Add required project files and GitHub pipelines (#6)

* Add required project files and GitHub pipelines

* Also fix dockerfile

* Fix project name

* Fix helm chart name

.container/Dockerfile

@@ -1,34 +1,47 @@
-FROM mcr.microsoft.com/dotnet/sdk:6.0 AS build-env
-ARG NUGET_TOKEN
-ARG PROJECT_NAME
+# The `platform` argument here is required, since dotnet-sdk crashes with segmentation fault 
+# in case of arm64 builds, see https://github.com/dotnet/dotnet-docker/issues/4225 for details
+FROM --platform=$BUILDPLATFORM mcr.microsoft.com/dotnet/sdk:8.0 AS build-env
+
+ARG INSTALL_DD_TRACER="true"
+ARG TRACER_VERSION="2.49.0"
+ARG TARGETARCH
 
 WORKDIR /app
 
 # Copy csproj and restore as distinct layers
 COPY src/*.csproj ./
-RUN dotnet nuget add source --username USERNAME --password $NUGET_TOKEN --store-password-in-clear-text --name github "https://nuget.pkg.github.com/SneaksAndData/index.json"
-RUN dotnet restore
+RUN dotnet_arch=$(test "$TARGETARCH" = "amd64" && echo "x64" || echo "$TARGETARCH") && \
+    dotnet restore --runtime "linux-$dotnet_arch"
 
 # Copy everything else and build
 COPY src/. ./
-RUN dotnet publish "$PROJECT_NAME.csproj" -c Release -o out
+RUN dotnet_arch=$(test "$TARGETARCH" = "amd64" && echo "x64" || echo "$TARGETARCH") && \
+    dotnet publish "Arcane.Stream.SqlServer.csproj" -c Release -o out --runtime "linux-$dotnet_arch"
 
 # Build runtime image
-FROM mcr.microsoft.com/dotnet/aspnet:6.0-bullseye-slim
-ARG TRACER_VERSION="2.32.0"
-ARG PROJECT_NAME
-ENV PROJECT_ASSEMBLY=$PROJECT_NAME
+FROM mcr.microsoft.com/dotnet/aspnet:8.0-bookworm-slim
+
+ARG TRACER_VERSION="2.49.0"
+ARG INSTALL_DD_TRACER="true"
+ARG TARGETARCH
 
 RUN apt-get update -y && apt-get install -y curl jq
 
 # Download and install the Datadog Tracer
-RUN mkdir -p /opt/datadog \
-    && mkdir -p /var/log/datadog \
-    && curl -LO https://github.com/DataDog/dd-trace-dotnet/releases/download/v${TRACER_VERSION}/datadog-dotnet-apm_${TRACER_VERSION}_amd64.deb \
-    && dpkg -i ./datadog-dotnet-apm_${TRACER_VERSION}_amd64.deb \
-    && rm ./datadog-dotnet-apm_${TRACER_VERSION}_amd64.deb 
+RUN if [ -z "$INSTALL_DD_TRACER" ]; then \
+      echo "Datadog tracer installation skipped"; \
+    else \
+        mkdir -p /opt/datadog \
+        && echo $TARGETARCH \
+        && mkdir -p /var/log/datadog \
+        && curl -LO https://github.com/DataDog/dd-trace-dotnet/releases/download/v${TRACER_VERSION}/datadog-dotnet-apm_${TRACER_VERSION}_${TARGETARCH}.deb \
+        && dpkg -i ./datadog-dotnet-apm_${TRACER_VERSION}_${TARGETARCH}.deb \
+        && rm ./datadog-dotnet-apm_${TRACER_VERSION}_${TARGETARCH}.deb ; \
+    fi;
 
-
 WORKDIR /app
 COPY --from=build-env /app/out .
-ENTRYPOINT "dotnet" "$PROJECT_ASSEMBLY.dll"
+
+USER app
+
+ENTRYPOINT ["dotnet", "Arcane.Stream.SqlServer.dll"]

.github/workflows/build.yaml

@@ -6,10 +6,10 @@ on:
   pull_request:
     branches: [ main ]
 
-# ! Replace DotnetProject and dotnet-project with project name in real repository
 env:
-  PROJECT_NAME: DotnetProject
-  PROJECT_NAME_LOWER: dotnet-project
+  PROJECT_NAME: Arcane.Stream.SqlServer
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
 
 jobs:
   validate_commit:
@@ -23,115 +23,83 @@ jobs:
     steps:
       - uses: actions/checkout@v4
       - name: Setup .NET
-        uses: actions/[email protected].0
+        uses: actions/[email protected].1
         with:
           dotnet-version: 6.0.x
       - name: Restore dependencies
         env:
           NUGET_TOKEN: ${{ secrets.NUGET_TOKEN }}
-        run: | 
-          set -e
-          dotnet nuget add source --username USERNAME --password $NUGET_TOKEN --store-password-in-clear-text --name github "https://nuget.pkg.github.com/SneaksAndData/index.json"
-          dotnet clean && dotnet nuget locals all --clear
-          dotnet restore
+        run: dotnet restore
       - name: Build
         run: dotnet build --no-restore
       - name: Test
         working-directory: ./test
         run: |
           dotnet add package coverlet.msbuild &&
-          dotnet test ${PROJECT_NAME}Tests.csproj --configuration Debug --runtime linux-x64 /p:CollectCoverage=true /p:CoverletOutput=Coverage/ /p:CoverletOutputFormat=lcov --logger GitHubActions
+          dotnet test ${PROJECT_NAME}.Tests.csproj --configuration Debug --runtime linux-x64 /p:CollectCoverage=true /p:CoverletOutput=Coverage/ /p:CoverletOutputFormat=lcov --logger GitHubActions
       - name: Publish Code Coverage
         if: ${{ github.event_name == 'pull_request' && always() }}
-        uses: romeovs/lcov-reporter-action@v0.3.1
+        uses: romeovs/lcov-reporter-action@v0.4.0
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}
           lcov-file: ./test/Coverage/coverage.info
 
-  build_image_and_chart:
+  build_image:
     name: Build Docker Image and Helm Charts
     runs-on: ubuntu-latest
     needs: [ validate_commit ]
-    # Remove the line below and uncomment the next one
-    if: ${{ false }}
-    # if: ${{ always() && (needs.validate_commit.result == 'success' || needs.validate_commit.result == 'skipped') }}
+    if: ${{ always() && (needs.validate_commit.result == 'success' || needs.validate_commit.result == 'skipped') }}
     permissions:
       contents: read
-      id-token: write
+      packages: write
     steps:
-      - uses: actions/checkout@v4
-        name: Checkout head commit
-        if: ${{ github.ref != 'refs/heads/main' && always() }}
+      - name: Checkout repository
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
-          ref: ${{ github.event.pull_request.head.sha }}
-      - uses: actions/checkout@v4
-        name: Checkout main
-        if: ${{ github.ref == 'refs/heads/main' && always() }}
+
+      - name: Log in to the Container registry
+        uses: docker/[email protected]
         with:
-          fetch-depth: 0
-      - name: Import Secrets (DEV)
-        uses: hashicorp/[email protected]
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Get project version
+        uses: SneaksAndData/github-actions/[email protected]
+        id: version
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v5
         with:
-          url: https://hashicorp-vault.production.sneaksanddata.com/
-          role: github
-          method: jwt
-          secrets: |
-            /secret/data/applications/${{ env.PROJECT_NAME_LOWER }}/test/build acr_user  ;
-            /secret/data/applications/${{ env.PROJECT_NAME_LOWER }}/test/build acr_name  ;
-            /secret/data/applications/${{ env.PROJECT_NAME_LOWER }}/test/build acr_token ;
-        id: vault_secrets_dev
-      - name: Build and Push Image (DEV)
-        env:
-          AZCR_USER: ${{steps.vault_secrets_dev.outputs.acr_user}}
-          AZCR_TOKEN: ${{steps.vault_secrets_dev.outputs.acr_token}}
-          AZCR_REPO: ${{steps.vault_secrets_dev.outputs.acr_name}}
-          NUGET_TOKEN: ${{ secrets.NUGET_TOKEN }}
-        run: |
-          set -e
-          echo "$AZCR_TOKEN" | docker login $AZCR_REPO.azurecr.io --username $AZCR_USER --password-stdin 
-          version=$(git describe --tags --abbrev=7)
-          docker build -f .container/Dockerfile . \
-            --tag=$AZCR_REPO.azurecr.io/$PROJECT_NAME_LOWER:$version \
-            --build-arg NUGET_TOKEN=$NUGET_TOKEN \
-            --build-arg PROJECT_NAME=$PROJECT_NAME && \
-          docker push $AZCR_REPO.azurecr.io/$PROJECT_NAME_LOWER:$version
-      - name: Build and Push Chart (DEV)
-        uses: SneaksAndData/github-actions/[email protected]
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          tags: |
+            type=semver,pattern={{version}},value=${{steps.version.outputs.version}}
+          flavor:
+            latest=false
+
+      - name: Set up Docker Buildx
+        uses: docker/[email protected]
         with:
-          application: ${{ env.PROJECT_NAME_LOWER }}
-          container_registry_user: ${{steps.vault_secrets_dev.outputs.acr_user}}
-          container_registry_token: ${{steps.vault_secrets_dev.outputs.acr_token}}
-          container_registry_address: ${{steps.vault_secrets_dev.outputs.acr_name}}.azurecr.io
-      - name: Import Secrets (PROD)
-        uses: hashicorp/[email protected]
-        if: ${{ github.ref == 'refs/heads/main' }}
+          use: true
+          platforms: linux/arm64,linux/amd64
+
+      - name: Build and push Docker image
+        uses: docker/[email protected]
         with:
-          url: https://hashicorp-vault.production.sneaksanddata.com/
-          role: github
-          method: jwt
-          secrets: |
-            /secret/data/applications/${{ env.PROJECT_NAME_LOWER }}/production/build acr_user  ;
-            /secret/data/applications/${{ env.PROJECT_NAME_LOWER }}/production/build acr_name  ;
-            /secret/data/applications/${{ env.PROJECT_NAME_LOWER }}/production/build acr_token ;
-        id: vault_secrets_production
-      - name: Push Image (PROD)
-        if: ${{ github.ref == 'refs/heads/main' }}
-        env:
-          AZCR_USER: ${{steps.vault_secrets_production.outputs.acr_user}}
-          AZCR_TOKEN: ${{steps.vault_secrets_production.outputs.acr_token}}
-          AZCR_REPO: ${{steps.vault_secrets_production.outputs.acr_name}}
-          AZCR_DEV_REPO: ${{steps.vault_secrets_dev.outputs.acr_name}}
-        run: |
-          set -e
-          echo "$AZCR_TOKEN" | docker login $AZCR_REPO.azurecr.io --username $AZCR_USER --password-stdin 
-          version=$(git describe --tags --abbrev=7)
-          docker tag $AZCR_DEV_REPO.azurecr.io/$PROJECT_NAME_LOWER:$version $AZCR_REPO.azurecr.io/$PROJECT_NAME_LOWER:$version && docker push $AZCR_REPO.azurecr.io/$PROJECT_NAME_LOWER:$version
-      - name: Build and Push Chart (PROD)
-        if: ${{ github.ref == 'refs/heads/main' }}
-        uses: SneaksAndData/github-actions/[email protected]
+          context: .
+          file: .container/Dockerfile
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          platforms: linux/arm64,linux/amd64
+
+      - name: Build and Push Chart
+        uses: SneaksAndData/github-actions/[email protected]
         with:
-          application: ${{ env.PROJECT_NAME_LOWER }}
-          container_registry_user: ${{steps.vault_secrets_production.outputs.acr_user}}
-          container_registry_token: ${{steps.vault_secrets_production.outputs.acr_token}}
-          container_registry_address: ${{steps.vault_secrets_production.outputs.acr_name}}.azurecr.io
+          application: arcane-stream-sqlserver
+          app_version: ${{ steps.meta.outputs.version }}
+          container_registry_user: ${{ github.actor }}
+          container_registry_token: ${{ secrets.GITHUB_TOKEN }}
+          container_registry_address: ghcr.io/sneaksanddata/

.github/workflows/cleanup-repository.yaml

@@ -0,0 +1,35 @@
+name: Remove old artifacts
+on:
+  # schedule:
+  #   - cron: '0 12 * * *' # every day at 12:00 UTC
+  workflow_dispatch:
+
+jobs:
+  remove_old_artifacts:
+    name: Remove old artifacts
+    runs-on: ubuntu-latest
+
+    permissions: 
+      contents: read
+      packages: write
+
+    timeout-minutes: 10 # stop the task if it takes longer
+
+    steps:
+      - name: Delete old package versions of ${{ github.event.repository.name  }}
+        uses: actions/[email protected]
+        with:
+          package-name: ${{ github.event.repository.name  }}
+          package-type: container
+          token: ${{ secrets.GITHUB_TOKEN }}
+          min-versions-to-keep: 10
+          delete-only-pre-release-versions: "true"
+
+      - name: Delete old package versions of helm/${{ github.event.repository.name  }}
+        uses: actions/[email protected]
+        with:
+          package-name: helm/${{ github.event.repository.name  }}
+          package-type: container
+          token: ${{ secrets.GITHUB_TOKEN }}
+          min-versions-to-keep: 10
+          delete-only-pre-release-versions: "true"