badrap
diff --git a/‎.devcontainer/compose.yml‎
Lines changed: 21 additions & 0 deletions b/‎.devcontainer/compose.yml‎
Lines changed: 21 additions & 0 deletions
diff --git a/‎.devcontainer/devcontainer.json‎
Lines changed: 6 additions & 3 deletions b/‎.devcontainer/devcontainer.json‎
Lines changed: 6 additions & 3 deletions
diff --git a/‎.dockerignore‎
Lines changed: 12 additions & 7 deletions b/‎.dockerignore‎
Lines changed: 12 additions & 7 deletions
diff --git a/‎.github/workflows/main.yml‎
Lines changed: 33 additions & 0 deletions b/‎.github/workflows/main.yml‎
Lines changed: 33 additions & 0 deletions
diff --git a/‎.gitignore‎
Lines changed: 35 additions & 5 deletions b/‎.gitignore‎
Lines changed: 35 additions & 5 deletions
diff --git a/‎.npmrc‎
Lines changed: 0 additions & 2 deletions b/‎.npmrc‎
Lines changed: 0 additions & 2 deletions
diff --git a/‎.prettierignore‎
Lines changed: 1 addition & 0 deletions b/‎.prettierignore‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎.vscode/settings.json‎
Lines changed: 20 additions & 8 deletions b/‎.vscode/settings.json‎
Lines changed: 20 additions & 8 deletions
diff --git a/‎Dockerfile‎
Lines changed: 33 additions & 17 deletions b/‎Dockerfile‎
Lines changed: 33 additions & 17 deletions
diff --git a/‎LICENSE‎
Lines changed: 1 addition & 1 deletion b/‎LICENSE‎
Lines changed: 1 addition & 1 deletion
@@ -0,0 +1,21 @@
+services:
+  workspace:
+    build:
+      dockerfile: ./Dockerfile
+      context: ..
+      target: workspace
+    command: /bin/sh -c "while sleep 1000; do :; done"
+    volumes:
+      - ..:/app
+      # Persist home directory over rebuilds,
+      # but also make VSCode reinstall extensions on rebuild.
+      - profile:/home/node
+      - /home/node/.vscode-server
+
+  emulator:
+    image: ghcr.io/badrap/emulator:0.19.10
+    environment:
+      APP_URL: http://workspace:4005/app
+
+volumes:
+  profile:
@@ -1,10 +1,13 @@
 {
-  "name": "typescript-example-app",
-  "dockerComposeFile": ["../compose.yml"],
+  "name": "@repo/app",
+  "dockerComposeFile": ["./compose.yml"],
   "service": "workspace",
-  "shutdownAction": "none",
+  "shutdownAction": "stopCompose",
   "remoteUser": "node",
   "workspaceFolder": "/app",
+  "postCreateCommand": "pnpm i",
+  "postStartCommand": "pnpm dev:init",
+  "forwardPorts": ["emulator:4004", "workspace:4005", "mailpit:8025"],
   "customizations": {
     "vscode": {
       "extensions": [
 
@@ -1,17 +1,22 @@
-node_modules
 npm-debug.log
-Dockerfile*
-compose*
+**/Dockerfile*
 .dockerignore
 .git
-.gitignore
 README.md
 LICENSE
 .devcontainer
 .github
 .vscode
 deployments
 helm-chart
-dist
-.eslintrc.json
-.env*
+**/dist
+**/test
+**/tests
+**/.next
+**/node_modules
+**/.pnpm-store
+**/.cache
+out
+**/.env
+**/.env.*
+**/*.env
@@ -0,0 +1,33 @@
+name: Test, build and deploy
+
+on: [push]
+
+# Disable all permissions by default, requiring explicit permission definitions for all jobs.
+permissions: {}
+
+jobs:
+  check:
+    name: Lint & typecheck
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    steps:
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          fetch-depth: 2
+          persist-credentials: false
+      - name: Install correct Node.js version
+        uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
+        with:
+          node-version: 24
+      - name: Install correct pnpm version
+        run: corepack enable
+      - name: Enable pnpm caching (requires that correct Node.js and pnpm versions are already installed)
+        uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
+        with:
+          cache: pnpm
+      - run: pnpm i --frozen-lockfile
+      - name: Lint & typecheck
+        run: |
+          pnpm run typecheck
+          pnpm run lint
@@ -5,6 +5,7 @@ npm-debug.log*
 yarn-debug.log*
 yarn-error.log*
 lerna-debug.log*
+.pnpm-debug.log*
 
 # Diagnostic reports (https://nodejs.org/api/report.html)
 report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json
@@ -41,8 +42,8 @@ build/Release
 node_modules/
 jspm_packages/
 
-# TypeScript v1 declaration files
-typings/
+# Snowpack dependency directory (https://snowpack.dev/)
+web_modules/
 
 # TypeScript cache
 *.tsbuildinfo
@@ -53,6 +54,9 @@ typings/
 # Optional eslint cache
 .eslintcache
 
+# Optional stylelint cache
+.stylelintcache
+
 # Microbundle cache
 .rpt2_cache/
 .rts2_cache_cjs/
@@ -68,29 +72,41 @@ typings/
 # Yarn Integrity file
 .yarn-integrity
 
-# dotenv environment variables file
+# dotenv environment variable files
 .env
-.env.test
+.env.development.local
+.env.test.local
+.env.production.local
+.env.local
 
 # parcel-bundler cache (https://parceljs.org/)
 .cache
+.parcel-cache
 
 # Next.js build output
 .next
+out
 
 # Nuxt.js build / generate output
 .nuxt
 dist
 
 # Gatsby files
 .cache/
-# Comment in the public line in if your project uses Gatsby and *not* Next.js
+# Comment in the public line in if your project uses Gatsby and not Next.js
 # https://nextjs.org/blog/next-9-1#public-directory-support
 # public
 
 # vuepress build output
 .vuepress/dist
 
+# vuepress v2.x temp and cache directory
+.temp
+.cache
+
+# Docusaurus cache and generated files
+.docusaurus
+
 # Serverless directories
 .serverless/
 
@@ -102,3 +118,17 @@ dist
 
 # TernJS port file
 .tern-port
+
+# Stores VSCode versions used for testing VSCode extensions
+.vscode-test
+
+# yarn v2
+.yarn/cache
+.yarn/unplugged
+.yarn/build-state.yml
+.yarn/install-state.gz
+.pnp.*
+
+.pnpm-store
+dist
+*.local.env
@@ -0,0 +1 @@
+dist/
@@ -1,13 +1,25 @@
 {
-  "typescript.tsdk": "./node_modules/typescript/lib",
+  "editor.codeActionsOnSave": {
+    "source.fixAll.eslint": "explicit"
+  },
+  "editor.defaultFormatter": "esbenp.prettier-vscode",
   "editor.formatOnSave": true,
   "editor.tabSize": 2,
-  "eslint.format.enable": true,
-  "explorer.excludeGitIgnore": true,
-  "[json][jsonc]": {
-    "editor.defaultFormatter": "esbenp.prettier-vscode"
+  "files.exclude": {
+    "**/node_modules": true,
+    "**/.pnpm-store": true,
+    "**/.cache": true,
+    "**/dist": true
+  },
+  "files.watcherExclude": {
+    "**/.git/objects/**": true,
+    "**/.git/subtree-cache/**": true,
+    "**/node_modules/**": true,
+    "**/.pnpm-store/**": true,
+    "**/.cache": true,
+    "**/dist/**": true
   },
-  "[javascript][javascriptreact][typescript][typescriptreact]": {
-    "editor.defaultFormatter": "dbaeumer.vscode-eslint"
-  }
+  "typescript.tsdk": "node_modules/typescript/lib",
+  "prettier.trailingComma": "all",
+  "npm.packageManager": "pnpm"
 }
@@ -1,42 +1,58 @@
 # Define the base image used for the rest of the steps
-FROM node:22-alpine AS base
+FROM node:24.13.0-alpine AS base
+# Install Corepack to manage the package manager version. The --force
+# flag is required to allow overriding pre-existing npm and yarn binaries.
+RUN npm install --global --force corepack
 RUN apk add --no-cache tini
 ENTRYPOINT ["/sbin/tini", "--"]
 RUN mkdir /app && chown node:node app
-# Run as uid=1000(node)
+# Run as uid=1000(node) - The user needs to be numeric so that Kubernetes
+# can verify user is non-root when securityContext.runAsNonRoot is true.
 USER 1000
 WORKDIR /app
+# Ensure that the correct version of pnpm is installed
+COPY --chown=node:node package.json ./
+RUN corepack install \
+  && rm package.json
 
-# Visual Studio Code workspace tools
+# Visual Studio Code workspace tools & dependencies
 FROM base AS workspace
 USER root
 RUN apk add --no-cache \
+  bash \
   curl \
   git \
   httpie \
   openssh \
   ripgrep
 # Run as uid=1000(node)
 USER 1000
+# Allow npm and pnpm to install packages with --global without sudo.
+RUN mkdir ~/.npm-global \
+  && mkdir -p ~/.pnpm-global/bin \
+  && npm config set -L user prefix ~/.npm-global \
+  && pnpm config set -g global-bin-dir ~/.pnpm-global/bin
 ENV NODE_ENV=development
+ENV PATH="$PATH:/home/node/.local/bin:/home/node/.npm-global/bin:/home/node/.pnpm-global/bin"
+# Create directories before (anonymous or named) volumes are be mounted
+# to them, so that the ownership will be correct.
+RUN mkdir ~/.vscode-server
 
-# Collect development dependencies
-FROM base AS dev
-COPY --chown=node:node .npmrc package.json package-lock.json /app/
-RUN npm ci --no-audit --no-fund
+FROM base AS dev-deps
+COPY --chown=node:node package.json pnpm-workspace.yaml pnpm-lock.yaml ./
+RUN pnpm i --frozen-lockfile
 
-# Collect production dependencies
-FROM dev AS prod
-RUN npm ci --omit=dev --no-audit --no-fund
+FROM dev-deps AS prod-deps
+RUN pnpm i --prod --frozen-lockfile
 
-# Build the production code
-FROM dev AS build
-COPY --chown=node:node . /app
-RUN npm run build
+FROM dev-deps AS build
+COPY --chown=node:node . .
+RUN pnpm build
 
 # Final image, collect the production code & dependencies
 FROM base
-COPY --from=prod --chown=node:node /app/node_modules /app/node_modules
-COPY --from=build --chown=node:node /app/dist /app/dist
+COPY --chown=node:node package.json pnpm-workspace.yaml ./
+COPY --chown=node:node --from=prod-deps /app/node_modules ./node_modules
+COPY --chown=node:node --from=build /app/dist ./dist
 ENV NODE_ENV=production
-CMD ["node", "--enable-source-maps", "dist/index.js"]
+CMD ["node", "--run", "start"]
@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2024 Badrap Oy
+Copyright (c) 2026 Badrap Oy
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal