diff --git a/.github/actions/node-yarn/action.yml b/.github/actions/node-yarn/action.yml new file mode 100644 index 00000000..8c9ae302 --- /dev/null +++ b/.github/actions/node-yarn/action.yml @@ -0,0 +1,20 @@ +name: "Build workspace" +description: "This action builds the project." + +runs: + using: "composite" + steps: + - name: Setup Node.js + uses: actions/setup-node@v4 + with: + node-version-file: ".node-version" + cache: "yarn" + cache-dependency-path: "./yarn.lock" + + - name: Install dependencies + run: yarn install --frozen-lockfile + shell: bash + + - name: Build io-functions-service-messages + run: yarn build + shell: bash diff --git a/.github/workflows/deploy-func.yaml b/.github/workflows/deploy-func.yaml new file mode 100644 index 00000000..b274a0a5 --- /dev/null +++ b/.github/workflows/deploy-func.yaml @@ -0,0 +1,15 @@ +name: functions-service-messages Release +on: + workflow_dispatch: + +jobs: + + deploy_workspace_to_azure: + name: Deploy + uses: ./.github/workflows/deploy.yaml + with: + environment: prod + app_service_name: io-p-messages-sending-func + app_service_resource_group: io-p-service-messages-rg + healtcheck_path: /api/v1/info + secrets: inherit \ No newline at end of file diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml new file mode 100644 index 00000000..eb8d97b5 --- /dev/null +++ b/.github/workflows/deploy.yaml @@ -0,0 +1,80 @@ +on: + workflow_call: + inputs: + environment: + type: string + required: true + app_service_name: + type: string + required: true + app_service_resource_group: + type: string + required: true + healtcheck_path: + type: string + required: true + +jobs: + build: + name: Build + runs-on: ubuntu-20.04 + steps: + - name: Checkout + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + + - name: Build app + uses: ./.github/actions/node-yarn + + - name: Make the azure app artifact + id: make_artifact + run: | + zip -r app.zip . + echo "artifact-path=$(realpath app.zip)" >> "$GITHUB_OUTPUT" + shell: bash + + - name: Upload artifact + uses: actions/upload-artifact@v4 + with: + name: app.zip + path: ${{ steps.make_artifact.outputs.artifact-path }} + + deploy: + name: Deploy App + if: ${{ !github.event.act }} + needs: [build] + runs-on: self-hosted + environment: ${{ inputs.environment }}-cd + permissions: + id-token: write + contents: read + env: + ARM_USE_OIDC: true + ARM_USE_AZUREAD: true + ARM_STORAGE_USE_AZUREAD: true + + steps: + - name: Download artifact + uses: actions/download-artifact@v4 + with: + name: app.zip + + - name: Login to Azure + uses: azure/login@v2 + with: + client-id: ${{ secrets.ARM_CLIENT_ID }} + tenant-id: ${{ secrets.ARM_TENANT_ID }} + subscription-id: ${{ secrets.ARM_SUBSCRIPTION_ID }} + + - name: Deploy App to Staging Slot + uses: azure/webapps-deploy@v2 + with: + resource-group-name: ${{ inputs.app_service_resource_group }} + app-name: ${{ inputs.app_service_name }} + slot-name: staging + package: app.zip + + - name: Check Staging Health + run: curl --retry 5 --retry-max-time 120 -f 'https://${{ inputs.app_service_name }}-staging.azurewebsites.net${{ inputs.healtcheck_path }}' + + - name: Swap Staging and Production Slots + run: az webapp deployment slot swap -g ${{ inputs.app_service_resource_group }} -n ${{ inputs.app_service_name }} --slot staging --target-slot production \ No newline at end of file diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml deleted file mode 100644 index af4ca7e0..00000000 --- a/.github/workflows/release.yml +++ /dev/null @@ -1,38 +0,0 @@ -name: Release - -on: - release: - types: - - created - -jobs: - docker: - runs-on: ubuntu-latest - steps: - - - name: Checkout - id: checkout - uses: actions/checkout@v2 - with: - persist-credentials: false - - - name: Log in to the Container registry - id: docker_login - uses: docker/login-action@v2 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Build and push Docker image - id: docker_build_push - uses: docker/build-push-action@v3 - with: - context: . - push: true - tags: | - ghcr.io/${{ github.repository }}:latest - ghcr.io/${{ github.repository }}:${{ github.ref_name }} - labels: | - maintainer=https://pagopa.it - org.opencontainers.image.source=https://github.com/${{ github.repository }} diff --git a/.gitignore b/.gitignore index 42195918..f6c244b9 100755 --- a/.gitignore +++ b/.gitignore @@ -31,8 +31,8 @@ dist # Python Environments .env .venv -env/ venv/ +env/ ENV/ env.bak/ venv.bak/ @@ -63,3 +63,52 @@ helm/charts** helm/charts/* docker-compose.override.yml + +# Local .terraform directories +**/.terraform/* + +# .tfstate files +*.tfstate +*.tfstate.* + +# Crash log files +crash.log + +# Ignore any .tfvars files that are generated automatically for each Terraform run. Most +# .tfvars files are managed as part of configuration and so should be included in +# version control. +# +# example.tfvars + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Include override files you do wish to add to version control using negated pattern +# +# !example_override.tf + +# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan +# example: *tfplan* + +**/.tfsec/* +**/.ignore/* + +*.DS_Store +*.log +*.h2.db +settings.json +__TMP +.metals/ +*.log +*.h2.db +settings.json +__TMP +.metals/ +__azurite_* +/.idea + +**/modules/**/.terraform.lock.hcl diff --git a/.terraform-version b/.terraform-version new file mode 100644 index 00000000..ec70f755 --- /dev/null +++ b/.terraform-version @@ -0,0 +1 @@ +1.6.6 diff --git a/Info/function.json b/Info/function.json index fafefb7e..34df31b9 100644 --- a/Info/function.json +++ b/Info/function.json @@ -5,7 +5,7 @@ "type": "httpTrigger", "direction": "in", "name": "req", - "route": "ready", + "route": "v1/info", "methods": [ "get" ] diff --git a/Info/index.ts b/Info/index.ts index d288769f..40049b64 100644 --- a/Info/index.ts +++ b/Info/index.ts @@ -11,7 +11,7 @@ const app = express(); secureExpressApp(app); // Add express route -app.get("/api/ready", Info(cosmosdbClient)); +app.get("/api/v1/info", Info(cosmosdbClient)); const azureFunctionHandler = createAzureFunctionHandler(app); diff --git a/infra/github-runner/.terraform.lock.hcl b/infra/github-runner/.terraform.lock.hcl new file mode 100644 index 00000000..a5748633 --- /dev/null +++ b/infra/github-runner/.terraform.lock.hcl @@ -0,0 +1,48 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/azure/azapi" { + version = "1.12.1" + constraints = "<= 1.12.1" + hashes = [ + "h1:4uNzgEfL4VJ48QYAKM4A/E+HWyx7roO58xmR3R2WNh0=", + "h1:EaQL7pQCRm5iL2zy/dG7rOe2OZ0ZypuyVnpQAiAwJmM=", + "h1:Gv1HwQMV7+3ctMPr1nKmOhEGu+UWb6FlQmrgaHxknJ4=", + "h1:H9n5gOhlN5GT5WIhasUbxIONS/6BfRP9ES1oQop2wxk=", + "zh:1cf52e685ceb04e73e13fbf3f3036bff23a3274a4ceda8693c0612076a588166", + "zh:321b59c2a67c6cb4e5cf0dbe2cc978f5389d781e8b391f9b75bf4d830abd2ffe", + "zh:49046bd8020c3b44c6b5dc67041f181e4fff45e3bc1a9ff0646dd20c21c8ce47", + "zh:5784d0c326ec4825571577bc39b253019bd3b1030c19d67ca3436df2d7ba01c8", + "zh:5ad7e18d26f170c01888d8e65dab7aa475089aac7bf0106526fd57cdd56533bc", + "zh:6695854f4f655673bea85e37444bf0c070b440dba4bc269aa144d0f6b7c1cc5f", + "zh:7f372c897da6b9ad90869a8eb85b37dad4dff2d5d311b3eca1a2e6373e2271ed", + "zh:8afa1a2be1dada4e8be4ab72d9d56f36af1e486c9353d04aabf6e79db7310125", + "zh:90809364619238c45185bff25c7d9c4fde34253561d8183ebbe797456c44bc9c", + "zh:9338d44650c9e68e10a6bc2d69f7beacd5059e6ac681d2e388e80a1652d9c183", + "zh:c94ee6fb1df2c1d35f338107b5e73cdba86c4ecf9dcde95e2ca0132cbbd4bd7c", + "zh:de231d363b1a664c6b5d3af8d3b9cf542d04d4506fb9458ba6c8ebf94e0e32ae", + ] +} + +provider "registry.terraform.io/hashicorp/azurerm" { + version = "3.97.1" + constraints = ">= 3.50.0, <= 3.97.1, <= 3.98.0" + hashes = [ + "h1:LtwGbd4HEb5QCXmdxSvTjPSh8/Gp8eAQMYfiAKaubV4=", + "h1:klBuN2uVZF7AVMhskbbgF8pygyhPBxsjedB1GUV79PA=", + "h1:m5wyoRGjbVfJU2YaGZrN1lfGgjpyuwi7Ykw1uHdwlAg=", + "h1:vwYchGsh1TY+/GjUv6CUS6It2opnMYYYVt4GBvCmesY=", + "zh:15171efcc3aa3a37748c502c493cb16ecff603b81ada4499a843574976bac524", + "zh:2ca6c13a4a96f67763ecced0015c7b101ee02d54ea54b28a8df4ae06468071b1", + "zh:2e3c77dbfd8f760132ecef2d6117e939cbea26b96aba5e4d926e7f7f0f7afe72", + "zh:4bc346eece1622be93c73801d8256502b11fd7c2e7f7cea12d048bb9fc9fe900", + "zh:4f1042942ed8d0433680a367527289459d43b0894a51eaba83ac414e80d5187f", + "zh:63e674c31482ae3579ea84daf5b1ba066ce40cb23475f54e17b6b131320a1bec", + "zh:8327148766dcb7a174673729a832c8095d7e137d0e6c7e2a9a01da48b8b73fbe", + "zh:851b3ae417059a80c7813e7f0063298a590a42f056004f2c2558ea14061c207e", + "zh:ac081b48907139c121a422ae9b1f40fc72c6aaaeb05cbdbf848102a6a5f426f4", + "zh:dc1d663df2d95e4ba91070ceb20d3560b6ea5c465d39c57a5979319302643e41", + "zh:ed26457367cbbb94237e935d297cb31b5687f9abf697377da0ee46974480db9b", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} diff --git a/infra/github-runner/container_app_job_runner.tf b/infra/github-runner/container_app_job_runner.tf new file mode 100644 index 00000000..1724d083 --- /dev/null +++ b/infra/github-runner/container_app_job_runner.tf @@ -0,0 +1,25 @@ +module "container_app_job" { + source = "github.com/pagopa/terraform-azurerm-v3//container_app_job_gh_runner?ref=v7.76.0" + + location = local.location + prefix = local.prefix + env_short = local.env_short + + key_vault = { + resource_group_name = data.azurerm_key_vault.key_vault_common.resource_group_name + name = data.azurerm_key_vault.key_vault_common.name + secret_name = "github-runner-pat" + } + + environment = { + name = data.azurerm_container_app_environment.container_app_environment_runner.name + resource_group_name = data.azurerm_container_app_environment.container_app_environment_runner.resource_group_name + } + + job = { + name = "f-services-messages" + repo = "io-functions-services-messages" + } + + tags = local.tags +} diff --git a/infra/github-runner/data.tf b/infra/github-runner/data.tf new file mode 100644 index 00000000..22ce5dc8 --- /dev/null +++ b/infra/github-runner/data.tf @@ -0,0 +1,9 @@ +data "azurerm_key_vault" "key_vault_common" { + name = local.key_vault_common.name + resource_group_name = local.key_vault_common.resource_group_name +} + +data "azurerm_container_app_environment" "container_app_environment_runner" { + name = local.container_app_environment.name + resource_group_name = local.container_app_environment.resource_group_name +} diff --git a/infra/github-runner/locals.tf b/infra/github-runner/locals.tf new file mode 100644 index 00000000..aa5247f9 --- /dev/null +++ b/infra/github-runner/locals.tf @@ -0,0 +1,25 @@ +locals { + location = "westeurope" + prefix = "io" + env_short = "p" + project = "${local.prefix}-${local.env_short}" + + key_vault_common = { + name = "${local.project}-kv-common" + resource_group_name = "${local.project}-rg-common" + } + + container_app_environment = { + name = "${local.project}-github-runner-cae" + resource_group_name = "${local.project}-github-runner-rg" + } + + tags = { + CostCenter = "TS310 - PAGAMENTI & SERVIZI" + CreatedBy = "Terraform" + Environment = "Prod" + Owner = "IO" + ManagementTeam = "IO Comunicazione" + Source = "https://github.com/pagopa/io-functions-service-messages/tree/main/infra/github-runner" + } +} diff --git a/infra/github-runner/main.tf b/infra/github-runner/main.tf new file mode 100644 index 00000000..7265c96a --- /dev/null +++ b/infra/github-runner/main.tf @@ -0,0 +1,19 @@ +terraform { + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "<= 3.98.0" + } + } + + backend "azurerm" { + resource_group_name = "terraform-state-rg" + storage_account_name = "tfappprodio" + container_name = "terraform-state" + key = "io-functions-service-messages.github-runner.tfstate" + } +} + +provider "azurerm" { + features {} +} diff --git a/infra/identity/.terraform.lock.hcl b/infra/identity/.terraform.lock.hcl new file mode 100644 index 00000000..0336d41e --- /dev/null +++ b/infra/identity/.terraform.lock.hcl @@ -0,0 +1,25 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/azurerm" { + version = "3.97.1" + constraints = ">= 3.30.0, >= 3.86.0, <= 3.97.1, <= 3.98.0" + hashes = [ + "h1:LtwGbd4HEb5QCXmdxSvTjPSh8/Gp8eAQMYfiAKaubV4=", + "h1:klBuN2uVZF7AVMhskbbgF8pygyhPBxsjedB1GUV79PA=", + "h1:m5wyoRGjbVfJU2YaGZrN1lfGgjpyuwi7Ykw1uHdwlAg=", + "h1:vwYchGsh1TY+/GjUv6CUS6It2opnMYYYVt4GBvCmesY=", + "zh:15171efcc3aa3a37748c502c493cb16ecff603b81ada4499a843574976bac524", + "zh:2ca6c13a4a96f67763ecced0015c7b101ee02d54ea54b28a8df4ae06468071b1", + "zh:2e3c77dbfd8f760132ecef2d6117e939cbea26b96aba5e4d926e7f7f0f7afe72", + "zh:4bc346eece1622be93c73801d8256502b11fd7c2e7f7cea12d048bb9fc9fe900", + "zh:4f1042942ed8d0433680a367527289459d43b0894a51eaba83ac414e80d5187f", + "zh:63e674c31482ae3579ea84daf5b1ba066ce40cb23475f54e17b6b131320a1bec", + "zh:8327148766dcb7a174673729a832c8095d7e137d0e6c7e2a9a01da48b8b73fbe", + "zh:851b3ae417059a80c7813e7f0063298a590a42f056004f2c2558ea14061c207e", + "zh:ac081b48907139c121a422ae9b1f40fc72c6aaaeb05cbdbf848102a6a5f426f4", + "zh:dc1d663df2d95e4ba91070ceb20d3560b6ea5c465d39c57a5979319302643e41", + "zh:ed26457367cbbb94237e935d297cb31b5687f9abf697377da0ee46974480db9b", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} diff --git a/infra/identity/locals.tf b/infra/identity/locals.tf new file mode 100644 index 00000000..70ccb367 --- /dev/null +++ b/infra/identity/locals.tf @@ -0,0 +1,16 @@ +locals { + prefix = "io" + env_short = "p" + env = "prod" + domain = "functions-services-messages" + repo_name = "${local.prefix}-${local.domain}" + + tags = { + CreatedBy = "Terraform" + Environment = "Prod" + Owner = "IO" + Source = "https://github.com/pagopa/io-functions-service-messages/infra/identity" + CostCenter = "TS310 - PAGAMENTI & SERVIZI" + ManagementTeam = "IO Comunicazione" + } +} diff --git a/infra/identity/main.tf b/infra/identity/main.tf new file mode 100644 index 00000000..f36ac4d2 --- /dev/null +++ b/infra/identity/main.tf @@ -0,0 +1,34 @@ +terraform { + required_version = ">=1.6.0" + + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "<= 3.98" + } + } + + backend "azurerm" { + resource_group_name = "terraform-state-rg" + storage_account_name = "tfappprodio" + container_name = "terraform-state" + key = "io-functions-service-messages.identity.tfstate" + } +} + +provider "azurerm" { + features {} +} + +module "federated_identities" { + source = "github.com/pagopa/dx//infra/modules/azure_federated_identity_with_github?ref=main" + + prefix = local.prefix + env_short = local.env_short + env = local.env + domain = local.domain + + repositories = [local.repo_name] + + tags = local.tags +} diff --git a/infra/identity/outputs.tf b/infra/identity/outputs.tf new file mode 100644 index 00000000..09b62db4 --- /dev/null +++ b/infra/identity/outputs.tf @@ -0,0 +1,11 @@ +output "functions_managed_identity_ci" { + value = { + app_name = module.federated_identities.federated_ci_identity.name + } +} + +output "functions_managed_identity_cd" { + value = { + app_name = module.federated_identities.federated_cd_identity.name + } +} diff --git a/infra/repository/.terraform.lock.hcl b/infra/repository/.terraform.lock.hcl new file mode 100644 index 00000000..fd2fbf71 --- /dev/null +++ b/infra/repository/.terraform.lock.hcl @@ -0,0 +1,50 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/azurerm" { + version = "3.99.0" + constraints = ">= 3.96.0" + hashes = [ + "h1:1+d7Ciq/7GN4hY/+VshO2p4uOlUqHH6WpK2Zu4YocqE=", + "h1:b24Yw8/EneYHRV3aPoVexmw0Eo252ur30tN+sPajzXk=", + "h1:dawmYJUMGlL3t1mKDyaLJc08uSxPaUBoCAb/YCbVxPM=", + "h1:yHNaEhlR3kqlItAXFLWlIH2xxu4i7r2XzQnS04f/qBo=", + "zh:20581c1f4c586a37af45ed4c2a86ff4d868cee79139a755bd29750d804cee3ef", + "zh:28b3cc4e5f8bc65a595eab011d5965203a39e92aa9e26df842ffc979305ac823", + "zh:4cb167f8bb82f9065b7b50d012be3045fce3c699b0ea0e257ad1995441227f72", + "zh:6fa5c6fa430921a4e0fe8d44eaf12210fb90afdf3f83cedfde1c691ae36e953c", + "zh:75eff5b0ea9fca46ed5a0425c5e33fbda470e6448917817e80ae898688568665", + "zh:9af0aeaa74bfc764c60eec7d212d31deb70e03e970d22449f11170f75108f9cf", + "zh:b5055767199a2927d41b543a16e905c1e0b209f14a2144c756786194e133b41d", + "zh:c3e30b0eed068a148498ac78a9e013bc2eef0eb3cc3b4484f77421d64a797dc2", + "zh:ce87cd35cef9e5805f921978a91a7a4e139e8cbc7674a94076cb1a20a0c2feb1", + "zh:d87b84f144c865145bd10093ead99b653ea363fd4e7315675727659ca78544d0", + "zh:ee5900a50d69e046aab6581f6d888014b3f8d543e5b17c50761579d3370935f2", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} + +provider "registry.terraform.io/integrations/github" { + version = "6.1.0" + constraints = "6.1.0" + hashes = [ + "h1:0BC1bA6irof4GXsbOCltW2f18OB/vp3kYhQ598IvOu0=", + "h1:LZeec2qr5cNz6MIVrQArl11E1hRnEdzkS7JUrc/8cus=", + "h1:MWD2GsKJ92kgyegYPGPjQKM0SqFaFbvOibMfDQdJsP0=", + "h1:Z1C0pLLJQF2fit8PKwc1e5Vm64q73RpayCmkDSMihqw=", + "zh:03c2a7d7fa334b5abb1ea4962bb2ffabfff96ec883b1a62445fe724d4a541313", + "zh:144f77865c87843635a3f6a0d52530ab3a6270b04dfa2da744a9fc0003b64900", + "zh:4cfa42e679be22e516b8e0294688d6cfc896c0e1456387fd9d10d09d84e99c6d", + "zh:5ff9e90b7bc9008f5b7fb0d9ef0c7c67eb8fb29439309620de1b0b1810b3e7f9", + "zh:7bfe85fcbef2b4b6ff5eff8bc82a590f2471e71297207616014c852e7385921b", + "zh:a105ec4828973821a9618c0e058f5a597de014edf7aa64d97b7f4fc528abbc36", + "zh:a495c5b3bc6ce3d6261e9d1ba7f285e7e463b5f6ad15e533d5b7037ab985530f", + "zh:a4d7e43b7b59f41022e9137115440df46aa9de62a187ae4a35fb9fc388fca4c3", + "zh:a75ab20f5032e2ebcfe288e06d0f4f8eafd8fed569be7ac7c384e55c294ada43", + "zh:cb6e9cde411355ad477a60fecb8ed9b665d8475761949e03aceed57851842385", + "zh:d833d63b5374841e667647fde74d2388d1249a097a633b4bba20ad175b7db681", + "zh:e4e5aab1a6e37fb8220621673384b62a3f2693ca1052487eb4ca38426a40bc8b", + "zh:f06a84ddf6723e880997c0f773b500b3fabcecb1230d9ed2d93943700802c876", + "zh:f9695f2ceddfc243834a10bd91cfb8aa1b0e7cdb9eee14d17d49b4f439440b86", + ] +} diff --git a/infra/repository/data.tf b/infra/repository/data.tf new file mode 100644 index 00000000..2220bb12 --- /dev/null +++ b/infra/repository/data.tf @@ -0,0 +1,4 @@ +data "azurerm_user_assigned_identity" "identity_prod_cd" { + name = local.identity_cd_name + resource_group_name = local.identity_resource_group_name +} \ No newline at end of file diff --git a/infra/repository/github_branch_rules.tf b/infra/repository/github_branch_rules.tf new file mode 100644 index 00000000..e6bfee9c --- /dev/null +++ b/infra/repository/github_branch_rules.tf @@ -0,0 +1,25 @@ +resource "github_branch_default" "default_main" { + repository = github_repository.this.name + branch = "master" +} + +resource "github_branch_protection" "protection_main" { + repository_id = github_repository.this.name + pattern = "master" + + required_status_checks { + strict = false + contexts = [] + } + + require_conversation_resolution = true + require_signed_commits = false + + required_pull_request_reviews { + dismiss_stale_reviews = false + require_code_owner_reviews = true + required_approving_review_count = 1 + } + + allows_deletions = false +} \ No newline at end of file diff --git a/infra/repository/github_environment_cd.tf b/infra/repository/github_environment_cd.tf new file mode 100644 index 00000000..e98d63da --- /dev/null +++ b/infra/repository/github_environment_cd.tf @@ -0,0 +1,18 @@ +resource "github_repository_environment" "github_repository_environment_prod_cd" { + environment = "prod-cd" + repository = github_repository.this.name + + deployment_branch_policy { + protected_branches = false + custom_branch_policies = true + } +} + +resource "github_actions_environment_secret" "env_prod_cd_secrets" { + for_each = local.cd.secrets + + repository = github_repository.this.name + environment = github_repository_environment.github_repository_environment_prod_cd.environment + secret_name = each.key + plaintext_value = each.value +} \ No newline at end of file diff --git a/infra/repository/github_repo_secrets.tf b/infra/repository/github_repo_secrets.tf new file mode 100644 index 00000000..7e9687b0 --- /dev/null +++ b/infra/repository/github_repo_secrets.tf @@ -0,0 +1,7 @@ +resource "github_actions_secret" "repo_secrets" { + for_each = local.repo_secrets + + repository = github_repository.this.name + secret_name = each.key + plaintext_value = each.value +} \ No newline at end of file diff --git a/infra/repository/github_repository.tf b/infra/repository/github_repository.tf new file mode 100644 index 00000000..b1eb94d7 --- /dev/null +++ b/infra/repository/github_repository.tf @@ -0,0 +1,27 @@ +resource "github_repository" "this" { + name = local.repo_name + description = "Manage functions for service messages" + + visibility = "public" + + allow_auto_merge = true + allow_rebase_merge = false + allow_merge_commit = false + allow_squash_merge = true + squash_merge_commit_title = "PR_TITLE" + squash_merge_commit_message = "BLANK" + + delete_branch_on_merge = true + + has_projects = false + has_wiki = false + has_discussions = false + has_issues = false + has_downloads = false + + topics = ["service-messages", "iocom", "manage-functions"] + + vulnerability_alerts = true + + archive_on_destroy = true +} \ No newline at end of file diff --git a/infra/repository/locals.tf b/infra/repository/locals.tf new file mode 100644 index 00000000..dd15b8d1 --- /dev/null +++ b/infra/repository/locals.tf @@ -0,0 +1,22 @@ +locals { + prefix = "io" + env_short = "p" + project = "${local.prefix}-${local.env_short}" + domain = "functions-services-messages" + repo_name = "${local.prefix}-${local.domain}" + + identity_cd_name = "${local.project}-${local.domain}-github-cd-identity" + + identity_resource_group_name = "${local.project}-identity-rg" + + repo_secrets = { + "ARM_TENANT_ID" = data.azurerm_client_config.current.tenant_id, + "ARM_SUBSCRIPTION_ID" = data.azurerm_subscription.current.id + } + + cd = { + secrets = { + "ARM_CLIENT_ID" = data.azurerm_user_assigned_identity.identity_prod_cd.client_id + } + } +} diff --git a/infra/repository/main.tf b/infra/repository/main.tf new file mode 100644 index 00000000..b4c5bc38 --- /dev/null +++ b/infra/repository/main.tf @@ -0,0 +1,34 @@ +terraform { + + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = ">= 3.96.0" + } + + github = { + source = "integrations/github" + version = "6.1.0" + } + } + + backend "azurerm" { + resource_group_name = "terraform-state-rg" + storage_account_name = "tfappprodio" + container_name = "terraform-state" + key = "io-functions-service-messages.repository.tfstate" + } +} + +provider "azurerm" { + features { + } +} + +provider "github" { + owner = "pagopa" +} + +data "azurerm_client_config" "current" {} + +data "azurerm_subscription" "current" {} diff --git a/openapi/index.yaml b/openapi/index.yaml index 98554728..820ab6e7 100644 --- a/openapi/index.yaml +++ b/openapi/index.yaml @@ -16,18 +16,6 @@ schemes: security: - SubscriptionKey: [] paths: - /ping: - get: - operationId: pingOperation - summary: Ping - description: Returns function's package name and version - tags: - - restricted - responses: - '200': - description: Success. - '500': - description: Internal Server error /notify: post: operationId: notify @@ -96,7 +84,8 @@ paths: operationId: listRCConfiguration summary: Get all the remote-content configurations associated to the userId description: >- - Get all the remote-content configurations associated to the userId retrieved from the header + Get all the remote-content configurations associated to the userId + retrieved from the header parameters: - in: header name: x-user-id @@ -128,7 +117,8 @@ paths: operationId: getRCConfiguration summary: Get the remote-content configuration identified by the configurationId description: >- - Get the remote-content configuration using the provided configurationId passed as path param + Get the remote-content configuration using the provided configurationId + passed as path param parameters: - in: path name: configurationId @@ -166,7 +156,8 @@ paths: operationId: updateRCConfiguration summary: Update an existing remote-content configuration description: >- - Update an existing remote-content configuration using the provided payload + Update an existing remote-content configuration using the provided + payload parameters: - in: body name: body @@ -393,7 +384,8 @@ definitions: type: integer format: int32 description: >- - The HTTP status code generated by the origin server for this occurrence of the problem. + The HTTP status code generated by the origin server for this + occurrence of the problem. minimum: 100 maximum: 600 exclusiveMaximum: true @@ -408,7 +400,8 @@ definitions: type: string format: uri description: >- - An absolute URI that identifies the specific occurrence of the problem. + An absolute URI that identifies the specific occurrence of the + problem. It may or may not yield further information if dereferenced. FiscalCode: diff --git a/openapi/index_external.yaml b/openapi/index_external.yaml index 906f7da3..1939df9a 100644 --- a/openapi/index_external.yaml +++ b/openapi/index_external.yaml @@ -164,7 +164,8 @@ paths: operationId: getRCConfiguration summary: Get the remote-content configuration identified by the configurationId description: >- - Get the remote-content configuration using the provided configurationId passed as path param + Get the remote-content configuration using the provided configurationId + passed as path param parameters: - in: path name: configurationId @@ -227,7 +228,8 @@ paths: operationId: updateRCConfiguration summary: Update an existing remote-content configuration description: >- - Update an existing remote-content configuration using the provided payload + Update an existing remote-content configuration using the provided + payload parameters: - in: body name: body @@ -440,7 +442,8 @@ definitions: type: integer format: int32 description: >- - The HTTP status code generated by the origin server for this occurrence of the problem. + The HTTP status code generated by the origin server for this + occurrence of the problem. minimum: 100 maximum: 600 exclusiveMaximum: true @@ -455,7 +458,8 @@ definitions: type: string format: uri description: >- - An absolute URI that identifies the specific occurrence of the problem. + An absolute URI that identifies the specific occurrence of the + problem. It may or may not yield further information if dereferenced. FiscalCode: diff --git a/openapi/index_internal.yaml.template b/openapi/index_internal.yaml.template index dad76120..03a2c1d5 100644 --- a/openapi/index_internal.yaml.template +++ b/openapi/index_internal.yaml.template @@ -17,18 +17,6 @@ schemes: security: - SubscriptionKey: [] paths: - /ping: - get: - operationId: pingOperation - summary: Ping - description: Returns function's package name and version - tags: - - restricted - responses: - '200': - description: Success. - '500': - description: Internal Server error /notify: post: operationId: notify