cleanup

2025-08-11 13:19:21 +00:00 · 2025-08-04 22:36:41 -07:00
parent 0f9f8697e2
commit 7ecfd8759b
39 changed files with 493 additions and 1486 deletions
--- a/.devcontainer/base/Dockerfile
+++ b/.devcontainer/base/Dockerfile
@@ -1,16 +0,0 @@
 FROM mcr.microsoft.com/devcontainers/typescript-node:20-bookworm
 ENV SHELL=/bin/bash \
    DEBIAN_FRONTEND=noninteractive \
    LANG=C.UTF-8 \
    LC_ALL=C.UTF-8 \
    CI=1 \
    PNPM_HOME=/home/node/.local/share/pnpm \
    PATH=/home/node/.local/share/pnpm:$PATH
 RUN apt-get update && \
    apt-get --no-install-recommends install -y \
    libgtk2.0-0 libgtk-3-0 libgbm-dev libnotify-dev libnss3 libxss1 libasound2 libxtst6 xauth xvfb && \
    apt-get clean && \
    corepack enable && COREPACK_ENABLE_DOWNLOAD_PROMPT=0 corepack prepare pnpm@9.1.2 --activate
--- a/.devcontainer/base/devcontainer.json
+++ b/.devcontainer/base/devcontainer.json
@@ -1,28 +0,0 @@
 {
 	"$schema": "https://raw.githubusercontent.com/devcontainers/spec/refs/heads/main/schemas/devContainer.schema.json",
 	"name": "devcontainer",
 	"dockerComposeFile": "docker-compose.yml",
 	"service": "devcontainer",
 	"workspaceFolder": "/workspaces",
 	"features": {
 		"ghcr.io/devcontainers/features/go:1": {
 			"version": "1.24"
 		},
 		"ghcr.io/guiyomh/features/golangci-lint:0": {},
 		"ghcr.io/jungaretti/features/make:1": {}
 	},
 	"forwardPorts": [
 		3000,
 		3001,
 		4200,
 		8080
 	],
 	"onCreateCommand": "pnpm install -g sass@1.64.1",
 	"customizations": {
 		"jetbrains": {
 			"settings": {
 				"com.intellij:app:HttpConfigurable.use_proxy_pac": true
 			}
 		}
 	}
 }
--- a/.devcontainer/base/docker-compose.yml
+++ b/.devcontainer/base/docker-compose.yml
@@ -1,239 +0,0 @@
 x-build-cache: &build-cache
  cache_from:
    - type=gha
  cache_to:
    - type=gha,mode=max
 services:
  devcontainer:
    container_name: devcontainer
    build:
      context: .
      <<: *build-cache
    volumes:
      - ../../:/workspaces:cached
      - /tmp/.X11-unix:/tmp/.X11-unix:cached
      - home-dir:/home/node:delegated
    command: sleep infinity
    working_dir: /workspaces
    environment:
      ZITADEL_DATABASE_POSTGRES_HOST: db
      ZITADEL_EXTERNALSECURE: false
  db:
    container_name: db
    image: postgres:17.0-alpine3.19
    restart: unless-stopped
    volumes:
      - postgres-data:/var/lib/postgresql/data
    environment:
      PGUSER: postgres
      POSTGRES_PASSWORD: postgres
    healthcheck:
      test: [ "CMD-SHELL", "pg_isready" ]
      interval: "10s"
      timeout: "30s"
      retries: 5
      start_period: "20s"
    ports:
      - "5432:5432"
  mock-zitadel:
    container_name: mock-zitadel
    build:
      context: ../../apps/login/integration/core-mock
      <<: *build-cache
    ports:
      - 22220:22220
      - 22222:22222
  login-integration:
    container_name: login-integration
    build:
      context: ../..
      dockerfile: build/login/Dockerfile
      <<: *build-cache
    image: "${LOGIN_TAG:-zitadel-login:local}"
    env_file: ../../apps/login/.env.test
    network_mode: service:devcontainer
    environment:
      NODE_ENV: test
      PORT: 3001
    depends_on:
      mock-zitadel:
        condition: service_started
  zitadel:
    image: "${ZITADEL_TAG:-ghcr.io/zitadel/zitadel:v4.0.0-rc.2}"
    container_name: zitadel
    command: 'start-from-init --masterkey "MasterkeyNeedsToHave32Characters" --config /zitadel.yaml --steps /zitadel.yaml'
    volumes:
      - ../../apps/login/acceptance/pat:/pat:delegated
      - ../../apps/login/acceptance/zitadel.yaml:/zitadel.yaml:cached
    network_mode: service:devcontainer
    healthcheck:
      test:
        - CMD
        - /app/zitadel
        - ready
        - --config
        - /zitadel.yaml
    depends_on:
      db:
        condition: "service_healthy"
  configure-login:
    container_name: configure-login
    restart: no
    build:
      context: ../../apps/login/acceptance/setup
      dockerfile: ../go-command.Dockerfile
      <<: *build-cache
    entrypoint: "./setup.sh"
    network_mode: service:devcontainer
    environment:
      PAT_FILE: /pat/zitadel-admin-sa.pat
      ZITADEL_API_URL: http://localhost:8080
      WRITE_ENVIRONMENT_FILE: /login-env/.env.test.local
      SINK_EMAIL_INTERNAL_URL: http://sink:3333/email
      SINK_SMS_INTERNAL_URL: http://sink:3333/sms
      SINK_NOTIFICATION_URL: http://sink:3333/notification
      LOGIN_BASE_URL: http://localhost:3000/ui/v2/login/
      ZITADEL_API_DOMAIN: localhost
      ZITADEL_ADMIN_USER: zitadel-admin@zitadel.localhost
    volumes:
      - ../../apps/login/acceptance/pat:/pat:cached # Read the PAT file from zitadels setup
      - ../../apps/login:/login-env:delegated # Write the environment variables file for the login
    depends_on:
      zitadel:
        condition: "service_healthy"
  login-acceptance:
    container_name: login
    image: "${LOGIN_TAG:-ghcr.io/zitadel/zitadel-login:v4.0.0-rc.2}"
    network_mode: service:devcontainer
    volumes:
      - ../../apps/login/.env.test.local:/env-files/.env:cached
    depends_on:
      configure-login:
        condition: service_completed_successfully
  mock-notifications:
    container_name: mock-notifications
    build:
      context: ../../apps/login/acceptance/sink
      dockerfile: ../go-command.Dockerfile
      args:
        - LOGIN_TEST_ACCEPTANCE_GOLANG_TAG=${LOGIN_TEST_ACCEPTANCE_GOLANG_TAG:-golang:1.24-alpine}
      <<: *build-cache
    environment:
      PORT: '3333'
    command:
      - -port
      - '3333'
      - -email
      - '/email'
      - -sms
      - '/sms'
      - -notification
      - '/notification'
    ports:
      - "3333:3333"
    depends_on:
      configure-login:
        condition: "service_completed_successfully"
  mock-oidcrp:
    container_name: mock-oidcrp
    build:
      context: ../../apps/login/acceptance/oidcrp
      dockerfile: ../go-command.Dockerfile
      args:
        - LOGIN_TEST_ACCEPTANCE_GOLANG_TAG=${LOGIN_TEST_ACCEPTANCE_GOLANG_TAG:-golang:1.24-alpine}
      <<: *build-cache
    network_mode: service:devcontainer
    environment:
      API_URL: 'http://localhost:8080'
      API_DOMAIN: 'localhost'
      PAT_FILE: '/pat/zitadel-admin-sa.pat'
      LOGIN_URL: 'http://localhost:3000/ui/v2/login'
      ISSUER: 'http://localhost:8000'
      HOST: 'localhost'
      PORT: '8000'
      SCOPES: 'openid profile email'
    volumes:
      - ../../apps/login/acceptance/pat:/pat:cached
    depends_on:
      configure-login:
        condition: "service_completed_successfully"
  #  mock-oidcop:
  #    container_name: mock-oidcop
  #    build:
  #      context: ../../apps/login/acceptance/idp/oidc
  #      dockerfile: ../../go-command.Dockerfile
  #      args:
  #        - LOGIN_TEST_ACCEPTANCE_GOLANG_TAG=${LOGIN_TEST_ACCEPTANCE_GOLANG_TAG:-golang:1.24-alpine}
  #      <<: *build-cache
  #    network_mode: service:devcontainer
  #    environment:
  #      API_URL: 'http://localhost:8080'
  #      API_DOMAIN: 'localhost'
  #      PAT_FILE: '/pat/zitadel-admin-sa.pat'
  #      SCHEMA: 'http'
  #      HOST: 'localhost'
  #      PORT: "8004"
  #    volumes:
  #      - "../apps/login/packages/acceptance/pat:/pat:cached"
  #    depends_on:
  #      configure-login:
  #        condition: "service_completed_successfully"
  mock-samlsp:
    container_name: mock-samlsp
    build:
      context: ../../apps/login/acceptance/samlsp
      dockerfile: ../go-command.Dockerfile
      args:
        - LOGIN_TEST_ACCEPTANCE_GOLANG_TAG=${LOGIN_TEST_ACCEPTANCE_GOLANG_TAG:-golang:1.24-alpine}
      <<: *build-cache
    network_mode: service:devcontainer
    environment:
      API_URL: 'http://localhost:8080'
      API_DOMAIN: 'localhost'
      PAT_FILE: '/pat/zitadel-admin-sa.pat'
      LOGIN_URL: 'http://localhost:3000/ui/v2/login'
      IDP_URL: 'http://localhost:8080/saml/v2/metadata'
      HOST: 'http://localhost:8001'
      PORT: '8001'
    volumes:
      - "../apps/login/packages/acceptance/pat:/pat:cached"
    depends_on:
      configure-login:
        condition: "service_completed_successfully"
  #  mock-samlidp:
  #    container_name: mock-samlidp
  #    build:
  #      context: ../../apps/login/acceptance/idp/saml
  #      dockerfile: ../../go-command.Dockerfile
  #      args:
  #        - LOGIN_TEST_ACCEPTANCE_GOLANG_TAG=${LOGIN_TEST_ACCEPTANCE_GOLANG_TAG:-golang:1.24-alpine}
  #      <<: *build-cache
  #    network_mode: service:devcontainer
  #    environment:
  #      API_URL: 'http://localhost:8080'
  #      API_DOMAIN: 'localhost'
  #      PAT_FILE: '/pat/zitadel-admin-sa.pat'
  #      SCHEMA: 'http'
  #      HOST: 'localhost'
  #      PORT: "8003"
  #    volumes:
  #      - "../apps/login/packages/acceptance/pat:/pat"
  #    depends_on:
  #      configure-login:
  #        condition: "service_completed_successfully"
 volumes:
  postgres-data:
  home-dir:
--- a/.devcontainer/login-integration-debug/devcontainer.json
+++ b/.devcontainer/login-integration-debug/devcontainer.json
@@ -1,21 +0,0 @@
 {
 	"$schema": "https://raw.githubusercontent.com/devcontainers/spec/refs/heads/main/schemas/devContainer.schema.json",
 	"name": "login-integration-debug",
 	"dockerComposeFile": [
 		"../base/docker-compose.yml",
 		"docker-compose.yml"
 	],
 	"service": "login-integration-debug",
 	"runServices": ["login-integration-debug"],
 	"workspaceFolder": "/workspaces",
 	"forwardPorts": [3001],
 	"onCreateCommand": "pnpm install --recursive",
 	"postAttachCommand": "pnpm turbo daemon clean; pnpm turbo @zitadel/login#dev test:integration:login:debug",
 	"customizations": {
 		"jetbrains": {
 			"settings": {
 				"com.intellij:app:HttpConfigurable.use_proxy_pac": true
 			}
 		}
 	}
 }
--- a/.devcontainer/login-integration-debug/docker-compose.yml
+++ b/.devcontainer/login-integration-debug/docker-compose.yml
@@ -1,9 +0,0 @@
 services:
  login-integration-debug:
    extends:
      file: ../base/docker-compose.yml
      service: devcontainer
    container_name: login-integration-debug
    depends_on:
      mock-zitadel:
        condition: service_started
--- a/.devcontainer/login-integration/devcontainer.json
+++ b/.devcontainer/login-integration/devcontainer.json
@@ -1,19 +0,0 @@
 {
 	"$schema": "https://raw.githubusercontent.com/devcontainers/spec/refs/heads/main/schemas/devContainer.schema.json",
 	"name": "login-integration",
 	"dockerComposeFile": [
 		"../base/docker-compose.yml"
 	],
 	"service": "devcontainer",
 	"runServices": ["login-integration"],
 	"workspaceFolder": "/workspaces",
 	"forwardPorts": [3001],
 	"onCreateCommand": "pnpm install --frozen-lockfile --recursive && cd apps/login/packages/integration && pnpm cypress install && pnpm test:integration:login",
 	"customizations": {
 		"jetbrains": {
 			"settings": {
 				"com.intellij:app:HttpConfigurable.use_proxy_pac": true
 			}
 		}
 	}
 }
--- a/.devcontainer/turbo-lint-unit-debug/devcontainer.json
+++ b/.devcontainer/turbo-lint-unit-debug/devcontainer.json
@@ -1,21 +0,0 @@
 {
 	"$schema": "https://raw.githubusercontent.com/devcontainers/spec/refs/heads/main/schemas/devContainer.schema.json",
 	"name": "turbo-lint-unit-debug",
 	"dockerComposeFile": [
 		"../base/docker-compose.yml",
 		"docker-compose.yml"
 	],
 	"service": "turbo-lint-unit-debug",
 	"runServices": ["turbo-lint-unit-debug"],
 	"workspaceFolder": "/workspaces",
 	"forwardPorts": [3001],
 	"onCreateCommand": "pnpm install --recursive",
 	"postAttachCommand": "pnpm turbo daemon clean; pnpm turbo watch lint test:unit",
 	"customizations": {
 		"jetbrains": {
 			"settings": {
 				"com.intellij:app:HttpConfigurable.use_proxy_pac": true
 			}
 		}
 	}
 }
--- a/.devcontainer/turbo-lint-unit-debug/docker-compose.yml
+++ b/.devcontainer/turbo-lint-unit-debug/docker-compose.yml
@@ -1,6 +0,0 @@
 services:
  turbo-lint-unit-debug:
    extends:
      file: ../base/docker-compose.yml
      service: devcontainer
    container_name: turbo-lint-unit-debug
--- a/.devcontainer/turbo-lint-unit/devcontainer.json
+++ b/.devcontainer/turbo-lint-unit/devcontainer.json
@@ -1,18 +0,0 @@
 {
 	"$schema": "https://raw.githubusercontent.com/devcontainers/spec/refs/heads/main/schemas/devContainer.schema.json",
 	"name": "turbo-lint-unit",
 	"dockerComposeFile": [
 		"../base/docker-compose.yml"
 	],
 	"service": "devcontainer",
 	"runServices": ["devcontainer"],
 	"workspaceFolder": "/workspaces",
 	"postStartCommand": "pnpm install --frozen-lockfile --recursive && pnpm turbo lint test:unit",
 	"customizations": {
 		"jetbrains": {
 			"settings": {
 				"com.intellij:app:HttpConfigurable.use_proxy_pac": true
 			}
 		}
 	}
 }
--- a/apps/console/package.json
+++ b/apps/console/package.json
@@ -15,6 +15,11 @@
  },
  "nx": {
    "targets": {
      "release": {
        "docker": {
          "repositoryName": "zitadel/console"
        }
      },
      "generate": {
        "outputs": [
          "{projectRoot}/src/app/proto/generated/**"
@@ -27,7 +32,7 @@
        "dependsOn": [
          "generate",
          "@zitadel/client:build"
-          ]
+        ]
      }
    }
  },
--- a/apps/login/Dockerfile
+++ b/apps/login/Dockerfile
@@ -1,36 +1,24 @@
-FROM node:20-alpine AS base
+# syntax=docker.io/docker/dockerfile:1
 FROM node:22-alpine
 FROM base AS build
 ENV PNPM_HOME="/pnpm"
 ENV PATH="$PNPM_HOME:$PATH"
 RUN corepack enable && COREPACK_ENABLE_DOWNLOAD_PROMPT=0 corepack prepare pnpm@9.1.2 --activate && \
    apk update && apk add --no-cache && \
    rm -rf /var/cache/apk/*
 WORKDIR /app
 COPY pnpm-lock.yaml ./
 RUN --mount=type=cache,id=pnpm,target=/root/.local/share/pnpm/store pnpm fetch --frozen-lockfile
 COPY package.json ./
 RUN --mount=type=cache,id=pnpm,target=/root/.local/share/pnpm/store pnpm install --frozen-lockfile --prod
 COPY . .
 RUN pnpm build:login:standalone
-FROM scratch AS build-out
+ENV NODE_ENV=production
-COPY --from=build /app/.next/standalone /
+
-COPY --from=build /app/.next/static /.next/static
+RUN addgroup --system --gid 1001 nodejs
-COPY --from=build /app/public /public
+RUN adduser --system --uid 1001 nextjs
 COPY public ./public
 COPY .next/standalone ./
 COPY .next/static ./.next/static
 RUN ls .next/static
 FROM base AS login-standalone
 WORKDIR /runtime
 RUN addgroup --system --gid 1001 nodejs && \
    adduser --system --uid 1001 nextjs
 # If /.env-file/.env is mounted into the container, its variables are made available to the server before it starts up.
 RUN mkdir -p /.env-file && touch /.env-file/.env && chown -R nextjs:nodejs /.env-file
 COPY ./scripts/ ./
 COPY --chown=nextjs:nodejs --from=build-out / ./
 USER nextjs
-ENV HOSTNAME="0.0.0.0"
+
 EXPOSE 3000
 ENV PORT=3000
-# TODO: Check healthy, not ready
+
-HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
+ENV HOSTNAME="0.0.0.0"
-CMD ["/bin/sh", "-c", "node ./healthcheck.js http://localhost:${PORT}/ui/v2/login/healthy"]
+CMD ["node", "server.js"]
 ENTRYPOINT ["./entrypoint.sh"]
--- a/apps/login/docker-bake-release.hcl
+++ b/apps/login/docker-bake-release.hcl
@@ -1,3 +0,0 @@
 target "release" {
  platforms = ["linux/amd64", "linux/arm64"]
 }
--- a/apps/login/docker-bake.hcl
+++ b/apps/login/docker-bake.hcl
@@ -1,25 +0,0 @@
 variable "LOGIN_TAG" {
  default = "zitadel-login:local"
 }
 group "default" {
  targets = ["login-standalone"]
 }
 # The release target is overwritten in docker-bake-release.hcl
 # It makes sure the image is built for multiple platforms.
 # By default the platforms property is empty, so images are only built for the current bake runtime platform.
 target "release" {}
 target "docker-metadata-action" {
  # In the pipeline, this target is overwritten by the docker metadata action.
  tags = ["${LOGIN_TAG}"]
 }
 # We run integration and acceptance tests against the next standalone server for docker.
 target "login-standalone" {
  inherits = [
    "docker-metadata-action",
    "release",
  ]
 }
--- a/apps/login/integration/.eslintrc.cjs
+++ b/apps/login/integration/.eslintrc.cjs
@@ -1,10 +0,0 @@
 module.exports = {
  root: true,
  // Use basic ESLint config since the login app has its own detailed config
  extends: ["eslint:recommended"],
  settings: {
    next: {
      rootDir: ["apps/*/"],
    },
  },
 };
--- a/apps/login/integration/.gitignore
+++ b/apps/login/integration/.gitignore
@@ -1,2 +0,0 @@
 screenshots
 videos
--- a/apps/login/integration/.npmrc
+++ b/apps/login/integration/.npmrc
@@ -1 +0,0 @@
 side-effects-cache=false
--- a/apps/login/integration/core-mock/Dockerfile
+++ b/apps/login/integration/core-mock/Dockerfile
@@ -1,15 +0,0 @@
 FROM bufbuild/buf:1.54.0 AS proto-files
 RUN buf export https://github.com/envoyproxy/protoc-gen-validate.git --path validate --output /proto-files && \
    buf export https://github.com/grpc-ecosystem/grpc-gateway.git --path protoc-gen-openapiv2 --output /proto-files && \
    buf export https://github.com/googleapis/googleapis.git --path protos/zitadelgoogle/api/annotations.proto --path google/api/http.proto --path google/api/field_behavior.proto --output /proto-files && \
    buf export https://github.com/zitadel/zitadel.git --path ./proto/zitadel --output /proto-files
 FROM golang:1.20.5-alpine3.18 AS mock-zitadel
 RUN go install github.com/eliobischof/grpc-mock/cmd/grpc-mock@01b09f60db1b501178af59bed03b2c22661df48c
 COPY mocked-services.cfg .
 COPY initial-stubs initial-stubs
 COPY --from=proto-files /proto-files/ ./
 ENTRYPOINT [ "sh", "-c", "grpc-mock -v 1 -proto $(tr '\n' ',' < ./mocked-services.cfg) -stub-dir ./initial-stubs -mock-addr :22222" ]
--- a/apps/login/integration/core-mock/initial-stubs/zitadel.settings.v2.SettingsService.json
+++ b/apps/login/integration/core-mock/initial-stubs/zitadel.settings.v2.SettingsService.json
@@ -1,66 +0,0 @@
 [
  {
    "service": "zitadel.settings.v2.SettingsService",
    "method": "GetBrandingSettings",
    "out": {
      "data": {}
    }
  },
  {
    "service": "zitadel.settings.v2.SettingsService",
    "method": "GetSecuritySettings",
    "out": {
      "data": {}
    }
  },
  {
    "service": "zitadel.settings.v2.SettingsService",
    "method": "GetLegalAndSupportSettings",
    "out": {
      "data": {
        "settings": {
          "tosLink": "http://whatever.com/help",
          "privacyPolicyLink": "http://whatever.com/help",
          "helpLink": "http://whatever.com/help"
        }
      }
    }
  },
  {
    "service": "zitadel.settings.v2.SettingsService",
    "method": "GetActiveIdentityProviders",
    "out": {
      "data": {
        "identityProviders": [
          {
            "id": "123",
            "name": "Hubba bubba",
            "type": 10
          }
        ]
      }
    }
  },
  {
    "service": "zitadel.settings.v2.SettingsService",
    "method": "GetPasswordComplexitySettings",
    "out": {
      "data": {
        "settings": {
          "minLength": 8,
          "requiresUppercase": true,
          "requiresLowercase": true,
          "requiresNumber": true,
          "requiresSymbol": true
        }
      }
    }
  },
  {
    "service": "zitadel.settings.v2.SettingsService",
    "method": "GetHostedLoginTranslation",
    "out": {
      "data": {}
    }
  }
 ]
--- a/apps/login/integration/core-mock/mocked-services.cfg
+++ b/apps/login/integration/core-mock/mocked-services.cfg
@@ -1,7 +0,0 @@
 zitadel/user/v2/user_service.proto
 zitadel/org/v2/org_service.proto
 zitadel/session/v2/session_service.proto
 zitadel/settings/v2/settings_service.proto
 zitadel/management.proto
 zitadel/auth.proto
 zitadel/admin.proto
--- a/apps/login/integration/cypress.config.ts
+++ b/apps/login/integration/cypress.config.ts
@@ -1,14 +0,0 @@
 import { defineConfig } from "cypress";
 export default defineConfig({
  reporter: "list",
  e2e: {
    baseUrl: process.env.LOGIN_BASE_URL || "http://localhost:3001/ui/v2/login",
    specPattern: "integration/**/*.cy.{js,jsx,ts,tsx}",
    supportFile: "support/e2e.{js,jsx,ts,tsx}",
    setupNodeEvents(on, config) {
      // implement node event listeners here
    },
  },
 });
--- a/apps/login/integration/fixtures/example.json
+++ b/apps/login/integration/fixtures/example.json
@@ -1,5 +0,0 @@
 {
  "name": "Using fixtures to represent data",
  "email": "hello@cypress.io",
  "body": "Fixtures are a great way to mock data for responses to routes"
 }
--- a/apps/login/integration/integration/invite.cy.ts
+++ b/apps/login/integration/integration/invite.cy.ts
@@ -1,110 +0,0 @@
 import { stub } from "../support/e2e";
 describe("verify invite", () => {
  beforeEach(() => {
    stub("zitadel.org.v2.OrganizationService", "ListOrganizations", {
      data: {
        details: {
          totalResult: 1,
        },
        result: [{ id: "256088834543534543" }],
      },
    });
    stub("zitadel.user.v2.UserService", "ListAuthenticationMethodTypes", {
      data: {
        authMethodTypes: [], // user with no auth methods was invited
      },
    });
    stub("zitadel.user.v2.UserService", "GetUserByID", {
      data: {
        user: {
          userId: "221394658884845598",
          state: 1,
          username: "john@zitadel.com",
          loginNames: ["john@zitadel.com"],
          preferredLoginName: "john@zitadel.com",
          human: {
            userId: "221394658884845598",
            state: 1,
            username: "john@zitadel.com",
            loginNames: ["john@zitadel.com"],
            preferredLoginName: "john@zitadel.com",
            profile: {
              givenName: "John",
              familyName: "Doe",
              avatarUrl: "https://zitadel.com/avatar.jpg",
            },
            email: {
              email: "john@zitadel.com",
              isVerified: false,
            },
          },
        },
      },
    });
    stub("zitadel.session.v2.SessionService", "CreateSession", {
      data: {
        details: {
          sequence: 859,
          changeDate: new Date("2024-04-04T09:40:55.577Z"),
          resourceOwner: "220516472055706145",
        },
        sessionId: "221394658884845598",
        sessionToken: "SDMc7DlYXPgwRJ-Tb5NlLqynysHjEae3csWsKzoZWLplRji0AYY3HgAkrUEBqtLCvOayLJPMd0ax4Q",
        challenges: undefined,
      },
    });
    stub("zitadel.session.v2.SessionService", "GetSession", {
      data: {
        session: {
          id: "221394658884845598",
          creationDate: new Date("2024-04-04T09:40:55.577Z"),
          changeDate: new Date("2024-04-04T09:40:55.577Z"),
          sequence: 859,
          factors: {
            user: {
              id: "221394658884845598",
              loginName: "john@zitadel.com",
            },
            password: undefined,
            webAuthN: undefined,
            intent: undefined,
          },
          metadata: {},
        },
      },
    });
    stub("zitadel.settings.v2.SettingsService", "GetLoginSettings", {
      data: {
        settings: {
          passkeysType: 1,
          allowUsernamePassword: true,
        },
      },
    });
  });
  it.only("shows authenticators after successful invite verification", () => {
    stub("zitadel.user.v2.UserService", "VerifyInviteCode");
    cy.visit("/verify?userId=221394658884845598&code=abc&invite=true");
    cy.url({ timeout: 10_000 }).should("include", Cypress.config().baseUrl + "/authenticator/set");
  });
  it("shows an error if invite code validation failed", () => {
    stub("zitadel.user.v2.UserService", "VerifyInviteCode", {
      code: 3,
      error: "error validating code",
    });
    // TODO: Avoid uncaught exception in application
    cy.once("uncaught:exception", () => false);
    cy.visit("/verify?userId=221394658884845598&code=abc&invite=true");
    cy.contains("Could not verify invite", { timeout: 10_000 });
  });
 });
--- a/apps/login/integration/integration/login.cy.ts
+++ b/apps/login/integration/integration/login.cy.ts
@@ -1,172 +0,0 @@
 import { stub } from "../support/e2e";
 describe("login", () => {
  beforeEach(() => {
    stub("zitadel.org.v2.OrganizationService", "ListOrganizations", {
      data: {
        details: {
          totalResult: 1,
        },
        result: [{ id: "256088834543534543" }],
      },
    });
    stub("zitadel.session.v2.SessionService", "CreateSession", {
      data: {
        details: {
          sequence: 859,
          changeDate: new Date("2024-04-04T09:40:55.577Z"),
          resourceOwner: "220516472055706145",
        },
        sessionId: "221394658884845598",
        sessionToken: "SDMc7DlYXPgwRJ-Tb5NlLqynysHjEae3csWsKzoZWLplRji0AYY3HgAkrUEBqtLCvOayLJPMd0ax4Q",
        challenges: undefined,
      },
    });
    stub("zitadel.session.v2.SessionService", "GetSession", {
      data: {
        session: {
          id: "221394658884845598",
          creationDate: new Date("2024-04-04T09:40:55.577Z"),
          changeDate: new Date("2024-04-04T09:40:55.577Z"),
          sequence: 859,
          factors: {
            user: {
              id: "221394658884845598",
              loginName: "john@zitadel.com",
            },
            password: undefined,
            webAuthN: undefined,
            intent: undefined,
          },
          metadata: {},
        },
      },
    });
    stub("zitadel.settings.v2.SettingsService", "GetLoginSettings", {
      data: {
        settings: {
          passkeysType: 1,
          allowUsernamePassword: true,
        },
      },
    });
  });
  describe("password login", () => {
    beforeEach(() => {
      stub("zitadel.user.v2.UserService", "ListUsers", {
        data: {
          details: {
            totalResult: 1,
          },
          result: [
            {
              userId: "221394658884845598",
              state: 1,
              username: "john@zitadel.com",
              loginNames: ["john@zitadel.com"],
              preferredLoginName: "john@zitadel.com",
              human: {
                userId: "221394658884845598",
                state: 1,
                username: "john@zitadel.com",
                loginNames: ["john@zitadel.com"],
                preferredLoginName: "john@zitadel.com",
                profile: {
                  givenName: "John",
                  familyName: "Doe",
                  avatarUrl: "https://zitadel.com/avatar.jpg",
                },
                email: {
                  email: "john@zitadel.com",
                  isVerified: true,
                },
              },
            },
          ],
        },
      });
      stub("zitadel.user.v2.UserService", "ListAuthenticationMethodTypes", {
        data: {
          authMethodTypes: [1], // 1 for password authentication
        },
      });
    });
    it("should redirect a user with password authentication to /password", () => {
      cy.visit("/loginname?loginName=john%40zitadel.com&submit=true");
      cy.url({ timeout: 10_000 }).should("include", Cypress.config().baseUrl + "/password");
    });
    describe("with passkey prompt", () => {
      beforeEach(() => {
        stub("zitadel.session.v2.SessionService", "SetSession", {
          data: {
            details: {
              sequence: 859,
              changeDate: "2023-07-04T07:58:20.126Z",
              resourceOwner: "220516472055706145",
            },
            sessionToken: "SDMc7DlYXPgwRJ-Tb5NlLqynysHjEae3csWsKzoZWLplRji0AYY3HgAkrUEBqtLCvOayLJPMd0ax4Q",
            challenges: undefined,
          },
        });
      });
      // it("should prompt a user to setup passwordless authentication if passkey is allowed in the login settings", () => {
      //   cy.visit("/loginname?loginName=john%40zitadel.com&submit=true");
      //   cy.location("pathname", { timeout: 10_000 }).should("eq", "/password");
      //   cy.get('input[type="password"]').focus().type("MyStrongPassword!1");
      //   cy.get('button[type="submit"]').click();
      //   cy.location("pathname", { timeout: 10_000 }).should(
      //     "eq",
      //     "/passkey/set",
      //   );
      // });
    });
  });
  describe("passkey login", () => {
    beforeEach(() => {
      stub("zitadel.user.v2.UserService", "ListUsers", {
        data: {
          details: {
            totalResult: 1,
          },
          result: [
            {
              userId: "221394658884845598",
              state: 1,
              username: "john@zitadel.com",
              loginNames: ["john@zitadel.com"],
              preferredLoginName: "john@zitadel.com",
              human: {
                userId: "221394658884845598",
                state: 1,
                username: "john@zitadel.com",
                loginNames: ["john@zitadel.com"],
                preferredLoginName: "john@zitadel.com",
                profile: {
                  givenName: "John",
                  familyName: "Doe",
                  avatarUrl: "https://zitadel.com/avatar.jpg",
                },
                email: {
                  email: "john@zitadel.com",
                  isVerified: true,
                },
              },
            },
          ],
        },
      });
      stub("zitadel.user.v2.UserService", "ListAuthenticationMethodTypes", {
        data: {
          authMethodTypes: [2], // 2 for passwordless authentication
        },
      });
    });
    it("should redirect a user with passwordless authentication to /passkey", () => {
      cy.visit("/loginname?loginName=john%40zitadel.com&submit=true");
      cy.url({ timeout: 10_000 }).should("include", Cypress.config().baseUrl + "/passkey");
    });
  });
 });
--- a/apps/login/integration/integration/register-idp.cy.ts
+++ b/apps/login/integration/integration/register-idp.cy.ts
@@ -1,21 +0,0 @@
 import { stub } from "../support/e2e";
 const IDP_URL = "https://example.com/idp/url";
 describe("register idps", () => {
  beforeEach(() => {
    stub("zitadel.user.v2.UserService", "StartIdentityProviderIntent", {
      data: {
        authUrl: IDP_URL,
      },
    });
  });
  it("should redirect the user to the correct url", () => {
    cy.visit("/idp");
    cy.get('button[e2e="google"]').click();
    cy.origin(IDP_URL, { args: IDP_URL }, (url) => {
      cy.location("href", { timeout: 10_000 }).should("eq", url);
    });
  });
 });
--- a/apps/login/integration/integration/register.cy.ts
+++ b/apps/login/integration/integration/register.cy.ts
@@ -1,73 +0,0 @@
 import { stub } from "../support/e2e";
 describe("register", () => {
  beforeEach(() => {
    stub("zitadel.org.v2.OrganizationService", "ListOrganizations", {
      data: {
        details: {
          totalResult: 1,
        },
        result: [{ id: "256088834543534543" }],
      },
    });
    stub("zitadel.settings.v2.SettingsService", "GetLoginSettings", {
      data: {
        settings: {
          passkeysType: 1,
          allowRegister: true,
          allowUsernamePassword: true,
          defaultRedirectUri: "",
        },
      },
    });
    stub("zitadel.user.v2.UserService", "AddHumanUser", {
      data: {
        userId: "221394658884845598",
      },
    });
    stub("zitadel.session.v2.SessionService", "CreateSession", {
      data: {
        details: {
          sequence: 859,
          changeDate: new Date("2024-04-04T09:40:55.577Z"),
          resourceOwner: "220516472055706145",
        },
        sessionId: "221394658884845598",
        sessionToken: "SDMc7DlYXPgwRJ-Tb5NlLqynysHjEae3csWsKzoZWLplRji0AYY3HgAkrUEBqtLCvOayLJPMd0ax4Q",
        challenges: undefined,
      },
    });
    stub("zitadel.session.v2.SessionService", "GetSession", {
      data: {
        session: {
          id: "221394658884845598",
          creationDate: new Date("2024-04-04T09:40:55.577Z"),
          changeDate: new Date("2024-04-04T09:40:55.577Z"),
          sequence: 859,
          factors: {
            user: {
              id: "221394658884845598",
              loginName: "john@zitadel.com",
            },
            password: undefined,
            webAuthN: undefined,
            intent: undefined,
          },
          metadata: {},
        },
      },
    });
  });
  it("should redirect a user who selects passwordless on register to /passkey/set", () => {
    cy.visit("/register");
    cy.get('input[data-testid="firstname-text-input"]').focus().type("John");
    cy.get('input[data-testid="lastname-text-input"]').focus().type("Doe");
    cy.get('input[data-testid="email-text-input"]').focus().type("john@zitadel.com");
    cy.get('input[type="checkbox"][value="privacypolicy"]').check();
    cy.get('input[type="checkbox"][value="tos"]').check();
    cy.get('button[type="submit"]').click();
    cy.url({ timeout: 10_000 }).should("include", Cypress.config().baseUrl + "/passkey/set");
  });
 });
--- a/apps/login/integration/integration/verify.cy.ts
+++ b/apps/login/integration/integration/verify.cy.ts
@@ -1,95 +0,0 @@
 import { stub } from "../support/e2e";
 describe("verify email", () => {
  beforeEach(() => {
    stub("zitadel.org.v2.OrganizationService", "ListOrganizations", {
      data: {
        details: {
          totalResult: 1,
        },
        result: [{ id: "256088834543534543" }],
      },
    });
    stub("zitadel.user.v2.UserService", "ListAuthenticationMethodTypes", {
      data: {
        authMethodTypes: [1], // set one method such that we know that the user was not invited
      },
    });
    stub("zitadel.user.v2.UserService", "SendEmailCode");
    stub("zitadel.user.v2.UserService", "GetUserByID", {
      data: {
        user: {
          userId: "221394658884845598",
          state: 1,
          username: "john@zitadel.com",
          loginNames: ["john@zitadel.com"],
          preferredLoginName: "john@zitadel.com",
          human: {
            userId: "221394658884845598",
            state: 1,
            username: "john@zitadel.com",
            loginNames: ["john@zitadel.com"],
            preferredLoginName: "john@zitadel.com",
            profile: {
              givenName: "John",
              familyName: "Doe",
              avatarUrl: "https://zitadel.com/avatar.jpg",
            },
            email: {
              email: "john@zitadel.com",
              isVerified: false, // email is not verified yet
            },
          },
        },
      },
    });
    stub("zitadel.session.v2.SessionService", "CreateSession", {
      data: {
        details: {
          sequence: 859,
          changeDate: new Date("2024-04-04T09:40:55.577Z"),
          resourceOwner: "220516472055706145",
        },
        sessionId: "221394658884845598",
        sessionToken: "SDMc7DlYXPgwRJ-Tb5NlLqynysHjEae3csWsKzoZWLplRji0AYY3HgAkrUEBqtLCvOayLJPMd0ax4Q",
        challenges: undefined,
      },
    });
    stub("zitadel.session.v2.SessionService", "GetSession", {
      data: {
        session: {
          id: "221394658884845598",
          creationDate: new Date("2024-04-04T09:40:55.577Z"),
          changeDate: new Date("2024-04-04T09:40:55.577Z"),
          sequence: 859,
          factors: {
            user: {
              id: "221394658884845598",
              loginName: "john@zitadel.com",
            },
            password: undefined,
            webAuthN: undefined,
            intent: undefined,
          },
          metadata: {},
        },
      },
    });
  });
  it("shows an error if email code validation failed", () => {
    stub("zitadel.user.v2.UserService", "VerifyEmail", {
      code: 3,
      error: "error validating code",
    });
    // TODO: Avoid uncaught exception in application
    cy.once("uncaught:exception", () => false);
    cy.visit("/verify?userId=221394658884845598&code=abc");
    cy.contains("Could not verify email", { timeout: 10_000 });
  });
 });
--- a/apps/login/integration/support/e2e.ts
+++ b/apps/login/integration/support/e2e.ts
@@ -1,29 +0,0 @@
 const url = Cypress.env("CORE_MOCK_STUBS_URL") || "http://mock-zitadel:22220/v1/stubs";
 function removeStub(service: string, method: string) {
  return cy.request({
    url,
    method: "DELETE",
    qs: {
      service,
      method,
    },
  });
 }
 export function stub(service: string, method: string, out?: any) {
  removeStub(service, method);
  return cy.request({
    url,
    method: "POST",
    body: {
      stubs: [
        {
          service,
          method,
          out,
        },
      ],
    },
  });
 }
--- a/apps/login/integration/tsconfig.json
+++ b/apps/login/integration/tsconfig.json
@@ -1,8 +0,0 @@
 {
  "compilerOptions": {
    "target": "es5",
    "lib": ["es5", "dom"],
    "types": ["cypress", "node"]
  },
  "include": ["**/*.ts"]
 }
--- a/apps/login/package.json
+++ b/apps/login/package.json
@@ -22,6 +22,11 @@
    "test:acceptance:setup:dev": "cd ../.. && make login_test_acceptance_setup_dev"
  },
  "nx": {
    "release": {
      "docker": {
        "repositoryName": "zitadel/login"
      }
    },
    "targets": {
      "build": {
        "outputs": [
--- a/apps/login/turbo.json
+++ b/apps/login/turbo.json
@@ -1,22 +0,0 @@
 {
  "extends": ["//"],
  "tasks": {
    "build": {
      "outputs": ["dist/**", ".next/**", "!.next/cache/**"],
      "dependsOn": ["@zitadel/client#build"]
    },
    "build:login:standalone": {
      "outputs": ["dist/**", ".next/**", "!.next/cache/**"],
      "dependsOn": ["@zitadel/client#build"]
    },
    "dev": {
      "dependsOn": ["@zitadel/client#build"]
    },
    "test": {
      "dependsOn": ["@zitadel/client#build"]
    },
    "test:unit": {
      "dependsOn": ["@zitadel/client#build"]
    }
  }
 }
--- a/build/login/.dockerignore
+++ b/build/login/.dockerignore
@@ -1,37 +0,0 @@
 *
 !apps/login/constants
 !apps/login/scripts
 !apps/login/src
 !apps/login/public
 !apps/login/locales
 !apps/login/next.config.mjs
 !apps/login/next-env-vars.d.ts
 !apps/login/next-env.d.ts
 !apps/login/tailwind.config.js
 !apps/login/tsconfig.json
 !apps/login/package.json
 !apps/login/turbo.json
 !package.json
 !pnpm-lock.yaml
 !pnpm-workspace.yaml
 !turbo.json
 !packages/zitadel-proto/package.json
 !packages/zitadel-proto/buf.gen.yaml
 !packages/zitadel-proto/turbo.json
 !packages/zitadel-client/package.json
 !packages/zitadel-client/src
 !packages/zitadel-client/tsconfig.json
 !packages/zitadel-client/tsup.config.ts
 !packages/zitadel-client/turbo.json
 !proto
 *.md
 *.png
 node_modules
 *.test.ts
 *.test.tsx
--- a/build/login/Dockerfile
+++ b/build/login/Dockerfile
@@ -1,45 +0,0 @@
 FROM node:20-alpine AS base
 FROM base AS build
 ENV PNPM_HOME="/pnpm"
 ENV PATH="$PNPM_HOME:$PATH"
 RUN corepack enable && COREPACK_ENABLE_DOWNLOAD_PROMPT=0 corepack prepare pnpm@9.1.2 --activate && \
    apk update && apk add --no-cache && \
    rm -rf /var/cache/apk/*
 WORKDIR /app
 COPY pnpm-lock.yaml pnpm-workspace.yaml  ./
 RUN --mount=type=cache,id=pnpm,target=/root/.local/share/pnpm/store pnpm fetch --frozen-lockfile \
    --filter @zitadel/login \
    --filter @zitadel/client \
    --filter @zitadel/proto
 COPY package.json ./
 COPY apps/login/package.json ./apps/login/package.json
 COPY packages/zitadel-proto/package.json ./packages/zitadel-proto/package.json
 COPY packages/zitadel-client/package.json ./packages/zitadel-client/package.json
 RUN --mount=type=cache,id=pnpm,target=/root/.local/share/pnpm/store pnpm install --frozen-lockfile \
    --filter @zitadel/login \
    --filter @zitadel/client \
    --filter @zitadel/proto
 COPY . .
 RUN pnpm turbo build:login:standalone
 FROM scratch AS build-out
 COPY --from=build /app/apps/login/.next/standalone /
 COPY --from=build /app/apps/login/.next/static /.next/static
 COPY --from=build /app/apps/login/public /public
 FROM base AS login-standalone
 WORKDIR /runtime
 RUN addgroup --system --gid 1001 nodejs && \
    adduser --system --uid 1001 nextjs
 # If /.env-file/.env is mounted into the container, its variables are made available to the server before it starts up.
 RUN mkdir -p /.env-file && touch /.env-file/.env && chown -R nextjs:nodejs /.env-file
 COPY apps/login/scripts ./
 COPY --chown=nextjs:nodejs --from=build-out . .
 USER nextjs
 ENV HOSTNAME="0.0.0.0"
 ENV PORT=3000
 # TODO: Check healthy, not ready
 HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
    CMD ["/bin/sh", "-c", "node ./healthcheck.js http://localhost:${PORT}/ui/v2/login/healthy"]
 ENTRYPOINT ["./entrypoint.sh"]
--- a/build/zitadel/.dockerignore
+++ b/build/zitadel/.dockerignore
@@ -1,3 +0,0 @@
 *
 !build/zitadel/entrypoint.sh
 !zitadel
--- a/build/zitadel/Dockerfile
+++ b/build/zitadel/Dockerfile
@@ -1,33 +0,0 @@
 FROM --platform=$TARGETPLATFORM debian:latest as artifact
 ENV ZITADEL_ARGS=
 ARG TARGETPLATFORM
 RUN apt-get update && apt-get install ca-certificates -y
 COPY build/zitadel/entrypoint.sh /app/entrypoint.sh
 COPY zitadel /app/zitadel
 RUN useradd -s "" --home / zitadel && \
    chown zitadel /app/zitadel && \
    chmod +x /app/zitadel && \
    chown zitadel /app/entrypoint.sh && \
    chmod +x /app/entrypoint.sh
 WORKDIR /app
 ENV PATH="/app:${PATH}"
 USER zitadel
 ENTRYPOINT ["/app/entrypoint.sh"]
 FROM --platform=$TARGETPLATFORM scratch as final
 ARG TARGETPLATFORM
 COPY --from=artifact /etc/passwd /etc/passwd
 COPY --from=artifact /etc/ssl/certs /etc/ssl/certs
 COPY --from=artifact /app/zitadel /app/zitadel
 HEALTHCHECK NONE
 EXPOSE 8080
 USER zitadel
 ENTRYPOINT ["/app/zitadel"]
--- a/build/zitadel/entrypoint.sh
+++ b/build/zitadel/entrypoint.sh
@@ -1,17 +0,0 @@
 #!/bin/bash
 case $@ in 
    sh*)
        ${@:3}
        ;;
    bash*)
        ${@:5}
        ;;
    *)
        if [[ ! -z "$@" ]]
        then
            ZITADEL_ARGS="$@"
        fi
        /app/zitadel ${ZITADEL_ARGS}
        ;;
 esac
--- a/nx.json
+++ b/nx.json
@@ -1,5 +1,25 @@
 {
  "$schema": "./node_modules/nx/schemas/nx-schema.json",
  "release": {
    "releaseTagPattern": "release/{projectName}/{version}",
    "groups": {
      "test": {
        "projects": ["@zitadel/login", "@zitadel/console"],
        "projectsRelationship": "fixed",
        "docker": {
          "skipVersionActions": true,
          "registryUrl": "ghcr.io",
          "groupPreVersionCommand": "echo BEFORE VERSIONING"
        },
        "changelog": {
          "projectChangelogs": true
        }
      }
    },
    "version": {
      "conventionalCommits": true
    }
  },
  "namedInputs": {
    "proto": [
      "{workspaceRoot}/proto/**"
@@ -93,5 +113,14 @@
      "cache": false
    }
  },
-  "nxCloudId": "688a9021d48dce0efe0f119f"
+  "nxCloudId": "688a9021d48dce0efe0f119f",
  "plugins": [
    {
      "plugin": "@nx/docker",
      "options": {
        "buildTarget": "docker:build",
        "runTarget": "docker:run"
      }
    }
  ]
 }
--- a/package.json
+++ b/package.json
@@ -5,7 +5,7 @@
  "scripts": {
    "build": "make compile"
  },
-"nx": {
+  "nx": {
    "targets": {
      "build": {
        "outputs": [
@@ -13,7 +13,7 @@
        ],
        "dependsOn": [
          "@zitadel/console:build"
-          ]
+        ]
      }
    }
  },
@@ -25,10 +25,11 @@
    }
  },
  "devDependencies": {
    "@bufbuild/buf": "^1.55.1",
    "@changesets/cli": "^2.29.5",
    "@devcontainers/cli": "^0.80.0",
-    "nx":"21.3.10",
+    "@nx/docker": "21.4.0-beta.5",
-    "@bufbuild/buf": "^1.55.1",
+    "nx": "21.4.0-beta.5",
    "sass": "1.64.1"
  }
 }
--- a/packages/zitadel-client/package.json
+++ b/packages/zitadel-client/package.json
@@ -102,6 +102,7 @@
    "knip": "^5.61.3",
    "tsup": "^8.4.0",
    "typescript": "^5.8.3",
-    "vitest": "^2.0.0"
+    "vitest": "^2.0.0",
    "@nx/js": "^21.3.11"
  }
 }
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml