[ASCN-400] Setup CNAB v2 for OpServer (#21)

* Setup CNAB v2

* Actually tag the correct image

* Some cleanup

* Add bash wrapper for Octopus

* Revert whitespace changes

* Include Invoke-CNAB changes

* We don't actually need this

* Rename run.ps1 to run and fix issues

* And add the wrapper script back

* Set permissions

* Remove unused file

* Move script changes to base image

* Update to latest and use the bash file

* Switch release creation to tenants

* Swtich to image on main

.github/actions/build_docker/action.yml

@@ -25,42 +25,42 @@ inputs:
     required: false
     default: ''
 
-
 runs:
   using: composite
   steps:
-    - name: Setup up Docker Buildx
-      uses: docker/setup-buildx-action@v3
-
-    - name: Docker Image Metadata
-      id: metadata
-      uses: docker/metadata-action@v5
-      with:
-        images: ${{ inputs.image_name }}
-        # https://github.com/docker/metadata-action/tree/master?tab=readme-ov-file#priority-attribute
-        # The default priority of sha is 100, and for custom/raw tags is 200. The highest the most priority.
-        # We want the sha tag to be the one used for the OCI label and the version output, so we set the priority of the custom date tag to the lowest.
-        tags: |
-          type=sha,priority=100
-          ${{ inputs.version }},priority=1
-          type=ref,event=pr
-        flavor: latest=false
+  - name: Setup up Docker Buildx
+    uses: docker/setup-buildx-action@v3
 
-    - name: Login to Docker Registry - prod
-      uses: docker/login-action@v3
-      with:
-        registry: ${{ inputs.registry_prod }}
-        username: ${{ inputs.registry_username }}
-        password: ${{ inputs.registry_password }}
+  - name: Docker Image Metadata
+    id: metadata
+    uses: docker/metadata-action@v5
+    with:
+      images: ${{ inputs.image_name }}
+      # https://github.com/docker/metadata-action/tree/master?tab=readme-ov-file#priority-attribute
+      # The default priority of sha is 100, and for custom/raw tags is 200. The highest the most priority.
+      # We want the sha tag to be the one used for the OCI label and the version output, so we set the priority of the custom date tag to the lowest.
+      tags: |
+        type=sha,priority=100
+        ${{ inputs.version }},priority=1
+        type=ref,event=pr
+      flavor: latest=false
 
-    - name: Build Image
-      uses: docker/build-push-action@v6
-      with:
-        push: true
-        context: .
-        file: ${{ inputs.dockerfile_path }}
-        tags: ${{ steps.metadata.outputs.tags }}
-        labels: ${{ steps.metadata.outputs.labels }}
-        provenance: true
-        build-args: |
-          DOTNET_VERSION=${{ env.DOTNET_VERSION }}
+  - name: Login to Docker Registry - prod
+    uses: docker/login-action@v3
+    with:
+      registry: ${{ inputs.registry_prod }}
+      username: ${{ inputs.registry_username }}
+      password: ${{ inputs.registry_password }}
+
+  - name: Build Image
+    uses: docker/build-push-action@v6
+    with:
+      push: true
+      context: .
+      file: ${{ inputs.dockerfile_path }}
+      tags: ${{ steps.metadata.outputs.tags }}
+      labels: ${{ steps.metadata.outputs.labels }}
+      provenance: true
+      build-args: |
+        DOTNET_VERSION=${{ env.DOTNET_VERSION }}
+        BUNDLE_VERSION=${{ inputs.version }}

.github/workflows/workflow_build_and_release_containers.yaml

@@ -60,23 +60,25 @@ jobs:
           else
             echo "SHOULD_CREATE_RELEASE=false" >> $GITHUB_ENV
           fi
+
       - name: Create Octo Release if main or deploy to sandbox label present
-        if: env.SHOULD_CREATE_RELEASE == 'true'
+        # if: env.SHOULD_CREATE_RELEASE == 'true'
         run: |
           octoSpaceId="Default"
-          octoProjectId="Opserver"
+          octoProjectId="opserver"
 
           dotnet octo create-release --project=$octoProjectId --space=$octoSpaceId --version=${{ needs.generate_date_version.outputs.version }} \
-          --gitRef=main --server=${{ vars.OCTOPUS_CLOUD_URL }} --apiKey=${{ secrets.OCTOPUS_CLOUD_API_KEY }}
-          # Note: The gitRef param is for the Octo config repo and not the git repo for the code
+            --server=${{ vars.OCTOPUS_CLOUD_URL }} --apiKey=${{ secrets.OCTOPUS_CLOUD_API_KEY }}
+          
           
       - name: Deploy via Octopus if main or deploy to ascn-dev if label present
-        if: env.SHOULD_CREATE_RELEASE == 'true'
+        # if: env.SHOULD_CREATE_RELEASE == 'true'
         run: |
           octoSpaceId="Default"
-          octoProjectId="OpServer"
-          environmentId="${{ github.ref_name == 'main' && 'main-test' || 'ascn-dev' }}"
+          octoProjectId="opserver"
+          environmentId="${{ github.ref_name == 'main' && 'test' || 'dev' }}"
+          tenantId="${{ github.ref_name == 'main' && 'main' || 'ascn' }}"
 
           dotnet octo deploy-release --project=$octoProjectId --space=$octoSpaceId --version=${{ needs.generate_date_version.outputs.version }} \
-          --server=${{ vars.OCTOPUS_CLOUD_URL }} --apiKey=${{ secrets.OCTOPUS_CLOUD_API_KEY }} --deployTo=$environmentId
-          # Note: The gitRef param is for the Octo config repo and not the git repo for the code
+            --server=${{ vars.OCTOPUS_CLOUD_URL }} --apiKey=${{ secrets.OCTOPUS_CLOUD_API_KEY }} --deployTo=$environmentId --tenant=$tenantId
+          

.gitignore

@@ -1,4 +1,5 @@
 # These get copied locally when running Invoke-CNAB not in a container
+# Temporarily including these while building out CNAB v2 support
 cnab/app/container-registry-discovery.ps1
 cnab/app/gcp-cluster-discovery.ps1
 cnab/app/run.ps1

cnab/Invoke-CNAB.ps1

@@ -4,12 +4,16 @@ param (
     [string]
     $Action = "install",
     [bool]
-    $RunAsContainer = $false,
+    $RunAsContainer = $true,
     [ValidateSet("GCP", "DockerDesktop")]
     [string]
     $Target = "GCP",
     [bool]
-    $DownloadLocalScriptsForLocalDebugging = $true
+    $DownloadLocalScriptsForLocalDebugging = $true,
+    [string]
+    $Version = "pr-21",
+    [string]
+    $PathToDeploymentPipelineVariables = "file:///D:/code/deployment-pipeline-variables"
 )
 
 # Function to check if a command exists
@@ -65,14 +69,23 @@ function Setup-DockerDesktop {
     }
 }
 
-$MetaJsonPath = "$PSScriptRoot/app/variables.$Target.json"
+$env:PIPELINE_CONFIG_URI=$PathToDeploymentPipelineVariables
+
+Write-Host "Rendering pipeline variables for CNAB"
+$TempFilePath = [System.IO.Path]::GetTempFileName()
+$MetaJsonPath = [System.IO.Path]::ChangeExtension($TempFilePath, ".json")
+
+pipeline-variables render "opserver" --cloud "gcp" --product "pubplat" --env "dev" --deployment-group "ascn" --output $MetaJsonPath --json
 
 if (-not (Test-Path $MetaJsonPath)) {
-    Write-Error "File not found: $MetaJsonPath"
+    Write-Error "File not found: $MetaJsonPath. Something went wrong rendering pipeline variables."
     exit 1
 }
 
 if ($Target -eq "DockerDesktop") {
+
+    Write-Error "Docker Desktop is currently not supported for CNAB v2. For now, please target GCP until we've added back support for Docker Desktop"
+    exit 1
     Setup-DockerDesktop
 
      # Build local app images for Docker Desktop
@@ -115,7 +128,7 @@ if ($RunAsContainer) {
 
     $CNABImage = "$appName-cnab:local"
     # Build a local copy of CNAB image
-    docker build -t $CNABImage -f $PSScriptRoot/build/Dockerfile .
+    docker build -t $CNABImage -f $PSScriptRoot/build/Dockerfile --build-arg BUNDLE_VERSION=$Version  .
 
     $dockerRunArgs = @()
 
@@ -128,8 +141,6 @@ if ($RunAsContainer) {
         )
     }
     elseif ($Target -eq "DockerDesktop") {
-
-
         if ($IsWindows) {
             $kubeConfigPath = "$env:USERPROFILE\.kube\config"
         }
@@ -147,7 +158,7 @@ if ($RunAsContainer) {
         "-v", "$($MetaJsonPath):/variables.json",
         "--env", "CNAB_ACTION=$Action",
         "--env", "INSTALLATION_METADATA=/variables.json",
-        "--rm", "$CNABImage", "/cnab/app/run.ps1"
+        "--rm", "$CNABImage", "/cnab/app/run"
     )
 
     docker run $dockerRunArgs
@@ -156,7 +167,8 @@ else {
 
     $env:CNAB_ACTION = $Action
     $env:INSTALLATION_METADATA = $MetaJsonPath
-
+    $env:BUNDLE_VERSION = $Version
+
     if ($DownloadLocalScriptsForLocalDebugging) {
         # Read the CNAB base image from the Dockerfile
         $DockerfilePath = "$PSScriptRoot/build/Dockerfile"

cnab/app/app.ps1

@@ -11,12 +11,12 @@ function Generate-Values($vars, $environment, $containerRegistryUrl, $releaseTag
     Write-MajorStep "Generating Helm values"
     $values = @{
         tier                    = $environment
-        replicaCount            = $vars.vars.replicaCount
-        aspnetcoreEnvironment   = $vars.vars.aspnetcoreEnvironment
+        replicaCount            = $vars.replicaCount
+        aspnetcoreEnvironment   = $vars.aspnetcoreEnvironment
         product                 = "pubplat"
 
         db                      = @{
-            exceptionalDbName = $vars.vars.exceptionalDbName;
+            exceptionalDbName = $vars.exceptionalDbName;
         }
 
         images                  = @{
@@ -27,27 +27,27 @@ function Generate-Values($vars, $environment, $containerRegistryUrl, $releaseTag
         }
 
         requests                = @{
-            cpu    = $vars.vars.requestsCPU
-            memory = $vars.vars.requestsMemory
+            cpu    = $vars.requestsCPU
+            memory = $vars.requestsMemory
         }
 
         limits                  = @{
-            memory = $vars.vars.limitsMemory
+            memory = $vars.limitsMemory
         }
 
         podDisruptionBudget     = @{
-            minAvailable = $vars.vars.podDisruptionBudgetMinAvailable
+            minAvailable = $vars.podDisruptionBudgetMinAvailable
         }
 
         exceptional             = @{
             store = @{
-                type = $vars.vars.exceptionalStoreType
+                type = $vars.exceptionalStoreType
             }
         }
 
         datadog                 = @{
-            agentHost = $vars.vars.datadogAgentHost
-            agentPort = $vars.vars.datadogAgentPort
+            agentHost = $vars.datadogAgentHost
+            agentPort = $vars.datadogAgentPort
         }
 
         kestrel                 = @{
@@ -60,7 +60,7 @@ function Generate-Values($vars, $environment, $containerRegistryUrl, $releaseTag
         }
 
         secretStore             = @{
-            fake = $vars.runtime.local
+            fake = $vars.useFakeSecretStore
         }
 
         image                   = @{
@@ -70,23 +70,23 @@ function Generate-Values($vars, $environment, $containerRegistryUrl, $releaseTag
         ingress                 = @{
             className     = "nginx-internal"
             certIssuer    = "letsencrypt-dns-prod"
-            host          = $vars.vars.opserverSettings.hostUrl
-            enabled       = $vars.vars.includeIngress
+            host          = $vars.opserverSettings.hostUrl
+            enabled       = $vars.includeIngress
             secretName    = "opserver-tls"
             createTlsCert = $true
         }
 
         sqlExternalSecret       = @{
-            storeRefName = $vars.vars.secretStore
+            storeRefName = $vars.secretStore
         }
 
         opserverExternalSecret  = @{
-            storeRefName = $vars.vars.secretStore
+            storeRefName = $vars.secretStore
         }
 
-        opserverSettings        = $vars.vars.opserverSettings
+        opserverSettings        = $vars.opserverSettings
 
-        adminRolebindingGroupId = $vars.vars.adminRolebindingGroupId
+        adminRolebindingGroupId = $vars.adminRolebindingGroupId
     }
 
     # Helm expects a YAML file but YAML is also a superset of JSON, so we can use ConvertTo-Json here

cnab/build/Dockerfile

@@ -1,7 +1,9 @@
-FROM cr.stackoverflow.software/so-pubplat-cnab:2024.10.16.174409-276.1@sha256:36cf26cd2d2ea251ce46edcc966174ab1ed95ccf2818cdc763ba58a384328177
+FROM cr.stackoverflow.software/so-pubplat-cnab:2025.1.7.92116@sha256:e1c7397eaa8b5d6b11db49b1150290782675b3dfae2b886770e5a2048b2fa745
 
 COPY ./cnab/app /cnab/app
 COPY ./charts /cnab/app/charts
-RUN chmod 755 /cnab/app/run.ps1
 
-CMD ["/cnab/app/run.ps1"]
+ARG BUNDLE_VERSION
+ENV BUNDLE_VERSION=${BUNDLE_VERSION}
+
+CMD ["/cnab/app/run"]