fix: dotnet SDK

[alnr]

• Updated Dockerfile and made it cross-platform
• Updated C# SDK generation (needs custom template 🙄 , a new different bug)

Closes #434

Summary by CodeRabbit

• Chores

  • Updated Go toolchain to version 1.26.3
  • Updated OpenAPI generator CLI to version 7.22.0
  • Upgraded .NET SDK installation process

• Infrastructure

  • Added multi-architecture Docker build support, enabling builds across different processor architectures
  • Improved package management and installation scripts for consistency

[coderabbitai]

📝 Walkthrough

Walkthrough

This PR addresses C# code generation failures by introducing a custom JSON serialization template, updating the generator configuration to use it, and refreshing the build environment for multi-architecture support. The core fix adds a JsonConverter.mustache template that generates correct C# serialization code handling discriminators, composed schemas, and type validation.

Changes

C# JSON Serialization Template and Code Generation

Layer / File(s)	Summary
JsonConverter template implementation config/client/dotnet-templates/libraries/generichost/JsonConverter.mustache	New template generates {{classname}}JsonConverter with Read, Write, and WriteProperties methods; handles discriminator-based polymorphism, oneOf/anyOf composed schemas, required/non-nullable validation, enum value conversion, UUID special-casing, and date/datetime formatting.
Generator script configuration and version update scripts/generate.sh	Config templating narrowed to only .yml files; OpenAPI generator bumped to v7.22.0; C# generation adds template override pointing to ./config/client/dotnet-templates.

Build Environment Multi-architecture Support

Layer / File(s)

Summary

Dockerfile multi-arch setup and dependency consolidation Dockerfile

Added TARGETARCH build arg for cross-platform builds; consolidated system packages; updated Ory CLI to use ory/meta install script (v1.1.0); bumped Go to 1.26.3 with architecture-aware tarball selection; simplified .NET SDK to direct Microsoft dotnet-install.sh execution; replaced tooling tarball downloads with apt-keyring + apt install for GitHub CLI and Go-swagger with TARGETARCH-based asset selection.

---

🎯 3 (Moderate) | ⏱️ ~25 minutes

🚥 Pre-merge checks | ✅ 1 | ❌ 4

❌ Failed checks (3 warnings, 1 inconclusive)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The description is incomplete; it lacks detailed explanation of the changes, does not follow the template structure (missing context about the fix), and the checklist is entirely empty.	Fill in the PR template with detailed context about why the Dockerfile was updated for cross-platform support, explain the C# generation issue and workaround, complete the checklist items, and clarify the specific bug being fixed.
Out of Scope Changes check	⚠️ Warning	The Dockerfile updates for multi-architecture support appear to be out of scope relative to the linked issue #434, which focuses specifically on C# SDK generation failures.	Either split the Dockerfile changes into a separate PR or clarify in the issue how the multi-architecture Dockerfile changes are necessary for resolving the C# SDK compilation problem.
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.
Title check	❓ Inconclusive	The title 'fix: dotnet SDK' is vague and generic, using non-descriptive terminology that doesn't clarify the specific changes made to the SDK.	Use a more specific title that describes the actual fix, such as 'fix: update Dockerfile for multi-architecture builds and C# JSON converter generation' or similar.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Linked Issues check	✅ Passed	The PR addresses issue #434 by updating the OpenAPI generator version and adding a custom JSON converter template to resolve C# compilation failures.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch alnr/dotnet

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

scripts/generate.sh (1)

11-15: ⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Guard the config glob to avoid hard-failing on zero matches.

With Bash default globbing, config/client/*.yml can remain literal when no files match, and envsubst then fails on a non-existent path.

Suggested hardening

+shopt -s nullglob
 for f in config/client/*.yml
 do
   echo "Processing $f..."
   envsubst < "${f}" > "${f}.proc.yml"
 done
+shopt -u nullglob

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@scripts/generate.sh` around lines 11 - 15, The glob "config/client/*.yml" can
be left literal when no files match causing envsubst to fail; update the script
around the for loop (the for f in config/client/*.yml ... do ... done block and
the use of envsubst and variable f) to guard the glob—either enable nullglob
temporarily (shopt -s nullglob; ...; shopt -u nullglob) before iterating, or
test for matches first (e.g. use compgen -G "config/client/*.yml" >/dev/null ||
exit 0) or skip when [ ! -e "$f" ] inside the loop—so envsubst only runs for
real files and the script does not hard-fail when there are zero matches.

🧹 Nitpick comments (2)

Dockerfile (2)

64-68: Go-swagger arch selection is correct; consider pinning the release for reproducibility/CI resilience.

The swagger_linux_${TARGETARCH} asset name matches go-swagger's published swagger_linux_amd64/swagger_linux_arm64 assets, so the multi-arch selection is right. However, releases/latest against the unauthenticated GitHub API is rate-limited (60 req/hr/IP) on shared CI runners and silently floats the swagger version over time, making builds non-reproducible. Consider pinning a known version (and/or passing a token) so builds are deterministic and don't break on rate limits.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@Dockerfile` around lines 64 - 68, Replace the dynamic GitHub
"releases/latest" lookup used to set download_url (the curl | jq pipeline that
builds swagger_linux_${TARGETARCH} and assigns download_url) with a
deterministic approach: either hardcode a specific go-swagger release
tag/version in the API URL (e.g. use /releases/tags/<VERSION> instead of
/releases/latest) or add support for an authenticated request by reading a
GITHUB_TOKEN env var and passing an Authorization: Bearer header to curl to
avoid rate limits; update the curl/jq invocation that sets download_url and keep
the subsequent curl -o /usr/local/bin/swagger and chmod steps unchanged so
builds are reproducible and resilient to CI rate limits.

---

49-49: ⚡ Quick win

curl … | bash masks download failures.

Without pipefail, the pipeline exits with bash's status, so a failed/partial curl (network blip, 404) still produces a "successful" layer with no/partial dotnet install — surfacing only later as a confusing dotnet build failure. Same pattern applies to the ory (line 10), node (line 29) and rust (line 60) installs.

♻️ Enable pipefail for piped installs

+# Make piped installers fail the build if the download fails
+SHELL ["/bin/bash", "-o", "pipefail", "-c"]

Add this once near the top of the Dockerfile (after the base FROM).

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@Dockerfile` at line 49, Add a SHELL directive immediately after the base FROM
so /bin/bash runs with pipefail enabled, ensuring failures in piped RUN commands
(the RUN curl ... | bash used for dotnet, the ory install on line 10, the node
install on line 29, and the rust install on line 60) cause the build to fail
fast; update the Dockerfile so subsequent RUN lines that pipe downloads into
bash respect pipefail (or alternatively prefix each of those RUN commands with a
shell invocation that enables pipefail) so partial/failed downloads are not
treated as successful layers.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Outside diff comments:
In `@scripts/generate.sh`:
- Around line 11-15: The glob "config/client/*.yml" can be left literal when no
files match causing envsubst to fail; update the script around the for loop (the
for f in config/client/*.yml ... do ... done block and the use of envsubst and
variable f) to guard the glob—either enable nullglob temporarily (shopt -s
nullglob; ...; shopt -u nullglob) before iterating, or test for matches first
(e.g. use compgen -G "config/client/*.yml" >/dev/null || exit 0) or skip when [
! -e "$f" ] inside the loop—so envsubst only runs for real files and the script
does not hard-fail when there are zero matches.

---

Nitpick comments:
In `@Dockerfile`:
- Around line 64-68: Replace the dynamic GitHub "releases/latest" lookup used to
set download_url (the curl | jq pipeline that builds swagger_linux_${TARGETARCH}
and assigns download_url) with a deterministic approach: either hardcode a
specific go-swagger release tag/version in the API URL (e.g. use
/releases/tags/<VERSION> instead of /releases/latest) or add support for an
authenticated request by reading a GITHUB_TOKEN env var and passing an
Authorization: Bearer header to curl to avoid rate limits; update the curl/jq
invocation that sets download_url and keep the subsequent curl -o
/usr/local/bin/swagger and chmod steps unchanged so builds are reproducible and
resilient to CI rate limits.
- Line 49: Add a SHELL directive immediately after the base FROM so /bin/bash
runs with pipefail enabled, ensuring failures in piped RUN commands (the RUN
curl ... | bash used for dotnet, the ory install on line 10, the node install on
line 29, and the rust install on line 60) cause the build to fail fast; update
the Dockerfile so subsequent RUN lines that pipe downloads into bash respect
pipefail (or alternatively prefix each of those RUN commands with a shell
invocation that enables pipefail) so partial/failed downloads are not treated as
successful layers.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: 9adbceaa-43cf-4933-91a0-e05509d1c0a6

📥 Commits

Reviewing files that changed from the base of the PR and between c824f24 and cf69672.

📒 Files selected for processing (3)

• Dockerfile
• config/client/dotnet-templates/libraries/generichost/JsonConverter.mustache
• scripts/generate.sh