Removed pull event from build stage

.dockerignore

@@ -12,7 +12,6 @@
 **/*.dbmdl
 **/*.jfm
 **/azds.yaml
-**/bin
 **/charts
 **/docker-compose*
 **/Dockerfile*
@@ -28,3 +27,6 @@ README.md
 !.git/config
 !.git/packed-refs
 !.git/refs/heads/**
+# Ensure the build output is NOT ignored
+!**/bin/Release/**/publish/
+!**/publish/

.drone.yml

@@ -1,108 +1,68 @@
 ---
 kind: pipeline
-type: kubernetes
+type: docker
-name: build
+name: build-and-package
-
-clone:
-  disable: true
 
 steps:
-  - name: git clone
+  - name: build-test-publish
-    image: drone/git
+    image: nexus.khongisa.co.za/sdk:10.0
-    environment:
-      REPO_URL: http://gitea-server.gitea.svc.cluster.local:3000/mngomalab/sampleapi.git
     commands:
-      - git clone $REPO_URL .
+      - dotnet restore --source https://nexus.khongisa.co.za/repository/nuget-group/index.json --no-cache
-      - git checkout $DRONE_COMMIT
+      - dotnet build --configuration Release --no-restore
+      - dotnet test --configuration Release --no-build
+      - dotnet publish --configuration Release --no-build
 
-  - name: dotnet restore
+  - name: docker-build-and-push
-    image: mcr.microsoft.com/dotnet/sdk:8.0
-    commands:
-      - dotnet restore
-
-  - name: dotnet build
-    image: mcr.microsoft.com/dotnet/sdk:8.0
-    commands:
-      - dotnet build --configuration Release
-      - ls ./SampleApi/bin/Release/net8.0/
-
-  - name: dotnet test
-    image: mcr.microsoft.com/dotnet/sdk:8.0
-    commands:
-      - dotnet test --configuration Release
-
----
-kind: pipeline
-type: kubernetes
-name: package
-
-depends_on:
-  - build
-
-clone:
-  disable: true
-
-steps:
-  - name: git clone
-    image: drone/git
-    environment:
-      REPO_URL: http://gitea-server.gitea.svc.cluster.local:3000/mngomalab/sampleapi.git
-    commands:
-      - git clone $REPO_URL .
-      - git checkout $DRONE_COMMIT
-
-  - name: dotnet publish
-    image: mcr.microsoft.com/dotnet/sdk:8.0
-    commands:
-      - dotnet publish --configuration Release
-      - ls ./SampleApi/bin/Release/net8.0/publish/
-
-  - name: docker build and push
     image: plugins/docker
     settings:
-      repo: registry-server.registry.svc.cluster.local:5000/sampleapi
+      registry: nexus.khongisa.co.za
-      auto_tag: true
+      repo: nexus.khongisa.co.za/webapitest
-      registry: registry-server.registry.svc.cluster.local:5000
+      tags: [ "${DRONE_BUILD_NUMBER}", "latest" ]
-      insecure: true
+      username: { from_secret: docker_username }
-      username:
+      password: { from_secret: docker_password }
-        from_secret: registry-username
+
-      password:
+  - name: vulnerability-scan
-        from_secret: registry-password
+    image: aquasec/trivy:0.50.1
-      dockerfile: Dockerfile
+    environment:
-      context: ./SampleApi/bin/Release/net8.0/publish/
+      TRIVY_USERNAME: { from_secret: docker_username }
+      TRIVY_PASSWORD: { from_secret: docker_password }
+    commands:
+      - trivy image --image-src remote --exit-code 1 --severity CRITICAL nexus.khongisa.co.za/webapitest:${DRONE_BUILD_NUMBER}
+
+trigger:
+  branch:
+    - main
+  event:
+    exclude:
+      - promote
 
 ---
 kind: pipeline
-type: kubernetes
+type: docker
-name: deploy
+name: deploy-to-uat
 
 depends_on:
-  - package
+  - build-and-package
-
-clone:
-  disable: true
 
 steps:
-  - name: git clone
+  - name: uat-deployment
-    image: drone/git
+    image: appleboy/drone-ssh
-    environment:
-      REPO_URL: http://gitea-server.gitea.svc.cluster.local:3000/mngomalab/sampleapi.git
-    commands:
-      - git clone $REPO_URL .
-      - git checkout $DRONE_COMMIT
-
-  - name: ensure namespace
-    image: bitnami/kubectl:latest
-    commands:
-      - kubectl create namespace sampleapi --dry-run=client -o yaml | kubectl apply -f -
-
-  - name: deploy
-    image: danielgormly/drone-plugin-kube:0.0.1
     settings:
-      template: ./manifests/deploy.yml
+      host: { from_secret: ssh_host }
-      namespace: sampleapi
+      username: { from_secret: ssh_user }
-      ca:
+      password: { from_secret: ssh_password }
-        from_secret: kube_ca_cert
+      script:
-      server: https://lead:6443
+        - echo $DOCKER_PASSWORD | docker login nexus.khongisa.co.za -u $DOCKER_USERNAME --password-stdin
-      token:
+        - docker pull nexus.khongisa.co.za/webapitest:latest
-        from_secret: k8s-token
+        - docker stop webapi 2>/dev/null || true
+        - docker rm webapi 2>/dev/null || true
+        - docker run -d --name webapi --restart unless-stopped -e ASPNETCORE_ENVIRONMENT=Development -p 4000:8081 nexus.khongisa.co.za/webapitest:latest
+    environment:
+      DOCKER_USERNAME: { from_secret: docker_username }
+      DOCKER_PASSWORD: { from_secret: docker_password }
+
+trigger:
+  event:
+    - promote
+  target:
+    - staging

Dockerfile

@@ -1,13 +1,11 @@
-FROM mcr.microsoft.com/dotnet/aspnet:8.0 AS base
+FROM nexus.khongisa.co.za/aspnet:10.0 AS final
+WORKDIR /app
 
 USER app
-WORKDIR /app
 
-EXPOSE 8080
+COPY --chown=app:app ./SampleApi/bin/Release/net10.0/publish/ .
+
 EXPOSE 8081
+ENV ASPNETCORE_HTTP_PORTS=8081
 
-COPY . /app
-
-FROM base AS final
-WORKDIR /app
 ENTRYPOINT ["dotnet", "SampleApi.dll"]

SampleApi/Controllers/DemoController.cs

@@ -0,0 +1,43 @@
+using Microsoft.AspNetCore.Mvc;
+
+// For more information on enabling Web API for empty projects, visit https://go.microsoft.com/fwlink/?LinkID=397860
+
+namespace SampleApi.Controllers
+{
+    [Route("api/[controller]")]
+    [ApiController]
+    public class DemoController : ControllerBase
+    {
+        // GET: api/<DemoController>
+        [HttpGet]
+        public IEnumerable<string> Get()
+        {
+            return new string[] { "value1", "value2" };
+        }
+
+        // GET api/<DemoController>/5
+        [HttpGet("{id}")]
+        public string Get(int id)
+        {
+            return "value";
+        }
+
+        // POST api/<DemoController>
+        [HttpPost]
+        public void Post([FromBody] string value)
+        {
+        }
+
+        // PUT api/<DemoController>/5
+        [HttpPut("{id}")]
+        public void Put(int id, [FromBody] string value)
+        {
+        }
+
+        // DELETE api/<DemoController>/5
+        [HttpDelete("{id}")]
+        public void Delete(int id)
+        {
+        }
+    }
+}

SampleApi/Program.cs

@@ -1,25 +1,22 @@
 var builder = WebApplication.CreateBuilder(args);
 
-// Add services to the container.
-
 builder.Services.AddControllers();
-// Learn more about configuring Swagger/OpenAPI at https://aka.ms/aspnetcore/swashbuckle
 builder.Services.AddEndpointsApiExplorer();
 builder.Services.AddSwaggerGen();
+builder.Services.AddHealthChecks();
 
 var app = builder.Build();
 
-// Configure the HTTP request pipeline.
 if (app.Environment.IsDevelopment())
 {
     app.UseSwagger();
     app.UseSwaggerUI();
 }
 
+app.MapHealthChecks("/health");
+app.UseRouting();
 app.UseHttpsRedirection();
-
 app.UseAuthorization();
-
 app.MapControllers();
 
 app.Run();

SampleApi/SampleApi.csproj

@@ -1,7 +1,7 @@
 <Project Sdk="Microsoft.NET.Sdk.Web">
 
   <PropertyGroup>
-    <TargetFramework>net8.0</TargetFramework>
+    <TargetFramework>net10.0</TargetFramework>
     <Nullable>enable</Nullable>
     <ImplicitUsings>enable</ImplicitUsings>
     <UserSecretsId>cfe6b4ce-2d40-4273-b3a3-e4df67304fc5</UserSecretsId>
@@ -9,8 +9,9 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.VisualStudio.Azure.Containers.Tools.Targets" Version="1.19.6" />
+    <PackageReference Include="Microsoft.VisualStudio.Azure.Containers.Tools.Targets" Version="1.23.0" />
-    <PackageReference Include="Swashbuckle.AspNetCore" Version="6.4.0" />
+    <PackageReference Include="Polly" Version="8.6.6" />
+    <PackageReference Include="Swashbuckle.AspNetCore" Version="10.1.7" />
   </ItemGroup>
 
 </Project>

docker-compose.yml

@@ -0,0 +1,10 @@
+version: '3.8'
+services:
+  web:
+    build:
+      context: .
+      dockerfile: Dockerfile
+    ports:
+      - "8081:8081"
+    environment:
+      - ASPNETCORE_ENVIRONMENT=Development

flows.md

@@ -0,0 +1,65 @@
+flowchart TD
+    %% Combined MVP + Future Features for Executive Slide
+
+    %% MVP Section
+    subgraph MVP["MVP Go-Live (Critical Path)"]
+        A[Define MVP Requirements & Roles] --> B[DB Schema: Polls, Users, Responses]
+        B --> C[Azure AD/B2C: Tenant + User Groups]
+        C --> D[Tenant + Entitlements API w/ cache]
+        D --> E[Frontend: Blazor/MudBlazor Login & Poll UI]
+        E --> F[Backend API: Poll CRUD, Subscriptions, Responses]
+        F --> G[APIM Gateway: x-tenantid validation]
+        G --> H[Storage: SQL, Blob, Table]
+        H --> I[Testing: Multi-Tenant Validation]
+        I --> J[Invite-first Onboarding & Mapping]
+        J --> K[JWT Tokens with Claims & Roles]
+        K --> L[Poll Lifecycle: Activate / Deactivate / Response Submission]
+        L --> M[Go-Live & Monitoring]
+    end
+
+    %% Future Features Section
+    subgraph Future["Future Enhancements (Optional / Roadmap)"]
+        R1[Advanced Reporting & Analytics] --> R2[Poll Scheduling / Recurring Polls]
+        R2 --> R3[Multi-language Support]
+        R3 --> R4[Deep-linking & Email Notifications]
+        R4 --> R5[Theme / Branding Per Tenant]
+        R5 --> R6[Custom Dashboard & Graphs]
+        R6 --> R7[Responsive / Mobile Enhancements]
+        R7 --> R8[Advanced RBAC & Entitlements Features]
+        R8 --> R9[Audit Logging & History]
+        R9 --> R10[Ban / Blacklist Improvements]
+        R10 --> R11[External API Hooks & Webhooks]
+        R11 --> R12[3rd Party Analytics Integration]
+    end
+
+    %% Dependencies
+    M --> R1
+
+    %% Styling
+    style MVP fill:#b3d9ff,stroke:#333,stroke-width:2px
+    style Future fill:#e6e6e6,stroke:#999,stroke-dasharray: 5 5,stroke-width:2px
+    style A fill:#cce5ff
+    style B fill:#cce5ff
+    style C fill:#cce5ff
+    style D fill:#cce5ff
+    style E fill:#cce5ff
+    style F fill:#cce5ff
+    style G fill:#cce5ff
+    style H fill:#cce5ff
+    style I fill:#cce5ff
+    style J fill:#cce5ff
+    style K fill:#cce5ff
+    style L fill:#cce5ff
+    style M fill:#80b3ff
+    style R1 fill:#f2f2f2
+    style R2 fill:#f2f2f2
+    style R3 fill:#f2f2f2
+    style R4 fill:#f2f2f2
+    style R5 fill:#f2f2f2
+    style R6 fill:#f2f2f2
+    style R7 fill:#f2f2f2
+    style R8 fill:#f2f2f2
+    style R9 fill:#f2f2f2
+    style R10 fill:#f2f2f2
+    style R11 fill:#f2f2f2
+    style R12 fill:#f2f2f2

manifests/deploy.yml

@@ -1,92 +0,0 @@
----
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: experiments
-  labels:
-    name: experiments
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: sampleapi-config
-  namespace: experiments
-data:
-  appname: "SampleApi"
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: sampleapi
-  namespace: experiments
-  labels:
-    app: sampleapi
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: sampleapi
-  template:
-    metadata:
-      labels:
-        app: sampleapi
-    spec:
-      containers:
-        - name: sampleapi
-          image: registry.registry.svc.cluster.local:5000/experiments/sampleapi:latest
-          imagePullPolicy: Always
-          ports:
-            - name: http
-              containerPort: 8080
-            - name: https
-              containerPort: 8081
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: sampleapi
-  namespace: experiments
-spec:
-  type: ClusterIP
-  selector:
-    app: sampleapi
-  ports:
-    - name: http
-      port: 80
-      targetPort: 8080
-    - name: https
-      port: 443
-      targetPort: 8081
----
-apiVersion: traefik.io/v1alpha1
-kind: IngressRoute
-metadata:
-  name: sampleapi-http
-  namespace: experiments
-spec:
-  entryPoints:
-    - web
-  routes:
-    - match: Host(`sampleapi.apps.mngoma.lab`)
-      kind: Rule
-      services:
-        - name: sampleapi
-          port: 80
-          scheme: http
----
-apiVersion: traefik.io/v1alpha1
-kind: IngressRoute
-metadata:
-  name: sampleapi-https
-  namespace: experiments
-spec:
-  entryPoints:
-    - websecure
-  routes:
-    - match: Host(`sampleapi.apps.mngoma.lab`)
-      kind: Rule
-      services:
-        - name: sampleapi
-          port: 443
-          scheme: http
-  tls: {}

manifests/deployment.yaml.bak

@@ -1,93 +0,0 @@
-# namespace
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: experiments
-  labels:
-    name: experiments
----
-# config map
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: sampleapi-configmap
-  namespace: experiments
-data:
-  appname: "SampleApi"
----
-# deployment
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: sampleapi-deployment
-  namespace: experiments
-  labels:
-    app: sampleapi
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: sampleapi
-  template:
-    metadata:
-      labels:
-        app: sampleapi
-    spec:
-      containers:
-      - name: sampleapi
-        image: khwezi/mngomalab:latest
-        imagePullPolicy: IfNotPresent
-        ports:
-        - name: http
-          containerPort: 8080
-          protocol: TCP
-        - name: https
-          containerPort: 8081
-          protocol: TCP
----
-# service
-apiVersion: v1
-kind: Service
-metadata:
-  name: sampleapi-service
-  namespace: experiments
-spec:
-  type: ClusterIP
-  selector:
-    app: sampleapi
-    app.kubernetes.io/instance: sampleapi
-  ports:
-  - port: 8080
-    targetPort: 80
-  - port: 8081
-    targetPort: 443
----
-# ingress
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: sampleapi-ingress
-  namespace: experiments
-  annotations:
-    cert-manager.io/cluster-issuer: sampleapi-secret
-    nginx.ingress.kubernetes.io/rewrite-target: /$1
-    nginx.ingress.kubernetes.io/ssl-redirect: "false"
-    cert-manager.io/private-key-size: "4096"
-spec:
-  ingressClassName: nginx
-  rules:
-  - host: sampleapi.main.k3s.lab.mngoma.africa
-    http:
-      paths:
-      - pathType: Prefix
-        path: /
-        backend:
-          service:
-            name: sampleapi-service
-            port:
-              number: 80
-  tls:
-  - hosts:
-    - sampleapi.main.k3s.lab.mngoma.africa
-    secretName: sampleapi-secret
-