WIP: chore(ci): test nx

.github/workflows/build.yml

@@ -1,138 +0,0 @@
-name: ZITADEL CI/CD
-
-on:
-  push:
-    tags-ignore:
-      - "*"
-    branches:
-      - "main"
-  pull_request:
-  workflow_dispatch:
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
-  cancel-in-progress: true
-
-permissions:
-  contents: write
-  packages: write
-  issues: write
-  pull-requests: write
-  actions: write
-
-jobs:
-  core:
-    uses: ./.github/workflows/core.yml
-    with:
-      node_version: "20"
-      buf_version: "latest"
-
-  console:
-    uses: ./.github/workflows/console.yml
-    with:
-      node_version: "20"
-
-  docs:
-    uses: ./.github/workflows/docs.yml
-    with:
-      node_version: "20"
-      buf_version: "latest"
-
-  version:
-    uses: ./.github/workflows/version.yml
-    with:
-      semantic_version: "23.0.7"
-      dry_run: true
-
-  compile:
-    needs: [core, console, version]
-    uses: ./.github/workflows/compile.yml
-    with:
-      core_cache_key: ${{ needs.core.outputs.cache_key }}
-      console_cache_key: ${{ needs.console.outputs.cache_key }}
-      core_cache_path: ${{ needs.core.outputs.cache_path }}
-      console_cache_path: ${{ needs.console.outputs.cache_path }}
-      version: ${{ needs.version.outputs.version }}
-      node_version: "20"
-
-  core-unit-test:
-    needs: core
-    uses: ./.github/workflows/core-unit-test.yml
-    with:
-      core_cache_key: ${{ needs.core.outputs.cache_key }}
-      core_cache_path: ${{ needs.core.outputs.cache_path }}
-    secrets:
-      CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
-
-  core-integration-test:
-    needs: core
-    uses: ./.github/workflows/core-integration-test.yml
-    with:
-      core_cache_key: ${{ needs.core.outputs.cache_key }}
-      core_cache_path: ${{ needs.core.outputs.cache_path }}
-    secrets:
-      CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
-
-  lint:
-    needs: [core, console]
-    uses: ./.github/workflows/lint.yml
-    with:
-      node_version: "18"
-      buf_version: "latest"
-      go_lint_version: "latest"
-      core_cache_key: ${{ needs.core.outputs.cache_key }}
-      core_cache_path: ${{ needs.core.outputs.cache_path }}
-
-  container:
-    needs: [compile]
-    uses: ./.github/workflows/container.yml
-    secrets: inherit
-    permissions:
-      packages: write
-    if: ${{ github.event_name == 'workflow_dispatch' }}
-    with:
-      build_image_name: "ghcr.io/zitadel/zitadel-build"
-
-  login-container:
-    uses: ./.github/workflows/login-container.yml
-    permissions:
-      packages: write
-      id-token: write
-    with:
-      login_build_image_name: "ghcr.io/zitadel/zitadel-login-build"
-      node_version: "20"
-
-  e2e:
-    uses: ./.github/workflows/e2e.yml
-    needs: [compile]
-
-  release:
-    uses: ./.github/workflows/release.yml
-    permissions:
-      packages: write
-      contents: write
-      issues: write
-      pull-requests: write
-    needs:
-      [
-        version,
-        core-unit-test,
-        core-integration-test,
-        lint,
-        container,
-        login-container,
-        e2e,
-      ]
-    if: ${{ github.event_name == 'workflow_dispatch' }}
-    secrets:
-      GCR_JSON_KEY_BASE64: ${{ secrets.GCR_JSON_KEY_BASE64 }}
-      APP_ID: ${{ secrets.APP_ID }}
-      APP_PRIVATE_KEY: ${{ secrets.APP_PRIVATE_KEY }}
-    with:
-      build_image_name: ${{ needs.container.outputs.build_image }}
-      semantic_version: "23.0.7"
-      image_name: "ghcr.io/zitadel/zitadel"
-      google_image_name: "europe-docker.pkg.dev/zitadel-common/zitadel-repo/zitadel"
-      build_image_name_login: ${{ needs.login-container.outputs.login_build_image }}
-      image_name_login: "ghcr.io/zitadel/zitadel-login"
-      google_image_name_login: "europe-docker.pkg.dev/zitadel-common/zitadel-repo/zitadel-login"

.github/workflows/ci.yml

@@ -0,0 +1,34 @@
+name: CI
+
+on:
+  push:
+    branches:
+      - improve-ci-nx
+
+permissions:
+  actions: read
+  contents: read
+
+jobs:
+  main:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          filter: tree:0
+          fetch-depth: 0
+
+      - run: npx nx start-ci-run --distribute-on="3 linux-medium-js" --stop-agents-after="build"
+
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 20
+          cache: 'npm'
+
+      - run: npm ci --legacy-peer-deps
+      - uses: nrwl/nx-set-shas@v4
+
+      - run: npx nx affected -t build
+
+      - run: npx nx fix-ci
+        if: always()

.github/workflows/codeql.yml

@@ -1,65 +0,0 @@
-name: "Code Scanning"
-
-on:
-  push:
-    branches:
-    -  'main'
-    paths-ignore:
-    - 'docs/**'
-  pull_request:
-    # The branches below must be a subset of the branches above
-    branches:
-    -  'main'
-    paths-ignore:
-    - 'docs/**'
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
-  cancel-in-progress: true
-
-jobs:
-  CodeQL-Build:
-    runs-on: ubuntu-latest
-    strategy:
-      fail-fast: false
-      matrix:
-        language: [go,javascript]
-    steps:
-    - name: Checkout repository
-      uses: actions/checkout@v4
-    - if: matrix.language == 'go'
-      name: Install Go
-      uses: actions/setup-go@v5
-      with:
-        go-version-file: go.mod
-
-    # node to install sass for go
-    - if: matrix.language == 'go'
-      uses: actions/setup-node@v4
-    - if: matrix.language == 'go'
-      run: |
-        npm install -g sass
-        make core_build
-    # Initializes the CodeQL tools for scanning.
-    - name: Initialize CodeQL
-      uses: github/codeql-action/init@v3
-      # Override language selection by uncommenting this and choosing your languages
-      with:
-        languages: ${{ matrix.language }}
-        debug: true
-    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
-    # If this step fails, then you should remove it and run the build manually (see below)
-    # - name: Autobuild
-    #  uses: github/codeql-action/autobuild@v2
-    # ℹ️ Command-line programs to run using the OS shell.
-    # 📚 https://git.io/JvXDl
-    # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
-    #    and modify them (or add more) to build your code if your project
-    #    uses a compiled language
-
-    # autobuild does not work anymore
-    # and to be able to compile without an actual console build, we just need a placeholder in the console dist folder
-    - name: Autobuild
-      uses: github/codeql-action/autobuild@v3
-    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v3

.github/workflows/compile.yml

@@ -1,88 +0,0 @@
-name: Compile
-
-on:
-  workflow_call:
-    inputs:
-      core_cache_key:
-        required: true
-        type: string
-      core_cache_path:
-        required: true
-        type: string
-      console_cache_key:
-        required: true
-        type: string
-      console_cache_path:
-        required: true
-        type: string
-      version:
-        required: true
-        type: string
-      node_version:
-        required: true
-        type: string
-
-jobs:
-  executable:
-    runs-on: ubuntu-latest
-    strategy:
-      fail-fast: false
-      matrix:
-        goos: [linux, darwin, windows]
-        goarch: [amd64, arm64]
-
-    steps:
-      - uses: actions/checkout@v4
-      - uses: actions/cache/restore@v4
-        timeout-minutes: 1
-        name: restore console
-        with:
-          path: ${{ inputs.console_cache_path }}
-          key: ${{ inputs.console_cache_key }}
-          fail-on-cache-miss: true
-      - uses: actions/cache/restore@v4
-        timeout-minutes: 1
-        name: restore core
-        with:
-          path: ${{ inputs.core_cache_path }}
-          key: ${{ inputs.core_cache_key }}
-          fail-on-cache-miss: true
-      - uses: actions/setup-go@v5
-        with:
-          go-version-file: "go.mod"
-      - name: compile
-        timeout-minutes: 5
-        run: |
-          GOOS="${{matrix.goos}}" \
-          GOARCH="${{matrix.goarch}}" \
-          VERSION="${{ inputs.version }}" \
-          COMMIT_SHA="${{ github.sha }}" \
-          make compile_pipeline
-      - name: create folder
-        run: |
-          mkdir zitadel-${{ matrix.goos }}-${{ matrix.goarch }}
-          mv zitadel zitadel-${{ matrix.goos }}-${{ matrix.goarch }}/
-          cp LICENSE zitadel-${{ matrix.goos }}-${{ matrix.goarch }}/
-          cp README.md zitadel-${{ matrix.goos }}-${{ matrix.goarch }}/
-          tar -czvf zitadel-${{ matrix.goos }}-${{ matrix.goarch }}.tar.gz zitadel-${{ matrix.goos }}-${{ matrix.goarch }}
-      - uses: actions/upload-artifact@v4
-        with:
-          name: zitadel-${{ matrix.goos }}-${{ matrix.goarch }}
-          path: zitadel-${{ matrix.goos }}-${{ matrix.goarch }}.tar.gz
-
-  checksums:
-    runs-on: ubuntu-latest
-    needs: [executable]
-    steps:
-      - uses: actions/download-artifact@v4
-        with:
-          path: executables
-      - name: move files one folder up
-        run: mv */*.tar.gz . && find . -type d -empty -delete
-        working-directory: executables
-      - run: sha256sum * > checksums.txt
-        working-directory: executables
-      - uses: actions/upload-artifact@v4
-        with:
-          name: checksums.txt
-          path: executables/checksums.txt

.github/workflows/console.yml

@@ -1,53 +0,0 @@
-name: Build console
-
-on:
-  workflow_call:
-    inputs:
-      node_version:
-        required: true
-        type: string
-    outputs:
-      cache_key:
-        value: ${{ jobs.build.outputs.cache_key }}
-      cache_path:
-        value: ${{ jobs.build.outputs.cache_path }}
-
-env:
-  cache_path: console/dist/console
-
-jobs:
-  build:
-    outputs:
-      cache_key: ${{ steps.cache.outputs.cache-primary-key }}
-      cache_path: ${{ env.cache_path }}
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      - uses: actions/cache/restore@v4
-        timeout-minutes: 1
-        continue-on-error: true
-        id: cache
-        with:
-          key: console-${{ hashFiles('console', 'proto', '!console/dist') }}
-          restore-keys: |
-            console-
-          path: ${{ env.cache_path }}
-      - if: ${{ steps.cache.outputs.cache-hit != 'true' }}
-        uses: pnpm/action-setup@v4
-      - if: ${{ steps.cache.outputs.cache-hit != 'true' }}
-        uses: actions/setup-node@v4
-        with:
-          node-version: ${{ inputs.node_version }}
-          cache: "pnpm"
-          cache-dependency-path: pnpm-lock.yaml
-      - if: ${{ steps.cache.outputs.cache-hit != 'true' }}
-        name: Install dependencies
-        run: pnpm install --frozen-lockfile
-      - if: ${{ steps.cache.outputs.cache-hit != 'true' }}
-        name: Build console with Turbo
-        run: pnpm turbo build --filter=./console
-      - if: ${{ steps.cache.outputs.cache-hit != 'true' }}
-        uses: actions/cache/save@v4
-        with:
-          path: ${{ env.cache_path }}
-          key: ${{ steps.cache.outputs.cache-primary-key }}

.github/workflows/container.yml

@@ -1,173 +0,0 @@
-name: Container
-
-on:
-  workflow_call:
-    inputs:
-      build_image_name:
-        required: true
-        type: string
-    outputs:
-      build_image:
-        value: '${{ inputs.build_image_name }}:${{ github.sha }}'
-
-permissions:
-  packages: write
-
-env:
-  default_labels: |
-    org.opencontainers.image.documentation=https://zitadel.com/docs
-    org.opencontainers.image.vendor=CAOS AG
-
-jobs:
-  build:
-    name: zitadel
-    runs-on: ubuntu-latest
-    strategy:
-      fail-fast: false
-      matrix:
-        arch: [amd64,arm64]
-    steps:
-      - 
-        uses: actions/checkout@v4
-      -
-        name: Scratch meta
-        id: scratch-meta
-        uses: docker/metadata-action@v5
-        with:
-          images: ${{ inputs.build_image_name }}
-          labels: ${{ env.default_labels}}
-          tags: |
-            type=sha,prefix=,suffix=,format=long
-      -
-        name: Debug meta
-        id: debug-meta
-        uses: docker/metadata-action@v5
-        with:
-          images: ${{ inputs.build_image_name }}
-          labels: ${{ env.default_labels}}
-          tags: |
-            type=sha,prefix=,suffix=-debug,format=long
-      - 
-        name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
-      - 
-        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-      -
-        name: Login to Docker registry
-        uses: docker/login-action@v3
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-      - 
-        uses: actions/download-artifact@v4
-        with:
-          path: .artifacts
-          name: zitadel-linux-${{ matrix.arch }}
-      -
-        name: Unpack executable
-        run: |
-          tar -xvf .artifacts/zitadel-linux-${{ matrix.arch }}.tar.gz
-          mv zitadel-linux-${{ matrix.arch }}/zitadel ./zitadel
-      - 
-        name: Debug
-        id: build-debug
-        uses: docker/build-push-action@v6
-        timeout-minutes: 3
-        with:
-          context: .
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
-          file: build/zitadel/Dockerfile
-          target: artifact
-          platforms: linux/${{ matrix.arch }}
-          push: true
-          labels: ${{ steps.debug-meta.outputs.labels }}
-          outputs: type=image,name=${{ inputs.build_image_name }},push-by-digest=true,name-canonical=true,push=true
-      - 
-        name: Scratch
-        id: build-scratch
-        uses: docker/build-push-action@v6
-        timeout-minutes: 3
-        with:
-          context: .
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
-          file: build/zitadel/Dockerfile
-          target: final
-          platforms: linux/${{ matrix.arch }}
-          push: true
-          labels: ${{ steps.scratch-meta.outputs.labels }}
-          outputs: type=image,name=${{ inputs.build_image_name }},push-by-digest=true,name-canonical=true,push=true
-      -
-        name: Export debug digest
-        run: |
-          mkdir -p /tmp/digests/debug
-          digest="${{ steps.build-debug.outputs.digest }}"
-          touch "/tmp/digests/debug/${digest#sha256:}"
-      -
-        name: Export scratch digest
-        run: |
-          mkdir -p /tmp/digests/scratch
-          digest="${{ steps.build-scratch.outputs.digest }}"
-          touch "/tmp/digests/scratch/${digest#sha256:}"
-      -
-        name: Upload digest
-        uses: actions/upload-artifact@v4
-        with:
-          name: digests-${{ matrix.arch }}
-          path: /tmp/digests
-          if-no-files-found: error
-          retention-days: 1
-  
-  merge:
-    runs-on: ubuntu-latest
-    needs:
-      - build
-    strategy:
-      fail-fast: false
-      matrix:
-        image: [scratch, debug]
-        include:
-          - image: scratch
-            suffix: ''
-          - image: debug
-            suffix: '-debug'
-    steps:
-      -
-        name: Download digests
-        uses: actions/download-artifact@v4
-        with:
-          pattern: digests-*
-          path: /tmp/digests
-          merge-multiple: true
-      -
-        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-      -
-        name: Login to Docker registry
-        uses: docker/login-action@v3
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-      -
-        name: Docker meta
-        id: build-meta
-        uses: docker/metadata-action@v5
-        with:
-          images: '${{ inputs.build_image_name }}'
-          tags: |
-            type=sha,prefix=,suffix=${{ matrix.suffix }},format=long
-      -
-        name: Create build manifest list and push
-        working-directory: /tmp/digests/${{ matrix.image }}
-        run: |
-          docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< '${{ steps.build-meta.outputs.json }}') \
-            $(printf '${{ inputs.build_image_name }}@sha256:%s ' *)
-      -
-        name: Inspect build image
-        run: |
-          docker buildx imagetools inspect ${{ inputs.build_image_name }}:${{ github.sha }}${{ matrix.suffix }}
-

.github/workflows/core-integration-test.yml

@@ -1,100 +0,0 @@
-name: Integration test core
-
-on: 
-  workflow_call:
-    inputs:
-      core_cache_key:
-        required: true
-        type: string
-      core_cache_path:
-        required: true
-        type: string
-    secrets:
-      CODECOV_TOKEN:
-        required: true
-
-jobs:
-  postgres:
-    runs-on:
-      group: zitadel-public
-    services:
-      postgres:
-        image: postgres
-        ports:
-          - 5432:5432
-        env:
-          POSTGRES_USER: zitadel
-          PGUSER: zitadel
-          POSTGRES_DB: zitadel
-          POSTGRES_HOST_AUTH_METHOD: trust
-        options: >-
-          --health-cmd pg_isready
-          --health-interval 10s
-          --health-timeout 5s
-          --health-retries 5
-          --health-start-period 10s
-      cache:
-        image: redis:latest
-        ports:
-          - 6379:6379
-    steps:
-      - 
-        uses: actions/checkout@v4
-      -
-        uses: actions/setup-go@v5
-        with:
-          go-version-file: 'go.mod'
-      - 
-        uses: actions/cache/restore@v4
-        timeout-minutes: 1
-        name: restore core
-        id: restore-core
-        with:
-          path: ${{ inputs.core_cache_path }}
-          key: ${{ inputs.core_cache_key }}
-          fail-on-cache-miss: true
-      -
-        id: go-cache-path
-        name: set cache path
-        run: echo "GO_CACHE_PATH=$(go env GOCACHE)" >> $GITHUB_OUTPUT
-      - 
-        uses: actions/cache/restore@v4
-        id: cache
-        timeout-minutes: 1
-        continue-on-error: true
-        name: restore previous results
-        with:
-          key: integration-test-postgres-${{ inputs.core_cache_key }}
-          restore-keys: |
-            integration-test-postgres-core-
-          path: ${{ steps.go-cache-path.outputs.GO_CACHE_PATH }}
-      - 
-        name: test
-        if: ${{ steps.cache.outputs.cache-hit != 'true' }}
-        env:
-          ZITADEL_MASTERKEY: MasterkeyNeedsToHave32Characters
-        run: make core_integration_test
-      -
-        name: upload server logs
-        if: always()
-        uses: actions/upload-artifact@v4
-        with:
-          name: integration-test-server-logs
-          path: |
-           tmp/zitadel.log
-           tmp/race.log.*
-      - 
-        name: publish coverage
-        uses: codecov/codecov-action@v4.3.0
-        with:
-          file: profile.cov
-          name: core-integration-tests-postgres
-          flags: core-integration-tests-postgres
-          token: ${{ secrets.CODECOV_TOKEN }}
-      - 
-        uses: actions/cache/save@v4
-        name: cache results
-        if: ${{ steps.cache.outputs.cache-hit != 'true' }}
-        with:
-          key: integration-test-postgres-${{ inputs.core_cache_key }}
-          path: ${{ steps.go-cache-path.outputs.GO_CACHE_PATH }}

.github/workflows/core-unit-test.yml

@@ -1,72 +0,0 @@
-name: Unit test core
-
-on: 
-  workflow_call:
-    inputs:
-      core_cache_key:
-        required: true
-        type: string
-      core_cache_path:
-        required: true
-        type: string
-      crdb_version:
-        required: false
-        type: string
-    secrets:
-      CODECOV_TOKEN:
-        required: true
-
-jobs:
-  test:
-    runs-on: ubuntu-latest
-    steps:
-      - 
-        uses: actions/checkout@v3
-      -
-        uses: actions/setup-go@v5
-        with:
-          go-version-file: 'go.mod'
-      - 
-        uses: actions/cache/restore@v4
-        timeout-minutes: 1
-        name: restore core
-        id: restore-core
-        with:
-          path: ${{ inputs.core_cache_path }}
-          key: ${{ inputs.core_cache_key }}
-          fail-on-cache-miss: true
-      -
-        id: go-cache-path
-        name: set cache path
-        run: echo "GO_CACHE_PATH=$(go env GOCACHE)" >> $GITHUB_OUTPUT
-      - 
-        uses: actions/cache/restore@v4
-        id: cache
-        timeout-minutes: 1
-        continue-on-error: true
-        name: restore previous results
-        with:
-          key: unit-test-${{ inputs.core_cache_key }}
-          restore-keys: |
-            unit-test-core-
-          path: ${{ steps.go-cache-path.outputs.GO_CACHE_PATH }}
-      - 
-        name: test
-        if: ${{ steps.cache.outputs.cache-hit != 'true' }}
-        run: make core_unit_test
-      - 
-        name: publish coverage
-        uses: codecov/codecov-action@v4.3.0
-        with:
-          file: profile.cov
-          name: core-unit-tests
-          flags: core-unit-tests
-          token: ${{ secrets.CODECOV_TOKEN }}
-      - 
-        uses: actions/cache/save@v4
-        name: cache results
-        if: ${{ steps.cache.outputs.cache-hit != 'true' }}
-        with:
-          key: unit-test-${{ inputs.core_cache_key }}
-          path: ${{ steps.go-cache-path.outputs.GO_CACHE_PATH }}
-        

.github/workflows/core.yml

@@ -1,80 +0,0 @@
-name: Build core
-
-on: 
-  workflow_call:
-    inputs:
-      buf_version:
-        required: true
-        type: string
-      node_version:
-        required: true
-        type: string
-    outputs:
-      cache_key:
-        value: ${{ jobs.build.outputs.cache_key }}
-      cache_path:
-        value: ${{ jobs.build.outputs.cache_path }}
-
-env:
-  cache_path: |
-    internal/statik/statik.go
-    internal/notification/statik/statik.go
-    internal/api/ui/login/static/resources/themes/zitadel/css/zitadel.css*
-    internal/api/ui/login/statik/statik.go
-    internal/api/assets/authz.go 
-    internal/api/assets/router.go
-    openapi/v2
-    pkg/grpc/**/*.pb.*
-    pkg/grpc/**/*.connect.go
-
-jobs:
-  build:
-    runs-on: ubuntu-latest
-    outputs:
-      cache_key: ${{ steps.cache.outputs.cache-primary-key }}
-      cache_path: ${{ env.cache_path }}
-    steps:
-        - 
-          uses: actions/checkout@v4
-        - 
-          uses: actions/cache/restore@v4
-          timeout-minutes: 1
-          continue-on-error: true
-          id: cache
-          with:
-            key: core-${{ hashFiles( 'go.*', 'openapi', 'cmd', 'pkg/grpc/**/*.go', 'proto', 'internal') }}
-            restore-keys: |
-              core-
-            path: ${{ env.cache_path }}
-        - 
-          if: ${{ steps.cache.outputs.cache-hit != 'true' }}
-          uses: bufbuild/buf-setup-action@v1
-          with:
-            github_token: ${{ github.token }}
-            version: ${{ inputs.buf_version }}
-        
-        - 
-          # node to install sass
-          if: ${{ steps.cache.outputs.cache-hit != 'true' }}
-          uses: actions/setup-node@v4
-          with:
-            node-version: ${{ inputs.node_version }}
-        - 
-          if: ${{ steps.cache.outputs.cache-hit != 'true' }}
-          run: npm install -g sass
-        
-        - 
-          if: ${{ steps.cache.outputs.cache-hit != 'true' }}
-          uses: actions/setup-go@v5
-          with:
-            go-version-file: 'go.mod'
-        - 
-          if: ${{ steps.cache.outputs.cache-hit != 'true' }}
-          run: make core_build
-        - 
-          if: ${{ steps.cache.outputs.cache-hit != 'true' }}
-          uses: actions/cache/save@v4
-          with:
-            key: ${{ steps.cache.outputs.cache-primary-key }}
-            path: ${{ env.cache_path }}
-        

.github/workflows/docs.yml

@@ -1,61 +0,0 @@
-name: Build docs
-
-on:
-  workflow_call:
-    inputs:
-      node_version:
-        required: true
-        type: string
-      buf_version:
-        required: true
-        type: string
-    outputs:
-      cache_key:
-        value: ${{ jobs.build.outputs.cache_key }}
-      cache_path:
-        value: ${{ jobs.build.outputs.cache_path }}
-
-env:
-  cache_path: docs/build
-
-jobs:
-  build:
-    outputs:
-      cache_key: ${{ steps.cache.outputs.cache-primary-key }}
-      cache_path: ${{ env.cache_path }}
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      - uses: actions/cache/restore@v4
-        timeout-minutes: 1
-        continue-on-error: true
-        id: cache
-        with:
-          key: docs-${{ hashFiles('docs', 'proto', '!docs/build', '!docs/node_modules', '!docs/protoc-gen-connect-openapi') }}
-          restore-keys: |
-            docs-
-          path: ${{ env.cache_path }}
-      - if: ${{ steps.cache.outputs.cache-hit != 'true' }}
-        uses: bufbuild/buf-setup-action@v1
-        with:
-          github_token: ${{ github.token }}
-          version: ${{ inputs.buf_version }}
-      - if: ${{ steps.cache.outputs.cache-hit != 'true' }}
-        uses: pnpm/action-setup@v4
-      - if: ${{ steps.cache.outputs.cache-hit != 'true' }}
-        uses: actions/setup-node@v4
-        with:
-          node-version: ${{ inputs.node_version }}
-          cache: "pnpm"
-          cache-dependency-path: pnpm-lock.yaml
-      - if: ${{ steps.cache.outputs.cache-hit != 'true' }}
-        name: Install dependencies
-        run: pnpm install
-      - if: ${{ steps.cache.outputs.cache-hit != 'true' }}
-        name: Build docs with Turbo
-        run: pnpm turbo build --filter=./docs
-      - if: ${{ steps.cache.outputs.cache-hit != 'true' }}
-        uses: actions/cache/save@v4
-        with:
-          path: ${{ env.cache_path }}
-          key: ${{ steps.cache.outputs.cache-primary-key }}

.github/workflows/e2e.yml

@@ -1,63 +0,0 @@
-name: "ZITADEL e2e Tests"
-
-on:
-  workflow_call:
-
-jobs:
-  test:
-    timeout-minutes: 10
-    strategy:
-      fail-fast: false
-      matrix:
-        browser: [firefox, chrome]
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout Repository
-        uses: actions/checkout@v4
-      - uses: actions/download-artifact@v4
-        with:
-          path: .artifacts
-          name: zitadel-linux-amd64
-      - name: Unpack executable
-        run: |
-          tar -xvf .artifacts/zitadel-linux-amd64.tar.gz
-          mv zitadel-linux-amd64/zitadel ./zitadel
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-      - uses: pnpm/action-setup@v4
-      - uses: actions/setup-node@v4
-        with:
-          node-version: 20
-          cache: "pnpm"
-          cache-dependency-path: pnpm-lock.yaml
-      - name: Install dependencies
-        run: pnpm install
-      - name: Install Cypress binary
-        run: cd ./e2e && pnpm exec cypress install
-      - name: Start DB and ZITADEL
-        run: |
-          cd ./e2e
-          ZITADEL_IMAGE=zitadel:local docker compose up --detach --wait
-      - name: Cypress run
-        uses: cypress-io/github-action@v6
-        env:
-          CYPRESS_BASE_URL: http://localhost:8080/ui/console
-          CYPRESS_WEBHOOK_HANDLER_HOST: host.docker.internal
-          CYPRESS_DATABASE_CONNECTION_URL: "postgresql://root@localhost:26257/zitadel"
-          CYPRESS_BACKEND_URL: http://localhost:8080
-        with:
-          working-directory: e2e
-          browser: ${{ matrix.browser }}
-          config-file: cypress.config.ts
-          install: false
-      - uses: actions/upload-artifact@v4
-        if: always()
-        with:
-          name: production-tests-${{ matrix.browser }}
-          path: |
-            e2e/cypress/screenshots
-            e2e/cypress/videos
-            e2e/cypress/results
-          retention-days: 30

.github/workflows/issues.yml

@@ -1,43 +0,0 @@
-name: Add new issues to product management project
-
-on:
-  issues:
-    types:
-      - opened
-  pull_request_target:
-    types:
-      - opened
-
-jobs:
-  add-to-project:
-    name: Add issue and community pr to project
-    runs-on: ubuntu-latest
-    steps:
-      - name: add issue
-        uses: actions/add-to-project@v1.0.1
-        if: ${{ github.event_name == 'issues' }}
-        with:
-          # You can target a repository in a different organization
-          # to the issue
-          project-url: https://github.com/orgs/zitadel/projects/2
-          github-token: ${{ secrets.ADD_TO_PROJECT_PAT }}
-      - uses: tspascoal/get-user-teams-membership@v3
-        id: checkUserMember
-        if: github.actor != 'dependabot[bot]'
-        with:
-         username: ${{ github.actor }}
-         GITHUB_TOKEN: ${{ secrets.ADD_TO_PROJECT_PAT }}
-      - name: add pr
-        uses: actions/add-to-project@v1.0.1
-        if: ${{ github.event_name == 'pull_request_target' && github.actor != 'dependabot[bot]' && !contains(steps.checkUserMember.outputs.teams, 'engineers')}}
-        with:
-          # You can target a repository in a different organization
-          # to the issue
-          project-url: https://github.com/orgs/zitadel/projects/2
-          github-token: ${{ secrets.ADD_TO_PROJECT_PAT }}
-      - uses: actions-ecosystem/action-add-labels@v1.1.3
-        if: ${{ github.event_name == 'pull_request_target' && github.actor != 'dependabot[bot]' && !contains(steps.checkUserMember.outputs.teams, 'staff')}}
-        with:
-          github_token: ${{ secrets.ADD_TO_PROJECT_PAT }}
-          labels: |
-            os-contribution

.github/workflows/lint.yml

@@ -1,86 +0,0 @@
-name: Lint
-
-on:
-  workflow_call:
-    inputs:
-      node_version:
-        required: true
-        type: string
-      buf_version:
-        required: true
-        type: string
-      go_lint_version:
-        required: true
-        type: string
-      core_cache_key:
-        required: true
-        type: string
-      core_cache_path:
-        required: true
-        type: string
-
-jobs:
-  lint-skip:
-    name: lint skip
-    runs-on: ubuntu-latest
-    if: ${{ github.event_name != 'pull_request' }}
-    steps:
-      - name: Lint skip
-        run: |
-          echo "Linting outside of pull requests is skipped"
-
-  api:
-    name: api
-    runs-on: ubuntu-latest
-    continue-on-error: true
-    if: ${{ github.event_name == 'pull_request' }}
-    steps:
-      - uses: actions/checkout@v4
-      - uses: bufbuild/buf-setup-action@v1
-        with:
-          version: ${{ inputs.buf_version }}
-          github_token: ${{ secrets.GITHUB_TOKEN }}
-      - name: lint
-        uses: bufbuild/buf-lint-action@v1
-      - uses: bufbuild/buf-breaking-action@v1
-        with:
-          against: "https://github.com/${{ github.repository }}.git#branch=${{ github.base_ref }}"
-
-  turbo-lint-unit:
-    if: ${{ github.event_name == 'pull_request' }}
-    name: turbo-lint-unit
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-      - name: Run lint and unit tests in dev container
-        uses: devcontainers/ci@v0.3
-        with:
-          push: never
-          configFile: .devcontainer/turbo-lint-unit/devcontainer.json
-          runCmd: echo "Successfully ran lint and unit tests in dev container postStartCommand"
-
-  core:
-    name: core
-    runs-on: ubuntu-latest
-    if: ${{ github.event_name == 'pull_request' }}
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-      - uses: actions/setup-go@v5
-        with:
-          go-version-file: "go.mod"
-      - uses: actions/cache/restore@v4
-        timeout-minutes: 1
-        name: restore core
-        with:
-          path: ${{ inputs.core_cache_path }}
-          key: ${{ inputs.core_cache_key }}
-          fail-on-cache-miss: true
-      - uses: golangci/golangci-lint-action@v8
-        with:
-          version: ${{ inputs.go_lint_version }}
-          github-token: ${{ github.token }}
-          only-new-issues: true

.github/workflows/login-container.yml

@@ -1,69 +0,0 @@
-name: Login Container
-
-on:
-  workflow_call:
-    inputs:
-      login_build_image_name:
-        description: 'The image repository name of the standalone login image'
-        type: string
-        required: true
-      node_version:
-        required: true
-        type: string
-    outputs:
-      login_build_image:
-          description: 'The full image tag of the standalone login image'
-          value: '${{ inputs.login_build_image_name }}:${{ github.sha }}'
-
-permissions:
-  packages: write
-
-env:
-  default_labels: |
-    org.opencontainers.image.documentation=https://zitadel.com/docs
-    org.opencontainers.image.vendor=CAOS AG
-    org.opencontainers.image.licenses=MIT
-
-jobs:
-  login-container:
-    name: Build Login Container
-    runs-on: ubuntu-latest
-    permissions:
-      packages: write
-    steps:
-      - uses: actions/checkout@v4
-      - name: Login meta
-        id: login-meta
-        uses: docker/metadata-action@v5
-        with:
-          images: ${{ inputs.login_build_image_name }}
-          labels: ${{ env.default_labels}}
-          annotations: |
-            manifest:org.opencontainers.image.licenses=MIT
-          tags: |
-            type=sha,prefix=,suffix=,format=long
-      - name: Login to Docker registry
-        uses: docker/login-action@v3
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-      - name: Bake login multi-arch
-        uses: docker/bake-action@v6
-        env:
-          NODE_VERSION: ${{ inputs.node_version }}
-        with:
-          push: true
-          provenance: true
-          sbom: true
-          targets: login-standalone
-          set: |
-            *.cache-from=type=gha
-            *.cache-to=type=gha,mode=max
-          files: |
-            ./apps/login/docker-bake.hcl
-            ./apps/login/docker-bake-release.hcl
-            ./docker-bake.hcl
-            cwd://${{ steps.login-meta.outputs.bake-file }}

.github/workflows/ready_for_review.yml

@@ -1,31 +0,0 @@
-on:
-  pull_request:
-    types: [opened]
-
-jobs:
-  comment:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/github-script@v7
-        with:
-          script: |
-            const content = `### Thanks for your contribution @${{ github.event.pull_request.user.login }}! 🎉
-
-            Please make sure you tick the following checkboxes before marking this Pull Request (PR) as ready for review:
-            
-              - [ ] I have reviewed my changes and would approve it
-              - [ ] Documentations and examples are up-to-date
-              - [ ] Logical behavior changes are tested automatically
-              - [ ] No debug or dead code
-              - [ ] My code has no repetitions
-              - [ ] The PR title adheres to the [conventional commit format](https://www.conventionalcommits.org/en/v1.0.0/)
-              - [ ] The example texts in the PR description are replaced.
-              - [ ] If there are any open TODOs or follow-ups, they are described in issues and link to this PR
-              - [ ] If there are deviations from a user stories acceptance criteria or design, they are agreed upon with the PO and documented.
-              `;
-            github.rest.issues.createComment({
-              issue_number: context.issue.number,
-              owner: context.repo.owner,
-              repo: context.repo.repo,
-              body: content
-            })

.github/workflows/release.yml

@@ -1,219 +0,0 @@
-name: Release
-
-on:
-  workflow_call:
-    inputs:
-      semantic_version:
-        required: true
-        type: string
-      build_image_name:
-        required: true
-        type: string
-      image_name:
-        required: true
-        type: string
-      google_image_name:
-        required: true
-        type: string
-      build_image_name_login:
-        required: true
-        type: string
-      image_name_login:
-        required: true
-        type: string
-      google_image_name_login:
-        required: true
-        type: string
-    secrets:
-      GCR_JSON_KEY_BASE64:
-        description: 'base64 endcrypted key to connect to Google'
-        required: true
-      APP_ID:
-        description: 'GH App ID to request token for homebrew update'
-        required: true
-      APP_PRIVATE_KEY:
-        description: 'GH App Private Key to request token for homebrew update'
-        required: true
-
-jobs:
-  version:
-    uses: ./.github/workflows/version.yml
-    with:
-      semantic_version: ${{ inputs.semantic_version }}
-      dry_run: false
-
-  # TODO: remove the publish job and publish releases directly with the @semantic-release/github plugin (remove draftRelease: true)
-  # as soon as it supports configuring the create release payload property make_latest to "legacy"
-  # https://docs.github.com/en/rest/releases/releases?apiVersion=2022-11-28#create-a-release--parameters
-  publish:
-    runs-on: ubuntu-22.04
-    needs: [ version ]
-    steps:
-      - id: get_release
-        uses: cardinalby/git-get-release-action@v1
-        with:
-          commitSha: ${{ github.sha }}
-          draft: true
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      - name: Publish Release
-        uses: actions/github-script@v7
-        with:
-          github-token: ${{ secrets.GITHUB_TOKEN }}
-          script: |
-            github.rest.repos.updateRelease({
-              owner: context.repo.owner,
-              repo: context.repo.repo,
-              release_id: ${{ steps.get_release.outputs.id }},
-              draft: false,
-              make_latest: "legacy"
-            });
-
-  docker:
-    runs-on: ubuntu-22.04
-    needs: [ version ]
-    steps:
-    -
-      name: Set up QEMU
-      uses: docker/setup-qemu-action@v3
-    -
-      name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@v3
-    - 
-      name: Login to Docker registry
-      uses: docker/login-action@v3
-      with:
-        registry: ghcr.io
-        username: ${{ github.actor }}
-        password: ${{ secrets.GITHUB_TOKEN }}
-    -
-      name: Login to Google Artifact Registry
-      uses: docker/login-action@v3
-      with:
-        registry: europe-docker.pkg.dev
-        username: _json_key_base64
-        password: ${{ secrets.GCR_JSON_KEY_BASE64 }}
-    -
-      name: Publish ${{ needs.version.outputs.version }}
-      run: |
-        docker buildx imagetools create \
-          --tag ${{ inputs.image_name }}:${{ needs.version.outputs.version }} \
-          ${{ inputs.build_image_name }}
-        docker buildx imagetools create \
-          --tag ${{ inputs.image_name }}:${{ needs.version.outputs.version }}-debug \
-          ${{ inputs.build_image_name }}-debug        
-        docker buildx imagetools create \
-          --tag ${{ inputs.google_image_name }}:${{ needs.version.outputs.version }} \
-          ${{ inputs.build_image_name }}
-        docker buildx imagetools create \
-          --tag ${{ inputs.image_name_login }}:${{ needs.version.outputs.version }} \
-          ${{ inputs.build_image_name_login }}
-        docker buildx imagetools create \
-          --tag ${{ inputs.google_image_name_login }}:${{ needs.version.outputs.version }} \
-          ${{ inputs.build_image_name_login }}
-    -
-      name: Publish latest
-      if: ${{ github.ref_name == 'next' }}
-      run: |
-        docker buildx imagetools create \
-          --tag ${{ inputs.image_name }}:latest \
-          ${{ inputs.build_image_name }}
-        docker buildx imagetools create \
-          --tag ${{ inputs.image_name }}:latest-debug \
-          ${{ inputs.build_image_name }}-debug
-        docker buildx imagetools create \
-          --tag ${{ inputs.image_name_login }}:latest \
-          ${{ inputs.build_image_name_login }}
-
-  homebrew-tap:
-    runs-on: ubuntu-22.04
-    needs: version
-    if: ${{ github.ref_name == 'next' }}
-    continue-on-error: true
-    steps:
-    - name: generate token
-      uses: tibdex/github-app-token@v2
-      id: generate-token
-      with:
-        app_id: ${{ secrets.APP_ID }}
-        private_key: ${{ secrets.APP_PRIVATE_KEY }}
-    - name: Trigger Homebrew
-      env:
-        VERSION: ${{ needs.version.outputs.version }}
-        RUN_ID: ${{ github.run_id }}
-        GH_TOKEN: ${{ steps.generate-token.outputs.token }}
-      run: |
-        gh workflow -R zitadel/homebrew-tap run update.yml -f runId=${RUN_ID} -f version=${VERSION}
-
-  helm-chart:
-    runs-on: ubuntu-22.04
-    needs: version
-    if: ${{ github.ref_name == 'next' }}
-    continue-on-error: true
-    steps:
-      - name: generate token
-        uses: tibdex/github-app-token@v2
-        id: generate-token
-        with:
-          app_id: ${{ secrets.APP_ID }}
-          private_key: ${{ secrets.APP_PRIVATE_KEY }}
-      - name: Trigger Chart Bump
-        env:
-          VERSION: ${{ needs.version.outputs.version }}
-          RUN_ID: ${{ github.run_id }}
-          GH_TOKEN: ${{ steps.generate-token.outputs.token }}
-        run: |
-          gh workflow -R zitadel/zitadel-charts run bump.yml
-
-  npm-packages:
-    runs-on: ubuntu-latest
-    needs: version
-    if: ${{ github.ref_name == 'next' }}
-    continue-on-error: true
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-
-      - name: Set up Node.js
-        uses: actions/setup-node@v4
-        with:
-          node-version: '20'
-
-      - name: Install pnpm
-        uses: pnpm/action-setup@v4
-
-      - name: Install dependencies
-        working-directory: login
-        run: pnpm install --frozen-lockfile
-
-      - name: Create Release Pull Request
-        uses: changesets/action@v1
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        with:
-          version: ${{ needs.version.outputs.version }}
-          cwd: packages
-          createGithubReleases: false
-
-  login-repo:
-    runs-on: ubuntu-latest
-    needs: version
-    if: ${{ github.ref_name == 'next' }}
-    continue-on-error: true
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-      - name: Push Subtree
-        run: make login_push LOGIN_REMOTE_BRANCH=mirror-zitadel-repo
-      - name: Create Pull Request
-        uses: peter-evans/create-pull-request@v7
-        with:
-          token: ${{ secrets.GITHUB_TOKEN }}
-          commit-message: 'chore: mirror zitadel repo'
-          branch: mirror-zitadel-repo
-          title: 'chore: mirror zitadel repo'
-          body: 'This PR updates the login repository with the latest changes from the zitadel repository.'
-          base: main
-          reviewers: |
-            @peintnermax
-            @eliobischof

.github/workflows/version.yml

@@ -1,52 +0,0 @@
-name: Version
-
-on:
-  workflow_call:
-    inputs:
-      semantic_version:
-        required: true
-        type: string
-      dry_run:
-        required: true
-        type: boolean
-    outputs:
-        version:
-            value: ${{ jobs.generate.outputs.version }}
-        published:
-            value: ${{jobs.generate.outputs.published }}
-
-jobs:
-  generate:
-    runs-on: ubuntu-22.04
-    env:
-      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-    outputs:
-      version: ${{ steps.output.outputs.VERSION }}
-      published: ${{ steps.semantic.outputs.new_release_published }}
-    steps:
-    -
-      name: Source checkout
-      uses: actions/checkout@v4
-    -
-      uses: actions/download-artifact@v4
-      if: ${{ !inputs.dry_run }}
-      with:
-        path: .artifacts
-        pattern: "{checksums.txt,zitadel-*}"
-    -
-      name: Semantic Release
-      uses: cycjimmy/semantic-release-action@v4
-      id: semantic
-      env:
-        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      with:
-        dry_run: ${{ inputs.dry_run }}
-        semantic_version: ${{ inputs.semantic_version }}
-        extra_plugins: |
-          @semantic-release/exec@6.0.3
-          @semantic-release/github@10.0.2
-    -
-      name: output
-      id: output
-      run:
-        if [[ ! -z "${{ steps.semantic.outputs.new_release_version }}" ]]; then echo "VERSION=v${{ steps.semantic.outputs.new_release_version }}" >> "$GITHUB_OUTPUT"; else echo "VERSION=${{ github.sha }}" >> "$GITHUB_OUTPUT";fi

.gitignore

@@ -97,3 +97,9 @@ load-test/output/*
 
 # PNPM
 .pnpm-store
+
+
+.nx/cache
+.nx/workspace-data
+.cursor/rules/nx-rules.mdc
+.github/instructions/nx.instructions.md

apps/console/package.json

@@ -1,6 +1,6 @@
 {
-  "name": "console",
-  "version": "0.0.0",
+  "name": "@zitadel/console",
+  "private": true,
   "scripts": {
     "ng": "ng",
     "dev": "node prebuild.development.js && ng serve",
@@ -10,10 +10,26 @@
     "lint:check:ng": "ng lint",
     "lint:check:prettier": "prettier --check src",
     "lint:fix": "prettier --write src",
-    "generate": "pnpm exec buf generate ../proto --include-imports --include-wkt",
+    "generate": "pnpm exec buf generate ../../proto --include-imports --include-wkt",
     "clean": "rm -rf dist .angular .turbo node_modules src/app/proto/generated"
   },
-  "private": true,
+  "nx": {
+    "targets": {
+      "generate": {
+        "outputs": [
+          "{projectRoot}/src/app/proto/generated/**"
+        ]
+      },
+      "build": {
+        "outputs": [
+          "{projectRoot}/dist/**"
+        ],
+        "dependsOn": [
+          "generate"
+          ]
+      }
+    }
+  },
   "dependencies": {
     "@angular/animations": "^16.2.12",
     "@angular/cdk": "^16.2.14",

apps/console/src/app/components/framework-change/framework-change.component.ts

@@ -2,7 +2,7 @@ import { CommonModule } from '@angular/common';
 import { Component, EventEmitter, OnDestroy, OnInit, Output } from '@angular/core';
 import { ActivatedRoute, Params, RouterModule } from '@angular/router';
 import { TranslateModule } from '@ngx-translate/core';
-import frameworkDefinition from '../../../../../docs/frameworks.json';
+import frameworkDefinition from '../../../../../../docs/frameworks.json';
 import { MatButtonModule } from '@angular/material/button';
 import { Framework } from '../quickstart/quickstart.component';
 import { BehaviorSubject, Subject, takeUntil } from 'rxjs';

apps/console/src/app/components/quickstart/quickstart.component.ts

@@ -2,7 +2,7 @@ import { CommonModule } from '@angular/common';
 import { Component } from '@angular/core';
 import { RouterModule } from '@angular/router';
 import { TranslateModule } from '@ngx-translate/core';
-import frameworkDefinition from '../../../../../docs/frameworks.json';
+import frameworkDefinition from '../../../../../../docs/frameworks.json';
 import { MatButtonModule } from '@angular/material/button';
 import type { FrameworkName } from '@netlify/framework-info/lib/generated/frameworkNames';
 import { OIDC_CONFIGURATIONS } from 'src/app/utils/framework';