feat (general): clean repository (#3432)

Co-authored-by: robertkasza <167509084+robertkasza@users.noreply.github.com>
Co-authored-by: Nuno Pato <nunopato@gmail.com>
Co-authored-by: David BM <correodelnino@gmail.com>

.changeset/README.md

@@ -1,9 +0,0 @@
-# Changesets
-
-Hello and welcome! This folder has been automatically generated by `@changesets/cli`, a build tool
-that works with multi-package repos, or single-package repos to help you version and publish your
-code. You can find the full documentation for it
-[in our repository](https://github.com/changesets/changesets)
-
-We have a quick list of common questions to get you started engaging with this project in
-[our documentation](https://github.com/changesets/changesets/blob/main/docs/common-questions.md)

.changeset/config.json

@@ -1,9 +0,0 @@
-{
-  "$schema": "https://unpkg.com/@changesets/config@1.6.0/schema.json",
-  "changelog": "@changesets/cli/changelog",
-  "commit": false,
-  "linked": [],
-  "access": "restricted",
-  "baseBranch": "main",
-  "updateInternalDependencies": "patch"
-}

.github/actions/nhost-cli/README.md

@@ -1,108 +0,0 @@
-# Nhost CLI GitHub Action
-
-## Usage
-
-```yaml
-jobs:
-  test:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-      - name: Install the Nhost CLI
-        uses: ./.github/actions/nhost-cli
-```
-
-### Install the CLI and start the app
-
-```yaml
-jobs:
-  test:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-      - name: Install Nhost CLI and start the application
-        uses: ./.github/actions/nhost-cli
-        with:
-          start: true
-```
-
-### Set another working directory
-
-```yaml
-jobs:
-  test:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-      - name: Install Nhost CLI
-        uses: ./.github/actions/nhost-cli
-        with:
-          path: examples/react-apollo
-          start: true
-```
-
-### Don't wait for the app to be ready
-
-```yaml
-jobs:
-  test:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-      - name: Install Nhost CLI and start app
-        uses: ./.github/actions/nhost-cli
-        with:
-          start: true
-          wait: false
-```
-
-### Stop the app
-
-```yaml
-jobs:
-  test:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-      - name: Start app
-        uses: ./.github/actions/nhost-cli
-        with:
-          start: true
-      - name: Do something
-        cmd: echo "do something"
-      - name: Stop
-        uses: ./.github/actions/nhost-cli
-        with:
-          stop: true
-```
-
-### Install a given value of the CLI
-
-```yaml
-jobs:
-  test:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-      - name: Install Nhost CLI
-        uses: ./.github/actions/nhost-cli
-        with:
-          version: v0.8.10
-```
-
-### Inject values into nhost/config.yaml
-
-```yaml
-jobs:
-  test:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-      - name: Install Nhost CLI
-        uses: ./.github/actions/nhost-cli
-        with:
-          config: |
-            services:
-              auth:
-                image: nhost/hasura-auth:0.16.1
-```

.github/actions/nhost-cli/action.yaml

@@ -1,84 +0,0 @@
-name: Nhost CLI
-description: 'Action to install the Nhost CLI and to run an application'
-inputs:
-  init:
-    description: 'Initialize the application'
-    default: 'false'
-  start:
-    description: "Start the application. If false, the application won't be started"
-    default: 'false'
-  wait:
-    description: 'If starting the application, wait until it is ready'
-    default: 'true'
-  stop:
-    description: 'Stop the application'
-    default: 'false'
-  path:
-    description: 'Path to the application'
-    default: '.'
-  version:
-    description: 'Version of the Nhost CLI'
-    default: 'latest'
-  dashboard-image:
-    description: 'Image of the dashboard'
-    default: 'nhost/dashboard:latest'
-  config:
-    description: 'Values to be injected into nhost/config.yaml'
-
-runs:
-  using: 'composite'
-  steps:
-    - name: Check if Nhost CLI is already installed
-      id: check-nhost-cli
-      shell: bash
-      # TODO check if the version is the same
-      run: |
-        if [ -z "$(which nhost)" ]
-        then
-            echo "installed=false" >> $GITHUB_OUTPUT
-        else
-            echo "installed=true" >> $GITHUB_OUTPUT
-        fi
-    - name: Install Nhost CLI
-      if: ${{ steps.check-nhost-cli.outputs.installed == 'false' }}
-      uses: nick-fields/retry@v2
-      with:
-        timeout_minutes: 3
-        max_attempts: 10
-        command: bash <(curl --silent -L https://raw.githubusercontent.com/nhost/cli/main/get.sh) ${{ inputs.version }}
-    - name: Initialize a new project from scratch
-      if: ${{ inputs.init == 'true' }}
-      shell: bash
-      working-directory: ${{ inputs.path }}
-      run: |
-        rm -rf ./*
-        nhost init
-    - name: Set custom configuration
-      if: ${{ inputs.config }}
-      shell: bash
-      working-directory: ${{ inputs.path }}
-      run: config="${{ inputs.config }}" yq -i '. *= env(config)' nhost/config.yaml
-    - name: Start the application
-      if: ${{ inputs.start == 'true' }}
-      shell: bash
-      working-directory: ${{ inputs.path }}
-      run: |
-        if [ -n "${{ inputs.dashboard-image }}" ]; then
-          export NHOST_DASHBOARD_VERSION=${{ inputs.dashboard-image }}
-        fi
-        if [ -f .secrets.example ]; then
-          cp .secrets.example .secrets
-        fi
-        nhost up
-    - name: Log on failure
-      if: steps.wait.outcome == 'failure'
-      shell: bash
-      working-directory: ${{ inputs.path }}
-      run: |
-        nhost logs
-        exit 1
-    - name: Stop the application
-      if: ${{ inputs.stop == 'true' }}
-      shell: bash
-      working-directory: ${{ inputs.path }}
-      run: nhost down

.github/labeler.yml

@@ -1,25 +0,0 @@
-dashboard:
-  - any:
-      - changed-files:
-          - any-glob-to-any-file: ['dashboard/**/*']
-
-documentation:
-  - any: ['docs/**/*']
-
-examples:
-  - any: ['examples/**/*']
-
-sdk:
-  - any: ['packages/**/*']
-
-integrations:
-  - any: ['integrations/**/*']
-
-react:
-  - any: ['{packages,examples,integrations}/*react*/**/*']
-
-nextjs:
-  - any: ['{packages,examples}/*next*/**/*']
-
-vue:
-  - any: ['{packages,examples,integrations}/*vue*/**/*']

.github/workflows/changesets.yaml

@@ -1,157 +0,0 @@
-name: Release
-
-on:
-  push:
-    branches: [main]
-    paths-ignore:
-      - 'docs/**'
-      - 'examples/**'
-      - 'assets/**'
-      - '**.md'
-      - '!.changeset/**'
-      - 'LICENSE'
-  workflow_dispatch:
-
-env:
-  TURBO_TOKEN: ${{ secrets.TURBO_TOKEN }}
-  TURBO_TEAM: nhost
-  DASHBOARD_PACKAGE: '@nhost/dashboard'
-
-jobs:
-  version:
-    name: Version
-    runs-on: ubuntu-latest
-    outputs:
-      hasChangesets: ${{ steps.changesets.outputs.hasChangesets }}
-      dashboardVersion: ${{ steps.dashboard.outputs.dashboardVersion }}
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v3
-        with:
-          fetch-depth: 0
-      - name: Install Node and dependencies
-        uses: ./.github/actions/install-dependencies
-        with:
-          TURBO_TOKEN: ${{ env.TURBO_TOKEN }}
-          TURBO_TEAM: ${{ env.TURBO_TEAM }}
-      - name: Create PR or Publish release
-        id: changesets
-        uses: changesets/action@v1
-        with:
-          version: pnpm run ci:version
-          commit: 'chore: update versions'
-          title: 'chore: update versions'
-          publish: pnpm run release
-          createGithubReleases: false
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
-      - name: Check Dashboard tag
-        id: dashboard
-        if: steps.changesets.outputs.hasChangesets == 'false'
-        run: |
-          DASHBOARD_VERSION=$(jq -r .version dashboard/package.json)
-          GIT_TAG="${{ env.DASHBOARD_PACKAGE}}@$DASHBOARD_VERSION"
-          if [ -z "$(git tag -l | grep $GIT_TAG)" ]; then
-            echo "dashboardVersion=$DASHBOARD_VERSION" >> $GITHUB_OUTPUT
-          fi
-
-  test:
-    needs: version
-    name: Dashboard
-    if: needs.version.outputs.dashboardVersion != ''
-    uses: ./.github/workflows/dashboard.yaml
-    secrets: inherit
-
-  publish-vercel:
-    name: Publish to Vercel
-    needs:
-      - test
-    uses: ./.github/workflows/deploy-dashboard.yaml
-    with:
-      git_ref: ${{ github.ref_name }}
-      environment: production
-    secrets: inherit
-
-  publish-docker:
-    name: Publish to Docker Hub
-    runs-on: ubuntu-latest
-    needs:
-      - test
-      - version
-      - publish-vercel
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v3
-        with:
-          fetch-depth: 0
-      - name: Add git tag
-        run: |
-          git tag "${{ env.DASHBOARD_PACKAGE }}@${{ needs.version.outputs.dashboardVersion }}"
-          git push origin --tags
-      - name: Docker meta
-        id: meta
-        uses: docker/metadata-action@v4
-        with:
-          images: |
-            nhost/dashboard
-          tags: |
-            type=raw,value=latest,enable=true
-            type=semver,pattern={{version}},value=v${{ needs.version.outputs.dashboardVersion }}
-            type=semver,pattern={{major}}.{{minor}},value=v${{ needs.version.outputs.dashboardVersion }}
-            type=semver,pattern={{major}},value=v${{ needs.version.outputs.dashboardVersion }}
-            type=sha
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
-      - name: Login to DockerHub
-        uses: docker/login-action@v2
-        with:
-          username: ${{ secrets.DOCKER_USERNAME }}
-          password: ${{ secrets.DOCKER_PASSWORD }}
-      - name: Build and push to Docker Hub
-        uses: docker/build-push-action@v4
-        timeout-minutes: 90
-        with:
-          context: .
-          file: ./dashboard/Dockerfile
-          platforms: linux/amd64,linux/arm64
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
-          build-args: |
-            TURBO_TOKEN=${{ env.TURBO_TOKEN }}
-            TURBO_TEAM=${{ env.TURBO_TEAM }}
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
-          push: true
-
-  bump-cli:
-    name: Bump Dashboard version in the Nhost CLI
-    runs-on: ubuntu-latest
-    needs:
-      - version
-      - publish-docker
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v3
-        with:
-          repository: nhost/cli
-          token: ${{ secrets.GH_PAT }}
-          fetch-depth: 0
-      - name: Bump version in source code
-        run: |
-          IMAGE=$(echo ${{ env.DASHBOARD_PACKAGE }} | sed 's/@\(.\+\)\/\(.\+\)/\1\\\/\2/g')
-          VERSION="${{ needs.version.outputs.dashboardVersion }}"
-          EXPRESSION='s/"'$IMAGE':[0-9]\+\.[0-9]\+\.[0-9]\+"/"'$IMAGE':'$VERSION'"/g'
-          find ./ -type f -exec sed -i -e $EXPRESSION {} \;
-      - name: Create Pull Request
-        uses: peter-evans/create-pull-request@v5
-        with:
-          token: ${{ secrets.GH_PAT }}
-          commit-message: 'chore: bump nhost/dashboard to ${{ needs.version.outputs.dashboardVersion }}'
-          branch: bump-dashboard-version
-          delete-branch: true
-          title: 'chore: bump nhost/dashboard to ${{ needs.version.outputs.dashboardVersion }}'
-          body: |
-            This PR bumps the Nhost Dashboard Docker image to version ${{ needs.version.outputs.dashboardVersion }}.

.github/workflows/ci.yaml

@@ -1,214 +0,0 @@
-name: Continuous Integration
-
-on:
-  push:
-    branches: [main]
-    paths-ignore:
-      - 'assets/**'
-      - '**.md'
-      - 'LICENSE'
-      - 'docs/**'
-  pull_request:
-    types: [opened, synchronize]
-    paths-ignore:
-      - 'assets/**'
-      - '**.md'
-      - 'LICENSE'
-      - 'docs/**'
-env:
-  TURBO_TOKEN: ${{ secrets.TURBO_TOKEN }}
-  TURBO_TEAM: nhost
-  NEXT_PUBLIC_ENV: dev
-  NEXT_TELEMETRY_DISABLED: 1
-  NHOST_TEST_DASHBOARD_URL: ${{ vars.NHOST_TEST_DASHBOARD_URL }}
-  NHOST_TEST_PROJECT_NAME: ${{ vars.NHOST_TEST_PROJECT_NAME }}
-  NHOST_TEST_ORGANIZATION_NAME: ${{ vars.NHOST_TEST_ORGANIZATION_NAME }}
-  NHOST_TEST_ORGANIZATION_SLUG: ${{ vars.NHOST_TEST_ORGANIZATION_SLUG }}
-  NHOST_TEST_PERSONAL_ORG_SLUG: ${{ vars.NHOST_TEST_PERSONAL_ORG_SLUG }}
-  NHOST_TEST_PROJECT_SUBDOMAIN: ${{ vars.NHOST_TEST_PROJECT_SUBDOMAIN }}
-  NHOST_PRO_TEST_PROJECT_NAME: ${{ vars.NHOST_PRO_TEST_PROJECT_NAME }}
-  NHOST_TEST_USER_EMAIL: ${{ secrets.NHOST_TEST_USER_EMAIL }}
-  NHOST_TEST_USER_PASSWORD: ${{ secrets.NHOST_TEST_USER_PASSWORD }}
-  NHOST_TEST_PROJECT_ADMIN_SECRET: '${{ secrets.NHOST_TEST_PROJECT_ADMIN_SECRET }}'
-  NHOST_TEST_FREE_USER_EMAILS: ${{ secrets.NHOST_TEST_FREE_USER_EMAILS }}
-
-jobs:
-  build:
-    name: Build @nhost packages
-    runs-on: blacksmith-2vcpu-ubuntu-2404
-    steps:
-      - uses: actions/checkout@v3
-        with:
-          fetch-depth: 0
-      # * Install Node and dependencies. Package downloads will be cached for the next jobs.
-      - name: Install Node and dependencies
-        uses: ./.github/actions/install-dependencies
-        with:
-          TURBO_TOKEN: ${{ env.TURBO_TOKEN }}
-          TURBO_TEAM: ${{ env.TURBO_TEAM }}
-          BUILD: 'all'
-      - name: Check if the pnpm lockfile changed
-        id: changed-lockfile
-        uses: tj-actions/changed-files@v37
-        with:
-          files: pnpm-lock.yaml
-      # * Determine a pnpm filter argument for packages that have been modified.
-      # * If the lockfile has changed, we don't filter anything in order to run all the e2e tests.
-      - name: filter packages
-        id: filter-packages
-        if: steps.changed-lockfile.outputs.any_changed != 'true' && github.event_name == 'pull_request'
-        run: echo "filter=${{ format('--filter=...[origin/{0}]', github.base_ref) }}" >> $GITHUB_OUTPUT
-      # * List packagesthat has an `e2e` script, except the root, and return an array of their name and path
-      # * In a PR, only include packages that have been modified, and their dependencies
-      - name: List examples with an e2e script
-        id: set-matrix
-        run: |
-          PACKAGES=$(pnpm recursive list --depth -1 --parseable --filter='!nhost-root' ${{ steps.filter-packages.outputs.filter }} \
-            | xargs -I@ realpath --relative-to=$PWD @ \
-            | xargs -I@ jq "if (.scripts.e2e | length) != 0  then {name: .name, path: \"@\"} else null end" @/package.json \
-            | awk "!/null/" \
-            | jq -c --slurp 'map(select(length > 0))')
-          echo "matrix=$PACKAGES" >> $GITHUB_OUTPUT
-    outputs:
-      matrix: ${{ steps.set-matrix.outputs.matrix }}
-
-  unit:
-    name: Unit tests
-    needs: build
-    runs-on: blacksmith-2vcpu-ubuntu-2404
-    steps:
-      - uses: actions/checkout@v3
-      # * Install Node and dependencies. Package dependencies won't be downloaded again as they have been cached by the `build` job.
-      - name: Install Node and dependencies
-        uses: ./.github/actions/install-dependencies
-        with:
-          TURBO_TOKEN: ${{ env.TURBO_TOKEN }}
-          TURBO_TEAM: ${{ env.TURBO_TEAM }}
-      # * Run every `test` script in the workspace . Dependencies build is cached by Turborepo
-      - name: Run unit tests
-        run: pnpm run test:all
-      - name: Upload coverage to Codecov
-        uses: codecov/codecov-action@v3
-        with:
-          files: '**/coverage/coverage-final.json'
-          name: codecov-umbrella
-      - name: Create summary
-        run: |
-          echo '### Code coverage' >> $GITHUB_STEP_SUMMARY
-          echo 'Visit [codecov](https://app.codecov.io/gh/nhost/nhost/) to see the code coverage reports' >> $GITHUB_STEP_SUMMARY
-
-  lint:
-    name: Lint
-    needs: build
-    runs-on: blacksmith-2vcpu-ubuntu-2404
-    steps:
-      - uses: actions/checkout@v3
-      # * Install Node and dependencies. Package dependencies won't be downloaded again as they have been cached by the `build` job.
-      - name: Install Node and dependencies
-        uses: ./.github/actions/install-dependencies
-        with:
-          TURBO_TOKEN: ${{ env.TURBO_TOKEN }}
-          TURBO_TEAM: ${{ env.TURBO_TEAM }}
-      - name: Enforce Prettier formatting in dashboard
-        working-directory: ./dashboard
-        run: pnpm prettier --check "./**/*.tsx" --config prettier.config.js
-      # * Run every `lint` script in the workspace . Dependencies build is cached by Turborepo
-      - name: Lint
-        run: pnpm run lint:all
-      - name: Audit for vulnerabilities
-        run: pnpx audit-ci --config ./audit-ci.jsonc
-
-  e2e:
-    name: 'E2E (Package: ${{ matrix.package.path }})'
-    needs: build
-    if: ${{ needs.build.outputs.matrix != '[]' && needs.build.outputs.matrix != '' }}
-    strategy:
-      # * Don't cancel other matrices when one fails
-      fail-fast: false
-      matrix:
-        package: ${{ fromJson(needs.build.outputs.matrix) }}
-    runs-on: blacksmith-2vcpu-ubuntu-2404
-    steps:
-      - uses: actions/checkout@v3
-      # * Install Node and dependencies. Package dependencies won't be downloaded again as they have been cached by the `build` job.
-      - name: Install Node and dependencies
-        uses: ./.github/actions/install-dependencies
-        with:
-          TURBO_TOKEN: ${{ env.TURBO_TOKEN }}
-          TURBO_TEAM: ${{ env.TURBO_TEAM }}
-      # * Build Dashboard image to test it locally
-      - name: Build Dashboard local image
-        if: matrix.package.path == 'dashboard'
-        run: |
-          docker build -t nhost/dashboard:0.0.0-dev -f ${{ matrix.package.path }}/Dockerfile .
-          mkdir -p nhost-test-project
-      # * Install Nhost CLI if a `nhost/config.yaml` file is found
-      - name: Install Nhost CLI
-        if: hashFiles(format('{0}/nhost/config.yaml', matrix.package.path)) != '' && matrix.package.path != 'dashboard'
-        uses: ./.github/actions/nhost-cli
-      # * Install Nhost CLI to test Dashboard locally
-      - name: Install Nhost CLI (Local Dashboard tests)
-        timeout-minutes: 5
-        if: matrix.package.path == 'dashboard'
-        uses: ./.github/actions/nhost-cli
-        with:
-          init: 'true' # Initialize the application
-          start: 'true' # Start the application
-          path: ./nhost-test-project
-          wait: 'true' # Wait until the application is ready
-          dashboard-image: 'nhost/dashboard:0.0.0-dev'
-      - name: Fetch Dashboard Preview URL
-        id: fetch-dashboard-preview-url
-        uses: zentered/vercel-preview-url@v1.1.9
-        if: github.ref_name != 'main'
-        env:
-          VERCEL_TOKEN: ${{ secrets.DASHBOARD_VERCEL_DEPLOY_TOKEN }}
-          GITHUB_REF: ${{ github.ref_name }}
-          GITHUB_REPOSITORY: ${{ github.repository }}
-        with:
-          vercel_team_id: ${{ secrets.DASHBOARD_VERCEL_TEAM_ID }}
-          vercel_project_id: ${{ secrets.DASHBOARD_STAGING_VERCEL_PROJECT_ID }}
-          vercel_state: BUILDING,READY,INITIALIZING
-      - name: Set Dashboard Preview URL
-        if: steps.fetch-dashboard-preview-url.outputs.preview_url != ''
-        run: echo "NHOST_TEST_DASHBOARD_URL=https://${{ steps.fetch-dashboard-preview-url.outputs.preview_url }}" >> $GITHUB_ENV
-      - name: Run Onboarding Dashboard e2e tests
-        if: matrix.package.path == 'dashboard'
-        timeout-minutes: 10
-        run: pnpm --filter="${{ matrix.package.name }}" run e2e:onboarding
-      # * Run the `ci` script of the current package of the matrix. Dependencies build is cached by Turborepo
-      - name: Run e2e tests
-        timeout-minutes: 20
-        run: pnpm --filter="${{ matrix.package.name }}" run e2e
-      # * Run the `e2e-local` script of the dashboard
-      - name: Run Local Dashboard e2e tests
-        if: matrix.package.path == 'dashboard'
-        timeout-minutes: 5
-        run: pnpm --filter="${{ matrix.package.name }}" run e2e:local
-
-      - name: Stop Nhost CLI
-        if: matrix.package.path == 'dashboard'
-        working-directory: ./nhost-test-project
-        run: nhost down
-      - name: Stop Nhost CLI for packages
-        if: always() && (matrix.package.path == 'packages/hasura-auth-js' || matrix.package.path == 'packages/hasura-storage-js')
-        working-directory: ./${{ matrix.package.path }}
-        run: nhost down
-
-      - name: Encrypt Playwright report
-        if: ${{ failure() && hashFiles('dashboard/playwright-report/**') != ''}}
-        run: |
-          tar -czf dashboard/playwright-report.tar.gz dashboard/playwright-report/
-          openssl enc -aes-256-cbc -salt -pbkdf2 -iter 100000 \
-            -in dashboard/playwright-report.tar.gz \
-            -out playwright-report.tar.gz.enc \
-            -k "${{ secrets.PLAYWRIGHT_REPORT_ENCRYPTION_KEY }}"
-          rm dashboard/playwright-report.tar.gz
-
-      - name: Upload encrypted Playwright report
-        uses: actions/upload-artifact@v4
-        if: ${{ failure() && hashFiles('dashboard/playwright-report/**') != ''}}
-        with:
-          name: encrypted-playwright-report-${{ github.run_id }}
-          path: playwright-report.tar.gz.enc
-          retention-days: 1

.github/workflows/dashboard.yaml

@@ -1,49 +0,0 @@
-name: 'Dashboard'
-
-on:
-  workflow_call:
-
-env:
-  TURBO_TOKEN: ${{ secrets.TURBO_TOKEN }}
-  TURBO_TEAM: nhost
-  NEXT_PUBLIC_ENV: dev
-  NEXT_TELEMETRY_DISABLED: 1
-
-jobs:
-  build:
-    name: Build
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-      - name: Install Node and dependencies
-        uses: ./.github/actions/install-dependencies
-        with:
-          TURBO_TOKEN: ${{ env.TURBO_TOKEN }}
-          TURBO_TEAM: ${{ env.TURBO_TEAM }}
-      - name: Build the application
-        run: pnpm build:dashboard
-
-  tests:
-    name: Tests
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-      - name: Install Node and dependencies
-        uses: ./.github/actions/install-dependencies
-        with:
-          TURBO_TOKEN: ${{ env.TURBO_TOKEN }}
-          TURBO_TEAM: ${{ env.TURBO_TEAM }}
-      - name: Run tests
-        run: pnpm test:dashboard
-
-  lint:
-    name: Lint
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-      - name: Install Node and dependencies
-        uses: ./.github/actions/install-dependencies
-        with:
-          TURBO_TOKEN: ${{ env.TURBO_TOKEN }}
-          TURBO_TEAM: ${{ env.TURBO_TEAM }}
-      - run: pnpm lint:dashboard

.github/workflows/dashboard_checks.yaml

@@ -0,0 +1,122 @@
+---
+name: "dashboard: check and build"
+on:
+  pull_request:
+    paths:
+      - '.github/workflows/wf_build_artifacts.yaml'
+      - '.github/workflows/wf_check.yaml'
+      - '.github/workflows/dashboard_checks.yaml'
+      - 'build/**'
+      - 'nix/**'
+      - 'dashboard/**'
+      - 'tools/cuegraph/types/**'
+      - ".npmrc"
+      - "package.json"
+      - "pnpm-workspace.yaml"
+      - "pnpm-lock.yaml"
+      - "turbo.json"
+  push:
+    branches:
+      - main
+
+jobs:
+  check-permissions:
+    runs-on: ubuntu-latest
+    steps:
+      - run: |
+          echo "github.event_name: ${{ github.event_name }}"
+          echo "github.event.pull_request.author_association: ${{ github.event.pull_request.author_association }}"
+      - name: "This task will run and fail if user has no permissions and label safe_to_test isn't present"
+        if: "github.event_name == 'pull_request_target' && ! ( contains(github.event.pull_request.labels.*.name, 'safe_to_test') || contains(fromJson('[\"OWNER\", \"MEMBER\", \"COLLABORATOR\"]'), github.event.pull_request.author_association) )"
+        run: |
+          exit 1
+
+  deploy-vercel:
+    uses: ./.github/workflows/wf_deploy_vercel.yaml
+    needs:
+      - check-permissions
+    with:
+      NAME: dashboard
+      GIT_REF: ${{ github.sha }}
+      ENVIRONMENT: preview
+    secrets:
+      AWS_ACCOUNT_ID: ${{ secrets.AWS_PRODUCTION_CORE_ACCOUNT_ID }}
+      NIX_CACHE_PUB_KEY: ${{ secrets.NIX_CACHE_PUB_KEY }}
+      NIX_CACHE_PRIV_KEY: ${{ secrets.NIX_CACHE_PRIV_KEY }}
+      VERCEL_TEAM_ID: ${{ secrets.DASHBOARD_VERCEL_TEAM_ID }}
+      VERCEL_PROJECT_ID: ${{ secrets.DASHBOARD_STAGING_VERCEL_PROJECT_ID }}
+      VERCEL_DEPLOY_TOKEN: ${{ secrets.DASHBOARD_VERCEL_DEPLOY_TOKEN }}
+
+
+  build_artifacts:
+    uses: ./.github/workflows/wf_build_artifacts.yaml
+    needs:
+      - check-permissions
+    with:
+      NAME: dashboard
+      PATH: dashboard
+      GIT_REF: ${{ github.sha }}
+      VERSION: 0.0.0-dev # we use a fixed version here to avoid unnecessary rebuilds
+      DOCKER: true
+    secrets:
+      AWS_ACCOUNT_ID: ${{ secrets.AWS_PRODUCTION_CORE_ACCOUNT_ID }}
+      NIX_CACHE_PUB_KEY: ${{ secrets.NIX_CACHE_PUB_KEY }}
+      NIX_CACHE_PRIV_KEY: ${{ secrets.NIX_CACHE_PRIV_KEY }}
+
+
+  tests:
+    uses: ./.github/workflows/wf_check.yaml
+    needs:
+      - check-permissions
+      - build_artifacts
+    with:
+      NAME: dashboard
+      PATH: dashboard
+      GIT_REF: ${{ github.sha }}
+    secrets:
+      AWS_ACCOUNT_ID: ${{ secrets.AWS_PRODUCTION_CORE_ACCOUNT_ID }}
+      NIX_CACHE_PUB_KEY: ${{ secrets.NIX_CACHE_PUB_KEY }}
+      NIX_CACHE_PRIV_KEY: ${{ secrets.NIX_CACHE_PRIV_KEY }}
+
+
+  e2e_staging:
+    uses: ./.github/workflows/wf_dashboard_e2e_staging.yaml
+    needs:
+      - check-permissions
+      - deploy-vercel
+      - build_artifacts
+    with:
+      NAME: dashboard
+      PATH: dashboard
+      GIT_REF: ${{ github.sha }}
+      NHOST_TEST_DASHBOARD_URL: ${{ needs.deploy-vercel.outputs.preview-url }}
+      NHOST_TEST_PROJECT_NAME: ${{ vars.NHOST_TEST_PROJECT_NAME }}
+      NHOST_TEST_ORGANIZATION_NAME: ${{ vars.NHOST_TEST_ORGANIZATION_NAME }}
+      NHOST_TEST_ORGANIZATION_SLUG: ${{ vars.NHOST_TEST_ORGANIZATION_SLUG }}
+      NHOST_TEST_PERSONAL_ORG_SLUG: ${{ vars.NHOST_TEST_PERSONAL_ORG_SLUG }}
+      NHOST_TEST_PROJECT_SUBDOMAIN: ${{ vars.NHOST_TEST_PROJECT_SUBDOMAIN }}
+      NHOST_PRO_TEST_PROJECT_NAME: ${{ vars.NHOST_PRO_TEST_PROJECT_NAME }}
+    secrets:
+      AWS_ACCOUNT_ID: ${{ secrets.AWS_PRODUCTION_CORE_ACCOUNT_ID }}
+      NIX_CACHE_PUB_KEY: ${{ secrets.NIX_CACHE_PUB_KEY }}
+      NIX_CACHE_PRIV_KEY: ${{ secrets.NIX_CACHE_PRIV_KEY }}
+      DASHBOARD_VERCEL_DEPLOY_TOKEN: ${{ secrets.DASHBOARD_VERCEL_DEPLOY_TOKEN }}
+      DASHBOARD_VERCEL_TEAM_ID: ${{ secrets.DASHBOARD_VERCEL_TEAM_ID }}
+      DASHBOARD_STAGING_VERCEL_PROJECT_ID: ${{ secrets.DASHBOARD_STAGING_VERCEL_PROJECT_ID }}
+      NHOST_TEST_USER_EMAIL: ${{ secrets.NHOST_TEST_USER_EMAIL }}
+      NHOST_TEST_USER_PASSWORD: ${{ secrets.NHOST_TEST_USER_PASSWORD }}
+      NHOST_TEST_PROJECT_ADMIN_SECRET: ${{ secrets.NHOST_TEST_PROJECT_ADMIN_SECRET }}
+      NHOST_TEST_FREE_USER_EMAILS: ${{ secrets.NHOST_TEST_FREE_USER_EMAILS }}
+      PLAYWRIGHT_REPORT_ENCRYPTION_KEY: ${{ secrets.PLAYWRIGHT_REPORT_ENCRYPTION_KEY }}
+
+  remove_label:
+    runs-on: ubuntu-latest
+    needs:
+      - check-permissions
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions-ecosystem/action-remove-labels@v1
+        with:
+          labels: |
+            safe_to_test
+    if: contains(github.event.pull_request.labels.*.name, 'safe_to_test')

.github/workflows/deploy-dashboard.yaml

@@ -1,86 +0,0 @@
-name: 'dashboard: release form'
-
-on:
-  workflow_dispatch:
-    inputs:
-      git_ref:
-        type: string
-        description: 'Branch, tag, or commit SHA'
-        required: true
-
-      environment:
-        type: choice
-        description: 'Deployment environment'
-        required: true
-        default: staging
-        options:
-          - staging
-          - production
-
-  workflow_call:
-    inputs:
-      git_ref:
-        required: true
-        type: string
-      environment:
-        required: true
-        type: string
-
-jobs:
-  publish-vercel:
-    name: Publish to Vercel
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
-        with:
-          ref: ${{ inputs.git_ref }}
-          fetch-depth: 0
-
-      - name: Install Node and dependencies
-        uses: ./.github/actions/install-dependencies
-        with:
-          TURBO_TOKEN: ${{ secrets.TURBO_TOKEN }}
-          TURBO_TEAM: ${{ secrets.TURBO_TEAM }}
-
-      - name: Setup Vercel CLI
-        run: pnpm add -g vercel
-
-      - name: Trigger Vercel deployment
-        env:
-          VERCEL_ORG_ID: ${{ secrets.DASHBOARD_VERCEL_TEAM_ID }}
-          VERCEL_PROJECT_ID: ${{ inputs.environment == 'production' && secrets.DASHBOARD_VERCEL_PROJECT_ID || secrets.DASHBOARD_STAGING_VERCEL_PROJECT_ID }}
-        run: |
-          echo "Deploying to: ${{ inputs.environment }}..."
-          vercel pull --environment=production --token=${{ secrets.DASHBOARD_VERCEL_DEPLOY_TOKEN }}
-          vercel build --prod --token=${{ secrets.DASHBOARD_VERCEL_DEPLOY_TOKEN }}
-          vercel deploy --prebuilt --prod --token=${{ secrets.DASHBOARD_VERCEL_DEPLOY_TOKEN }}
-
-      - name: Send Discord notification (success)
-        if: success()
-        uses: tsickert/discord-webhook@v7.0.0
-        with:
-          webhook-url: ${{ secrets.DISCORD_WEBHOOK_PRODUCTION }}
-          embed-title: "Dashboard Deployment"
-          embed-description: |
-            **Status**: success
-            **Triggered by**: ${{ github.actor }}
-
-            **Inputs**:
-            - Git Ref: ${{ inputs.git_ref }}
-          embed-color: '5763719'
-
-      - name: Send Discord notification (failure)
-        if: failure()
-        uses: tsickert/discord-webhook@v7.0.0
-        with:
-          webhook-url: ${{ secrets.DISCORD_WEBHOOK_PRODUCTION }}
-          embed-title: "Dashboard Deployment"
-          embed-description: |
-            **Status**: failure
-            **Triggered by**: ${{ github.actor }}
-
-            **Inputs**:
-            - Git Ref: ${{ inputs.git_ref }}
-          embed-color: '15548997'

.github/workflows/labeler.yaml

@@ -1,14 +0,0 @@
-name: 'Pull Request Labeler'
-on:
-  - pull_request_target
-
-jobs:
-  labeler:
-    permissions:
-      contents: read
-      pull-requests: write
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/labeler@v5
-        with:
-          repo-token: ${{ secrets.GH_PAT }}

.github/workflows/test-nhost-cli-action.yaml

@@ -1,79 +0,0 @@
-name: Test Nhost CLI action
-
-on:
-  pull_request:
-    branches: [main]
-    types: [opened, synchronize]
-    paths:
-      - '.github/actions/nhost-cli/**'
-      - '!.github/actions/nhost-cli/**/*.md'
-
-jobs:
-  install:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-      - name: Install the Nhost CLI
-        uses: ./.github/actions/nhost-cli
-      - name: should succeed running the nhost command
-        run: nhost
-
-  start:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-      - name: Install the Nhost CLI and start the application
-        uses: ./.github/actions/nhost-cli
-        with:
-          init: true
-          start: true
-      - name: should be running
-        run: curl -sSf 'https://local.hasura.local.nhost.run/' > /dev/null
-
-  stop:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-      - name: Install the Nhost CLI, start and stop the application
-        uses: ./.github/actions/nhost-cli
-        with:
-          init: true
-          start: true
-          stop: true
-      - name: should have no live docker container
-        run: |
-          if [ -z "docker ps -q" ]; then
-            echo "Some docker containers are still running"
-            docker ps
-            exit 1
-          fi
-
-  config:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-      - name: Install the Nhost CLI and run the application
-        uses: ./.github/actions/nhost-cli
-        with:
-          init: true
-          version: v1.29.3
-          start: true
-      - name: should find the injected hasura-auth version
-        run: |
-          VERSION=$(curl -sSf 'https://local.auth.local.nhost.run/v1/version')
-          EXPECTED_VERSION='{"version":"0.36.1"}'
-          if [ "$VERSION" != "$EXPECTED_VERSION" ]; then
-            echo "Expected version $EXPECTED_VERSION but got $VERSION"
-            exit 1
-          fi
-
-  version:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-      - name: Install the Nhost CLI
-        uses: ./.github/actions/nhost-cli
-        with:
-          version: v1.27.2
-      - name: should find the correct version
-        run: nhost --version | head -n 1 | grep v1.27.2 || exit 1

.github/workflows/wf_build_artifacts.yaml

@@ -0,0 +1,109 @@
+---
+on:
+  workflow_call:
+    inputs:
+      NAME:
+        type: string
+        required: true
+      GIT_REF:
+        type: string
+        required: false
+      VERSION:
+        type: string
+        required: true
+      PATH:
+        type: string
+        required: true
+      DOCKER:
+        type: boolean
+        required: true
+    secrets:
+      AWS_ACCOUNT_ID:
+        required: true
+      NIX_CACHE_PUB_KEY:
+        required: true
+      NIX_CACHE_PRIV_KEY:
+        required: true
+
+jobs:
+  artifacts:
+    permissions:
+      id-token: write
+      contents: write
+
+    defaults:
+      run:
+        working-directory: ${{ inputs.PATH }}
+
+    strategy:
+      matrix:
+        os: [blacksmith-2vcpu-ubuntu-2404-arm, blacksmith-2vcpu-ubuntu-2404]
+      fail-fast: true
+
+    runs-on: ${{ matrix.os }}
+    timeout-minutes: 180
+
+    steps:
+    - name: "Check out repository"
+      uses: actions/checkout@v4
+      with:
+        fetch-depth: 0
+        ref: ${{ inputs.GIT_REF }}
+
+    - name: Configure aws
+      uses: aws-actions/configure-aws-credentials@v4
+      with:
+        role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/github-actions-nhost-${{ github.event.repository.name }}
+        aws-region: eu-central-1
+
+    - uses: cachix/install-nix-action@v31
+      with:
+        install_url: "https://releases.nixos.org/nix/nix-2.22.3/install"
+        install_options: "--no-daemon"
+        extra_nix_config: |
+          experimental-features = nix-command flakes
+          sandbox = false
+          access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
+          substituters = https://cache.nixos.org/?priority=40 s3://nhost-nix-cache?region=eu-central-1&priority=50
+          trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= ${{ secrets.NIX_CACHE_PUB_KEY }}
+
+    - name: Compute common env vars
+      id: vars
+      run: |
+        echo "VERSION=$(make get-version VER=${{ inputs.VERSION }})" >> $GITHUB_OUTPUT
+        ARCH=$([ "${{ runner.arch }}" == "X64" ] && echo "x86_64" || echo "aarch64")
+        echo "ARCH=${ARCH}" >> $GITHUB_OUTPUT
+
+    - name: "Build artifact"
+      run: |
+        make build
+        zip -r result.zip result
+
+    - name: "Push artifact to artifact repository"
+      uses: actions/upload-artifact@v4
+      with:
+        name: ${{ inputs.NAME }}-artifact-${{ steps.vars.outputs.ARCH }}-${{ steps.vars.outputs.VERSION }}
+        path: ${{ inputs.PATH }}/result.zip
+        retention-days: 7
+
+    - name: "Build docker image"
+      run: |
+        sudo chmod 755 /run/containers
+        sudo mkdir -p "/run/containers/$(id -u runner)"
+        sudo chown runner: "/run/containers/$(id -u runner)"
+        make build-docker-image
+      if: ${{ ( inputs.DOCKER ) }}
+
+    - name: "Push docker image to artifact repository"
+      uses: actions/upload-artifact@v4
+      with:
+        name: ${{ inputs.NAME }}-docker-image-${{ steps.vars.outputs.ARCH }}-${{ steps.vars.outputs.VERSION }}
+        path: ${{ inputs.PATH }}/result
+        retention-days: 7
+      if: ${{ ( inputs.DOCKER ) }}
+
+    - name: "Cache build"
+      run: |
+        nix store sign --key-file <(echo "${{ secrets.NIX_CACHE_PRIV_KEY }}") --all
+        find /nix/store -maxdepth 1 -name "*-*" -type d | xargs -n 25 nix copy --to s3://nhost-nix-cache\?region=eu-central-1
+      if: always()

.github/workflows/wf_check.yaml

@@ -0,0 +1,88 @@
+---
+on:
+  workflow_call:
+    inputs:
+      NAME:
+        type: string
+        required: true
+      PATH:
+        type: string
+        required: true
+      GIT_REF:
+        type: string
+        required: false
+    secrets:
+      AWS_ACCOUNT_ID:
+        required: true
+      NIX_CACHE_PUB_KEY:
+        required: true
+      NIX_CACHE_PRIV_KEY:
+        required: true
+
+jobs:
+  tests:
+    runs-on: blacksmith-2vcpu-ubuntu-2404
+    timeout-minutes: 30
+
+    defaults:
+      run:
+        working-directory: ${{ inputs.PATH }}
+
+    permissions:
+      id-token: write
+      contents: write
+      actions: read
+
+    steps:
+    - name: "Check out repository"
+      uses: actions/checkout@v4
+      with:
+        fetch-depth: 0
+        ref: ${{ inputs.GIT_REF }}
+
+    - name: Collect Workflow Telemetry
+      uses: catchpoint/workflow-telemetry-action@v2
+      with:
+        comment_on_pr: false
+
+    - name: Configure aws
+      uses: aws-actions/configure-aws-credentials@v4
+      with:
+        role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/github-actions-nhost-${{ github.event.repository.name }}
+        aws-region: eu-central-1
+
+    - uses: cachix/install-nix-action@v31
+      with:
+        install_url: "https://releases.nixos.org/nix/nix-2.22.3/install"
+        install_options: "--no-daemon"
+        extra_nix_config: |
+          experimental-features = nix-command flakes
+          sandbox = false
+          access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
+          substituters = https://cache.nixos.org/?priority=40 s3://nhost-nix-cache?region=eu-central-1&priority=50
+          trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= ${{ secrets.NIX_CACHE_PUB_KEY }}
+
+    - name: "Verify if we need to build"
+      id: verify-build
+      run: |
+        export drvPath=$(make check-dry-run)
+        nix store verify --no-trust --store s3://nhost-nix-cache\?region=eu-central-1 $drvPath \
+          && export BUILD_NEEDED=no \
+          || export BUILD_NEEDED=yes
+        echo BUILD_NEEDED=$BUILD_NEEDED >> $GITHUB_OUTPUT
+        echo DERIVATION_PATH=$drvPath >> $GITHUB_OUTPUT
+
+    - name: "Start containters for integration tests"
+      run: |
+        nix develop .\#${{ inputs.NAME }} -c make dev-env-up
+      if: ${{ steps.verify-build.outputs.BUILD_NEEDED == 'yes' }}
+
+    - name: "Run checks"
+      run: make check
+      if: ${{ steps.verify-build.outputs.BUILD_NEEDED == 'yes' }}
+
+    - name: "Cache build"
+      run: |
+        nix store sign --key-file <(echo "${{ secrets.NIX_CACHE_PRIV_KEY }}") --all
+        find /nix/store -maxdepth 1 -name "*-*" -type d | xargs -n 25 nix copy --to s3://nhost-nix-cache\?region=eu-central-1
+      if: always()

.github/workflows/wf_dashboard_e2e_staging.yaml

@@ -0,0 +1,152 @@
+---
+on:
+  workflow_call:
+    inputs:
+      NAME:
+        type: string
+        required: true
+      PATH:
+        type: string
+        required: true
+      GIT_REF:
+        type: string
+        required: false
+      NHOST_TEST_DASHBOARD_URL:
+        type: string
+        required: true
+      NHOST_TEST_PROJECT_NAME:
+        type: string
+        required: true
+      NHOST_TEST_ORGANIZATION_NAME:
+        type: string
+        required: true
+      NHOST_TEST_ORGANIZATION_SLUG:
+        type: string
+        required: true
+      NHOST_TEST_PERSONAL_ORG_SLUG:
+        type: string
+        required: true
+      NHOST_TEST_PROJECT_SUBDOMAIN:
+        type: string
+        required: true
+      NHOST_PRO_TEST_PROJECT_NAME:
+        type: string
+        required: true
+    secrets:
+      AWS_ACCOUNT_ID:
+        required: true
+      NIX_CACHE_PUB_KEY:
+        required: true
+      NIX_CACHE_PRIV_KEY:
+        required: true
+      DASHBOARD_VERCEL_DEPLOY_TOKEN:
+        required: true
+      DASHBOARD_VERCEL_TEAM_ID:
+        required: true
+      DASHBOARD_STAGING_VERCEL_PROJECT_ID:
+        required: true
+      NHOST_TEST_USER_EMAIL:
+        required: true
+      NHOST_TEST_USER_PASSWORD:
+        required: true
+      NHOST_TEST_PROJECT_ADMIN_SECRET:
+        required: true
+      NHOST_TEST_FREE_USER_EMAILS:
+        required: true
+      PLAYWRIGHT_REPORT_ENCRYPTION_KEY:
+        required: true
+
+env:
+  NEXT_PUBLIC_ENV: dev
+  NEXT_TELEMETRY_DISABLED: 1
+  NHOST_TEST_DASHBOARD_URL: ${{ inputs.NHOST_TEST_DASHBOARD_URL }}
+  NHOST_TEST_PROJECT_NAME: ${{ inputs.NHOST_TEST_PROJECT_NAME }}
+  NHOST_TEST_ORGANIZATION_NAME: ${{ inputs.NHOST_TEST_ORGANIZATION_NAME }}
+  NHOST_TEST_ORGANIZATION_SLUG: ${{ inputs.NHOST_TEST_ORGANIZATION_SLUG }}
+  NHOST_TEST_PERSONAL_ORG_SLUG: ${{ inputs.NHOST_TEST_PERSONAL_ORG_SLUG }}
+  NHOST_TEST_PROJECT_SUBDOMAIN: ${{ inputs.NHOST_TEST_PROJECT_SUBDOMAIN }}
+  NHOST_PRO_TEST_PROJECT_NAME: ${{ inputs.NHOST_PRO_TEST_PROJECT_NAME }}
+  NHOST_TEST_USER_EMAIL: ${{ secrets.NHOST_TEST_USER_EMAIL }}
+  NHOST_TEST_USER_PASSWORD: ${{ secrets.NHOST_TEST_USER_PASSWORD }}
+  NHOST_TEST_PROJECT_ADMIN_SECRET: ${{ secrets.NHOST_TEST_PROJECT_ADMIN_SECRET }}
+  NHOST_TEST_FREE_USER_EMAILS: ${{ secrets.NHOST_TEST_FREE_USER_EMAILS }}
+
+jobs:
+  tests:
+    runs-on: blacksmith-2vcpu-ubuntu-2404
+    timeout-minutes: 30
+
+    defaults:
+      run:
+        working-directory: ${{ inputs.PATH }}
+
+    permissions:
+      id-token: write
+      contents: write
+      actions: read
+
+    steps:
+    - name: "Check out repository"
+      uses: actions/checkout@v4
+      with:
+        fetch-depth: 0
+        ref: ${{ inputs.GIT_REF }}
+
+    - name: Collect Workflow Telemetry
+      uses: catchpoint/workflow-telemetry-action@v2
+      with:
+        comment_on_pr: false
+
+    - name: Configure aws
+      uses: aws-actions/configure-aws-credentials@v4
+      with:
+        role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/github-actions-nhost-${{ github.event.repository.name }}
+        aws-region: eu-central-1
+
+    - uses: cachix/install-nix-action@v31
+      with:
+        install_url: "https://releases.nixos.org/nix/nix-2.22.3/install"
+        install_options: "--no-daemon"
+        extra_nix_config: |
+          experimental-features = nix-command flakes
+          sandbox = false
+          access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
+          substituters = https://cache.nixos.org/?priority=40 s3://nhost-nix-cache?region=eu-central-1&priority=50
+          trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= ${{ secrets.NIX_CACHE_PUB_KEY }}
+
+    - name: Start CLI
+      run: |
+        nix develop .\#dashboard -c make dev-env-cli-up
+
+    - name: Run e2e tests
+      run: nix develop .\#dashboard -c pnpm e2e
+
+    - name: Run e2e onboarding tests
+      run: nix develop .\#dashboard -c pnpm e2e:onboarding
+
+    - name: Run e2e local tests
+      run: nix develop .\#dashboard -c pnpm e2e:local
+
+    - name: Encrypt Playwright report
+      if: failure()
+      run: |
+        tar -czf playwright-report.tar.gz playwright-report/
+        openssl enc -aes-256-cbc -salt -pbkdf2 -iter 100000 \
+          -in playwright-report.tar.gz \
+          -out playwright-report.tar.gz.enc \
+          -k "${{ secrets.PLAYWRIGHT_REPORT_ENCRYPTION_KEY }}"
+        rm playwright-report.tar.gz
+
+    - name: Upload encrypted Playwright report
+      uses: actions/upload-artifact@v4
+      if: failure()
+      with:
+        name: encrypted-playwright-report-${{ github.run_id }}
+        path: dashboard/playwright-report.tar.gz.enc
+        retention-days: 1
+
+    - name: "Cache build"
+      run: |
+        nix store sign --key-file <(echo "${{ secrets.NIX_CACHE_PRIV_KEY }}") --all
+        find /nix/store -maxdepth 1 -name "*-*" -type d | xargs -n 25 nix copy --to s3://nhost-nix-cache\?region=eu-central-1
+      if: always()

.github/workflows/wf_deploy_vercel.yaml

@@ -0,0 +1,103 @@
+name: 'deploy to vercel'
+
+on:
+  workflow_call:
+    inputs:
+      NAME:
+        required: true
+        type: string
+      GIT_REF:
+        required: true
+        type: string
+      ENVIRONMENT:
+        required: true
+        type: string
+    secrets:
+      AWS_ACCOUNT_ID:
+        required: true
+      NIX_CACHE_PUB_KEY:
+        required: true
+      NIX_CACHE_PRIV_KEY:
+        required: true
+      VERCEL_TEAM_ID:
+        required: true
+      VERCEL_PROJECT_ID:
+        required: true
+      VERCEL_DEPLOY_TOKEN:
+        required: true
+
+    outputs:
+      preview-url:
+        description: "The preview URL from Vercel deployment"
+        value: ${{ jobs.publish-vercel.outputs.preview-url }}
+
+jobs:
+  publish-vercel:
+    name: Publish to Vercel
+    runs-on: blacksmith-2vcpu-ubuntu-2404
+    outputs:
+      preview-url: ${{ steps.deploy.outputs.preview-url }}  # Add this line
+    permissions:
+      id-token: write
+      contents: write
+      actions: read
+      pull-requests: write
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+      with:
+        ref: ${{ inputs.GIT_REF }}
+        fetch-depth: 0
+
+    - name: Configure aws
+      uses: aws-actions/configure-aws-credentials@v4
+      with:
+        role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/github-actions-nhost-${{ github.event.repository.name }}
+        aws-region: eu-central-1
+
+    - uses: cachix/install-nix-action@v31
+      with:
+        install_url: "https://releases.nixos.org/nix/nix-2.22.3/install"
+        install_options: "--no-daemon"
+        extra_nix_config: |
+          experimental-features = nix-command flakes
+          sandbox = false
+          access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
+          substituters = https://cache.nixos.org/?priority=40 s3://nhost-nix-cache?region=eu-central-1&priority=50
+          trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= ${{ secrets.NIX_CACHE_PUB_KEY }}
+
+    - name: Trigger Vercel deployment
+      id: deploy
+      env:
+        VERCEL_ORG_ID: ${{ secrets.VERCEL_TEAM_ID }}
+        VERCEL_PROJECT_ID: ${{ secrets.VERCEL_PROJECT_ID }}
+      run: |
+        PROD_OPTS=$([ "${{ inputs.ENVIRONMENT }}" = "production" ] && echo "--prod" || echo "")
+        TARGET_OPTS=$([ "${{ inputs.ENVIRONMENT }}" != "production" ] && echo "--target=${{ inputs.ENVIRONMENT }}" || echo "")
+        echo "Deploying to: ${{ inputs.ENVIRONMENT }}..."
+        nix develop .\#vercel -c \
+          vercel pull --environment=${{ inputs.ENVIRONMENT }} --token=${{ secrets.VERCEL_DEPLOY_TOKEN }}
+        nix develop .\#vercel -c \
+          vercel build $TARGET_OPTS --token=${{ secrets.VERCEL_DEPLOY_TOKEN }}
+        nix develop .\#vercel -c \
+          vercel deploy $PROD_OPTS --prebuilt --token=${{ secrets.VERCEL_DEPLOY_TOKEN }} | tee /tmp/vercel_output
+
+        PREVIEW_URL=$(cat /tmp/vercel_output)
+        echo "\n🔗🔗🔗 Preview URL: $PREVIEW_URL"
+        echo "preview-url=$PREVIEW_URL" >> $GITHUB_OUTPUT
+
+    - uses: marocchino/sticky-pull-request-comment@v2
+      with:
+        header: "vercel-${{ inputs.NAME }}-${{ inputs.ENVIRONMENT }}"
+        message: |
+          # Vercel Deployment Info - ${{ inputs.NAME }}
+
+          * URL: ${{ steps.deploy.outputs.preview-url }}
+          * Git Ref: `${{ inputs.GIT_REF }}`
+          * Commit: `${{ github.event.pull_request.head.sha || github.sha }}`
+
+      if: github.event_name == 'pull_request' || github.event_name == 'pull_request_target'
+
+    - run: rm -rf .vercel
+      if: always()

.gitignore

@@ -65,3 +65,7 @@ out/
 .direnv/
 
 /.vscode/
+
+result
+
+.vitest

build/makefiles/general.makefile

@@ -0,0 +1,105 @@
+PROJ_DIR=$(abspath .)
+PROJ=$(subst $(ROOT_DIR)/,,$(PROJ_DIR))
+NAME=$(notdir $(PROJ))
+
+ifdef VER
+VERSION=$(shell echo $(VER) | sed -e 's/^v//g' -e 's/\//_/g')
+else
+VERSION=$(shell grep -oP 'version\s*=\s*"\K[^"]+' project.nix | head -n 1)
+endif
+
+ifeq ($(shell uname -m),x86_64)
+  ARCH?=x86_64
+else ifeq ($(shell uname -m),arm64)
+  ARCH?=aarch64
+else ifeq ($(shell uname -m),aarch64)
+   ARCH?=aarch64
+else
+   ARCH?=FIXME-$(shell uname -m)
+endif
+
+ifeq ($(shell uname -o),Darwin)
+  OS?=darwin
+else
+  OS?=linux
+endif
+
+ifeq ($(CI),true)
+  docker-build-options=--option system $(ARCH)-linux --extra-platforms ${ARCH}-linux
+endif
+
+
+.PHONY: help
+help: ## Show this help.
+	@echo
+	@awk 'BEGIN { \
+		FS = "##"; \
+		printf "Usage: make \033[36m<target>\033[0m\n"} \
+		/^[a-zA-Z_-]+%?:.*?##/ { printf "  \033[36m%-38s\033[0m %s\n", $$1, $$2 } ' \
+		$(MAKEFILE_LIST)
+
+.PHONY: print-vars
+print-vars:  ## print all variables
+	@$(foreach V,$(sort $(.VARIABLES)), \
+	   $(if $(filter-out environment% default automatic, \
+	   $(origin $V)),$(info $V=$($V) ($(value $V)))))
+
+
+.PHONY: get-version
+get-version:  ## Return version
+	@sed -i '/^\s*version = "0.0.0-dev";/s//version = "${VERSION}";/' project.nix
+	@sed -i '/^\s*created = "1970-.*";/s//created = "${shell date --utc '+%Y-%m-%dT%H:%M:%SZ'}";/' project.nix
+	@echo $(VERSION)
+
+
+.PHONY: check
+check:  ## Run nix flake check
+	nix build \
+		--print-build-logs \
+		.\#checks.$(ARCH)-$(OS).$(NAME)
+
+
+.PHONY: check-dry-run
+check-dry-run:  ## Returns the derivation of the check
+	@nix build \
+		--dry-run \
+		--json \
+		--print-build-logs \
+		.\#checks.$(ARCH)-$(OS).$(NAME) | jq -r '.[].outputs.out'
+
+
+.PHONY: build
+build:  ## Build application and places the binary under ./result/bin
+	nix build \
+		--print-build-logs \
+		.\#packages.$(ARCH)-$(OS).$(NAME)
+
+
+.PHONY: build-dry-run
+build-dry-run:  ## Run nix flake check
+	nix build \
+		--dry-run \
+		--json \
+		--print-build-logs \
+		.\#packages.$(ARCH)-$(OS).$(NAME)
+
+
+.PHONY: build-docker-image
+build-docker-image:  ## Build docker container for native architecture
+	nix build $(docker-build-options) --show-trace \
+		.\#packages.$(ARCH)-linux.$(NAME)-docker-image \
+		--print-build-logs
+	nix develop \#skopeo -c \
+		skopeo copy --insecure-policy dir:./result docker-daemon:$(NAME):$(VERSION)
+
+
+.PHONY: dev-env-up
+dev-env-up: _dev-env-build _dev-env-up ## Starts development environment
+
+
+.PHONY: dev-env-down
+dev-env-down: _dev-env-down  ## Stops development environment
+
+
+.PHONY: dev-env-build
+dev-env-build: _dev-env-build  ## Builds development environment

dashboard/.gitignore

@@ -54,4 +54,6 @@ tailwind.json
 /playwright-report/
 /playwright/.cache/
 storageState.json
-e2e/.auth/*
+e2e/.auth/*
+
+.vitest

dashboard/Dockerfile

@@ -1,61 +0,0 @@
-FROM node:20-alpine AS pruner
-RUN apk add --no-cache libc6-compat
-RUN apk update
-WORKDIR /app
-
-RUN yarn global add turbo@2.2.3
-COPY . .
-RUN turbo prune --scope="@nhost/dashboard" --docker
-
-FROM node:20-alpine AS builder
-ARG TURBO_TOKEN
-ARG TURBO_TEAM
-
-RUN apk add --no-cache libc6-compat python3 make g++
-RUN apk update
-WORKDIR /app
-
-ENV NEXT_TELEMETRY_DISABLED=1
-ENV NEXT_PUBLIC_ENV=dev
-ENV NEXT_PUBLIC_NHOST_PLATFORM=false
-
-# placeholders for URLs, will be replaced on runtime by entrypoint script
-ENV NEXT_PUBLIC_NHOST_ADMIN_SECRET=__NEXT_PUBLIC_NHOST_ADMIN_SECRET__
-ENV NEXT_PUBLIC_NHOST_AUTH_URL=__NEXT_PUBLIC_NHOST_AUTH_URL__
-ENV NEXT_PUBLIC_NHOST_FUNCTIONS_URL=__NEXT_PUBLIC_NHOST_FUNCTIONS_URL__
-ENV NEXT_PUBLIC_NHOST_GRAPHQL_URL=__NEXT_PUBLIC_NHOST_GRAPHQL_URL__
-ENV NEXT_PUBLIC_NHOST_STORAGE_URL=__NEXT_PUBLIC_NHOST_STORAGE_URL__
-ENV NEXT_PUBLIC_NHOST_HASURA_CONSOLE_URL=__NEXT_PUBLIC_NHOST_HASURA_CONSOLE_URL__
-ENV NEXT_PUBLIC_NHOST_HASURA_MIGRATIONS_API_URL=__NEXT_PUBLIC_NHOST_HASURA_MIGRATIONS_API_URL__
-ENV NEXT_PUBLIC_NHOST_HASURA_API_URL=__NEXT_PUBLIC_NHOST_HASURA_API_URL__
-ENV NEXT_PUBLIC_NHOST_CONFIGSERVER_URL=__NEXT_PUBLIC_NHOST_CONFIGSERVER_URL__
-
-RUN yarn global add pnpm@9.15.0
-COPY .gitignore .gitignore
-COPY --from=pruner /app/out/json/ .
-COPY --from=pruner /app/out/pnpm-*.yaml ./
-RUN pnpm install --frozen-lockfile
-
-COPY --from=pruner /app/out/full/ .
-COPY turbo.json turbo.json
-COPY config/ config/
-RUN pnpm build:dashboard
-
-FROM node:20-alpine AS runner
-WORKDIR /app
-
-RUN addgroup --system --gid 1001 nodejs
-RUN adduser --system --uid 1001 nextjs
-USER nextjs
-
-COPY --chown=nextjs:nodejs dashboard/docker-entrypoint.sh .
-COPY --from=builder --chown=nextjs:nodejs /app/dashboard/next.config.js .
-COPY --from=builder --chown=nextjs:nodejs /app/dashboard/package.json .
-COPY --from=builder --chown=nextjs:nodejs /app/dashboard/public ./dashboard/public
-
-
-COPY --from=builder --chown=nextjs:nodejs /app/dashboard/.next/standalone/app ./
-COPY --from=builder --chown=nextjs:nodejs /app/dashboard/.next/static ./dashboard/.next/static
-
-ENTRYPOINT ["./docker-entrypoint.sh"]
-CMD ["node", "dashboard/server.js"]

dashboard/Makefile

@@ -0,0 +1,31 @@
+ROOT_DIR?=$(abspath ../)
+include $(ROOT_DIR)/build/makefiles/general.makefile
+
+
+.PHONY: dev-env-cli-up
+dev-env-cli-up: dev-env-cli-build  ## Starts the CLI using the dev dashboard
+	./dev-env-cli.sh up
+
+
+.PHONY: dev-env-cli-up
+dev-env-cli-down: ## Stops the CLI using the dev dashboard
+	./dev-env-cli.sh down
+
+
+.PHONY: dev-env-cli-build
+dev-env-cli-build: build-docker-image  ## Build the docker image with the dev dashboard
+
+
+.PHONY: _dev-env-up
+_dev-env-up:
+	@echo "Nothing to do"
+
+
+.PHONY: _dev-env-down
+_dev-env-down:
+	@echo "Nothing to do"
+
+
+.PHONY: _dev-env-build
+_dev-env-build:
+	@echo "Nothing to do"

dashboard/dev-env-cli.sh

@@ -0,0 +1,41 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+export NHOST_DASHBOARD_VERSION=dashboard:0.0.0-dev
+FOLDER="$TMPDIR/nhost-dashboard-e2e"
+
+
+up() {
+    echo "➜ Starting local CLI using locally built dashboard with tag $NHOST_DASHBOARD_VERSION"
+    rm -rf "$FOLDER"
+    mkdir -p "$FOLDER"
+    cd "$FOLDER"
+    nhost init
+    nhost up --down-on-error
+}
+
+
+down() {
+    if [ -d "$FOLDER" ]; then
+        echo "➜ Stopping nhost environment"
+        cd "$FOLDER"
+        nhost down --volumes
+    else
+        echo "➜ No nhost environment found to stop"
+    fi
+}
+
+
+case "${1:-}" in
+    "up")
+        up
+        ;;
+    "down")
+        down
+        ;;
+    *)
+        echo "Usage: $0 {up|down}"
+        exit 1
+        ;;
+esac

dashboard/docker-entrypoint.sh

@@ -11,16 +11,17 @@ NEXT_PUBLIC_NHOST_STORAGE_URL="${NEXT_PUBLIC_NHOST_STORAGE_URL:-http://localhost
 NEXT_PUBLIC_NHOST_HASURA_CONSOLE_URL="${NEXT_PUBLIC_NHOST_HASURA_CONSOLE_URL:-http://localhost:9695}"
 NEXT_PUBLIC_NHOST_HASURA_MIGRATIONS_API_URL="${NEXT_PUBLIC_NHOST_HASURA_MIGRATIONS_API_URL:-http://localhost:9693}"
 NEXT_PUBLIC_NHOST_HASURA_API_URL="${NEXT_PUBLIC_NHOST_HASURA_API_URL:-http://localhost:8080}"
+NEXT_PUBLIC_NHOST_CONFIGSERVER_URL="${NEXT_PUBLIC_NHOST_CONFIGSERVER_URL:-""}"
 
 # replace placeholders
-find dashboard -type f -exec sed -i "s~__NEXT_PUBLIC_NHOST_ADMIN_SECRET__~${NEXT_PUBLIC_NHOST_ADMIN_SECRET}~g" {} +
-find dashboard -type f -exec sed -i "s~__NEXT_PUBLIC_NHOST_AUTH_URL__~${NEXT_PUBLIC_NHOST_AUTH_URL}~g" {} +
-find dashboard -type f -exec sed -i "s~__NEXT_PUBLIC_NHOST_FUNCTIONS_URL__~${NEXT_PUBLIC_NHOST_FUNCTIONS_URL}~g" {} +
-find dashboard -type f -exec sed -i "s~__NEXT_PUBLIC_NHOST_GRAPHQL_URL__~${NEXT_PUBLIC_NHOST_GRAPHQL_URL}~g" {} +
-find dashboard -type f -exec sed -i "s~__NEXT_PUBLIC_NHOST_STORAGE_URL__~${NEXT_PUBLIC_NHOST_STORAGE_URL}~g" {} +
-find dashboard -type f -exec sed -i "s~__NEXT_PUBLIC_NHOST_HASURA_CONSOLE_URL__~${NEXT_PUBLIC_NHOST_HASURA_CONSOLE_URL}~g" {} +
-find dashboard -type f -exec sed -i "s~__NEXT_PUBLIC_NHOST_HASURA_MIGRATIONS_API_URL__~${NEXT_PUBLIC_NHOST_HASURA_MIGRATIONS_API_URL}~g" {} +
-find dashboard -type f -exec sed -i "s~__NEXT_PUBLIC_NHOST_HASURA_API_URL__~${NEXT_PUBLIC_NHOST_HASURA_API_URL}~g" {} +
-find dashboard -type f -exec sed -i "s~__NEXT_PUBLIC_NHOST_CONFIGSERVER_URL__~${NEXT_PUBLIC_NHOST_CONFIGSERVER_URL:-""}~g" {} +
+find /dashboard/ -type f -exec sed -i "s~__NEXT_PUBLIC_NHOST_ADMIN_SECRET__~${NEXT_PUBLIC_NHOST_ADMIN_SECRET}~g" {} +
+find /dashboard/ -type f -exec sed -i "s~__NEXT_PUBLIC_NHOST_AUTH_URL__~${NEXT_PUBLIC_NHOST_AUTH_URL}~g" {} +
+find /dashboard/ -type f -exec sed -i "s~__NEXT_PUBLIC_NHOST_FUNCTIONS_URL__~${NEXT_PUBLIC_NHOST_FUNCTIONS_URL}~g" {} +
+find /dashboard/ -type f -exec sed -i "s~__NEXT_PUBLIC_NHOST_GRAPHQL_URL__~${NEXT_PUBLIC_NHOST_GRAPHQL_URL}~g" {} +
+find /dashboard/ -type f -exec sed -i "s~__NEXT_PUBLIC_NHOST_STORAGE_URL__~${NEXT_PUBLIC_NHOST_STORAGE_URL}~g" {} +
+find /dashboard/ -type f -exec sed -i "s~__NEXT_PUBLIC_NHOST_HASURA_CONSOLE_URL__~${NEXT_PUBLIC_NHOST_HASURA_CONSOLE_URL}~g" {} +
+find /dashboard/ -type f -exec sed -i "s~__NEXT_PUBLIC_NHOST_HASURA_MIGRATIONS_API_URL__~${NEXT_PUBLIC_NHOST_HASURA_MIGRATIONS_API_URL}~g" {} +
+find /dashboard/ -type f -exec sed -i "s~__NEXT_PUBLIC_NHOST_HASURA_API_URL__~${NEXT_PUBLIC_NHOST_HASURA_API_URL}~g" {} +
+find /dashboard/ -type f -exec sed -i "s~__NEXT_PUBLIC_NHOST_CONFIGSERVER_URL__~${NEXT_PUBLIC_NHOST_CONFIGSERVER_URL}~g" {} +
 
 exec "$@"

dashboard/next.config.js

@@ -28,7 +28,7 @@ module.exports = withBundleAnalyzer({
   swcMinify: false,
   output: 'standalone',
   experimental: {
-    outputFileTracingRoot: path.join(__dirname, '../../'),
+    outputFileTracingRoot: path.join(__dirname, '../'),
   },
   publicRuntimeConfig: {
     version,

dashboard/package.json

@@ -15,8 +15,7 @@
     "format": "prettier --write \"src/**/*.{js,ts,tsx,jsx,json,md}\" --plugin-search-dir=.",
     "storybook": "start-storybook -p 6006 -s public",
     "build-storybook": "build-storybook",
-    "install-browsers": "pnpm playwright install && pnpm playwright install-deps",
-    "e2e:tests": "pnpm install-browsers && pnpm playwright test --config=playwright.config.ts -x",
+    "e2e:tests": "pnpm playwright test --config=playwright.config.ts -x",
     "e2e": "pnpm e2e:tests --project=main",
     "e2e:local": "pnpm e2e:tests --project=local",
     "e2e:onboarding": "pnpm e2e:tests --project=onboarding"
@@ -120,7 +119,6 @@
     "stripe": "^10.17.0",
     "tailwind-merge": "^1.14.0",
     "tailwindcss-animate": "^1.0.7",
-    "test@latest": "link:playwright/test@latest",
     "timezones-list": "^3.1.0",
     "utility-types": "^3.11.0",
     "uuid": "^9.0.1",
@@ -137,7 +135,7 @@
     "@graphql-codegen/typescript-operations": "^3.0.4",
     "@graphql-codegen/typescript-react-apollo": "^3.3.7",
     "@next/bundle-analyzer": "^12.3.4",
-    "@playwright/test": "1.47.0",
+    "@playwright/test": "1.54.1",
     "@storybook/addon-actions": "^6.5.16",
     "@storybook/addon-essentials": "^6.5.16",
     "@storybook/addon-interactions": "^6.5.16",

dashboard/project.nix

@@ -0,0 +1,193 @@
+{ self, pkgs, nix2containerPkgs, nix-filter, nixops-lib, mkNodeDevShell, node_modules }:
+let
+  name = "dashboard";
+  version = "0.0.0-dev";
+  created = "1970-01-01T00:00:00Z";
+  submodule = "${name}";
+
+  src = nix-filter.lib.filter {
+    root = ../.;
+    include = with nix-filter.lib; [
+      isDirectory
+      (matchName "package.json")
+      ".npmrc"
+      "pnpm-workspace.yaml"
+      "pnpm-lock.yaml"
+      "turbo.json"
+      "${submodule}/.env.test"
+      "${submodule}/.env.example"
+      "${submodule}/.eslintignore"
+      "${submodule}/.eslintrc.js"
+      "${submodule}/.gitignore"
+      "${submodule}/.lintstagedrc.json"
+      "${submodule}/.npmrc"
+      "${submodule}/.prettierignore"
+      "${submodule}/components.json"
+      "${submodule}/graphite.graphql.config.yaml"
+      "${submodule}/graphql.config.yaml"
+      "${submodule}/next-env.d.ts"
+      "${submodule}/next.config.js"
+      "${submodule}/playwright.config.ts"
+      "${submodule}/postcss.config.js"
+      "${submodule}/prettier.config.js"
+      "${submodule}/react-table-config.d.ts"
+      "${submodule}/tailwind.config.js"
+      "${submodule}/tsconfig.json"
+      "${submodule}/tsconfig.test.json"
+      "${submodule}/vitest.config.ts"
+      "${submodule}/vitest.global-setup.ts"
+      (inDirectory "${submodule}/.storybook")
+      (inDirectory "${submodule}/e2e")
+      (inDirectory "${submodule}/public")
+      (inDirectory "${submodule}/src")
+    ];
+  };
+
+  checkDeps = with pkgs; [ nhost-cli ];
+
+  buildInputs = with pkgs; [ nodejs ];
+
+  nativeBuildInputs = with pkgs; [ pnpm cacert ];
+in
+rec {
+  devShell = mkNodeDevShell {
+    buildInputs = with pkgs;[
+      nodePackages.vercel
+    ] ++ checkDeps ++ buildInputs ++ nativeBuildInputs;
+  };
+
+  entrypoint = pkgs.writeScriptBin "docker-entrypoint.sh" (builtins.readFile ./docker-entrypoint.sh);
+
+  check = pkgs.runCommand "check"
+    {
+      nativeBuildInputs = checkDeps ++ buildInputs ++ nativeBuildInputs;
+    } ''
+    cp -r ${src}/* .
+    chmod +w -R .
+
+    cp -r ${node_modules}/node_modules/ node_modules
+    cp -r ${node_modules}/dashboard/node_modules/ dashboard/node_modules
+
+    export HOME=$TMPDIR
+
+    cd dashboard
+
+    echo "➜ Running linter"
+    pnpm lint
+
+    echo "➜ Running unit tests"
+    pnpm test --run
+
+    mkdir -p $out
+  '';
+
+  check-staging = pkgs.runCommand "check"
+    {
+      nativeBuildInputs = checkDeps ++ buildInputs ++ nativeBuildInputs;
+    } ''
+    cp -r ${src}/* .
+    chmod +w -R .
+
+    cp -r ${node_modules}/node_modules/ node_modules
+    cp -r ${node_modules}/dashboard/node_modules/ dashboard/node_modules
+
+    export HOME=$TMPDIR
+
+    cd dashboard
+
+    echo "➜ Running e2e tests"
+    pnpm e2e
+
+    echo "➜ Running e2e tests (onboarding)"
+    pnpm e2e:onboarding
+
+    echo "➜ Running e2e tests against local Nhost instance"
+    pnpm e2e:local
+
+    mkdir -p $out
+  '';
+
+
+  package = pkgs.stdenv.mkDerivation {
+    inherit name version src;
+
+    nativeBuildInputs = with pkgs; [ pnpm cacert nodejs ];
+    buildInputs = with pkgs; [ nodejs ];
+
+    configurePhase = ''
+      export NEXT_PUBLIC_NHOST_ADMIN_SECRET=__NEXT_PUBLIC_NHOST_ADMIN_SECRET__
+      export NEXT_PUBLIC_NHOST_AUTH_URL=__NEXT_PUBLIC_NHOST_AUTH_URL__
+      export NEXT_PUBLIC_NHOST_FUNCTIONS_URL=__NEXT_PUBLIC_NHOST_FUNCTIONS_URL__
+      export NEXT_PUBLIC_NHOST_GRAPHQL_URL=__NEXT_PUBLIC_NHOST_GRAPHQL_URL__
+      export NEXT_PUBLIC_NHOST_STORAGE_URL=__NEXT_PUBLIC_NHOST_STORAGE_URL__
+      export NEXT_PUBLIC_NHOST_HASURA_CONSOLE_URL=__NEXT_PUBLIC_NHOST_HASURA_CONSOLE_URL__
+      export NEXT_PUBLIC_NHOST_HASURA_MIGRATIONS_API_URL=__NEXT_PUBLIC_NHOST_HASURA_MIGRATIONS_API_URL__
+      export NEXT_PUBLIC_NHOST_HASURA_API_URL=__NEXT_PUBLIC_NHOST_HASURA_API_URL__
+      export NEXT_PUBLIC_NHOST_CONFIGSERVER_URL=__NEXT_PUBLIC_NHOST_CONFIGSERVER_URL__
+    '';
+
+    buildPhase = ''
+      cp -r ${node_modules}/node_modules/ node_modules
+      cp -r ${node_modules}/dashboard/node_modules/ dashboard/node_modules
+
+      pnpm build:dashboard
+    '';
+
+    installPhase = ''
+      cd dashboard
+
+      cp -r .next/standalone $out
+
+      mkdir -p $out/dashboard/.next
+      cp -r .next/static $out/dashboard/.next/static
+      cp -r public $out/dashboard/public
+    '';
+  };
+
+  dockerImage = pkgs.runCommand "image-as-dir" { } ''
+    ${(nix2containerPkgs.nix2container.buildImage {
+      inherit name created;
+      tag = version;
+      maxLayers = 100;
+
+      copyToRoot = pkgs.buildEnv {
+        name = "image";
+        paths = [
+          package
+          (pkgs.writeTextFile {
+            name = "tmp-file";
+            text = ''
+              dummy file to generate tmpdir
+            '';
+            destination = "/tmp/tmp-file";
+          })
+          pkgs.busybox
+        ];
+      };
+
+      config = {
+        Env = [
+          "TMPDIR=/tmp"
+          "SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
+          "NEXT_TELEMETRY_DISABLED=1"
+          "NEXT_PUBLIC_ENV=dev"
+          "NEXT_PUBLIC_NHOST_PLATFORM=false"
+          # placeholders for URLs, will be replaced on runtime by entrypoint script
+          "NEXT_PUBLIC_NHOST_ADMIN_SECRET=__NEXT_PUBLIC_NHOST_ADMIN_SECRET__"
+          "NEXT_PUBLIC_NHOST_AUTH_URL=__NEXT_PUBLIC_NHOST_AUTH_URL__"
+          "NEXT_PUBLIC_NHOST_FUNCTIONS_URL=__NEXT_PUBLIC_NHOST_FUNCTIONS_URL__"
+          "NEXT_PUBLIC_NHOST_GRAPHQL_URL=__NEXT_PUBLIC_NHOST_GRAPHQL_URL__"
+          "NEXT_PUBLIC_NHOST_STORAGE_URL=__NEXT_PUBLIC_NHOST_STORAGE_URL__"
+          "NEXT_PUBLIC_NHOST_HASURA_CONSOLE_URL=__NEXT_PUBLIC_NHOST_HASURA_CONSOLE_URL__"
+          "NEXT_PUBLIC_NHOST_HASURA_MIGRATIONS_API_URL=__NEXT_PUBLIC_NHOST_HASURA_MIGRATIONS_API_URL__"
+          "NEXT_PUBLIC_NHOST_HASURA_API_URL=__NEXT_PUBLIC_NHOST_HASURA_API_URL__"
+          "NEXT_PUBLIC_NHOST_CONFIGSERVER_URL=__NEXT_PUBLIC_NHOST_CONFIGSERVER_URL__"
+        ];
+        Entrypoint = [
+          "${entrypoint}/bin/docker-entrypoint.sh" "${pkgs.nodejs}/bin/node" "/dashboard/server.js"
+        ];
+      };
+    }).copyTo}/bin/copy-to dir:$out
+  '';
+}
+

dashboard/vitest.config.ts

@@ -10,6 +10,9 @@ export default defineConfig({
     testTimeout: 30000,
     environment: 'jsdom',
     globals: true,
+      cache: {
+        dir: '.vitest'
+    },
     setupFiles: 'src/setupTests.ts',
     include: ['src/**/*.(spec|test).{js,jsx,ts,tsx}'],
     deps: {