Feature/5566 maintenance contract

.env

@@ -1,6 +1,7 @@
 COMPOSE_PROJECT_NAME=itksites
-#COMPOSE_DOMAIN=itksites.local.itkdev.dk
-COMPOSE_DOMAIN=sites.itkdev.dk
+COMPOSE_DOMAIN=itksites.local.itkdev.dk
+
+ITKDEV_TEMPLATE=symfony-6
 
 # In all environments, the following files are loaded if they exist,
 # the latter taking precedence over the former:
@@ -63,3 +64,5 @@ VAULT_SECRET_ID="CHANGE_ME_IN_LOCAL_ENV"
 
 # The number of old results for each server/result-type combination
 APP_KEEP_RESULTS=5
+APP_LEANTIME_URI=https://leantime.itkdev.dk
+APP_LEANTIME_API_KEY="CHANGE_ME_IN_LOCAL_ENV"

.github/workflows/apispec.yaml

@@ -0,0 +1,115 @@
+name: API Spec review
+
+env:
+    COMPOSE_USER: root
+
+on:
+    pull_request:
+
+jobs:
+    api-spec-updated:
+        name: Ensure committed API specification is up to date
+        runs-on: ubuntu-latest
+        steps:
+            - name: Checkout
+              uses: actions/checkout@v5
+              with:
+                  fetch-depth: 2
+
+            - name: Create docker network
+              run: |
+                  docker network create frontend
+
+            - name: Composer install
+              run: |
+                  docker compose run --rm phpfpm composer install
+
+            - name: Export API specification
+              run: |
+                  docker compose run --rm phpfpm bin/console api:openapi:export --yaml --output=public/api-spec-v1.yaml --no-interaction
+
+            - name: Check for changes in specification
+              id: git-diff-spec
+              continue-on-error: true
+              run: git diff --diff-filter=ACMRT --exit-code public/api-spec-v1.yaml
+
+            - name: Comment PR
+              if: steps.git-diff-spec.outcome == 'failure'
+              env:
+                  GH_TOKEN: ${{ github.token }}
+              run: |
+                  echo '## 🛑 Exported API specification file not up to date' > var/comment.md
+                  echo '' >> var/comment.md
+                  echo 'Please run `composer update-api-spec` to export the API specification. Then commit and push the changes.' >> var/comment.md
+                  gh pr comment ${{ github.event.pull_request.number }} --body-file var/comment.md --create-if-none --edit-last
+
+            - name: Fail job, api spec is not up to date
+              if: steps.git-diff-spec.outcome == 'failure'
+              run: |
+                  exit 1
+
+    detect-breaking-changes:
+        name: Detect breaking changes in API specification
+        runs-on: ubuntu-latest
+        needs: [api-spec-updated]
+        steps:
+            - name: Check out BASE rev
+              uses: actions/checkout@v5
+              with:
+                  ref: ${{ github.base_ref }}
+                  path: base
+
+            - name: Check out HEAD rev
+              uses: actions/checkout@v5
+              with:
+                  ref: ${{ github.head_ref }}
+                  path: head
+
+            - name: Run OpenAPI Changed (from HEAD rev)
+              id: api-changed
+              continue-on-error: true
+              uses: docker://openapitools/openapi-diff:latest
+              with:
+                  args: --fail-on-changed base/public/api-spec-v1.yaml head/public/api-spec-v1.yaml --markdown api-spec-changed.md
+
+            - name: Run OpenAPI Incompatible (from HEAD rev)
+              id: api-incompatible
+              continue-on-error: true
+              uses: docker://openapitools/openapi-diff:latest
+              with:
+                  args: --fail-on-incompatible base/public/api-spec-v1.yaml head/public/api-spec-v1.yaml --markdown api-spec-incompatible.md
+
+            - name: Comment PR with no changes
+              if: steps.api-changed.outcome == 'success' && steps.api-incompatible.outcome == 'success'
+              working-directory: head
+              env:
+                  GH_TOKEN: ${{ github.token }}
+              run: |
+                  gh pr comment ${{ github.event.pull_request.number }} --body "✅ **No changes detected in API specification**" --create-if-none --edit-last
+
+            - name: Comment PR with non-breaking changes
+              if: steps.api-changed.outcome == 'failure' && steps.api-incompatible.outcome == 'success'
+              working-directory: head
+              env:
+                  GH_TOKEN: ${{ github.token }}
+              run: |
+                  echo "## ⚠️ Non-Breaking changes detected in API specification" > ../comment.md
+                  echo "" >> ../comment.md
+                  cat ../api-spec-changed.md >> ../comment.md
+                  gh pr comment ${{ github.event.pull_request.number }} --body-file ../comment.md --create-if-none --edit-last
+
+            - name: Comment PR with breaking changes
+              if: steps.api-incompatible.outcome == 'failure'
+              working-directory: head
+              env:
+                  GH_TOKEN: ${{ github.token }}
+              run: |
+                  echo "## 🛑 Breaking changes detected in API specification" > ../comment.md
+                  echo "" >> ../comment.md
+                  cat ../api-spec-incompatible.md >> ../comment.md
+                  gh pr comment ${{ github.event.pull_request.number }} --body-file ../comment.md --create-if-none --edit-last
+
+            - name: Fail if breaking changes detected
+              if: steps.api-incompatible.outcome == 'failure'
+              run: |
+                  exit 1

.github/workflows/changelog.yaml

@@ -0,0 +1,27 @@
+# Do not edit this file! Make a pull request on changing
+# github/workflows/changelog.yaml in
+# https://github.com/itk-dev/devops_itkdev-docker if need be.
+
+### ### Changelog
+###
+### Checks that changelog has been updated
+
+name: Changelog
+
+on:
+    pull_request:
+
+jobs:
+    changelog:
+        runs-on: ubuntu-latest
+        steps:
+            - name: Checkout
+              uses: actions/checkout@v5
+              with:
+                  fetch-depth: 2
+
+            - name: Git fetch
+              run: git fetch
+
+            - name: Check that changelog has been updated.
+              run: git diff --exit-code origin/${{ github.base_ref }} -- CHANGELOG.md && exit 1 || exit 0

.github/workflows/composer.yaml

@@ -0,0 +1,78 @@
+# Do not edit this file! Make a pull request on changing
+# github/workflows/composer.yaml in
+# https://github.com/itk-dev/devops_itkdev-docker if need be.
+
+### ### Composer
+###
+### Validates composer.json and checks that it's normalized.
+###
+### #### Assumptions
+###
+### 1. A docker compose service named `phpfpm` can be run and `composer` can be
+###    run inside the `phpfpm` service.
+### 2. [ergebnis/composer-normalize](https://github.com/ergebnis/composer-normalize)
+###    is a dev requirement in `composer.json`:
+###
+###    ``` shell
+###    docker compose run --rm phpfpm composer require --dev ergebnis/composer-normalize
+###    ```
+###
+###    Normalize `composer.json` by running
+###
+###    ``` shell
+###    docker compose run --rm phpfpm composer normalize
+###    ```
+
+name: Composer
+
+env:
+    COMPOSE_USER: root
+
+on:
+    pull_request:
+    push:
+        branches:
+            - main
+            - develop
+
+jobs:
+    composer-validate:
+        runs-on: ubuntu-latest
+        steps:
+            - uses: actions/checkout@v5
+
+            - name: Create docker network
+              run: |
+                  docker network create frontend
+
+            - run: |
+                  docker compose run --rm phpfpm composer validate --strict
+
+    composer-normalized:
+        runs-on: ubuntu-latest
+        strategy:
+            fail-fast: false
+        steps:
+            - uses: actions/checkout@v5
+
+            - name: Create docker network
+              run: |
+                  docker network create frontend
+
+            - run: |
+                  docker compose run --rm phpfpm composer install
+                  docker compose run --rm phpfpm composer normalize --dry-run
+
+    composer-audit:
+        runs-on: ubuntu-latest
+        strategy:
+            fail-fast: false
+        steps:
+            - uses: actions/checkout@v5
+
+            - name: Create docker network
+              run: |
+                  docker network create frontend
+
+            - run: |
+                  docker compose run --rm phpfpm composer audit

.github/workflows/doctrine.yaml

@@ -0,0 +1,41 @@
+name: Doctrine
+
+env:
+    COMPOSE_USER: root
+
+on:
+    pull_request:
+    push:
+        branches:
+            - main
+            - develop
+
+jobs:
+    coding-standards:
+        name: Validate Schema
+        runs-on: ubuntu-latest
+        env:
+            APP_ENV: prod
+
+        steps:
+            - uses: actions/checkout@v5
+
+            - name: Create docker network
+              run: |
+                  docker network create frontend
+
+            - name: Run Composer Install
+              run: |
+                  docker compose run --rm phpfpm composer install
+
+            - name: Run Doctrine Migrations
+              run: |
+                  docker compose run --rm phpfpm bin/console doctrine:migrations:migrate --no-interaction
+
+            - name: Setup messenger "failed" doctrine transport to ensure db schema is updated
+              run: |
+                  docker compose run --rm phpfpm bin/console messenger:setup-transports failed
+
+            - name: Validate Doctrine schema
+              run: |
+                  docker compose run --rm phpfpm bin/console doctrine:schema:validate

.github/workflows/github_build_release.yml

@@ -1,45 +1,45 @@
 on:
-  push:
-    tags:
-      - '*.*.*'
+    push:
+        tags:
+            - "*.*.*"
 
 name: Create Github Release
 
 permissions:
-  contents: write
+    contents: write
 
 jobs:
-  create-release:
-    runs-on: ubuntu-latest
-    env:
-      COMPOSER_ALLOW_SUPERUSER: 1
-      APP_ENV: prod
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-
-      - name: Composer install
-        run: |
-          docker network create frontend
-          docker compose run --rm --user=root --env APP_ENV=prod phpfpm composer install --no-dev -o --classmap-authoritative
-          docker compose run --rm --user=root --env APP_ENV=prod phpfpm composer clear-cache
-          docker compose run --rm node yarn install
-          docker compose run --rm node yarn build
-
-      - name: Make assets dir
-        run: |
-          mkdir -p ../assets
-
-      - name: Create archive
-        run: tar --exclude='.git' --exclude='node_modules' -zcf ../assets/${{ github.event.repository.name }}-${{ github.ref_name }}.tar.gz ./
-
-      - name: Create checksum
-        run: |
-          cd ../assets
-          sha256sum ${{ github.event.repository.name }}-${{ github.ref_name }}.tar.gz > ../assets/checksum.txt
-
-      - name: Create a release in GitHub and uploads assets
-        run: gh release create ${{ github.ref_name }} --verify-tag --generate-notes ../assets/*.*
+    create-release:
+        runs-on: ubuntu-latest
         env:
-          GITHUB_TOKEN: ${{ github.TOKEN }}
-        shell: bash
+            COMPOSER_ALLOW_SUPERUSER: 1
+            APP_ENV: prod
+        steps:
+            - name: Checkout
+              uses: actions/checkout@v5
+
+            - name: Composer install
+              run: |
+                  docker network create frontend
+                  docker compose run --rm --user=root --env APP_ENV=prod phpfpm composer install --no-dev -o --classmap-authoritative
+                  docker compose run --rm --user=root --env APP_ENV=prod phpfpm composer clear-cache
+                  docker compose run --rm node yarn install
+                  docker compose run --rm node yarn build
+
+            - name: Make assets dir
+              run: |
+                  mkdir -p ../assets
+
+            - name: Create archive
+              run: tar --exclude='.git' --exclude='node_modules' -zcf ../assets/${{ github.event.repository.name }}-${{ github.ref_name }}.tar.gz ./
+
+            - name: Create checksum
+              run: |
+                  cd ../assets
+                  sha256sum ${{ github.event.repository.name }}-${{ github.ref_name }}.tar.gz > ../assets/checksum.txt
+
+            - name: Create a release in GitHub and uploads assets
+              run: gh release create ${{ github.ref_name }} --verify-tag --generate-notes ../assets/*.*
+              env:
+                  GITHUB_TOKEN: ${{ github.TOKEN }}
+              shell: bash

.github/workflows/javascript.yaml

@@ -0,0 +1,35 @@
+# Do not edit this file! Make a pull request on changing
+# github/workflows/symfony/javascript.yaml in
+# https://github.com/itk-dev/devops_itkdev-docker if need be.
+
+### ### Symfony JavaScript (and TypeScript)
+###
+### Validates JavaScript files.
+###
+### #### Assumptions
+###
+### 1. A docker compose service named `prettier` for running
+###    [Prettier](https://prettier.io/) exists.
+
+name: JavaScript
+
+on:
+    pull_request:
+    push:
+        branches:
+            - main
+            - develop
+
+jobs:
+    javascript-lint:
+        runs-on: ubuntu-latest
+        steps:
+            - name: Checkout
+              uses: actions/checkout@v5
+
+            - name: Create docker network
+              run: |
+                  docker network create frontend
+
+            - run: |
+                  docker compose run --rm prettier 'assets/**/*.js' --check