Skip to content

Commit

Permalink
Initial commit
Browse files Browse the repository at this point in the history
  • Loading branch information
@delamain-network
delamain-network[bot] authored Mar 27, 2024
0 parents commit cee61e3
Show file tree
Hide file tree
Showing 28 changed files with 1,184 additions and 0 deletions.
34 changes: 34 additions & 0 deletions .container/Dockerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
FROM mcr.microsoft.com/dotnet/sdk:6.0 AS build-env
ARG NUGET_TOKEN
ARG PROJECT_NAME

WORKDIR /app

# Copy csproj and restore as distinct layers
COPY src/*.csproj ./
RUN dotnet nuget add source --username USERNAME --password $NUGET_TOKEN --store-password-in-clear-text --name github "https://nuget.pkg.github.com/SneaksAndData/index.json"
RUN dotnet restore

# Copy everything else and build
COPY src/. ./
RUN dotnet publish "$PROJECT_NAME.csproj" -c Release -o out

# Build runtime image
FROM mcr.microsoft.com/dotnet/aspnet:6.0-bullseye-slim
ARG TRACER_VERSION="2.32.0"
ARG PROJECT_NAME
ENV PROJECT_ASSEMBLY=$PROJECT_NAME

RUN apt-get update -y && apt-get install -y curl jq

# Download and install the Datadog Tracer
RUN mkdir -p /opt/datadog \
&& mkdir -p /var/log/datadog \
&& curl -LO https://github.com/DataDog/dd-trace-dotnet/releases/download/v${TRACER_VERSION}/datadog-dotnet-apm_${TRACER_VERSION}_amd64.deb \
&& dpkg -i ./datadog-dotnet-apm_${TRACER_VERSION}_amd64.deb \
&& rm ./datadog-dotnet-apm_${TRACER_VERSION}_amd64.deb


WORKDIR /app
COPY --from=build-env /app/out .
ENTRYPOINT "dotnet" "$PROJECT_ASSEMBLY.dll"
7 changes: 7 additions & 0 deletions .github/CODEOWNERS
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
# This is a comment.
# Each line is a file pattern followed by one or more owners.

# These owners will be the default owners for everything in
# the repo. Unless a later match takes precedence, these people will be requests a review
# review when someone opens a pull request.
* @SneaksAndData/platform-engineering
24 changes: 24 additions & 0 deletions .github/ISSUE_TEMPLATE/bug_report.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
---
name: Bug report
about: Create a report to help us improve
title: "[BUG]"
labels: code/bug
assignees: ''

---

**Describe the bug**
A clear and concise description of what the bug is.

**To Reproduce**
Steps to reproduce the behavior:
1. Go to '...'
2. Click on '....'
3. Scroll down to '....'
4. See error

**Expected behavior**
A clear and concise description of what you expected to happen.

**Additional context**
Add any other context about the problem here.
20 changes: 20 additions & 0 deletions .github/ISSUE_TEMPLATE/feature_request.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
---
name: Feature request
about: Suggest an idea for this project
title: "[FEATURE]"
labels: code/new-feature
assignees: ''

---

**Is your feature request related to a problem? Please describe.**
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]

**Describe the solution you'd like**
A clear and concise description of what you want to happen.

**Describe alternatives you've considered**
A clear and concise description of any alternative solutions or features you've considered.

**Additional context**
Add any other context or screenshots about the feature request here.
12 changes: 12 additions & 0 deletions .github/dependabot.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
version: 2
updates:
- package-ecosystem: "nuget"
directory: "src/"
schedule:
interval: "weekly"
- package-ecosystem: "github-actions"
directory: "/"
schedule:
# Check for updates to GitHub Actions every week
interval: "weekly"
day: "monday"
18 changes: 18 additions & 0 deletions .github/pull_request_template.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
Fixes/Implements #<issue number>.

## Scope

Implemented:
- Awesome new feature
- And another awesome new feature

Additional changes:
- Refactored `AwesomeClass`
- Removed deprecated `AnotherClass` and `get_awesomeness` from `AwesomeClass`

## Checklist

- [ ] GitHub issue exists for this change.
- [ ] Unit tests added and they pass.
- [ ] Line Coverage is at least 80%.
- [ ] Review requested on `latest` commit.
137 changes: 137 additions & 0 deletions .github/workflows/build.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,137 @@
name: Run tests with coverage

on:
push:
branches: [ main ]
pull_request:
branches: [ main ]

# ! Replace DotnetProject and dotnet-project with project name in real repository
env:
PROJECT_NAME: DotnetProject
PROJECT_NAME_LOWER: dotnet-project

jobs:
validate_commit:
name: Validate commit
runs-on: ubuntu-latest
if: ${{ github.ref != 'refs/heads/main' }}
permissions:
id-token: write # required for dependabot PRs
pull-requests: write # required for dependabot PRs
contents: read # required for dependabot PRs
steps:
- uses: actions/checkout@v4
- name: Setup .NET
uses: actions/[email protected]
with:
dotnet-version: 6.0.x
- name: Restore dependencies
env:
NUGET_TOKEN: ${{ secrets.NUGET_TOKEN }}
run: |
set -e
dotnet nuget add source --username USERNAME --password $NUGET_TOKEN --store-password-in-clear-text --name github "https://nuget.pkg.github.com/SneaksAndData/index.json"
dotnet clean && dotnet nuget locals all --clear
dotnet restore
- name: Build
run: dotnet build --no-restore
- name: Test
working-directory: ./test
run: |
dotnet add package coverlet.msbuild &&
dotnet test ${PROJECT_NAME}Tests.csproj --configuration Debug --runtime linux-x64 /p:CollectCoverage=true /p:CoverletOutput=Coverage/ /p:CoverletOutputFormat=lcov --logger GitHubActions
- name: Publish Code Coverage
if: ${{ github.event_name == 'pull_request' && always() }}
uses: romeovs/[email protected]
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
lcov-file: ./test/Coverage/coverage.info

build_image_and_chart:
name: Build Docker Image and Helm Charts
runs-on: ubuntu-latest
needs: [ validate_commit ]
# Remove the line below and uncomment the next one
if: ${{ false }}
# if: ${{ always() && (needs.validate_commit.result == 'success' || needs.validate_commit.result == 'skipped') }}
permissions:
contents: read
id-token: write
steps:
- uses: actions/checkout@v4
name: Checkout head commit
if: ${{ github.ref != 'refs/heads/main' && always() }}
with:
fetch-depth: 0
ref: ${{ github.event.pull_request.head.sha }}
- uses: actions/checkout@v4
name: Checkout main
if: ${{ github.ref == 'refs/heads/main' && always() }}
with:
fetch-depth: 0
- name: Import Secrets (DEV)
uses: hashicorp/[email protected]
with:
url: https://hashicorp-vault.production.sneaksanddata.com/
role: github
method: jwt
secrets: |
/secret/data/applications/${{ env.PROJECT_NAME_LOWER }}/test/build acr_user ;
/secret/data/applications/${{ env.PROJECT_NAME_LOWER }}/test/build acr_name ;
/secret/data/applications/${{ env.PROJECT_NAME_LOWER }}/test/build acr_token ;
id: vault_secrets_dev
- name: Build and Push Image (DEV)
env:
AZCR_USER: ${{steps.vault_secrets_dev.outputs.acr_user}}
AZCR_TOKEN: ${{steps.vault_secrets_dev.outputs.acr_token}}
AZCR_REPO: ${{steps.vault_secrets_dev.outputs.acr_name}}
NUGET_TOKEN: ${{ secrets.NUGET_TOKEN }}
run: |
set -e
echo "$AZCR_TOKEN" | docker login $AZCR_REPO.azurecr.io --username $AZCR_USER --password-stdin
version=$(git describe --tags --abbrev=7)
docker build -f .container/Dockerfile . \
--tag=$AZCR_REPO.azurecr.io/$PROJECT_NAME_LOWER:$version \
--build-arg NUGET_TOKEN=$NUGET_TOKEN \
--build-arg PROJECT_NAME=$PROJECT_NAME && \
docker push $AZCR_REPO.azurecr.io/$PROJECT_NAME_LOWER:$version
- name: Build and Push Chart (DEV)
uses: SneaksAndData/github-actions/[email protected]
with:
application: ${{ env.PROJECT_NAME_LOWER }}
container_registry_user: ${{steps.vault_secrets_dev.outputs.acr_user}}
container_registry_token: ${{steps.vault_secrets_dev.outputs.acr_token}}
container_registry_address: ${{steps.vault_secrets_dev.outputs.acr_name}}.azurecr.io
- name: Import Secrets (PROD)
uses: hashicorp/[email protected]
if: ${{ github.ref == 'refs/heads/main' }}
with:
url: https://hashicorp-vault.production.sneaksanddata.com/
role: github
method: jwt
secrets: |
/secret/data/applications/${{ env.PROJECT_NAME_LOWER }}/production/build acr_user ;
/secret/data/applications/${{ env.PROJECT_NAME_LOWER }}/production/build acr_name ;
/secret/data/applications/${{ env.PROJECT_NAME_LOWER }}/production/build acr_token ;
id: vault_secrets_production
- name: Push Image (PROD)
if: ${{ github.ref == 'refs/heads/main' }}
env:
AZCR_USER: ${{steps.vault_secrets_production.outputs.acr_user}}
AZCR_TOKEN: ${{steps.vault_secrets_production.outputs.acr_token}}
AZCR_REPO: ${{steps.vault_secrets_production.outputs.acr_name}}
AZCR_DEV_REPO: ${{steps.vault_secrets_dev.outputs.acr_name}}
run: |
set -e
echo "$AZCR_TOKEN" | docker login $AZCR_REPO.azurecr.io --username $AZCR_USER --password-stdin
version=$(git describe --tags --abbrev=7)
docker tag $AZCR_DEV_REPO.azurecr.io/$PROJECT_NAME_LOWER:$version $AZCR_REPO.azurecr.io/$PROJECT_NAME_LOWER:$version && docker push $AZCR_REPO.azurecr.io/$PROJECT_NAME_LOWER:$version
- name: Build and Push Chart (PROD)
if: ${{ github.ref == 'refs/heads/main' }}
uses: SneaksAndData/github-actions/[email protected]
with:
application: ${{ env.PROJECT_NAME_LOWER }}
container_registry_user: ${{steps.vault_secrets_production.outputs.acr_user}}
container_registry_token: ${{steps.vault_secrets_production.outputs.acr_token}}
container_registry_address: ${{steps.vault_secrets_production.outputs.acr_name}}.azurecr.io
82 changes: 82 additions & 0 deletions .github/workflows/deploy.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,82 @@
name: Deploy to AKS
run-name: Deploy ${{github.ref_name}} to ${{ inputs.environment }} by @${{ github.actor }}

permissions:
pull-requests: write
contents: read

on:
workflow_dispatch:
inputs:
environment:
description: Deployment target
required: true
type: environment
default: test
# ! Replace DotnetProject and dotnet-project with project name in real repository
env:
PROJECT_NAME: DotnetProject
PROJECT_NAME_LOWER: dotnet-project

jobs:
deploy:
name: Deploy
runs-on: ubuntu-latest
environment: ${{ github.event.inputs.environment }}
permissions:
contents: read
id-token: write
# Remove the line below and uncomment the next one
if: ${{ false }}
steps:
- uses: actions/checkout@v4
if: ${{ github.ref != 'refs/heads/main' && !startsWith(github.ref, 'refs/tags') && always() }}
with:
fetch-depth: 0
ref: ${{ github.event.pull_request.head.sha }}
- uses: actions/checkout@v4
if: ${{ (github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags')) && always() }}
with:
fetch-depth: 0
- uses: azure/setup-helm@v3
with:
version: '3.9.2'
id: install_helm
- name: Import Secrets
uses: hashicorp/[email protected]
with:
url: https://hashicorp-vault.production.sneaksanddata.com/
role: github
method: jwt
secrets: |
/secret/data/applications/${{ env.PROJECT_NAME_LOWER }}/${{github.event.inputs.environment}}/build acr_user ;
/secret/data/applications/${{ env.PROJECT_NAME_LOWER }}/${{github.event.inputs.environment}}/build acr_name ;
/secret/data/applications/${{ env.PROJECT_NAME_LOWER }}/${{github.event.inputs.environment}}/build aks_name ;
/secret/data/applications/${{ env.PROJECT_NAME_LOWER }}/${{github.event.inputs.environment}}/build cluster_sp_client_id ;
/secret/data/applications/${{ env.PROJECT_NAME_LOWER }}/${{github.event.inputs.environment}}/build cluster_sp_client_password ;
/secret/data/applications/${{ env.PROJECT_NAME_LOWER }}/${{github.event.inputs.environment}}/build acr_token ;
- name: Deployment
working-directory: .helm
env:
DEPLOY_ENVIRONMENT: ${{ github.event.inputs.environment }}
run: |
set -e
echo 'Getting cluster credentials'
az login --service-principal --username $CLUSTER_SP_CLIENT_ID --password $CLUSTER_SP_CLIENT_PASSWORD --tenant 06152121-b4c5-4544-abf5-9268e75db448
az aks get-credentials --name $AKS_NAME --resource-group $AKS_NAME
chart_version=$(git describe --tags --abbrev=7)
echo 'Logging to ACR'
helm registry login $ACR_NAME.azurecr.io --username $ACR_NAME --password $ACR_TOKEN
echo 'Installing chart'
helm pull oci://$ACR_NAME.azurecr.io/helm/$PROJECT_NAME_LOWER --version $chart_version
mkdir -p ./$PROJECT_NAME_LOWER
tar xzf "$PROJECT_NAME_LOWER-${chart_version}.tgz" -C ./$PROJECT_NAME_LOWER
helm upgrade --install $PROJECT_NAME_LOWER -n $PROJECT_NAME_LOWER --values ./values.yaml \
--set environment=${DEPLOY_ENVIRONMENT^} \
--set image.repository=$ACR_NAME.azurecr.io/$PROJECT_NAME_LOWER \
--set image.tag=$chart_version \
--set secretStorage.deploymentClusterName=$AKS_NAME \
./$PROJECT_NAME_LOWER/$PROJECT_NAME_LOWER
21 changes: 21 additions & 0 deletions .github/workflows/release.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
name: Release a new version

on: workflow_dispatch

jobs:
create_release:
name: Create Release
runs-on: ubuntu-latest
# Remove the line below and uncomment the next one
if: ${{ false }}
#if: ${{ github.ref == 'refs/heads/main' }}

steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Create Release
uses: SneaksAndData/github-actions/[email protected]
with:
major_v: 0
minor_v: 0
Loading

0 comments on commit cee61e3

Please sign in to comment.