merge dev to master

.github/renovate.json

@@ -1,4 +1,5 @@
 {
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
   "dependencyDashboardAutoclose": true,
   "extends": [
     ":dependencyDashboard",
@@ -17,14 +18,30 @@
   "constraints": {
     "pnpm": "10"
   },
-  "baseBranches": [
+  "baseBranchPatterns": [
     "dev"
   ],
+  "minimumReleaseAge": "2 days",
   "packageRules": [
     {
-      "matchPackageNames": [
-        "!nextjs-routes"
-      ]
+      "description": "Allow latest squonk packages by ignoring minimum release age",
+      "matchPackageNames": ["@squonk/**"],
+      "minimumReleaseAge": null
+    },
+    {
+      "description": "Group Bufbuild packages together",
+      "matchPackageNames": ["@bufbuild/**"],
+      "groupName": "Bufbuild monorepo"
+    },
+    {
+      "description": "Group Ketcher packages together",
+      "matchPackageNames": ["ketcher-*"],
+      "groupName": "Ketcher monorepo"
+    },
+    {
+      "description": "Keep NodeJS at LTS",
+      "matchPackageNames": ["node", "@types/node"],
+      "versioning": "node,"
     }
   ]
 }

.github/workflows/lint.yaml

@@ -34,7 +34,7 @@ jobs:
     - name: Setup Node
       uses: actions/setup-node@v4
       with:
-        node-version: 22
+        node-version: 22.21.1
         cache: 'pnpm'
     - name: Install dependencies
       run: pnpm install
@@ -53,7 +53,7 @@ jobs:
     - name: Setup Node
       uses: actions/setup-node@v4
       with:
-        node-version: 22
+        node-version: 22.21.1
         cache: 'pnpm'
     - name: Install dependencies
       run: pnpm install --frozen-lockfile

.github/workflows/nextjs_bundle_analysis.yaml

@@ -25,7 +25,7 @@ jobs:
     - name: Setup Node
       uses: actions/setup-node@v4
       with:
-        node-version: 22
+        node-version: 22.21.1
         cache: 'pnpm'
     - name: Install dependencies
       run: pnpm install

.github/workflows/release.yml

@@ -10,11 +10,20 @@ permissions:
   contents: write
   issues: write
   pull-requests: write
+  id-token: write
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
 
 jobs:
   release:
     runs-on: ubuntu-latest
     environment: semantic-release
+    outputs:
+      new_release_published: ${{ steps.semantic.outputs.new_release_published }}
+      new_release_version: ${{ steps.semantic.outputs.new_release_version }}
+      release_sha: ${{ steps.release-sha.outputs.sha }}
     steps:
       - name: Checkout
         uses: actions/checkout@v4
@@ -30,9 +39,12 @@ jobs:
       - name: Setup Node.js
         uses: actions/setup-node@v4
         with:
-          node-version: 22
+          node-version: 22.21.1
           cache: pnpm
 
+      - name: Upgrade npm to latest
+        run: npm install -g npm@latest
+
       - name: Install dependencies
         run: pnpm install --frozen-lockfile
 
@@ -49,57 +61,79 @@ jobs:
           GITHUB_TOKEN: ${{ steps.app-token.outputs.token }}
           SEMANTIC_RELEASE_DEBUG: true
 
+      - name: Capture release SHA
+        id: release-sha
+        run: echo "sha=$(git rev-parse HEAD)" >> "$GITHUB_OUTPUT"
+
+  build-image:
+    needs: release
+    if: needs.release.outputs.new_release_published == 'true'
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          fetch-tags: true
+          ref: ${{ needs.release.outputs.release_sha }}
+
       - name: Login to DockerHub
-        # Only login if we are actually going to build (a release happened)
-        if: steps.semantic.outputs.new_release_published == 'true'
         uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
       - name: Docker Metadata
         id: meta
-        if: steps.semantic.outputs.new_release_published == 'true'
         uses: docker/metadata-action@v5
         with:
           images: informaticsmatters/squonk2-data-manager-ui
           tags: |
-            type=raw,value=${{ steps.semantic.outputs.new_release_version }}
-            type=raw,value=stable,enable=${{ !contains(steps.semantic.outputs.new_release_version, '-dev.') }}
-            type=raw,value=latest,enable=${{ !contains(steps.semantic.outputs.new_release_version, '-dev.') }}
+            type=raw,value=${{ needs.release.outputs.new_release_version }}
+            type=raw,value=stable,enable=${{ !contains(needs.release.outputs.new_release_version, '-dev.') }}
+            type=raw,value=latest,enable=${{ !contains(needs.release.outputs.new_release_version, '-dev.') }}
 
       - name: Build and push image
-        if: steps.semantic.outputs.new_release_published == 'true'
         uses: docker/build-push-action@v6
         with:
+          context: .
+          file: ./Dockerfile
           push: true
           build-args: |
-            GIT_SHA=${{ github.sha }}
+            GIT_SHA=${{ needs.release.outputs.release_sha }}
             SKIP_CHECKS=1
             BASE_PATH=/data-manager-ui
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
 
+  trigger-awx-test:
+    needs: [release, build-image]
+    if: needs.release.outputs.new_release_published == 'true' && contains(needs.release.outputs.new_release_version, '-dev.')
+    runs-on: ubuntu-latest
+    environment: awx/dls-test
+    steps:
       - name: Trigger AWX test
-        # Run only if released AND it is a dev version
-        if: ${{ steps.semantic.outputs.new_release_published == 'true' && contains(steps.semantic.outputs.new_release_version, '-dev.') }}
         uses: informaticsmatters/trigger-awx-action@v2
         with:
           template: Squonk/2 Data Manager UI -test-
           template-host: ${{ secrets.AWX_HOST }}
           template-user: ${{ secrets.AWX_USER }}
           template-user-password: ${{ secrets.AWX_USER_PASSWORD }}
           template-var: maui_image_tag
-          template-var-value: ${{ steps.semantic.outputs.new_release_version }}
+          template-var-value: ${{ needs.release.outputs.new_release_version }}
 
+  trigger-awx-production:
+    needs: [release, build-image]
+    if: needs.release.outputs.new_release_published == 'true' && !contains(needs.release.outputs.new_release_version, '-dev.')
+    runs-on: ubuntu-latest
+    environment: awx/im-main
+    steps:
       - name: Trigger AWX production
-        # Run only if released AND it is NOT a dev version
-        if: ${{ steps.semantic.outputs.new_release_published == 'true' && !contains(steps.semantic.outputs.new_release_version, '-dev.') }}
         uses: informaticsmatters/trigger-awx-action@v1
         with:
           template: Data Manager UI -production-
           template-host: ${{ secrets.AWX_HOST }}
           template-user: ${{ secrets.AWX_USER }}
           template-user-password: ${{ secrets.AWX_USER_PASSWORD }}
           template-var: maui_image_tag
-          template-var-value: ${{ steps.semantic.outputs.new_release_version }}
+          template-var-value: ${{ needs.release.outputs.new_release_version }}

.github/workflows/test.yaml

@@ -39,7 +39,7 @@ jobs:
         curl -f -X 'GET' \
           'https://account-server-test.xchem-dev.diamond.ac.uk/account-server-api/version' \
           -H 'accept: application/json'
-  test-base-path:
+  test:
     needs: check-api # tests are skipped if APIs are down to avoid false negatives
     # Setup
     runs-on: ubuntu-latest
@@ -54,7 +54,7 @@ jobs:
     - name: Setup Node
       uses: actions/setup-node@v4
       with:
-        node-version: 22
+        node-version: 22.21.1
         cache: 'pnpm'
     - name: Install dependencies
       run: pnpm install
@@ -80,15 +80,6 @@ jobs:
     # Ok for tests/dev but we don't do this on prod. This is to prevent some flakely tests from causing problems
     - name: Disable strict SSL
       run: npm config set strict-ssl=false
-    # Manually add a "test concurrency"
-    # This ensures only one test job runs at a time (across all workflows)
-    # If this workflow is billed by the elapsed time, this will add a lot to this cost
-    - name: Turnstyle
-      uses: softprops/turnstyle@v2
-      with:
-        abort-after-seconds: 600
-      env:
-        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
     - name: Test with base path
       env:
         AUTH0_CLIENT_ID: "${{ secrets.AUTH0_CLIENT_ID }}"
@@ -107,80 +98,9 @@ jobs:
         PW_PASSWORD: "${{ secrets.DMIT_USER_A_PASSWORD }}"
         TEST_PORT: 3000
       run: pnpm test:ci
-    - name: Upload results for bath path
-      if: always()
-      uses: actions/upload-artifact@v4
-      with:
-        name: Base Path Results
-        path: test-results
-  test-no-base-path:
-    needs: check-api # tests are skipped if APIs are down to avoid false negatives
-    # Setup
-    runs-on: ubuntu-latest
-    environment: data-manager-ui/test
-    steps:
-    - name: Checkout
-      uses: actions/checkout@v4
-    - uses: pnpm/action-setup@v4.1.0
-      with:
-        version: 10.24.0
-        run_install: false
-    - name: Setup Node
-      uses: actions/setup-node@v4
-      with:
-        node-version: 22
-        cache: 'pnpm'
-    - name: Install dependencies
-      run: pnpm install
-    - run: node -v
-    - name: Setup Playwright
-      run: pnpm exec playwright install --with-deps
-    - name: Load cached build for speed
-      uses: actions/cache@v4
-      with:
-        path: |
-          ${{ github.workspace }}/.next/cache
-        # Generate a new cache whenever packages or source files change.
-        key: ${{ runner.os }}-nextjs-${{ hashFiles('**/pnpm-lock.yaml') }}-${{
-          hashFiles('**.[jt]s', '**.[jt]sx') }}
-        # If source files changed but packages didn't, rebuild from a prior cache.
-        restore-keys: |
-          ${{ runner.os }}-nextjs-${{ hashFiles('**/pnpm-lock.yaml') }}-
-    # Test withOUT base path set
-    - name: Build without base path
-      run: pnpm build
-      env:
-        BASE_PATH: ""
-    # Ok for tests/dev but we don't do this on prod. This is to prevent some flakely tests from causing problems
-    - name: Disable strict SSL
-      run: npm config set strict-ssl=false
-    - name: Turnstyle
-      uses: softprops/turnstyle@v2
-      with:
-        abort-after-seconds: 600
-      env:
-        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-    - name: Test without base path
-      env:
-        AUTH0_CLIENT_ID: "${{ secrets.AUTH0_CLIENT_ID }}"
-        AUTH0_CLIENT_SECRET: "${{ secrets.AUTH0_CLIENT_SECRET }}"
-        DMIT_USER_A_PASSWORD: "${{ secrets.DMIT_USER_A_PASSWORD }}"
-        AUTH0_SECRET: "LONG_RANDOM_VALUE"
-        BASE_URL: "http://localhost:3000"
-        DONT_USE_STANDALONE_OUTPUT: true
-        DANGEROUS__DISABLE_SSL_CERT_CHECK_IN_API_PROXY: 1
-        BASE_PATH: ""
-        DATA_MANAGER_API_SERVER: "https://data-manager-test.xchem-dev.diamond.ac.uk/data-manager-api"
-        ACCOUNT_SERVER_API_SERVER: "https://account-server-test.xchem-dev.diamond.ac.uk\
-          /account-server-api"
-        KEYCLOAK_URL: "https://keycloak-test.xchem-dev.diamond.ac.uk/auth/realms/squonk"
-        PW_USERNAME: "dmit-user-a"
-        PW_PASSWORD: "${{ secrets.DMIT_USER_A_PASSWORD }}"
-        TEST_PORT: 3000
-      run: pnpm test:ci
-    - name: Upload results for no bath path
+    - name: Upload test results
       if: always()
       uses: actions/upload-artifact@v4
       with:
-        name: No Base Path Results
+        name: Test Results
         path: test-results

.vscode/mcp.json

@@ -0,0 +1,12 @@
+{
+  "servers": {
+    "mui-mcp": {
+      "type": "stdio",
+      "command": "npx",
+      "args": [
+        "-y",
+        "@mui/mcp@latest"
+      ]
+    }
+  }
+}