pagopa · michaeldisaro · Apr 16, 2024 · Apr 2, 2024 · Apr 3, 2024 · Apr 3, 2024
diff --git a/.github/actions/node-yarn/action.yml b/.github/actions/node-yarn/action.yml
@@ -0,0 +1,20 @@
+name: "Build workspace"
+description: "This action builds the project."
+
+runs:
+ using: "composite"
+ steps:
+ - name: Setup Node.js
+ uses: actions/setup-node@v4
+ with:
+ node-version-file: ".node-version"
+ cache: "yarn"
+ cache-dependency-path: "./yarn.lock"
+
+ - name: Install dependencies
+ run: yarn install --frozen-lockfile
+ shell: bash
+
+ - name: Build io-functions-service-messages
+ run: yarn build
+ shell: bash
diff --git a/.github/workflows/deploy-func.yaml b/.github/workflows/deploy-func.yaml
@@ -0,0 +1,15 @@
+name: functions-service-messages Release
+on:
+ workflow_dispatch:
+
+jobs:
+
+ deploy_workspace_to_azure:
+ name: Deploy
+ uses: ./.github/workflows/deploy.yaml
+ with:
+ environment: prod
+ app_service_name: io-p-messages-sending-func
+ app_service_resource_group: io-p-service-messages-rg
+ healtcheck_path: /api/v1/info
+ secrets: inherit
diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml
@@ -0,0 +1,80 @@
+on:
+ workflow_call:
+ inputs: 
+ environment: 
+ type: string
+ required: true
+ app_service_name:
+ type: string
+ required: true
+ app_service_resource_group:
+ type: string
+ required: true
+ healtcheck_path:
+ type: string
+ required: true
+
+jobs:
+ build:
+ name: Build
+ runs-on: ubuntu-20.04
+ steps:
+ - name: Checkout
+ uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
+
+ - name: Build app
+ uses: ./.github/actions/node-yarn
+
+ - name: Make the azure app artifact
+ id: make_artifact
+ run: |
+ zip -r app.zip .
+ echo "artifact-path=$(realpath app.zip)" >> "$GITHUB_OUTPUT"
+ shell: bash
+
+ - name: Upload artifact
+ uses: actions/upload-artifact@v4
+ with:
+ name: app.zip
+ path: ${{ steps.make_artifact.outputs.artifact-path }}
+
+ deploy:
+ name: Deploy App
+ if: ${{ !github.event.act }}
+ needs: [build]
+ runs-on: self-hosted
+ environment: ${{ inputs.environment }}-cd
+ permissions:
+ id-token: write
+ contents: read
+ env:
+ ARM_USE_OIDC: true
+ ARM_USE_AZUREAD: true
+ ARM_STORAGE_USE_AZUREAD: true
+
+ steps:
+ - name: Download artifact
+ uses: actions/download-artifact@v4
+ with:
+ name: app.zip
+
+ - name: Login to Azure
+ uses: azure/login@v2
+ with:
+ client-id: ${{ secrets.ARM_CLIENT_ID }}
+ tenant-id: ${{ secrets.ARM_TENANT_ID }}
+ subscription-id: ${{ secrets.ARM_SUBSCRIPTION_ID }}
+
+ - name: Deploy App to Staging Slot
+ uses: azure/webapps-deploy@v2
+ with:
+ resource-group-name: ${{ inputs.app_service_resource_group }}
+ app-name: ${{ inputs.app_service_name }}
+ slot-name: staging
+ package: app.zip
+
+ - name: Check Staging Health
+ run: curl --retry 5 --retry-max-time 120 -f 'https://${{ inputs.app_service_name }}-staging.azurewebsites.net${{ inputs.healtcheck_path }}'
+
+ - name: Swap Staging and Production Slots
+ run: az webapp deployment slot swap -g ${{ inputs.app_service_resource_group }} -n ${{ inputs.app_service_name }} --slot staging --target-slot production
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
diff --git a/.gitignore b/.gitignore
@@ -31,8 +31,8 @@ dist
 # Python Environments
 .env
 .venv
-env/
 venv/
+env/
 ENV/
 env.bak/
 venv.bak/
@@ -63,3 +63,52 @@ helm/charts**
 helm/charts/*
 
 docker-compose.override.yml
+
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+
+# Ignore any .tfvars files that are generated automatically for each Terraform run. Most
+# .tfvars files are managed as part of configuration and so should be included in
+# version control.
+#
+# example.tfvars
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Include override files you do wish to add to version control using negated pattern
+#
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+
+**/.tfsec/*
+**/.ignore/*
+
+*.DS_Store
+*.log
+*.h2.db
+settings.json
+__TMP
+.metals/
+*.log
+*.h2.db
+settings.json
+__TMP
+.metals/
+__azurite_*
+/.idea
+
+**/modules/**/.terraform.lock.hcl
diff --git a/.terraform-version b/.terraform-version
@@ -0,0 +1 @@
+1.6.6
diff --git a/Info/function.json b/Info/function.json
@@ -5,7 +5,7 @@
  "type": "httpTrigger",
  "direction": "in",
  "name": "req",
- "route": "ready",
+ "route": "v1/info",
  "methods": [
  "get"
  ]

diff --git a/Info/index.ts b/Info/index.ts
@@ -11,7 +11,7 @@ const app = express();
 secureExpressApp(app);
 
 // Add express route
-app.get("/api/ready", Info(cosmosdbClient));
+app.get("/api/v1/info", Info(cosmosdbClient));
 
 const azureFunctionHandler = createAzureFunctionHandler(app);
 

diff --git a/infra/github-runner/.terraform.lock.hcl b/infra/github-runner/.terraform.lock.hcl
diff --git a/infra/github-runner/container_app_job_runner.tf b/infra/github-runner/container_app_job_runner.tf
@@ -0,0 +1,25 @@
+module "container_app_job" {
+ source = "github.com/pagopa/terraform-azurerm-v3//container_app_job_gh_runner?ref=v7.76.0"
+
+ location = local.location
+ prefix = local.prefix
+ env_short = local.env_short
+
+ key_vault = {
+ resource_group_name = data.azurerm_key_vault.key_vault_common.resource_group_name
+ name = data.azurerm_key_vault.key_vault_common.name
+ secret_name = "github-runner-pat"
+ }
+
+ environment = {
+ name = data.azurerm_container_app_environment.container_app_environment_runner.name
+ resource_group_name = data.azurerm_container_app_environment.container_app_environment_runner.resource_group_name
+ }
+
+ job = {
+ name = "f-services-messages"
+ repo = "io-functions-services-messages"
+ }
+
+ tags = local.tags
+}
diff --git a/infra/github-runner/data.tf b/infra/github-runner/data.tf
@@ -0,0 +1,9 @@
+data "azurerm_key_vault" "key_vault_common" {
+ name = local.key_vault_common.name
+ resource_group_name = local.key_vault_common.resource_group_name
+}
+
+data "azurerm_container_app_environment" "container_app_environment_runner" {
+ name = local.container_app_environment.name
+ resource_group_name = local.container_app_environment.resource_group_name
+}
diff --git a/infra/github-runner/locals.tf b/infra/github-runner/locals.tf
@@ -0,0 +1,25 @@
+locals {
+ location = "westeurope"
+ prefix = "io"
+ env_short = "p"
+ project = "${local.prefix}-${local.env_short}"
+
+ key_vault_common = {
+ name = "${local.project}-kv-common"
+ resource_group_name = "${local.project}-rg-common"
+ }
+
+ container_app_environment = {
+ name = "${local.project}-github-runner-cae"
+ resource_group_name = "${local.project}-github-runner-rg"
+ }
+
+ tags = {
+ CostCenter = "TS310 - PAGAMENTI & SERVIZI"
+ CreatedBy = "Terraform"
+ Environment = "Prod"
+ Owner = "IO"
+ ManagementTeam = "IO Comunicazione"
+ Source = "https://github.com/pagopa/io-functions-service-messages/tree/main/infra/github-runner"
+ }
+}
diff --git a/infra/github-runner/main.tf b/infra/github-runner/main.tf
@@ -0,0 +1,19 @@
+terraform {
+ required_providers {
+ azurerm = {
+ source = "hashicorp/azurerm"
+ version = "<= 3.98.0"
+ }
+ }
+
+ backend "azurerm" {
+ resource_group_name = "terraform-state-rg"
+ storage_account_name = "tfappprodio"
+ container_name = "terraform-state"
+ key = "io-functions-service-messages.github-runner.tfstate"
+ }
+}
+
+provider "azurerm" {
+ features {}
+}
diff --git a/infra/identity/.terraform.lock.hcl b/infra/identity/.terraform.lock.hcl