This folder defines automation for the BC Wallet Demo monorepo (frontend and server Yarn workspaces). All Node-based jobs use Node.js 22, matching engines.node in package.json.
Path: .github/actions/setup-node/action.yml
Purpose: Install Node and enable Yarn dependency caching in one step.
Inputs:
| Input | Required | Description |
|---|---|---|
node-version |
yes | Node major or semver (e.g. 22) |
Behaviour:
- Runs
actions/setup-node@v4withcache: yarnandcache-dependency-path: yarn.lock(repository root). No separateactions/cachestep and noyarninvocation before Node is installed.
Usage:
- uses: ./.github/actions/setup-node
with:
node-version: 22File: .github/workflows/continuous-integration.yml
Name: Continuous Integration
Triggers: Pull requests targeting main or release.
Concurrency: One active run per PR (cancel-in-progress: true) so new pushes cancel older runs.
Global env: HUSKY=0 so Husky does not run during yarn install in CI.
| Job | What it does |
|---|---|
| Server Unit Tests | yarn install --frozen-lockfile, then yarn workspace server test |
| Frontend Unit Tests | yarn install --frozen-lockfile, then yarn workspace frontend test:unit |
| Cypress E2E Tests | Lint (yarn lint), Prettier check, yarn check-types, then Cypress with yarn workspace frontend start and wait-on for http://localhost:3000 |
File: .github/workflows/on_pr_opened.yaml
Name: PR Docker smoke build
Triggers: Non-draft pull requests to main when relevant paths change (see paths: in the workflow), on open/sync/reopen/ready for review.
Purpose: Ensure server/Dockerfile and frontend/Dockerfile both build with the default GitHub-hosted runner (DOCKER_BUILDKIT=1). This does not push images and does not pass production REACT_APP_* build-args; it only verifies the Docker build graph.
File: .github/workflows/build_packages.yml
Name: Build and Publish Packages
Triggers:
release:published— runs when a GitHub Release is published.workflow_dispatch: Manual run with optional inputrun_cypress(boolean) to run browser E2E before image builds.
Global env: HUSKY=0.
-
cypress-run(conditional) — On every release publish, or when manual dispatch setsrun_cypress: true. Checks out the repo, usessetup-node(Node 22), runsyarn install --frozen-lockfile, startsyarn devin the background, waits withwait-onforhttp://localhost:3000andhttp://localhost:5000, short warm-up sleep, then runs Cypress (cypress-io/github-action@v6,install: false, optional Dashboard recording viaCYPRESS_RECORD_KEY). -
cypress-skipped— Runs when Cypress is not required (manual dispatch withrun_cypress: false). Satisfiesneedsfor the image jobs without doing work. -
build-and-push-image-serverandbuild-and-push-image-frontend— Bothneedthe Cypress jobs and only proceed if nothing failed and at least one of the Cypress paths succeeded (seeif:in the workflow). They do not runyarn installon the runner: the only install/build for the published images happens inside Docker, avoiding duplicate work.
Images are pushed to GitHub Container Registry (ghcr.io):
| Variable in workflow | Image |
|---|---|
SHOWCASE_SERVER_IMAGE |
ghcr.io/<owner>/bc-wallet-showcase-server |
SHOWCASE_FRONTEND_IMAGE |
ghcr.io/<owner>/bc-wallet-showcase-frontend |
Jobs use docker/login-action@v3, docker/setup-buildx-action@v3, docker/metadata-action@v5, and docker/build-push-action@v7 with minimal provenance and SBOM attestations (provenance: mode=min, sbom: true). Image build jobs set permissions: id-token: write (with packages: write) so attestation upload to GHCR is supported.
The frontend is built with Vite, which reads VITE_* at build time. CI still passes legacy REACT_APP_* names as Docker build-args; the frontend/Dockerfile maps them to VITE_INSIGHTS_PROJECT_ID and VITE_HOST_BACKEND before yarn workspace frontend build. Those values are inlined into the client bundle, so they are not secret—prefer repository Variables (REACT_APP_INSIGHTS_PROJECT_ID, REACT_APP_HOST_BACKEND) so they are not treated as encrypted secrets. The workflow still falls back to secrets with the same names if variables are unset (see build-args on the frontend docker/build-push-action step).
Optional / other secrets (e.g. Cypress) are documented in the workflow file and org settings.
To approximate CI locally for the showcase web image:
docker build -f frontend/Dockerfile \
--build-arg REACT_APP_INSIGHTS_PROJECT_ID="..." \
--build-arg REACT_APP_HOST_BACKEND="..." \
-t bc-wallet-showcase-frontend:local .File: .github/dependabot.yml — version updates for GitHub Actions, npm (root workspace), and Dockerfiles under /, /frontend, and /server.
- Root README.md — run and Docker overview for developers.
- DEVELOPER/BC Wallet Showcase.md — Traction, env files, and OpenShift-oriented notes.