Skip to content

Switch deployment to Linux and update dependencies #56

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
StuartFerguson merged 1 commit into from
Jul 4, 2025
Merged

Switch deployment to Linux and update dependencies #56

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
166 changes: 129 additions & 37 deletions .github/workflows/createrelease.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@

- name: Publish API
if: ${{ github.event.release.prerelease == false }}
run: dotnet publish "TestHosts\TestHosts\TestHosts.csproj" --configuration Release --output publishOutput -r win-x64 --self-contained
run: dotnet publish "TestHosts\TestHosts\TestHosts.csproj" --configuration Release --output publishOutput -r linux-x64 --self-contained

- name: Build Release Package
run: |
Expand All @@ -60,67 +60,159 @@
path: testhosts.zip

deploystaging:
runs-on: stagingserver
runs-on: [stagingserver, linux]
needs: buildlinux
environment: staging
name: "Deploy to Staging"

steps:
- name: Download the artifact
uses: actions/[email protected]
with:
name: testhosts

- name: Remove existing Windows service
path: /tmp/testhosts # Download to a temporary directory

- name: Remove existing service (if applicable)
run: |
$serviceName = "Transaction Processing - Test Hosts"
# Check if the service exists
if (Get-Service -Name $serviceName -ErrorAction SilentlyContinue) {
Stop-Service -Name $serviceName
sc.exe delete $serviceName
}

SERVICE_NAME="testhosts"
if systemctl is-active --quiet "$SERVICE_NAME"; then
echo "Stopping existing service..."
sudo systemctl stop "$SERVICE_NAME"
fi
if systemctl is-enabled --quiet "$SERVICE_NAME"; then
echo "Disabling existing service..."
sudo systemctl disable "$SERVICE_NAME"
fi
if [ -f "/etc/systemd/system/${SERVICE_NAME}.service" ]; then
echo "Removing existing service unit file..."
sudo rm "/etc/systemd/system/${SERVICE_NAME}.service"
sudo systemctl daemon-reload
fi

- name: Unzip the files
run: |
Expand-Archive -Path testhosts.zip -DestinationPath "C:\txnproc\transactionprocessing\testhosts" -Force

- name: Install as a Windows service
sudo mkdir -p /opt/txnproc/transactionprocessing/testhosts
sudo unzip -o /tmp/testhosts/testhosts.zip -d /opt/txnproc/transactionprocessing/testhosts

# IMPORTANT: Add a step to ensure the .NET runtime is installed on the server
# This assumes it's not already there. If your base image already has it, you can skip this.
- name: Install .NET Runtime
run: |
# Example for Ubuntu. Adjust based on your .NET version (e.g., 8.0, 7.0)
# and if you need the SDK or just the runtime.
# This uses Microsoft's package repository for the latest versions.
wget https://packages.microsoft.com/config/ubuntu/$(lsb_release -rs)/packages-microsoft-prod.deb -O packages-microsoft-prod.deb
sudo dpkg -i packages-microsoft-prod.deb
rm packages-microsoft-prod.deb
sudo apt update
sudo apt install -y aspnetcore-runtime-9.0

- name: Install and Start as a Linux service
run: |
$serviceName = "Transaction Processing - Test Hosts"
$servicePath = "C:\txnproc\transactionprocessing\TestHosts\TestHosts.exe"

New-Service -Name $serviceName -BinaryPathName $servicePath -Description "Transaction Processing - Test Hosts" -DisplayName "Transaction Processing - Test Hosts" -StartupType Automatic
Start-Service -Name $serviceName
SERVICE_NAME="testhosts"
# The WorkingDirectory is crucial for .NET apps to find appsettings.json and other files
WORKING_DIRECTORY="/opt/txnproc/transactionprocessing/testhosts"
DLL_NAME="TestHosts.dll" # Your application's DLL
SERVICE_DESCRIPTION="Transaction Processing - Test Hosts"

# Create a systemd service file
echo "[Unit]" | sudo tee /etc/systemd/system/${SERVICE_NAME}.service
echo "Description=${SERVICE_DESCRIPTION}" | sudo tee -a /etc/systemd/system/${SERVICE_NAME}.service
echo "After=network.target" | sudo tee -a /etc/systemd/system/${SERVICE_NAME}.service
echo "" | sudo tee -a /etc/systemd/system/${SERVICE_NAME}.service
echo "[Service]" | sudo tee -a /etc/systemd/system/${SERVICE_NAME}.service
# IMPORTANT: Use 'dotnet' to run your DLL
echo "ExecStart=/usr/bin/dotnet ${WORKING_DIRECTORY}/${DLL_NAME}" | sudo tee -a /etc/systemd/system/${SERVICE_NAME}.service
echo "WorkingDirectory=${WORKING_DIRECTORY}" | sudo tee -a /etc/systemd/system/${SERVICE_NAME}.service
echo "Restart=always" | sudo tee -a /etc/systemd/system/${SERVICE_NAME}.service
echo "User=youruser" # IMPORTANT: Change to a dedicated, less privileged user
echo "Group=yourgroup" # IMPORTANT: Change to a dedicated, less privileged group
echo "Environment=ASPNETCORE_ENVIRONMENT=Production" | sudo tee -a /etc/systemd/system/${SERVICE_NAME}.service # Example
echo "" | sudo tee -a /etc/systemd/system/${SERVICE_NAME}.service
echo "[Install]" | sudo tee -a /etc/systemd/system/${SERVICE_NAME}.service
echo "WantedBy=multi-user.target" | sudo tee -a /etc/systemd/system/${SERVICE_NAME}.service

# Reload systemd, enable, and start the service
sudo systemctl daemon-reload
sudo systemctl enable "$SERVICE_NAME"
sudo systemctl start "$SERVICE_NAME"
sudo systemctl status "$SERVICE_NAME" --no-pager # For debugging/verification

deployproduction:

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {}
runs-on: productionserver
runs-on: [productionserver, linux]
needs: [buildlinux, deploystaging]
environment: production
name: "Deploy to Production"

steps:
- name: Download the artifact
uses: actions/[email protected]
with:
name: testhosts

- name: Remove existing Windows service
path: /tmp/testhosts # Download to a temporary directory

- name: Remove existing service (if applicable)
run: |
$serviceName = "Transaction Processing - Test Hosts"
# Check if the service exists
if (Get-Service -Name $serviceName -ErrorAction SilentlyContinue) {
Stop-Service -Name $serviceName
sc.exe delete $serviceName
}

SERVICE_NAME="testhosts"
if systemctl is-active --quiet "$SERVICE_NAME"; then
echo "Stopping existing service..."
sudo systemctl stop "$SERVICE_NAME"
fi
if systemctl is-enabled --quiet "$SERVICE_NAME"; then
echo "Disabling existing service..."
sudo systemctl disable "$SERVICE_NAME"
fi
if [ -f "/etc/systemd/system/${SERVICE_NAME}.service" ]; then
echo "Removing existing service unit file..."
sudo rm "/etc/systemd/system/${SERVICE_NAME}.service"
sudo systemctl daemon-reload
fi

- name: Unzip the files
run: |
Expand-Archive -Path testhosts.zip -DestinationPath "C:\txnproc\transactionprocessing\testhosts" -Force

- name: Install as a Windows service
sudo mkdir -p /opt/txnproc/transactionprocessing/testhosts
sudo unzip -o /tmp/testhosts/testhosts.zip -d /opt/txnproc/transactionprocessing/testhosts

# IMPORTANT: Add a step to ensure the .NET runtime is installed on the server
# This assumes it's not already there. If your base image already has it, you can skip this.
- name: Install .NET Runtime
run: |
# Example for Ubuntu. Adjust based on your .NET version (e.g., 8.0, 7.0)
# and if you need the SDK or just the runtime.
# This uses Microsoft's package repository for the latest versions.
wget https://packages.microsoft.com/config/ubuntu/$(lsb_release -rs)/packages-microsoft-prod.deb -O packages-microsoft-prod.deb
sudo dpkg -i packages-microsoft-prod.deb
rm packages-microsoft-prod.deb
sudo apt update
sudo apt install -y aspnetcore-runtime-9.0

- name: Install and Start as a Linux service
run: |
$serviceName = "Transaction Processing - Test Hosts"
$servicePath = "C:\txnproc\transactionprocessing\TestHosts\TestHosts.exe"

New-Service -Name $serviceName -BinaryPathName $servicePath -Description "Transaction Processing - Test Hosts" -DisplayName "Transaction Processing - Test Hosts" -StartupType Automatic
Start-Service -Name $serviceName
SERVICE_NAME="testhosts"
# The WorkingDirectory is crucial for .NET apps to find appsettings.json and other files
WORKING_DIRECTORY="/opt/txnproc/transactionprocessing/testhosts"
DLL_NAME="TestHosts.dll" # Your application's DLL
SERVICE_DESCRIPTION="Transaction Processing - Test Hosts"

# Create a systemd service file
echo "[Unit]" | sudo tee /etc/systemd/system/${SERVICE_NAME}.service
echo "Description=${SERVICE_DESCRIPTION}" | sudo tee -a /etc/systemd/system/${SERVICE_NAME}.service
echo "After=network.target" | sudo tee -a /etc/systemd/system/${SERVICE_NAME}.service
echo "" | sudo tee -a /etc/systemd/system/${SERVICE_NAME}.service
echo "[Service]" | sudo tee -a /etc/systemd/system/${SERVICE_NAME}.service
# IMPORTANT: Use 'dotnet' to run your DLL
echo "ExecStart=/usr/bin/dotnet ${WORKING_DIRECTORY}/${DLL_NAME}" | sudo tee -a /etc/systemd/system/${SERVICE_NAME}.service
echo "WorkingDirectory=${WORKING_DIRECTORY}" | sudo tee -a /etc/systemd/system/${SERVICE_NAME}.service
echo "Restart=always" | sudo tee -a /etc/systemd/system/${SERVICE_NAME}.service
echo "User=youruser" # IMPORTANT: Change to a dedicated, less privileged user
echo "Group=yourgroup" # IMPORTANT: Change to a dedicated, less privileged group
echo "Environment=ASPNETCORE_ENVIRONMENT=Production" | sudo tee -a /etc/systemd/system/${SERVICE_NAME}.service # Example
echo "" | sudo tee -a /etc/systemd/system/${SERVICE_NAME}.service
echo "[Install]" | sudo tee -a /etc/systemd/system/${SERVICE_NAME}.service
echo "WantedBy=multi-user.target" | sudo tee -a /etc/systemd/system/${SERVICE_NAME}.service

# Reload systemd, enable, and start the service
sudo systemctl daemon-reload
sudo systemctl enable "$SERVICE_NAME"
sudo systemctl start "$SERVICE_NAME"
sudo systemctl status "$SERVICE_NAME" --no-pager # For debugging/verification

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {}

Copilot Autofix

AI 10 months ago

The fix involves adding an explicit permissions block to the workflow to define the least privileges required for the GITHUB_TOKEN. This ensures that the deployment workflow only has access to resources relevant to its tasks.

In this case:

  • For the entire workflow, contents: read is sufficient to interact with the repository contents.
  • Specific jobs, such as deployproduction, might require additional permissions for managing pull requests or writing to issues. These can be added as needed.
  • The fix will be applied at the workflow root level to cover all jobs unless overridden by a job-specific permissions block.
Suggested changeset 1
.github/workflows/createrelease.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/createrelease.yml b/.github/workflows/createrelease.yml
--- a/.github/workflows/createrelease.yml
+++ b/.github/workflows/createrelease.yml
@@ -1,5 +1,8 @@
 name: Release
 
+permissions:
+  contents: read
+
 on:
   release:
     types: [published]
@@ -139,6 +142,8 @@
           sudo systemctl status "$SERVICE_NAME" --no-pager # For debugging/verification          
 
   deployproduction:
+    permissions:
+      contents: read
     runs-on: [productionserver, linux]
     needs: [buildlinux, deploystaging]
     environment: production
EOF
@@ -1,5 +1,8 @@
name: Release

permissions:
contents: read

on:
release:
types: [published]
@@ -139,6 +142,8 @@
sudo systemctl status "$SERVICE_NAME" --no-pager # For debugging/verification

deployproduction:
permissions:
contents: read
runs-on: [productionserver, linux]
needs: [buildlinux, deploystaging]
environment: production
Copilot is powered by AI and may make mistakes. Always verify output.
2 changes: 1 addition & 1 deletion TestHosts/TestHosts/TestHosts.csproj
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@
<PackageReference Include="Microsoft.Extensions.Hosting.WindowsServices" Version="9.0.5" />
<PackageReference Include="Microsoft.VisualStudio.Azure.Containers.Tools.Targets" Version="1.21.2" />
<PackageReference Include="Microsoft.VisualStudio.Web.CodeGeneration.Design" Version="9.0.0" />
<PackageReference Include="Shared" Version="2025.6.1" />
<PackageReference Include="Shared" Version="2025.6.2" />
<PackageReference Include="Swashbuckle.AspNetCore" Version="8.1.2" />
<PackageReference Include="NLog.Extensions.Logging" Version="5.5.0" />
<PackageReference Include="Microsoft.EntityFrameworkCore.Tools" Version="9.0.5">
Expand Down
4 changes: 2 additions & 2 deletions TestHosts/TestHosts/appsettings.staging.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
{
"ConnectionStrings": {
"TestBankReadModel": "server=192.168.1.167,1433;user id=sa;password=Sc0tland;database=TestBankReadModel;Encrypt=false",
"PataPawaReadModel": "server=192.168.1.167,1433;user id=sa;password=Sc0tland;database=PataPawaReadModel;Encrypt=false"
"TestBankReadModel": "server=192.168.1.163,1433;user id=sa;password=Sc0tland;database=TestBankReadModel;Encrypt=false",
"PataPawaReadModel": "server=192.168.1.163,1433;user id=sa;password=Sc0tland;database=PataPawaReadModel;Encrypt=false"
},
"AllowedHosts": "*"
}
Loading