Refactoring Sync Things Job

.devcontainer/Dockerfile

@@ -1,18 +1,30 @@
-# See here for image contents: https://github.com/microsoft/vscode-dev-containers/tree/v0.238.0/containers/dotnet/.devcontainer/base.Dockerfile
-
-# [Choice] .NET version: 6.0, 3.1, 6.0-bullseye, 3.1-bullseye, 6.0-focal, 3.1-focal
-ARG VARIANT="6.0-bullseye-slim"
-FROM mcr.microsoft.com/vscode/devcontainers/dotnet:0-${VARIANT}
-
-# [Choice] Node.js version: none, lts/*, 18, 16, 14
-ARG NODE_VERSION="none"
-RUN if [ "${NODE_VERSION}" != "none" ]; then su vscode -c "umask 0002 && . /usr/local/share/nvm/nvm.sh && nvm install ${NODE_VERSION} 2>&1"; fi
-
-# [Optional] Uncomment this section to install additional OS packages.
-# RUN apt-get update && export DEBIAN_FRONTEND=noninteractive \
-#    && apt-get -y install --no-install-recommends moby-engine moby-cli moby-build moby-run 
-
-# [Optional] Uncomment this line to install global node packages.
-# RUN su vscode -c "source /usr/local/share/nvm/nvm.sh && npm install -g <your-package-here>" 2>&1
-
+# See here for image contents: https://github.com/microsoft/vscode-dev-containers/tree/v0.238.0/containers/dotnet/.devcontainer/base.Dockerfile
+
+# [Choice] .NET version: 6.0, 3.1, 6.0-bullseye, 3.1-bullseye, 6.0-focal, 3.1-focal
+ARG VARIANT="7.0-bullseye-slim"
+FROM mcr.microsoft.com/vscode/devcontainers/dotnet:dev-${VARIANT}
+
+# [Choice] Node.js version: none, lts/*, 18, 16, 14
+ARG NODE_VERSION="none"
+RUN if [ "${NODE_VERSION}" != "none" ]; then su vscode -c "umask 0002 && . /usr/local/share/nvm/nvm.sh && nvm install ${NODE_VERSION} 2>&1"; fi
+
+# [Optional] Uncomment this section to install additional OS packages.
+# RUN apt-get update && export DEBIAN_FRONTEND=noninteractive \
+#    && apt-get -y install --no-install-recommends moby-engine moby-cli moby-build moby-run 
+
+# [Optional] Uncomment this line to install global node packages.
+# RUN su vscode -c "source /usr/local/share/nvm/nvm.sh && npm install -g <your-package-here>" 2>&1
+
+RUN sudo apt-get update && \
+    sudo apt-get -y install ca-certificates curl gnupg && \
+    sudo install -m 0755 -d /etc/apt/keyrings && \
+    curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg && \
+    sudo chmod a+r /etc/apt/keyrings/docker.gpg && \
+    echo \
+        "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian \
+        "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | \
+        sudo tee /etc/apt/sources.list.d/docker.list > /dev/null && \
+    sudo apt-get update && \
+    sudo apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
+
 RUN dotnet dev-certs https

.devcontainer/devcontainer.json

@@ -2,16 +2,17 @@
 // https://github.com/microsoft/vscode-dev-containers/tree/v0.238.0/containers/dotnet
 {
 	"name": "C# (.NET)",
-	"build": {
-		"dockerfile": "Dockerfile",
-		"args": {
-			// Update 'VARIANT' to pick a .NET Core version: 3.1, 6.0
-			// Append -bullseye or -focal to pin to an OS version.
-			"VARIANT": "6.0-bullseye",
-			// Options
-			"NODE_VERSION": "lts/*"
-		}
-	},
+	// Update the 'dockerComposeFile' list if you have more compose files or use different names.
+	"dockerComposeFile": "docker-compose.yml",
+
+	// The 'service' property is the name of the service for the container that VS Code should
+	// use. Update this value and .devcontainer/docker-compose.yml to the real service name.
+	"service": "app",
+
+	// The 'workspaceFolder' property is the path VS Code should open by default when
+	// connected. Corresponds to a volume mount in .devcontainer/docker-compose.yml
+	"workspaceFolder": "/workspace",
+
 	// Configure tool-specific properties.
 	"customizations": {
 		// Configure properties specific to VS Code.
@@ -21,7 +22,6 @@
 				"ms-dotnettools.csharp",
 				"ms-dotnettools.vscode-dotnet-runtime",
 				"tintoy.msbuild-project-tools",
-				"jchannon.csharpextensions",
 				"fernandoescolar.vscode-solution-explorer"
 			]
 		}
@@ -51,7 +51,7 @@
 	//    * If only using Remote - Containers with a local container, uncomment this line instead:
 	//      "mounts": [ "source=${env:HOME}${env:USERPROFILE}/.aspnet/https,target=/home/vscode/.aspnet/https,type=bind" ],
 	// Use 'postCreateCommand' to run commands after the container is created.
-	// "postCreateCommand": "dotnet restore",
+	"postCreateCommand": "dotnet dev-certs https --trust && dotnet restore src/*.sln",
 	// Comment out to connect as root instead. More info: https://aka.ms/vscode-remote/containers/non-root.
 	"remoteUser": "vscode"
 }

.devcontainer/docker-compose.yml

@@ -0,0 +1,40 @@
+version: '3.4'
+
+services:
+  database:
+    image: postgres:14-alpine
+    restart: always
+    environment:
+      POSTGRES_PASSWORD: postgrePassword
+      POSTGRES_DB: cgigeiotdemo
+    volumes:
+      - pgdata:/var/lib/postgresql/data
+    healthcheck:
+      test: ["CMD-SHELL", "sh -c 'pg_isready -U postgres -d cgigeiotdemo'"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+
+  app:
+    build:
+      context: .
+      dockerfile: Dockerfile
+      # [Optional] You can use build args to set options. e.g. 'VARIANT' below affects the image in the Dockerfile
+      args: 
+        NODE_VERSION: lts/*
+
+    volumes:
+      # This is where VS Code should expect to find your project's source code and the value of "workspaceFolder" in .devcontainer/devcontainer.json
+      - ..:/workspace:cached
+
+      # Uncomment the next line to use Docker from inside the container. See https://aka.ms/vscode-remote/samples/docker-from-docker-compose for details.
+      - /var/run/docker.sock:/var/run/docker.sock 
+
+    # Overrides default command so things don't shut down after the process ends.
+    command: /bin/sh -c "while sleep 1000; do :; done"  
+
+    depends_on:
+      database:
+        condition: service_healthy
+volumes:
+  pgdata:

.github/workflows/aws-cfn-lint.yml

@@ -0,0 +1,36 @@
+name: Validate CloudFormation templates
+
+on:
+  pull_request:
+    branches: [ main, main-vnext ]
+    paths:
+      - 'templates/aws/**'
+  push:
+    branches: [ main, main-vnext ]
+    paths:
+      - 'templates/aws/**'
+  workflow_dispatch:
+
+jobs:
+  validate_cfn_templates:
+    name: Build and Validate CloudFormation Templates
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Apply cfn-templates label on PR
+        uses: actions/github-script@v6
+        if: ${{ github.event_name == 'pull_request' }}
+        with:
+          script: |
+            github.rest.issues.addLabels({
+              issue_number: context.issue.number,
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              labels: ['cfn-templates']
+            })
+      - uses: actions/checkout@v3.4.0
+
+      - name: Check CloudFormation Syntax
+        uses: scottbrenner/cfn-lint-action@v2
+        with:
+          command: cfn-lint templates/aws/*.yml

.github/workflows/aws_deploy_staging.yml

@@ -0,0 +1,148 @@
+name: AWS Deploy Staging
+
+on:
+  push:
+    branches: [ main-vnext ]
+  workflow_dispatch:
+
+jobs:
+  build:
+    name: Build and push to ECR
+    runs-on: ubuntu-latest
+    environment: 
+      name: AWS Staging
+    outputs:
+      aws_public_registry: ${{ steps.login-ecr-public.outputs.registry }}
+    steps:
+      - uses: actions/checkout@v3.4.0
+
+      - id: docker-tag
+        uses: yuya-takeyama/docker-tag-from-github-ref-action@v1
+
+      - name: Configure AWS credentials
+        id: aws-credentials
+        uses: aws-actions/configure-aws-credentials@v2
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          # Should use us-east-1 region to push to ECR public registry
+          aws-region: ${{ secrets.AWS_REGION }}
+
+      - name: Login to Amazon ECR
+        id: login-ecr
+        uses: aws-actions/amazon-ecr-login@v1
+
+      - name: Get a latest Git tag
+        uses: actions-ecosystem/action-get-latest-tag@v1
+        id: get-latest-tag
+        with: 
+            semver_only: true
+
+      - name: Bump the semver version up
+        uses: actions-ecosystem/action-bump-semver@v1
+        id: bump-semver
+        with:
+          current_version: ${{ steps.get-latest-tag.outputs.tag }}
+          level: minor
+
+      - name: Remove leading v to semver
+        id: final-version
+        run: |
+            echo "::set-output name=new_version::$(echo ${{ steps.bump-semver.outputs.new_version }} | sed 's/^v//')"
+
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v4
+        with:
+          # list of Docker images to use as base name for tags
+          images: |
+            ${{ steps.login-ecr.outputs.registry }}/${{ vars.AWS_ECR_REPOSITORY }}
+          tags: |
+            type=raw,enable=true,priority=200,prefix=,suffix=,value=${{ steps.final-version.outputs.new_version }}
+            type=sha,enable=true,priority=100,prefix=sha-,suffix=,format=short
+
+      - name: Build and push
+        # You may pin to the exact commit or the version.
+        uses: docker/build-push-action@v4.0.0
+        with:
+          # Build's context is the set of files located in the specified PATH or URL
+          context: src/
+          # Push is a shorthand for --output=type=registry
+          push: true
+          build-args: | 
+            BUILD_VERSION=${{ steps.final-version.outputs.new_version }}
+            GITHUB_RUN_NUMBER=${{ github.run_number }}
+          tags: 
+            ${{ steps.meta.outputs.tags }}
+
+  deploy:
+    name: Deploy to AWS
+    runs-on: ubuntu-latest
+    needs: build
+    environment:
+      name: AWS Staging
+    steps:
+      - uses: actions/checkout@v3.4.0
+
+      - name: Configure AWS credentials
+        id: aws-credentials
+        uses: aws-actions/configure-aws-credentials@v2
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: ${{ secrets.AWS_REGION }}
+
+      - name: Login to Amazon ECR
+        id: login-ecr
+        uses: aws-actions/amazon-ecr-login@v1
+
+      - name: Set outputs
+        id: git_sha
+        run: echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
+
+      - name: Deploy to App Runner Image
+        id: deploy-apprunner
+        uses: awslabs/amazon-app-runner-deploy@main
+        env:
+          ASPNETCORE_ENVIRONMENT: Development
+          CLOUDPROVIDER: AWS
+          PORTALNAME: ${{ vars.PORTALNAME }}
+          AWS__REGION: ${{ secrets.AWS_REGION }}
+          AWS__ACCOUNTID: ${{ secrets.AWS_ACCOUNTID }}
+          AWS__BUCKETNAME: ${{ vars.AWS_BUCKETNAME }}
+          OIDC__APICLIENTID: ${{ vars.OIDC_APICLIENTID }}
+          OIDC__CLIENTID: ${{ vars.OIDC_CLIENTID }}
+          OIDC__AUTHORITY: ${{ vars.OIDC_AUTHORITY }}
+          OIDC__METADATAURL: ${{ vars.OIDC_METADATAURL }}
+          OIDC__SCOPE: ${{ vars.OIDC_SCOPE }}
+          OIDC__VALIDATEAUDIENCE: ${{ vars.OIDC_VALIDATEAUDIENCE }}
+          AWS__GREENGRASSCORETOKENEXCHANGEROLEALIASNAME: "aurademoiot-GreengrassCoreTokenExchangeRoleAlias"
+          AWS__GREENGRASSREQUIREDROLES__0: "aurademoiot-GreengrassCoreTokenExchangeRoleAliasPolicy"
+          AWS__GREENGRASSREQUIREDROLES__1: "aurademoiot-GreengrassV2IoTThingPolicy"
+        with:
+          service: ${{ vars.AWS_APP_RUNNER_NAME }}
+          image: ${{ steps.login-ecr.outputs.registry }}/${{ vars.AWS_ECR_REPOSITORY }}:sha-${{ steps.git_sha.outputs.sha_short }}
+          access-role-arn: ${{ secrets.AWS_ROLE_ARN }}
+          region: ${{ secrets.AWS_REGION }}
+          cpu : 1
+          memory : 2
+          wait-for-service-stability-seconds: 1200
+          copy-env-vars: |
+            ASPNETCORE_ENVIRONMENT
+            CLOUDPROVIDER
+            PORTALNAME
+            AWS__REGION
+            AWS__ACCOUNTID
+            AWS__BUCKETNAME
+            OIDC__APICLIENTID
+            OIDC__CLIENTID
+            OIDC__AUTHORITY
+            OIDC__METADATAURL
+            OIDC__SCOPE
+            OIDC__VALIDATEAUDIENCE
+            AWS__GREENGRASSCORETOKENEXCHANGEROLEALIASNAME
+            AWS__GREENGRASSREQUIREDROLES__0
+            AWS__GREENGRASSREQUIREDROLES__1
+
+      - name: App Runner URL
+        run: echo "App runner URL ${{ steps.deploy-apprunner.outputs.service-url }}"