Add Release pipeline

Author: codez0mb1e

.github/workflows/release.yml

@@ -0,0 +1,92 @@
+name: BinanceBot Release Pipeline
+
+on:
+  workflow_dispatch:
+  push:
+    branches: [ "master" ]
+    tags:
+      - 'v*.*.*'
+
+permissions:
+  contents: read
+  packages: write
+  id-token: write
+
+concurrency:
+  group: release-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  build-and-push-images:
+
+    name: Build and push Docker images
+
+    runs-on: ubuntu-latest
+
+    env:
+      DOCKER_BUILDKIT: 1
+
+    strategy:
+      matrix:
+        app:
+          - name: marketbot
+            dockerfile: Dockerfile.marketbot
+            project: BinanceBot.MarketBot.Console
+          - name: marketviewer
+            dockerfile: Dockerfile.marketviewer
+            project: BinanceBot.MarketViewer.Console
+
+    steps:
+    - name: Check out the repo
+      uses: actions/checkout@v4
+
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v3
+
+    - name: Login to GitHub Container Registry
+      uses: docker/login-action@v3
+      with:
+        registry: ghcr.io
+        username: ${{ github.actor }}
+        password: ${{ secrets.CONTAINER_REGISTRY_TOKEN }}
+
+    - name: Docker metadata
+      id: meta
+      uses: docker/metadata-action@v5
+      with:
+        images: |
+          ghcr.io/${{ github.repository_owner }}/binancebot-${{ matrix.app.name }}
+        tags: |
+          type=raw,value=latest
+          type=ref,event=branch
+          type=semver,pattern={{version}}
+          type=semver,pattern={{major}}.{{minor}}
+          type=sha
+        labels: |
+          org.opencontainers.image.source=${{ github.repository }}
+          org.opencontainers.image.created=${{ github.event.head_commit.timestamp }}
+          org.opencontainers.image.revision=${{ github.sha }}
+          org.opencontainers.image.title=BinanceBot ${{ matrix.app.name }}
+          org.opencontainers.image.description=BinanceBot ${{ matrix.app.project }}
+
+    - name: Build and push
+      uses: docker/build-push-action@v6
+      with:
+        context: .
+        file: ./${{ matrix.app.dockerfile }}
+        push: true
+        tags: ${{ steps.meta.outputs.tags }}
+        labels: ${{ steps.meta.outputs.labels }}
+        cache-from: type=gha,scope=${{ matrix.app.name }}
+        cache-to: type=gha,mode=max,scope=${{ matrix.app.name }}
+        build-args: |
+          PROJECT_NAME=${{ matrix.app.project }}
+
+    - name: Run Trivy vulnerability scanner
+      uses: aquasecurity/trivy-action@0.31.0
+      with:
+        image-ref: ghcr.io/${{ github.repository_owner }}/binancebot-${{ matrix.app.name }}:latest
+        format: 'table'
+        ignore-unfixed: true
+        vuln-type: 'library'
+        severity: 'CRITICAL,HIGH'

Dockerfile.marketbot

@@ -0,0 +1,51 @@
+# Build stage
+FROM mcr.microsoft.com/dotnet/sdk:9.0-alpine AS build
+ARG BUILD_CONFIGURATION=Release
+ARG PROJECT_NAME=BinanceBot.MarketBot.Console
+WORKDIR /src
+
+# Copy solution and project files for better layer caching
+COPY src/*.sln ./
+COPY src/BinanceBot.Market/*.csproj ./BinanceBot.Market/
+COPY src/BinanceBot.MarketBot.Console/*.csproj ./BinanceBot.MarketBot.Console/
+COPY src/BinanceBot.MarketViewer.Console/*.csproj ./BinanceBot.MarketViewer.Console/
+
+# Restore dependencies as a separate layer
+RUN dotnet restore "${PROJECT_NAME}/${PROJECT_NAME}.csproj" \
+    --runtime linux-musl-x64
+
+# Copy remaining source files
+COPY src/. ./
+
+# Build and publish
+WORKDIR /src/${PROJECT_NAME}
+RUN dotnet publish "${PROJECT_NAME}.csproj" \
+    -c $BUILD_CONFIGURATION \
+    -o /app/publish \
+    --no-restore \
+    --runtime linux-musl-x64 \
+    --self-contained false \
+    /p:UseAppHost=false
+
+# Runtime stage
+FROM mcr.microsoft.com/dotnet/aspnet:9.0-alpine AS final
+ARG PROJECT_NAME=BinanceBot.MarketBot.Console
+WORKDIR /app
+
+# Create non-root user
+RUN addgroup -g 1000 appuser && \
+    adduser -u 1000 -G appuser -s /bin/sh -D appuser && \
+    chown -R appuser:appuser /app
+
+# Copy published output
+COPY --from=build --chown=appuser:appuser /app/publish .
+
+# Security: Run as non-root
+USER appuser
+
+# Set environment variables
+ENV DOTNET_RUNNING_IN_CONTAINER=true \
+    DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=false
+
+# Note: Set BINANCE_API_KEY and BINANCE_SECRET via environment variables or .env file at runtime
+ENTRYPOINT dotnet "${PROJECT_NAME}.dll"

Dockerfile.marketviewer

@@ -0,0 +1,51 @@
+# Build stage
+FROM mcr.microsoft.com/dotnet/sdk:9.0-alpine AS build
+ARG BUILD_CONFIGURATION=Release
+ARG PROJECT_NAME=BinanceBot.MarketViewer.Console
+WORKDIR /src
+
+# Copy solution and project files for better layer caching
+COPY src/*.sln ./
+COPY src/BinanceBot.Market/*.csproj ./BinanceBot.Market/
+COPY src/BinanceBot.MarketBot.Console/*.csproj ./BinanceBot.MarketBot.Console/
+COPY src/BinanceBot.MarketViewer.Console/*.csproj ./BinanceBot.MarketViewer.Console/
+
+# Restore dependencies as a separate layer
+RUN dotnet restore "${PROJECT_NAME}/${PROJECT_NAME}.csproj" \
+    --runtime linux-musl-x64
+
+# Copy remaining source files
+COPY src/. ./
+
+# Build and publish
+WORKDIR /src/${PROJECT_NAME}
+RUN dotnet publish "${PROJECT_NAME}.csproj" \
+    -c $BUILD_CONFIGURATION \
+    -o /app/publish \
+    --no-restore \
+    --runtime linux-musl-x64 \
+    --self-contained false \
+    /p:UseAppHost=false
+
+# Runtime stage
+FROM mcr.microsoft.com/dotnet/aspnet:9.0-alpine AS final
+ARG PROJECT_NAME=BinanceBot.MarketViewer.Console
+WORKDIR /app
+
+# Create non-root user
+RUN addgroup -g 1000 appuser && \
+    adduser -u 1000 -G appuser -s /bin/sh -D appuser && \
+    chown -R appuser:appuser /app
+
+# Copy published output
+COPY --from=build --chown=appuser:appuser /app/publish .
+
+# Security: Run as non-root
+USER appuser
+
+# Set environment variables
+ENV DOTNET_RUNNING_IN_CONTAINER=true \
+    DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=false
+
+# Note: Set BINANCE_API_KEY and BINANCE_SECRET via environment variables or .env file at runtime
+ENTRYPOINT dotnet "${PROJECT_NAME}.dll"

compose.yml

@@ -0,0 +1,28 @@
+services:
+  marketbot:
+    image: ghcr.io/${GITHUB_REPOSITORY_OWNER:-codez0mb1e}/binancebot-marketbot:latest
+    container_name: binancebot-marketbot
+    restart: unless-stopped
+    environment:
+      - BINANCE_API_KEY=${BINANCE_API_KEY}
+      - BINANCE_SECRET=${BINANCE_SECRET}
+    env_file:
+      - .env
+    networks:
+      - binancebot-network
+
+  marketviewer:
+    image: ghcr.io/${GITHUB_REPOSITORY_OWNER:-codez0mb1e}/binancebot-marketviewer:latest
+    container_name: binancebot-marketviewer
+    restart: unless-stopped
+    environment:
+      - BINANCE_API_KEY=${BINANCE_API_KEY}
+      - BINANCE_SECRET=${BINANCE_SECRET}
+    env_file:
+      - .env
+    networks:
+      - binancebot-network
+
+networks:
+  binancebot-network:
+    driver: bridge