diff --git a/.devops/deploy-pipelines.yml b/.devops/deploy-pipelines.yml
deleted file mode 100644
index ca8dfa8..0000000
--- a/.devops/deploy-pipelines.yml
+++ /dev/null
@@ -1,228 +0,0 @@
-parameters:
- - name: ENV
- displayName: Target Environment
- type: string
- default: dev
- values:
- - dev
- - uat
- - prod
- - name: SEMVER
- displayName: "When packing a release, define the version bump to apply. Use only buildNumber or skip for manual deployment"
- type: string
- values:
- - major
- - minor
- - patch
- - buildNumber
- - skip
- default: skip
- - name: TEST
- displayName: Run tests
- type: boolean
- default: false
- - name: "FORCE_REPLACE_DOCKER_IMAGE"
- displayName: "Force the existing docker image to be replaced"
- type: boolean
- default: False
- values:
- - False
- - True
-
-variables:
- imageRepository: '$(IMAGE_REPOSITORY_NAME)'
-
- ${{ if eq(parameters['ENV'], 'dev') }}:
- AZURE_SUBSCRIPTION: $(DEV_AZURE_SUBSCRIPTION)
- APP_NAME: "pagopa-d-weu"
- STAGE: "d"
- RESOURCE_GROUP: 'pagopa-d-weu-nodo-re-to-datastore-rg'
- dockerRegistryServiceConnection: $(DEV_CONTAINER_REGISTRY_SERVICE_CONN)
- dockerNamespace: $(DEV_CONTAINER_NAMESPACE)
- ${{ if eq(parameters['ENV'], 'uat') }}:
- AZURE_SUBSCRIPTION: $(UAT_AZURE_SUBSCRIPTION)
- APP_NAME: "pagopa-u-weu"
- STAGE: "u"
- RESOURCE_GROUP: 'pagopa-u-weu-nodo-re-to-datastore-rg'
- dockerRegistryServiceConnection: $(UAT_CONTAINER_REGISTRY_SERVICE_CONN)
- dockerNamespace: $(UAT_CONTAINER_NAMESPACE)
- ${{ if eq(parameters['ENV'], 'prod') }}:
- AZURE_SUBSCRIPTION: $(PROD_AZURE_SUBSCRIPTION)
- APP_NAME: "pagopa-p-weu"
- STAGE: "p"
- RESOURCE_GROUP: 'pagopa-p-weu-nodo-re-to-datastore-rg'
- dockerRegistryServiceConnection: $(PROD_CONTAINER_REGISTRY_SERVICE_CONN)
- dockerNamespace: $(PROD_CONTAINER_NAMESPACE)
-
- ${{ if eq(variables['Build.SourceBranchName'], 'merge') }}:
- SOURCE_BRANCH: "main" # force to main branch
- ${{ if ne(variables['Build.SourceBranchName'], 'merge') }}:
- SOURCE_BRANCH: ${{ variables['Build.SourceBranchName'] }}
-
- MAVEN_CACHE_FOLDER: $(Pipeline.Workspace)/.m2/repository
- MAVEN_OPTS: "-Dmaven.repo.local=$(MAVEN_CACHE_FOLDER)"
- title: ""
- sha: ""
- tag: ""
-
-# Only manual triggers
-trigger: none
-pr: none
-
-pool:
- vmImage: ubuntu-latest
-
-resources:
- repositories:
- - repository: pagopaCommons
- type: github
- name: pagopa/azure-pipeline-templates
- ref: refs/tags/v2.10.1
- endpoint: 'io-azure-devops-github-ro'
-
-stages:
-
- # Create a release on GitHub
- - stage: Release
- jobs:
- - job: make_release
- steps:
- - checkout: self
- clean: true
- persistCredentials: true
-
- - ${{ if ne(parameters.SEMVER, 'skip') }}:
- - template: templates/maven-github-release/template.yaml@pagopaCommons
- parameters:
- release_branch: $(SOURCE_BRANCH)
- gitEmail: $(GIT_EMAIL)
- gitUsername: $(GIT_USERNAME)
- gitHubConnection: $(GITHUB_CONNECTION)
- ${{ if ne(parameters.SEMVER, 'skip') }}:
- semver: '${{ parameters.SEMVER }}'
- ${{ if eq(parameters.SEMVER, 'skip') }}:
- semver: 'buildNumber' # this case is impossible due to main condition, but it is necessary to work property
-
- - template: templates/maven-github-current-version/template.yaml@pagopaCommons
-
- # Build and Push Docker Image
- - stage: Build
- dependsOn: Release
- variables:
- current_version: $[ stageDependencies.Release.make_release.outputs['current_version.value'] ]
- jobs:
- - job: "build"
- steps:
- - checkout: self
- persistCredentials: true
-
- - script: |
- git checkout $(sourceBranch)
-
- - task: Maven@3
- inputs:
- mavenPomFile: 'pom.xml'
- publishJUnitResults: false
- javaHomeOption: 'JDKVersion'
- jdkVersionOption: '1.11'
- mavenVersionOption: 'Default'
- mavenOptions: '-Xmx3072m $(MAVEN_OPTS)'
- mavenAuthenticateFeed: false
- effectivePomSkip: false
- sonarQubeRunAnalysis: false
-
- - template: templates/docker-release/template.yaml@pagopaCommons
- parameters:
- CONTAINER_REGISTRY_SERVICE_CONN: $(dockerRegistryServiceConnection)
- CONTAINER_REGISTRY_FQDN: $(dockerNamespace)
- DOCKER_IMAGE_NAME: $(imageRepository)
- DOCKER_IMAGE_TAG: $(current_version)
- FORCE_REPLACE_DOCKER_IMAGE: ${{ parameters.FORCE_REPLACE_DOCKER_IMAGE }}
-
- # Deploy on Azure
- - stage: deploy
- variables:
- current_version: $[ stageDependencies.Release.make_release.outputs['current_version.value'] ]
- condition: not(failed('releaseService'))
- pool:
- vmImage: "ubuntu-latest"
- jobs:
- - job: deployJava
- steps:
- - task: AzureCLI@2
- displayName: Start staging slot [PROD]
- condition: eq('${{ parameters.ENV }}', 'prod')
- inputs:
- azureSubscription: $(AZURE_SUBSCRIPTION)
- addSpnToEnvironment: true
- scriptType: 'bash'
- scriptLocation: 'inlineScript'
- failOnStandardError: true
- inlineScript: |
- az functionapp start --name ${{variables.APP_NAME}}-nodo-re-ts-fn --resource-group $(RESOURCE_GROUP) --slot staging
- # deploy fn
- - task: AzureFunctionAppContainer@1
- displayName: Deploy Function App [DEV|UAT]
- condition: in('${{ parameters.ENV }}', 'dev', 'uat')
- inputs:
- azureSubscription: $(AZURE_SUBSCRIPTION)
- appName: "${{variables.APP_NAME}}-nodo-re-ts-fn"
- imageName: "${{variables.dockerNamespace}}/${{ variables.imageRepository }}:latest"
- slotName: production
- resourceGroupName: $(RESOURCE_GROUP)
- - task: AzureFunctionAppContainer@1
- displayName: Deploy Function App [PROD] staging
- condition: eq('${{ parameters.ENV }}', 'prod')
- inputs:
- azureSubscription: $(AZURE_SUBSCRIPTION)
- appName: "${{variables.APP_NAME}}-nodo-re-ts-fn"
- imageName: "${{variables.dockerNamespace}}/${{ variables.imageRepository }}:latest"
- deployToSlotOrASE: true
- slotName: staging
- resourceGroupName: $(RESOURCE_GROUP)
-
- - script: |
- echo "##vso[task.setvariable variable=version;isOutput=true]$(pomversion.next)"
- name: dockerTag
- - stage: deployApprovalPROD
- condition: eq('${{ parameters.ENV }}', 'prod')
- dependsOn: deploy
- pool:
- vmImage: "ubuntu-latest"
- jobs:
- - job: waitForApprovalPROD
- displayName: waiting for approval
- pool: server
- timeoutInMinutes: 4320 # 3 days
- steps:
- - task: ManualValidation@0
- displayName: Manual Approval
- inputs:
- onTimeout: "reject"
-
- - job: completeProdDeployFn
- displayName: complete prod function deploy
- dependsOn: waitForApprovalPROD
- steps:
- # deploy functions - swap
- - task: AzureAppServiceManage@0
- displayName: Swapping App Service Deploy
- inputs:
- ConnectedServiceName: $(AZURE_SUBSCRIPTION)
- WebAppName: "${{variables.APP_NAME}}-nodo-re-ts-fn"
- ResourceGroupName: $(RESOURCE_GROUP)
- SourceSlot: staging
- SwapWithProduction: true
- Slot: production
- # to prevent staging invocation
- - task: AzureCLI@2
- displayName: Stop staging slot [PROD]
- condition: eq('${{ parameters.ENV }}', 'prod')
- inputs:
- azureSubscription: $(AZURE_SUBSCRIPTION)
- addSpnToEnvironment: true
- scriptType: 'bash'
- scriptLocation: 'inlineScript'
- failOnStandardError: true
- inlineScript: |
- az functionapp stop --name ${{variables.APP_NAME}}-nodo-re-ts-fn --resource-group $(RESOURCE_GROUP) --slot staging
diff --git a/.github/workflows/04_release_deploy.yml b/.github/workflows/04_release_deploy.yml
index e7b2aae..6e9ca5a 100644
--- a/.github/workflows/04_release_deploy.yml
+++ b/.github/workflows/04_release_deploy.yml
@@ -18,23 +18,17 @@ on:
- dev
- uat
- prod
- - all
semver:
- required: true
+ required: false
type: choice
- description: Select the new Semantic Version
+ description: Select the version
options:
- - major
- - minor
- - patch
- - buildNumber
+ - ''
- skip
- default: skip
- beta:
- required: false
- type: boolean
- description: deploy beta version
- default: false
+ - promote
+ - patch
+ - new_release
+ - breaking_change
workflow_call:
inputs:
@@ -45,11 +39,6 @@ on:
required: true
type: string
default: skip
- beta:
- required: false
- type: boolean
- description: deploy beta version
- default: false
permissions:
packages: write
@@ -58,37 +47,33 @@ permissions:
id-token: write
actions: read
-
# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
setup:
name: Setup
runs-on: ubuntu-latest
outputs:
- semver: ${{ steps.get_semver.outputs.semver }}
- environment: ${{ steps.output.outputs.environment }}
+ semver: ${{ steps.semver_setup.outputs.semver }}
+ environment: ${{ steps.semver_setup.outputs.environment }}
+ resource_group: ${{ steps.get_rg.outputs.resource_group }}
+ app_name: ${{ steps.get_appname.outputs.app_name }}
steps:
- - name: Get semver
- id: get_semver
- uses: pagopa/github-actions-template/semver-setup@v1.3.0
-
- - if: ${{ github.event.inputs.environment == null || github.event.inputs.environment == 'dev' }}
- run: echo "ENVIRNOMENT=dev" >> $GITHUB_ENV
-
- - if: ${{ github.event.inputs.environment == 'uat' }}
- run: echo "ENVIRNOMENT=uat" >> $GITHUB_ENV
-
- - if: ${{ github.event.inputs.environment == 'prod' }}
- run: echo "ENVIRNOMENT=prod" >> $GITHUB_ENV
+ - name: Semver setup
+ id: semver_setup
+ uses: pagopa/github-actions-template/node-semver-setup@a1b72480e9ac555364be0b7ecdcc8f5ab1c89ad9
+ with:
+ semver: ${{ inputs.semver }}
- - if: ${{ github.event.inputs.environment == 'all' }}
- run: echo "ENVIRNOMENT=all" >> $GITHUB_ENV
+ # Set deploy variables
+ - run: echo "ENV_SHORT=$(echo ${{steps.semver_setup.outputs.environment}} | cut -c1-1)" >> $GITHUB_ENV
- - id: output
- name: Set Output
- run: |
- echo "environment=${{env.ENVIRNOMENT}}" >> $GITHUB_OUTPUT
+ - id: get_rg
+ name: Set Resource Group
+ run: echo "resource_group=pagopa-${{env.ENV_SHORT}}-weu-nodo-re-to-datastore-rg" >> $GITHUB_OUTPUT
+ - id: get_appname
+ name: Set App Name
+ run: echo "app_name=pagopa-${{env.ENV_SHORT}}-weu-nodo-re-ts-fn" >> $GITHUB_OUTPUT
release:
name: Create a New Release
@@ -96,6 +81,7 @@ jobs:
needs: [setup]
outputs:
version: ${{ steps.release.outputs.version }}
+ registry_image: ${{ steps.get_image.outputs.registry_image }}
steps:
- name: Make Release
id: release
@@ -103,50 +89,58 @@ jobs:
with:
semver: ${{ needs.setup.outputs.semver }}
github_token: ${{ secrets.BOT_TOKEN_GITHUB }}
- beta: ${{ inputs.beta }}
- skip_ci: ${{ inputs.beta }}
+ beta: false
- image:
- needs: [ setup, release ]
+ - name: Set image name from container registry
+ id: get_image
+ run: echo "registry_image=ghcr.io/pagopa/pagopa-nodo-re-to-tablestorage:${{steps.release.outputs.version}}" >> $GITHUB_OUTPUT
+
+ build-and-push:
name: Build and Push Docker Image
+ needs: [ setup, release ]
runs-on: ubuntu-latest
- if: ${{ inputs.semver != 'skip' }}
+ if: ${{ needs.setup.outputs.semver != 'skip' }}
+ environment: ${{ needs.setup.outputs.environment }}
steps:
- name: Build and Push
id: semver
- uses: pagopa/github-actions-template/ghcr-build-push@v1.4.1
+ uses: pagopa/github-actions-template/ghcr-build-push@v1.5.4
with:
+ branch: ${{ github.ref_name}}
github_token: ${{ secrets.GITHUB_TOKEN }}
tag: ${{ needs.release.outputs.version }}
- deploy:
- name: Deploy AZ Functions
- needs: [ setup, release, image ]
+ deploy_azure_fn:
+ name: Deploy Azure function
+ needs: [ setup, release, build-and-push ]
if: ${{ always() && !contains(needs.*.result, 'failure') && !contains(needs.*.result, 'cancelled') }}
strategy:
matrix:
environment: [ dev, uat, prod ]
- uses: ./.github/workflows/self_hosted.yml
- with:
- target: ${{ matrix.environment }}
- environment: ${{ needs.setup.outputs.environment }}
secrets: inherit
-
-# notify:
-# needs: [ deploy ]
-# runs-on: ubuntu-latest
-# name: Notify
-# if: always()
-# steps:
-# - name: Report Status
-# if: always()
-# uses: ravsamhq/notify-slack-action@v2
-# with:
-# status: ${{ needs.deploy.result }}
-# token: ${{ secrets.GITHUB_TOKEN }}
-# notify_when: 'failure,skipped'
-# notification_title: '{workflow} has {status_message}'
-# message_format: '{emoji} <{workflow_url}|{workflow}> {status_message} in <{repo_url}|{repo}>'
-# footer: 'Linked to Repo <{repo_url}|{repo}>'
-# env:
-# SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
+ uses: ./.github/workflows/04_self_hosted.yml
+ with:
+ environment: ${{ matrix.environment }}
+ target: ${{ needs.setup.outputs.environment }}
+ resource_group: ${{ needs.setup.outputs.resource_group }}
+ app_name: ${{ needs.setup.outputs.app_name }}
+ registry_image: ${{ needs.release.outputs.registry_image }}
+
+ notify:
+ name: Notify
+ needs: [ setup, release, deploy_azure_fn ]
+ runs-on: ubuntu-latest
+ if: always()
+ steps:
+ - name: Report Status
+ if: always()
+ uses: ravsamhq/notify-slack-action@v2
+ with:
+ status: ${{ needs.deploy_azure_fn.result }}
+ token: ${{ secrets.GITHUB_TOKEN }}
+ notification_title: 'New Release on ${{ needs.setup.outputs.environment }} for ${{ needs.release.outputs.version }} has {status_message}'
+ message_format: '{emoji} <{run_url}|{workflow}> {status_message} in <{repo_url}|{repo}>'
+ footer: 'Linked to <{workflow_url}| workflow file>'
+ icon_success: ':white_check_mark:'
+ env:
+ SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
diff --git a/.github/workflows/04_self_hosted.yml b/.github/workflows/04_self_hosted.yml
index 17e4205..a41067b 100644
--- a/.github/workflows/04_self_hosted.yml
+++ b/.github/workflows/04_self_hosted.yml
@@ -1,4 +1,4 @@
-name: Self Hosted Runner
+name: Deploy Azure function
on:
workflow_call:
@@ -11,75 +11,93 @@ on:
required: true
description: The environment target of the job
type: string
-
-env:
- NAMESPACE: nodo
- APP_NAME: pagopanodoretodatastore
+ resource_group:
+ required: true
+ description: The resource group of the function to deploy
+ type: string
+ app_name:
+ required: true
+ description: The name of the function to deploy
+ type: string
+ registry_image:
+ required: true
+ description: The name of the image from container registry to be used
+ type: string
permissions:
id-token: write
contents: read
jobs:
- create_runner:
- name: Create Runner
+ show_input:
+ runs-on: ubuntu-latest
+ if: ${{ inputs.target == inputs.environment }}
+ steps:
+ - name: Get input parameters
+ run: |
+ echo environment=${{ inputs.environment }}
+ echo target=${{ inputs.target }}
+ echo resource_group=${{ inputs.resource_group }}
+ echo app_name=${{ inputs.app_name }}
+ echo registry_image=${{ inputs.registry_image }}
+
+
+ # Starting the Azure Function's staging slot, if deploying in PROD
+ start_staging_slot:
+ name: Create staging slots
runs-on: ubuntu-22.04
+ if: ${{ inputs.target == inputs.environment && inputs.target == 'prod' }}
environment:
name: ${{ inputs.environment }}
- if: ${{ inputs.target == inputs.environment || inputs.environment == 'all' }}
- outputs:
- runner_name: ${{ steps.create_github_runner.outputs.runner_name }}
steps:
- - name: Create GitHub Runner
- id: create_github_runner
- # from https://github.com/pagopa/github-self-hosted-runner-azure-create-action/commits/main
- uses: pagopa/github-self-hosted-runner-azure-create-action@v1.1.2
+ - name: Create staging slots
+ uses: pagopa/github-actions-template/azure-function-start-staging-slot@a1b72480e9ac555364be0b7ecdcc8f5ab1c89ad9
with:
+ branch: ${{ github.ref_name }}
client_id: ${{ secrets.CLIENT_ID }}
tenant_id: ${{ secrets.TENANT_ID }}
subscription_id: ${{ secrets.SUBSCRIPTION_ID }}
- container_app_environment_name: ${{ secrets.CONTAINER_APP_ENVIRONMENT_NAME }}
- resource_group_name: ${{ secrets.RUNNER_RESOURCE_GROUP_NAME }} # RG of the runner
- pat_token: ${{ secrets.BOT_TOKEN_GITHUB }}
- self_hosted_runner_image_tag: "v1.4.0"
+ resource_group: ${{ inputs.resource_group }}
+ app_name: ${{ inputs.app_name }}
+ registry_image: ${{ inputs.registry_image }}
+
+ # Executing the deploy of the Azure function with the new image
deploy:
- needs: [ create_runner ]
- runs-on: [ self-hosted, "${{ needs.create_runner.outputs.runner_name }}" ]
- if: ${{ inputs.target == inputs.environment || inputs.environment == 'all' }}
- name: Deploy
- environment: ${{ inputs.environment }}
+ name: Deploy Azure Function
+ runs-on: ubuntu-22.04
+ needs: [ start_staging_slot ]
+ if: ${{ always() && inputs.target == inputs.environment }}
+ environment:
+ name: ${{ inputs.environment }}
steps:
- - name: Deploy
- uses: pagopa/github-actions-template/azure-functions-deploy@az-functions # TODO set tag after PR merge
+ - name: Deploy Azure Function
+ uses: pagopa/github-actions-template/azure-functions-deploy@a1b72480e9ac555364be0b7ecdcc8f5ab1c89ad9
with:
branch: ${{ github.ref_name }}
client_id: ${{ secrets.CLIENT_ID }}
- subscription_id: ${{ secrets.SUBSCRIPTION_ID }}
tenant_id: ${{ secrets.TENANT_ID }}
- env: ${{ inputs.environment }}
- namespace: ${{ env.NAMESPACE }}
- cluster_name: ${{ secrets.CLUSTER_NAME }}
- resource_group: ${{ secrets.CLUSTER_RESOURCE_GROUP_NAME }}
- app_name: ${{ env.APP_NAME }}
-
+ subscription_id: ${{ secrets.SUBSCRIPTION_ID }}
+ app_name: ${{ inputs.app_name }}
+ registry_image: ${{ inputs.registry_image }}
- cleanup_runner:
- name: Cleanup Runner
- needs: [ create_runner, deploy ]
- if: ${{ success() || failure() && inputs.target == inputs.environment || inputs.environment == 'all' }}
+ # Stopping the Azure Function's staging slot, if deploying in PROD
+ stop_staging_slot:
+ name: Clean staging slots
+ needs: [ start_staging_slot, deploy ]
+ if: ${{ success() || failure() && (inputs.target == inputs.environment && inputs.target == 'prod') }}
runs-on: ubuntu-22.04
- environment: ${{ inputs.environment }}
+ environment:
+ name: ${{ inputs.environment }}
steps:
- - name: Cleanup GitHub Runner
- id: cleanup_github_runner
- # from https://github.com/pagopa/github-self-hosted-runner-azure-cleanup-action/commits/main
- uses: pagopa/github-self-hosted-runner-azure-cleanup-action@v1.0.3
+ - name: Deploy Azure Function
+ uses: pagopa/github-actions-template/azure-function-stop-staging-slot@a1b72480e9ac555364be0b7ecdcc8f5ab1c89ad9
with:
+ branch: ${{ github.ref_name }}
client_id: ${{ secrets.CLIENT_ID }}
tenant_id: ${{ secrets.TENANT_ID }}
subscription_id: ${{ secrets.SUBSCRIPTION_ID }}
- resource_group_name: ${{ secrets.RUNNER_RESOURCE_GROUP_NAME }}
- runner_name: ${{ needs.create_runner.outputs.runner_name }}
- pat_token: ${{ secrets.BOT_TOKEN_GITHUB }}
+ resource_group: ${{ inputs.resource_group }}
+ app_name: ${{ inputs.app_name }}
+ registry_image: ${{ inputs.registry_image }}
\ No newline at end of file
diff --git a/.identity/.terraform.lock.hcl b/.identity/.terraform.lock.hcl
new file mode 100644
index 0000000..4e16852
--- /dev/null
+++ b/.identity/.terraform.lock.hcl
@@ -0,0 +1,83 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/azuread" {
+ version = "2.30.0"
+ constraints = "2.30.0"
+ hashes = [
+ "h1:Uw4TcmJBEJ71h+oCwwidlkk5jFpyFRDPAFCMs/bT/cw=",
+ "zh:1c3e89cf19118fc07d7b04257251fc9897e722c16e0a0df7b07fcd261f8c12e7",
+ "zh:2e62c193030e04ebb10cc0526119cf69824bf2d7e4ea5a2f45bd5d5fb7221d36",
+ "zh:2f3c7a35257332d68b778cefc5201a5f044e4914dd03794a4da662ddfe756483",
+ "zh:35d0d3a1b58fdb8b8c4462d6b7e7016042da43ea9cc734ce897f52a73407d9b0",
+ "zh:47ede0cd0206ec953d40bf4a80aa6e59af64e26cbbd877614ac424533dbb693b",
+ "zh:48c190307d4d42ea67c9b8cc544025024753f46cef6ea64db84735e7055a72da",
+ "zh:6fff9b2c6a962252a70a15b400147789ab369b35a781e9d21cce3804b04d29af",
+ "zh:7646980cf3438bff29c91ffedb74458febbb00a996638751fbd204ab1c628c9b",
+ "zh:77aa2fa7ca6d5446afa71d4ff83cb87b70a2f3b72110fc442c339e8e710b2928",
+ "zh:e20b2b2c37175b89dd0db058a096544d448032e28e3b56e2db368343533a9684",
+ "zh:eab175b1dfe9865ad9404dccb6d5542899f8c435095aa7c679314b811c717ce7",
+ "zh:efc862bd78c55d2ff089729e2a34c1831ab4b0644fc11b36ee4ebed00a4797ba",
+ ]
+}
+
+provider "registry.terraform.io/hashicorp/azurerm" {
+ version = "3.45.0"
+ constraints = "3.45.0"
+ hashes = [
+ "h1:VQWxV5+qelZeUCjpdLvZ7iAom4RvG+fVVgK6ELvw/cs=",
+ "zh:04c5dbb8845366ce5eb0dc2d55e151270cc2c0ace20993867fdae9af43b953ad",
+ "zh:2589585da615ccae341400d45d672ee3fae413fdd88449b5befeff12a85a44b2",
+ "zh:603869ed98fff5d9bf841a51afd9e06b628533c59356c8433aef4b15df63f5f7",
+ "zh:853fecab9c987b6772c8d9aa10362675f6c626b60ebc7118aa33ce91366fcc38",
+ "zh:979848c45e8e058862c36ba3a661457f7c81ef26ebb6634f479600de9c203d65",
+ "zh:9b512c8588ecc9c1b803b746a3a8517422561a918f0dfb0faaa707ed53ef1760",
+ "zh:a9601ffb58043426bcff1220662d6d137f0b2857a24f2dcf180aeac2c9cea688",
+ "zh:d52d2652328f0ed3ba202561d88cb9f43c174edbfaab1abf69f772125dbfe15e",
+ "zh:d92d91ca597c47f575bf3ae129f4b723be9b7dcb71b906ec6ec740fac29b1aaa",
+ "zh:ded73b730e4197b70fda9e83447c119f92f75dc37be3ff2ed45730c8f0348c28",
+ "zh:ec37ac332d50f8ca5827f97198346b0f8ecbf470e2e3ba1e027bb389d826b902",
+ "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
+ ]
+}
+
+provider "registry.terraform.io/hashicorp/null" {
+ version = "3.2.1"
+ hashes = [
+ "h1:ydA0/SNRVB1o95btfshvYsmxA+jZFRZcvKzZSB+4S1M=",
+ "zh:58ed64389620cc7b82f01332e27723856422820cfd302e304b5f6c3436fb9840",
+ "zh:62a5cc82c3b2ddef7ef3a6f2fedb7b9b3deff4ab7b414938b08e51d6e8be87cb",
+ "zh:63cff4de03af983175a7e37e52d4bd89d990be256b16b5c7f919aff5ad485aa5",
+ "zh:74cb22c6700e48486b7cabefa10b33b801dfcab56f1a6ac9b6624531f3d36ea3",
+ "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
+ "zh:79e553aff77f1cfa9012a2218b8238dd672ea5e1b2924775ac9ac24d2a75c238",
+ "zh:a1e06ddda0b5ac48f7e7c7d59e1ab5a4073bbcf876c73c0299e4610ed53859dc",
+ "zh:c37a97090f1a82222925d45d84483b2aa702ef7ab66532af6cbcfb567818b970",
+ "zh:e4453fbebf90c53ca3323a92e7ca0f9961427d2f0ce0d2b65523cc04d5d999c2",
+ "zh:e80a746921946d8b6761e77305b752ad188da60688cfd2059322875d363be5f5",
+ "zh:fbdb892d9822ed0e4cb60f2fedbdbb556e4da0d88d3b942ae963ed6ff091e48f",
+ "zh:fca01a623d90d0cad0843102f9b8b9fe0d3ff8244593bd817f126582b52dd694",
+ ]
+}
+
+provider "registry.terraform.io/integrations/github" {
+ version = "5.18.3"
+ constraints = "5.18.3"
+ hashes = [
+ "h1:WbZvLB2qXKVoh4BvOOwFfEds+SZQrkINfSAWPnWFxGo=",
+ "zh:050b37d96628cb7451137755929ca8d21ea546bc46d11a715652584070e83ff2",
+ "zh:053051061f1b7f7673b0ceffac1f239ba28b0e5b375999206fd39976e85d9f2b",
+ "zh:0c300a977ca66d0347ed62bb116fd8fc9abb376a554d4c192d14f3ea71c83500",
+ "zh:1d5a1a5243eba78819d2f92ff2d504ebf9a9008a6670fb5f5660f44eb6a156d8",
+ "zh:a13ac15d251ebf4e7dc40acb0e40df066f443f4c7799186a29e2e44addc7d8e7",
+ "zh:a316d94b885953c036ebc9fba64a23da93974746bc3ac9d207462a6f02d44540",
+ "zh:a658a00373bff5979cc227052c693cbde8ca4c8f9fef1bc8094a3516f2e2a96d",
+ "zh:a7bfc6ad8465d5dc11b6f19d6805364de87fffe27622bb4f37da2319bb1c4956",
+ "zh:d7379a76861f1a6bfc36eca7a20f1f477711247563b105744d69d7bd1f365fad",
+ "zh:de1cd959fd4821248e8d21570601193408648474e74f49597f1d0c43185a4ab7",
+ "zh:e0b281240dd6f2aa405b2d6fe329bc15ab877161affe163fb150d1efca2fccdb",
+ "zh:e372c171358757a983d7aa878abfd05a84484fb4d22167e45c9c1267e78ed060",
+ "zh:f6d3116526030b3f6905f530cd6c04b23d42890d973fa2abe10ce9c89cb1db80",
+ "zh:f99eec731e03cc6a28996c875bd435887cd7ea75ec07cc77b9e768bb12da2227",
+ ]
+}
diff --git a/.identity/00_data.tf b/.identity/00_data.tf
index 8f41a0e..69a4ee0 100644
--- a/.identity/00_data.tf
+++ b/.identity/00_data.tf
@@ -32,12 +32,11 @@ data "azurerm_key_vault_secret" "key_vault_bot_token" {
key_vault_id = data.azurerm_key_vault.key_vault.id
}
-#data "azurerm_key_vault_secret" "key_vault_cucumber_token" {
-# name = "cucumber-token"
-# key_vault_id = data.azurerm_key_vault.key_vault.id
-#}
-
-#data "azurerm_key_vault_secret" "key_vault_integration_test_subkey" {
-# name = "integration-test-subkey"
-# key_vault_id = data.azurerm_key_vault.key_vault.id
-#}
+data "azurerm_key_vault_secret" "key_vault_slack_webhook_url" {
+ name = "slack-webhook-url"
+ key_vault_id = data.azurerm_key_vault.domain_key_vault.id
+}
+
+data "azurerm_resource_group" "nodo_re_rg" {
+ name = "pagopa-${var.env_short}-${local.location_short}-nodo-re-to-datastore-rg"
+}
\ No newline at end of file
diff --git a/.identity/02_application_action.tf b/.identity/02_application_action.tf
index 9926884..b519782 100644
--- a/.identity/02_application_action.tf
+++ b/.identity/02_application_action.tf
@@ -41,6 +41,12 @@ resource "null_resource" "github_runner_app_permissions_to_namespace" {
}
}
+resource "azurerm_role_assignment" "environment_function" {
+ scope = data.azurerm_resource_group.nodo_re_rg.id
+ role_definition_name = "Contributor"
+ principal_id = module.github_runner_app.object_id
+}
+
resource "azurerm_role_assignment" "environment_terraform_resource_group_dashboards" {
scope = data.azurerm_resource_group.dashboards.id
role_definition_name = "Contributor"
diff --git a/.identity/03_github_environment.tf b/.identity/03_github_environment.tf
index 1fc39a8..19fb5a3 100644
--- a/.identity/03_github_environment.tf
+++ b/.identity/03_github_environment.tf
@@ -23,9 +23,7 @@ locals {
env_secrets = {
"CLIENT_ID" : module.github_runner_app.application_id,
"TENANT_ID" : data.azurerm_client_config.current.tenant_id,
- "SUBSCRIPTION_ID" : data.azurerm_subscription.current.subscription_id,
- "ISSUER_RANGE_TABLE" : "${local.prefix}${var.env_short}${local.location_short}${local.domain}saissuerrangetable",
-# "SUBKEY" : data.azurerm_key_vault_secret.key_vault_integration_test_subkey.value,
+ "SUBSCRIPTION_ID" : data.azurerm_subscription.current.subscription_id
}
env_variables = {
"CONTAINER_APP_ENVIRONMENT_NAME" : local.container_app_environment.name,
@@ -38,7 +36,7 @@ locals {
repo_secrets = {
"SONAR_TOKEN" : data.azurerm_key_vault_secret.key_vault_sonar.value,
"BOT_TOKEN_GITHUB" : data.azurerm_key_vault_secret.key_vault_bot_token.value,
-# "CUCUMBER_PUBLISH_TOKEN" : data.azurerm_key_vault_secret.key_vault_cucumber_token.value,
+ "SLACK_WEBHOOK_URL": data.azurerm_key_vault_secret.key_vault_slack_webhook_url.value
}
}
@@ -79,3 +77,23 @@ resource "github_actions_secret" "repo_secrets" {
plaintext_value = each.value
}
+############
+## Labels ##
+############
+resource "github_issue_label" "breaking_change" {
+ repository = local.github.repository
+ name = "breaking-change"
+ color = "FF0000"
+}
+
+resource "github_issue_label" "new_release" {
+ repository = local.github.repository
+ name = "new-release"
+ color = "FFFF00"
+}
+
+resource "github_issue_label" "ignore_for_release" {
+ repository = local.github.repository
+ name = "ignore-for-release"
+ color = "008000"
+}
\ No newline at end of file
diff --git a/host.json b/host.json
index 6aaa48a..3765cbf 100644
--- a/host.json
+++ b/host.json
@@ -29,10 +29,10 @@
},
"fileLoggingMode": "always",
"logLevel": {
- "default": "Debug",
- "Host.Results": "Information",
- "Function": "Error",
- "Function.EventHubNodoReEventProcessor": "Debug",
+ "default": "Information",
+ "Host.Results": "Error",
+ "Function": "Information",
+ "Function.EventHubNodoReEventProcessor": "Error",
"Host.Aggregator": "Trace"
}
}
diff --git a/pom.xml b/pom.xml
index 44b39d4..66e0839 100644
--- a/pom.xml
+++ b/pom.xml
@@ -5,7 +5,7 @@
it.gov.pagopa
nodoretotablestorage
- 0.1.2
+ 0.1.2-2-NOD-473-migrazione-cd-su-git-hub-action-per-nodo-re-to-tablestorage
jar
Nodo RE to Table Storage Fn