Setup .NET template

.env.example

@@ -32,8 +32,7 @@ GITEA_ADMIN_PASS=helios123
 # -----------------------------------------------------------------------------
 DOCKER_SERVER=https://index.docker.io/v1/
 DOCKER_USERNAME=
-DOCKER_PASSWORD=
-DOCKER_EMAIL=
+DOCKER_TOKEN=
 
 # -----------------------------------------------------------------------------
 # Git Author (optional, used by operator for GitOps commits)

.gitignore

@@ -14,3 +14,6 @@ apps/portal/packages/backend/*.sqlite
 .claude/
 
 .idea
+
+# mise
+mise.toml

Taskfile.yml

@@ -396,22 +396,22 @@ tasks:
     desc: Create Docker registry secret and link to pipeline SA
     cmds:
       - cmd: |
-          if [ -z "$DOCKER_USERNAME" ] || [ -z "$DOCKER_PASSWORD" ]; then
-            echo "DOCKER_USERNAME and DOCKER_PASSWORD must be set in .env" >&2
+          if [ -z "$DOCKER_USERNAME" ] || { [ -z "$DOCKER_TOKEN" ] && [ -z "$DOCKER_PASSWORD" ]; }; then
+            echo "DOCKER_USERNAME and either DOCKER_TOKEN or DOCKER_PASSWORD must be set in .env" >&2
             exit 1
           fi
-
-          echo "Creating Docker registry secret..."
+        platforms: [linux, darwin]
+      - cmd: |
           DOCKER_SERVER="${DOCKER_SERVER:-https://index.docker.io/v1/}"
-          DOCKER_EMAIL="${DOCKER_EMAIL:-dev@helios.io}"
+          DOCKER_SECRET_PASS="${DOCKER_TOKEN:-$DOCKER_PASSWORD}"
 
           kubectl create secret docker-registry docker-credentials \
             --docker-server="$DOCKER_SERVER" \
             --docker-username="$DOCKER_USERNAME" \
-            --docker-password="$DOCKER_PASSWORD" \
-            --docker-email="$DOCKER_EMAIL" \
+            --docker-password="$DOCKER_SECRET_PASS" \
             --dry-run=client -o yaml | kubectl apply -f -
-
+        platforms: [linux, darwin]
+      - cmd: |
           if kubectl get sa pipeline >/dev/null 2>&1; then
             kubectl patch sa pipeline -p '{"secrets": [{"name": "docker-credentials"}]}'
           else

apps/operator/.github/workflows/lint.yml

@@ -20,4 +20,4 @@ jobs:
       - name: Run linter
         uses: golangci/golangci-lint-action@1e7e51e771db61008b38414a730f564565cf7c20
         with:
-          version: v2.11.3
+          version: v2.11.4

apps/operator/Makefile

@@ -242,7 +242,7 @@ CONTROLLER_TOOLS_VERSION ?= v0.20.1
 ENVTEST_VERSION ?= $(shell go list -m -f "{{ .Version }}" sigs.k8s.io/controller-runtime | awk -F'[v.]' '{printf "release-%d.%d", $$2, $$3}')
 #ENVTEST_K8S_VERSION is the version of Kubernetes to use for setting up ENVTEST binaries (i.e. 1.31)
 ENVTEST_K8S_VERSION ?= $(shell go list -m -f "{{ .Version }}" k8s.io/api | awk -F'[v.]' '{printf "1.%d", $$3}')
-GOLANGCI_LINT_VERSION ?= v2.11.3
+GOLANGCI_LINT_VERSION ?= v2.11.4
 
 .PHONY: kustomize
 kustomize: $(KUSTOMIZE) ## Download kustomize locally if necessary.

apps/operator/api/v1alpha1/heliosapp_types.go

@@ -106,6 +106,10 @@ type HeliosAppSpec struct {
 	// +optional
 	TestCommand string `json:"testCommand,omitempty"`
 
+	// TestImage is the container image used to execute testCommand (e.g. "node:24")
+	// +optional
+	TestImage string `json:"testImage,omitempty"`
+
 	// Env variables for the application
 	// +optional
 	Env []corev1.EnvVar `json:"env,omitempty"`

apps/operator/config/crd/bases/app.helios.io_heliosapps.yaml

@@ -370,6 +370,10 @@ spec:
               testCommand:
                 description: TestCommand is the command to run tests (e.g. "npm test")
                 type: string
+              testImage:
+                description: TestImage is the container image used to execute testCommand
+                  (e.g. "node:24")
+                type: string
               triggerType:
                 default: gitea-push
                 description: TriggerType is the type of trigger to use for the pipeline

apps/operator/internal/controller/database/reconciler_test.go

@@ -46,7 +46,7 @@ func TestReconcileSecrets(t *testing.T) {
 	dbProps := map[string]any{
 		"dbType":  "postgres",
 		"dbName":  "mydb",
-		"version": "16",
+		"version": "18.3",
 	}
 	dbPropsJSON, _ := json.Marshal(dbProps)
 
@@ -193,7 +193,7 @@ func TestReconcileInstances(t *testing.T) {
 	dbProps := map[string]any{
 		"dbType":  "postgres",
 		"dbName":  "my_custom_db",
-		"version": "16",
+		"version": "18.3",
 		"storage": "2Gi",
 	}
 	dbPropsJSON, _ := json.Marshal(dbProps)
@@ -348,7 +348,7 @@ func TestReconcileInstances(t *testing.T) {
 				Replicas: func() *int32 { r := int32(1); return &r }(),
 				Template: corev1.PodTemplateSpec{
 					Spec: corev1.PodSpec{
-						Containers: []corev1.Container{{Name: "postgres", Image: "postgres:15"}},
+						Containers: []corev1.Container{{Name: "postgres", Image: "postgres:18.3"}},
 					},
 				},
 				VolumeClaimTemplates: []corev1.PersistentVolumeClaim{{
@@ -379,8 +379,8 @@ func TestReconcileInstances(t *testing.T) {
 		if err != nil {
 			t.Fatalf("failed to get updated StatefulSet: %v", err)
 		}
-		if got := updatedSts.Spec.Template.Spec.Containers[0].Image; got != "postgres:16" {
-			t.Fatalf("expected image postgres:16, got %s", got)
+		if got := updatedSts.Spec.Template.Spec.Containers[0].Image; got != "postgres:18.3" {
+			t.Fatalf("expected image postgres:18.3, got %s", got)
 		}
 
 		updatedSvc := &corev1.Service{}
@@ -425,7 +425,7 @@ func TestReconcileInstances(t *testing.T) {
 }
 
 func TestReconcileInjection(t *testing.T) {
-	dbProps := map[string]any{"dbType": "postgres", "dbName": "mydb", "version": "16"}
+	dbProps := map[string]any{"dbType": "postgres", "dbName": "mydb", "version": "18.3"}
 	dbPropsJSON, _ := json.Marshal(dbProps)
 
 	app := &appv1alpha1.HeliosApp{

apps/operator/internal/controller/database/resources_test.go

@@ -180,7 +180,7 @@ func TestExtractDatabaseTraits(t *testing.T) {
 	dbProps := map[string]any{
 		"dbType":  "postgres",
 		"dbName":  "mydb",
-		"version": "16",
+		"version": "18.3",
 	}
 	dbPropsJSON, _ := json.Marshal(dbProps)
 
@@ -248,7 +248,7 @@ func TestExtractDatabaseTraits(t *testing.T) {
 func TestGenerateDatabaseStatefulSet(t *testing.T) {
 	sts, err := GenerateDatabaseStatefulSet(
 		"test-ns", "my-app-db", "my-app-db-secret",
-		"my_custom_db", "16", "2Gi", 5432,
+		"my_custom_db", "18.3", "2Gi", 5432,
 	)
 
 	if err != nil {
@@ -283,8 +283,8 @@ func TestGenerateDatabaseStatefulSet(t *testing.T) {
 	}
 
 	container := containers[0]
-	if container.Image != "postgres:16" {
-		t.Errorf("Expected image %q, got %q", "postgres:16", container.Image)
+	if container.Image != "postgres:18.3" {
+		t.Errorf("Expected image %q, got %q", "postgres:18.3", container.Image)
 	}
 
 	if len(container.Ports) != 1 || container.Ports[0].ContainerPort != 5432 {

apps/operator/internal/controller/database/traits.go

@@ -17,7 +17,7 @@ const (
 	UsernameCharset = "abcdefghijklmnopqrstuvwxyz0123456789"
 
 	DatabaseTraitType      = "database"
-	DefaultPostgresVersion = "16"
+	DefaultPostgresVersion = "18.3"
 	DefaultPostgresPort    = 5432
 	DefaultDatabaseStorage = "1Gi"
 	PostgresDataPath       = "/var/lib/postgresql/data"

apps/operator/internal/controller/tekton/mapper.go

@@ -35,6 +35,7 @@ func MapCRDToTektonInput(app *appv1alpha1.HeliosApp) cueModel.TektonInput {
 		Replicas:        int(app.Spec.Replicas),
 		Port:            int(app.Spec.Port),
 		TestCommand:     app.Spec.TestCommand,
+		TestImage:       app.Spec.TestImage,
 		DockerSecret:    "docker-credentials",
 		ArgoCDNamespace: app.Spec.ArgoCDNamespace,
 		ArgoCDProject:   app.Spec.ArgoCDProject,

apps/operator/internal/controller/tekton/pipelinerun.go

@@ -25,8 +25,9 @@ func GeneratePipelineRun(heliosApp *appv1alpha1.HeliosApp, pipelineName string)
 	serviceAccountName := cmp.Or(heliosApp.Spec.ServiceAccount, "default")
 	gitOpsSecretRef := cmp.Or(heliosApp.Spec.GitOpsSecretRef, "helios-gitops-bot")
 	argoNS := cmp.Or(heliosApp.Spec.ArgoCDNamespace, "argocd")
+	testImage := cmp.Or(heliosApp.Spec.TestImage, "node:24")
 
-	params := make([]any, 0, 17)
+	params := make([]any, 0, 18)
 	params = append(params,
 		map[string]any{"name": "app-repo-url", "value": shared.RewriteGiteaURL(heliosApp.Spec.GitRepo)},
 		map[string]any{"name": "app-repo-revision", "value": appRepoRevision},
@@ -41,6 +42,7 @@ func GeneratePipelineRun(heliosApp *appv1alpha1.HeliosApp, pipelineName string)
 		map[string]any{"name": "replicas", "value": fmt.Sprintf("%d", heliosApp.Spec.Replicas)},
 		map[string]any{"name": "port", "value": fmt.Sprintf("%d", heliosApp.Spec.Port)},
 		map[string]any{"name": "test-command", "value": heliosApp.Spec.TestCommand},
+		map[string]any{"name": "test-image", "value": testImage},
 		map[string]any{"name": "argocd-namespace", "value": argoNS},
 		map[string]any{"name": "argocd-app-name", "value": heliosApp.Name + "-argocd"},
 	)

apps/operator/internal/cue/engine_test.go

@@ -174,7 +174,7 @@ func TestEngine_RenderWithDatabaseTrait(t *testing.T) {
 							Properties: map[string]any{
 								"dbType":  "postgres",
 								"dbName":  "my_custom_db",
-								"version": "16",
+								"version": "18.3",
 							},
 						},
 					},

apps/operator/internal/cue/tekton.go

@@ -58,6 +58,7 @@ type TektonInput struct {
 
 	// === TESTING ===
 	TestCommand string `json:"testCommand,omitempty"`
+	TestImage   string `json:"testImage,omitempty"`
 
 	// === SECRETS ===
 	DockerSecret string `json:"dockerSecret,omitempty"`

apps/operator/tekton/pipeline.yaml

@@ -22,7 +22,7 @@ spec:
     - name: test-command
       default: ""          # Empty => no tests (no-op)
     - name: test-image
-      default: "node:20"   # Default image for tests; can be overridden per app
+      default: "node:24"   # Default image for tests; can be overridden per app
     - name: argocd-namespace
       default: "argocd"
     - name: argocd-app-name

apps/portal/app-config.yaml

@@ -22,7 +22,9 @@ backend:
     # Content-Security-Policy directives follow the Helmet format: https://helmetjs.github.io/#reference
     # Default Helmet Content-Security-Policy values can be removed by setting the key to false
   cors:
-    origin: http://localhost:3000
+    origin:
+      - http://localhost:3000
+      - http://127.0.0.1:3000
     methods: [GET, HEAD, PATCH, POST, PUT, DELETE]
     credentials: true
   # This is for local development only, it is not recommended to use this in production
@@ -60,7 +62,7 @@ proxy:
   # Local dev: Overridden in app-config.local.yaml
   endpoints:
     '/argocd/api':
-      target: http://argocd-server.argocd.svc.cluster.local/api/v1/
+      target: https://127.0.0.1:8080/api/v1/
       changeOrigin: true
       secure: false
       headers:
@@ -132,14 +134,21 @@ catalog:
       rules:
         - allow: [Template]
 
+    # .NET Web API Template
+    - type: file
+      target: ../../examples/dotnet-template/template.yaml
+      rules:
+        - allow: [Template]
+
     # Spring Boot Template
     - type: file
       target: ../../examples/spring-boot-template/template.yaml
+      rules:
+        - allow: [Template]
 
     # PostgREST Template - Instant REST API over PostgreSQL
     - type: file
       target: ../../examples/postgrest-template/template.yaml
-
       rules:
         - allow: [Template]
 
@@ -172,12 +181,7 @@ kubernetes:
   serviceLocatorMethod:
     type: 'multiTenant'
   clusterLocatorMethods:
-    - type: 'config'
-      clusters:
-        - url: https://kubernetes.default.svc
-          name: in-cluster
-          authProvider: 'serviceAccount'
-          skipTLSVerify: true
+    - type: 'localKubectlProxy'
   # Required for Tekton visibility - enables fetching PipelineRuns and TaskRuns
   customResources:
     - group: 'tekton.dev'

apps/portal/examples/advanced-template/content/gitops/pipeline.yaml

@@ -31,7 +31,7 @@ spec:
     value: ${{ values.name }}-argocd
   # (Optional override – can be omitted to use the pipeline default)
   # - name: test-image
-  #   value: node:20
+  #   value: node:24
   workspaces:
   - name: source-workspace
     volumeClaimTemplate:

apps/portal/examples/dotnet-template/README.md

@@ -0,0 +1,14 @@
+# .NET Web API Backstage Template
+
+This template scaffolds an ASP.NET Core Web API that is ready for Helios GitOps deployment.
+
+Generated source repository includes:
+
+- ASP.NET Core Web API project targeting .NET 10 (runtime 10.0.5, SDK 10.0.202)
+- Multi-stage Dockerfile
+- docker-compose setup for local development with PostgreSQL 18.3
+- Environment-driven database configuration using `DB_HOST`, `DB_USER`, `DB_PASSWORD`, and `DB_NAME`
+
+Generated GitOps repository includes:
+
+- HeliosApp manifest with web-service + database trait

apps/portal/examples/dotnet-template/content/gitops/helios-app.yaml

@@ -0,0 +1,42 @@
+apiVersion: app.helios.io/v1alpha1
+kind: HeliosApp
+metadata:
+  name: ${{ values.name }}
+  namespace: default
+spec:
+
+  description: "Managed by Helios Operator"
+  owner: ${{ values.owner }}
+
+  imageRepo: ${{ values.dockerOrg }}/${{ values.repoName }}
+  gitRepo: "${{ values.sourceRepo }}"
+  gitopsRepo: ${{ values.gitopsRepo }}
+  gitopsPath: "apps/${{ values.name }}"
+  port: ${{ values.port }}
+  replicas: 1
+  testCommand: ${{ values.testCommand }}
+  testImage: ${{ values.testImage | dump }}
+
+  webhookSecret: "git-credentials-${{ values.name }}"
+  gitopsSecretRef: "git-credentials-${{ values.name }}"
+
+  components:
+    - name: ${{ values.name }}-backend
+      type: web-service
+      properties:
+        image: ${{ values.dockerOrg }}/${{ values.repoName }}:main
+        port: ${{ values.port }}
+        replicas: 1
+        env:
+          - name: ASPNETCORE_ENVIRONMENT
+            value: "Production"
+      traits:
+        - type: service
+          properties:
+            port: ${{ values.port }}
+            targetPort: ${{ values.port }}
+        - type: database
+          properties:
+            dbType: ${{ values.dbType | dump }}
+            dbName: ${{ values.dbName | dump }}
+            version: ${{ values.dbVersion | dump }}

apps/portal/examples/dotnet-template/content/source/.dockerignore

@@ -0,0 +1,6 @@
+bin/
+obj/
+.git/
+.vscode/
+*.user
+*.suo

apps/portal/examples/dotnet-template/content/source/.env.example

@@ -0,0 +1,11 @@
+# Database credentials (injected by Helios Operator)
+DB_HOST=localhost
+DB_USER=postgres
+DB_PASSWORD=postgres
+DB_NAME=${{ values.name }}-db
+
+# Legacy compatibility fallback used by some templates/operators
+DB_PASS=postgres
+
+# Application
+PORT=${{ values.port }}

apps/portal/examples/dotnet-template/content/source/.gitignore

@@ -0,0 +1,5 @@
+bin/
+obj/
+.vs/
+*.user
+*.suo