Develop

.github/workflows/ci.yml

@@ -0,0 +1,39 @@
+name: CI - Lint and Test
+
+on:
+  push:
+    branches: [develop, master]
+  pull_request:
+
+concurrency:
+  group: ci-${{ github.ref }}
+  cancel-in-progress: true
+
+env:
+  NODE_VERSION: "18"
+
+jobs:
+  lint-and-test:
+    name: Lint & Test
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: ${{ env.NODE_VERSION }}
+          cache: "npm"
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Type check
+        run: npm run type-check --if-present
+
+      - name: Lint
+        run: npm run lint
+
+      - name: Unit tests
+        run: npm test -- --ci

.github/workflows/deploy-dev.yml

@@ -0,0 +1,111 @@
+name: Deploy to Dev Environment
+
+on:
+  push:
+    branches: [develop]
+
+concurrency:
+  group: deploy-dev-${{ github.ref }}
+  cancel-in-progress: true
+
+env:
+  NODE_VERSION: "18"
+  BUILD_DIR: "out"
+
+jobs:
+  wait-for-ci:
+    name: Wait for CI
+    runs-on: ubuntu-latest
+    steps:
+      - name: Wait for CI workflow
+        uses: lewagon/wait-on-check-action@v1.3.4
+        with:
+          ref: ${{ github.ref }}
+          check-name: 'Lint & Test'
+          repo-token: ${{ secrets.GITHUB_TOKEN }}
+
+  build-dev:
+    name: Build (Dev)
+    runs-on: ubuntu-latest
+    needs: wait-for-ci
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: ${{ env.NODE_VERSION }}
+          cache: "npm"
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Build static site
+        run: |
+          npm run build
+          npm run postexport
+        env:
+          # Build-time envs used in next.config.js
+          NET: 'sepolia'
+          INFURA_API_KEY: ${{ secrets.DEV_INFURA_API_KEY }}
+          ALCHEMY_API_KEY: ${{ secrets.DEV_ALCHEMY_API_KEY }}
+          GA4_TAG_ID: ${{ secrets.GA4_TAG_ID }}
+          TRUSTED_TLDS: ${{ secrets.TRUSTED_TLDS }}
+
+      - name: Upload build artifact (Dev)
+        uses: actions/upload-artifact@v4
+        with:
+          name: static-site-dev
+          path: ${{ env.BUILD_DIR }}
+
+  deploy-dev:
+    name: Deploy to S3 (Dev) 
+    needs: build-dev
+    runs-on: ubuntu-latest
+    steps:
+      - name: Download build artifact
+        uses: actions/download-artifact@v4
+        with:
+          name: static-site-dev
+          path: ${{ env.BUILD_DIR }}
+
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-access-key-id: ${{ secrets.DEV_AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.DEV_AWS_SECRET_ACCESS_KEY }}
+          aws-region: ${{ secrets.AWS_REGION }}
+
+      - name: Select target bucket
+        id: bucket
+        run: |
+            echo "bucket=${S3_BUCKET_DEV}" >> $GITHUB_OUTPUT
+        env:
+          S3_BUCKET_DEV: ${{ secrets.S3_BUCKET_DEV }}
+
+      - name: Sync static assets with long cache
+        run: |
+          aws s3 sync $BUILD_DIR s3://${{ steps.bucket.outputs.bucket }} \
+            --delete \
+            --exclude "*" \
+            --include "_next/*" \
+            --include "static/*" \
+            --cache-control "public, max-age=31536000, immutable"
+
+      - name: Sync HTML and other assets with no-cache
+        run: |
+          aws s3 sync $BUILD_DIR s3://${{ steps.bucket.outputs.bucket }} \
+            --delete \
+            --exclude "_next/*" \
+            --exclude "static/*" \
+            --cache-control "no-cache, no-store, must-revalidate"
+
+      - name: Invalidate CloudFront
+        env:
+          CLOUDFRONT_DISTRIBUTION_ID_DEV: ${{ secrets.CLOUDFRONT_DISTRIBUTION_ID_DEV }}
+        if: ${{ env.CLOUDFRONT_DISTRIBUTION_ID_DEV != '' }}
+        run: |
+          aws cloudfront create-invalidation \
+            --distribution-id ${{ secrets.CLOUDFRONT_DISTRIBUTION_ID_DEV }} \
+            --paths "/*"

.github/workflows/deploy-prod.yml

@@ -0,0 +1,110 @@
+name: Deploy to Production Environment
+
+on:
+  workflow_dispatch:
+
+concurrency:
+  group: deploy-prod-${{ github.ref }}
+  cancel-in-progress: true
+
+env:
+  NODE_VERSION: "18"
+  BUILD_DIR: "out"
+
+jobs:
+  wait-for-ci:
+    name: Wait for CI
+    runs-on: ubuntu-latest
+    steps:
+      - name: Wait for CI workflow
+        uses: lewagon/wait-on-check-action@v1.3.4
+        with:
+          ref: ${{ github.ref }}
+          check-name: 'Lint & Test'
+          repo-token: ${{ secrets.GITHUB_TOKEN }}
+
+  build-prod:
+    name: Build (Prod)
+    runs-on: ubuntu-latest
+    needs: wait-for-ci
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: ${{ env.NODE_VERSION }}
+          cache: "npm"
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Build static site
+        run: |
+          npm run build
+          npm run postexport
+        env:
+          # Build-time envs used in next.config.js
+          NET: 'mainnet'
+          INFURA_API_KEY: ${{ secrets.INFURA_API_KEY }}
+          ALCHEMY_API_KEY: ${{ secrets.ALCHEMY_API_KEY }}
+          GA4_TAG_ID: ${{ secrets.GA4_TAG_ID }}
+          TRUSTED_TLDS: ${{ secrets.TRUSTED_TLDS }}
+
+      - name: Upload build artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: static-site-prod
+          path: ${{ env.BUILD_DIR }}
+
+  deploy-prod:
+    name: Deploy to S3 (Prod)
+    needs: build-prod
+    runs-on: ubuntu-latest
+    steps:
+      - name: Download build artifact
+        uses: actions/download-artifact@v4
+        with:
+          name: static-site-prod
+          path: ${{ env.BUILD_DIR }}
+
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: ${{ secrets.AWS_REGION }}
+
+      - name: Select target bucket
+        id: bucket
+        run: |
+            echo "bucket=${S3_BUCKET_PROD}" >> $GITHUB_OUTPUT
+        env:
+          S3_BUCKET_PROD: ${{ secrets.S3_BUCKET_PROD }}
+
+      - name: Sync static assets with long cache
+        run: |
+          aws s3 sync $BUILD_DIR s3://${{ steps.bucket.outputs.bucket }} \
+            --delete \
+            --exclude "*" \
+            --include "_next/*" \
+            --include "static/*" \
+            --cache-control "public, max-age=31536000, immutable"
+
+      - name: Sync HTML and other assets with no-cache
+        run: |
+          aws s3 sync $BUILD_DIR s3://${{ steps.bucket.outputs.bucket }} \
+            --delete \
+            --exclude "_next/*" \
+            --exclude "static/*" \
+            --cache-control "no-cache, no-store, must-revalidate"
+
+      - name: Invalidate CloudFront
+        env:
+          CLOUDFRONT_DISTRIBUTION_ID_PROD: ${{ secrets.CLOUDFRONT_DISTRIBUTION_ID_PROD }}
+        if: ${{ env.CLOUDFRONT_DISTRIBUTION_ID_PROD != '' }}
+        run: |
+          aws cloudfront create-invalidation \
+            --distribution-id ${{ secrets.CLOUDFRONT_DISTRIBUTION_ID_PROD }} \
+            --paths "/*"

.nvmrc

@@ -1 +1 @@
-v18.20.3
+v18

README.md

@@ -1,15 +1,12 @@
 # Certificate Web UI
 
-[![CircleCI](https://circleci.com/gh/OpenCerts/opencerts-website.svg?style=svg)](https://circleci.com/gh/OpenCerts/opencerts-website)
+[![CI](https://github.com/OpenCerts/opencerts-website/actions/workflows/ci.yml/badge.svg)](https://github.com/OpenCerts/opencerts-website/actions/workflows/ci.yml)
+[![Deploy Dev](https://github.com/OpenCerts/opencerts-website/actions/workflows/deploy-dev.yml/badge.svg)](https://github.com/OpenCerts/opencerts-website/actions/workflows/deploy-dev.yml) 
+[![Deploy Prod](https://github.com/OpenCerts/opencerts-website/actions/workflows/deploy-prod.yml/badge.svg)](https://github.com/OpenCerts/opencerts-website/actions/workflows/deploy-prod.yml)
 
 ## Notice
 
-#### 🚧 Scheduled Maintenance Notice 🚧
-
-OpenCerts services will be undergoing scheduled maintenance from **30 September to 1 October**.  
-During this period, the platform may be unavailable or experience interruptions.
-
-We appreciate your patience and understanding as we work to improve our services.
+From 1 Oct 2025, the Infocomm Media Development Authority (IMDA) will take over the maintenance of OpenCerts. For enquiries, reach out to https://trustvc.io
 
 ---
 
@@ -104,3 +101,9 @@ Try running `npm rebuild`
 ### Integration tests
 
 To run integration tests locally, make sure you run `npm run build` once to build the static site first. The e2e tests will then spin up a server based on the `out` folder in project root.
+
+### Deployment
+
+develop branch is deployed to https://dev.opencerts.io -> for development and testing purposes only.
+
+master branch is deployed to https://opencerts.io -> for production use.

next.config.js

@@ -22,7 +22,6 @@ const nextConfig = {
     ALCHEMY_API_KEY: process.env.ALCHEMY_API_KEY, // The default/free key should not be used in production as they are rate-limited by the service provider
     TRUSTED_TLDS: process.env.TRUSTED_TLDS || "gov.sg,edu.sg",
     GA4_TAG_ID: process.env.GA4_TAG_ID || "G-JP12T2F01V",
-    WOGAA_ENV: process.env.WOGAA_ENV || "production",
   },
   // Variables passed to both server and client
   publicRuntimeConfig: {