opserver
diff --git a/.github/actions/build_docker/action.yml b/.github/actions/build_docker/action.yml
@@ -0,0 +1,66 @@
+name: Docker build and push
+description: Build the image and pushes to registry
+
+inputs:
+  version:
+    description: The version to use for the Docker image
+    required: true
+  dockerfile_path:
+    description: Dockerfile location
+    required: true
+  image_name:
+    description: The Docker image name, with the registry prefix
+    required: true
+  registry_prod:
+    description: Docker registry prod
+    required: true
+  registry_username:
+    description: Docker registry username
+    required: true
+  registry_password:
+    description: Docker registry password
+    required: true
+  build_args:
+    description: Arguments to pass to docker build
+    required: false
+    default: ''
+
+runs:
+  using: composite
+  steps:
+  - name: Setup up Docker Buildx
+    uses: docker/setup-buildx-action@v3
+
+  - name: Docker Image Metadata
+    id: metadata
+    uses: docker/metadata-action@v5
+    with:
+      images: ${{ inputs.image_name }}
+      # https://github.com/docker/metadata-action/tree/master?tab=readme-ov-file#priority-attribute
+      # The default priority of sha is 100, and for custom/raw tags is 200. The highest the most priority.
+      # We want the sha tag to be the one used for the OCI label and the version output, so we set the priority of the custom date tag to the lowest.
+      tags: |
+        type=sha,priority=100
+        ${{ inputs.version }},priority=1
+        type=ref,event=pr
+      flavor: latest=false
+
+  - name: Login to Docker Registry - prod
+    uses: docker/login-action@v3
+    with:
+      registry: ${{ inputs.registry_prod }}
+      username: ${{ inputs.registry_username }}
+      password: ${{ inputs.registry_password }}
+
+  - name: Build Image
+    uses: docker/build-push-action@v6
+    with:
+      push: true
+      context: .
+      file: ${{ inputs.dockerfile_path }}
+      tags: ${{ steps.metadata.outputs.tags }}
+      labels: ${{ steps.metadata.outputs.labels }}
+      provenance: true
+      build-args: |
+        DOTNET_VERSION=${{ env.DOTNET_VERSION }}
+        BUNDLE_VERSION=${{ inputs.version }}
diff --git a/.github/actions/date_version/action.yml b/.github/actions/date_version/action.yml
@@ -0,0 +1,32 @@
+name: Date Based Version
+description: Generates a version based on todays date and the github actions run number.  Exposes this version as an output variable.
+outputs:
+  version:
+    description: "Generated Date Based Version"
+    value: ${{ steps.generate-version.outputs.version }}
+
+runs:
+  using: composite
+  steps:
+  - name: Generate Version
+    id: generate-version
+    shell: bash
+    run: |
+      set -euo pipefail
+      github_run_number=${{ github.run_number }}
+      github_ref=${{ github.ref }}
+      build_number=$(($github_run_number % 65535))
+
+      date=$(date +%Y.%-m.%-d)
+
+      version="${date}.${build_number}"
+      is_pr=0
+      echo $github_ref | grep "^refs\/pull\/" && is_pr=1
+
+      if [ $is_pr -eq 1 ]
+      then
+        version="${version}-pr"
+      fi
+
+      echo "Version: $version"
+      echo "version=$version" >> $GITHUB_OUTPUT
diff --git a/.github/workflows/build_app_docker_image.yml b/.github/workflows/build_app_docker_image.yml
@@ -0,0 +1,43 @@
+name: Build docker
+
+on:
+  workflow_call:
+    inputs:
+      version:
+        type: string
+        required: true
+    secrets:
+      registry_username:
+        required: true
+      registry_password:
+        required: true
+      nuget_user:
+        required: true
+      nuget_password:
+        required: true
+
+env:
+    BUILDKIT_PROGRESS: plain
+    SERVICE_IMAGE_NAME: ${{ vars.CLOUDSMITH_DOCKER_REGISTRY_PROD }}/stackeng/opserver/opserver
+
+jobs:
+  build_docker:
+    name: Docker build and push
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout Repository
+      uses: actions/checkout@v4
+      with:
+        fetch-depth: 0 #Fetch entire history for NerdBank to calculate the version
+
+    - uses: ./.github/actions/build_docker
+      id: image
+      with:
+        version: ${{ inputs.version }}
+        dockerfile_path: ./Dockerfile
+        image_name: ${{ env.SERVICE_IMAGE_NAME }}
+        registry_prod: ${{ vars.CLOUDSMITH_DOCKER_REGISTRY_PROD }}
+        registry_username: ${{ secrets.registry_username }}
+        registry_password: ${{ secrets.registry_password }}        
+        scan_image: true
+
diff --git a/.github/workflows/build_cnab.yml b/.github/workflows/build_cnab.yml
@@ -0,0 +1,37 @@
+name: Build CNAB invocation image
+
+on:
+  workflow_call:
+    inputs:
+      version:
+        description: The version to use for the Octopus release
+        type: string
+        required: true
+    secrets:
+      registry_username:
+        required: true
+      registry_password:
+        required: true
+
+env:
+  CNAB_IMAGE_NAME: ${{ vars.CLOUDSMITH_DOCKER_REGISTRY_PROD }}/stackeng/opserver/opserver-cnab
+
+jobs:
+  build_image:
+    name: Build and release CNAB invocation image
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout Repository
+      uses: actions/checkout@v4
+      with:
+        fetch-depth: 0
+
+    - uses: ./.github/actions/build_docker
+      with:
+        version: ${{ inputs.version }}
+        dockerfile_path: ./cnab/build/Dockerfile
+        image_name: ${{ env.CNAB_IMAGE_NAME }}
+        registry_prod: ${{ vars.CLOUDSMITH_DOCKER_REGISTRY_PROD }}
+        registry_username: ${{ secrets.registry_username }}
+        registry_password: ${{ secrets.registry_password }}
+
diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -4,12 +4,12 @@ on: [push]
 
 jobs:
   build:
-    runs-on: windows-2019
+    runs-on: ubuntu-latest 
     steps:
     - name: Setup .NET
-      uses: actions/setup-dotnet@v1
+      uses: actions/setup-dotnet@v4
       with:
-        dotnet-version: 6.0.x
-    - uses: actions/checkout@v1
+        dotnet-version: 8.0.x
+    - uses: actions/checkout@v4
     - name: Build with dotnet
       run: dotnet build
diff --git a/.github/workflows/workflow_build_and_release_containers.yaml b/.github/workflows/workflow_build_and_release_containers.yaml
@@ -0,0 +1,91 @@
+name: Build images and create Octopus release
+run-name: 'Build images and create release'
+
+on:
+  workflow_dispatch:
+  pull_request:
+    types: [opened, reopened, synchronize, labeled, ready_for_review]
+    paths-ignore:
+      - README.md
+  push:
+    branches:
+      - main
+    paths-ignore:
+      - README.md
+
+jobs:
+  generate_date_version:
+    runs-on: ubuntu-latest
+    outputs:
+      version: ${{ steps.date-version.outputs.version }}
+    steps:
+    - name: Checkout repo so we have local action file
+      uses: actions/checkout@v4
+    - name: Generate Date Version
+      id: date-version
+      uses: ./.github/actions/date_version
+
+  build_docker:
+    needs: [generate_date_version]
+    uses: ./.github/workflows/build_app_docker_image.yml
+    with:
+      version: ${{ needs.generate_date_version.outputs.version }}
+    secrets:
+      registry_username: ${{ secrets.CLOUDSMITH_API_ACCOUNT }}
+      registry_password: ${{ secrets.CLOUDSMITH_API_KEY }}
+      nuget_user: ${{ secrets.CLOUDSMITH_API_ACCOUNT }}
+      nuget_password: ${{ secrets.CLOUDSMITH_API_KEY }}
+
+  build_cnab:
+    uses: ./.github/workflows/build_cnab.yml
+    needs: [generate_date_version]
+    with:
+      version: ${{ needs.generate_date_version.outputs.version }}
+    secrets:
+      registry_username: ${{ secrets.CLOUDSMITH_API_ACCOUNT }}
+      registry_password: ${{ secrets.CLOUDSMITH_API_KEY }}
+  create_release:
+    needs: [build_docker, build_cnab, generate_date_version]
+    runs-on: ubuntu-latest
+    steps:
+      - name: Install Octopus CLI 🐙
+        uses: OctopusDeploy/install-octopus-cli-action@v3
+        with:
+          # Not pinning CLI version since we trust Octopus Deploy as one of our direct vendors and this ensures we
+          # keep up-to-date with Octopus Cloud changes
+          version: '*'
+
+      - name: determine if we should create release and deploy
+        id: should-create-release
+        run: |
+          if [[ ${{ github.ref_name == 'main' || github.pull_request.labels.*.name == 'deploy-to-ascn-dev' }} ]]; then
+            echo "SHOULD_CREATE_RELEASE=true" >> $GITHUB_ENV
+          else
+            echo "SHOULD_CREATE_RELEASE=false" >> $GITHUB_ENV
+          fi
+
+      - name: Create Octo Release if main or deploy to sandbox label present
+        # if: env.SHOULD_CREATE_RELEASE == 'true'
+        env:
+          OCTOPUS_URL: ${{ vars.OCTOPUS_CLOUD_URL }}
+          OCTOPUS_API_KEY: ${{ secrets.OCTOPUS_CLOUD_API_KEY }}
+        run: |
+          octoSpaceId="Default"
+          octoProjectId="opserver"
+
+          octopus release create -p $octoProjectId -s $octoSpaceId -v "${{ needs.generate_date_version.outputs.version }}"
+
+
+      - name: Deploy via Octopus if main or deploy to ascn-dev if label present
+        # if: env.SHOULD_CREATE_RELEASE == 'true'
+        env:
+          OCTOPUS_URL: ${{ vars.OCTOPUS_CLOUD_URL }}
+          OCTOPUS_API_KEY: ${{ secrets.OCTOPUS_CLOUD_API_KEY }}
+        run: |
+          octoSpaceId="Default"
+          octoProjectId="opserver"
+          environmentId="${{ github.ref_name == 'main' && 'test' || 'dev' }}"
+          tenantId="${{ github.ref_name == 'main' && 'main' || 'ascn' }}"
+
+          octopus release deploy -p $octoProjectId -s $octoSpaceId --version "${{ needs.generate_date_version.outputs.version }}" \
+          -e $environmentId --tenant $tenantId
diff --git a/.gitignore b/.gitignore
@@ -1,3 +1,10 @@
+# These get copied locally when running Invoke-CNAB not in a container
+# Temporarily including these while building out CNAB v2 support
+cnab/app/container-registry-discovery.ps1
+cnab/app/gcp-cluster-discovery.ps1
+cnab/app/run.ps1
+cnab/app/utils.ps1
+
 #################
 ## Visual Studio
 #################

diff --git a/.vscode/launch.json b/.vscode/launch.json
@@ -0,0 +1,15 @@
+{
+    // Use IntelliSense to learn about possible attributes.
+    // Hover to view descriptions of existing attributes.
+    // For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387
+    "version": "0.2.0",
+    "configurations": [
+        {
+            "name": "Invoke-CNAB",
+            "type": "PowerShell",
+            "request": "launch",
+            "script": "${workspaceFolder}/cnab/Invoke-CNAB.ps1",
+            "args": []
+        }
+    ]
+}
diff --git a/Dockerfile b/Dockerfile
@@ -1,8 +1,8 @@
-FROM mcr.microsoft.com/dotnet/sdk:6.0 AS build
+FROM mcr.microsoft.com/dotnet/sdk:8.0 AS build
 WORKDIR /app
 
 # Global
-COPY ./*.sln ./nuget.config ./
+COPY ./*.sln ./
 # Apps
 COPY src/*/*.csproj ./
 RUN for file in $(ls *.csproj); do mkdir -p src/${file%.*}/ && mv $file src/${file%.*}/; done
@@ -22,7 +22,13 @@ WORKDIR /app/src/Opserver.Web
 RUN dotnet publish -c Release -o publish
 
 # Build runtime image
-FROM mcr.microsoft.com/dotnet/aspnet:6.0 AS web
+FROM cr.stackoverflow.software/so-aspnet:8.0-jammy-chiseled-extra AS base
+
+USER $APP_UID
+
 WORKDIR /app
-COPY --from=web-publish /app/src/Opserver.Web/publish ./
-ENTRYPOINT ["dotnet", "Opserver.Web.dll"]
+COPY --chown=app:app --from=web-publish /app/src/Opserver.Web/publish ./
+COPY --chown=app:app --from=web-publish /app/src/Opserver.Web/opserverSettings.json ./Config/opserverSettings.json
+
+
+ENTRYPOINT ["dotnet", "Opserver.Web.dll"]
diff --git a/charts/opserver/.helmignore b/charts/opserver/.helmignore
@@ -0,0 +1,24 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
+.github/CODEOWNERS