diff --git a/.devops/deploy-pipelines.yml b/.devops/deploy-pipelines.yml deleted file mode 100644 index ca8dfa8..0000000 --- a/.devops/deploy-pipelines.yml +++ /dev/null @@ -1,228 +0,0 @@ -parameters: - - name: ENV - displayName: Target Environment - type: string - default: dev - values: - - dev - - uat - - prod - - name: SEMVER - displayName: "When packing a release, define the version bump to apply. Use only buildNumber or skip for manual deployment" - type: string - values: - - major - - minor - - patch - - buildNumber - - skip - default: skip - - name: TEST - displayName: Run tests - type: boolean - default: false - - name: "FORCE_REPLACE_DOCKER_IMAGE" - displayName: "Force the existing docker image to be replaced" - type: boolean - default: False - values: - - False - - True - -variables: - imageRepository: '$(IMAGE_REPOSITORY_NAME)' - - ${{ if eq(parameters['ENV'], 'dev') }}: - AZURE_SUBSCRIPTION: $(DEV_AZURE_SUBSCRIPTION) - APP_NAME: "pagopa-d-weu" - STAGE: "d" - RESOURCE_GROUP: 'pagopa-d-weu-nodo-re-to-datastore-rg' - dockerRegistryServiceConnection: $(DEV_CONTAINER_REGISTRY_SERVICE_CONN) - dockerNamespace: $(DEV_CONTAINER_NAMESPACE) - ${{ if eq(parameters['ENV'], 'uat') }}: - AZURE_SUBSCRIPTION: $(UAT_AZURE_SUBSCRIPTION) - APP_NAME: "pagopa-u-weu" - STAGE: "u" - RESOURCE_GROUP: 'pagopa-u-weu-nodo-re-to-datastore-rg' - dockerRegistryServiceConnection: $(UAT_CONTAINER_REGISTRY_SERVICE_CONN) - dockerNamespace: $(UAT_CONTAINER_NAMESPACE) - ${{ if eq(parameters['ENV'], 'prod') }}: - AZURE_SUBSCRIPTION: $(PROD_AZURE_SUBSCRIPTION) - APP_NAME: "pagopa-p-weu" - STAGE: "p" - RESOURCE_GROUP: 'pagopa-p-weu-nodo-re-to-datastore-rg' - dockerRegistryServiceConnection: $(PROD_CONTAINER_REGISTRY_SERVICE_CONN) - dockerNamespace: $(PROD_CONTAINER_NAMESPACE) - - ${{ if eq(variables['Build.SourceBranchName'], 'merge') }}: - SOURCE_BRANCH: "main" # force to main branch - ${{ if ne(variables['Build.SourceBranchName'], 'merge') }}: - SOURCE_BRANCH: ${{ variables['Build.SourceBranchName'] }} - - MAVEN_CACHE_FOLDER: $(Pipeline.Workspace)/.m2/repository - MAVEN_OPTS: "-Dmaven.repo.local=$(MAVEN_CACHE_FOLDER)" - title: "" - sha: "" - tag: "" - -# Only manual triggers -trigger: none -pr: none - -pool: - vmImage: ubuntu-latest - -resources: - repositories: - - repository: pagopaCommons - type: github - name: pagopa/azure-pipeline-templates - ref: refs/tags/v2.10.1 - endpoint: 'io-azure-devops-github-ro' - -stages: - - # Create a release on GitHub - - stage: Release - jobs: - - job: make_release - steps: - - checkout: self - clean: true - persistCredentials: true - - - ${{ if ne(parameters.SEMVER, 'skip') }}: - - template: templates/maven-github-release/template.yaml@pagopaCommons - parameters: - release_branch: $(SOURCE_BRANCH) - gitEmail: $(GIT_EMAIL) - gitUsername: $(GIT_USERNAME) - gitHubConnection: $(GITHUB_CONNECTION) - ${{ if ne(parameters.SEMVER, 'skip') }}: - semver: '${{ parameters.SEMVER }}' - ${{ if eq(parameters.SEMVER, 'skip') }}: - semver: 'buildNumber' # this case is impossible due to main condition, but it is necessary to work property - - - template: templates/maven-github-current-version/template.yaml@pagopaCommons - - # Build and Push Docker Image - - stage: Build - dependsOn: Release - variables: - current_version: $[ stageDependencies.Release.make_release.outputs['current_version.value'] ] - jobs: - - job: "build" - steps: - - checkout: self - persistCredentials: true - - - script: | - git checkout $(sourceBranch) - - - task: Maven@3 - inputs: - mavenPomFile: 'pom.xml' - publishJUnitResults: false - javaHomeOption: 'JDKVersion' - jdkVersionOption: '1.11' - mavenVersionOption: 'Default' - mavenOptions: '-Xmx3072m $(MAVEN_OPTS)' - mavenAuthenticateFeed: false - effectivePomSkip: false - sonarQubeRunAnalysis: false - - - template: templates/docker-release/template.yaml@pagopaCommons - parameters: - CONTAINER_REGISTRY_SERVICE_CONN: $(dockerRegistryServiceConnection) - CONTAINER_REGISTRY_FQDN: $(dockerNamespace) - DOCKER_IMAGE_NAME: $(imageRepository) - DOCKER_IMAGE_TAG: $(current_version) - FORCE_REPLACE_DOCKER_IMAGE: ${{ parameters.FORCE_REPLACE_DOCKER_IMAGE }} - - # Deploy on Azure - - stage: deploy - variables: - current_version: $[ stageDependencies.Release.make_release.outputs['current_version.value'] ] - condition: not(failed('releaseService')) - pool: - vmImage: "ubuntu-latest" - jobs: - - job: deployJava - steps: - - task: AzureCLI@2 - displayName: Start staging slot [PROD] - condition: eq('${{ parameters.ENV }}', 'prod') - inputs: - azureSubscription: $(AZURE_SUBSCRIPTION) - addSpnToEnvironment: true - scriptType: 'bash' - scriptLocation: 'inlineScript' - failOnStandardError: true - inlineScript: | - az functionapp start --name ${{variables.APP_NAME}}-nodo-re-ts-fn --resource-group $(RESOURCE_GROUP) --slot staging - # deploy fn - - task: AzureFunctionAppContainer@1 - displayName: Deploy Function App [DEV|UAT] - condition: in('${{ parameters.ENV }}', 'dev', 'uat') - inputs: - azureSubscription: $(AZURE_SUBSCRIPTION) - appName: "${{variables.APP_NAME}}-nodo-re-ts-fn" - imageName: "${{variables.dockerNamespace}}/${{ variables.imageRepository }}:latest" - slotName: production - resourceGroupName: $(RESOURCE_GROUP) - - task: AzureFunctionAppContainer@1 - displayName: Deploy Function App [PROD] staging - condition: eq('${{ parameters.ENV }}', 'prod') - inputs: - azureSubscription: $(AZURE_SUBSCRIPTION) - appName: "${{variables.APP_NAME}}-nodo-re-ts-fn" - imageName: "${{variables.dockerNamespace}}/${{ variables.imageRepository }}:latest" - deployToSlotOrASE: true - slotName: staging - resourceGroupName: $(RESOURCE_GROUP) - - - script: | - echo "##vso[task.setvariable variable=version;isOutput=true]$(pomversion.next)" - name: dockerTag - - stage: deployApprovalPROD - condition: eq('${{ parameters.ENV }}', 'prod') - dependsOn: deploy - pool: - vmImage: "ubuntu-latest" - jobs: - - job: waitForApprovalPROD - displayName: waiting for approval - pool: server - timeoutInMinutes: 4320 # 3 days - steps: - - task: ManualValidation@0 - displayName: Manual Approval - inputs: - onTimeout: "reject" - - - job: completeProdDeployFn - displayName: complete prod function deploy - dependsOn: waitForApprovalPROD - steps: - # deploy functions - swap - - task: AzureAppServiceManage@0 - displayName: Swapping App Service Deploy - inputs: - ConnectedServiceName: $(AZURE_SUBSCRIPTION) - WebAppName: "${{variables.APP_NAME}}-nodo-re-ts-fn" - ResourceGroupName: $(RESOURCE_GROUP) - SourceSlot: staging - SwapWithProduction: true - Slot: production - # to prevent staging invocation - - task: AzureCLI@2 - displayName: Stop staging slot [PROD] - condition: eq('${{ parameters.ENV }}', 'prod') - inputs: - azureSubscription: $(AZURE_SUBSCRIPTION) - addSpnToEnvironment: true - scriptType: 'bash' - scriptLocation: 'inlineScript' - failOnStandardError: true - inlineScript: | - az functionapp stop --name ${{variables.APP_NAME}}-nodo-re-ts-fn --resource-group $(RESOURCE_GROUP) --slot staging diff --git a/.github/workflows/04_release_deploy.yml b/.github/workflows/04_release_deploy.yml index e7b2aae..6e9ca5a 100644 --- a/.github/workflows/04_release_deploy.yml +++ b/.github/workflows/04_release_deploy.yml @@ -18,23 +18,17 @@ on: - dev - uat - prod - - all semver: - required: true + required: false type: choice - description: Select the new Semantic Version + description: Select the version options: - - major - - minor - - patch - - buildNumber + - '' - skip - default: skip - beta: - required: false - type: boolean - description: deploy beta version - default: false + - promote + - patch + - new_release + - breaking_change workflow_call: inputs: @@ -45,11 +39,6 @@ on: required: true type: string default: skip - beta: - required: false - type: boolean - description: deploy beta version - default: false permissions: packages: write @@ -58,37 +47,33 @@ permissions: id-token: write actions: read - # A workflow run is made up of one or more jobs that can run sequentially or in parallel jobs: setup: name: Setup runs-on: ubuntu-latest outputs: - semver: ${{ steps.get_semver.outputs.semver }} - environment: ${{ steps.output.outputs.environment }} + semver: ${{ steps.semver_setup.outputs.semver }} + environment: ${{ steps.semver_setup.outputs.environment }} + resource_group: ${{ steps.get_rg.outputs.resource_group }} + app_name: ${{ steps.get_appname.outputs.app_name }} steps: - - name: Get semver - id: get_semver - uses: pagopa/github-actions-template/semver-setup@v1.3.0 - - - if: ${{ github.event.inputs.environment == null || github.event.inputs.environment == 'dev' }} - run: echo "ENVIRNOMENT=dev" >> $GITHUB_ENV - - - if: ${{ github.event.inputs.environment == 'uat' }} - run: echo "ENVIRNOMENT=uat" >> $GITHUB_ENV - - - if: ${{ github.event.inputs.environment == 'prod' }} - run: echo "ENVIRNOMENT=prod" >> $GITHUB_ENV + - name: Semver setup + id: semver_setup + uses: pagopa/github-actions-template/node-semver-setup@a1b72480e9ac555364be0b7ecdcc8f5ab1c89ad9 + with: + semver: ${{ inputs.semver }} - - if: ${{ github.event.inputs.environment == 'all' }} - run: echo "ENVIRNOMENT=all" >> $GITHUB_ENV + # Set deploy variables + - run: echo "ENV_SHORT=$(echo ${{steps.semver_setup.outputs.environment}} | cut -c1-1)" >> $GITHUB_ENV - - id: output - name: Set Output - run: | - echo "environment=${{env.ENVIRNOMENT}}" >> $GITHUB_OUTPUT + - id: get_rg + name: Set Resource Group + run: echo "resource_group=pagopa-${{env.ENV_SHORT}}-weu-nodo-re-to-datastore-rg" >> $GITHUB_OUTPUT + - id: get_appname + name: Set App Name + run: echo "app_name=pagopa-${{env.ENV_SHORT}}-weu-nodo-re-ts-fn" >> $GITHUB_OUTPUT release: name: Create a New Release @@ -96,6 +81,7 @@ jobs: needs: [setup] outputs: version: ${{ steps.release.outputs.version }} + registry_image: ${{ steps.get_image.outputs.registry_image }} steps: - name: Make Release id: release @@ -103,50 +89,58 @@ jobs: with: semver: ${{ needs.setup.outputs.semver }} github_token: ${{ secrets.BOT_TOKEN_GITHUB }} - beta: ${{ inputs.beta }} - skip_ci: ${{ inputs.beta }} + beta: false - image: - needs: [ setup, release ] + - name: Set image name from container registry + id: get_image + run: echo "registry_image=ghcr.io/pagopa/pagopa-nodo-re-to-tablestorage:${{steps.release.outputs.version}}" >> $GITHUB_OUTPUT + + build-and-push: name: Build and Push Docker Image + needs: [ setup, release ] runs-on: ubuntu-latest - if: ${{ inputs.semver != 'skip' }} + if: ${{ needs.setup.outputs.semver != 'skip' }} + environment: ${{ needs.setup.outputs.environment }} steps: - name: Build and Push id: semver - uses: pagopa/github-actions-template/ghcr-build-push@v1.4.1 + uses: pagopa/github-actions-template/ghcr-build-push@v1.5.4 with: + branch: ${{ github.ref_name}} github_token: ${{ secrets.GITHUB_TOKEN }} tag: ${{ needs.release.outputs.version }} - deploy: - name: Deploy AZ Functions - needs: [ setup, release, image ] + deploy_azure_fn: + name: Deploy Azure function + needs: [ setup, release, build-and-push ] if: ${{ always() && !contains(needs.*.result, 'failure') && !contains(needs.*.result, 'cancelled') }} strategy: matrix: environment: [ dev, uat, prod ] - uses: ./.github/workflows/self_hosted.yml - with: - target: ${{ matrix.environment }} - environment: ${{ needs.setup.outputs.environment }} secrets: inherit - -# notify: -# needs: [ deploy ] -# runs-on: ubuntu-latest -# name: Notify -# if: always() -# steps: -# - name: Report Status -# if: always() -# uses: ravsamhq/notify-slack-action@v2 -# with: -# status: ${{ needs.deploy.result }} -# token: ${{ secrets.GITHUB_TOKEN }} -# notify_when: 'failure,skipped' -# notification_title: '{workflow} has {status_message}' -# message_format: '{emoji} <{workflow_url}|{workflow}> {status_message} in <{repo_url}|{repo}>' -# footer: 'Linked to Repo <{repo_url}|{repo}>' -# env: -# SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + uses: ./.github/workflows/04_self_hosted.yml + with: + environment: ${{ matrix.environment }} + target: ${{ needs.setup.outputs.environment }} + resource_group: ${{ needs.setup.outputs.resource_group }} + app_name: ${{ needs.setup.outputs.app_name }} + registry_image: ${{ needs.release.outputs.registry_image }} + + notify: + name: Notify + needs: [ setup, release, deploy_azure_fn ] + runs-on: ubuntu-latest + if: always() + steps: + - name: Report Status + if: always() + uses: ravsamhq/notify-slack-action@v2 + with: + status: ${{ needs.deploy_azure_fn.result }} + token: ${{ secrets.GITHUB_TOKEN }} + notification_title: 'New Release on ${{ needs.setup.outputs.environment }} for ${{ needs.release.outputs.version }} has {status_message}' + message_format: '{emoji} <{run_url}|{workflow}> {status_message} in <{repo_url}|{repo}>' + footer: 'Linked to <{workflow_url}| workflow file>' + icon_success: ':white_check_mark:' + env: + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} diff --git a/.github/workflows/04_self_hosted.yml b/.github/workflows/04_self_hosted.yml index 17e4205..a41067b 100644 --- a/.github/workflows/04_self_hosted.yml +++ b/.github/workflows/04_self_hosted.yml @@ -1,4 +1,4 @@ -name: Self Hosted Runner +name: Deploy Azure function on: workflow_call: @@ -11,75 +11,93 @@ on: required: true description: The environment target of the job type: string - -env: - NAMESPACE: nodo - APP_NAME: pagopanodoretodatastore + resource_group: + required: true + description: The resource group of the function to deploy + type: string + app_name: + required: true + description: The name of the function to deploy + type: string + registry_image: + required: true + description: The name of the image from container registry to be used + type: string permissions: id-token: write contents: read jobs: - create_runner: - name: Create Runner + show_input: + runs-on: ubuntu-latest + if: ${{ inputs.target == inputs.environment }} + steps: + - name: Get input parameters + run: | + echo environment=${{ inputs.environment }} + echo target=${{ inputs.target }} + echo resource_group=${{ inputs.resource_group }} + echo app_name=${{ inputs.app_name }} + echo registry_image=${{ inputs.registry_image }} + + + # Starting the Azure Function's staging slot, if deploying in PROD + start_staging_slot: + name: Create staging slots runs-on: ubuntu-22.04 + if: ${{ inputs.target == inputs.environment && inputs.target == 'prod' }} environment: name: ${{ inputs.environment }} - if: ${{ inputs.target == inputs.environment || inputs.environment == 'all' }} - outputs: - runner_name: ${{ steps.create_github_runner.outputs.runner_name }} steps: - - name: Create GitHub Runner - id: create_github_runner - # from https://github.com/pagopa/github-self-hosted-runner-azure-create-action/commits/main - uses: pagopa/github-self-hosted-runner-azure-create-action@v1.1.2 + - name: Create staging slots + uses: pagopa/github-actions-template/azure-function-start-staging-slot@a1b72480e9ac555364be0b7ecdcc8f5ab1c89ad9 with: + branch: ${{ github.ref_name }} client_id: ${{ secrets.CLIENT_ID }} tenant_id: ${{ secrets.TENANT_ID }} subscription_id: ${{ secrets.SUBSCRIPTION_ID }} - container_app_environment_name: ${{ secrets.CONTAINER_APP_ENVIRONMENT_NAME }} - resource_group_name: ${{ secrets.RUNNER_RESOURCE_GROUP_NAME }} # RG of the runner - pat_token: ${{ secrets.BOT_TOKEN_GITHUB }} - self_hosted_runner_image_tag: "v1.4.0" + resource_group: ${{ inputs.resource_group }} + app_name: ${{ inputs.app_name }} + registry_image: ${{ inputs.registry_image }} + + # Executing the deploy of the Azure function with the new image deploy: - needs: [ create_runner ] - runs-on: [ self-hosted, "${{ needs.create_runner.outputs.runner_name }}" ] - if: ${{ inputs.target == inputs.environment || inputs.environment == 'all' }} - name: Deploy - environment: ${{ inputs.environment }} + name: Deploy Azure Function + runs-on: ubuntu-22.04 + needs: [ start_staging_slot ] + if: ${{ always() && inputs.target == inputs.environment }} + environment: + name: ${{ inputs.environment }} steps: - - name: Deploy - uses: pagopa/github-actions-template/azure-functions-deploy@az-functions # TODO set tag after PR merge + - name: Deploy Azure Function + uses: pagopa/github-actions-template/azure-functions-deploy@a1b72480e9ac555364be0b7ecdcc8f5ab1c89ad9 with: branch: ${{ github.ref_name }} client_id: ${{ secrets.CLIENT_ID }} - subscription_id: ${{ secrets.SUBSCRIPTION_ID }} tenant_id: ${{ secrets.TENANT_ID }} - env: ${{ inputs.environment }} - namespace: ${{ env.NAMESPACE }} - cluster_name: ${{ secrets.CLUSTER_NAME }} - resource_group: ${{ secrets.CLUSTER_RESOURCE_GROUP_NAME }} - app_name: ${{ env.APP_NAME }} - + subscription_id: ${{ secrets.SUBSCRIPTION_ID }} + app_name: ${{ inputs.app_name }} + registry_image: ${{ inputs.registry_image }} - cleanup_runner: - name: Cleanup Runner - needs: [ create_runner, deploy ] - if: ${{ success() || failure() && inputs.target == inputs.environment || inputs.environment == 'all' }} + # Stopping the Azure Function's staging slot, if deploying in PROD + stop_staging_slot: + name: Clean staging slots + needs: [ start_staging_slot, deploy ] + if: ${{ success() || failure() && (inputs.target == inputs.environment && inputs.target == 'prod') }} runs-on: ubuntu-22.04 - environment: ${{ inputs.environment }} + environment: + name: ${{ inputs.environment }} steps: - - name: Cleanup GitHub Runner - id: cleanup_github_runner - # from https://github.com/pagopa/github-self-hosted-runner-azure-cleanup-action/commits/main - uses: pagopa/github-self-hosted-runner-azure-cleanup-action@v1.0.3 + - name: Deploy Azure Function + uses: pagopa/github-actions-template/azure-function-stop-staging-slot@a1b72480e9ac555364be0b7ecdcc8f5ab1c89ad9 with: + branch: ${{ github.ref_name }} client_id: ${{ secrets.CLIENT_ID }} tenant_id: ${{ secrets.TENANT_ID }} subscription_id: ${{ secrets.SUBSCRIPTION_ID }} - resource_group_name: ${{ secrets.RUNNER_RESOURCE_GROUP_NAME }} - runner_name: ${{ needs.create_runner.outputs.runner_name }} - pat_token: ${{ secrets.BOT_TOKEN_GITHUB }} + resource_group: ${{ inputs.resource_group }} + app_name: ${{ inputs.app_name }} + registry_image: ${{ inputs.registry_image }} \ No newline at end of file diff --git a/.identity/.terraform.lock.hcl b/.identity/.terraform.lock.hcl new file mode 100644 index 0000000..4e16852 --- /dev/null +++ b/.identity/.terraform.lock.hcl @@ -0,0 +1,83 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/azuread" { + version = "2.30.0" + constraints = "2.30.0" + hashes = [ + "h1:Uw4TcmJBEJ71h+oCwwidlkk5jFpyFRDPAFCMs/bT/cw=", + "zh:1c3e89cf19118fc07d7b04257251fc9897e722c16e0a0df7b07fcd261f8c12e7", + "zh:2e62c193030e04ebb10cc0526119cf69824bf2d7e4ea5a2f45bd5d5fb7221d36", + "zh:2f3c7a35257332d68b778cefc5201a5f044e4914dd03794a4da662ddfe756483", + "zh:35d0d3a1b58fdb8b8c4462d6b7e7016042da43ea9cc734ce897f52a73407d9b0", + "zh:47ede0cd0206ec953d40bf4a80aa6e59af64e26cbbd877614ac424533dbb693b", + "zh:48c190307d4d42ea67c9b8cc544025024753f46cef6ea64db84735e7055a72da", + "zh:6fff9b2c6a962252a70a15b400147789ab369b35a781e9d21cce3804b04d29af", + "zh:7646980cf3438bff29c91ffedb74458febbb00a996638751fbd204ab1c628c9b", + "zh:77aa2fa7ca6d5446afa71d4ff83cb87b70a2f3b72110fc442c339e8e710b2928", + "zh:e20b2b2c37175b89dd0db058a096544d448032e28e3b56e2db368343533a9684", + "zh:eab175b1dfe9865ad9404dccb6d5542899f8c435095aa7c679314b811c717ce7", + "zh:efc862bd78c55d2ff089729e2a34c1831ab4b0644fc11b36ee4ebed00a4797ba", + ] +} + +provider "registry.terraform.io/hashicorp/azurerm" { + version = "3.45.0" + constraints = "3.45.0" + hashes = [ + "h1:VQWxV5+qelZeUCjpdLvZ7iAom4RvG+fVVgK6ELvw/cs=", + "zh:04c5dbb8845366ce5eb0dc2d55e151270cc2c0ace20993867fdae9af43b953ad", + "zh:2589585da615ccae341400d45d672ee3fae413fdd88449b5befeff12a85a44b2", + "zh:603869ed98fff5d9bf841a51afd9e06b628533c59356c8433aef4b15df63f5f7", + "zh:853fecab9c987b6772c8d9aa10362675f6c626b60ebc7118aa33ce91366fcc38", + "zh:979848c45e8e058862c36ba3a661457f7c81ef26ebb6634f479600de9c203d65", + "zh:9b512c8588ecc9c1b803b746a3a8517422561a918f0dfb0faaa707ed53ef1760", + "zh:a9601ffb58043426bcff1220662d6d137f0b2857a24f2dcf180aeac2c9cea688", + "zh:d52d2652328f0ed3ba202561d88cb9f43c174edbfaab1abf69f772125dbfe15e", + "zh:d92d91ca597c47f575bf3ae129f4b723be9b7dcb71b906ec6ec740fac29b1aaa", + "zh:ded73b730e4197b70fda9e83447c119f92f75dc37be3ff2ed45730c8f0348c28", + "zh:ec37ac332d50f8ca5827f97198346b0f8ecbf470e2e3ba1e027bb389d826b902", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} + +provider "registry.terraform.io/hashicorp/null" { + version = "3.2.1" + hashes = [ + "h1:ydA0/SNRVB1o95btfshvYsmxA+jZFRZcvKzZSB+4S1M=", + "zh:58ed64389620cc7b82f01332e27723856422820cfd302e304b5f6c3436fb9840", + "zh:62a5cc82c3b2ddef7ef3a6f2fedb7b9b3deff4ab7b414938b08e51d6e8be87cb", + "zh:63cff4de03af983175a7e37e52d4bd89d990be256b16b5c7f919aff5ad485aa5", + "zh:74cb22c6700e48486b7cabefa10b33b801dfcab56f1a6ac9b6624531f3d36ea3", + "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", + "zh:79e553aff77f1cfa9012a2218b8238dd672ea5e1b2924775ac9ac24d2a75c238", + "zh:a1e06ddda0b5ac48f7e7c7d59e1ab5a4073bbcf876c73c0299e4610ed53859dc", + "zh:c37a97090f1a82222925d45d84483b2aa702ef7ab66532af6cbcfb567818b970", + "zh:e4453fbebf90c53ca3323a92e7ca0f9961427d2f0ce0d2b65523cc04d5d999c2", + "zh:e80a746921946d8b6761e77305b752ad188da60688cfd2059322875d363be5f5", + "zh:fbdb892d9822ed0e4cb60f2fedbdbb556e4da0d88d3b942ae963ed6ff091e48f", + "zh:fca01a623d90d0cad0843102f9b8b9fe0d3ff8244593bd817f126582b52dd694", + ] +} + +provider "registry.terraform.io/integrations/github" { + version = "5.18.3" + constraints = "5.18.3" + hashes = [ + "h1:WbZvLB2qXKVoh4BvOOwFfEds+SZQrkINfSAWPnWFxGo=", + "zh:050b37d96628cb7451137755929ca8d21ea546bc46d11a715652584070e83ff2", + "zh:053051061f1b7f7673b0ceffac1f239ba28b0e5b375999206fd39976e85d9f2b", + "zh:0c300a977ca66d0347ed62bb116fd8fc9abb376a554d4c192d14f3ea71c83500", + "zh:1d5a1a5243eba78819d2f92ff2d504ebf9a9008a6670fb5f5660f44eb6a156d8", + "zh:a13ac15d251ebf4e7dc40acb0e40df066f443f4c7799186a29e2e44addc7d8e7", + "zh:a316d94b885953c036ebc9fba64a23da93974746bc3ac9d207462a6f02d44540", + "zh:a658a00373bff5979cc227052c693cbde8ca4c8f9fef1bc8094a3516f2e2a96d", + "zh:a7bfc6ad8465d5dc11b6f19d6805364de87fffe27622bb4f37da2319bb1c4956", + "zh:d7379a76861f1a6bfc36eca7a20f1f477711247563b105744d69d7bd1f365fad", + "zh:de1cd959fd4821248e8d21570601193408648474e74f49597f1d0c43185a4ab7", + "zh:e0b281240dd6f2aa405b2d6fe329bc15ab877161affe163fb150d1efca2fccdb", + "zh:e372c171358757a983d7aa878abfd05a84484fb4d22167e45c9c1267e78ed060", + "zh:f6d3116526030b3f6905f530cd6c04b23d42890d973fa2abe10ce9c89cb1db80", + "zh:f99eec731e03cc6a28996c875bd435887cd7ea75ec07cc77b9e768bb12da2227", + ] +} diff --git a/.identity/00_data.tf b/.identity/00_data.tf index 8f41a0e..69a4ee0 100644 --- a/.identity/00_data.tf +++ b/.identity/00_data.tf @@ -32,12 +32,11 @@ data "azurerm_key_vault_secret" "key_vault_bot_token" { key_vault_id = data.azurerm_key_vault.key_vault.id } -#data "azurerm_key_vault_secret" "key_vault_cucumber_token" { -# name = "cucumber-token" -# key_vault_id = data.azurerm_key_vault.key_vault.id -#} - -#data "azurerm_key_vault_secret" "key_vault_integration_test_subkey" { -# name = "integration-test-subkey" -# key_vault_id = data.azurerm_key_vault.key_vault.id -#} +data "azurerm_key_vault_secret" "key_vault_slack_webhook_url" { + name = "slack-webhook-url" + key_vault_id = data.azurerm_key_vault.domain_key_vault.id +} + +data "azurerm_resource_group" "nodo_re_rg" { + name = "pagopa-${var.env_short}-${local.location_short}-nodo-re-to-datastore-rg" +} \ No newline at end of file diff --git a/.identity/02_application_action.tf b/.identity/02_application_action.tf index 9926884..b519782 100644 --- a/.identity/02_application_action.tf +++ b/.identity/02_application_action.tf @@ -41,6 +41,12 @@ resource "null_resource" "github_runner_app_permissions_to_namespace" { } } +resource "azurerm_role_assignment" "environment_function" { + scope = data.azurerm_resource_group.nodo_re_rg.id + role_definition_name = "Contributor" + principal_id = module.github_runner_app.object_id +} + resource "azurerm_role_assignment" "environment_terraform_resource_group_dashboards" { scope = data.azurerm_resource_group.dashboards.id role_definition_name = "Contributor" diff --git a/.identity/03_github_environment.tf b/.identity/03_github_environment.tf index 1fc39a8..19fb5a3 100644 --- a/.identity/03_github_environment.tf +++ b/.identity/03_github_environment.tf @@ -23,9 +23,7 @@ locals { env_secrets = { "CLIENT_ID" : module.github_runner_app.application_id, "TENANT_ID" : data.azurerm_client_config.current.tenant_id, - "SUBSCRIPTION_ID" : data.azurerm_subscription.current.subscription_id, - "ISSUER_RANGE_TABLE" : "${local.prefix}${var.env_short}${local.location_short}${local.domain}saissuerrangetable", -# "SUBKEY" : data.azurerm_key_vault_secret.key_vault_integration_test_subkey.value, + "SUBSCRIPTION_ID" : data.azurerm_subscription.current.subscription_id } env_variables = { "CONTAINER_APP_ENVIRONMENT_NAME" : local.container_app_environment.name, @@ -38,7 +36,7 @@ locals { repo_secrets = { "SONAR_TOKEN" : data.azurerm_key_vault_secret.key_vault_sonar.value, "BOT_TOKEN_GITHUB" : data.azurerm_key_vault_secret.key_vault_bot_token.value, -# "CUCUMBER_PUBLISH_TOKEN" : data.azurerm_key_vault_secret.key_vault_cucumber_token.value, + "SLACK_WEBHOOK_URL": data.azurerm_key_vault_secret.key_vault_slack_webhook_url.value } } @@ -79,3 +77,23 @@ resource "github_actions_secret" "repo_secrets" { plaintext_value = each.value } +############ +## Labels ## +############ +resource "github_issue_label" "breaking_change" { + repository = local.github.repository + name = "breaking-change" + color = "FF0000" +} + +resource "github_issue_label" "new_release" { + repository = local.github.repository + name = "new-release" + color = "FFFF00" +} + +resource "github_issue_label" "ignore_for_release" { + repository = local.github.repository + name = "ignore-for-release" + color = "008000" +} \ No newline at end of file diff --git a/host.json b/host.json index 6aaa48a..3765cbf 100644 --- a/host.json +++ b/host.json @@ -29,10 +29,10 @@ }, "fileLoggingMode": "always", "logLevel": { - "default": "Debug", - "Host.Results": "Information", - "Function": "Error", - "Function.EventHubNodoReEventProcessor": "Debug", + "default": "Information", + "Host.Results": "Error", + "Function": "Information", + "Function.EventHubNodoReEventProcessor": "Error", "Host.Aggregator": "Trace" } } diff --git a/pom.xml b/pom.xml index 44b39d4..66e0839 100644 --- a/pom.xml +++ b/pom.xml @@ -5,7 +5,7 @@ it.gov.pagopa nodoretotablestorage - 0.1.2 + 0.1.2-2-NOD-473-migrazione-cd-su-git-hub-action-per-nodo-re-to-tablestorage jar Nodo RE to Table Storage Fn