NetCoreTemplates
diff --git a/‎.github/workflows/build-container.yml‎
Lines changed: 35 additions & 7 deletions b/‎.github/workflows/build-container.yml‎
Lines changed: 35 additions & 7 deletions
diff --git a/‎.github/workflows/build.yml‎
Lines changed: 18 additions & 2 deletions b/‎.github/workflows/build.yml‎
Lines changed: 18 additions & 2 deletions
diff --git a/‎.github/workflows/release.yml‎
Lines changed: 38 additions & 30 deletions b/‎.github/workflows/release.yml‎
Lines changed: 38 additions & 30 deletions
diff --git a/‎Dockerfile‎
Lines changed: 91 additions & 0 deletions b/‎Dockerfile‎
Lines changed: 91 additions & 0 deletions
diff --git a/‎MyApp.Client/app/admin/page.tsx‎
Lines changed: 0 additions & 24 deletions b/‎MyApp.Client/app/admin/page.tsx‎
Lines changed: 0 additions & 24 deletions
@@ -15,8 +15,6 @@ on:
 # Only update envs here if you need to change them for this workflow
 env:
   DOCKER_BUILDKIT: 1
-  KAMAL_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
-  KAMAL_REGISTRY_USERNAME: ${{ github.actor }}
   KAMAL_DEPLOY_HOST: ${{ secrets.KAMAL_DEPLOY_HOST }}
 
 jobs:
@@ -34,6 +32,24 @@ jobs:
           echo "repository_name_lower=$(echo ${{ github.repository }} | cut -d '/' -f 2 | tr '[:upper:]' '[:lower:]')" >> $GITHUB_ENV
           echo "org_name=$(echo ${{ github.repository }} | cut -d '/' -f 1)" >> $GITHUB_ENV
 
+          # Set SERVICE_LABEL: derive from GITHUB_REPOSITORY (replace dots with dashes)
+          echo "SERVICE_LABEL=$(echo ${{ github.repository }} | cut -d '/' -f 2 | tr '.' '-')" >> $GITHUB_ENV
+
+          # Set KAMAL_DEPLOY_HOST: use secret if available, otherwise use repository name
+          if [ -n "${{ secrets.KAMAL_DEPLOY_HOST }}" ]; then
+            DEPLOY_HOST="${{ secrets.KAMAL_DEPLOY_HOST }}"
+          else
+            DEPLOY_HOST="$(echo ${{ github.repository }} | cut -d '/' -f 2)"
+          fi
+
+          # Validate KAMAL_DEPLOY_HOST contains at least one '.'
+          if [[ ! "$DEPLOY_HOST" == *.* ]]; then
+            echo "Error: KAMAL_DEPLOY_HOST must contain a hostname, e.g. example.com (got: $DEPLOY_HOST)"
+            exit 1
+          fi
+
+          echo "KAMAL_DEPLOY_HOST=$DEPLOY_HOST" >> $GITHUB_ENV
+
       # This step is for the deployment of the templates only, safe to delete
       - name: Modify csproj for template deploy
         env: 
@@ -62,6 +78,11 @@ jobs:
         working-directory: ./MyApp.Client
         run: npm install
 
+      - name: Build client
+        if: steps.check_client.outputs.client_exists == 'true'
+        working-directory: ./MyApp.Client
+        run: npm run build
+
       - name: Install x tool
         run: dotnet tool install -g x
 
@@ -80,17 +101,24 @@ jobs:
         uses: docker/login-action@v3
         with:
           registry: ghcr.io
-          username: ${{ env.KAMAL_REGISTRY_USERNAME }}
-          password: ${{ env.KAMAL_REGISTRY_PASSWORD }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Setup .NET
         uses: actions/setup-dotnet@v5
         with:
-          dotnet-version: 8.0.x
+          dotnet-version: 10.0.x
 
       - name: Build and push Docker image
         env:
           SERVICESTACK_LICENSE: ${{ secrets.SERVICESTACK_LICENSE }}
-          KAMAL_DEPLOY_HOST: ${{ secrets.KAMAL_DEPLOY_HOST }}
+          KAMAL_DEPLOY_HOST: ${{ env.KAMAL_DEPLOY_HOST }}
+          SERVICE_LABEL: ${{ env.SERVICE_LABEL }}
         run: |
-          dotnet publish --os linux --arch x64 -c Release -p:ContainerRepository=${{ env.image_repository_name }} -p:ContainerRegistry=ghcr.io -p:ContainerImageTags=latest -p:ContainerPort=80 -p:ContainerEnvironmentVariable="SERVICESTACK_LICENSE=${{ env.SERVICESTACK_LICENSE }}"
+          docker build \
+            --build-arg SERVICESTACK_LICENSE="$SERVICESTACK_LICENSE" \
+            --build-arg KAMAL_DEPLOY_HOST="$KAMAL_DEPLOY_HOST" \
+            --build-arg SERVICE_LABEL="$SERVICE_LABEL" \
+            -t ghcr.io/${{ env.image_repository_name }}:latest \
+            -f Dockerfile .
+          docker push ghcr.io/${{ env.image_repository_name }}:latest
@@ -16,10 +16,26 @@ jobs:
       - name: Setup dotnet
         uses: actions/setup-dotnet@v5
         with:
-          dotnet-version: 8.0.x
+          dotnet-version: 10.0.x
+
+      - name: Restore NuGet packages (use repo NuGet.config)
+        run: dotnet restore MyApp.slnx --configfile ./NuGet.Config
+
+      # If your feed requires authentication, enable and configure the step below.
+      # This example uses a Personal Access Token stored in secrets.NUGET_API_KEY.
+      # Alternatively, you can use the NuGet Authenticate action from Azure Pipelines.
+      # - name: Authenticate private NuGet feed
+      #   env:
+      #     NUGET_API_KEY: ${{ secrets.NUGET_API_KEY }}
+      #   run: |
+      #     dotnet nuget add source "https://YOUR_FEED_URL/index.json" \
+      #       --name "PrivateFeed" \
+      #       --username "YOUR_USERNAME" \
+      #       --password "$NUGET_API_KEY" \
+      #       --store-password-in-clear-text
 
       - name: build
-        run: dotnet build
+        run: dotnet build --no-restore
         working-directory: .
 
       - name: test
 
@@ -14,9 +14,11 @@ on:
 
 env:
   DOCKER_BUILDKIT: 1
-  KAMAL_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
-  KAMAL_REGISTRY_USERNAME: ${{ github.actor }}
   SERVICESTACK_LICENSE: ${{ secrets.SERVICESTACK_LICENSE }}
+  KAMAL_DEPLOY_IP: ${{ secrets.KAMAL_DEPLOY_IP }}
+  KAMAL_DEPLOY_HOST: ${{ secrets.KAMAL_DEPLOY_HOST }}
+  KAMAL_REGISTRY_USERNAME: ${{ github.actor }}
+  KAMAL_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
 
 jobs:
   release:
@@ -38,24 +40,12 @@ jobs:
             echo "HAS_MIGRATIONS=false" >> $GITHUB_ENV
           fi
 
-      # This step is for the deployment of the templates only, safe to delete
-      - name: Modify deploy.yml
-        env: 
-          KAMAL_DEPLOY_IP: ${{ secrets.KAMAL_DEPLOY_IP }}
-        if: env.KAMAL_DEPLOY_IP != null
-        run: |
-          sed -i "s/service: my-app/service: ${{ env.repository_name_lower }}/g" config/deploy.yml
-          sed -i "s#image: my-user/myapp#image: ${{ env.image_repository_name }}#g" config/deploy.yml
-          sed -i "s/- 192.168.0.1/- ${{ secrets.KAMAL_DEPLOY_IP }}/g" config/deploy.yml
-          sed -i "s/host: my-app.example.com/host: ${{ secrets.KAMAL_DEPLOY_HOST }}/g" config/deploy.yml
-          sed -i "s/MyApp/${{ env.repository_name }}/g" config/deploy.yml
-
       - name: Login to GitHub Container Registry
         uses: docker/login-action@v3
         with:
           registry: ghcr.io
-          username: ${{ env.KAMAL_REGISTRY_USERNAME }}
-          password: ${{ env.KAMAL_REGISTRY_PASSWORD }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Set up SSH key
         uses: webfactory/ssh-agent@v0.9.0
@@ -80,29 +70,47 @@ jobs:
         run: |
           kamal server bootstrap
 
+      - name: Ensure directories exist with correct permissions
+        run: |
+          echo "Creating directories with correct permissions"
+          kamal server exec "mkdir -p /opt/docker/${{ env.repository_name }}/App_Data /opt/docker/${{ env.repository_name }}/initdb.d"
+
+          echo "Setting app file permissions"
+          kamal server exec "chown -R 1654:1654 /opt/docker/${{ env.repository_name }}/App_Data /opt/docker/${{ env.repository_name }}/initdb.d"
+
       - name: Check if first run and execute kamal app boot if necessary
         run: |
-          FIRST_RUN_FILE=".${{ env.repository_name }}"
-          if ! kamal server exec --no-interactive -q "test -f $FIRST_RUN_FILE"; then
-            kamal server exec --no-interactive -q "touch $FIRST_RUN_FILE" || true
+          FIRST_RUN_FILE="~/first-run/${{ env.repository_name }}"
+          if ! kamal server exec -q "test -f $FIRST_RUN_FILE"; then
+            kamal server exec -q "mkdir -p ~/first-run && touch $FIRST_RUN_FILE" || true
+
+            if [ -n "${{env.INIT_DB_SQL}}" ]; then
+              echo "Initializing DB with INIT_DB_SQL secret..."
+              # Save the SQL content to a temporary file
+              echo "${{ env.INIT_DB_SQL }}" > init-db.sql
+              cat init-db.sql | kamal server exec -i "cat > /opt/docker/${{ env.repository_name }}/initdb.d/${{ env.repository_name }}.sql" && rm init-db.sql || true
+            fi
+            # Start all kamal accessories
+            kamal accessory boot all || true
+
+            # Deploy latest version
             kamal deploy -q -P --version latest || true
           else
             echo "Not first run, skipping kamal app boot"
-          fi          
+          fi
 
-      - name: Ensure file permissions
+      - name: Verify file permissions before deploy
+        run: |
+          kamal server exec --no-interactive "chown -R 1654:1654 /opt/docker/${{ env.repository_name }}/App_Data /opt/docker/${{ env.repository_name }}/initdb.d"
+
+      - name: Deploy with Kamal
         run: |
-          kamal server exec --no-interactive "mkdir -p /opt/docker/${{ env.repository_name }}/App_Data && chown -R 1654:1654 /opt/docker/${{ env.repository_name }}"
+          kamal lock release -v
+          kamal server exec --no-interactive 'echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin'
+          kamal server exec --no-interactive 'docker pull ghcr.io/${{ env.image_repository_name }}:latest'
+          kamal deploy -P --version latest
 
       - name: Migration
         if: env.HAS_MIGRATIONS == 'true'
         run: |
-          kamal server exec --no-interactive 'echo "${{ env.KAMAL_REGISTRY_PASSWORD }}" | docker login ghcr.io -u ${{ env.KAMAL_REGISTRY_USERNAME }} --password-stdin'
-          kamal server exec --no-interactive "docker pull ghcr.io/${{ env.image_repository_name }}:latest || true"
           kamal app exec --no-reuse --no-interactive --version=latest "--AppTasks=migrate"
-
-      - name: Deploy with Kamal
-        run: |
-          kamal lock release -v
-          kamal server exec --no-interactive 'echo "${{ env.KAMAL_REGISTRY_PASSWORD }}" | docker login ghcr.io -u ${{ env.KAMAL_REGISTRY_USERNAME }} --password-stdin'
-          kamal deploy -P --version latest
 
@@ -0,0 +1,91 @@
+# Multi-stage Dockerfile to run ASP.NET Core + Next.js in a single container
+
+# Build arguments
+ARG KAMAL_DEPLOY_HOST
+ARG SERVICESTACK_LICENSE
+ARG SERVICE_LABEL
+
+# 1. Build .NET app + Node.js apps
+FROM mcr.microsoft.com/dotnet/sdk:10.0 AS dotnet-build
+ARG KAMAL_DEPLOY_HOST
+ENV KAMAL_DEPLOY_HOST=${KAMAL_DEPLOY_HOST}
+
+WORKDIR /src
+
+# Install Node.js for building Tailwind CSS and Next.js
+RUN apt-get update \
+    && apt-get install -y curl ca-certificates gnupg \
+    && curl -fsSL https://deb.nodesource.com/setup_24.x | bash - \
+    && apt-get install -y nodejs \
+    && apt-get clean \
+    && rm -rf /var/lib/apt/lists/*
+
+# Copy solution and projects
+COPY MyApp.slnx ./
+COPY NuGet.Config ./
+COPY MyApp ./MyApp
+COPY MyApp.ServiceInterface ./MyApp.ServiceInterface
+COPY MyApp.ServiceModel ./MyApp.ServiceModel
+
+# Build Tailwind CSS for .NET project
+WORKDIR /src/MyApp
+
+# Download tailwindcss binary directly (avoiding sudo requirement in postinstall.js)
+RUN curl -sLO https://github.com/tailwindlabs/tailwindcss/releases/latest/download/tailwindcss-linux-x64 \
+    && chmod +x tailwindcss-linux-x64 \
+    && mv tailwindcss-linux-x64 /usr/local/bin/tailwindcss
+RUN npm run ui:build
+
+# Build Next.js app
+WORKDIR /src/MyApp.Client
+COPY MyApp.Client/package*.json ./
+RUN npm ci
+COPY MyApp.Client/ ./
+RUN npm run build:prod
+
+# Restore and publish .NET app
+WORKDIR /src
+RUN dotnet restore MyApp/MyApp.csproj
+# Disable .NET's built-in containerization (PublishProfile=DefaultContainer) inside Docker
+RUN dotnet publish MyApp/MyApp.csproj -c Release --no-restore -p:PublishProfile=
+
+# 2. Runtime image with .NET + Node
+FROM mcr.microsoft.com/dotnet/aspnet:10.0 AS final
+ARG SERVICESTACK_LICENSE
+ARG SERVICE_LABEL
+ARG KAMAL_DEPLOY_HOST
+
+WORKDIR /app
+
+# Label required by Kamal, must match config/deploy.yml service
+LABEL service="${SERVICE_LABEL}"
+
+# Install Node.js >= 20.9 (Node 24.x LTS) and bash for the entrypoint script
+RUN apt-get update \
+    && apt-get install -y curl ca-certificates gnupg bash \
+    && curl -fsSL https://deb.nodesource.com/setup_24.x | bash - \
+    && apt-get install -y nodejs \
+    && apt-get clean \
+    && rm -rf /var/lib/apt/lists/*
+
+# Copy published .NET app
+COPY --from=dotnet-build /src/MyApp/bin/Release/net10.0/publish ./api
+
+# Copy built Next.js app (including dist, node_modules, public, etc.)
+COPY --from=dotnet-build /src/MyApp.Client ./client
+
+ENV ASPNETCORE_URLS=http://0.0.0.0:8080 \
+    INTERNAL_API_URL=http://127.0.0.1:8080 \
+    NEXT_PORT=3000 \
+    NODE_ENV=production \
+    SERVICESTACK_LICENSE=$SERVICESTACK_LICENSE \
+    KAMAL_DEPLOY_HOST=$KAMAL_DEPLOY_HOST
+
+EXPOSE 8080
+
+# Copy entrypoint script
+COPY entrypoint.sh /app/entrypoint.sh
+RUN chmod +x /app/entrypoint.sh
+
+ENTRYPOINT ["/usr/bin/env", "bash", "/app/entrypoint.sh"]
+