feat(cms): add client content type and refactor content types

.github/workflows/ecs-frontend-deploy-prod-worker.yml

@@ -1,5 +1,4 @@
 name: ECS FrontEnd Deployment
-
 on:
   workflow_call:
     inputs:
@@ -53,7 +52,6 @@ on:
         required: true
       DATADOG_API_KEY:
         required: true
-
 jobs:
   build-and-deploy:
     environment: Production
@@ -84,29 +82,16 @@ jobs:
           cache: 'pnpm'
       - name: Install dependencies
         run: pnpm install --frozen-lockfile
-
       - name: nx Install
-        run: pnpm add -g nx --silent
-
+        run: pnpm add -g nx
       - name: Install Doppler
-        run: |
-          sudo apt-get update && sudo apt-get install -y apt-transport-https ca-certificates curl gnupg
-          curl -sLf --retry 3 --tlsv1.2 --proto "=https" 'https://packages.doppler.com/public/cli/gpg.DE2A7741A397C129.key' | sudo apt-key add -
-          echo "deb https://packages.doppler.com/public/cli/deb/debian any-version main" | sudo tee /etc/apt/sources.list.d/doppler-cli.list
-          sudo apt-get update && sudo apt-get -y install doppler
-
-      - name: Get affected apps
-        run: |
-          echo "apps=$(pnpm exec ts-node tools/scripts/affected-apps.ts --projects apps/${{ inputs.name }})" >> $GITHUB_OUTPUT
-          cat $GITHUB_OUTPUT
-        id: affected-apps
+        uses: dopplerhq/cli-action@v3
       - name: Prisma Generate
         uses: mansagroup/nrwl-nx-action@v3
         with:
           targets: prisma-generate
           all: true
       - name: Build ${{ inputs.name }}
-        if: contains(steps.affected-apps.outputs.apps, inputs.name)
         uses: mansagroup/nrwl-nx-action@v3
         env:
           DOPPLER_API_ANALYTICS_TOKEN: ${{ secrets.DOPPLER_API_ANALYTICS_TOKEN }}
@@ -139,27 +124,18 @@ jobs:
         with:
           targets: upload-sourcemaps
           projects: ${{ inputs.name }}
-
-      # ECS Deployment
       - name: Configure ECS AWS credentials
-        if: contains(steps.affected-apps.outputs.apps, inputs.name)
         uses: aws-actions/configure-aws-credentials@v4
         with:
           aws-access-key-id: ${{ secrets.JFP_AWS_ACCESS_KEY_ID }}
           aws-secret-access-key: ${{ secrets.JFP_AWS_SECRET_ACCESS_KEY }}
           aws-region: ${{ secrets.AWS_DEFAULT_REGION }}
-
       - name: Login to Amazon ECR
-        if: contains(steps.affected-apps.outputs.apps, inputs.name)
         id: login-ecr-ecs
         uses: aws-actions/amazon-ecr-login@v2
-
       - name: Set up Docker Buildx
-        if: contains(steps.affected-apps.outputs.apps, inputs.name)
         uses: docker/setup-buildx-action@v3
-
       - name: Build and push Docker image to Amazon ECR
-        if: contains(steps.affected-apps.outputs.apps, inputs.name)
         id: build-image-ecs
         uses: docker/build-push-action@v6
         with:
@@ -171,13 +147,9 @@ jobs:
             ${{ steps.login-ecr-ecs.outputs.registry }}/${{ env.ECR_REPOSITORY }}:latest
           build-args: |
             SERVICE_VERSION=${{ env.IMAGE_TAG }}
-
       - name: Set image output
-        if: contains(steps.affected-apps.outputs.apps, inputs.name)
         run: |
           echo "image=${{ steps.login-ecr-ecs.outputs.registry }}/${{ env.ECR_REPOSITORY }}:${{ env.IMAGE_TAG }}" >> $GITHUB_OUTPUT
-
       - name: Restart task definition
-        if: contains(steps.affected-apps.outputs.apps, inputs.name)
         run: |
           aws ecs update-service --force-new-deployment --service $ECS_SERVICE --cluster $ECS_CLUSTER

.github/workflows/ecs-frontend-deploy-prod.yml

@@ -7,12 +7,9 @@ on:
       - main
 jobs:
   affected:
-    name: Detect affected projects
     runs-on: blacksmith-2vcpu-ubuntu-2204
     outputs:
-      arclight: ${{ steps.set.outputs.arclight }}
-      journeys_admin: ${{ steps.set.outputs.journeys_admin }}
-      cms: ${{ steps.set.outputs.cms }}
+      matrix: ${{ steps.set-matrix.outputs.matrix }}
     steps:
       - uses: actions/checkout@v4
         with:
@@ -28,29 +25,14 @@ jobs:
       - name: Install dependencies
         run: pnpm install --frozen-lockfile
       - uses: nrwl/nx-set-shas@v4
-      - id: set
-        name: compute if arclight is affected
+      - id: set-matrix
+        name: set matrix app to affected array
         run: |
-          set -euo pipefail
-          list=$(pnpm -s exec nx show projects --affected)
-          if echo "$list" | awk '{print $1}' | grep -xq 'arclight'; then
-            echo "arclight=true" >> "$GITHUB_OUTPUT"
-          else
-            echo "arclight=false" >> "$GITHUB_OUTPUT"
-          fi
-          if echo "$list" | awk '{print $1}' | grep -xq 'journeys-admin'; then
-            echo "journeys_admin=true" >> "$GITHUB_OUTPUT"
-          else
-            echo "journeys_admin=false" >> "$GITHUB_OUTPUT"
-          fi
-          if echo "$list" | awk '{print $1}' | grep -xq 'cms'; then
-            echo "cms=true" >> "$GITHUB_OUTPUT"
-          else
-            echo "cms=false" >> "$GITHUB_OUTPUT"
-          fi
+          echo "matrix=$(pnpm exec ts-node tools/scripts/affected-apps.ts --projects apps/*)" >> $GITHUB_OUTPUT
+          cat $GITHUB_OUTPUT
   arclight:
     needs: [affected]
-    if: ${{ needs.affected.outputs.arclight == 'true' }}
+    if: contains(needs.affected.outputs.matrix, 'arclight')
     uses: JesusFilm/core/.github/workflows/ecs-frontend-deploy-prod-worker.yml@main
     with:
       name: arclight
@@ -79,7 +61,7 @@ jobs:
       DATADOG_API_KEY: ${{ secrets.DATADOG_API_KEY }}
   journeys-admin:
     needs: [affected]
-    if: ${{ needs.affected.outputs.journeys_admin == 'true' }}
+    if: contains(needs.affected.outputs.matrix, 'journeys-admin')
     uses: JesusFilm/core/.github/workflows/ecs-frontend-deploy-prod-worker.yml@main
     with:
       name: journeys-admin
@@ -108,7 +90,7 @@ jobs:
       DATADOG_API_KEY: ${{ secrets.DATADOG_API_KEY }}
   cms:
     needs: [affected]
-    if: ${{ needs.affected.outputs.cms == 'true' }}
+    if: contains(needs.affected.outputs.matrix, 'cms')
     uses: JesusFilm/core/.github/workflows/ecs-frontend-deploy-prod-worker.yml@main
     with:
       name: cms

.github/workflows/ecs-frontend-deploy-stage-worker.yml

@@ -1,5 +1,4 @@
 name: ECS FrontEnd Deployment
-
 on:
   workflow_call:
     inputs:
@@ -53,7 +52,6 @@ on:
         required: true
       DATADOG_API_KEY:
         required: true
-
 jobs:
   build-and-deploy:
     environment: Stage
@@ -84,30 +82,16 @@ jobs:
           cache: 'pnpm'
       - name: Install dependencies
         run: pnpm install --frozen-lockfile
-
       - name: nx Install
-        run: pnpm add -g nx --silent
-
+        run: pnpm add -g nx
       - name: Install Doppler
-        run: |
-          sudo apt-get update && sudo apt-get install -y apt-transport-https ca-certificates curl gnupg
-          curl -sLf --retry 3 --tlsv1.2 --proto "=https" 'https://packages.doppler.com/public/cli/gpg.DE2A7741A397C129.key' | sudo apt-key add -
-          echo "deb https://packages.doppler.com/public/cli/deb/debian any-version main" | sudo tee /etc/apt/sources.list.d/doppler-cli.list
-          sudo apt-get update && sudo apt-get -y install doppler
-
-      - name: Get affected apps
-        run: |
-          echo "apps=$(pnpm exec ts-node tools/scripts/affected-apps.ts --projects apps/${{ inputs.name }})" >> $GITHUB_OUTPUT
-          cat $GITHUB_OUTPUT
-        id: affected-apps
-
+        uses: dopplerhq/cli-action@v3
       - name: Prisma Generate
         uses: mansagroup/nrwl-nx-action@v3
         with:
           targets: prisma-generate
           all: true
       - name: Build ${{ inputs.name }}
-        if: contains(steps.affected-apps.outputs.apps, inputs.name)
         uses: mansagroup/nrwl-nx-action@v3
         env:
           DOPPLER_API_ANALYTICS_TOKEN: ${{ secrets.DOPPLER_API_ANALYTICS_TOKEN }}
@@ -140,27 +124,18 @@ jobs:
         with:
           targets: upload-sourcemaps
           projects: ${{ inputs.name }}
-
-      # ECS Deployment
       - name: Configure ECS AWS credentials
-        if: contains(steps.affected-apps.outputs.apps, inputs.name)
         uses: aws-actions/configure-aws-credentials@v4
         with:
           aws-access-key-id: ${{ secrets.JFP_AWS_ACCESS_KEY_ID }}
           aws-secret-access-key: ${{ secrets.JFP_AWS_SECRET_ACCESS_KEY }}
           aws-region: ${{ secrets.AWS_DEFAULT_REGION }}
-
       - name: Login to Amazon ECR
-        if: contains(steps.affected-apps.outputs.apps, inputs.name)
         id: login-ecr-ecs
         uses: aws-actions/amazon-ecr-login@v2
-
       - name: Set up Docker Buildx
-        if: contains(steps.affected-apps.outputs.apps, inputs.name)
         uses: docker/setup-buildx-action@v3
-
       - name: Build and push Docker image to Amazon ECR
-        if: contains(steps.affected-apps.outputs.apps, inputs.name)
         id: build-image-ecs
         uses: docker/build-push-action@v6
         with:
@@ -172,13 +147,9 @@ jobs:
             ${{ steps.login-ecr-ecs.outputs.registry }}/${{ env.ECR_REPOSITORY }}:latest
           build-args: |
             SERVICE_VERSION=${{ env.IMAGE_TAG }}
-
       - name: Set image output
-        if: contains(steps.affected-apps.outputs.apps, inputs.name)
         run: |
           echo "image=${{ steps.login-ecr-ecs.outputs.registry }}/${{ env.ECR_REPOSITORY }}:${{ env.IMAGE_TAG }}" >> $GITHUB_OUTPUT
-
       - name: Restart task definition
-        if: contains(steps.affected-apps.outputs.apps, inputs.name)
         run: |
           aws ecs update-service --force-new-deployment --service $ECS_SERVICE --cluster $ECS_CLUSTER

.github/workflows/ecs-frontend-deploy-stage.yml

@@ -7,12 +7,9 @@ on:
       - stage
 jobs:
   affected:
-    name: Detect affected projects
     runs-on: blacksmith-2vcpu-ubuntu-2204
     outputs:
-      arclight: ${{ steps.set.outputs.arclight }}
-      journeys_admin: ${{ steps.set.outputs.journeys_admin }}
-      cms: ${{ steps.set.outputs.cms }}
+      matrix: ${{ steps.set-matrix.outputs.matrix }}
     steps:
       - uses: actions/checkout@v4
         with:
@@ -28,29 +25,14 @@ jobs:
       - name: Install dependencies
         run: pnpm install --frozen-lockfile
       - uses: nrwl/nx-set-shas@v4
-      - id: set
-        name: compute if arclight is affected
+      - id: set-matrix
+        name: set matrix app to affected array
         run: |
-          set -euo pipefail
-          list=$(pnpm -s exec nx show projects --affected)
-          if echo "$list" | awk '{print $1}' | grep -xq 'arclight'; then
-            echo "arclight=true" >> "$GITHUB_OUTPUT"
-          else
-            echo "arclight=false" >> "$GITHUB_OUTPUT"
-          fi
-          if echo "$list" | awk '{print $1}' | grep -xq 'journeys-admin'; then
-            echo "journeys_admin=true" >> "$GITHUB_OUTPUT"
-          else
-            echo "journeys_admin=false" >> "$GITHUB_OUTPUT"
-          fi
-          if echo "$list" | awk '{print $1}' | grep -xq 'cms'; then
-            echo "cms=true" >> "$GITHUB_OUTPUT"
-          else
-            echo "cms=false" >> "$GITHUB_OUTPUT"
-          fi
+          echo "matrix=$(pnpm exec ts-node tools/scripts/affected-apps.ts --projects apps/*)" >> $GITHUB_OUTPUT
+          cat $GITHUB_OUTPUT
   arclight:
     needs: [affected]
-    if: ${{ needs.affected.outputs.arclight == 'true' }}
+    if: contains(needs.affected.outputs.matrix, 'arclight')
     uses: JesusFilm/core/.github/workflows/ecs-frontend-deploy-stage-worker.yml@stage
     with:
       name: arclight
@@ -80,7 +62,7 @@ jobs:
   e2e-arclight:
     name: E2E Arclight (stage)
     needs: [affected, arclight]
-    if: ${{ needs.affected.outputs.arclight == 'true' }}
+    if: contains(needs.affected.outputs.matrix, 'arclight')
     runs-on: blacksmith-4vcpu-ubuntu-2204
     steps:
       - uses: actions/checkout@v4
@@ -117,7 +99,7 @@ jobs:
           PLAYWRIGHT_PASSWORD5: ${{ secrets.PLAYWRIGHT_PASSWORD5 }}
   journeys-admin:
     needs: [affected]
-    if: ${{ needs.affected.outputs.journeys_admin == 'true' }}
+    if: contains(needs.affected.outputs.matrix, 'journeys-admin')
     uses: JesusFilm/core/.github/workflows/ecs-frontend-deploy-stage-worker.yml@stage
     with:
       name: journeys-admin
@@ -146,7 +128,7 @@ jobs:
       DATADOG_API_KEY: ${{ secrets.DATADOG_API_KEY }}
   cms:
     needs: [affected]
-    if: ${{ needs.affected.outputs.cms == 'true' }}
+    if: contains(needs.affected.outputs.matrix, 'cms')
     uses: JesusFilm/core/.github/workflows/ecs-frontend-deploy-stage-worker.yml@stage
     with:
       name: cms

apps/cms/Dockerfile

@@ -1,28 +1,53 @@
-FROM node:22-alpine3.20
-
-EXPOSE 1337
-
+FROM node:22-alpine
+
+# -------------------------
+# System deps for sharp / vips
+# -------------------------
+RUN apk add --no-cache \
+  build-base \
+  gcc \
+  autoconf \
+  automake \
+  zlib-dev \
+  libpng-dev \
+  nasm \
+  bash \
+  vips-dev \
+  git
+
+ARG NODE_ENV=production
+ENV NODE_ENV=${NODE_ENV}
 ARG SERVICE_VERSION=0.0.1
 ENV OTEL_RESOURCE_ATTRIBUTES="service.version=$SERVICE_VERSION"
-ENV NODE_ENV=production
-ENV PNPM_HOME="/usr/local/share/pnpm"
-ENV PATH="$PNPM_HOME:$PATH"
 
-RUN apk upgrade --update-cache --available && \
-    apk add g++ make python3 py3-pip curl-dev && \
-    rm -rf /var/cache/apk/*
+# Enable pnpm
+RUN corepack enable
 
-WORKDIR /app
+# -------------------------
+# Workspace root
+# -------------------------
+WORKDIR /opt
 
-COPY ./package.json ./package.json
-COPY ./pnpm-lock.yaml* ./
+# Copy only what pnpm needs to resolve CMS
+COPY package.json pnpm-lock.yaml pnpm-workspace.yaml ./
+COPY apps/cms/package.json ./apps/cms/package.json
 
-RUN corepack enable && corepack prepare pnpm --activate
-RUN pnpm install --frozen-lockfile
+# Install ONLY cms deps
+RUN pnpm install \
+  --frozen-lockfile \
+  --filter ./apps/cms...
 
-COPY . .
+# -------------------------
+# Copy CMS source only
+# -------------------------
+COPY apps/cms ./apps/cms
 
-RUN pnpm run build
+WORKDIR /opt/apps/cms
 
-CMD ["pnpm", "run", "start"]
+RUN chown -R node:node /opt/apps/cms
+USER node
 
+RUN ["pnpm", "run", "build"]
+
+EXPOSE 1337
+CMD ["pnpm", "run", "start"]