Sofie-Automation
diff --git a/‎.github/workflows/audit.yaml‎
Lines changed: 2 additions & 2 deletions b/‎.github/workflows/audit.yaml‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎.github/workflows/node.yaml‎
Lines changed: 46 additions & 13 deletions b/‎.github/workflows/node.yaml‎
Lines changed: 46 additions & 13 deletions
diff --git a/‎.github/workflows/prerelease-libs.yml‎
Lines changed: 9 additions & 1 deletion b/‎.github/workflows/prerelease-libs.yml‎
Lines changed: 9 additions & 1 deletion
diff --git a/‎.github/workflows/prune-container-images.yml‎
Lines changed: 2 additions & 0 deletions b/‎.github/workflows/prune-container-images.yml‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎.github/workflows/prune-tags.yml‎
Lines changed: 2 additions & 0 deletions b/‎.github/workflows/prune-tags.yml‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎.github/workflows/sonar.yaml‎
Lines changed: 1 addition & 0 deletions b/‎.github/workflows/sonar.yaml‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎.github/workflows/trivy.yml‎
Lines changed: 44 additions & 49 deletions b/‎.github/workflows/trivy.yml‎
Lines changed: 44 additions & 49 deletions
diff --git a/‎.vscode/settings.json.default‎
Lines changed: 2 additions & 1 deletion b/‎.vscode/settings.json.default‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎CONTRIBUTING.md‎
Lines changed: 2 additions & 1 deletion b/‎CONTRIBUTING.md‎
Lines changed: 2 additions & 1 deletion
@@ -29,7 +29,7 @@ jobs:
         run: |
           yarn
           cd meteor
-          meteor yarn validate:prod-dependencies
+          meteor npm run validate:prod-dependencies
         env:
           CI: true
 
@@ -57,7 +57,7 @@ jobs:
         run: |
           yarn
           cd meteor
-          meteor yarn run validate:all-dependencies
+          meteor npm run validate:all-dependencies
         env:
           CI: true
 
 
@@ -46,7 +46,7 @@ jobs:
           # setup zodern:types. No linters are setup, so this simply installs the packages
           meteor lint
 
-          meteor yarn ci:lint
+          meteor npm run ci:lint
         env:
           CI: true
 
@@ -85,12 +85,12 @@ jobs:
           # setup zodern:types. No linters are setup, so this simply installs the packages
           meteor lint
 
-          NODE_OPTIONS="--max-old-space-size=6144" meteor yarn unitci --force-exit
+          NODE_OPTIONS="--max-old-space-size=6144" meteor npm run unitci --force-exit
         env:
           CI: true
       - name: Send coverage
         if: ((github.event_name == 'pull_request') && (!startsWith(github.head_ref, 'release'))) || ((github.event_name == 'push') && (!startsWith(github.ref_name, 'release')))
-        uses: codecov/codecov-action@v4
+        uses: codecov/codecov-action@v5
         env:
           CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
 
@@ -184,11 +184,18 @@ jobs:
         run: |
           cd meteor
           yarn inject-git-hash
+      - name: Prepare webui for meteor build
+        if: steps.check-build-and-push.outputs.enable == 'true'
+        run: |
+          rm -Rf meteor/public
+          cp -R packages/webui/dist meteor/public
       - name: Meteor Build
         if: steps.check-build-and-push.outputs.enable == 'true'
         run: |
           cd meteor
           NODE_OPTIONS="--max-old-space-size=4096" METEOR_DEBUG_BUILD=1 meteor build --allow-superuser --directory .
+          mv bundle/programs/web.browser/assets/ bundle/programs/web.browser/app/assets/ || true
+
       - name: Meteor Bundle NPM Build
         if: steps.check-build-and-push.outputs.enable == 'true'
         run: |
@@ -239,7 +246,9 @@ jobs:
           echo "image=$image" >> $GITHUB_OUTPUT
       - name: Trivy scanning
         if: steps.check-build-and-push.outputs.enable == 'true' && steps.check-ghcr.outputs.enable == 'true' && steps.ghcr-tag.outputs.tags != 0
-        uses: aquasecurity/[email protected]
+        uses: aquasecurity/[email protected]
+        env:
+          TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db
         with:
           image-ref: "${{ steps.trivy-image.outputs.image }}"
           format: "table"
@@ -388,7 +397,9 @@ jobs:
           echo "image=$image" >> $GITHUB_OUTPUT
       - name: Trivy scanning
         if: steps.check-build-and-push.outputs.enable == 'true' && steps.check-ghcr.outputs.enable == 'true' && steps.ghcr-tag.outputs.tags != 0
-        uses: aquasecurity/[email protected]
+        uses: aquasecurity/[email protected]
+        env:
+          TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db
         with:
           image-ref: "${{ steps.trivy-image.outputs.image }}"
           format: "table"
@@ -422,9 +433,11 @@ jobs:
           - mos-gateway
           - corelib
           - shared-lib
+          - meteor-lib
           - job-worker
           - openapi
           - live-status-gateway
+          - webui
 
     steps:
       - uses: actions/checkout@v4
@@ -467,7 +480,7 @@ jobs:
           - blueprints-integration
           - server-core-integration
           - shared-lib
-        node-version: [14.x, 16.x, 18.x, 20.x]
+        node-version: [14.x, 18.x, 20.x, 22.x]
         include:
           # include additional configs, to run certain packages only for a certain version of node
           - node-version: 14.x
@@ -477,19 +490,28 @@ jobs:
             package-name: job-worker
             send-coverage: true
           # manual openapi to avoid testing for 14.x
-          - node-version: 16.x
-            package-name: openapi
           - node-version: 18.x
             package-name: openapi
           - node-version: 20.x
             package-name: openapi
+          - node-version: 22.x
+            package-name: openapi
           # No tests for the gateways yet
           # - node-version: 18.x
           #   package-name: playout-gateway
           # - node-version: 18.x
           #   package-name: mos-gateway
           - node-version: 18.x
             package-name: live-status-gateway
+            send-coverage: true
+          - node-version: 18.x
+            package-name: webui
+          # manual meteor-lib as it only needs a couple of versions
+          - node-version: 18.x
+            package-name: meteor-lib
+            send-coverage: true
+          - node-version: 14.x
+            package-name: meteor-lib
 
     steps:
       - uses: actions/checkout@v4
@@ -520,7 +542,7 @@ jobs:
         env:
           CI: true
       - name: Send coverage
-        if: (matrix.node-version == '16.x' || matrix.send-coverage == true) && ((github.event_name == 'pull_request') && ((!startsWith(github.head_ref, 'release'))) || ((github.event_name == 'push') && (!startsWith(github.ref_name, 'release'))))
+        if: (matrix.node-version == '18.x' || matrix.send-coverage == true) && ((github.event_name == 'pull_request') && ((!startsWith(github.head_ref, 'release'))) || ((github.event_name == 'push') && (!startsWith(github.ref_name, 'release'))))
         uses: codecov/codecov-action@v4
         env:
           CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
@@ -569,13 +591,17 @@ jobs:
           yarn
         env:
           CI: true
-      - name: Run generator
+      - name: Build OpenAPI client library
+        run: |
+          cd packages/openapi
+          yarn build
+        env:
+          CI: true
+      - name: Generate OpenAPI docs and server
         run: |
           cd packages/openapi
-
           yarn gendocs
           yarn genserver
-          yarn genclient:ts
         env:
           CI: true
 
@@ -664,7 +690,7 @@ jobs:
           else
             # make dependencies of `determine-npm-tag` available
             yarn install --mode=skip-build
-            
+
             cd packages
             PACKAGE_NAME="@sofie-automation/shared-lib"
             PUBLISHED_VERSION=$(yarn npm info --json $PACKAGE_NAME | jq -c '.version' -r)
@@ -682,6 +708,13 @@ jobs:
           yarn build
         env:
           CI: true
+      - name: Build OpenAPI client library
+        if: ${{ steps.do-publish.outputs.tag }}
+        run: |
+          cd packages/openapi
+          yarn build
+        env:
+          CI: true
       - name: Modify dependencies to use npm packages
         run: node scripts/prepublish.js
       - name: Publish to NPM
 
@@ -53,7 +53,7 @@ jobs:
           - blueprints-integration
           - server-core-integration
           - shared-lib
-        node-version: [14.x, 16.x, 18.x, 20.x]
+        node-version: [14.x, 18.x, 20.x, 22.x]
 
     steps:
       - uses: actions/checkout@v4
@@ -131,6 +131,14 @@ jobs:
           yarn build
         env:
           CI: true
+
+      - name: Build OpenAPI client library
+        if: ${{ steps.do-publish.outputs.publish }}
+        run: |
+          cd packages/openapi
+          yarn build
+        env:
+          CI: true
       - name: Modify dependencies to use npm packages
         run: node scripts/prepublish.js
       - name: Publish to NPM
 
@@ -7,6 +7,8 @@ on:
 
 jobs:
   prune-container-images:
+    if: ${{ github.repository_owner == 'nrkno' }}
+    
     uses: nrkno/sofie-github-workflows/.github/workflows/prune-container-images.yml@main
     strategy:
       max-parallel: 1
 
@@ -16,6 +16,8 @@ on:
 
 jobs:
   prune-tags:
+    if: ${{ github.repository_owner == 'nrkno' }}
+    
     name: Prune tags
     runs-on: ubuntu-latest
     timeout-minutes: 15
 
@@ -13,6 +13,7 @@ jobs:
     name: SonarCloud
     runs-on: ubuntu-latest
     if: ${{ github.repository_owner == 'nrkno' && !github.event.pull_request.head.repo.fork }}
+    timeout-minutes: 15
 
     steps:
       - uses: actions/checkout@v4
 
@@ -2,28 +2,36 @@ name: Scheduled Trivy Scan
 on:
   workflow_dispatch:
   schedule:
-    - cron: '0 10 * * 1'
+    - cron: "0 10 * * 1"
 
 jobs:
   trivy:
+    if: ${{ github.repository_owner == 'nrkno' }}
+
     name: Trivy scan
     runs-on: ubuntu-latest
     strategy:
       matrix:
         image: ["server-core", "playout-gateway", "mos-gateway"]
+    timeout-minutes: 15
+
     steps:
       - name: Run Trivy vulnerability scanner (json)
-        uses: aquasecurity/[email protected]
+        uses: aquasecurity/[email protected]
+        env:
+          TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db
         with:
           image-ref: ghcr.io/nrkno/sofie-core-${{ matrix.image }}:latest
           format: json
-          output: '${{ matrix.image }}-trivy-scan-results.json'
+          output: "${{ matrix.image }}-trivy-scan-results.json"
 
       - name: Run Trivy vulnerability scanner (table)
-        uses: aquasecurity/[email protected]
+        uses: aquasecurity/[email protected]
+        env:
+          TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db
         with:
           image-ref: ghcr.io/nrkno/sofie-core-${{ matrix.image }}:latest
-          output: '${{ matrix.image }}-trivy-scan-results.txt'
+          output: "${{ matrix.image }}-trivy-scan-results.txt"
 
       - name: Post all scan results to Github Summary as a table
         env:
@@ -36,10 +44,12 @@ jobs:
           echo $CODE_BLOCK >> $GITHUB_STEP_SUMMARY
 
       - name: Run Trivy in GitHub SBOM mode and submit results to Dependency Graph
-        uses: aquasecurity/[email protected]
+        uses: aquasecurity/[email protected]
+        env:
+          TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db
         with:
-          format: 'github'
-          output: 'dependency-results-${{ matrix.image }}.sbom.json'
+          format: "github"
+          output: "dependency-results-${{ matrix.image }}.sbom.json"
           image-ref: ghcr.io/nrkno/sofie-core-${{ matrix.image }}:latest
           github-pat: ${{ secrets.GITHUB_TOKEN }}
 
@@ -54,46 +64,31 @@ jobs:
           echo ${{ env.SUMMARY }}
 
       - name: Send Slack Notification
-        uses: slackapi/slack-github-action@v1.26.0
+        uses: slackapi/slack-github-action@v2.0.0
         with:
+          webhook: ${{ secrets.SLACK_WEBHOOK_URL }}
+          webhook-type: incoming-webhook
           payload: |
-            {
-              "text": "Trivy scan results",
-              "blocks": [
-                {
-                  "type": "header",
-                  "text": {
-                    "type": "plain_text",
-                    "text": "Trivy scan results for sofie-core-${{ matrix.image }}:latest"
-                  }
-                },
-                {
-                  "type": "section",
-                  "text": {
-                    "type": "mrkdwn",
-                    "text": ":thisisfine: ${{ env.SUMMARY }}"
-                  }
-                },
-                {
-                  "type": "section",
-                  "text": {
-                    "type": "mrkdwn",
-                    "text": "Read the full scan results on Github"
-                  },
-                  "accessory": {
-                    "type": "button",
-                    "text": {
-                        "type": "plain_text",
-                        "text": ":github: Scan results",
-                        "emoji": true
-                    },
-                    "value": "workflow_run",
-                    "url": "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}",
-                    "action_id": "button-action"
-                  }
-                }
-              ]
-            }
-        env:
-          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
-          SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK
+            text: "Trivy scan results"
+            blocks:
+              - type: "header"
+                text:
+                  type: "plain_text"
+                  text: "Trivy scan results for sofie-core-${{ matrix.image }}:latest"
+              - type: "section"
+                text:
+                  type: "mrkdwn"
+                  text: ":thisisfine: ${{ env.SUMMARY }}"
+              - type: "section"
+                text:
+                  type: "mrkdwn"
+                  text: "Read the full scan results on Github"
+                accessory:
+                  type: "button"
+                  text:
+                    type: "plain_text"
+                    text: ":github: Scan results"
+                    emoji: true
+                  value: "workflow_run"
+                  url: "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"
+                  action_id: "button-action"
@@ -9,7 +9,8 @@
         "packages/shared-lib",
         "packages/job-worker",
         "packages/openapi",
-        "packages/live-status-gateway"
+        "packages/live-status-gateway",
+		"packages/webui"
     ],
     "prettier.enable": true,
     "sonarlint.connectedMode.project": { "projectKey": "nrkno_sofie-core" },
 
@@ -9,4 +9,5 @@ This repository uses the following branches:
 * **_master_** is our main branch. We consider it stable and it is used in production.
 * The **_releaseXX_** branches are our in-development branches. When a release is ready, we decide to “freeze” that branch and create a new **_releaseXX+1_** branch.
 
-We encourage you to base your contributions on the latest **_releaseXX_** branch, alternatively the **_master_** branch or a recently frozen **_releaseXX_** branch. The [_Sofie Releases_](https://nrkno.github.io/sofie-core/releases) page collects the status and timeline of the releases.
+We require contributions to be based based on the latest **_release\*_** branch.
+The [_Sofie Releases_](https://nrkno.github.io/sofie-core/releases) page collects the status and timeline of the releases.