test: add test for added employeeId in token and apply new ports and infra code from the newest api setup

.devcontainer/devcontainer.json

@@ -0,0 +1,28 @@
+// For format details, see https://aka.ms/devcontainer.json. For config options, see the
+// README at: https://github.com/devcontainers/templates/tree/main/src/docker-existing-dockerfile
+{
+	"name": "Existing Dockerfile",
+	"build": {
+		// Sets the run context to one level up instead of the .devcontainer folder.
+		"context": "..",
+		// Update the 'dockerFile' property if you aren't using the standard 'Dockerfile' filename.
+		"dockerfile": "../e2e/KarateDockerfile"
+	},
+	"features": {
+		"ghcr.io/devcontainers/features/docker-outside-of-docker:1.6.0": {}
+	},
+	"runArgs": [
+		"--network=host"
+	],
+	"customizations": {
+		"vscode": {
+			"extensions": [
+				"karatelabs.karate",
+				"bierner.markdown-mermaid"
+			]
+		}
+	},
+	"containerEnv": {
+		"API_ROOT_URL": "http://localhost:6503/api",
+	}
+}

.github/workflows/docker-build-and-push.yml

@@ -0,0 +1,57 @@
+name: Publish Docker image
+
+on:
+  push:
+    branches:
+      - master
+      - feature/*
+  # to allow to wait for a docker image to be published to proceed in another workflow
+  workflow_call:
+
+jobs:
+  push_to_registry:
+    name: Push Docker image to Git Registry
+    runs-on: ubuntu-22.04
+    permissions:
+      packages: write
+      contents: read
+      attestations: write
+    steps:
+      - name: Check out the repo
+        uses: actions/checkout@v4
+      # multi-platform build configured using this https://docs.docker.com/build/ci/github-actions/multi-platform/
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Log in to GitHub Container Registry
+        uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
+        with:
+          images: ghcr.io/tourmalinecore/${{ github.event.repository.name }}
+          tags: |
+            # minimal (short sha)
+            type=sha
+            # full length sha
+            type=sha,format=long
+            # set latest tag for default branch
+            # https://github.com/docker/metadata-action/issues/171 explains how to tag latest only on default branch
+            type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', github.event.repository.default_branch) }}
+
+      - name: Build and push Docker image
+        id: push
+        uses: docker/build-push-action@3b5e8027fcad23fda98b2e3ac259d8d67585f671
+        with:
+          context: .
+          file: ./Api/Dockerfile
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          platforms: linux/amd64,linux/arm64

.github/workflows/karate-tests-on-pull-request.yml

@@ -0,0 +1,101 @@
+name: E2E Tests
+
+on:
+  push:
+    branches:
+      - feature/*
+
+jobs:
+  # this is needed to wait for the new docker image to be build and published to the registry
+  # so that we can use the image to run ui of the needed commit related version as part of local-env
+  # the idea is taken from here https://stackoverflow.com/a/71489231
+  push_to_registry:
+    uses: ./.github/workflows/docker-build-and-push.yml
+    # without this it cannot login to the registry
+    secrets: inherit
+
+  e2e-test-without-local-env:
+    runs-on: ubuntu-24.04
+    steps:
+    - uses: actions/checkout@v4
+    - name: Run service via docker-compose and run Karate-tests
+    # Hide credentials and token from logs, get the number of failed and passed tests
+    # Find text with 'failed' and 'passed' in logs from karate-testing container
+      run: |
+        LOGS=$(docker compose --profile MockForPullRequest up --abort-on-container-exit)
+        FILTERED_LOGS=$(echo "$LOGS" | sed -E 's/"login":"[^"]*"/"login":"****"/g' \
+                                 | sed -E 's/"password":"[^"]*"/"password":"****"/g' \
+                                 | sed -E 's/"accessToken":[^,}]*"[^"]*"/"accessToken":"****"/g' \
+                                 | sed -E 's/"Authorization":"[^"]*"/"Authorization":"****"/g' \
+                                 | sed -E 's/"X-DEBUG-TOKEN":[^,}]*"[^"]*"/"X-DEBUG-TOKEN":"****"/g' \
+                                 | sed -E 's/accessToken":\{[^}]*\}/accessToken":{"value":"****"}/g' \
+                                 | sed -E 's/X-DEBUG-TOKEN: [^ ]*/X-DEBUG-TOKEN: ****/g') 
+        echo "$FILTERED_LOGS"
+        FAILED=$(echo "$FILTERED_LOGS" | grep -oP 'failed: *\K\d+')
+        PASSED=$(echo "$FILTERED_LOGS" | grep -oP 'passed: *\K\d+')
+        echo "Failed tests: $FAILED"
+        echo "Passed tests: $PASSED"
+        if [ "$FAILED" -gt 0 ]; then
+          echo "Failed tests found! Failing the pipeline..."
+          exit 1
+        fi
+        if [ "$PASSED" -eq 0 ]; then
+          echo "No tests passed! Failing the pipeline..."
+          exit 1
+        fi
+      env:
+        TEST_AUTH_LOGIN: ${{ secrets.TEST_AUTH_LOGIN }}
+        TEST_AUTH_PASSWORD: ${{ secrets.TEST_AUTH_PASSWORD }}
+
+  e2e-test-with-local-env:
+    name: Run karate tests in local env
+    runs-on: ubuntu-22.04
+    needs: [push_to_registry]
+    steps:
+      - name: Checkout local-env
+        uses: actions/checkout@v4
+        with:
+          repository: TourmalineCore/inner-circle-local-env
+
+      - name: Deploy Local Env to Kind k8s
+        uses: devcontainers/ci@v0.3
+        with:
+          runCmd: |
+            # we need to override "latest" image tag of ui inside local-env to run e2e against the current commit ui version and not against latest from master
+            # We tried to use yq to change the image tag, but in the values files for helmfile we have non-yaml code that yq can`t parse or ignore
+            # so for that reason we use Stream EDitor which can find needed string using regular expressions and change it to a new value
+            # The -i flag is needed to write new image tag directly to values file
+            sed -i "0,/tag:.*/s//tag: \"sha-${{ github.sha }}\"/" deploy/values-auth-api.yaml.gotmpl
+
+             # we need to override "latest" ref of service chart inside local-env to run tests against the current commit service chart version and not against latest from master
+            sed -i "0,/git+https:\/\/github.com\/TourmalineCore\/${{ github.event.repository.name }}.git?ref=.*/s//git+https:\/\/github.com\/TourmalineCore\/${{ github.event.repository.name }}.git?ref=${{ github.sha }}/" deploy/helmfile.yaml
+
+            sed -i "0,/git::https:\/\/github.com\/TourmalineCore\/${{ github.event.repository.name }}.git@\/ci\/values-local-env.yaml?ref=.*/s//git::https:\/\/github.com\/TourmalineCore\/${{ github.event.repository.name }}.git@\/ci\/values-local-env.yaml?ref=${{ github.sha }}/" deploy/helmfile.yaml
+
+            kind create cluster --name inner-circle --config kind-local-config.yaml --kubeconfig ./.inner-circle-cluster-kubeconfig
+            # we need to properly expose KUBECONFIG as an absolute path, pwd prints current working directory path
+            export KUBECONFIG=$(pwd)/.inner-circle-cluster-kubeconfig
+
+            helmfile --environment local --namespace local -f deploy/helmfile.yaml apply
+          push: never
+
+      - name: Checkout api
+        uses: actions/checkout@v4
+
+      - name: Set up JDK 17
+        uses: actions/setup-java@v3
+        with:
+          java-version: '17'
+          distribution: 'temurin'
+
+      - name: Download Karate JAR
+        run: |
+          curl -L https://github.com/karatelabs/karate/releases/download/v1.5.1/karate-1.5.1.jar -o karate.jar
+
+      - name: Run Karate Tests
+        run: |
+          java -jar karate.jar .
+        env:
+          API_ROOT_URL: "http://localhost:30090/api"
+          AUTH_LOGIN: "ceo@tourmalinecore.com"
+          AUTH_PASSWORD: "cEoPa$$wo1d"

.github/workflows/prod-docker-publish.yml

@@ -1,54 +1,48 @@
-name: deploy service to prod k8s
+name: Deploy to Prod
 
 on:
   push:
     branches:
       - master
-  pull_request:
-
-env:
-  GITHUB_REGISTRY: ghcr.io
 
 jobs:
+  # this is needed to wait for the new docker image to be build and published to the registry
+  # so that we can use the image to run ui of the needed commit related version as part of local-env
+  # the idea is taken from here https://stackoverflow.com/a/71489231
+  push_to_registry:
+    uses: ./.github/workflows/docker-build-and-push.yml
+    # without this it cannot login to the registry
+    secrets: inherit
 
-  build-image:
-    name: Build and push service image  
+  deploy-to-prod:
+    name: Deploy service to k8s for prod environment  
+    needs: [push_to_registry]
     runs-on: ubuntu-22.04
     steps:
-      - name: checkout
-        uses: actions/checkout@v1
-      - name: Build and push image
+      - name: Check out the repo
+        uses: actions/checkout@v4
+
+      - name: Create default global .kube/config file
         run: |
-          echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u $ --password-stdin
-          docker build -t $GITHUB_REGISTRY/tourmalinecore/inner-circle/auth-api:latest -t $GITHUB_REGISTRY/tourmalinecore/inner-circle/auth-api:${{ github.sha }} -f Api/Dockerfile .
-          docker push $GITHUB_REGISTRY/tourmalinecore/inner-circle/auth-api:latest
-          docker push $GITHUB_REGISTRY/tourmalinecore/inner-circle/auth-api:${{ github.sha }}
+          cd $HOME
+          mkdir .kube
+          echo "${{ secrets.DEV_KUBECONFIG }}" > .kube/config
 
-  deploy-to-prod-k8s:
-    needs: build-image
-    name: Deploy service to k8s for prod environment 
-    if: github.event_name == 'push'
-    runs-on: ubuntu-22.04
-    steps:
-      - name: checkout
-        uses: actions/checkout@v1
       - name: Deploy
-        uses: WyriHaximus/github-action-helm3@v3
+        uses: helmfile/helmfile-action@v1.9.0
         with:
-          exec: |
-            RELEASE_NAME=auth-api
-            helm repo add bitnami https://charts.bitnami.com/bitnami
-            helm upgrade --install --namespace dev-inner-circle --create-namespace --values ./Api/ci/values-custom.yaml \
-            --set "image.tag=${{ github.sha }}" \
-            --set "ingress.enabled=true" \
-            --set "ingress.hostname=${{ secrets.DEV_HOST }}" \
-            --set "extraSecretEnvVars.ConnectionStrings__DefaultConnection=${{ secrets.DEV_POSTGRESQL_CONNECTION_STRING }}" \
-            --set "extraSecretEnvVars.AuthenticationOptions__PublicSigningKey=${{ secrets.DEV_AUTH_PUBLIC_SIGNING_KEY }}" \
-            --set "extraSecretEnvVars.AuthenticationOptions__PrivateSigningKey=${{ secrets.DEV_AUTH_PRIVATE_SIGNING_KEY }}" \
-            --set "extraSecretEnvVars.InnerCircleServiceUrls__MailServiceUrl=${{ secrets.DEV_MAIL_SERVICE_URL }}" \
-            --set "extraSecretEnvVars.InnerCircleServiceUrls__AuthUIServiceUrl=${{ secrets.DEV_AUTH_UI_SERVICE_URL }}" \
-            --set "extraSecretEnvVars.InnerCircleServiceUrls__AccountsServiceUrl=${{ secrets.DEV_ACCOUNTS_SERVICE_URL }}" \
-            --set "extraSecretEnvVars.InnerCircleServiceUrls__EmployeesServiceUrl=${{ secrets.DEV_EMPLOYEES_SERVICE_URL }}" \
-            "${RELEASE_NAME}" \
-            bitnami/aspnet-core --version 4.4.7
-          kubeconfig: "${{ secrets.DEV_KUBECONFIG }}"
+          helmfile-version: 'v0.164.0'
+          helm-version: 'v3.14.4'
+          helmfile-args: >
+            apply --namespace dev-inner-circle -f Api/ci/helmfile.yaml
+            --state-values-set image.tag=sha-${{ github.sha }} 
+            --state-values-set ingress.enabled=true
+            --state-values-set ingress.hostname=${{ secrets.DEV_HOST }}
+            --state-values-set extraSecretEnvVars.ConnectionStrings__DefaultConnection=${{ secrets.DEV_POSTGRESQL_CONNECTION_STRING }}
+            --state-values-set extraSecretEnvVars.AuthenticationOptions__PublicSigningKey=${{ secrets.DEV_AUTH_PUBLIC_SIGNING_KEY }}
+            --state-values-set extraSecretEnvVars.AuthenticationOptions__PrivateSigningKey=${{ secrets.DEV_AUTH_PRIVATE_SIGNING_KEY }}
+            --state-values-set extraSecretEnvVars.InnerCircleServiceUrls__MailServiceUrl=${{ secrets.DEV_MAIL_SERVICE_URL }}
+            --state-values-set extraSecretEnvVars.InnerCircleServiceUrls__AuthUIServiceUrl=${{ secrets.DEV_AUTH_UI_SERVICE_URL }}
+            --state-values-set extraSecretEnvVars.InnerCircleServiceUrls__AccountsServiceUrl=${{ secrets.DEV_ACCOUNTS_SERVICE_URL }}
+            --state-values-set extraSecretEnvVars.InnerCircleServiceUrls__EmployeesServiceUrl=${{ secrets.DEV_EMPLOYEES_SERVICE_URL }}
+          helmfile-auto-init: "false"

.gitignore

@@ -7,6 +7,7 @@ obj/
 .vs
 *.sln.DotSettings.user
 *.csproj.user
+target
 
 # storage for pgadmin
 */pgadmin/sessions/

Api/Dockerfile

@@ -1,23 +1,30 @@
 #See https://aka.ms/containerfastmode to understand how Visual Studio uses this Dockerfile to build your images for faster debugging.
 
+# This stage is used when running from VS in fast mode (Default for Debug configuration)
 FROM mcr.microsoft.com/dotnet/aspnet:8.0 AS base
+USER $APP_UID
 WORKDIR /app
 EXPOSE 80
-EXPOSE 443
 
+# This stage is used to build the service project
 FROM mcr.microsoft.com/dotnet/sdk:8.0 AS build
+ARG BUILD_CONFIGURATION=Release
+ARG EXCLUDE_UNIT_TESTS_FROM_BUILD=${EXCLUDE_UNIT_TESTS_FROM_BUILD}
 WORKDIR /src
 COPY ["Api/Api.csproj", "Api/"]
-COPY ["DataAccess/DataAccess.csproj", "DataAccess/"]
 RUN dotnet restore "Api/Api.csproj"
 COPY . .
 WORKDIR "/src/Api"
-RUN dotnet build "Api.csproj" -c Release -o /app/build
+RUN dotnet build "./Api.csproj" -c $BUILD_CONFIGURATION -o /app/build /p:EXCLUDE_UNIT_TESTS_FROM_BUILD=$EXCLUDE_UNIT_TESTS_FROM_BUILD
 
+# This stage is used to publish the service project to be copied to the final stage
 FROM build AS publish
-RUN dotnet publish "Api.csproj" -c Release -o /app/publish /p:UseAppHost=false
+ARG BUILD_CONFIGURATION=Release
+RUN dotnet publish "./Api.csproj" -c $BUILD_CONFIGURATION -o /app/publish /p:UseAppHost=false /p:EXCLUDE_UNIT_TESTS_FROM_BUILD=$EXCLUDE_UNIT_TESTS_FROM_BUILD
 
+# This stage is used in production or when running from VS in regular mode (Default when not using the Debug configuration)
 FROM base AS final
 WORKDIR /app
 COPY --from=publish /app/publish .
+ENV ASPNETCORE_HTTP_PORTS=80
 ENTRYPOINT ["dotnet", "Api.dll"]

Api/Properties/launchSettings.json

@@ -1,14 +1,15 @@
 {
   "profiles": {
-    "Api": {
+    "MockForDevelopment": {
       "commandName": "Project",
-      "launchBrowser": true,
-      "launchUrl": "swagger",
       "environmentVariables": {
-        "ASPNETCORE_ENVIRONMENT": "Debug"
+        "ASPNETCORE_URLS": "http://*:5503",
+        "ASPNETCORE_ENVIRONMENT": "MockForDevelopment"
       },
-      "applicationUrl": "http://localhost:5002",
+      "publishAllPorts": true,
+      "useSSL": false,
       "dotnetRunMessages": true
     }
-  }
+  },
+  "$schema": "https://json.schemastore.org/launchsettings.json"
 }