Add 'backend/' from commit '040cfd7a75423d4e6136e58a67b40579af4ee966'

git-subtree-dir: backend
git-subtree-mainline: ab911955ed
git-subtree-split: 040cfd7a75

backend/.github/FUNDING.yml

@@ -0,0 +1,13 @@
+# These are supported funding model platforms
+
+github: JasonTaylorDev # Replace with up to 4 GitHub Sponsors-enabled usernames e.g., [user1, user2]
+# patreon: # Replace with a single Patreon username
+# open_collective: # Replace with a single Open Collective username
+# ko_fi: # Replace with a single Ko-fi username
+# tidelift: # Replace with a single Tidelift platform-name/package-name e.g., npm/babel
+# community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry
+# liberapay: # Replace with a single Liberapay username
+# issuehunt: # Replace with a single IssueHunt username
+# otechie: # Replace with a single Otechie username
+# lfx_crowdfunding: # Replace with a single LFX Crowdfunding project-name e.g., cloud-foundry
+# custom: # Replace with up to 4 custom sponsorship URLs e.g., ['link1', 'link2']

backend/.github/workflows/build.yml

@@ -0,0 +1,82 @@
+name: Build
+
+on:
+  pull_request:
+    branches: [ main ]
+    paths-ignore:
+      - '.scripts/**'
+      - .gitignore
+      - CODE_OF_CONDUCT.md
+      - LICENSE
+      - README.md
+
+  workflow_call:
+    inputs:
+      build-artifacts:
+        type: boolean
+        required: true
+        default: false
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v3
+      name: Checkout code
+
+    - name: Cache NuGet packages
+      uses: actions/cache@v3
+      with:
+        path: ~/.nuget/packages
+        key: ${{ runner.os }}-nuget-${{ hashFiles('**/packages.lock.json') }}
+        restore-keys: |
+          ${{ runner.os }}-nuget-
+
+
+    - name: Install .NET
+      uses: actions/setup-dotnet@v3
+
+    - name: Restore solution
+      run: dotnet restore
+
+    - name: Build solution
+      run: dotnet build --no-restore --configuration Release
+      
+    - name: Test solution
+      run: dotnet test --no-build --configuration Release --filter "FullyQualifiedName!~AcceptanceTests"
+
+    - name: Publish website
+      if: ${{ inputs.build-artifacts == true }}
+      run: |
+        dotnet publish --configuration Release --runtime win-x86 --self-contained --output ./publish
+        cd publish
+        zip -r ./publish.zip .
+      working-directory: ./src/Web/
+
+    - name: Upload website artifact (website)
+      if: ${{ inputs.build-artifacts == true }}
+      uses: actions/upload-artifact@v3
+      with:
+        name: website
+        path: ./src/Web/publish/publish.zip
+        if-no-files-found: error
+    
+    - name: Create EF Core migrations bundle
+      if: ${{ inputs.build-artifacts == true }}
+      run: |
+        dotnet new tool-manifest
+        dotnet tool install dotnet-ef
+        dotnet ef migrations bundle --configuration Release -p ./src/Infrastructure/ -s ./src/Web/ -o efbundle.exe
+        zip -r ./efbundle.zip efbundle.exe
+      env:
+        SkipNSwag: True
+
+    - name: Upload EF Core migrations bundle artifact (efbundle)
+      if: ${{ inputs.build-artifacts == true }}
+      uses: actions/upload-artifact@v3
+      with:
+        name: efbundle
+        path: ./efbundle.zip
+        if-no-files-found: error

backend/.github/workflows/cicd.yml

@@ -0,0 +1,42 @@
+name: CICD
+
+on: 
+  push:
+    branches: [ main ]
+    paths-ignore:
+      - .gitignore
+      - CODE_OF_CONDUCT.md
+      - LICENSE
+      - README.md
+
+permissions:
+  id-token: write
+  contents: read
+
+jobs:
+
+  build:
+    uses: ./.github/workflows/build.yml
+    with:
+      build-artifacts: true
+
+  deploy-development:
+    uses: ./.github/workflows/deploy.yml
+    secrets: inherit
+    needs: [ build ]
+    with:
+      environmentName: Development
+
+  deploy-staging:
+    uses: ./.github/workflows/deploy.yml
+    secrets: inherit
+    needs: [ deploy-development ]
+    with:
+      environmentName: Staging
+
+  deploy-production:
+    uses: ./.github/workflows/deploy.yml
+    secrets: inherit
+    needs: [ deploy-staging ]
+    with:
+      environmentName: Production

backend/.github/workflows/deploy.yml

@@ -0,0 +1,107 @@
+name: Deploy
+
+on:
+  workflow_call:
+    inputs:
+      environmentName:
+        required: true
+        type: string
+
+permissions:
+  id-token: write
+  contents: read
+
+jobs:
+  
+  validate:
+     runs-on: ubuntu-latest
+     environment: ${{ inputs.environmentName }}
+
+     steps: 
+
+     - uses: actions/checkout@v3
+       name: Checkout code
+
+     - uses: azure/login@v1
+       name: Login to Azure
+       with:
+         client-id: ${{ vars.AZURE_CLIENT_ID }}
+         tenant-id: ${{ vars.AZURE_TENANT_ID }}
+         subscription-id: ${{ vars.AZURE_SUBSCRIPTION_ID }}
+
+     - if: inputs.environmentName == 'Development'
+       uses: azure/arm-deploy@v1
+       name: Run preflight validation
+       with:
+         deploymentName: ${{ github.run_number }}
+         resourceGroupName: ${{ vars.AZURE_RESOURCE_GROUP_NAME }}
+         template: ./.azure/bicep/main.bicep
+         parameters: >
+           environmentName=${{ inputs.environmentName }}
+           sqlAdministratorUsername=${{ vars.AZURE_SQL_ADMINISTRATOR_USERNAME }}
+           sqlAdministratorPassword=${{ secrets.AZURE_SQL_ADMINISTRATOR_PASSWORD }}
+           projectName=${{ vars.PROJECT_NAME }}
+         deploymentMode: Validate
+
+     - if: inputs.environmentName != 'Development'
+       uses: azure/arm-deploy@v1
+       name: Run what-if
+       with:
+         failOnStdErr: false
+         resourceGroupName: ${{ vars.AZURE_RESOURCE_GROUP_NAME }}
+         template: ./.azure/bicep/main.bicep
+         parameters: >
+           environmentName=${{ inputs.environmentName }}
+           sqlAdministratorUsername=${{ vars.AZURE_SQL_ADMINISTRATOR_USERNAME }}
+           sqlAdministratorPassword=${{ secrets.AZURE_SQL_ADMINISTRATOR_PASSWORD }}
+           projectName=${{ vars.PROJECT_NAME }}
+         additionalArguments: --what-if
+ 
+  deploy:
+    needs: [ validate ]
+    runs-on: ubuntu-latest
+    environment: ${{ inputs.environmentName }}
+
+    steps:
+
+    - uses: actions/checkout@v3
+      name: Checkout code
+
+    - uses: actions/download-artifact@v3
+      name: Download artifacts
+
+    - name: Install .NET
+      uses: actions/setup-dotnet@v3
+
+    - uses: azure/login@v1
+      name: Login to Azure
+      with:
+        client-id: ${{ vars.AZURE_CLIENT_ID }}
+        tenant-id: ${{ vars.AZURE_TENANT_ID }}
+        subscription-id: ${{ vars.AZURE_SUBSCRIPTION_ID }}
+
+    - uses: azure/arm-deploy@v1
+      id: deploy
+      name: Deploy infrastructure
+      with:
+        failOnStdErr: false
+        deploymentName: ${{ github.run_number }}
+        resourceGroupName: ${{ vars.AZURE_RESOURCE_GROUP_NAME }}
+        template: ./.azure/bicep/main.bicep
+        parameters: >
+           environmentName=${{ inputs.environmentName }}
+           sqlAdministratorUsername=${{ vars.AZURE_SQL_ADMINISTRATOR_USERNAME }}
+           sqlAdministratorPassword=${{ secrets.AZURE_SQL_ADMINISTRATOR_PASSWORD }}
+           projectName=${{ vars.PROJECT_NAME }}
+
+    - name: Initialise database
+      run: |
+        unzip -o ./efbundle/efbundle.zip
+        echo '{ "ConnectionStrings": { "DefaultConnection": "" } }' > appsettings.json
+        ./efbundle.exe --connection "Server=${{ steps.deploy.outputs.sqlServerFullyQualifiedDomainName }};Initial Catalog=${{ steps.deploy.outputs.sqlDatabaseName }};Persist Security Info=False;User ID=${{ vars.AZURE_SQL_ADMINISTRATOR_USERNAME }};Password=${{ secrets.AZURE_SQL_ADMINISTRATOR_PASSWORD }};MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=False;Connection Timeout=30;" --verbose
+
+    - uses: azure/webapps-deploy@v2
+      name: Deploy website
+      with:
+        app-name: ${{ steps.deploy.outputs.appServiceAppName }}
+        package: website/publish.zip