@fat-zebra/sdk 1.5.10-beta.0 → 1.5.10-beta.2

package/.github/workflows/ci.yml

@@ -2,16 +2,16 @@ name: CI
 
 env:
   AWS_REGION: ap-southeast-2
-  TEST_UPLOAD_PATH: s3://test-cdn-pmnts-origin/sdk/v1/
   SBOX_UPLOAD_PATH: s3://sandbox-pmnts-resources/sdk/v1/
   PROD_UPLOAD_PATH: s3://pmnts-resources/sdk/v1/
+  SBOX_CLOUDFRONT_ID: "E5G12OAJDKLBT"
+  PROD_CLOUDFRONT_ID: "E3348QX8Q2J4OV"
 on:
   push:
-    branches: ['**']                        # all branches
+    branches: ['main']    
     tags:
       - 'v*.*.*'           # prod tags e.g. v1.5.8
       - 'v*.*.*-beta.*'    # beta tags e.g. v1.5.8-beta.0
-  pull_request:
 
 jobs:
   checks:
@@ -31,34 +31,9 @@ jobs:
 
   # --- BUILD JOBS ----------------------------------------------------
 
-  build-staging:
-    needs: checks
-    if: github.ref_type == 'branch' && github.ref_name != 'main'
-    runs-on: ubuntu-latest
-    env:
-      NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
-    steps:
-      - uses: actions/checkout@v4
-      - uses: fatzebra/gh-workflows/build_npm@main
-        with:
-          credentials_json: |
-            {
-              "GITHUB_TOKEN": "${{ secrets.GITHUB_TOKEN }}",
-              "NPM_CLOUDSMITH_REPO_PWD": "${{ secrets.CLOUDSMITH_API_KEY }}"
-            }
-      - name: Build (staging)
-        run: npm run build:staging
-      - uses: actions/upload-artifact@v4
-        with:
-          name: sdk-dist-staging
-          path: |
-            dist/staging/*.js
-            dist/staging/*.css
-          if-no-files-found: error
-
   build-sandbox:
     needs: checks
-    if: github.ref_type == 'tag' && contains(github.ref_name, '-beta.') && github.base_ref == 'main'
+    if: github.ref_type == 'tag' && contains(github.ref_name, '-beta.')
     runs-on: ubuntu-latest
     env:
       NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
@@ -83,7 +58,7 @@ jobs:
 
   build-production:
     needs: checks
-    if: github.ref_type == 'tag' && !contains(github.ref_name, '-beta.') && github.base_ref == 'main'
+    if: github.ref_type == 'tag' && !contains(github.ref_name, '-beta.')
     runs-on: ubuntu-latest
     env:
       NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
@@ -107,27 +82,20 @@ jobs:
           if-no-files-found: error
 
   # --- DEPLOY JOBS ----------------------------------------------------
-
-  deploy-staging:
-    needs: build-staging
-    if: github.ref_type == 'branch' && github.ref_name != 'main'
-    runs-on: ubuntu-latest
-    permissions: { id-token: write, contents: read }
-    steps:
-      - uses: fatzebra/gh-workflows/aws_login@main
-        with:
-          platform: fz
-          environment: test
-          role_name: AppDeploy
-      - run: aws s3 sync --delete --content-type 'application/javascript' --exclude '*' --include '*.js' dist/staging/ "${TEST_UPLOAD_PATH}"
-      - run: aws s3 sync --delete --content-type 'text/css' --exclude '*' --include '*.css' dist/staging/ "${TEST_UPLOAD_PATH}"
-
   deploy-sandbox:
-    needs: build-sandbox
-    if: github.ref_type == 'tag' && contains(github.ref_name, '-beta.') && github.base_ref == 'main'
+    if: github.ref_type == 'tag' && contains(github.ref_name, '-beta.')
+    needs:
+      - build-sandbox
     runs-on: ubuntu-latest
-    permissions: { id-token: write, contents: read }
+    permissions:
+      id-token: write
+      contents: read
+
     steps:
+      - uses: actions/download-artifact@v4
+        with:
+          name: sdk-dist-sandbox
+          path: dist/sandbox/
       - uses: fatzebra/gh-workflows/aws_login@main
         with:
           platform: fz
@@ -135,15 +103,33 @@ jobs:
           role_name: AppDeploy
       - run: aws s3 sync --delete --content-type 'application/javascript' --exclude '*' --include '*.js' dist/sandbox/ "${SBOX_UPLOAD_PATH}"
       - run: aws s3 sync --delete --content-type 'text/css' --exclude '*' --include '*.css' dist/sandbox/ "${SBOX_UPLOAD_PATH}"
+      - name: Invalidate CloudFront cache
+        shell: bash
+        run: |
+          invalidation_id=$(aws cloudfront create-invalidation \
+            --distribution-id "${SBOX_CLOUDFRONT_ID}" \
+            --paths '/sdk/*' \
+            --output text \
+            --query 'Invalidation.Id')
+          echo "Invalidation started: ${invalidation_id}"
+          aws cloudfront wait invalidation-completed \
+            --distribution-id "${SBOX_CLOUDFRONT_ID}" \
+            --id "${invalidation_id}"
+          echo "Invalidation completed."
 
   deploy-production:
-    needs: build-production
-    if: github.ref_type == 'tag' && !contains(github.ref_name, '-beta.') && github.base_ref == 'main'
+    if: github.ref_type == 'tag' && !contains(github.ref_name, '-beta.')
+    needs:
+      - build-production
     runs-on: ubuntu-latest
-    permissions: { id-token: write, contents: read }
+    permissions:
+      id-token: write
+      contents: read
     steps:
       - uses: actions/download-artifact@v4
-        with: { name: sdk-dist-production, path: dist/production }
+        with:
+          name: sdk-dist-production
+          path: dist/production
       - uses: fatzebra/gh-workflows/aws_login@main
         with:
           platform: fz
@@ -151,6 +137,19 @@ jobs:
           role_name: AppDeploy
       - run: aws s3 sync --delete --content-type 'application/javascript' --exclude '*' --include '*.js' dist/production/ "${PROD_UPLOAD_PATH}"
       - run: aws s3 sync --delete --content-type 'text/css' --exclude '*' --include '*.css' dist/production/ "${PROD_UPLOAD_PATH}"
+      - name: Invalidate CloudFront cache
+        shell: bash
+        run: |
+          invalidation_id=$(aws cloudfront create-invalidation \
+            --distribution-id "${PROD_CLOUDFRONT_ID}" \
+            --paths '/sdk/*' \
+            --output text \
+            --query 'Invalidation.Id')
+          echo "Invalidation started: ${invalidation_id}"
+          aws cloudfront wait invalidation-completed \
+            --distribution-id "${PROD_CLOUDFRONT_ID}" \
+            --id "${invalidation_id}"
+          echo "Invalidation completed."
 
   # Publish to npm for beta tags and production tags
   publish-npm-beta:
@@ -175,9 +174,8 @@ jobs:
       # make package.json version match the git tag (strip leading "v" if present)
       - name: Sync package.json version to git tag
         run: |
-          VERSION="${TAG_NAME#v}"                 # v1.5.10-beta.0 -> 1.5.10-beta.0
+          VERSION="${TAG_NAME#v}"
           npm version --no-git-tag-version "$VERSION"
-          echo "package.json version: $(node -p "require('./package.json').version")"
 
       - name: Install deps
         run: npm ci
@@ -191,12 +189,11 @@ jobs:
 
   # --- NPM publish for production tags (vX.Y.Z) ---
   publish-npm-latest:
+    if: startsWith(github.ref, 'refs/tags/') && !contains(github.ref_name, '-beta.')
     runs-on: ubuntu-latest
     env:
-      TAG_NAME: ${{ github.ref_name }} 
+      TAG_NAME: ${{ github.ref_name }}
       NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
-    if: startsWith(github.ref, 'refs/tags/') &&
-      !contains(github.ref_name, '-beta.')
     steps:
       - uses: actions/checkout@v4
         with:
@@ -212,9 +209,8 @@ jobs:
 
       - name: Sync package.json version to git tag
         run: |
-          VERSION="${TAG_NAME#v}"                  # v1.5.10 -> 1.5.10
+          VERSION="${TAG_NAME#v}"
           npm version --no-git-tag-version "$VERSION"
-          echo "package.json version: $(node -p "require('./package.json').version")"
 
       - name: Install deps
         run: npm ci

package/.github/workflows/non-prod-ci.yml

@@ -0,0 +1,128 @@
+name: Non Prod CI
+
+env:
+  AWS_REGION: ap-southeast-2
+  TEST_UPLOAD_PATH: s3://test-cdn-pmnts-origin/sdk/v1/
+  TEST_CLOUDFRONT_ID: "E1MCI9BNDVLHEU"
+on:
+  push:
+    branches-ignore:
+      - main
+    tags:
+      - 'v*.*.*-beta.*'
+
+jobs:
+  checks:
+    name: Security & Type checks
+    runs-on: ubuntu-latest
+    env:
+      NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with: { node-version: '20.x', cache: 'npm' }
+      - run: npm ci
+      - run: npx --yes audit-ci --high
+      - run: npx tsc --noEmit
+      - run: npx tsc -p tsconfig.package.json --noEmit
+      - run: yarn test
+
+  # --- BUILD JOBS ----------------------------------------------------
+
+  build-staging:
+    needs: checks
+    if: github.ref_type == 'branch' && github.ref_name != 'main'
+    runs-on: ubuntu-latest
+    env:
+      NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
+    steps:
+      - uses: actions/checkout@v4
+      - uses: fatzebra/gh-workflows/build_npm@main
+        with:
+          credentials_json: |
+            {
+              "GITHUB_TOKEN": "${{ secrets.GITHUB_TOKEN }}",
+              "NPM_CLOUDSMITH_REPO_PWD": "${{ secrets.CLOUDSMITH_API_KEY }}"
+            }
+      - name: Build (staging)
+        run: npm run build:staging
+      - uses: actions/upload-artifact@v4
+        with:
+          name: sdk-dist-staging
+          path: |
+            dist/staging/*.js
+            dist/staging/*.css
+          if-no-files-found: error
+
+  # --- DEPLOY JOBS ----------------------------------------------------
+
+  deploy-staging:
+    if: github.ref_type == 'branch' && github.ref_name != 'main'
+    needs:
+      - build-staging
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      contents: read
+    steps:
+      - uses: actions/download-artifact@v4
+        with:
+          name: sdk-dist-staging
+          path: dist/staging/
+      - uses: fatzebra/gh-workflows/aws_login@main
+        with:
+          platform: fz
+          environment: test
+          role_name: AppDeploy
+
+      - run: aws s3 sync --delete --content-type 'application/javascript' --exclude '*' --include '*.js' dist/staging/ "${TEST_UPLOAD_PATH}"
+      - run: aws s3 sync --delete --content-type 'text/css' --exclude '*' --include '*.css' dist/staging/ "${TEST_UPLOAD_PATH}"
+
+      - name: Invalidate CloudFront cache
+        shell: bash
+        run: |
+          invalidation_id=$(aws cloudfront create-invalidation \
+            --distribution-id "${TEST_CLOUDFRONT_ID}" \
+            --paths '/sdk/*' \
+            --output text \
+            --query 'Invalidation.Id')
+          echo "Invalidation started: ${invalidation_id}"
+          aws cloudfront wait invalidation-completed \
+            --distribution-id "${TEST_CLOUDFRONT_ID}" \
+            --id "${invalidation_id}"
+          echo "Invalidation completed."
+
+  # Publish to npm for beta tags and production tags
+  publish-npm-beta:
+    runs-on: ubuntu-latest
+    if: startsWith(github.ref, 'refs/tags/') && contains(github.ref_name, '-beta.')
+    env:
+      TAG_NAME: ${{ github.ref_name }}          # e.g. v1.5.10-beta.0
+      NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 20
+          registry-url: 'https://registry.npmjs.org'   # writes .npmrc using NPM_TOKEN
+
+      - name: Show tag name
+        run: echo "Publishing for tag $TAG_NAME"
+
+      # make package.json version match the git tag (strip leading "v" if present)
+      - name: Sync package.json version to git tag
+        run: |
+          VERSION="${TAG_NAME#v}"
+          npm version --no-git-tag-version "$VERSION"
+
+      - name: Install deps
+        run: npm ci
+
+      - name: Run package build
+        run: npm run build:package
+
+      - name: Publish (beta dist-tag)
+        run: npm publish --access public --tag beta

package/.husky/commit-msg

@@ -0,0 +1,4 @@
+#!/usr/bin/env sh
+. "$(dirname -- "$0")/_/husky.sh"
+
+npx --no -- commitlint --edit "$1"

package/.husky/pre-commit

@@ -0,0 +1,2 @@
+#!/usr/bin/env sh
+. "$(dirname -- "$0")/_/husky.sh"

package/.husky/prepare-commit-msg

@@ -0,0 +1,4 @@
+#!/usr/bin/env sh
+. "$(dirname -- "$0")/_/husky.sh"
+
+exec < /dev/tty && npx cz --hook || true

package/.tool-versions

@@ -1 +1 @@
-nodejs 22.0.0
+nodejs 23.7.0

package/README.dev.md

@@ -165,45 +165,63 @@ from here enter your 2FA code and voila! You have published a new version of the
 
 ## Release Management
 
-### Automated release: 
+### NPM
 
-To deploy to npm run this command: 
+Releases are based on tags. There are two types of releases:
+    -   Production
+    -   Beta
 
+To perform a production release: 
+
+```shell
+git tag -a v1.5.10 -m "Production Release: 1.5.10"
+git push origin v1.5.10
 ```
- npm run npm:publish
+
+To perform a beta release
+
+```shell
+git tag -a v1.5.10-beta.0 -m "Beta: 1.5.10-beta.0"
+git push origin v1.5.10-beta.0
 ```
 
-![deployment options](deploy-menu.png)
+### CDN 
 
-The semantic version will be bumped according to the selected release type. 
+## Staging
 
-| Release type | version      |
-|--------------|--------------|
-| Major        | x-0-0        |
-| Minor        | 0-x-0        |
-| Patch        | 0-0-x        |
-| Beta         | 0-0-0-beta-x |
+Staging is released automatically for each branch (on push)
 
-The publish script will also tag the release and push to the current branch. 
-This process is an automated version of the process below, excluding changelog
+## Sandbox
 
-The release of the sdk follows a weekly schedule. In the beginning of a new release cycle, do the following
+Sandbox deployment will trigger on the main branch and when pushing through a tag with beta in it.
+
+Running this on main will trigger sandbox deployment (as well as npm beta release): 
+
+```shell
+git tag -a v1.5.10-beta.0 -m "Beta: 1.5.10-beta.0"
+git push origin v1.5.10-beta.0
+```
 
-1. Create a release branch, release/vX.X.X
-2. Work out the PRs that need to be released. Make sure the merge destination points to the new release branch.
-3. On the release cut-off day (2 days before the release day), merge all PRs into the release branch.
-4. Do last round of testing.
-5. While on the release branch locally, bump version number in package.json. Make sure the version number is the same as that of the release git branch.
-6. Update CHANGELOG. List down all JIRAs included in the new release.
-7. Push the changes (version update, CHANGELOG) to the release branch.
-8. Create a PR for the release candidate.
-9. Merge the release candidate PR back to develop. The git merge message should include the release number vX.X.X.
-10. Prepare a new git tag for the new release version `git tag -a vX.X.X`.
-11. Push git tag. `git push origin vX.X.X`.
+## Production 
 
-Upon successful CI , a new entry with title 'Merged in release/vX.X,X' will be visible in the master branch page. This provides us with a clear view of what gets released in the past. Moreoever, we can quickly find out the list of features/bug fixes in a release by referring to the PR of the release candidate.
+Sandbox deployment will trigger on the main branch and when pushing through a tag WITHOUT beta in it.
+Running this on main will trigger production deployment:
 
+```shell
+git tag -a v1.5.10 -m "Beta: 1.5.10"
+git push origin v1.5.10
+```
 
 ## Rollback management
 
-The CDN is now versioned across staging, sandbox and production environments. The pipeline will upload a version to override the existing deployment, but also a version of the build to a folder in s3. The folder will be a shortened version of the commit hash. This will allow us to advise merchants to rollback to a specific working commit hash, or for us to test different versions in gazelle to facilitate a rollback if necessary.
+The pipeline will upload a version to override the existing deployment, but also a version of the build to a folder in s3.
+
+## Commitizen 
+
+We use Husky and Commitizen to keep our commit history consistent, readable, and meaningful. Husky runs Git hooks automatically. This will in turn run commitizen. Commitizen enforces a standard commit message format based on Conventional Commits
+. This ensures every commit clearly communicates its purpose, making it easier to track changes, generate changelogs, and automate releases.
+
+Follow the commitizen wizard to correctly format the commit message.
+
+![commitizen wizard](readme.png)
+

package/commitlint.config.cjs

@@ -0,0 +1,3 @@
+module.exports = {
+  extends: ['@commitlint/config-conventional'],
+};

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@fat-zebra/sdk",
-  "version": "1.5.10-beta.0",
+  "version": "1.5.10-beta.2",
   "description": "",
   "main": "index.js",
   "scripts": {
@@ -17,12 +17,15 @@
     "start:staging:es5": "export MERCHANT_MODE=es5 && npm run build:staging --watch && webpack serve --config webpack.config.dev.js --open 'Google Chrome'",
     "start:docker": "npm run build:dev --watch && webpack serve --config webpack.config.dev.js --host 0.0.0.0",
     "generate:jwt": "node scripts/generate-access-token.js",
-    "npm:publish": "ts-node scripts/release-package.ts"
+    "npm:publish": "ts-node scripts/release-package.ts",
+    "prepare": "husky install"
   },
   "keywords": [],
   "author": "",
   "license": "ISC",
   "devDependencies": {
+    "@commitlint/cli": "^19.8.1",
+    "@commitlint/config-conventional": "^19.8.1",
     "@inquirer/prompts": "^5.3.8",
     "@testing-library/dom": "^10.4.0",
     "@testing-library/react": "^16.0.0",
@@ -38,10 +41,13 @@
     "@types/react": "^18.2.15",
     "@types/react-dom": "^18.2.7",
     "audit-ci": "^6.6.1",
+    "commitizen": "^4.3.1",
+    "cz-conventional-changelog": "^3.3.0",
     "dotenv": "^16.0.1",
     "dotenv-webpack": "^8.0.0",
     "ejs": "^3.0.1",
     "html-webpack-plugin": "^5.3.1",
+    "husky": "^8.0.0",
     "jest": "^29.6.1",
     "jest-environment-jsdom": "^29.6.1",
     "jest-localstorage-mock": "^2.4.22",
@@ -72,5 +78,10 @@
   "peerDependencies": {
     "react": ">= 16",
     "react-dom": ">= 16"
+  },
+  "config": {
+    "commitizen": {
+      "path": "./node_modules/cz-conventional-changelog"
+    }
   }
 }