes:the-version
+  variables:
+    KUBERNETES_CPU_REQUEST: '0.22'
+    KUBERNETES_MEMORY_REQUEST: 200Mi
+    KUBERNETES_MEMORY_LIMIT: 400Mi
+    GIT_STRATEGY: none
+  script:
+    - echo -e "\\e[0Ksection_start:$(date +%s):injectvars[collapsed=true]\\r\\e[0KInjecting variables"
+    - export ENV_SHORT="review"
+    - export APP_DIR="api"
+    - export ENV_TYPE="review"
+    - export BUILD_INFO_BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"
+    - export BUILD_INFO_BUILD_TIME="$CI_JOB_STARTED_AT"
+    - export BUILD_INFO_CURRENT_VERSION="$(tag=$(git ls-remote origin "refs/tags/v*[0-9]" 2>/dev/null | cut -f 2- | sort -V | tail -1 | sed 's/refs\\/tags\\/v//'); [ -z "$tag" ] && echo "0.0.0" || echo "$tag")"
+    - export HOST="api.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; }).review.test-app.pan.panter.cloud"
+    - export ROOT_URL="https://api.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; }).review.test-app.pan.panter.cloud"
+    - export HOST_INTERNAL="api.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; }).review.test-app.pan.panter.cloud"
+    - export HOST_CANONICAL="api.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; }).review.test-app.pan.panter.cloud"
+    - export ROOT_URL_INTERNAL="https://api.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; }).review.test-app.pan.panter.cloud"
+    - export KUBE_NAMESPACE="pan-test-app-review"
+    - export KUBE_APP_NAME="$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-api"
+    - export KUBE_APP_NAME_PREFIX="$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-"
+    - export MONGODB_ROOT_PASSWORD="$CL_review_api_MONGODB_ROOT_PASSWORD"
+    - export MONGODB_REPLICASET_KEY="$CL_review_api_MONGODB_REPLICASET_KEY"
+    - export _ALL_ENV_VAR_KEYS="[\\"ENV_SHORT\\",\\"APP_DIR\\",\\"ENV_TYPE\\",\\"BUILD_INFO_BUILD_ID\\",\\"BUILD_INFO_BUILD_TIME\\",\\"BUILD_INFO_CURRENT_VERSION\\",\\"HOST\\",\\"ROOT_URL\\",\\"HOST_INTERNAL\\",\\"HOST_CANONICAL\\",\\"ROOT_URL_INTERNAL\\",\\"KUBE_NAMESPACE\\",\\"KUBE_APP_NAME\\",\\"KUBE_APP_NAME_PREFIX\\",\\"MONGODB_ROOT_PASSWORD\\",\\"MONGODB_REPLICASET_KEY\\"]"
+    - export RELEASE_NAME="pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-api"
+    - export HELM_EXPERIMENTAL_OCI="1"
+    - export KUBE_DOCKER_IMAGE_PULL_SECRET="gitlab-registry-api"
+    - export HELM_GITLAB_CHART_NAME="/helm-charts/the-panter-chart"
+    - export HELM_ARGS=""
+    - export COMPONENT_NAME="api"
+    - export BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"
+    - echo -e "\\e[0Ksection_end:$(date +%s):injectvars\\r\\e[0K"
+    - kubectl config set-cluster "kube-pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-api" --server="$CL_review_api_KUBE_URL" --certificate-authority <(echo $CL_review_api_KUBE_CA_PEM | base64 -d) --embed-certs=true
+    - kubectl config set-credentials "kube-pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-api" --token="$CL_review_api_KUBE_TOKEN"
+    - kubectl config set-context "kube-pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-api" --cluster="kube-pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-api" --user="kube-pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-api" --namespace="pan-test-app-review"
+    - kubectl config use-context "kube-pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-api"
+    - kubernetesDelete
+    - echo 'Disabling component in Dependency Track'
+    - /dtrackuploader https://dep.panter.swiss/ "$DT_KEY_PROD" disable "pan-test-app/api" "https://api.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; }).review.test-app.pan.panter.cloud" || true
+    - echo "CL_GITLAB_ENVIRONMENT_URL=https://api.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; }).review.test-app.pan.panter.cloud" >> gitlab_environment.env
+  environment:
+    name: review/$CI_COMMIT_REF_NAME/api
+    url: $CL_GITLAB_ENVIRONMENT_URL
+    action: stop
+  artifacts:
+    reports:
+      dotenv: gitlab_environment.env
+  rules:
+    - if: $CI_COMMIT_BRANCH =~ /^[0-9]+\\.([0-9]+|x)\\.x$/
+      when: on_success
+    - when: manual
+      if: $CI_MERGE_REQUEST_ID
+  needs: []
+  retry: *a1
+  interruptible: true
+  allow_failure: true
+'api ↩️ Rollback ⚠️ | review ':
+  stage: rollback review
+  image: path/to/docker/kubernetes:the-version
+  variables:
+    KUBERNETES_CPU_REQUEST: '0.22'
+    KUBERNETES_MEMORY_REQUEST: 200Mi
+    KUBERNETES_MEMORY_LIMIT: 400Mi
+    GIT_STRATEGY: none
+  script:
+    - echo -e "\\e[0Ksection_start:$(date +%s):injectvars[collapsed=true]\\r\\e[0KInjecting variables"
+    - export ENV_SHORT="review"
+    - export APP_DIR="api"
+    - export ENV_TYPE="review"
+    - export BUILD_INFO_BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"
+    - export BUILD_INFO_BUILD_TIME="$CI_JOB_STARTED_AT"
+    - export BUILD_INFO_CURRENT_VERSION="$(tag=$(git ls-remote origin "refs/tags/v*[0-9]" 2>/dev/null | cut -f 2- | sort -V | tail -1 | sed 's/refs\\/tags\\/v//'); [ -z "$tag" ] && echo "0.0.0" || echo "$tag")"
+    - export HOST="api.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; }).review.test-app.pan.panter.cloud"
+    - export ROOT_URL="https://api.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; }).review.test-app.pan.panter.cloud"
+    - export HOST_INTERNAL="api.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; }).review.test-app.pan.panter.cloud"
+    - export HOST_CANONICAL="api.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; }).review.test-app.pan.panter.cloud"
+    - export ROOT_URL_INTERNAL="https://api.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; }).review.test-app.pan.panter.cloud"
+    - export KUBE_NAMESPACE="pan-test-app-review"
+    - export KUBE_APP_NAME="$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-api"
+    - export KUBE_APP_NAME_PREFIX="$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-"
+    - export MONGODB_ROOT_PASSWORD="$CL_review_api_MONGODB_ROOT_PASSWORD"
+    - export MONGODB_REPLICASET_KEY="$CL_review_api_MONGODB_REPLICASET_KEY"
+    - export _ALL_ENV_VAR_KEYS="[\\"ENV_SHORT\\",\\"APP_DIR\\",\\"ENV_TYPE\\",\\"BUILD_INFO_BUILD_ID\\",\\"BUILD_INFO_BUILD_TIME\\",\\"BUILD_INFO_CURRENT_VERSION\\",\\"HOST\\",\\"ROOT_URL\\",\\"HOST_INTERNAL\\",\\"HOST_CANONICAL\\",\\"ROOT_URL_INTERNAL\\",\\"KUBE_NAMESPACE\\",\\"KUBE_APP_NAME\\",\\"KUBE_APP_NAME_PREFIX\\",\\"MONGODB_ROOT_PASSWORD\\",\\"MONGODB_REPLICASET_KEY\\"]"
+    - export RELEASE_NAME="pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-api"
+    - export HELM_EXPERIMENTAL_OCI="1"
+    - export KUBE_DOCKER_IMAGE_PULL_SECRET="gitlab-registry-api"
+    - export HELM_GITLAB_CHART_NAME="/helm-charts/the-panter-chart"
+    - export HELM_ARGS=""
+    - export COMPONENT_NAME="api"
+    - export BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"
+    - echo -e "\\e[0Ksection_end:$(date +%s):injectvars\\r\\e[0K"
+    - kubectl config set-cluster "kube-pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-api" --server="$CL_review_api_KUBE_URL" --certificate-authority <(echo $CL_review_api_KUBE_CA_PEM | base64 -d) --embed-certs=true
+    - kubectl config set-credentials "kube-pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-api" --token="$CL_review_api_KUBE_TOKEN"
+    - kubectl config set-context "kube-pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-api" --cluster="kube-pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-api" --user="kube-pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-api" --namespace="pan-test-app-review"
+    - kubectl config use-context "kube-pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-api"
+    - kubernetesRollback
+    - echo "CL_GITLAB_ENVIRONMENT_URL=https://api.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; }).review.test-app.pan.panter.cloud" >> gitlab_environment.env
+  environment:
+    name: review/$CI_COMMIT_REF_NAME/api
+    url: $CL_GITLAB_ENVIRONMENT_URL
+    action: access
+  artifacts:
+    reports:
+      dotenv: gitlab_environment.env
+  rules:
+    - when: manual
+      if: $CI_MERGE_REQUEST_ID
+  needs: []
+  retry: *a1
+  interruptible: true
+  allow_failure: true
+'api 🔨 app | stage ':
+  stage: build
+  image: path/to/docker/jobs-default:the-version
+  variables:
+    KUBERNETES_CPU_REQUEST: '0.45'
+    KUBERNETES_MEMORY_REQUEST: 1Gi
+    KUBERNETES_MEMORY_LIMIT: 4Gi
+  script:
+    - echo -e "\\e[0Ksection_start:$(date +%s):injectvars[collapsed=true]\\r\\e[0KInjecting variables"
+    - export ENV_SHORT="stage"
+    - export APP_DIR="api"
+    - export ENV_TYPE="stage"
+    - export BUILD_INFO_BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"
+    - export BUILD_INFO_BUILD_TIME="$CI_JOB_STARTED_AT"
+    - export BUILD_INFO_CURRENT_VERSION="$(tag=$(git ls-remote origin "refs/tags/v*[0-9]" 2>/dev/null | cut -f 2- | sort -V | tail -1 | sed 's/refs\\/tags\\/v//'); [ -z "$tag" ] && echo "0.0.0" || echo "$tag")"
+    - export HOST="api.stage.test-app.pan.panter.cloud"
+    - export ROOT_URL="https://api.stage.test-app.pan.panter.cloud"
+    - export HOST_INTERNAL="api.stage.test-app.pan.panter.cloud"
+    - export HOST_CANONICAL="api.stage.test-app.pan.panter.cloud"
+    - export ROOT_URL_INTERNAL="https://api.stage.test-app.pan.panter.cloud"
+    - export KUBE_NAMESPACE="pan-test-app-stage"
+    - export KUBE_APP_NAME="api"
+    - export KUBE_APP_NAME_PREFIX=""
+    - export MONGODB_ROOT_PASSWORD="$CL_stage_api_MONGODB_ROOT_PASSWORD"
+    - export MONGODB_REPLICASET_KEY="$CL_stage_api_MONGODB_REPLICASET_KEY"
+    - export _ALL_ENV_VAR_KEYS="[\\"ENV_SHORT\\",\\"APP_DIR\\",\\"ENV_TYPE\\",\\"BUILD_INFO_BUILD_ID\\",\\"BUILD_INFO_BUILD_TIME\\",\\"BUILD_INFO_CURRENT_VERSION\\",\\"HOST\\",\\"ROOT_URL\\",\\"HOST_INTERNAL\\",\\"HOST_CANONICAL\\",\\"ROOT_URL_INTERNAL\\",\\"KUBE_NAMESPACE\\",\\"KUBE_APP_NAME\\",\\"KUBE_APP_NAME_PREFIX\\",\\"MONGODB_ROOT_PASSWORD\\",\\"MONGODB_REPLICASET_KEY\\"]"
+    - echo -e "\\e[0Ksection_end:$(date +%s):injectvars\\r\\e[0K"
+    - echo '{"id":"$(git describe --tags 2>/dev/null || git rev-parse HEAD)","time":"$CI_JOB_STARTED_AT"}' > api/__build_info.json
+    - echo -e "\\e[0Ksection_start:$(date +%s):nodeinstall[collapsed=true]\\r\\e[0KEnsure node version"
+    - if [ -f ~/.nvm/nvm.sh ];  then source ~/.nvm/nvm.sh; fi
+    - if command -v nvm &> /dev/null && [ -f ./.nvmrc ]; then nvm install; fi
+    - echo -e "\\e[0Ksection_end:$(date +%s):nodeinstall\\r\\e[0K"
+    - cd api
+    - echo -e "\\e[0Ksection_start:$(date +%s):nodeinstall[collapsed=true]\\r\\e[0KEnsure node version"
+    - if [ -f ~/.nvm/nvm.sh ];  then source ~/.nvm/nvm.sh; fi
+    - if command -v nvm &> /dev/null && [ -f ./.nvmrc ]; then nvm install; fi
+    - echo -e "\\e[0Ksection_end:$(date +%s):nodeinstall\\r\\e[0K"
+    - echo -e "\\e[0Ksection_start:$(date +%s):yarninstall[collapsed=true]\\r\\e[0KYarn install"
+    - yarn install --immutable
+    - echo -e "\\e[0Ksection_end:$(date +%s):yarninstall\\r\\e[0K"
+    - yarn build
+  cache:
+    - key: api-yarn
+      policy: pull-push
+      paths:
+        - api/.yarn
+    - key: api-node-modules
+      policy: pull-push
+      paths:
+        - api/node_modules
+    - key: api-next-cache
+      policy: pull-push
+      paths:
+        - api/.next/cache
+  artifacts:
+    paths:
+      - api/__build_info.json
+      - api/.next
+      - api/dist
+    expire_in: 1 day
+    when: always
+    reports: {}
+  rules:
+    - if: $CI_COMMIT_TAG
+  needs: []
+  retry: *a1
+  interruptible: true
+'api 🔨 docker | stage ':
+  stage: build
+  image: path/to/docker/docker-build:the-version
+  services:
+    - name: docker:24.0.6-dind
+      command:
+        - --tls=false
+  variables:
+    DOCKER_HOST: tcp://0.0.0.0:2375
+    DOCKER_TLS_CERTDIR: ''
+    DOCKER_DRIVER: overlay2
+    DOCKER_BUILDKIT: '1'
+    KUBERNETES_CPU_REQUEST: '0.45'
+    KUBERNETES_MEMORY_REQUEST: 1Gi
+    KUBERNETES_MEMORY_LIMIT: 2Gi
+  script:
+    - echo -e "\\e[0Ksection_start:$(date +%s):injectvars[collapsed=true]\\r\\e[0KInjecting variables"
+    - export APP_DIR="api"
+    - export DOCKER_BUILD_CONTEXT="."
+    - export DOCKER_REGISTRY="$CI_REGISTRY"
+    - export DOCKER_CACHE_IMAGE="$CI_REGISTRY_IMAGE/caches/api"
+    - export DOCKER_IMAGE_NAME="stage/api"
+    - export DOCKER_IMAGE="$CI_REGISTRY_IMAGE/$DOCKER_IMAGE_NAME"
+    - export DOCKER_IMAGE_TAG="$CI_COMMIT_SHA"
+    - |-
+      export DOCKER_COPY_AND_INSTALL_APP="COPY --chown=node:node $APP_DIR .
+      RUN yarn plugin import workspace-tools
+      RUN yarn workspaces focus --production && yarn rebuild"
+    - |-
+      export DOCKER_COPY_WORKSPACE_FILES="COPY --chown=node:node api/package.json /app/api/package.json
+      COPY --chown=node:node api/yarn.lock /app/api/yarn.lock
+      COPY --chown=node:node .yarnrc.yml /app/.yarnrc.yml
+      COPY --chown=node:node .yarn /app/.yarn"
+    - echo -e "\\e[0Ksection_end:$(date +%s):injectvars\\r\\e[0K"
+    - ensureNodeDockerfile
+    - echo -e "\\e[0Ksection_start:$(date +%s):docker-login[collapsed=true]\\r\\e[0KDocker Login"
+    - docker login --username gitlab-ci-token --password $CI_JOB_TOKEN $CI_REGISTRY
+    - echo -e "\\e[0Ksection_end:$(date +%s):docker-login\\r\\e[0K"
+    - echo -e "\\e[0Ksection_start:$(date +%s):docker-build[collapsed=true]\\r\\e[0KDocker build"
+    - docker build --network host --cache-from $DOCKER_CACHE_IMAGE --tag $DOCKER_IMAGE:$DOCKER_IMAGE_TAG -f $APP_DIR/Dockerfile $DOCKER_BUILD_CONTEXT --build-arg BUILDKIT_INLINE_CACHE=1
+    - echo -e "\\e[0Ksection_end:$(date +%s):docker-build\\r\\e[0K"
+    - echo -e "\\e[0Ksection_start:$(date +%s):docker-push[collapsed=true]\\r\\e[0KDocker push and tag"
+    - docker push $DOCKER_IMAGE:$DOCKER_IMAGE_TAG
+    - docker tag $DOCKER_IMAGE:$DOCKER_IMAGE_TAG $DOCKER_CACHE_IMAGE
+    - docker push $DOCKER_CACHE_IMAGE
+    - echo -e "\\e[0Ksection_end:$(date +%s):docker-push\\r\\e[0K"
+  cache:
+    - key: api-yarn
+      policy: pull
+      paths:
+        - api/.yarn
+  rules:
+    - if: $CI_COMMIT_TAG
+  needs:
+    - 'api 🔨 app | stage '
+  retry: *a1
+  interruptible: true
+'api 🧾 sbom | stage ':
+  stage: build
+  image: aquasec/trivy:0.38.3
+  variables: {}
+  script:
+    - echo -e "\\e[0Ksection_start:$(date +%s):injectvars[collapsed=true]\\r\\e[0KInjecting variables"
+    - echo -e "\\e[0Ksection_end:$(date +%s):injectvars\\r\\e[0K"
+    - trivy fs --quiet --format cyclonedx --output "__sbom.json" api
+  artifacts:
+    paths:
+      - __sbom.json
+  rules:
+    - if: $CI_COMMIT_TAG
+  needs: []
+  retry: *a1
+  interruptible: true
+  allow_failure: true
+'api 🚀 Deploy | stage ':
+  stage: deploy stage
+  image: path/to/docker/kubernetes:the-version
+  variables:
+    KUBERNETES_CPU_REQUEST: '0.22'
+    KUBERNETES_MEMORY_REQUEST: 200Mi
+    KUBERNETES_MEMORY_LIMIT: 400Mi
+  script:
+    - echo -e "\\e[0Ksection_start:$(date +%s):injectvars[collapsed=true]\\r\\e[0KInjecting variables"
+    - export ENV_SHORT="stage"
+    - export APP_DIR="api"
+    - export ENV_TYPE="stage"
+    - export BUILD_INFO_BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"
+    - export BUILD_INFO_BUILD_TIME="$CI_JOB_STARTED_AT"
+    - export BUILD_INFO_CURRENT_VERSION="$(tag=$(git ls-remote origin "refs/tags/v*[0-9]" 2>/dev/null | cut -f 2- | sort -V | tail -1 | sed 's/refs\\/tags\\/v//'); [ -z "$tag" ] && echo "0.0.0" || echo "$tag")"
+    - export HOST="api.stage.test-app.pan.panter.cloud"
+    - export ROOT_URL="https://api.stage.test-app.pan.panter.cloud"
+    - export HOST_INTERNAL="api.stage.test-app.pan.panter.cloud"
+    - export HOST_CANONICAL="api.stage.test-app.pan.panter.cloud"
+    - export ROOT_URL_INTERNAL="https://api.stage.test-app.pan.panter.cloud"
+    - export KUBE_NAMESPACE="pan-test-app-stage"
+    - export KUBE_APP_NAME="api"
+    - export KUBE_APP_NAME_PREFIX=""
+    - export MONGODB_ROOT_PASSWORD="$CL_stage_api_MONGODB_ROOT_PASSWORD"
+    - export MONGODB_REPLICASET_KEY="$CL_stage_api_MONGODB_REPLICASET_KEY"
+    - export _ALL_ENV_VAR_KEYS="[\\"ENV_SHORT\\",\\"APP_DIR\\",\\"ENV_TYPE\\",\\"BUILD_INFO_BUILD_ID\\",\\"BUILD_INFO_BUILD_TIME\\",\\"BUILD_INFO_CURRENT_VERSION\\",\\"HOST\\",\\"ROOT_URL\\",\\"HOST_INTERNAL\\",\\"HOST_CANONICAL\\",\\"ROOT_URL_INTERNAL\\",\\"KUBE_NAMESPACE\\",\\"KUBE_APP_NAME\\",\\"KUBE_APP_NAME_PREFIX\\",\\"MONGODB_ROOT_PASSWORD\\",\\"MONGODB_REPLICASET_KEY\\"]"
+    - export DOCKER_REGISTRY="$CI_REGISTRY"
+    - export DOCKER_CACHE_IMAGE="$CI_REGISTRY_IMAGE/caches/api"
+    - export DOCKER_IMAGE_NAME="stage/api"
+    - export DOCKER_IMAGE="$CI_REGISTRY_IMAGE/$DOCKER_IMAGE_NAME"
+    - export DOCKER_IMAGE_TAG="$CI_COMMIT_SHA"
+    - export RELEASE_NAME="pan-test-app-stage-api"
+    - export HELM_EXPERIMENTAL_OCI="1"
+    - export KUBE_DOCKER_IMAGE_PULL_SECRET="gitlab-registry-api"
+    - export HELM_GITLAB_CHART_NAME="/helm-charts/the-panter-chart"
+    - export HELM_ARGS=""
+    - export COMPONENT_NAME="api"
+    - export BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"
+    - echo -e "\\e[0Ksection_end:$(date +%s):injectvars\\r\\e[0K"
+    - kubectl config set-cluster "kube-pan-test-app-stage-api" --server="$CL_stage_api_KUBE_URL" --certificate-authority <(echo $CL_stage_api_KUBE_CA_PEM | base64 -d) --embed-certs=true
+    - kubectl config set-credentials "kube-pan-test-app-stage-api" --token="$CL_stage_api_KUBE_TOKEN"
+    - kubectl config set-context "kube-pan-test-app-stage-api" --cluster="kube-pan-test-app-stage-api" --user="kube-pan-test-app-stage-api" --namespace="pan-test-app-stage"
+    - kubectl config use-context "kube-pan-test-app-stage-api"
+    - echo -e "\\e[0Ksection_start:$(date +%s):writeallvalues[collapsed=true]\\r\\e[0KWrite __all_values.yml for helm deployment"
+    - |
+      cat > __all_values.yml <<EOF
+      env:
+        secret:
+          MONGODB_ROOT_PASSWORD: |-
+      $(printf %s "$CL_stage_api_MONGODB_ROOT_PASSWORD" | sed 's/^/      /')
+          MONGODB_REPLICASET_KEY: |-
+      $(printf %s "$CL_stage_api_MONGODB_REPLICASET_KEY" | sed 's/^/      /')
+          MONGO_URL: |-
+            mongodb://root:$CL_stage_api_MONGODB_ROOT_PASSWORD@api-mongodb-0.api-mongodb-headless.pan-test-app-stage.svc.cluster.local:27017,api-mongodb-1.api-mongodb-headless.pan-test-app-stage.svc.cluster.local:27017/app?replicaSet=rs0&authSource=admin
+          MONGO_OPLOG_URL: |-
+            mongodb://root:$CL_stage_api_MONGODB_ROOT_PASSWORD@api-mongodb-0.api-mongodb-headless.pan-test-app-stage.svc.cluster.local:27017,api-mongodb-1.api-mongodb-headless.pan-test-app-stage.svc.cluster.local:27017/local?replicaSet=rs0&authSource=admin
+        public:
+          ENV_SHORT: |-
+            stage
+          APP_DIR: |-
+            api
+          ENV_TYPE: |-
+            stage
+          BUILD_INFO_BUILD_ID: |-
+      $(printf %s "$(git describe --tags 2>/dev/null || git rev-parse HEAD)" | sed 's/^/      /')
+          BUILD_INFO_BUILD_TIME: |-
+      $(printf %s "$CI_JOB_STARTED_AT" | sed 's/^/      /')
+          BUILD_INFO_CURRENT_VERSION: |-
+      $(printf %s "$(tag=$(git ls-remote origin "refs/tags/v*[0-9]" 2>/dev/null | cut -f 2- | sort -V | tail -1 | sed 's/refs\\/tags\\/v//'); [ -z "$tag" ] && echo "0.0.0" || echo "$tag")" | sed 's/^/      /')
+          HOST: |-
+            api.stage.test-app.pan.panter.cloud
+          ROOT_URL: |-
+            https://api.stage.test-app.pan.panter.cloud
+          HOST_INTERNAL: |-
+            api.stage.test-app.pan.panter.cloud
+          HOST_CANONICAL: |-
+            api.stage.test-app.pan.panter.cloud
+          ROOT_URL_INTERNAL: |-
+            https://api.stage.test-app.pan.panter.cloud
+          KUBE_NAMESPACE: |-
+            pan-test-app-stage
+          KUBE_APP_NAME: |-
+            api
+          KUBE_APP_NAME_PREFIX: ""
+          _ALL_ENV_VAR_KEYS: |-
+            ["ENV_SHORT","APP_DIR","ENV_TYPE","BUILD_INFO_BUILD_ID","BUILD_INFO_BUILD_TIME","BUILD_INFO_CURRENT_VERSION","HOST","ROOT_URL","HOST_INTERNAL","HOST_CANONICAL","ROOT_URL_INTERNAL","KUBE_NAMESPACE","KUBE_APP_NAME","KUBE_APP_NAME_PREFIX","MONGODB_ROOT_PASSWORD","MONGODB_REPLICASET_KEY"]
+      application:
+        host: |-
+          api.stage.test-app.pan.panter.cloud
+        command: |-
+          node main.js
+        livenessProbe:
+          httpGet:
+            path: |-
+              __health
+        readinessProbe:
+          httpGet:
+            path: |-
+              __health
+        startupProbe:
+          httpGet:
+            path: |-
+              __health
+      mongodb:
+        enabled: true
+        auth:
+          enabled: true
+          rootPassword: |-
+            $CL_stage_api_MONGODB_ROOT_PASSWORD
+          replicaSetKey: |-
+            $CL_stage_api_MONGODB_REPLICASET_KEY
+        persistence:
+          storageClass: |-
+            premium-rwo
+        backup:
+          enabled: true
+          hostToBackup: |-
+            api-mongodb-0.api-mongodb-headless.pan-test-app-stage.svc.cluster.local:27017
+          pvcToBackup: |-
+            datadir-api-mongodb-0
+          image: |-
+            mrelite/kubectlmongoshell:v1.0
+          schedule: |-
+            0 4 * * *
+          volumeSnapshotClass: |-
+            snapshotclass
+        architecture: |-
+          replicaset
+        tolerations:
+          - key: |-
+              mongodb
+            operator: |-
+              Equal
+            value: |-
+              true
+            effect: |-
+              NoSchedule
 
-EOF
-",
-          "echo -e "\\e[0Ksection_end:$(date +%s):writeallvalues\\r\\e[0K"",
-          "kubernetesCreateSecret",
-          "kubernetesDeploy",
-          "echo 'Uploading SBOM to Dependency Track'",
-          "/dtrackuploader https://dep.panter.swiss/ "$DT_KEY_PROD" upload "pan-test-app/api" "https://api.prod.test-app.pan.panter.cloud" "__sbom.json" vex.json || true",
-          "echo deployment successful 😻",
-          "echo "CL_GITLAB_ENVIRONMENT_URL=https://api.prod.test-app.pan.panter.cloud" >> gitlab_environment.env",
-        ],
-        "stage": "deploy prod",
-        "variables": {
-          "KUBERNETES_CPU_REQUEST": "0.22",
-          "KUBERNETES_MEMORY_LIMIT": "400Mi",
-          "KUBERNETES_MEMORY_REQUEST": "200Mi",
-        },
-      },
-      "api 🚀 Deploy | stage ": {
-        "allow_failure": false,
-        "artifacts": {
-          "reports": {
-            "dotenv": "gitlab_environment.env",
-          },
-        },
-        "environment": {
-          "auto_stop_in": undefined,
-          "name": "stage/api",
-          "on_stop": "api 🛑 Stop ⚠️ | stage ",
-          "url": "$CL_GITLAB_ENVIRONMENT_URL",
-        },
-        "image": "path/to/docker/kubernetes:the-version",
-        "interruptible": true,
-        "needs": [
-          {
-            "artifacts": false,
-            "job": "api 🔨 app | stage ",
-          },
-          {
-            "artifacts": false,
-            "job": "api 🔨 docker | stage ",
-          },
-          {
-            "artifacts": true,
-            "job": "api 🧾 sbom | stage ",
-          },
-        ],
-        "retry": {
-          "max": 2,
-          "when": [
-            "runner_system_failure",
-            "stuck_or_timeout_failure",
-          ],
-        },
-        "rules": [
-          {
-            "when": "on_success",
-          },
-        ],
-        "script": [
-          "echo -e "\\e[0Ksection_start:$(date +%s):injectvars[collapsed=true]\\r\\e[0KInjecting variables"",
-          "export ENV_SHORT="stage"",
-          "export APP_DIR="api"",
-          "export ENV_TYPE="stage"",
-          "export BUILD_INFO_BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"",
-          "export BUILD_INFO_BUILD_TIME="$CI_JOB_STARTED_AT"",
-          "export BUILD_INFO_CURRENT_VERSION="$(tag=$(git ls-remote origin "refs/tags/v*[0-9]" 2>/dev/null | cut -f 2- | sort -V | tail -1 | sed 's/refs\\/tags\\/v//'); [ -z "$tag" ] && echo "0.0.0" || echo "$tag")"",
-          "export HOST="api.stage.test-app.pan.panter.cloud"",
-          "export ROOT_URL="https://api.stage.test-app.pan.panter.cloud"",
-          "export HOST_INTERNAL="api.stage.test-app.pan.panter.cloud"",
-          "export HOST_CANONICAL="api.stage.test-app.pan.panter.cloud"",
-          "export ROOT_URL_INTERNAL="https://api.stage.test-app.pan.panter.cloud"",
-          "export KUBE_NAMESPACE="pan-test-app-stage"",
-          "export KUBE_APP_NAME="api"",
-          "export KUBE_APP_NAME_PREFIX=""",
-          "export MONGODB_ROOT_PASSWORD="$CL_stage_api_MONGODB_ROOT_PASSWORD"",
-          "export MONGODB_REPLICASET_KEY="$CL_stage_api_MONGODB_REPLICASET_KEY"",
-          "export _ALL_ENV_VAR_KEYS="[\\"ENV_SHORT\\",\\"APP_DIR\\",\\"ENV_TYPE\\",\\"BUILD_INFO_BUILD_ID\\",\\"BUILD_INFO_BUILD_TIME\\",\\"BUILD_INFO_CURRENT_VERSION\\",\\"HOST\\",\\"ROOT_URL\\",\\"HOST_INTERNAL\\",\\"HOST_CANONICAL\\",\\"ROOT_URL_INTERNAL\\",\\"KUBE_NAMESPACE\\",\\"KUBE_APP_NAME\\",\\"KUBE_APP_NAME_PREFIX\\",\\"MONGODB_ROOT_PASSWORD\\",\\"MONGODB_REPLICASET_KEY\\"]"",
-          "export DOCKER_REGISTRY="$CI_REGISTRY"",
-          "export DOCKER_CACHE_IMAGE="$CI_REGISTRY_IMAGE/caches/api"",
-          "export DOCKER_IMAGE_NAME="stage/api"",
-          "export DOCKER_IMAGE="$CI_REGISTRY_IMAGE/$DOCKER_IMAGE_NAME"",
-          "export DOCKER_IMAGE_TAG="$CI_COMMIT_SHA"",
-          "export RELEASE_NAME="pan-test-app-stage-api"",
-          "export HELM_EXPERIMENTAL_OCI="1"",
-          "export KUBE_DOCKER_IMAGE_PULL_SECRET="gitlab-registry-api"",
-          "export HELM_GITLAB_CHART_NAME="/helm-charts/the-panter-chart"",
-          "export HELM_ARGS=""",
-          "export COMPONENT_NAME="api"",
-          "export BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"",
-          "echo -e "\\e[0Ksection_end:$(date +%s):injectvars\\r\\e[0K"",
-          "kubectl config set-cluster "kube-pan-test-app-stage-api" --server="$CL_stage_api_KUBE_URL" --certificate-authority <(echo $CL_stage_api_KUBE_CA_PEM | base64 -d) --embed-certs=true",
-          "kubectl config set-credentials "kube-pan-test-app-stage-api" --token="$CL_stage_api_KUBE_TOKEN"",
-          "kubectl config set-context "kube-pan-test-app-stage-api" --cluster="kube-pan-test-app-stage-api" --user="kube-pan-test-app-stage-api" --namespace="pan-test-app-stage"",
-          "kubectl config use-context "kube-pan-test-app-stage-api"",
-          "echo -e "\\e[0Ksection_start:$(date +%s):writeallvalues[collapsed=true]\\r\\e[0KWrite __all_values.yml for helm deployment"",
-          "cat > __all_values.yml <<EOF
-env:
-  secret:
-    MONGODB_ROOT_PASSWORD: |-
-$(printf %s "$CL_stage_api_MONGODB_ROOT_PASSWORD" | sed 's/^/      /')
-    MONGODB_REPLICASET_KEY: |-
-$(printf %s "$CL_stage_api_MONGODB_REPLICASET_KEY" | sed 's/^/      /')
-    MONGO_URL: |-
-      mongodb://root:$CL_stage_api_MONGODB_ROOT_PASSWORD@api-mongodb-0.api-mongodb-headless.pan-test-app-stage.svc.cluster.local:27017,api-mongodb-1.api-mongodb-headless.pan-test-app-stage.svc.cluster.local:27017/app?replicaSet=rs0&authSource=admin
-    MONGO_OPLOG_URL: |-
-      mongodb://root:$CL_stage_api_MONGODB_ROOT_PASSWORD@api-mongodb-0.api-mongodb-headless.pan-test-app-stage.svc.cluster.local:27017,api-mongodb-1.api-mongodb-headless.pan-test-app-stage.svc.cluster.local:27017/local?replicaSet=rs0&authSource=admin
-  public:
-    ENV_SHORT: |-
-      stage
-    APP_DIR: |-
-      api
-    ENV_TYPE: |-
-      stage
-    BUILD_INFO_BUILD_ID: |-
-$(printf %s "$(git describe --tags 2>/dev/null || git rev-parse HEAD)" | sed 's/^/      /')
-    BUILD_INFO_BUILD_TIME: |-
-$(printf %s "$CI_JOB_STARTED_AT" | sed 's/^/      /')
-    BUILD_INFO_CURRENT_VERSION: |-
-$(printf %s "$(tag=$(git ls-remote origin "refs/tags/v*[0-9]" 2>/dev/null | cut -f 2- | sort -V | tail -1 | sed 's/refs\\/tags\\/v//'); [ -z "$tag" ] && echo "0.0.0" || echo "$tag")" | sed 's/^/      /')
-    HOST: |-
-      api.stage.test-app.pan.panter.cloud
-    ROOT_URL: |-
-      https://api.stage.test-app.pan.panter.cloud
-    HOST_INTERNAL: |-
-      api.stage.test-app.pan.panter.cloud
-    HOST_CANONICAL: |-
-      api.stage.test-app.pan.panter.cloud
-    ROOT_URL_INTERNAL: |-
-      https://api.stage.test-app.pan.panter.cloud
-    KUBE_NAMESPACE: |-
-      pan-test-app-stage
-    KUBE_APP_NAME: |-
-      api
-    KUBE_APP_NAME_PREFIX: ""
-    _ALL_ENV_VAR_KEYS: |-
-      ["ENV_SHORT","APP_DIR","ENV_TYPE","BUILD_INFO_BUILD_ID","BUILD_INFO_BUILD_TIME","BUILD_INFO_CURRENT_VERSION","HOST","ROOT_URL","HOST_INTERNAL","HOST_CANONICAL","ROOT_URL_INTERNAL","KUBE_NAMESPACE","KUBE_APP_NAME","KUBE_APP_NAME_PREFIX","MONGODB_ROOT_PASSWORD","MONGODB_REPLICASET_KEY"]
-application:
-  host: |-
-    api.stage.test-app.pan.panter.cloud
-  command: |-
-    node main.js
-  livenessProbe:
-    httpGet:
-      path: |-
-        __health
-  readinessProbe:
-    httpGet:
-      path: |-
-        __health
-  startupProbe:
-    httpGet:
-      path: |-
-        __health
-mongodb:
-  enabled: true
-  auth:
-    enabled: true
-    rootPassword: |-
-      $CL_stage_api_MONGODB_ROOT_PASSWORD
-    replicaSetKey: |-
-      $CL_stage_api_MONGODB_REPLICASET_KEY
-  persistence:
-    storageClass: |-
-      premium-rwo
-  backup:
-    enabled: true
-    hostToBackup: |-
-      api-mongodb-0.api-mongodb-headless.pan-test-app-stage.svc.cluster.local:27017
-    pvcToBackup: |-
-      datadir-api-mongodb-0
-    image: |-
-      mrelite/kubectlmongoshell:v1.0
-    schedule: |-
-      0 4 * * *
-    volumeSnapshotClass: |-
-      snapshotclass
-  architecture: |-
-    replicaset
-  tolerations:
-    - key: |-
-        mongodb
-      operator: |-
-        Equal
-      value: |-
-        true
-      effect: |-
-        NoSchedule
+      EOF
+    - echo -e "\\e[0Ksection_end:$(date +%s):writeallvalues\\r\\e[0K"
+    - kubernetesCreateSecret
+    - kubernetesDeploy
+    - echo 'Uploading SBOM to Dependency Track'
+    - /dtrackuploader https://dep.panter.swiss/ "$DT_KEY_PROD" upload "pan-test-app/api" "https://api.stage.test-app.pan.panter.cloud" "__sbom.json" vex.json || true
+    - echo deployment successful 😻
+    - echo "CL_GITLAB_ENVIRONMENT_URL=https://api.stage.test-app.pan.panter.cloud" >> gitlab_environment.env
+  environment:
+    name: stage/api
+    url: $CL_GITLAB_ENVIRONMENT_URL
+    on_stop: 'api 🛑 Stop ⚠️ | stage '
+  artifacts:
+    reports:
+      dotenv: gitlab_environment.env
+  rules:
+    - when: on_success
+      if: $CI_COMMIT_TAG
+  needs:
+    - job: 'api 🔨 app | stage '
+      artifacts: false
+    - job: 'api 🔨 docker | stage '
+      artifacts: false
+    - job: 'api 🧾 sbom | stage '
+      artifacts: true
+  retry: *a1
+  interruptible: true
+  allow_failure: false
+'api 🛑 Stop ⚠️ | stage ':
+  stage: stop stage
+  image: path/to/docker/kubernetes:the-version
+  variables:
+    KUBERNETES_CPU_REQUEST: '0.22'
+    KUBERNETES_MEMORY_REQUEST: 200Mi
+    KUBERNETES_MEMORY_LIMIT: 400Mi
+    GIT_STRATEGY: none
+  script:
+    - echo -e "\\e[0Ksection_start:$(date +%s):injectvars[collapsed=true]\\r\\e[0KInjecting variables"
+    - export ENV_SHORT="stage"
+    - export APP_DIR="api"
+    - export ENV_TYPE="stage"
+    - export BUILD_INFO_BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"
+    - export BUILD_INFO_BUILD_TIME="$CI_JOB_STARTED_AT"
+    - export BUILD_INFO_CURRENT_VERSION="$(tag=$(git ls-remote origin "refs/tags/v*[0-9]" 2>/dev/null | cut -f 2- | sort -V | tail -1 | sed 's/refs\\/tags\\/v//'); [ -z "$tag" ] && echo "0.0.0" || echo "$tag")"
+    - export HOST="api.stage.test-app.pan.panter.cloud"
+    - export ROOT_URL="https://api.stage.test-app.pan.panter.cloud"
+    - export HOST_INTERNAL="api.stage.test-app.pan.panter.cloud"
+    - export HOST_CANONICAL="api.stage.test-app.pan.panter.cloud"
+    - export ROOT_URL_INTERNAL="https://api.stage.test-app.pan.panter.cloud"
+    - export KUBE_NAMESPACE="pan-test-app-stage"
+    - export KUBE_APP_NAME="api"
+    - export KUBE_APP_NAME_PREFIX=""
+    - export MONGODB_ROOT_PASSWORD="$CL_stage_api_MONGODB_ROOT_PASSWORD"
+    - export MONGODB_REPLICASET_KEY="$CL_stage_api_MONGODB_REPLICASET_KEY"
+    - export _ALL_ENV_VAR_KEYS="[\\"ENV_SHORT\\",\\"APP_DIR\\",\\"ENV_TYPE\\",\\"BUILD_INFO_BUILD_ID\\",\\"BUILD_INFO_BUILD_TIME\\",\\"BUILD_INFO_CURRENT_VERSION\\",\\"HOST\\",\\"ROOT_URL\\",\\"HOST_INTERNAL\\",\\"HOST_CANONICAL\\",\\"ROOT_URL_INTERNAL\\",\\"KUBE_NAMESPACE\\",\\"KUBE_APP_NAME\\",\\"KUBE_APP_NAME_PREFIX\\",\\"MONGODB_ROOT_PASSWORD\\",\\"MONGODB_REPLICASET_KEY\\"]"
+    - export RELEASE_NAME="pan-test-app-stage-api"
+    - export HELM_EXPERIMENTAL_OCI="1"
+    - export KUBE_DOCKER_IMAGE_PULL_SECRET="gitlab-registry-api"
+    - export HELM_GITLAB_CHART_NAME="/helm-charts/the-panter-chart"
+    - export HELM_ARGS=""
+    - export COMPONENT_NAME="api"
+    - export BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"
+    - echo -e "\\e[0Ksection_end:$(date +%s):injectvars\\r\\e[0K"
+    - kubectl config set-cluster "kube-pan-test-app-stage-api" --server="$CL_stage_api_KUBE_URL" --certificate-authority <(echo $CL_stage_api_KUBE_CA_PEM | base64 -d) --embed-certs=true
+    - kubectl config set-credentials "kube-pan-test-app-stage-api" --token="$CL_stage_api_KUBE_TOKEN"
+    - kubectl config set-context "kube-pan-test-app-stage-api" --cluster="kube-pan-test-app-stage-api" --user="kube-pan-test-app-stage-api" --namespace="pan-test-app-stage"
+    - kubectl config use-context "kube-pan-test-app-stage-api"
+    - kubernetesDelete
+    - echo 'Disabling component in Dependency Track'
+    - /dtrackuploader https://dep.panter.swiss/ "$DT_KEY_PROD" disable "pan-test-app/api" "https://api.stage.test-app.pan.panter.cloud" || true
+    - echo "CL_GITLAB_ENVIRONMENT_URL=https://api.stage.test-app.pan.panter.cloud" >> gitlab_environment.env
+  environment:
+    name: stage/api
+    url: $CL_GITLAB_ENVIRONMENT_URL
+    action: stop
+  artifacts:
+    reports:
+      dotenv: gitlab_environment.env
+  rules:
+    - if: $CI_COMMIT_BRANCH =~ /^[0-9]+\\.([0-9]+|x)\\.x$/
+      when: on_success
+    - when: manual
+      if: $CI_COMMIT_TAG
+  needs: []
+  retry: *a1
+  interruptible: true
+  allow_failure: true
+'api ↩️ Rollback ⚠️ | stage ':
+  stage: rollback stage
+  image: path/to/docker/kubernetes:the-version
+  variables:
+    KUBERNETES_CPU_REQUEST: '0.22'
+    KUBERNETES_MEMORY_REQUEST: 200Mi
+    KUBERNETES_MEMORY_LIMIT: 400Mi
+    GIT_STRATEGY: none
+  script:
+    - echo -e "\\e[0Ksection_start:$(date +%s):injectvars[collapsed=true]\\r\\e[0KInjecting variables"
+    - export ENV_SHORT="stage"
+    - export APP_DIR="api"
+    - export ENV_TYPE="stage"
+    - export BUILD_INFO_BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"
+    - export BUILD_INFO_BUILD_TIME="$CI_JOB_STARTED_AT"
+    - export BUILD_INFO_CURRENT_VERSION="$(tag=$(git ls-remote origin "refs/tags/v*[0-9]" 2>/dev/null | cut -f 2- | sort -V | tail -1 | sed 's/refs\\/tags\\/v//'); [ -z "$tag" ] && echo "0.0.0" || echo "$tag")"
+    - export HOST="api.stage.test-app.pan.panter.cloud"
+    - export ROOT_URL="https://api.stage.test-app.pan.panter.cloud"
+    - export HOST_INTERNAL="api.stage.test-app.pan.panter.cloud"
+    - export HOST_CANONICAL="api.stage.test-app.pan.panter.cloud"
+    - export ROOT_URL_INTERNAL="https://api.stage.test-app.pan.panter.cloud"
+    - export KUBE_NAMESPACE="pan-test-app-stage"
+    - export KUBE_APP_NAME="api"
+    - export KUBE_APP_NAME_PREFIX=""
+    - export MONGODB_ROOT_PASSWORD="$CL_stage_api_MONGODB_ROOT_PASSWORD"
+    - export MONGODB_REPLICASET_KEY="$CL_stage_api_MONGODB_REPLICASET_KEY"
+    - export _ALL_ENV_VAR_KEYS="[\\"ENV_SHORT\\",\\"APP_DIR\\",\\"ENV_TYPE\\",\\"BUILD_INFO_BUILD_ID\\",\\"BUILD_INFO_BUILD_TIME\\",\\"BUILD_INFO_CURRENT_VERSION\\",\\"HOST\\",\\"ROOT_URL\\",\\"HOST_INTERNAL\\",\\"HOST_CANONICAL\\",\\"ROOT_URL_INTERNAL\\",\\"KUBE_NAMESPACE\\",\\"KUBE_APP_NAME\\",\\"KUBE_APP_NAME_PREFIX\\",\\"MONGODB_ROOT_PASSWORD\\",\\"MONGODB_REPLICASET_KEY\\"]"
+    - export RELEASE_NAME="pan-test-app-stage-api"
+    - export HELM_EXPERIMENTAL_OCI="1"
+    - export KUBE_DOCKER_IMAGE_PULL_SECRET="gitlab-registry-api"
+    - export HELM_GITLAB_CHART_NAME="/helm-charts/the-panter-chart"
+    - export HELM_ARGS=""
+    - export COMPONENT_NAME="api"
+    - export BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"
+    - echo -e "\\e[0Ksection_end:$(date +%s):injectvars\\r\\e[0K"
+    - kubectl config set-cluster "kube-pan-test-app-stage-api" --server="$CL_stage_api_KUBE_URL" --certificate-authority <(echo $CL_stage_api_KUBE_CA_PEM | base64 -d) --embed-certs=true
+    - kubectl config set-credentials "kube-pan-test-app-stage-api" --token="$CL_stage_api_KUBE_TOKEN"
+    - kubectl config set-context "kube-pan-test-app-stage-api" --cluster="kube-pan-test-app-stage-api" --user="kube-pan-test-app-stage-api" --namespace="pan-test-app-stage"
+    - kubectl config use-context "kube-pan-test-app-stage-api"
+    - kubernetesRollback
+    - echo "CL_GITLAB_ENVIRONMENT_URL=https://api.stage.test-app.pan.panter.cloud" >> gitlab_environment.env
+  environment:
+    name: stage/api
+    url: $CL_GITLAB_ENVIRONMENT_URL
+    action: access
+  artifacts:
+    reports:
+      dotenv: gitlab_environment.env
+  rules:
+    - when: manual
+      if: $CI_COMMIT_TAG
+  needs: []
+  retry: *a1
+  interruptible: true
+  allow_failure: true
+'api 🔨 app | prod ':
+  stage: build
+  image: path/to/docker/jobs-default:the-version
+  variables:
+    KUBERNETES_CPU_REQUEST: '0.45'
+    KUBERNETES_MEMORY_REQUEST: 1Gi
+    KUBERNETES_MEMORY_LIMIT: 4Gi
+  script:
+    - echo -e "\\e[0Ksection_start:$(date +%s):injectvars[collapsed=true]\\r\\e[0KInjecting variables"
+    - export ENV_SHORT="prod"
+    - export APP_DIR="api"
+    - export ENV_TYPE="prod"
+    - export BUILD_INFO_BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"
+    - export BUILD_INFO_BUILD_TIME="$CI_JOB_STARTED_AT"
+    - export BUILD_INFO_CURRENT_VERSION="$(tag=$(git ls-remote origin "refs/tags/v*[0-9]" 2>/dev/null | cut -f 2- | sort -V | tail -1 | sed 's/refs\\/tags\\/v//'); [ -z "$tag" ] && echo "0.0.0" || echo "$tag")"
+    - export HOST="api.prod.test-app.pan.panter.cloud"
+    - export ROOT_URL="https://api.prod.test-app.pan.panter.cloud"
+    - export HOST_INTERNAL="api.prod.test-app.pan.panter.cloud"
+    - export HOST_CANONICAL="api.prod.test-app.pan.panter.cloud"
+    - export ROOT_URL_INTERNAL="https://api.prod.test-app.pan.panter.cloud"
+    - export KUBE_NAMESPACE="pan-test-app-prod"
+    - export KUBE_APP_NAME="api"
+    - export KUBE_APP_NAME_PREFIX=""
+    - export MONGODB_ROOT_PASSWORD="$CL_prod_api_MONGODB_ROOT_PASSWORD"
+    - export MONGODB_REPLICASET_KEY="$CL_prod_api_MONGODB_REPLICASET_KEY"
+    - export _ALL_ENV_VAR_KEYS="[\\"ENV_SHORT\\",\\"APP_DIR\\",\\"ENV_TYPE\\",\\"BUILD_INFO_BUILD_ID\\",\\"BUILD_INFO_BUILD_TIME\\",\\"BUILD_INFO_CURRENT_VERSION\\",\\"HOST\\",\\"ROOT_URL\\",\\"HOST_INTERNAL\\",\\"HOST_CANONICAL\\",\\"ROOT_URL_INTERNAL\\",\\"KUBE_NAMESPACE\\",\\"KUBE_APP_NAME\\",\\"KUBE_APP_NAME_PREFIX\\",\\"MONGODB_ROOT_PASSWORD\\",\\"MONGODB_REPLICASET_KEY\\"]"
+    - echo -e "\\e[0Ksection_end:$(date +%s):injectvars\\r\\e[0K"
+    - echo '{"id":"$(git describe --tags 2>/dev/null || git rev-parse HEAD)","time":"$CI_JOB_STARTED_AT"}' > api/__build_info.json
+    - echo -e "\\e[0Ksection_start:$(date +%s):nodeinstall[collapsed=true]\\r\\e[0KEnsure node version"
+    - if [ -f ~/.nvm/nvm.sh ];  then source ~/.nvm/nvm.sh; fi
+    - if command -v nvm &> /dev/null && [ -f ./.nvmrc ]; then nvm install; fi
+    - echo -e "\\e[0Ksection_end:$(date +%s):nodeinstall\\r\\e[0K"
+    - cd api
+    - echo -e "\\e[0Ksection_start:$(date +%s):nodeinstall[collapsed=true]\\r\\e[0KEnsure node version"
+    - if [ -f ~/.nvm/nvm.sh ];  then source ~/.nvm/nvm.sh; fi
+    - if command -v nvm &> /dev/null && [ -f ./.nvmrc ]; then nvm install; fi
+    - echo -e "\\e[0Ksection_end:$(date +%s):nodeinstall\\r\\e[0K"
+    - echo -e "\\e[0Ksection_start:$(date +%s):yarninstall[collapsed=true]\\r\\e[0KYarn install"
+    - yarn install --immutable
+    - echo -e "\\e[0Ksection_end:$(date +%s):yarninstall\\r\\e[0K"
+    - yarn build
+  cache:
+    - key: api-yarn
+      policy: pull-push
+      paths:
+        - api/.yarn
+    - key: api-node-modules
+      policy: pull-push
+      paths:
+        - api/node_modules
+    - key: api-next-cache
+      policy: pull-push
+      paths:
+        - api/.next/cache
+  artifacts:
+    paths:
+      - api/__build_info.json
+      - api/.next
+      - api/dist
+    expire_in: 1 day
+    when: always
+    reports: {}
+  rules:
+    - if: $CI_COMMIT_TAG
+  needs: []
+  retry: *a1
+  interruptible: true
+'api 🔨 docker | prod ':
+  stage: build
+  image: path/to/docker/docker-build:the-version
+  services:
+    - name: docker:24.0.6-dind
+      command:
+        - --tls=false
+  variables:
+    DOCKER_HOST: tcp://0.0.0.0:2375
+    DOCKER_TLS_CERTDIR: ''
+    DOCKER_DRIVER: overlay2
+    DOCKER_BUILDKIT: '1'
+    KUBERNETES_CPU_REQUEST: '0.45'
+    KUBERNETES_MEMORY_REQUEST: 1Gi
+    KUBERNETES_MEMORY_LIMIT: 2Gi
+  script:
+    - echo -e "\\e[0Ksection_start:$(date +%s):injectvars[collapsed=true]\\r\\e[0KInjecting variables"
+    - export APP_DIR="api"
+    - export DOCKER_BUILD_CONTEXT="."
+    - export DOCKER_REGISTRY="$CI_REGISTRY"
+    - export DOCKER_CACHE_IMAGE="$CI_REGISTRY_IMAGE/caches/api"
+    - export DOCKER_IMAGE_NAME="prod/api"
+    - export DOCKER_IMAGE="$CI_REGISTRY_IMAGE/$DOCKER_IMAGE_NAME"
+    - export DOCKER_IMAGE_TAG="$CI_COMMIT_SHA"
+    - |-
+      export DOCKER_COPY_AND_INSTALL_APP="COPY --chown=node:node $APP_DIR .
+      RUN yarn plugin import workspace-tools
+      RUN yarn workspaces focus --production && yarn rebuild"
+    - |-
+      export DOCKER_COPY_WORKSPACE_FILES="COPY --chown=node:node api/package.json /app/api/package.json
+      COPY --chown=node:node api/yarn.lock /app/api/yarn.lock
+      COPY --chown=node:node .yarnrc.yml /app/.yarnrc.yml
+      COPY --chown=node:node .yarn /app/.yarn"
+    - echo -e "\\e[0Ksection_end:$(date +%s):injectvars\\r\\e[0K"
+    - ensureNodeDockerfile
+    - echo -e "\\e[0Ksection_start:$(date +%s):docker-login[collapsed=true]\\r\\e[0KDocker Login"
+    - docker login --username gitlab-ci-token --password $CI_JOB_TOKEN $CI_REGISTRY
+    - echo -e "\\e[0Ksection_end:$(date +%s):docker-login\\r\\e[0K"
+    - echo -e "\\e[0Ksection_start:$(date +%s):docker-build[collapsed=true]\\r\\e[0KDocker build"
+    - docker build --network host --cache-from $DOCKER_CACHE_IMAGE --tag $DOCKER_IMAGE:$DOCKER_IMAGE_TAG -f $APP_DIR/Dockerfile $DOCKER_BUILD_CONTEXT --build-arg BUILDKIT_INLINE_CACHE=1
+    - echo -e "\\e[0Ksection_end:$(date +%s):docker-build\\r\\e[0K"
+    - echo -e "\\e[0Ksection_start:$(date +%s):docker-push[collapsed=true]\\r\\e[0KDocker push and tag"
+    - docker push $DOCKER_IMAGE:$DOCKER_IMAGE_TAG
+    - docker tag $DOCKER_IMAGE:$DOCKER_IMAGE_TAG $DOCKER_CACHE_IMAGE
+    - docker push $DOCKER_CACHE_IMAGE
+    - echo -e "\\e[0Ksection_end:$(date +%s):docker-push\\r\\e[0K"
+  cache:
+    - key: api-yarn
+      policy: pull
+      paths:
+        - api/.yarn
+  rules:
+    - if: $CI_COMMIT_TAG
+  needs:
+    - 'api 🔨 app | prod '
+  retry: *a1
+  interruptible: true
+'api 🧾 sbom | prod ':
+  stage: build
+  image: aquasec/trivy:0.38.3
+  variables: {}
+  script:
+    - echo -e "\\e[0Ksection_start:$(date +%s):injectvars[collapsed=true]\\r\\e[0KInjecting variables"
+    - echo -e "\\e[0Ksection_end:$(date +%s):injectvars\\r\\e[0K"
+    - trivy fs --quiet --format cyclonedx --output "__sbom.json" api
+  artifacts:
+    paths:
+      - __sbom.json
+  rules:
+    - if: $CI_COMMIT_TAG
+  needs: []
+  retry: *a1
+  interruptible: true
+  allow_failure: true
+'api 🚀 Deploy | prod ':
+  stage: deploy prod
+  image: path/to/docker/kubernetes:the-version
+  variables:
+    KUBERNETES_CPU_REQUEST: '0.22'
+    KUBERNETES_MEMORY_REQUEST: 200Mi
+    KUBERNETES_MEMORY_LIMIT: 400Mi
+  script:
+    - echo -e "\\e[0Ksection_start:$(date +%s):injectvars[collapsed=true]\\r\\e[0KInjecting variables"
+    - export ENV_SHORT="prod"
+    - export APP_DIR="api"
+    - export ENV_TYPE="prod"
+    - export BUILD_INFO_BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"
+    - export BUILD_INFO_BUILD_TIME="$CI_JOB_STARTED_AT"
+    - export BUILD_INFO_CURRENT_VERSION="$(tag=$(git ls-remote origin "refs/tags/v*[0-9]" 2>/dev/null | cut -f 2- | sort -V | tail -1 | sed 's/refs\\/tags\\/v//'); [ -z "$tag" ] && echo "0.0.0" || echo "$tag")"
+    - export HOST="api.prod.test-app.pan.panter.cloud"
+    - export ROOT_URL="https://api.prod.test-app.pan.panter.cloud"
+    - export HOST_INTERNAL="api.prod.test-app.pan.panter.cloud"
+    - export HOST_CANONICAL="api.prod.test-app.pan.panter.cloud"
+    - export ROOT_URL_INTERNAL="https://api.prod.test-app.pan.panter.cloud"
+    - export KUBE_NAMESPACE="pan-test-app-prod"
+    - export KUBE_APP_NAME="api"
+    - export KUBE_APP_NAME_PREFIX=""
+    - export MONGODB_ROOT_PASSWORD="$CL_prod_api_MONGODB_ROOT_PASSWORD"
+    - export MONGODB_REPLICASET_KEY="$CL_prod_api_MONGODB_REPLICASET_KEY"
+    - export _ALL_ENV_VAR_KEYS="[\\"ENV_SHORT\\",\\"APP_DIR\\",\\"ENV_TYPE\\",\\"BUILD_INFO_BUILD_ID\\",\\"BUILD_INFO_BUILD_TIME\\",\\"BUILD_INFO_CURRENT_VERSION\\",\\"HOST\\",\\"ROOT_URL\\",\\"HOST_INTERNAL\\",\\"HOST_CANONICAL\\",\\"ROOT_URL_INTERNAL\\",\\"KUBE_NAMESPACE\\",\\"KUBE_APP_NAME\\",\\"KUBE_APP_NAME_PREFIX\\",\\"MONGODB_ROOT_PASSWORD\\",\\"MONGODB_REPLICASET_KEY\\"]"
+    - export DOCKER_REGISTRY="$CI_REGISTRY"
+    - export DOCKER_CACHE_IMAGE="$CI_REGISTRY_IMAGE/caches/api"
+    - export DOCKER_IMAGE_NAME="prod/api"
+    - export DOCKER_IMAGE="$CI_REGISTRY_IMAGE/$DOCKER_IMAGE_NAME"
+    - export DOCKER_IMAGE_TAG="$CI_COMMIT_SHA"
+    - export RELEASE_NAME="pan-test-app-prod-api"
+    - export HELM_EXPERIMENTAL_OCI="1"
+    - export KUBE_DOCKER_IMAGE_PULL_SECRET="gitlab-registry-api"
+    - export HELM_GITLAB_CHART_NAME="/helm-charts/the-panter-chart"
+    - export HELM_ARGS=""
+    - export COMPONENT_NAME="api"
+    - export BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"
+    - echo -e "\\e[0Ksection_end:$(date +%s):injectvars\\r\\e[0K"
+    - kubectl config set-cluster "kube-pan-test-app-prod-api" --server="$CL_prod_api_KUBE_URL" --certificate-authority <(echo $CL_prod_api_KUBE_CA_PEM | base64 -d) --embed-certs=true
+    - kubectl config set-credentials "kube-pan-test-app-prod-api" --token="$CL_prod_api_KUBE_TOKEN"
+    - kubectl config set-context "kube-pan-test-app-prod-api" --cluster="kube-pan-test-app-prod-api" --user="kube-pan-test-app-prod-api" --namespace="pan-test-app-prod"
+    - kubectl config use-context "kube-pan-test-app-prod-api"
+    - echo -e "\\e[0Ksection_start:$(date +%s):writeallvalues[collapsed=true]\\r\\e[0KWrite __all_values.yml for helm deployment"
+    - |
+      cat > __all_values.yml <<EOF
+      env:
+        secret:
+          MONGODB_ROOT_PASSWORD: |-
+      $(printf %s "$CL_prod_api_MONGODB_ROOT_PASSWORD" | sed 's/^/      /')
+          MONGODB_REPLICASET_KEY: |-
+      $(printf %s "$CL_prod_api_MONGODB_REPLICASET_KEY" | sed 's/^/      /')
+          MONGO_URL: |-
+            mongodb://root:$CL_prod_api_MONGODB_ROOT_PASSWORD@api-mongodb-0.api-mongodb-headless.pan-test-app-prod.svc.cluster.local:27017,api-mongodb-1.api-mongodb-headless.pan-test-app-prod.svc.cluster.local:27017/app?replicaSet=rs0&authSource=admin
+          MONGO_OPLOG_URL: |-
+            mongodb://root:$CL_prod_api_MONGODB_ROOT_PASSWORD@api-mongodb-0.api-mongodb-headless.pan-test-app-prod.svc.cluster.local:27017,api-mongodb-1.api-mongodb-headless.pan-test-app-prod.svc.cluster.local:27017/local?replicaSet=rs0&authSource=admin
+        public:
+          ENV_SHORT: |-
+            prod
+          APP_DIR: |-
+            api
+          ENV_TYPE: |-
+            prod
+          BUILD_INFO_BUILD_ID: |-
+      $(printf %s "$(git describe --tags 2>/dev/null || git rev-parse HEAD)" | sed 's/^/      /')
+          BUILD_INFO_BUILD_TIME: |-
+      $(printf %s "$CI_JOB_STARTED_AT" | sed 's/^/      /')
+          BUILD_INFO_CURRENT_VERSION: |-
+      $(printf %s "$(tag=$(git ls-remote origin "refs/tags/v*[0-9]" 2>/dev/null | cut -f 2- | sort -V | tail -1 | sed 's/refs\\/tags\\/v//'); [ -z "$tag" ] && echo "0.0.0" || echo "$tag")" | sed 's/^/      /')
+          HOST: |-
+            api.prod.test-app.pan.panter.cloud
+          ROOT_URL: |-
+            https://api.prod.test-app.pan.panter.cloud
+          HOST_INTERNAL: |-
+            api.prod.test-app.pan.panter.cloud
+          HOST_CANONICAL: |-
+            api.prod.test-app.pan.panter.cloud
+          ROOT_URL_INTERNAL: |-
+            https://api.prod.test-app.pan.panter.cloud
+          KUBE_NAMESPACE: |-
+            pan-test-app-prod
+          KUBE_APP_NAME: |-
+            api
+          KUBE_APP_NAME_PREFIX: ""
+          _ALL_ENV_VAR_KEYS: |-
+            ["ENV_SHORT","APP_DIR","ENV_TYPE","BUILD_INFO_BUILD_ID","BUILD_INFO_BUILD_TIME","BUILD_INFO_CURRENT_VERSION","HOST","ROOT_URL","HOST_INTERNAL","HOST_CANONICAL","ROOT_URL_INTERNAL","KUBE_NAMESPACE","KUBE_APP_NAME","KUBE_APP_NAME_PREFIX","MONGODB_ROOT_PASSWORD","MONGODB_REPLICASET_KEY"]
+      application:
+        host: |-
+          api.prod.test-app.pan.panter.cloud
+        command: |-
+          node main.js
+        livenessProbe:
+          httpGet:
+            path: |-
+              __health
+        readinessProbe:
+          httpGet:
+            path: |-
+              __health
+        startupProbe:
+          httpGet:
+            path: |-
+              __health
+      mongodb:
+        enabled: true
+        auth:
+          enabled: true
+          rootPassword: |-
+            $CL_prod_api_MONGODB_ROOT_PASSWORD
+          replicaSetKey: |-
+            $CL_prod_api_MONGODB_REPLICASET_KEY
+        persistence:
+          storageClass: |-
+            premium-rwo
+        backup:
+          enabled: true
+          hostToBackup: |-
+            api-mongodb-0.api-mongodb-headless.pan-test-app-prod.svc.cluster.local:27017
+          pvcToBackup: |-
+            datadir-api-mongodb-0
+          image: |-
+            mrelite/kubectlmongoshell:v1.0
+          schedule: |-
+            0 4 * * *
+          volumeSnapshotClass: |-
+            snapshotclass
+        architecture: |-
+          replicaset
+        tolerations:
+          - key: |-
+              mongodb
+            operator: |-
+              Equal
+            value: |-
+              true
+            effect: |-
+              NoSchedule
 
-EOF
-",
-          "echo -e "\\e[0Ksection_end:$(date +%s):writeallvalues\\r\\e[0K"",
-          "kubernetesCreateSecret",
-          "kubernetesDeploy",
-          "echo 'Uploading SBOM to Dependency Track'",
-          "/dtrackuploader https://dep.panter.swiss/ "$DT_KEY_PROD" upload "pan-test-app/api" "https://api.stage.test-app.pan.panter.cloud" "__sbom.json" vex.json || true",
-          "echo deployment successful 😻",
-          "echo "CL_GITLAB_ENVIRONMENT_URL=https://api.stage.test-app.pan.panter.cloud" >> gitlab_environment.env",
-        ],
-        "stage": "deploy stage",
-        "variables": {
-          "KUBERNETES_CPU_REQUEST": "0.22",
-          "KUBERNETES_MEMORY_LIMIT": "400Mi",
-          "KUBERNETES_MEMORY_REQUEST": "200Mi",
-        },
-      },
-      "api 🛑 Stop ⚠️ | prod ": {
-        "allow_failure": true,
-        "artifacts": {
-          "reports": {
-            "dotenv": "gitlab_environment.env",
-          },
-        },
-        "environment": {
-          "action": "stop",
-          "name": "prod/api",
-          "url": "$CL_GITLAB_ENVIRONMENT_URL",
-        },
-        "image": "path/to/docker/kubernetes:the-version",
-        "interruptible": true,
-        "needs": [],
-        "retry": {
-          "max": 2,
-          "when": [
-            "runner_system_failure",
-            "stuck_or_timeout_failure",
-          ],
-        },
-        "rules": [
-          {
-            "if": "$CI_COMMIT_BRANCH =~ /^[0-9]+\\.([0-9]+|x)\\.x$/",
-            "when": "on_success",
-          },
-          {
-            "when": "manual",
-          },
-        ],
-        "script": [
-          "echo -e "\\e[0Ksection_start:$(date +%s):injectvars[collapsed=true]\\r\\e[0KInjecting variables"",
-          "export ENV_SHORT="prod"",
-          "export APP_DIR="api"",
-          "export ENV_TYPE="prod"",
-          "export BUILD_INFO_BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"",
-          "export BUILD_INFO_BUILD_TIME="$CI_JOB_STARTED_AT"",
-          "export BUILD_INFO_CURRENT_VERSION="$(tag=$(git ls-remote origin "refs/tags/v*[0-9]" 2>/dev/null | cut -f 2- | sort -V | tail -1 | sed 's/refs\\/tags\\/v//'); [ -z "$tag" ] && echo "0.0.0" || echo "$tag")"",
-          "export HOST="api.prod.test-app.pan.panter.cloud"",
-          "export ROOT_URL="https://api.prod.test-app.pan.panter.cloud"",
-          "export HOST_INTERNAL="api.prod.test-app.pan.panter.cloud"",
-          "export HOST_CANONICAL="api.prod.test-app.pan.panter.cloud"",
-          "export ROOT_URL_INTERNAL="https://api.prod.test-app.pan.panter.cloud"",
-          "export KUBE_NAMESPACE="pan-test-app-prod"",
-          "export KUBE_APP_NAME="api"",
-          "export KUBE_APP_NAME_PREFIX=""",
-          "export MONGODB_ROOT_PASSWORD="$CL_prod_api_MONGODB_ROOT_PASSWORD"",
-          "export MONGODB_REPLICASET_KEY="$CL_prod_api_MONGODB_REPLICASET_KEY"",
-          "export _ALL_ENV_VAR_KEYS="[\\"ENV_SHORT\\",\\"APP_DIR\\",\\"ENV_TYPE\\",\\"BUILD_INFO_BUILD_ID\\",\\"BUILD_INFO_BUILD_TIME\\",\\"BUILD_INFO_CURRENT_VERSION\\",\\"HOST\\",\\"ROOT_URL\\",\\"HOST_INTERNAL\\",\\"HOST_CANONICAL\\",\\"ROOT_URL_INTERNAL\\",\\"KUBE_NAMESPACE\\",\\"KUBE_APP_NAME\\",\\"KUBE_APP_NAME_PREFIX\\",\\"MONGODB_ROOT_PASSWORD\\",\\"MONGODB_REPLICASET_KEY\\"]"",
-          "export RELEASE_NAME="pan-test-app-prod-api"",
-          "export HELM_EXPERIMENTAL_OCI="1"",
-          "export KUBE_DOCKER_IMAGE_PULL_SECRET="gitlab-registry-api"",
-          "export HELM_GITLAB_CHART_NAME="/helm-charts/the-panter-chart"",
-          "export HELM_ARGS=""",
-          "export COMPONENT_NAME="api"",
-          "export BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"",
-          "echo -e "\\e[0Ksection_end:$(date +%s):injectvars\\r\\e[0K"",
-          "kubectl config set-cluster "kube-pan-test-app-prod-api" --server="$CL_prod_api_KUBE_URL" --certificate-authority <(echo $CL_prod_api_KUBE_CA_PEM | base64 -d) --embed-certs=true",
-          "kubectl config set-credentials "kube-pan-test-app-prod-api" --token="$CL_prod_api_KUBE_TOKEN"",
-          "kubectl config set-context "kube-pan-test-app-prod-api" --cluster="kube-pan-test-app-prod-api" --user="kube-pan-test-app-prod-api" --namespace="pan-test-app-prod"",
-          "kubectl config use-context "kube-pan-test-app-prod-api"",
-          "kubernetesDelete",
-          "echo 'Disabling component in Dependency Track'",
-          "/dtrackuploader https://dep.panter.swiss/ "$DT_KEY_PROD" disable "pan-test-app/api" "https://api.prod.test-app.pan.panter.cloud" || true",
-          "echo "CL_GITLAB_ENVIRONMENT_URL=https://api.prod.test-app.pan.panter.cloud" >> gitlab_environment.env",
-        ],
-        "stage": "stop prod",
-        "variables": {
-          "GIT_STRATEGY": "none",
-          "KUBERNETES_CPU_REQUEST": "0.22",
-          "KUBERNETES_MEMORY_LIMIT": "400Mi",
-          "KUBERNETES_MEMORY_REQUEST": "200Mi",
-        },
-      },
-      "api 🛑 Stop ⚠️ | stage ": {
-        "allow_failure": true,
-        "artifacts": {
-          "reports": {
-            "dotenv": "gitlab_environment.env",
-          },
-        },
-        "environment": {
-          "action": "stop",
-          "name": "stage/api",
-          "url": "$CL_GITLAB_ENVIRONMENT_URL",
-        },
-        "image": "path/to/docker/kubernetes:the-version",
-        "interruptible": true,
-        "needs": [],
-        "retry": {
-          "max": 2,
-          "when": [
-            "runner_system_failure",
-            "stuck_or_timeout_failure",
-          ],
-        },
-        "rules": [
-          {
-            "if": "$CI_COMMIT_BRANCH =~ /^[0-9]+\\.([0-9]+|x)\\.x$/",
-            "when": "on_success",
-          },
-          {
-            "when": "manual",
-          },
-        ],
-        "script": [
-          "echo -e "\\e[0Ksection_start:$(date +%s):injectvars[collapsed=true]\\r\\e[0KInjecting variables"",
-          "export ENV_SHORT="stage"",
-          "export APP_DIR="api"",
-          "export ENV_TYPE="stage"",
-          "export BUILD_INFO_BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"",
-          "export BUILD_INFO_BUILD_TIME="$CI_JOB_STARTED_AT"",
-          "export BUILD_INFO_CURRENT_VERSION="$(tag=$(git ls-remote origin "refs/tags/v*[0-9]" 2>/dev/null | cut -f 2- | sort -V | tail -1 | sed 's/refs\\/tags\\/v//'); [ -z "$tag" ] && echo "0.0.0" || echo "$tag")"",
-          "export HOST="api.stage.test-app.pan.panter.cloud"",
-          "export ROOT_URL="https://api.stage.test-app.pan.panter.cloud"",
-          "export HOST_INTERNAL="api.stage.test-app.pan.panter.cloud"",
-          "export HOST_CANONICAL="api.stage.test-app.pan.panter.cloud"",
-          "export ROOT_URL_INTERNAL="https://api.stage.test-app.pan.panter.cloud"",
-          "export KUBE_NAMESPACE="pan-test-app-stage"",
-          "export KUBE_APP_NAME="api"",
-          "export KUBE_APP_NAME_PREFIX=""",
-          "export MONGODB_ROOT_PASSWORD="$CL_stage_api_MONGODB_ROOT_PASSWORD"",
-          "export MONGODB_REPLICASET_KEY="$CL_stage_api_MONGODB_REPLICASET_KEY"",
-          "export _ALL_ENV_VAR_KEYS="[\\"ENV_SHORT\\",\\"APP_DIR\\",\\"ENV_TYPE\\",\\"BUILD_INFO_BUILD_ID\\",\\"BUILD_INFO_BUILD_TIME\\",\\"BUILD_INFO_CURRENT_VERSION\\",\\"HOST\\",\\"ROOT_URL\\",\\"HOST_INTERNAL\\",\\"HOST_CANONICAL\\",\\"ROOT_URL_INTERNAL\\",\\"KUBE_NAMESPACE\\",\\"KUBE_APP_NAME\\",\\"KUBE_APP_NAME_PREFIX\\",\\"MONGODB_ROOT_PASSWORD\\",\\"MONGODB_REPLICASET_KEY\\"]"",
-          "export RELEASE_NAME="pan-test-app-stage-api"",
-          "export HELM_EXPERIMENTAL_OCI="1"",
-          "export KUBE_DOCKER_IMAGE_PULL_SECRET="gitlab-registry-api"",
-          "export HELM_GITLAB_CHART_NAME="/helm-charts/the-panter-chart"",
-          "export HELM_ARGS=""",
-          "export COMPONENT_NAME="api"",
-          "export BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"",
-          "echo -e "\\e[0Ksection_end:$(date +%s):injectvars\\r\\e[0K"",
-          "kubectl config set-cluster "kube-pan-test-app-stage-api" --server="$CL_stage_api_KUBE_URL" --certificate-authority <(echo $CL_stage_api_KUBE_CA_PEM | base64 -d) --embed-certs=true",
-          "kubectl config set-credentials "kube-pan-test-app-stage-api" --token="$CL_stage_api_KUBE_TOKEN"",
-          "kubectl config set-context "kube-pan-test-app-stage-api" --cluster="kube-pan-test-app-stage-api" --user="kube-pan-test-app-stage-api" --namespace="pan-test-app-stage"",
-          "kubectl config use-context "kube-pan-test-app-stage-api"",
-          "kubernetesDelete",
-          "echo 'Disabling component in Dependency Track'",
-          "/dtrackuploader https://dep.panter.swiss/ "$DT_KEY_PROD" disable "pan-test-app/api" "https://api.stage.test-app.pan.panter.cloud" || true",
-          "echo "CL_GITLAB_ENVIRONMENT_URL=https://api.stage.test-app.pan.panter.cloud" >> gitlab_environment.env",
-        ],
-        "stage": "stop stage",
-        "variables": {
-          "GIT_STRATEGY": "none",
-          "KUBERNETES_CPU_REQUEST": "0.22",
-          "KUBERNETES_MEMORY_LIMIT": "400Mi",
-          "KUBERNETES_MEMORY_REQUEST": "200Mi",
-        },
-      },
-      "api 🧾 sbom | prod ": {
-        "allow_failure": true,
-        "artifacts": {
-          "paths": [
-            "__sbom.json",
-          ],
-        },
-        "image": "aquasec/trivy:0.38.3",
-        "interruptible": true,
-        "needs": [],
-        "retry": {
-          "max": 2,
-          "when": [
-            "runner_system_failure",
-            "stuck_or_timeout_failure",
-          ],
-        },
-        "script": [
-          "echo -e "\\e[0Ksection_start:$(date +%s):injectvars[collapsed=true]\\r\\e[0KInjecting variables"",
-          "echo -e "\\e[0Ksection_end:$(date +%s):injectvars\\r\\e[0K"",
-          "trivy fs --quiet --format cyclonedx --output "__sbom.json" api",
-        ],
-        "stage": "build",
-        "variables": {},
-      },
-      "api 🧾 sbom | stage ": {
-        "allow_failure": true,
-        "artifacts": {
-          "paths": [
-            "__sbom.json",
-          ],
-        },
-        "image": "aquasec/trivy:0.38.3",
-        "interruptible": true,
-        "needs": [],
-        "retry": {
-          "max": 2,
-          "when": [
-            "runner_system_failure",
-            "stuck_or_timeout_failure",
-          ],
-        },
-        "script": [
-          "echo -e "\\e[0Ksection_start:$(date +%s):injectvars[collapsed=true]\\r\\e[0KInjecting variables"",
-          "echo -e "\\e[0Ksection_end:$(date +%s):injectvars\\r\\e[0K"",
-          "trivy fs --quiet --format cyclonedx --output "__sbom.json" api",
-        ],
-        "stage": "build",
-        "variables": {},
-      },
-    },
-    "stages": [
-      "setup",
-      "setup dev",
-      "setup review",
-      "setup stage",
-      "setup prod",
-      "test",
-      "test dev",
-      "test review",
-      "test stage",
-      "test prod",
-      "build",
-      "build dev",
-      "build review",
-      "build stage",
-      "build prod",
-      "deploy",
-      "deploy dev",
-      "deploy review",
-      "deploy stage",
-      "deploy prod",
-      "verify",
-      "verify dev",
-      "verify review",
-      "verify stage",
-      "verify prod",
-      "rollback",
-      "rollback dev",
-      "rollback review",
-      "rollback stage",
-      "rollback prod",
-      "stop",
-      "stop dev",
-      "stop review",
-      "stop stage",
-      "stop prod",
-    ],
-    "variables": {
-      "ARTIFACT_COMPRESSION_LEVEL": "fast",
-      "CACHE_COMPRESSION_LEVEL": "fast",
-      "FF_USE_FASTZIP": "true",
-      "GIT_DEPTH": "1",
-      "TRANSFER_METER_FREQUENCY": "5s",
-    },
-    "workflow": {
-      "rules": [
-        {
-          "if": "$CI_COMMIT_TAG",
-        },
-        {
-          "if": "$CI_COMMIT_MESSAGE =~ /^chore\\(release\\).*/",
-          "when": "never",
-        },
-        {
-          "if": "$CI_PIPELINE_SOURCE  == "schedule"",
-          "when": "never",
-        },
-        {
-          "if": "$CI_COMMIT_BRANCH =~ /^[0-9]+.([0-9]+|x).x$/",
-        },
-        {
-          "if": "$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH",
-        },
-        {
-          "if": "$CI_MERGE_REQUEST_ID",
-        },
-      ],
-    },
-  },
-}
+      EOF
+    - echo -e "\\e[0Ksection_end:$(date +%s):writeallvalues\\r\\e[0K"
+    - kubernetesCreateSecret
+    - kubernetesDeploy
+    - echo 'Uploading SBOM to Dependency Track'
+    - /dtrackuploader https://dep.panter.swiss/ "$DT_KEY_PROD" upload "pan-test-app/api" "https://api.prod.test-app.pan.panter.cloud" "__sbom.json" vex.json || true
+    - echo deployment successful 😻
+    - echo "CL_GITLAB_ENVIRONMENT_URL=https://api.prod.test-app.pan.panter.cloud" >> gitlab_environment.env
+  environment:
+    name: prod/api
+    url: $CL_GITLAB_ENVIRONMENT_URL
+    on_stop: 'api 🛑 Stop ⚠️ | prod '
+  artifacts:
+    reports:
+      dotenv: gitlab_environment.env
+  rules:
+    - when: manual
+      if: $CI_COMMIT_TAG
+  needs:
+    - job: 'api 🔨 app | prod '
+      artifacts: false
+    - job: 'api 🔨 docker | prod '
+      artifacts: false
+    - job: 'api 🧾 sbom | prod '
+      artifacts: true
+  retry: *a1
+  interruptible: true
+  allow_failure: true
+'api 🛑 Stop ⚠️ | prod ':
+  stage: stop prod
+  image: path/to/docker/kubernetes:the-version
+  variables:
+    KUBERNETES_CPU_REQUEST: '0.22'
+    KUBERNETES_MEMORY_REQUEST: 200Mi
+    KUBERNETES_MEMORY_LIMIT: 400Mi
+    GIT_STRATEGY: none
+  script:
+    - echo -e "\\e[0Ksection_start:$(date +%s):injectvars[collapsed=true]\\r\\e[0KInjecting variables"
+    - export ENV_SHORT="prod"
+    - export APP_DIR="api"
+    - export ENV_TYPE="prod"
+    - export BUILD_INFO_BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"
+    - export BUILD_INFO_BUILD_TIME="$CI_JOB_STARTED_AT"
+    - export BUILD_INFO_CURRENT_VERSION="$(tag=$(git ls-remote origin "refs/tags/v*[0-9]" 2>/dev/null | cut -f 2- | sort -V | tail -1 | sed 's/refs\\/tags\\/v//'); [ -z "$tag" ] && echo "0.0.0" || echo "$tag")"
+    - export HOST="api.prod.test-app.pan.panter.cloud"
+    - export ROOT_URL="https://api.prod.test-app.pan.panter.cloud"
+    - export HOST_INTERNAL="api.prod.test-app.pan.panter.cloud"
+    - export HOST_CANONICAL="api.prod.test-app.pan.panter.cloud"
+    - export ROOT_URL_INTERNAL="https://api.prod.test-app.pan.panter.cloud"
+    - export KUBE_NAMESPACE="pan-test-app-prod"
+    - export KUBE_APP_NAME="api"
+    - export KUBE_APP_NAME_PREFIX=""
+    - export MONGODB_ROOT_PASSWORD="$CL_prod_api_MONGODB_ROOT_PASSWORD"
+    - export MONGODB_REPLICASET_KEY="$CL_prod_api_MONGODB_REPLICASET_KEY"
+    - export _ALL_ENV_VAR_KEYS="[\\"ENV_SHORT\\",\\"APP_DIR\\",\\"ENV_TYPE\\",\\"BUILD_INFO_BUILD_ID\\",\\"BUILD_INFO_BUILD_TIME\\",\\"BUILD_INFO_CURRENT_VERSION\\",\\"HOST\\",\\"ROOT_URL\\",\\"HOST_INTERNAL\\",\\"HOST_CANONICAL\\",\\"ROOT_URL_INTERNAL\\",\\"KUBE_NAMESPACE\\",\\"KUBE_APP_NAME\\",\\"KUBE_APP_NAME_PREFIX\\",\\"MONGODB_ROOT_PASSWORD\\",\\"MONGODB_REPLICASET_KEY\\"]"
+    - export RELEASE_NAME="pan-test-app-prod-api"
+    - export HELM_EXPERIMENTAL_OCI="1"
+    - export KUBE_DOCKER_IMAGE_PULL_SECRET="gitlab-registry-api"
+    - export HELM_GITLAB_CHART_NAME="/helm-charts/the-panter-chart"
+    - export HELM_ARGS=""
+    - export COMPONENT_NAME="api"
+    - export BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"
+    - echo -e "\\e[0Ksection_end:$(date +%s):injectvars\\r\\e[0K"
+    - kubectl config set-cluster "kube-pan-test-app-prod-api" --server="$CL_prod_api_KUBE_URL" --certificate-authority <(echo $CL_prod_api_KUBE_CA_PEM | base64 -d) --embed-certs=true
+    - kubectl config set-credentials "kube-pan-test-app-prod-api" --token="$CL_prod_api_KUBE_TOKEN"
+    - kubectl config set-context "kube-pan-test-app-prod-api" --cluster="kube-pan-test-app-prod-api" --user="kube-pan-test-app-prod-api" --namespace="pan-test-app-prod"
+    - kubectl config use-context "kube-pan-test-app-prod-api"
+    - kubernetesDelete
+    - echo 'Disabling component in Dependency Track'
+    - /dtrackuploader https://dep.panter.swiss/ "$DT_KEY_PROD" disable "pan-test-app/api" "https://api.prod.test-app.pan.panter.cloud" || true
+    - echo "CL_GITLAB_ENVIRONMENT_URL=https://api.prod.test-app.pan.panter.cloud" >> gitlab_environment.env
+  environment:
+    name: prod/api
+    url: $CL_GITLAB_ENVIRONMENT_URL
+    action: stop
+  artifacts:
+    reports:
+      dotenv: gitlab_environment.env
+  rules:
+    - if: $CI_COMMIT_BRANCH =~ /^[0-9]+\\.([0-9]+|x)\\.x$/
+      when: on_success
+    - when: manual
+      if: $CI_COMMIT_TAG
+  needs: []
+  retry: *a1
+  interruptible: true
+  allow_failure: true
+'api ↩️ Rollback ⚠️ | prod ':
+  stage: rollback prod
+  image: path/to/docker/kubernetes:the-version
+  variables:
+    KUBERNETES_CPU_REQUEST: '0.22'
+    KUBERNETES_MEMORY_REQUEST: 200Mi
+    KUBERNETES_MEMORY_LIMIT: 400Mi
+    GIT_STRATEGY: none
+  script:
+    - echo -e "\\e[0Ksection_start:$(date +%s):injectvars[collapsed=true]\\r\\e[0KInjecting variables"
+    - export ENV_SHORT="prod"
+    - export APP_DIR="api"
+    - export ENV_TYPE="prod"
+    - export BUILD_INFO_BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"
+    - export BUILD_INFO_BUILD_TIME="$CI_JOB_STARTED_AT"
+    - export BUILD_INFO_CURRENT_VERSION="$(tag=$(git ls-remote origin "refs/tags/v*[0-9]" 2>/dev/null | cut -f 2- | sort -V | tail -1 | sed 's/refs\\/tags\\/v//'); [ -z "$tag" ] && echo "0.0.0" || echo "$tag")"
+    - export HOST="api.prod.test-app.pan.panter.cloud"
+    - export ROOT_URL="https://api.prod.test-app.pan.panter.cloud"
+    - export HOST_INTERNAL="api.prod.test-app.pan.panter.cloud"
+    - export HOST_CANONICAL="api.prod.test-app.pan.panter.cloud"
+    - export ROOT_URL_INTERNAL="https://api.prod.test-app.pan.panter.cloud"
+    - export KUBE_NAMESPACE="pan-test-app-prod"
+    - export KUBE_APP_NAME="api"
+    - export KUBE_APP_NAME_PREFIX=""
+    - export MONGODB_ROOT_PASSWORD="$CL_prod_api_MONGODB_ROOT_PASSWORD"
+    - export MONGODB_REPLICASET_KEY="$CL_prod_api_MONGODB_REPLICASET_KEY"
+    - export _ALL_ENV_VAR_KEYS="[\\"ENV_SHORT\\",\\"APP_DIR\\",\\"ENV_TYPE\\",\\"BUILD_INFO_BUILD_ID\\",\\"BUILD_INFO_BUILD_TIME\\",\\"BUILD_INFO_CURRENT_VERSION\\",\\"HOST\\",\\"ROOT_URL\\",\\"HOST_INTERNAL\\",\\"HOST_CANONICAL\\",\\"ROOT_URL_INTERNAL\\",\\"KUBE_NAMESPACE\\",\\"KUBE_APP_NAME\\",\\"KUBE_APP_NAME_PREFIX\\",\\"MONGODB_ROOT_PASSWORD\\",\\"MONGODB_REPLICASET_KEY\\"]"
+    - export RELEASE_NAME="pan-test-app-prod-api"
+    - export HELM_EXPERIMENTAL_OCI="1"
+    - export KUBE_DOCKER_IMAGE_PULL_SECRET="gitlab-registry-api"
+    - export HELM_GITLAB_CHART_NAME="/helm-charts/the-panter-chart"
+    - export HELM_ARGS=""
+    - export COMPONENT_NAME="api"
+    - export BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"
+    - echo -e "\\e[0Ksection_end:$(date +%s):injectvars\\r\\e[0K"
+    - kubectl config set-cluster "kube-pan-test-app-prod-api" --server="$CL_prod_api_KUBE_URL" --certificate-authority <(echo $CL_prod_api_KUBE_CA_PEM | base64 -d) --embed-certs=true
+    - kubectl config set-credentials "kube-pan-test-app-prod-api" --token="$CL_prod_api_KUBE_TOKEN"
+    - kubectl config set-context "kube-pan-test-app-prod-api" --cluster="kube-pan-test-app-prod-api" --user="kube-pan-test-app-prod-api" --namespace="pan-test-app-prod"
+    - kubectl config use-context "kube-pan-test-app-prod-api"
+    - kubernetesRollback
+    - echo "CL_GITLAB_ENVIRONMENT_URL=https://api.prod.test-app.pan.panter.cloud" >> gitlab_environment.env
+  environment:
+    name: prod/api
+    url: $CL_GITLAB_ENVIRONMENT_URL
+    action: access
+  artifacts:
+    reports:
+      dotenv: gitlab_environment.env
+  rules:
+    - when: manual
+      if: $CI_COMMIT_TAG
+  needs: []
+  retry: *a1
+  interruptible: true
+  allow_failure: true
+create release:
+  stage: release
+  image: path/to/docker/semantic-release:the-version
+  script:
+    - semanticRelease
+  after_script:
+    - echo '👉 The project access token might be invald - run \`project-renew-token\` in catladder CLI to fix.'
+  rules:
+    - &a2
+      if: $CI_COMMIT_MESSAGE =~ /^chore\\(release\\).*/
+      when: never
+    - &a3
+      if: $CI_PIPELINE_SOURCE  == "schedule"
+      when: never
+    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH && $AUTO_RELEASE == "true"
+      when: on_success
+    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
+      when: manual
+    - if: $CI_COMMIT_BRANCH =~ /^[0-9]+.([0-9]+|x).x$/
+      when: manual
+⚠️ force create release:
+  stage: release
+  image: path/to/docker/semantic-release:the-version
+  script:
+    - semanticRelease
+  after_script:
+    - echo '👉 The project access token might be invald - run \`project-renew-token\` in catladder CLI to fix.'
+  rules:
+    - *a2
+    - *a3
+    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
+      when: manual
+    - if: $CI_COMMIT_BRANCH =~ /^[0-9]+.([0-9]+|x).x$/
+      when: manual
+  needs: []
+"
 `;