chore: autogenerated codeql file

.dockerignore

@@ -1,13 +0,0 @@
-dist
-coverage
-
-.yarn/*
-!.yarn/cache
-!.yarn/patches
-!.yarn/plugins
-!.yarn/releases
-!.yarn/unplugged
-!.yarn/sdks
-!.yarn/versions
-
-data/*

.env.sample

@@ -1,26 +1,6 @@
-######
-# DB #
-######
-
-DB_HOST=db
 DB_PORT=3306
 DB_USERNAME=std_notes_user
 DB_PASSWORD=changeme123
 DB_DATABASE=standard_notes_db
-DB_TYPE=mysql
-
-#########
-# CACHE #
-#########
 
 REDIS_PORT=6379
-REDIS_HOST=cache
-CACHE_TYPE=redis
-
-########
-# KEYS #
-########
-
-AUTH_JWT_SECRET=
-AUTH_SERVER_ENCRYPTION_SERVER_KEY=
-VALET_TOKEN_SECRET=

.eslintrc

@@ -1,5 +1,6 @@
 {
   "root": true,
+  "parser": "@typescript-eslint/parser",
   "parserOptions": {
     "project": "./tsconfig.json"
   },

.github/ci.env

@@ -1,32 +0,0 @@
-PUBLIC_FILES_SERVER_URL=http://localhost:3125
-DB_HOST=db
-DB_USERNAME=std_notes_user
-DB_PASSWORD=changeme123
-DB_DATABASE=standard_notes_db
-DB_PORT=3306
-DB_DEBUG_LEVEL=all
-DB_SQLITE_DATABASE_PATH=standard_notes_db
-REDIS_PORT=6379
-REDIS_HOST=cache
-AUTH_SERVER_ACCESS_TOKEN_AGE=4
-AUTH_SERVER_REFRESH_TOKEN_AGE=10
-AUTH_SERVER_EPHEMERAL_SESSION_AGE=300
-SYNCING_SERVER_REVISIONS_FREQUENCY=2
-AUTH_SERVER_LOG_LEVEL=debug
-SYNCING_SERVER_LOG_LEVEL=debug
-FILES_SERVER_LOG_LEVEL=debug
-REVISIONS_SERVER_LOG_LEVEL=debug
-API_GATEWAY_LOG_LEVEL=debug
-
-MYSQL_DATABASE=standard_notes_db
-MYSQL_USER=std_notes_user
-MYSQL_PASSWORD=changeme123
-MYSQL_ROOT_PASSWORD=changeme123
-
-AUTH_JWT_SECRET=f95259c5e441f5a4646d76422cfb3df4c4488842901aa50b6c51b8be2e0040e9
-AUTH_SERVER_ENCRYPTION_SERVER_KEY=1087415dfde3093797f9a7ca93a49e7d7aa1861735eb0d32aae9c303b8c3d060
-VALET_TOKEN_SECRET=4b886819ebe1e908077c6cae96311b48a8416bd60cc91c03060e15bdf6b30d1f
-
-SYNCING_SERVER_CONTENT_SIZE_TRANSFER_LIMIT=100000
-
-HTTP_REQUEST_PAYLOAD_LIMIT_MEGABYTES=1

.github/dependabot.yml

@@ -1,144 +0,0 @@
-# To get started with Dependabot version updates, you'll need to specify which
-# package ecosystems to update and where the package manifests are located.
-# Please see the documentation for all configuration options:
-# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
-
-version: 2
-updates:
-  - package-ecosystem: "npm"
-    directory: "/"
-    schedule:
-      interval: "daily"
-    allow:
-      - dependency-type: "direct"
-
-  - package-ecosystem: "npm"
-    directory: "/packages/analytics"
-    schedule:
-      interval: "daily"
-    allow:
-      - dependency-type: "direct"
-
-  - package-ecosystem: "npm"
-    directory: "/packages/api-gateway"
-    schedule:
-      interval: "daily"
-    allow:
-      - dependency-type: "direct"
-
-  - package-ecosystem: "npm"
-    directory: "/packages/auth"
-    schedule:
-      interval: "daily"
-    allow:
-      - dependency-type: "direct"
-
-  - package-ecosystem: "npm"
-    directory: "/packages/common"
-    schedule:
-      interval: "daily"
-    allow:
-      - dependency-type: "direct"
-
-  - package-ecosystem: "npm"
-    directory: "/packages/domain-core"
-    schedule:
-      interval: "daily"
-    allow:
-      - dependency-type: "direct"
-
-  - package-ecosystem: "npm"
-    directory: "/packages/domain-events"
-    schedule:
-      interval: "daily"
-    allow:
-      - dependency-type: "direct"
-
-  - package-ecosystem: "npm"
-    directory: "/packages/domain-events-infra"
-    schedule:
-      interval: "daily"
-    allow:
-      - dependency-type: "direct"
-
-  - package-ecosystem: "npm"
-    directory: "/packages/files"
-    schedule:
-      interval: "daily"
-    allow:
-      - dependency-type: "direct"
-
-  - package-ecosystem: "npm"
-    directory: "/packages/home-server"
-    schedule:
-      interval: "daily"
-    allow:
-      - dependency-type: "direct"
-
-  - package-ecosystem: "npm"
-    directory: "/packages/predicates"
-    schedule:
-      interval: "daily"
-    allow:
-      - dependency-type: "direct"
-
-  - package-ecosystem: "npm"
-    directory: "/packages/revisions"
-    schedule:
-      interval: "daily"
-    allow:
-      - dependency-type: "direct"
-
-  - package-ecosystem: "npm"
-    directory: "/packages/scheduler"
-    schedule:
-      interval: "daily"
-    allow:
-      - dependency-type: "direct"
-
-  - package-ecosystem: "npm"
-    directory: "/packages/security"
-    schedule:
-      interval: "daily"
-    allow:
-      - dependency-type: "direct"
-
-  - package-ecosystem: "npm"
-    directory: "/packages/settings"
-    schedule:
-      interval: "daily"
-    allow:
-      - dependency-type: "direct"
-
-  - package-ecosystem: "npm"
-    directory: "/packages/sncrypto-node"
-    schedule:
-      interval: "daily"
-    allow:
-      - dependency-type: "direct"
-
-  - package-ecosystem: "npm"
-    directory: "/packages/syncing-server"
-    schedule:
-      interval: "daily"
-    allow:
-      - dependency-type: "direct"
-
-  - package-ecosystem: "npm"
-    directory: "/packages/time"
-    schedule:
-      interval: "daily"
-    allow:
-      - dependency-type: "direct"
-
-  - package-ecosystem: "npm"
-    directory: "/packages/websockets"
-    schedule:
-      interval: "daily"
-    allow:
-      - dependency-type: "direct"
-
-  - package-ecosystem: "github-actions"
-    directory: "/"
-    schedule:
-      interval: "weekly"

.github/workflows/analytics.yml

@@ -1,22 +0,0 @@
-name: Analytics Server
-
-concurrency:
-  group: analytics
-  cancel-in-progress: true
-
-on:
-  push:
-    tags:
-      - '*standardnotes/analytics*'
-  workflow_dispatch:
-
-jobs:
-  call_server_application_workflow:
-    name: Server Application
-    uses: standardnotes/server/.github/workflows/common-server-application.yml@main
-    with:
-      service_name: analytics
-      workspace_name: "@standardnotes/analytics"
-      deploy_web: false
-      package_path: packages/analytics
-    secrets: inherit

.github/workflows/api-gateway.release.yml

@@ -0,0 +1,141 @@
+name: Api Gateway
+
+concurrency:
+  group: api_gateway
+  cancel-in-progress: true
+
+on:
+  push:
+    tags:
+      - '*standardnotes/api-gateway*'
+  workflow_dispatch:
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v3
+    - uses: actions/setup-node@v1
+      with:
+        node-version: '16.x'
+    - run: yarn lint:api-gateway
+
+  publish-aws-ecr:
+    needs: test
+
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v3
+    - name: Build locally
+      run: yarn build:api-gateway
+    - name: Configure AWS credentials
+      uses: aws-actions/configure-aws-credentials@v1
+      with:
+        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        aws-region: us-east-1
+    - name: Login to Amazon ECR
+      id: login-ecr
+      uses: aws-actions/amazon-ecr-login@v1
+    - name: Build, tag, and push image to Amazon ECR
+      id: build-image
+      env:
+        ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
+        ECR_REPOSITORY: api-gateway
+        IMAGE_TAG: ${{ github.sha }}
+      run: |
+        yarn docker build @standardnotes/api-gateway -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
+        docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
+        docker tag $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG $ECR_REGISTRY/$ECR_REPOSITORY:latest
+        docker push $ECR_REGISTRY/$ECR_REPOSITORY:latest
+
+  publish-docker-hub:
+    needs: test
+
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v3
+    - name: Build locally
+      run: yarn build:api-gateway
+    - name: Login to Docker Hub
+      uses: docker/login-action@v2
+      with:
+        username: ${{ secrets.DOCKER_USERNAME }}
+        password: ${{ secrets.DOCKER_PASSWORD }}
+    - name: Build, tag, and push image to Docker Hub
+      run: |
+        yarn docker build @standardnotes/api-gateway -t standardnotes/api-gateway:${{ github.sha }}
+        docker push standardnotes/api-gateway:${{ github.sha }}
+        docker tag standardnotes/api-gateway:${{ github.sha }} standardnotes/api-gateway:latest
+        docker push standardnotes/api-gateway:latest
+
+  deploy-web:
+    needs: publish-aws-ecr
+
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Configure AWS credentials
+      uses: aws-actions/configure-aws-credentials@v1
+      with:
+        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        aws-region: us-east-1
+    - name: DEV - Download task definition
+      run: |
+        aws ecs describe-task-definition --task-definition api-gateway-dev --query taskDefinition > task-definition.json
+    - name: DEV - Fill in the new version in the Amazon ECS task definition
+      run: |
+        jq '(.containerDefinitions[] | select(.name=="api-gateway-dev") | .environment[] | select(.name=="VERSION")).value = "${{ github.sha }}"' task-definition.json > tmp.json && mv tmp.json task-definition.json
+    - name: DEV - Fill in the new image ID in the Amazon ECS task definition
+      id: task-def-dev
+      uses: aws-actions/amazon-ecs-render-task-definition@v1
+      with:
+        task-definition: task-definition.json
+        container-name: api-gateway-dev
+        image: ${{ secrets.AWS_ECR_REGISTRY }}/api-gateway:${{ github.sha }}
+    - name: DEV - Deploy Amazon ECS task definition
+      uses: aws-actions/amazon-ecs-deploy-task-definition@v1
+      with:
+        task-definition: ${{ steps.task-def-dev.outputs.task-definition }}
+        service: api-gateway-dev
+        cluster: dev
+        wait-for-service-stability: true
+    - name: PROD - Download task definition
+      run: |
+        aws ecs describe-task-definition --task-definition api-gateway-prod --query taskDefinition > task-definition.json
+    - name: PROD - Fill in the new version in the Amazon ECS task definition
+      run: |
+        jq '(.containerDefinitions[] | select(.name=="api-gateway-prod") | .environment[] | select(.name=="VERSION")).value = "${{ github.sha }}"' task-definition.json > tmp.json && mv tmp.json task-definition.json
+    - name: PROD - Fill in the new image ID in the Amazon ECS task definition
+      id: task-def-prod
+      uses: aws-actions/amazon-ecs-render-task-definition@v1
+      with:
+        task-definition: task-definition.json
+        container-name: api-gateway-prod
+        image: ${{ secrets.AWS_ECR_REGISTRY }}/api-gateway:${{ github.sha }}
+    - name: PROD - Deploy Amazon ECS task definition
+      uses: aws-actions/amazon-ecs-deploy-task-definition@v1
+      with:
+        task-definition: ${{ steps.task-def-prod.outputs.task-definition }}
+        service: api-gateway-prod
+        cluster: prod
+        wait-for-service-stability: true
+
+  newrelic:
+    needs: deploy-web
+
+    runs-on: ubuntu-latest
+    steps:
+      - name: Create New Relic deployment marker for Web
+        uses: newrelic/deployment-marker-action@v1
+        with:
+          accountId: ${{ secrets.NEW_RELIC_ACCOUNT_ID }}
+          apiKey: ${{ secrets.NEW_RELIC_API_KEY }}
+          applicationId: ${{ secrets.NEW_RELIC_APPLICATION_ID_API_GATEWAY_WEB_PROD }}
+          revision: "${{ github.sha }}"
+          description: "Automated Deployment via Github Actions"
+          user: "${{ github.actor }}"

.github/workflows/api-gateway.yml

@@ -1,22 +0,0 @@
-name: Api Gateway
-
-concurrency:
-  group: api_gateway
-  cancel-in-progress: true
-
-on:
-  push:
-    tags:
-      - '*standardnotes/api-gateway*'
-  workflow_dispatch:
-
-jobs:
-  call_server_application_workflow:
-    name: Server Application
-    uses: standardnotes/server/.github/workflows/common-server-application.yml@main
-    with:
-      service_name: api-gateway
-      workspace_name: "@standardnotes/api-gateway"
-      deploy_worker: false
-      package_path: packages/api-gateway
-    secrets: inherit

.github/workflows/auth.release.yml

@@ -0,0 +1,204 @@
+name: Auth Server
+
+concurrency:
+  group: auth
+  cancel-in-progress: true
+
+on:
+  push:
+    tags:
+      - '*standardnotes/auth-server*'
+  workflow_dispatch:
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v3
+    - uses: actions/setup-node@v1
+      with:
+        node-version: '16.x'
+    - run: yarn lint:auth
+    - run: yarn test:auth
+
+  publish-aws-ecr:
+    needs: test
+
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v3
+    - name: Build locally
+      run: yarn build:auth
+    - name: Configure AWS credentials
+      uses: aws-actions/configure-aws-credentials@v1
+      with:
+        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        aws-region: us-east-1
+    - name: Login to Amazon ECR
+      id: login-ecr
+      uses: aws-actions/amazon-ecr-login@v1
+    - name: Build, tag, and push image to Amazon ECR
+      id: build-image
+      env:
+        ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
+        ECR_REPOSITORY: auth
+        IMAGE_TAG: ${{ github.sha }}
+      run: |
+        yarn docker build @standardnotes/auth-server -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
+        docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
+        docker tag $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG $ECR_REGISTRY/$ECR_REPOSITORY:latest
+        docker push $ECR_REGISTRY/$ECR_REPOSITORY:latest
+
+  publish-docker-hub:
+    needs: test
+
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v3
+    - name: Build locally
+      run: yarn build:auth
+    - name: Login to Docker Hub
+      uses: docker/login-action@v2
+      with:
+        username: ${{ secrets.DOCKER_USERNAME }}
+        password: ${{ secrets.DOCKER_PASSWORD }}
+    - name: Build, tag, and push image to Docker Hub
+      run: |
+        yarn docker build @standardnotes/auth-server -t standardnotes/auth:${{ github.sha }}
+        docker push standardnotes/auth:${{ github.sha }}
+        docker tag standardnotes/auth:${{ github.sha }} standardnotes/auth:latest
+        docker push standardnotes/auth:latest
+
+  deploy-web:
+    needs: publish-aws-ecr
+
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Configure AWS credentials
+      uses: aws-actions/configure-aws-credentials@v1
+      with:
+        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        aws-region: us-east-1
+    - name: DEV - Download task definition
+      run: |
+        aws ecs describe-task-definition --task-definition auth-dev --query taskDefinition > task-definition.json
+    - name: DEV - Fill in the new version in the Amazon ECS task definition
+      run: |
+        jq '(.containerDefinitions[] | select(.name=="auth-dev") | .environment[] | select(.name=="VERSION")).value = "${{ github.sha }}"' task-definition.json > tmp.json && mv tmp.json task-definition.json
+    - name: DEV - Fill in the new image ID in the Amazon ECS task definition
+      id: task-def-dev
+      uses: aws-actions/amazon-ecs-render-task-definition@v1
+      with:
+        task-definition: task-definition.json
+        container-name: auth-dev
+        image: ${{ secrets.AWS_ECR_REGISTRY }}/auth:${{ github.sha }}
+    - name: DEV - Deploy Amazon ECS task definition
+      uses: aws-actions/amazon-ecs-deploy-task-definition@v1
+      with:
+        task-definition: ${{ steps.task-def-dev.outputs.task-definition }}
+        service: auth-dev
+        cluster: dev
+        wait-for-service-stability: true
+    - name: PROD - Download task definition
+      run: |
+        aws ecs describe-task-definition --task-definition auth-prod --query taskDefinition > task-definition.json
+    - name: PROD - Fill in the new version in the Amazon ECS task definition
+      run: |
+        jq '(.containerDefinitions[] | select(.name=="auth-prod") | .environment[] | select(.name=="VERSION")).value = "${{ github.sha }}"' task-definition.json > tmp.json && mv tmp.json task-definition.json
+    - name: PROD - Fill in the new image ID in the Amazon ECS task definition
+      id: task-def-prod
+      uses: aws-actions/amazon-ecs-render-task-definition@v1
+      with:
+        task-definition: task-definition.json
+        container-name: auth-prod
+        image: ${{ secrets.AWS_ECR_REGISTRY }}/auth:${{ github.sha }}
+    - name: PROD - Deploy Amazon ECS task definition
+      uses: aws-actions/amazon-ecs-deploy-task-definition@v1
+      with:
+        task-definition: ${{ steps.task-def-prod.outputs.task-definition }}
+        service: auth-prod
+        cluster: prod
+        wait-for-service-stability: true
+
+  deploy-worker:
+    needs: publish-aws-ecr
+
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Configure AWS credentials
+      uses: aws-actions/configure-aws-credentials@v1
+      with:
+        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        aws-region: us-east-1
+    - name: DEV - Download task definition
+      run: |
+        aws ecs describe-task-definition --task-definition auth-worker-dev --query taskDefinition > task-definition.json
+    - name: DEV - Fill in the new version in the Amazon ECS task definition
+      run: |
+        jq '(.containerDefinitions[] | select(.name=="auth-worker-dev") | .environment[] | select(.name=="VERSION")).value = "${{ github.sha }}"' task-definition.json > tmp.json && mv tmp.json task-definition.json
+    - name: DEV - Fill in the new image ID in the Amazon ECS task definition
+      id: task-def-dev
+      uses: aws-actions/amazon-ecs-render-task-definition@v1
+      with:
+        task-definition: task-definition.json
+        container-name: auth-worker-dev
+        image: ${{ secrets.AWS_ECR_REGISTRY }}/auth:${{ github.sha }}
+    - name: DEV - Deploy Amazon ECS task definition
+      uses: aws-actions/amazon-ecs-deploy-task-definition@v1
+      with:
+        task-definition: ${{ steps.task-def-dev.outputs.task-definition }}
+        service: auth-worker-dev
+        cluster: dev
+        wait-for-service-stability: true
+    - name: PROD - Download task definition
+      run: |
+        aws ecs describe-task-definition --task-definition auth-worker-prod --query taskDefinition > task-definition.json
+    - name: PROD - Fill in the new version in the Amazon ECS task definition
+      run: |
+        jq '(.containerDefinitions[] | select(.name=="auth-worker-prod") | .environment[] | select(.name=="VERSION")).value = "${{ github.sha }}"' task-definition.json > tmp.json && mv tmp.json task-definition.json
+    - name: PROD - Fill in the new image ID in the Amazon ECS task definition
+      id: task-def-prod
+      uses: aws-actions/amazon-ecs-render-task-definition@v1
+      with:
+        task-definition: task-definition.json
+        container-name: auth-worker-prod
+        image: ${{ secrets.AWS_ECR_REGISTRY }}/auth:${{ github.sha }}
+    - name: PROD - Deploy Amazon ECS task definition
+      uses: aws-actions/amazon-ecs-deploy-task-definition@v1
+      with:
+        task-definition: ${{ steps.task-def-prod.outputs.task-definition }}
+        service: auth-worker-prod
+        cluster: prod
+        wait-for-service-stability: true
+
+  newrelic:
+    needs: [ deploy-web, deploy-worker ]
+
+    runs-on: ubuntu-latest
+    steps:
+      - name: Create New Relic deployment marker for Web
+        uses: newrelic/deployment-marker-action@v1
+        with:
+          accountId: ${{ secrets.NEW_RELIC_ACCOUNT_ID }}
+          apiKey: ${{ secrets.NEW_RELIC_API_KEY }}
+          applicationId: ${{ secrets.NEW_RELIC_APPLICATION_ID_AUTH_WEB_PROD }}
+          revision: "${{ github.sha }}"
+          description: "Automated Deployment via Github Actions"
+          user: "${{ github.actor }}"
+      - name: Create New Relic deployment marker for Worker
+        uses: newrelic/deployment-marker-action@v1
+        with:
+          accountId: ${{ secrets.NEW_RELIC_ACCOUNT_ID }}
+          apiKey: ${{ secrets.NEW_RELIC_API_KEY }}
+          applicationId: ${{ secrets.NEW_RELIC_APPLICATION_ID_AUTH_WORKER_PROD }}
+          revision: "${{ github.sha }}"
+          description: "Automated Deployment via Github Actions"
+          user: "${{ github.actor }}"

.github/workflows/auth.yml

@@ -1,21 +0,0 @@
-name: Auth Server
-
-concurrency:
-  group: auth
-  cancel-in-progress: true
-
-on:
-  push:
-    tags:
-      - '*standardnotes/auth-server*'
-  workflow_dispatch:
-
-jobs:
-  call_server_application_workflow:
-    name: Server Application
-    uses: standardnotes/server/.github/workflows/common-server-application.yml@main
-    with:
-      service_name: auth
-      workspace_name: "@standardnotes/auth-server"
-      package_path: packages/auth
-    secrets: inherit

.github/workflows/codeql-analysis.yml

@@ -0,0 +1,72 @@
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+# ******** NOTE ********
+# We have attempted to detect the languages in your repository. Please check
+# the `language` matrix defined below to confirm you have the correct set of
+# supported CodeQL languages.
+#
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ "main" ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ "main" ]
+  schedule:
+    - cron: '44 8 * * 2'
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'javascript' ]
+        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
+        # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v3
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v2
+      with:
+        languages: ${{ matrix.language }}
+        # If you wish to specify custom queries, you can do so here or in a config file.
+        # By default, queries listed here will override any specified in a config file.
+        # Prefix the list here with "+" to use these queries and those in the config file.
+        
+        # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
+        # queries: security-extended,security-and-quality
+
+        
+    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
+    # If this step fails, then you should remove it and run the build manually (see below)
+    - name: Autobuild
+      uses: github/codeql-action/autobuild@v2
+
+    # ℹ️ Command-line programs to run using the OS shell.
+    # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
+
+    #   If the Autobuild fails above, remove it and uncomment the following three lines. 
+    #   modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.
+
+    # - run: |
+    #   echo "Run, Build Application using script"
+    #   ./location_of_script_within_repo/buildscript.sh
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v2

.github/workflows/common-deploy.yml

@@ -1,55 +0,0 @@
-name: Reusable Server Application Deployment Workflow
-
-on:
-  workflow_call:
-    inputs:
-      service_name:
-        required: true
-        type: string
-      docker_image:
-        required: true
-        type: string
-    secrets:
-      AWS_ACCESS_KEY_ID:
-        required: true
-      AWS_SECRET_ACCESS_KEY:
-        required: true
-      AWS_ECR_REGISTRY:
-        required: true
-
-jobs:
-  deploy:
-    runs-on: ubuntu-latest
-
-    steps:
-
-    - name: Configure AWS credentials
-      uses: aws-actions/configure-aws-credentials@v3
-      with:
-        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
-        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-        aws-region: us-east-1
-
-    - name: Download task definition
-      run: |
-        aws ecs describe-task-definition --task-definition ${{ inputs.service_name }}-prod --query taskDefinition > task-definition.json
-
-    - name: Fill in the new version in the Amazon ECS task definition
-      run: |
-        jq '(.containerDefinitions[] | select(.name=="${{ inputs.service_name }}-prod") | .environment[] | select(.name=="VERSION")).value = "${{ github.sha }}"' task-definition.json > tmp.json && mv tmp.json task-definition.json
-
-    - name: Fill in the new image ID in the Amazon ECS task definition
-      id: task-def-prod
-      uses: aws-actions/amazon-ecs-render-task-definition@v1
-      with:
-        task-definition: task-definition.json
-        container-name: ${{ inputs.service_name }}-prod
-        image: ${{ secrets.AWS_ECR_REGISTRY }}/${{ inputs.docker_image }}
-
-    - name: Deploy Amazon ECS task definition
-      uses: aws-actions/amazon-ecs-deploy-task-definition@v1
-      with:
-        task-definition: ${{ steps.task-def-prod.outputs.task-definition }}
-        service: ${{ inputs.service_name }}
-        cluster: prod
-        wait-for-service-stability: true

.github/workflows/common-docker-image.yml

@@ -1,95 +0,0 @@
-name: Reusable Publish Docker Image Workflow
-
-on:
-  workflow_call:
-    inputs:
-      service_name:
-        required: true
-        type: string
-      package_path:
-        required: true
-        type: string
-      workspace_name:
-        required: true
-        type: string
-    secrets:
-      DOCKER_USERNAME:
-        required: true
-      DOCKER_PASSWORD:
-        required: true
-      AWS_ACCESS_KEY_ID:
-        required: true
-      AWS_SECRET_ACCESS_KEY:
-        required: true
-
-jobs:
-  publish:
-    runs-on: ubuntu-latest
-
-    steps:
-    - uses: actions/checkout@v4
-
-    - uses: actions/setup-python@v4
-      with:
-        python-version: '3.11'
-
-    - name: Cache build
-      id: cache-build
-      uses: actions/cache@v3
-      with:
-        path: |
-          packages/**/dist
-        key: ${{ runner.os }}-${{ inputs.service_name }}-build-${{ github.sha }}
-
-    - name: Set up Node
-      uses: actions/setup-node@v3
-      with:
-        registry-url: 'https://registry.npmjs.org'
-        node-version-file: '.nvmrc'
-
-    - name: Install dependencies
-      run: yarn install --immutable
-
-    - name: Build
-      if: steps.cache-build.outputs.cache-hit != 'true'
-      run: yarn build
-
-    - name: Login to Docker Hub
-      uses: docker/login-action@v3
-      with:
-        username: ${{ secrets.DOCKER_USERNAME }}
-        password: ${{ secrets.DOCKER_PASSWORD }}
-
-    - name: Configure AWS credentials
-      uses: aws-actions/configure-aws-credentials@v3
-      with:
-        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
-        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-        aws-region: us-east-1
-
-    - name: Login to Amazon ECR
-      id: login-ecr
-      uses: aws-actions/amazon-ecr-login@v2
-
-    - name: Set up QEMU
-      uses: docker/setup-qemu-action@master
-      with:
-        platforms: all
-
-    - name: Set up Docker Buildx
-      id: buildx
-      uses: docker/setup-buildx-action@master
-
-    - name: Publish Docker image
-      uses: docker/build-push-action@v4
-      with:
-        builder: ${{ steps.buildx.outputs.name }}
-        context: .
-        file: ${{ inputs.package_path }}/Dockerfile
-        platforms: linux/amd64,linux/arm64
-        push: true
-        tags: |
-          standardnotes/${{ inputs.service_name }}:latest
-          standardnotes/${{ inputs.service_name }}:${{ github.sha }}
-          ${{ steps.login-ecr.outputs.registry }}/${{ inputs.service_name }}:${{ github.sha }}
-          ${{ steps.login-ecr.outputs.registry }}/${{ inputs.service_name }}:latest

.github/workflows/common-e2e.yml

@@ -1,26 +0,0 @@
-name: Reusable Run E2E Test Suite Workflow
-
-on:
-  workflow_call:
-    inputs:
-      snjs_image_tag:
-        type: string
-        default: latest
-        description: The Docker image tag used for SNJS container
-      suite:
-        type: string
-        default: all
-        description: The test suite to run
-
-jobs:
-  e2e-self-hosted:
-    uses: standardnotes/server/.github/workflows/e2e-self-hosted.yml@main
-    with:
-      snjs_image_tag: ${{ inputs.snjs_image_tag }}
-      suite: ${{ inputs.suite }}
-
-  e2e-home-server:
-    uses: standardnotes/server/.github/workflows/e2e-home-server.yml@main
-    with:
-      snjs_image_tag: ${{ inputs.snjs_image_tag }}
-      suite: ${{ inputs.suite }}

.github/workflows/common-self-hosting.yml

@@ -1,47 +0,0 @@
-name: Reusable Publish Docker Self Hosting Image Workflow
-
-on:
-  workflow_call:
-    secrets:
-      DOCKER_USERNAME:
-        required: true
-      DOCKER_PASSWORD:
-        required: true
-      AWS_ACCESS_KEY_ID:
-        required: true
-      AWS_SECRET_ACCESS_KEY:
-        required: true
-
-jobs:
-  publish:
-    runs-on: ubuntu-latest
-
-    steps:
-    - uses: actions/checkout@v4
-
-    - name: Login to Docker Hub
-      uses: docker/login-action@v3
-      with:
-        username: ${{ secrets.DOCKER_USERNAME }}
-        password: ${{ secrets.DOCKER_PASSWORD }}
-
-    - name: Set up QEMU
-      uses: docker/setup-qemu-action@master
-      with:
-        platforms: all
-
-    - name: Set up Docker Buildx
-      id: buildx
-      uses: docker/setup-buildx-action@master
-
-    - name: Publish Docker image
-      uses: docker/build-push-action@v4
-      with:
-        builder: ${{ steps.buildx.outputs.name }}
-        context: .
-        file: Dockerfile
-        platforms: linux/amd64,linux/arm64
-        push: true
-        tags: |
-          standardnotes/server:latest
-          standardnotes/server:${{ github.sha }}

.github/workflows/common-server-application.yml

@@ -1,67 +0,0 @@
-name: Reusable Server Application Workflow
-
-on:
-  workflow_call:
-    inputs:
-      service_name:
-        required: true
-        type: string
-      workspace_name:
-        required: true
-        type: string
-      deploy_web:
-        required: false
-        default: true
-        type: boolean
-      deploy_worker:
-        required: false
-        default: true
-        type: boolean
-      package_path:
-        required: true
-        type: string
-    secrets:
-      DOCKER_USERNAME:
-        required: true
-      DOCKER_PASSWORD:
-        required: true
-      CI_PAT_TOKEN:
-        required: true
-      AWS_ACCESS_KEY_ID:
-        required: true
-      AWS_SECRET_ACCESS_KEY:
-        required: true
-
-jobs:
-  publish:
-    name: Publish Docker Image
-    uses: standardnotes/server/.github/workflows/common-docker-image.yml@main
-    with:
-      service_name: ${{ inputs.service_name }}
-      package_path: ${{ inputs.package_path }}
-      workspace_name: ${{ inputs.workspace_name }}
-    secrets: inherit
-
-  # deploy-web:
-  #   if: ${{ inputs.deploy_web }}
-
-  #   needs: publish
-
-  #   name: Deploy Web
-  #   uses: standardnotes/server/.github/workflows/common-deploy.yml@main
-  #   with:
-  #     service_name: ${{ inputs.service_name }}
-  #     docker_image: ${{ inputs.service_name }}:${{ github.sha }}
-  #   secrets: inherit
-
-  # deploy-worker:
-  #   if: ${{ inputs.deploy_worker }}
-
-  #   needs: publish
-
-  #   name: Deploy Worker
-  #   uses: standardnotes/server/.github/workflows/common-deploy.yml@main
-  #   with:
-  #     service_name: ${{ inputs.service_name }}-worker
-  #     docker_image: ${{ inputs.service_name }}:${{ github.sha }}
-  #   secrets: inherit

.github/workflows/e2e-home-server.yml

@@ -1,106 +0,0 @@
-name: E2E Home Server Test Suite
-
-on:
-  workflow_call:
-    inputs:
-      snjs_image_tag:
-        type: string
-        default: latest
-        description: The Docker image tag used for SNJS container
-      suite:
-        type: string
-        default: all
-        description: The test suite to run
-
-jobs:
-  e2e-home-server:
-    name: (Home Server) E2E Test Suite
-    strategy:
-      fail-fast: false
-      matrix:
-        db_type: [mysql, sqlite]
-        cache_type: [redis, memory]
-
-    runs-on: ubuntu-latest
-
-    services:
-      snjs:
-        image: standardnotes/snjs:${{ inputs.snjs_image_tag }}
-        ports:
-        - 9001:9001
-      cache:
-        image: redis
-        ports:
-          - 6379:6379
-      db:
-        image: mysql
-        ports:
-          - 3306:3306
-        env:
-          MYSQL_ROOT_PASSWORD: root
-          MYSQL_DATABASE: standardnotes
-          MYSQL_USER: standardnotes
-          MYSQL_PASSWORD: standardnotes
-
-    steps:
-    - uses: actions/checkout@v4
-
-    - name: Set up Node
-      uses: actions/setup-node@v3
-      with:
-        registry-url: 'https://registry.npmjs.org'
-        node-version-file: '.nvmrc'
-
-    - name: Install Dependencies
-      run: yarn install --immutable
-
-    - name: Build
-      run: yarn build
-
-    - name: Copy dotenv file
-      run: cp packages/home-server/.env.sample packages/home-server/.env
-
-    - name: Fill in env variables
-      run: |
-        sed -i "s/JWT_SECRET=/JWT_SECRET=$(openssl rand -hex 32)/g" packages/home-server/.env
-        sed -i "s/AUTH_JWT_SECRET=/AUTH_JWT_SECRET=$(openssl rand -hex 32)/g" packages/home-server/.env
-        sed -i "s/ENCRYPTION_SERVER_KEY=/ENCRYPTION_SERVER_KEY=$(openssl rand -hex 32)/g" packages/home-server/.env
-        sed -i "s/PSEUDO_KEY_PARAMS_KEY=/PSEUDO_KEY_PARAMS_KEY=$(openssl rand -hex 32)/g" packages/home-server/.env
-        sed -i "s/VALET_TOKEN_SECRET=/VALET_TOKEN_SECRET=$(openssl rand -hex 32)/g" packages/home-server/.env
-        echo "ACCESS_TOKEN_AGE=4" >> packages/home-server/.env
-        echo "REFRESH_TOKEN_AGE=10" >> packages/home-server/.env
-        echo "REVISIONS_FREQUENCY=2" >> packages/home-server/.env
-        echo "CONTENT_SIZE_TRANSFER_LIMIT=100000" >> packages/home-server/.env
-        echo "HTTP_REQUEST_PAYLOAD_LIMIT_MEGABYTES=1" >> packages/home-server/.env
-        echo "DB_HOST=localhost" >> packages/home-server/.env
-        echo "DB_PORT=3306" >> packages/home-server/.env
-        echo "DB_DATABASE=standardnotes" >> packages/home-server/.env
-        echo "DB_SQLITE_DATABASE_PATH=homeserver.db" >> packages/home-server/.env
-        echo "DB_USERNAME=standardnotes" >> packages/home-server/.env
-        echo "DB_PASSWORD=standardnotes" >> packages/home-server/.env
-        echo "DB_TYPE=${{ matrix.db_type }}" >> packages/home-server/.env
-        echo "DB_DEBUG_LEVEL=all" >> packages/home-server/.env
-        echo "REDIS_URL=redis://localhost:6379" >> packages/home-server/.env
-        echo "CACHE_TYPE=${{ matrix.cache_type }}" >> packages/home-server/.env
-        echo "FILES_SERVER_URL=http://localhost:3123" >> packages/home-server/.env
-        echo "E2E_TESTING=true" >> packages/home-server/.env
-
-    - name: Run Server
-      run: nohup yarn workspace @standardnotes/home-server start > logs/output.log 2>&1 &
-      env:
-        PORT: 3123
-
-    - name: Wait for server to start
-      run: for i in {1..30}; do curl -s http://localhost:3123/healthcheck && break || sleep 1; done
-
-    - name: Run E2E Test Suite
-      run: yarn dlx mocha-headless-chrome --timeout 3600000 -f http://localhost:9001/mocha/test.html?suite=${{ inputs.suite }}
-
-    - name: Archive failed run logs
-      if: ${{ failure() }}
-      uses: actions/upload-artifact@v3
-      with:
-        name: home-server-failure-logs-${{ inputs.suite }}-${{ matrix.db_type }}-${{ matrix.cache_type }}
-        retention-days: 5
-        path: |
-          logs/output.log

.github/workflows/e2e-self-hosted.yml

@@ -1,70 +0,0 @@
-name: E2E Self Hosted Test Suite
-
-on:
-  workflow_call:
-    inputs:
-      snjs_image_tag:
-        type: string
-        default: latest
-        description: The Docker image tag used for SNJS container
-      suite:
-        type: string
-        default: all
-        description: The test suite to run
-
-jobs:
-  e2e:
-    name: (Self Hosting) E2E Test Suite
-    strategy:
-      fail-fast: false
-      matrix:
-        service_proxy_type: [http, grpc]
-    runs-on: ubuntu-latest
-
-    services:
-      snjs:
-        image: standardnotes/snjs:${{ inputs.snjs_image_tag }}
-        ports:
-        - 9001:9001
-
-    steps:
-    - uses: actions/checkout@v4
-
-    - name: Set up Node
-      uses: actions/setup-node@v3
-      with:
-        registry-url: 'https://registry.npmjs.org'
-        node-version-file: '.nvmrc'
-
-    - name: Install
-      run: yarn install --immutable
-
-    - name: Run Server
-      run: docker compose -f docker-compose.ci.yml up -d
-      env:
-        DB_TYPE: mysql
-        CACHE_TYPE: redis
-        SERVICE_PROXY_TYPE: ${{ matrix.service_proxy_type }}
-
-    - name: Output Server Logs to File
-      run: docker compose -f docker-compose.ci.yml logs -f > logs/docker-compose.log 2>&1 &
-      env:
-        DB_TYPE: mysql
-        CACHE_TYPE: redis
-        SERVICE_PROXY_TYPE: ${{ matrix.service_proxy_type }}
-
-    - name: Wait for server to start
-      run: docker/is-available.sh http://localhost:3123 $(pwd)/logs
-
-    - name: Run E2E Test Suite
-      run: yarn dlx mocha-headless-chrome --timeout 3600000 -f http://localhost:9001/mocha/test.html?suite=${{ inputs.suite }}
-
-    - name: Archive failed run logs
-      if: ${{ failure() }}
-      uses: actions/upload-artifact@v3
-      with:
-        name: self-hosted-failure-logs-${{ inputs.suite }}
-        retention-days: 5
-        path: |
-          logs/*.err
-          logs/*.log

.github/workflows/e2e-test-suite.yml

@@ -1,33 +0,0 @@
-name: E2E Test Suite
-
-run-name: E2E ${{ inputs.suite }} Test Suite against ${{ inputs.ref_name }} by ${{ inputs.author }}
-
-on:
-  schedule:
-    - cron: '0 */12 * * *'
-  workflow_dispatch:
-    inputs:
-      snjs_image_tag:
-        type: string
-        default: latest
-        description: The Docker image tag used for SNJS container
-      suite:
-        type: string
-        default: all
-        description: The test suite to run
-      author:
-        type: string
-        default: unknown
-        description: The author that triggered the workflow
-      ref_name:
-        type: string
-        default: unknown
-        description: The ref name from which the workflow was triggered
-
-jobs:
-  e2e:
-    name: E2E
-    uses: standardnotes/server/.github/workflows/common-e2e.yml@main
-    with:
-      snjs_image_tag: ${{ inputs.snjs_image_tag || 'latest' }}
-      suite: ${{ inputs.suite || 'all' }}

.github/workflows/files.release.yml

@@ -0,0 +1,204 @@
+name: Files Server
+
+concurrency:
+  group: files
+  cancel-in-progress: true
+
+on:
+  push:
+    tags:
+      - '*standardnotes/files-server*'
+  workflow_dispatch:
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v3
+    - uses: actions/setup-node@v1
+      with:
+        node-version: '16.x'
+    - run: yarn lint:files
+    - run: yarn test:files
+
+  publish-aws-ecr:
+    needs: test
+
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v3
+    - name: Build locally
+      run: yarn build:files
+    - name: Configure AWS credentials
+      uses: aws-actions/configure-aws-credentials@v1
+      with:
+        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        aws-region: us-east-1
+    - name: Login to Amazon ECR
+      id: login-ecr
+      uses: aws-actions/amazon-ecr-login@v1
+    - name: Build, tag, and push image to Amazon ECR
+      id: build-image
+      env:
+        ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
+        ECR_REPOSITORY: files
+        IMAGE_TAG: ${{ github.sha }}
+      run: |
+        yarn docker build @standardnotes/files-server -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
+        docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
+        docker tag $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG $ECR_REGISTRY/$ECR_REPOSITORY:latest
+        docker push $ECR_REGISTRY/$ECR_REPOSITORY:latest
+
+  publish-docker-hub:
+    needs: test
+
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v3
+    - name: Build locally
+      run: yarn build:files
+    - name: Login to Docker Hub
+      uses: docker/login-action@v2
+      with:
+        username: ${{ secrets.DOCKER_USERNAME }}
+        password: ${{ secrets.DOCKER_PASSWORD }}
+    - name: Build, tag, and push image to Docker Hub
+      run: |
+        yarn docker build @standardnotes/files-server -t standardnotes/files:${{ github.sha }}
+        docker push standardnotes/files:${{ github.sha }}
+        docker tag standardnotes/files:${{ github.sha }} standardnotes/files:latest
+        docker push standardnotes/files:latest
+
+  deploy-web:
+    needs: publish-aws-ecr
+
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Configure AWS credentials
+      uses: aws-actions/configure-aws-credentials@v1
+      with:
+        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        aws-region: us-east-1
+    - name: DEV - Download task definition
+      run: |
+        aws ecs describe-task-definition --task-definition files-dev --query taskDefinition > task-definition.json
+    - name: DEV - Fill in the new version in the Amazon ECS task definition
+      run: |
+        jq '(.containerDefinitions[] | select(.name=="files-dev") | .environment[] | select(.name=="VERSION")).value = "${{ github.sha }}"' task-definition.json > tmp.json && mv tmp.json task-definition.json
+    - name: DEV - Fill in the new image ID in the Amazon ECS task definition
+      id: task-def-dev
+      uses: aws-actions/amazon-ecs-render-task-definition@v1
+      with:
+        task-definition: task-definition.json
+        container-name: files-dev
+        image: ${{ secrets.AWS_ECR_REGISTRY }}/files:${{ github.sha }}
+    - name: DEV - Deploy Amazon ECS task definition
+      uses: aws-actions/amazon-ecs-deploy-task-definition@v1
+      with:
+        task-definition: ${{ steps.task-def-dev.outputs.task-definition }}
+        service: files-dev
+        cluster: dev
+        wait-for-service-stability: true
+    - name: PROD - Download task definition
+      run: |
+        aws ecs describe-task-definition --task-definition files-prod --query taskDefinition > task-definition.json
+    - name: PROD - Fill in the new version in the Amazon ECS task definition
+      run: |
+        jq '(.containerDefinitions[] | select(.name=="files-prod") | .environment[] | select(.name=="VERSION")).value = "${{ github.sha }}"' task-definition.json > tmp.json && mv tmp.json task-definition.json
+    - name: PROD - Fill in the new image ID in the Amazon ECS task definition
+      id: task-def-prod
+      uses: aws-actions/amazon-ecs-render-task-definition@v1
+      with:
+        task-definition: task-definition.json
+        container-name: files-prod
+        image: ${{ secrets.AWS_ECR_REGISTRY }}/files:${{ github.sha }}
+    - name: PROD - Deploy Amazon ECS task definition
+      uses: aws-actions/amazon-ecs-deploy-task-definition@v1
+      with:
+        task-definition: ${{ steps.task-def-prod.outputs.task-definition }}
+        service: files-prod
+        cluster: prod
+        wait-for-service-stability: true
+
+  deploy-worker:
+    needs: publish-aws-ecr
+
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Configure AWS credentials
+      uses: aws-actions/configure-aws-credentials@v1
+      with:
+        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        aws-region: us-east-1
+    - name: DEV - Download task definition
+      run: |
+        aws ecs describe-task-definition --task-definition files-worker-dev --query taskDefinition > task-definition.json
+    - name: DEV - Fill in the new version in the Amazon ECS task definition
+      run: |
+        jq '(.containerDefinitions[] | select(.name=="files-worker-dev") | .environment[] | select(.name=="VERSION")).value = "${{ github.sha }}"' task-definition.json > tmp.json && mv tmp.json task-definition.json
+    - name: DEV - Fill in the new image ID in the Amazon ECS task definition
+      id: task-def-dev
+      uses: aws-actions/amazon-ecs-render-task-definition@v1
+      with:
+        task-definition: task-definition.json
+        container-name: files-worker-dev
+        image: ${{ secrets.AWS_ECR_REGISTRY }}/files:${{ github.sha }}
+    - name: DEV - Deploy Amazon ECS task definition
+      uses: aws-actions/amazon-ecs-deploy-task-definition@v1
+      with:
+        task-definition: ${{ steps.task-def-dev.outputs.task-definition }}
+        service: files-worker-dev
+        cluster: dev
+        wait-for-service-stability: true
+    - name: PROD - Download task definition
+      run: |
+        aws ecs describe-task-definition --task-definition files-worker-prod --query taskDefinition > task-definition.json
+    - name: PROD - Fill in the new version in the Amazon ECS task definition
+      run: |
+        jq '(.containerDefinitions[] | select(.name=="files-worker-prod") | .environment[] | select(.name=="VERSION")).value = "${{ github.sha }}"' task-definition.json > tmp.json && mv tmp.json task-definition.json
+    - name: PROD - Fill in the new image ID in the Amazon ECS task definition
+      id: task-def-prod
+      uses: aws-actions/amazon-ecs-render-task-definition@v1
+      with:
+        task-definition: task-definition.json
+        container-name: files-worker-prod
+        image: ${{ secrets.AWS_ECR_REGISTRY }}/files:${{ github.sha }}
+    - name: PROD - Deploy Amazon ECS task definition
+      uses: aws-actions/amazon-ecs-deploy-task-definition@v1
+      with:
+        task-definition: ${{ steps.task-def-prod.outputs.task-definition }}
+        service: files-worker-prod
+        cluster: prod
+        wait-for-service-stability: true
+
+  newrelic:
+    needs: [ deploy-web, deploy-worker ]
+
+    runs-on: ubuntu-latest
+    steps:
+      - name: Create New Relic deployment marker for Web
+        uses: newrelic/deployment-marker-action@v1
+        with:
+          accountId: ${{ secrets.NEW_RELIC_ACCOUNT_ID }}
+          apiKey: ${{ secrets.NEW_RELIC_API_KEY }}
+          applicationId: ${{ secrets.NEW_RELIC_APPLICATION_ID_FILES_WEB_PROD }}
+          revision: "${{ github.sha }}"
+          description: "Automated Deployment via Github Actions"
+          user: "${{ github.actor }}"
+      - name: Create New Relic deployment marker for Worker
+        uses: newrelic/deployment-marker-action@v1
+        with:
+          accountId: ${{ secrets.NEW_RELIC_ACCOUNT_ID }}
+          apiKey: ${{ secrets.NEW_RELIC_API_KEY }}
+          applicationId: ${{ secrets.NEW_RELIC_APPLICATION_ID_FILES_WORKER_PROD }}
+          revision: "${{ github.sha }}"
+          description: "Automated Deployment via Github Actions"
+          user: "${{ github.actor }}"

.github/workflows/files.yml

@@ -1,21 +0,0 @@
-name: Files Server
-
-concurrency:
-  group: files
-  cancel-in-progress: true
-
-on:
-  push:
-    tags:
-      - '*standardnotes/files-server*'
-  workflow_dispatch:
-
-jobs:
-  call_server_application_workflow:
-    name: Server Application
-    uses: standardnotes/server/.github/workflows/common-server-application.yml@main
-    with:
-      service_name: files
-      workspace_name: "@standardnotes/files-server"
-      package_path: packages/files
-    secrets: inherit

.github/workflows/pr.yml

@@ -6,107 +6,16 @@ on:
       - main
 
 jobs:
-  build:
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v4
-
-    - name: Cache build
-      id: cache-build
-      uses: actions/cache@v3
-      with:
-        path: |
-          packages/**/dist
-        key: ${{ runner.os }}-build-${{ github.sha }}
-
-    - name: Set up Node
-      uses: actions/setup-node@v3
-      with:
-        registry-url: 'https://registry.npmjs.org'
-        node-version-file: '.nvmrc'
-
-    - name: Install
-      run: yarn install
-
-    - name: Build
-      run: yarn build
-
-  lint:
-    runs-on: ubuntu-latest
-
-    needs: build
-
-    steps:
-    - uses: actions/checkout@v4
-
-    - name: Cache build
-      id: cache-build
-      uses: actions/cache@v3
-      with:
-        path: |
-          packages/**/dist
-        key: ${{ runner.os }}-build-${{ github.sha }}
-
-    - name: Set up Node
-      uses: actions/setup-node@v3
-      with:
-        registry-url: 'https://registry.npmjs.org'
-        node-version-file: '.nvmrc'
-
-    - name: Install
-      run: yarn install
-
-    - name: Build
-      if: steps.cache-build.outputs.cache-hit != 'true'
-      run: yarn build
-
-    - name: Lint
-      run: yarn lint
-
   test:
     runs-on: ubuntu-latest
-
-    needs: build
-
     steps:
-    - uses: actions/checkout@v4
-
-    - name: Cache build
-      id: cache-build
-      uses: actions/cache@v3
-      with:
-        path: |
-          packages/**/dist
-        key: ${{ runner.os }}-build-${{ github.sha }}
-
-    - name: Set up Node
-      uses: actions/setup-node@v3
-      with:
-        registry-url: 'https://registry.npmjs.org'
-        node-version-file: '.nvmrc'
-
-    - name: Install
-      run: yarn install
-
-    - name: Build
-      if: steps.cache-build.outputs.cache-hit != 'true'
-      run: yarn build
-
-    - name: Test
-      run: yarn test
-
-  e2e-base:
-    needs: build
-    name: E2E Base Suite
-    uses: standardnotes/server/.github/workflows/common-e2e.yml@main
-    with:
-      snjs_image_tag: 'latest'
-      suite: 'base'
-
-  e2e-vaults:
-    needs: build
-    name: E2E Vaults Suite
-    uses: standardnotes/server/.github/workflows/common-e2e.yml@main
-    with:
-      snjs_image_tag: 'latest'
-      suite: 'vaults'
+      - name: Checkout code
+        uses: actions/checkout@v3
+      - name: Install dependencies
+        run: yarn install --immutable
+      - name: ESLint
+        run: yarn lint
+      - name: Build
+        run: yarn build
+      - name: Test
+        run: yarn test

.github/workflows/publish.yml

@@ -1,177 +0,0 @@
-name: Publish Packages
-
-on:
-  push:
-    branches: [ main ]
-
-permissions:
-  id-token: write
-
-jobs:
-  build:
-    if: contains(github.event.head_commit.message, 'chore(release)') == false
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v4
-
-    - name: Cache build
-      id: cache-build
-      uses: actions/cache@v3
-      with:
-        path: |
-          packages/**/dist
-        key: ${{ runner.os }}-build-${{ github.sha }}
-
-    - name: Set up Node
-      uses: actions/setup-node@v3
-      with:
-        registry-url: 'https://registry.npmjs.org'
-        node-version-file: '.nvmrc'
-
-    - name: Install
-      run: yarn install --immutable
-
-    - name: Build
-      run: yarn build
-
-  lint:
-    runs-on: ubuntu-latest
-
-    needs: build
-
-    steps:
-    - uses: actions/checkout@v4
-
-    - name: Cache build
-      id: cache-build
-      uses: actions/cache@v3
-      with:
-        path: |
-          packages/**/dist
-        key: ${{ runner.os }}-build-${{ github.sha }}
-
-    - name: Set up Node
-      uses: actions/setup-node@v3
-      with:
-        registry-url: 'https://registry.npmjs.org'
-        node-version-file: '.nvmrc'
-
-    - name: Install
-      run: yarn install --immutable
-
-    - name: Build
-      if: steps.cache-build.outputs.cache-hit != 'true'
-      run: yarn build
-
-    - name: Lint
-      run: yarn lint
-
-  test:
-    runs-on: ubuntu-latest
-
-    needs: build
-
-    steps:
-    - uses: actions/checkout@v4
-
-    - name: Cache build
-      id: cache-build
-      uses: actions/cache@v3
-      with:
-        path: |
-          packages/**/dist
-        key: ${{ runner.os }}-build-${{ github.sha }}
-
-    - name: Set up Node
-      uses: actions/setup-node@v3
-      with:
-        registry-url: 'https://registry.npmjs.org'
-        node-version-file: '.nvmrc'
-
-    - name: Install
-      run: yarn install --immutable
-
-    - name: Build
-      if: steps.cache-build.outputs.cache-hit != 'true'
-      run: yarn build
-
-    - name: Test
-      run: yarn test
-
-  # e2e-base:
-  #   needs: build
-  #   name: E2E Base Suite
-  #   uses: standardnotes/server/.github/workflows/common-e2e.yml@main
-  #   with:
-  #     snjs_image_tag: 'latest'
-  #     suite: 'base'
-
-  # e2e-vaults:
-  #   needs: build
-  #   name: E2E Vaults Suite
-  #   uses: standardnotes/server/.github/workflows/common-e2e.yml@main
-  #   with:
-  #     snjs_image_tag: 'latest'
-  #     suite: 'vaults'
-
-  publish-self-hosting:
-    # needs: [ test, lint, e2e-base, e2e-vaults ]
-    needs: [ test, lint ]
-    name: Publish Self Hosting Docker Image
-    uses: standardnotes/server/.github/workflows/common-self-hosting.yml@main
-    secrets: inherit
-
-  publish-services:
-    # needs: [ test, lint, e2e-base, e2e-vaults ]
-    needs: [ test, lint ]
-
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-        with:
-          token: ${{ secrets.CI_PAT_TOKEN }}
-          fetch-depth: 0
-
-      - name: Cache build
-        id: cache-build
-        uses: actions/cache@v3
-        with:
-          path: |
-            packages/**/dist
-          key: ${{ runner.os }}-build-${{ github.sha }}
-
-      - name: Setup git config
-        run: |
-          git config --global user.name "standardci"
-          git config --global user.email "ci@standardnotes.com"
-
-      - name: Import GPG key
-        uses: crazy-max/ghaction-import-gpg@v6
-        with:
-          gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
-          passphrase: ${{ secrets.PASSPHRASE }}
-          git_user_signingkey: true
-          git_commit_gpgsign: true
-
-      - name: Set up Node
-        uses: actions/setup-node@v3
-        with:
-          registry-url: 'https://registry.npmjs.org'
-          node-version-file: '.nvmrc'
-
-      - name: Install
-        run: yarn install --immutable
-
-      - name: Build
-        if: steps.cache-build.outputs.cache-hit != 'true'
-        run: yarn build
-
-      - name: Bump version
-        run: yarn release
-
-      - name: Publish
-        run: yarn publish
-        env:
-          NODE_AUTH_TOKEN: ${{ secrets.CI_NPM_TOKEN }}

.github/workflows/revisions.yml

@@ -1,21 +0,0 @@
-name: Revisions Server
-
-concurrency:
-  group: revisions_server
-  cancel-in-progress: true
-
-on:
-  push:
-    tags:
-      - '*standardnotes/revisions-server*'
-  workflow_dispatch:
-
-jobs:
-  call_server_application_workflow:
-    name: Server Application
-    uses: standardnotes/server/.github/workflows/common-server-application.yml@main
-    with:
-      service_name: revisions
-      workspace_name: "@standardnotes/revisions-server"
-      package_path: packages/revisions
-    secrets: inherit

.github/workflows/scheduler.release.yml

@@ -0,0 +1,143 @@
+name: Scheduler Server
+
+concurrency:
+  group: scheduler
+  cancel-in-progress: true
+
+on:
+  push:
+    tags:
+      - '*standardnotes/scheduler-server*'
+  workflow_dispatch:
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v3
+    - uses: actions/setup-node@v1
+      with:
+        node-version: '16.x'
+    - run: yarn lint:scheduler
+    - run: yarn test:scheduler
+
+  publish-aws-ecr:
+    needs: test
+
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v3
+    - name: Build locally
+      run: yarn build:scheduler
+    - name: Configure AWS credentials
+      uses: aws-actions/configure-aws-credentials@v1
+      with:
+        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        aws-region: us-east-1
+    - name: Login to Amazon ECR
+      id: login-ecr
+      uses: aws-actions/amazon-ecr-login@v1
+    - name: Build, tag, and push image to Amazon ECR
+      id: build-image
+      env:
+        ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
+        ECR_REPOSITORY: scheduler-worker
+        IMAGE_TAG: ${{ github.sha }}
+      run: |
+        yarn docker build @standardnotes/scheduler-server -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
+        docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
+        docker tag $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG $ECR_REGISTRY/$ECR_REPOSITORY:latest
+        docker push $ECR_REGISTRY/$ECR_REPOSITORY:latest
+
+  publish-docker-hub:
+    needs: test
+
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v3
+    - name: Build locally
+      run: yarn build:scheduler
+    - name: Login to Docker Hub
+      uses: docker/login-action@v2
+      with:
+        username: ${{ secrets.DOCKER_USERNAME }}
+        password: ${{ secrets.DOCKER_PASSWORD }}
+    - name: Build, tag, and push image to Docker Hub
+      run: |
+        yarn docker build @standardnotes/scheduler-server -t standardnotes/scheduler:${{ github.sha }}
+        docker push standardnotes/scheduler:${{ github.sha }}
+        docker tag standardnotes/scheduler:${{ github.sha }} standardnotes/scheduler:latest
+        docker push standardnotes/scheduler:latest
+
+  deploy-worker:
+    needs: publish-aws-ecr
+
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Configure AWS credentials
+      uses: aws-actions/configure-aws-credentials@v1
+      with:
+        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        aws-region: us-east-1
+    - name: DEV - Download task definition
+      run: |
+        aws ecs describe-task-definition --task-definition scheduler-worker-dev --query taskDefinition > task-definition.json
+    - name: DEV - Fill in the new version in the Amazon ECS task definition
+      run: |
+        jq '(.containerDefinitions[] | select(.name=="scheduler-worker-dev") | .environment[] | select(.name=="VERSION")).value = "${{ github.sha }}"' task-definition.json > tmp.json && mv tmp.json task-definition.json
+    - name: DEV - Fill in the new image ID in the Amazon ECS task definition
+      id: task-def-dev
+      uses: aws-actions/amazon-ecs-render-task-definition@v1
+      with:
+        task-definition: task-definition.json
+        container-name: scheduler-worker-dev
+        image: ${{ secrets.AWS_ECR_REGISTRY }}/scheduler-worker:${{ github.sha }}
+    - name: DEV - Deploy Amazon ECS task definition
+      uses: aws-actions/amazon-ecs-deploy-task-definition@v1
+      with:
+        task-definition: ${{ steps.task-def-dev.outputs.task-definition }}
+        service: scheduler-worker-dev
+        cluster: dev
+        wait-for-service-stability: true
+    - name: PROD - Download task definition
+      run: |
+        aws ecs describe-task-definition --task-definition scheduler-worker-prod --query taskDefinition > task-definition.json
+    - name: PROD - Fill in the new version in the Amazon ECS task definition
+      run: |
+        jq '(.containerDefinitions[] | select(.name=="scheduler-worker-prod") | .environment[] | select(.name=="VERSION")).value = "${{ github.sha }}"' task-definition.json > tmp.json && mv tmp.json task-definition.json
+    - name: PROD - Fill in the new image ID in the Amazon ECS task definition
+      id: task-def-prod
+      uses: aws-actions/amazon-ecs-render-task-definition@v1
+      with:
+        task-definition: task-definition.json
+        container-name: scheduler-worker-prod
+        image: ${{ secrets.AWS_ECR_REGISTRY }}/scheduler-worker:${{ github.sha }}
+    - name: PROD - Deploy Amazon ECS task definition
+      uses: aws-actions/amazon-ecs-deploy-task-definition@v1
+      with:
+        task-definition: ${{ steps.task-def-prod.outputs.task-definition }}
+        service: scheduler-worker-prod
+        cluster: prod
+        wait-for-service-stability: true
+
+  newrelic:
+    needs: [ deploy-worker ]
+
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Create New Relic deployment marker for Worker
+        uses: newrelic/deployment-marker-action@v1
+        with:
+          accountId: ${{ secrets.NEW_RELIC_ACCOUNT_ID }}
+          apiKey: ${{ secrets.NEW_RELIC_API_KEY }}
+          applicationId: ${{ secrets.NEW_RELIC_APPLICATION_ID_SCHEDULER_WORKER_PROD }}
+          revision: "${{ github.sha }}"
+          description: "Automated Deployment via Github Actions"
+          user: "${{ github.actor }}"

.github/workflows/scheduler.yml

@@ -1,22 +0,0 @@
-name: Scheduler Server
-
-concurrency:
-  group: scheduler
-  cancel-in-progress: true
-
-on:
-  push:
-    tags:
-      - '*standardnotes/scheduler-server*'
-  workflow_dispatch:
-
-jobs:
-  call_server_application_workflow:
-    name: Server Application
-    uses: standardnotes/server/.github/workflows/common-server-application.yml@main
-    with:
-      service_name: scheduler
-      workspace_name: "@standardnotes/scheduler-server"
-      deploy_web: false
-      package_path: packages/scheduler
-    secrets: inherit

.github/workflows/snjs.upgrade.event.yml

@@ -0,0 +1,46 @@
+name: Update SNJS Packages
+
+on:
+  workflow_dispatch:
+  repository_dispatch:
+    types: [snjs-updated-event]
+
+jobs:
+  SNJSUpdateEvent:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+        with:
+          ref: main
+          token: ${{ secrets.CI_PAT_TOKEN }}
+      - uses: actions/setup-node@v3
+        with:
+          registry-url: 'https://registry.npmjs.org'
+      - name: Setup git config
+        run: |
+          git config --global user.name "standardci"
+          git config --global user.email "ci@standardnotes.com"
+      - name: Import GPG key
+        uses: crazy-max/ghaction-import-gpg@v4
+        with:
+          gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
+          passphrase: ${{ secrets.PASSPHRASE }}
+          git_user_signingkey: true
+          git_commit_gpgsign: true
+
+      - run: yarn install
+      - run: |
+          yarn upgrade:snjs
+          yarn install --no-immutable
+
+      - name: Create Pull Request
+        uses: peter-evans/create-pull-request@v4
+        with:
+          token: ${{ secrets.CI_PAT_TOKEN }}
+          title: "${{ 'chore(deps): upgrade snjs' }}"
+          body: Updates all packages prefixed with "@standardnotes/"
+          commit-message: "${{ 'chore(deps): upgrade snjs' }}"
+          delete-branch: true
+          committer: standardci <ci@standardnotes.com>
+          author: standardci <ci@standardnotes.com>

.github/workflows/syncing-server.release.yml

@@ -0,0 +1,205 @@
+name: Syncing Server
+
+concurrency:
+  group: syncing_server
+  cancel-in-progress: true
+
+on:
+  push:
+    tags:
+      - '*standardnotes/syncing-server*'
+  workflow_dispatch:
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v3
+    - uses: actions/setup-node@v1
+      with:
+        node-version: '16.x'
+    - run: yarn install --immutable
+    - run: yarn lint:syncing-server
+    - run: yarn test:syncing-server
+
+  publish-aws-ecr:
+    needs: test
+
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v3
+    - name: Build locally
+      run: yarn build:syncing-server
+    - name: Configure AWS credentials
+      uses: aws-actions/configure-aws-credentials@v1
+      with:
+        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        aws-region: us-east-1
+    - name: Login to Amazon ECR
+      id: login-ecr
+      uses: aws-actions/amazon-ecr-login@v1
+    - name: Build, tag, and push image to Amazon ECR
+      id: build-image
+      env:
+        ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
+        ECR_REPOSITORY: syncing-server-js
+        IMAGE_TAG: ${{ github.sha }}
+      run: |
+        yarn docker build @standardnotes/syncing-server -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
+        docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
+        docker tag $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG $ECR_REGISTRY/$ECR_REPOSITORY:latest
+        docker push $ECR_REGISTRY/$ECR_REPOSITORY:latest
+
+  publish-docker-hub:
+    needs: test
+
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v3
+    - name: Build locally
+      run: yarn build:syncing-server
+    - name: Login to Docker Hub
+      uses: docker/login-action@v2
+      with:
+        username: ${{ secrets.DOCKER_USERNAME }}
+        password: ${{ secrets.DOCKER_PASSWORD }}
+    - name: Build, tag, and push image to Docker Hub
+      run: |
+        yarn docker build @standardnotes/syncing-server -t standardnotes/syncing-server-js:${{ github.sha }}
+        docker push standardnotes/syncing-server-js:${{ github.sha }}
+        docker tag standardnotes/syncing-server-js:${{ github.sha }} standardnotes/syncing-server-js:latest
+        docker push standardnotes/syncing-server-js:latest
+
+  deploy-web:
+    needs: publish-aws-ecr
+
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Configure AWS credentials
+      uses: aws-actions/configure-aws-credentials@v1
+      with:
+        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        aws-region: us-east-1
+    - name: DEV - Download task definition
+      run: |
+        aws ecs describe-task-definition --task-definition syncing-server-js-dev --query taskDefinition > task-definition.json
+    - name: DEV - Fill in the new version in the Amazon ECS task definition
+      run: |
+        jq '(.containerDefinitions[] | select(.name=="syncing-server-js-dev") | .environment[] | select(.name=="VERSION")).value = "${{ github.sha }}"' task-definition.json > tmp.json && mv tmp.json task-definition.json
+    - name: DEV - Fill in the new image ID in the Amazon ECS task definition
+      id: task-def-dev
+      uses: aws-actions/amazon-ecs-render-task-definition@v1
+      with:
+        task-definition: task-definition.json
+        container-name: syncing-server-js-dev
+        image: ${{ secrets.AWS_ECR_REGISTRY }}/syncing-server-js:${{ github.sha }}
+    - name: DEV - Deploy Amazon ECS task definition
+      uses: aws-actions/amazon-ecs-deploy-task-definition@v1
+      with:
+        task-definition: ${{ steps.task-def-dev.outputs.task-definition }}
+        service: syncing-server-js-dev
+        cluster: dev
+        wait-for-service-stability: true
+    - name: PROD - Download task definition
+      run: |
+        aws ecs describe-task-definition --task-definition syncing-server-js-prod --query taskDefinition > task-definition.json
+    - name: PROD - Fill in the new version in the Amazon ECS task definition
+      run: |
+        jq '(.containerDefinitions[] | select(.name=="syncing-server-js-prod") | .environment[] | select(.name=="VERSION")).value = "${{ github.sha }}"' task-definition.json > tmp.json && mv tmp.json task-definition.json
+    - name: PROD - Fill in the new image ID in the Amazon ECS task definition
+      id: task-def-prod
+      uses: aws-actions/amazon-ecs-render-task-definition@v1
+      with:
+        task-definition: task-definition.json
+        container-name: syncing-server-js-prod
+        image: ${{ secrets.AWS_ECR_REGISTRY }}/syncing-server-js:${{ github.sha }}
+    - name: PROD - Deploy Amazon ECS task definition
+      uses: aws-actions/amazon-ecs-deploy-task-definition@v1
+      with:
+        task-definition: ${{ steps.task-def-prod.outputs.task-definition }}
+        service: syncing-server-js-prod
+        cluster: prod
+        wait-for-service-stability: true
+
+  deploy-worker:
+    needs: publish-aws-ecr
+
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Configure AWS credentials
+      uses: aws-actions/configure-aws-credentials@v1
+      with:
+        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        aws-region: us-east-1
+    - name: DEV - Download task definition
+      run: |
+        aws ecs describe-task-definition --task-definition syncing-server-js-worker-dev --query taskDefinition > task-definition.json
+    - name: DEV - Fill in the new version in the Amazon ECS task definition
+      run: |
+        jq '(.containerDefinitions[] | select(.name=="syncing-server-js-worker-dev") | .environment[] | select(.name=="VERSION")).value = "${{ github.sha }}"' task-definition.json > tmp.json && mv tmp.json task-definition.json
+    - name: DEV - Fill in the new image ID in the Amazon ECS task definition
+      id: task-def-dev
+      uses: aws-actions/amazon-ecs-render-task-definition@v1
+      with:
+        task-definition: task-definition.json
+        container-name: syncing-server-js-worker-dev
+        image: ${{ secrets.AWS_ECR_REGISTRY }}/syncing-server-js:${{ github.sha }}
+    - name: DEV - Deploy Amazon ECS task definition
+      uses: aws-actions/amazon-ecs-deploy-task-definition@v1
+      with:
+        task-definition: ${{ steps.task-def-dev.outputs.task-definition }}
+        service: syncing-server-js-worker-dev
+        cluster: dev
+        wait-for-service-stability: true
+    - name: PROD - Download task definition
+      run: |
+        aws ecs describe-task-definition --task-definition syncing-server-js-worker-prod --query taskDefinition > task-definition.json
+    - name: PROD - Fill in the new version in the Amazon ECS task definition
+      run: |
+        jq '(.containerDefinitions[] | select(.name=="syncing-server-js-worker-prod") | .environment[] | select(.name=="VERSION")).value = "${{ github.sha }}"' task-definition.json > tmp.json && mv tmp.json task-definition.json
+    - name: PROD - Fill in the new image ID in the Amazon ECS task definition
+      id: task-def-prod
+      uses: aws-actions/amazon-ecs-render-task-definition@v1
+      with:
+        task-definition: task-definition.json
+        container-name: syncing-server-js-worker-prod
+        image: ${{ secrets.AWS_ECR_REGISTRY }}/syncing-server-js:${{ github.sha }}
+    - name: PROD - Deploy Amazon ECS task definition
+      uses: aws-actions/amazon-ecs-deploy-task-definition@v1
+      with:
+        task-definition: ${{ steps.task-def-prod.outputs.task-definition }}
+        service: syncing-server-js-worker-prod
+        cluster: prod
+        wait-for-service-stability: true
+
+  newrelic:
+    needs: [ deploy-web, deploy-worker ]
+
+    runs-on: ubuntu-latest
+    steps:
+      - name: Create New Relic deployment marker for Web
+        uses: newrelic/deployment-marker-action@v1
+        with:
+          accountId: ${{ secrets.NEW_RELIC_ACCOUNT_ID }}
+          apiKey: ${{ secrets.NEW_RELIC_API_KEY }}
+          applicationId: ${{ secrets.NEW_RELIC_APPLICATION_ID_SYNCING_SERVER_WEB_PROD }}
+          revision: "${{ github.sha }}"
+          description: "Automated Deployment via Github Actions"
+          user: "${{ github.actor }}"
+      - name: Create New Relic deployment marker for Worker
+        uses: newrelic/deployment-marker-action@v1
+        with:
+          accountId: ${{ secrets.NEW_RELIC_ACCOUNT_ID }}
+          apiKey: ${{ secrets.NEW_RELIC_API_KEY }}
+          applicationId: ${{ secrets.NEW_RELIC_APPLICATION_ID_SYNCING_SERVER_WORKER_PROD }}
+          revision: "${{ github.sha }}"
+          description: "Automated Deployment via Github Actions"
+          user: "${{ github.actor }}"

.github/workflows/syncing-server.yml

@@ -1,21 +0,0 @@
-name: Syncing Server
-
-concurrency:
-  group: syncing_server
-  cancel-in-progress: true
-
-on:
-  push:
-    tags:
-      - '*standardnotes/syncing-server*'
-  workflow_dispatch:
-
-jobs:
-  call_server_application_workflow:
-    name: Server Application
-    uses: standardnotes/server/.github/workflows/common-server-application.yml@main
-    with:
-      service_name: syncing-server-js
-      workspace_name: "@standardnotes/syncing-server"
-      package_path: packages/syncing-server
-    secrets: inherit

.github/workflows/version-bump.yml

@@ -0,0 +1,39 @@
+name: Version Bump
+
+on:
+  push:
+    branches: [ main ]
+
+jobs:
+  bump:
+    if: contains(github.event.head_commit.message, 'chore(release)') == false
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+        with:
+          token: ${{ secrets.CI_PAT_TOKEN }}
+          fetch-depth: 0
+
+      - name: Setup git config
+        run: |
+          git config --global user.name "standardci"
+          git config --global user.email "ci@standardnotes.com"
+
+      - name: Import GPG key
+        uses: crazy-max/ghaction-import-gpg@v5
+        with:
+          gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
+          passphrase: ${{ secrets.PASSPHRASE }}
+          git_user_signingkey: true
+          git_commit_gpgsign: true
+
+      - uses: actions/setup-node@v1
+        with:
+          node-version: '16.x'
+
+      - name: Install locally
+        run: yarn install --immutable
+
+      - name: Bump Version
+        run: yarn release:prod

.github/workflows/websockets.yml

@@ -1,21 +0,0 @@
-name: Websockets Server
-
-concurrency:
-  group: websockets
-  cancel-in-progress: true
-
-on:
-  push:
-    tags:
-      - '*standardnotes/websockets-server*'
-  workflow_dispatch:
-
-jobs:
-  call_server_application_workflow:
-    name: Server Application
-    uses: standardnotes/server/.github/workflows/common-server-application.yml@main
-    with:
-      service_name: websockets
-      workspace_name: "@standardnotes/websockets-server"
-      package_path: packages/websockets
-    secrets: inherit

.gitignore

@@ -1,29 +1,23 @@
 .eslintcache
 .DS_Store
 .idea
+node_modules
 dist
 coverage
 .env
+newrelic_agent.log
 
 .yarn/*
 !.yarn/cache
 !.yarn/patches
 !.yarn/plugins
 !.yarn/releases
+!.yarn/unplugged
 !.yarn/sdks
 !.yarn/versions
 
-yarn.build-error.log
-
 packages/files/uploads/*
 !packages/files/uploads/.gitkeep
 
 data/*
 !data/.gitkeep
-
-packages/**/data/*
-
-logs/*
-!logs/.gitkeep
-
-docker-compose.yml

.nvmrc

@@ -1 +1 @@
-20.10.0
+16.15.1

.prettierrc

@@ -1,6 +0,0 @@
-{
-  "singleQuote": true,
-  "trailingComma": "all",
-  "printWidth": 120,
-  "semi": false
-}

.vscode/settings.json

@@ -6,6 +6,5 @@
   "eslint.nodePath": ".yarn/sdks",
   "prettier.prettierPath": ".yarn/sdks/prettier/index.js",
   "typescript.tsdk": ".yarn/sdks/typescript/lib",
-  "typescript.enablePromptUseWorkspaceTsdk": true,
-  "terraform.languageServer.enable": false
+  "typescript.enablePromptUseWorkspaceTsdk": true
 }