chore(ci): Fix workflows, release-please config (#661)

Author: el-virt

.github/release-please/release-please-config.main.json

@@ -5,6 +5,7 @@
     "group-pull-request-title-pattern": "chore(${branch}): release ${version}",
     "packages": {
         ".": {
+            "component": "sdk",
             "release-type": "simple",
             "extra-files": [
                 {

.github/release-please/release-please-config.release_branches.json

@@ -5,6 +5,7 @@
     "group-pull-request-title-pattern": "chore(${branch}): release ${version}",
     "packages": {
         ".": {
+            "component": "sdk",
             "release-type": "simple",
             "extra-files": [
                 {

.github/workflows/build-and-test.yaml

@@ -1,251 +1,19 @@
 name: "Build and Test Client"
 
-env:
-  do_sonarscan: >-
-    ${{ (github.event_name == 'push' ||
-      github.event.pull_request.head.repo.full_name == github.repository) &&
-      github.actor != 'dependabot[bot]' }}
-
 on:
   pull_request:
   push:
     branches:
       - main
       - "release/**"
-jobs:
-  ccc:
-    runs-on: ubuntu-latest
-    defaults:
-      run:
-        working-directory: ./lib
-    timeout-minutes: 5
-    steps:
-      - name: Conventional Commits Check
-        if: contains(fromJSON('["pull_request", "pull_request_target"]'), github.event_name)
-        id: conventional-commits
-        uses: amannn/action-semantic-pull-request@0723387faaf9b38adef4775cd42cfd5155ed6017
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        with:
-          # Types include:
-          #   - fix: fixes
-          #   - feat: features and enhancements
-          #   - chore: non-feature or enhancement (i.e. docs, ci, linting, automated, etc)
-          types: |
-            fix
-            feat
-            chore
-            revert
-          # Scopes include:
-          #   - sdk: changes to @opentdf/sdk (was lib)
-          #   - cli: changes to @opentdf/ctl
-          #   - ci: anything related to ci
-          #   - tests: test only changes
-          #   - docs: anything related solely to documentation
-          scopes: |
-            ci
-            cli
-            docs
-            sdk
-            tests
-
-  lib:
-    runs-on: ubuntu-latest
-    defaults:
-      run:
-        working-directory: ./lib
-    timeout-minutes: 5
-    steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2
-        with:
-          fetch-depth: ${{ !fromJSON(env.do_sonarscan) && 1 || 0 }}
-      - uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e #v4.3.0
-        with:
-          node-version: '22'
-          cache: 'npm'
-          cache-dependency-path: './lib/package-lock.json'
-      - run: npm ci
-      - run: npm test
-      - uses: fingerprintjs/action-coverage-report-md@72dfb7de7581612640a8e599e918b2eda98f9bba #v2.0.1
-        id: coverage-md
-        with:
-          srcBasePath: './'
-          textReportPath: './lib/coverage/coverage.txt'
-      - run: echo "${MARKDOWN_REPORT}" >>$GITHUB_STEP_SUMMARY
-        env:
-          MARKDOWN_REPORT: '${{ steps.coverage-md.outputs.markdownReport }}'
-      - run: npm audit --omit dev && npm audit --audit-level high --omit dev
-      - run: npm run license-check
-      - run: npm run lint
-      - run: npm pack
-      - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 #v4.6.2
-        with:
-          name: opentdf-sdk-lib
-          path: ./lib/opentdf-sdk-*.tgz
-      - name: SonarCloud Scan
-        if: fromJSON(env.do_sonarscan)
-        uses: SonarSource/sonarqube-scan-action@2500896589ef8f7247069a56136f8dc177c27ccf #v5.2.0
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
-
-  cli:
-    needs:
-      - lib
-    runs-on: ubuntu-latest
-    defaults:
-      run:
-        working-directory: ./cli
-    timeout-minutes: 5
-    steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2
-      - uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e #v4.3.0
-        with:
-          node-version: '22'
-          cache: 'npm'
-          cache-dependency-path: './cli/package-lock.json'
-      - uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e #v4.2.1
-        with:
-          name: opentdf-sdk-lib
-          path: lib/
-      - run: npm uninstall @opentdf/sdk && npm ci && npm i ../lib/opentdf-sdk-*.tgz
-      - run: npm test
-      - run: npm audit --omit dev && npm audit --audit-level high --omit dev
-      - run: npm run license-check
-      - run: npm run lint
-      - run: npm pack
-      - name: Setup Bats and bats libs
-        uses: bats-core/[email protected]
-      - run: bats bin/opentdf.bats
-      - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 #v4.6.2
-        with:
-          name: opentdf-ctl
-          path: ./cli/opentdf-ctl-*.tgz
-
-  web-app:
-    needs:
-      - lib
-    runs-on: ubuntu-22.04 # NOTE: Playwright not yet supported on 24.04
-    defaults:
-      run:
-        working-directory: ./web-app
-    timeout-minutes: 5
-    steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2
-      - uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e #v4.3.0
-        with:
-          node-version: '22'
-          cache: 'npm'
-          cache-dependency-path: './web-app/package-lock.json'
-      - uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e #v4.2.1
-        with:
-          name: opentdf-sdk-lib
-          path: lib/
-      - run: npm uninstall @opentdf/sdk && npm ci && npm i ../lib/opentdf-sdk-*.tgz
-      - run: npm install
-      - run: npm audit --omit dev && npm audit --audit-level high --omit dev
-      - run: npm run license-check
-      - run: npm run lint
-      - run: npx playwright install
-      - run: npm test
-      - run: npm pack
 
-  scripts:
-    runs-on: ubuntu-latest
-    defaults:
-      run:
-        working-directory: .github/workflows
-    timeout-minutes: 5
-    steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2
-      - name: 🦇🦇🦇🦇🦇🦇
-        run: docker run --rm -v "$PWD:/mnt" --workdir "/mnt" bats/bats:1.11.0 *.bats
-      - name: 🦪 ✔ 🧼🧼🧼
-        run: >-
-          docker run --rm -v "$PWD:/mnt" --workdir "/mnt" "koalaman/shellcheck:v0.10.0"
-          --color=always *.sh
+# Default empty permissions for all jobs
+# fix later, need to add permissions for every job in reusable_build-and-test.yaml
+# then add corresponding permissions to the build-and-test job below
+#permissions: {}
 
-  platform-roundtrip:
-    needs:
-      - cli
-      - lib
-      - web-app
-    runs-on: ubuntu-22.04 # NOTE: Playwright not yet supported on 24.04
-    defaults:
-      run:
-        working-directory: .github/workflows/roundtrip
-    timeout-minutes: 45
-    steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2
-      - uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e #v4.3.0
-        with:
-          node-version: '22'
-          cache: 'npm'
-          cache-dependency-path: './web-app/package-lock.json'
-      - uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e #v4.2.1
-        with:
-          name: opentdf-sdk-lib
-          path: lib/
-      - uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e #v4.2.1
-        with:
-          name: opentdf-ctl
-          path: cli/
-      - name: Git clone backend
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2
-        with:
-          path: .github/workflows/roundtrip/platform
-          repository: opentdf/platform
-      - uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b #v5.4.0
-        with:
-          go-version-file: .github/workflows/roundtrip/platform/service/go.mod
-          check-latest: false
-          cache-dependency-path: |
-            .github/workflows/roundtrip/platform/lib/fixtures/go.sum
-            .github/workflows/roundtrip/platform/lib/ocrypto/go.sum
-            .github/workflows/roundtrip/platform/protocol/go/go.sum
-            .github/workflows/roundtrip/platform/sdk/go.sum
-            .github/workflows/roundtrip/platform/service/go.sum
-      - run: find ./ -name go.mod
-      - name: go configure backend
-        run: |-
-          go work init
-          for x in platform/{protocol/go,lib/{fixtures,ocrypto},sdk,service}; do
-            go work use "$x"
-          done
-      - run: docker compose up -d --wait --wait-timeout 240
-      - env:
-          PLAYWRIGHT_TESTS_TO_RUN: roundtrip
-        run: |-
-          ./wait-and-test.sh platform
-
-  platform-xtest:
-    needs:
-      - cli
-      - lib
-    uses: opentdf/tests/.github/workflows/xtest.yml@main
-    with:
-      focus-sdk: js
-      js-ref: ${{ github.ref }} latest lts
-      platform-ref: main lts
-
-  ci:
-    needs:
-      - lib
-      - cli
-      - web-app
-      - scripts
-      - platform-xtest
-    runs-on: ubuntu-22.04
-    if: ${{ !cancelled() }}
-    steps:
-
-      - name: "All jobs succeeded"
-        id: success
-        if: ${{ contains(needs.*.result, 'success') }}
-        run: |
-          :
-
-      - name: "One or more jobs failed"
-        if: ${{ contains(needs.*.result, 'failure') }}
-        run: |
-          exit 1
+jobs:
+  build-and-test:
+    uses: opentdf/web-sdk/.github/workflows/reusable_build-and-test.yaml@main
+    secrets:
+      SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}