From 243ad404403c948535a37271f2f01ea815113494 Mon Sep 17 00:00:00 2001 From: FedericoRuzzier <49512050+FedericoRuzzier@users.noreply.github.com> Date: Tue, 26 Mar 2024 14:47:37 +0100 Subject: [PATCH 01/12] PAGOPA-1594 testing opex version --- .github/workflows/create_dashboard.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/create_dashboard.yaml b/.github/workflows/create_dashboard.yaml index a9473119..fcc7c66f 100644 --- a/.github/workflows/create_dashboard.yaml +++ b/.github/workflows/create_dashboard.yaml @@ -62,7 +62,7 @@ jobs: subscription-id: ${{ secrets.SUBSCRIPTION_ID }} # this action create a folder named /azure-dashboard - - uses: pagopa/opex-dashboard-action@main + - uses: pagopa/opex-dashboard-action@1.1.2 with: template: ${{ env.TEMPLATE_DIR }} config: .opex/${{ matrix.product }}/env/${{ matrix.environment }}/config.yaml From 153421ef1fc73f4c24416004b9c75e7856d39ab2 Mon Sep 17 00:00:00 2001 From: FedericoRuzzier <49512050+FedericoRuzzier@users.noreply.github.com> Date: Tue, 26 Mar 2024 14:51:30 +0100 Subject: [PATCH 02/12] PAGOPA-1594 minor version change --- .github/workflows/create_dashboard.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/create_dashboard.yaml b/.github/workflows/create_dashboard.yaml index fcc7c66f..6eaff2c1 100644 --- a/.github/workflows/create_dashboard.yaml +++ b/.github/workflows/create_dashboard.yaml @@ -62,7 +62,7 @@ jobs: subscription-id: ${{ secrets.SUBSCRIPTION_ID }} # this action create a folder named /azure-dashboard - - uses: pagopa/opex-dashboard-action@1.1.2 + - uses: pagopa/opex-dashboard-action@v1.1.2 with: template: ${{ env.TEMPLATE_DIR }} config: .opex/${{ matrix.product }}/env/${{ matrix.environment }}/config.yaml From 6788dc5ccfa33afed4af7c3b5dab39774c84055a Mon Sep 17 00:00:00 2001 From: FedericoRuzzier <49512050+FedericoRuzzier@users.noreply.github.com> Date: Wed, 27 Mar 2024 10:56:12 +0100 Subject: [PATCH 03/12] PAGOPA-1594 adapting action --- .github/workflows/create_dashboard.yaml | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/.github/workflows/create_dashboard.yaml b/.github/workflows/create_dashboard.yaml index 6eaff2c1..81a4595d 100644 --- a/.github/workflows/create_dashboard.yaml +++ b/.github/workflows/create_dashboard.yaml @@ -14,6 +14,8 @@ on: env: TEMPLATE_DIR: azure-dashboard + API_NAME: api-afm-calculator-dashboard + DOCKER_IMAGE_TAG: sha256:04d8ead53c772d23b094c2a395292dc159e6f2905e1b13b5f828f31eac6eb27f permissions: id-token: write @@ -62,10 +64,14 @@ jobs: subscription-id: ${{ secrets.SUBSCRIPTION_ID }} # this action create a folder named /azure-dashboard - - uses: pagopa/opex-dashboard-action@v1.1.2 + - uses: pagopa/opex-dashboard-azure-action@3ad80a5e4a2d5a8f342615637072f21b687320ce with: - template: ${{ env.TEMPLATE_DIR }} + client-id: ${{ secrets.ARM_CLIENT_ID }} + tenant-id: ${{ secrets.ARM_TENANT_ID }} + subscription-id: ${{ secrets.ARM_SUBSCRIPTION_ID }} + api-name: ${{ env.API_NAME }} config: .opex/${{ matrix.product }}/env/${{ matrix.environment }}/config.yaml + docker-version: ${{ env.DOCKER_IMAGE_TAG }} # we need to set env variables in the folder /azure-dashboard - name: Copy Environments From c86c50648366c905849aedaa8f8b7b1357f41735 Mon Sep 17 00:00:00 2001 From: FedericoRuzzier <49512050+FedericoRuzzier@users.noreply.github.com> Date: Tue, 26 Mar 2024 14:47:37 +0100 Subject: [PATCH 04/12] PAGOPA-1594 testing opex version --- .github/workflows/create_dashboard.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/create_dashboard.yaml b/.github/workflows/create_dashboard.yaml index a9473119..fcc7c66f 100644 --- a/.github/workflows/create_dashboard.yaml +++ b/.github/workflows/create_dashboard.yaml @@ -62,7 +62,7 @@ jobs: subscription-id: ${{ secrets.SUBSCRIPTION_ID }} # this action create a folder named /azure-dashboard - - uses: pagopa/opex-dashboard-action@main + - uses: pagopa/opex-dashboard-action@1.1.2 with: template: ${{ env.TEMPLATE_DIR }} config: .opex/${{ matrix.product }}/env/${{ matrix.environment }}/config.yaml From 1c0ce9906f49b0e11e8a9419b910bc5ddc2424ac Mon Sep 17 00:00:00 2001 From: FedericoRuzzier <49512050+FedericoRuzzier@users.noreply.github.com> Date: Tue, 26 Mar 2024 14:51:30 +0100 Subject: [PATCH 05/12] PAGOPA-1594 minor version change --- .github/workflows/create_dashboard.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/create_dashboard.yaml b/.github/workflows/create_dashboard.yaml index fcc7c66f..6eaff2c1 100644 --- a/.github/workflows/create_dashboard.yaml +++ b/.github/workflows/create_dashboard.yaml @@ -62,7 +62,7 @@ jobs: subscription-id: ${{ secrets.SUBSCRIPTION_ID }} # this action create a folder named /azure-dashboard - - uses: pagopa/opex-dashboard-action@1.1.2 + - uses: pagopa/opex-dashboard-action@v1.1.2 with: template: ${{ env.TEMPLATE_DIR }} config: .opex/${{ matrix.product }}/env/${{ matrix.environment }}/config.yaml From 289f82d5e6d9074904f884e05e7c7b2dc9ab32ce Mon Sep 17 00:00:00 2001 From: pasqualespica <36746022+pasqualespica@users.noreply.github.com> Date: Wed, 27 Mar 2024 11:08:22 +0100 Subject: [PATCH 06/12] refactor gha opex --- .github/workflows/create_dashboard.yaml | 86 ++++--------------------- 1 file changed, 11 insertions(+), 75 deletions(-) diff --git a/.github/workflows/create_dashboard.yaml b/.github/workflows/create_dashboard.yaml index 6eaff2c1..14717239 100644 --- a/.github/workflows/create_dashboard.yaml +++ b/.github/workflows/create_dashboard.yaml @@ -14,18 +14,15 @@ on: env: TEMPLATE_DIR: azure-dashboard + DOCKER_IMAGE_TAG: sha256:04d8ead53c772d23b094c2a395292dc159e6f2905e1b13b5f828f31eac6eb27f permissions: id-token: write contents: read - deployments: write -# A workflow run is made up of one or more jobs that can run sequentially or in parallel jobs: dashboard: - # The type of runner that the job will run on runs-on: ubuntu-22.04 - strategy: matrix: environment: [prod] @@ -36,89 +33,28 @@ jobs: steps: - name: Checkout id: checkout - # from https://github.com/actions/checkout/commits/main - uses: actions/checkout@1f9a0c22da41e6ebfa534300ef656657ea2c6707 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 with: persist-credentials: false + fetch-depth: 0 - name: Read terraform version id: read-version shell: bash run: | echo "TERRAFORM_VERSION=`cat .terraform-version`" >> $GITHUB_ENV + - name: Setup Terraform - # from https://github.com/hashicorp/setup-terraform/commits/main - uses: hashicorp/setup-terraform@8feba2b913ea459066180f9cb177f58a881cf146 + uses: hashicorp/setup-terraform@69c00852f1304c321337f45a105731218c2d5544 with: terraform_version: ${{ env.TERRAFORM_VERSION }} - - name: Login - id: login - # from https://github.com/Azure/login/commits/master - uses: azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 + - uses: pagopa/opex-dashboard-azure-action@3ad80a5e4a2d5a8f342615637072f21b687320ce with: - client-id: ${{ secrets.CLIENT_ID }} + environment: ${{ matrix.environment }} + api-name: ${{ matrix.product }} + config: .opex/${{ matrix.product }}/env/${{ matrix.environment }}/config.yaml + client-id: ${{ secrets.CLIENT_ID }} ??? tenant-id: ${{ secrets.TENANT_ID }} subscription-id: ${{ secrets.SUBSCRIPTION_ID }} - - # this action create a folder named /azure-dashboard - - uses: pagopa/opex-dashboard-action@v1.1.2 - with: - template: ${{ env.TEMPLATE_DIR }} - config: .opex/${{ matrix.product }}/env/${{ matrix.environment }}/config.yaml - - # we need to set env variables in the folder /azure-dashboard - - name: Copy Environments - run: | - cp -R .opex/${{ matrix.product }}/env ./${TEMPLATE_DIR} - # now is possible to launch the command: terraform apply - - name: Terraform Apply - shell: bash - run: | - cd ./${TEMPLATE_DIR} - export ARM_CLIENT_ID="${{ secrets.CLIENT_ID }}" - export ARM_SUBSCRIPTION_ID=$(az account show --query id --output tsv) - export ARM_TENANT_ID=$(az account show --query tenantId --output tsv) - export ARM_USE_OIDC=true - bash ./terraform.sh apply ${{ matrix.environment }} -auto-approve - - - - delete_github_deployments: - runs-on: ubuntu-latest - needs: dashboard - if: ${{ always() }} - steps: - - name: Dump GitHub context - env: - GITHUB_CONTEXT: ${{ toJSON(github) }} - run: echo "$GITHUB_CONTEXT" - - - name: Delete Previous deployments - uses: actions/github-script@v6 - env: - SHA_HEAD: ${{ (github.event_name == 'pull_request' && github.event.pull_request.head.sha) || github.sha}} - with: - script: | - const { SHA_HEAD } = process.env - - const deployments = await github.rest.repos.listDeployments({ - owner: context.repo.owner, - repo: context.repo.repo, - sha: SHA_HEAD - }); - await Promise.all( - deployments.data.map(async (deployment) => { - await github.rest.repos.createDeploymentStatus({ - owner: context.repo.owner, - repo: context.repo.repo, - deployment_id: deployment.id, - state: 'inactive' - }); - return github.rest.repos.deleteDeployment({ - owner: context.repo.owner, - repo: context.repo.repo, - deployment_id: deployment.id - }); - }) - ); + docker-version: ${{ env.DOCKER_IMAGE_TAG }} From 39fb4be3ff38f831674bb11b96eaad433bacdfd3 Mon Sep 17 00:00:00 2001 From: FedericoRuzzier <49512050+FedericoRuzzier@users.noreply.github.com> Date: Wed, 27 Mar 2024 12:20:13 +0100 Subject: [PATCH 07/12] PAGOPA-1594 federated identity --- .../workflows/deploy_with_github_runner.yml | 10 +-- .identity/00_data.tf | 5 ++ .identity/02_application_action.tf | 84 ------------------- .identity/03_github_environment.tf | 2 +- 4 files changed, 11 insertions(+), 90 deletions(-) delete mode 100644 .identity/02_application_action.tf diff --git a/.github/workflows/deploy_with_github_runner.yml b/.github/workflows/deploy_with_github_runner.yml index 890ba550..9a95b015 100644 --- a/.github/workflows/deploy_with_github_runner.yml +++ b/.github/workflows/deploy_with_github_runner.yml @@ -31,7 +31,7 @@ jobs: # from https://github.com/pagopa/eng-github-actions-iac-template/tree/main/azure/github-self-hosted-runner-azure-create-action uses: pagopa/eng-github-actions-iac-template/azure/github-self-hosted-runner-azure-create-action@main with: - client_id: ${{ secrets.CLIENT_ID }} + client_id: ${{ secrets.CD_CLIENT_ID }} tenant_id: ${{ secrets.TENANT_ID }} subscription_id: ${{ secrets.SUBSCRIPTION_ID }} container_app_environment_name: ${{ vars.CONTAINER_APP_ENVIRONMENT_NAME }} @@ -48,7 +48,7 @@ jobs: uses: pagopa/github-actions-template/aks-deploy@main with: branch: ${{ github.ref_name }} - client_id: ${{ secrets.CLIENT_ID }} + client_id: ${{ secrets.CD_CLIENT_ID }} subscription_id: ${{ secrets.SUBSCRIPTION_ID }} tenant_id: ${{ secrets.TENANT_ID }} env: ${{ inputs.environment }} @@ -71,7 +71,7 @@ jobs: # from https://github.com/pagopa/eng-github-actions-iac-template/tree/main/azure/github-self-hosted-runner-azure-cleanup-action uses: pagopa/eng-github-actions-iac-template/azure/github-self-hosted-runner-azure-cleanup-action@0ee2f58fd46d10ac7f00bce4304b98db3dbdbe9a with: - client_id: ${{ secrets.CLIENT_ID }} + client_id: ${{ secrets.CD_CLIENT_ID }} tenant_id: ${{ secrets.TENANT_ID }} subscription_id: ${{ secrets.SUBSCRIPTION_ID }} resource_group_name: ${{ vars.CONTAINER_APP_ENVIRONMENT_RESOURCE_GROUP_NAME }} @@ -103,7 +103,7 @@ jobs: # # from https://github.com/Azure/login/commits/master # uses: azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # with: -# client-id: ${{ secrets.CLIENT_ID }} +# client-id: ${{ secrets.CD_CLIENT_ID }} # tenant-id: ${{ secrets.TENANT_ID }} # subscription-id: ${{ secrets.SUBSCRIPTION_ID }} # @@ -112,7 +112,7 @@ jobs: # shell: bash # run: | # cd ./infra -# export ARM_CLIENT_ID="${{ secrets.CLIENT_ID }}" +# export ARM_CLIENT_ID="${{ secrets.CD_CLIENT_ID }}" # export ARM_SUBSCRIPTION_ID=$(az account show --query id --output tsv) # export ARM_TENANT_ID=$(az account show --query tenantId --output tsv) # export ARM_USE_OIDC=true diff --git a/.identity/00_data.tf b/.identity/00_data.tf index ae98b412..fbf5899e 100644 --- a/.identity/00_data.tf +++ b/.identity/00_data.tf @@ -1,3 +1,8 @@ +data "azurerm_user_assigned_identity" "identity_cd" { + resource_group_name = "${local.product}-identity-rg" + name = "${local.product}-${local.domain}-01-github-cd-identity" +} + data "azurerm_resource_group" "dashboards" { name = "dashboards" } diff --git a/.identity/02_application_action.tf b/.identity/02_application_action.tf deleted file mode 100644 index 50e5776d..00000000 --- a/.identity/02_application_action.tf +++ /dev/null @@ -1,84 +0,0 @@ -module "github_runner_app" { - source = "git::https://github.com/pagopa/github-actions-tf-modules.git//app-github-runner-creator?ref=main" - - app_name = local.app_name - - subscription_id = data.azurerm_subscription.current.id - - github_org = local.github.org - github_repository = local.github.repository - github_environment_name = var.env - - container_app_github_runner_env_rg = local.container_app_environment.resource_group -} - -resource "null_resource" "github_runner_app_permissions_to_namespace" { - triggers = { - aks_id = data.azurerm_kubernetes_cluster.aks.id - service_principal_id = module.github_runner_app.client_id - namespace = local.domain - version = "v2" - } - - provisioner "local-exec" { - command = < Date: Thu, 28 Mar 2024 11:35:52 +0100 Subject: [PATCH 08/12] restore old style --- .github/workflows/create_dashboard.yaml | 30 +++++++++---------------- 1 file changed, 10 insertions(+), 20 deletions(-) diff --git a/.github/workflows/create_dashboard.yaml b/.github/workflows/create_dashboard.yaml index ff272cd5..2017940d 100644 --- a/.github/workflows/create_dashboard.yaml +++ b/.github/workflows/create_dashboard.yaml @@ -12,18 +12,17 @@ on: workflow_dispatch: -env: - TEMPLATE_DIR: azure-dashboard - API_NAME: api-afm-calculator-dashboard - DOCKER_IMAGE_TAG: sha256:04d8ead53c772d23b094c2a395292dc159e6f2905e1b13b5f828f31eac6eb27f - permissions: id-token: write contents: read + deployments: write +# A workflow run is made up of one or more jobs that can run sequentially or in parallel jobs: dashboard: + # The type of runner that the job will run on runs-on: ubuntu-22.04 + strategy: matrix: environment: [prod] @@ -34,23 +33,13 @@ jobs: steps: - name: Checkout id: checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + # from https://github.com/actions/checkout/commits/main + uses: actions/checkout@1f9a0c22da41e6ebfa534300ef656657ea2c6707 with: persist-credentials: false - fetch-depth: 0 - - - name: Read terraform version - id: read-version - shell: bash - run: | - echo "TERRAFORM_VERSION=`cat .terraform-version`" >> $GITHUB_ENV - - - name: Setup Terraform - uses: hashicorp/setup-terraform@69c00852f1304c321337f45a105731218c2d5544 - with: - terraform_version: ${{ env.TERRAFORM_VERSION }} - - uses: pagopa/opex-dashboard-azure-action@3ad80a5e4a2d5a8f342615637072f21b687320ce + # from https://github.com/pagopa/opex-dashboard-azure-action/ + - uses: pagopa/opex-dashboard-azure-action@v1.1.2 with: environment: ${{ matrix.environment }} api-name: ${{ matrix.product }} @@ -58,4 +47,5 @@ jobs: client-id: ${{ secrets.CLIENT_ID }} tenant-id: ${{ secrets.TENANT_ID }} subscription-id: ${{ secrets.SUBSCRIPTION_ID }} - docker-version: ${{ env.DOCKER_IMAGE_TAG }} + # from https://github.com/pagopa/opex-dashboard-azure-action/pkgs/container/opex-dashboard-azure-action + docker-version: sha256:e4245954566cd3470e1b5527d33bb58ca132ce7493eac01be9e808fd25a11c8d From 7e6ee162d0710cb496de805f1eef80dc0011007d Mon Sep 17 00:00:00 2001 From: pasqualespica <36746022+pasqualespica@users.noreply.github.com> Date: Thu, 28 Mar 2024 11:43:05 +0100 Subject: [PATCH 09/12] restore old style --- .github/workflows/create_dashboard.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/create_dashboard.yaml b/.github/workflows/create_dashboard.yaml index 2017940d..faad575a 100644 --- a/.github/workflows/create_dashboard.yaml +++ b/.github/workflows/create_dashboard.yaml @@ -44,7 +44,7 @@ jobs: environment: ${{ matrix.environment }} api-name: ${{ matrix.product }} config: .opex/${{ matrix.product }}/env/${{ matrix.environment }}/config.yaml - client-id: ${{ secrets.CLIENT_ID }} + client-id: ${{ secrets.CD_CLIENT_ID }} tenant-id: ${{ secrets.TENANT_ID }} subscription-id: ${{ secrets.SUBSCRIPTION_ID }} # from https://github.com/pagopa/opex-dashboard-azure-action/pkgs/container/opex-dashboard-azure-action From b1e293d3f934ce2f9c90950a5722300bb9c15552 Mon Sep 17 00:00:00 2001 From: pasqualespica <36746022+pasqualespica@users.noreply.github.com> Date: Thu, 28 Mar 2024 11:52:17 +0100 Subject: [PATCH 10/12] restore old style --- .github/workflows/create_dashboard.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/create_dashboard.yaml b/.github/workflows/create_dashboard.yaml index faad575a..6d4865fa 100644 --- a/.github/workflows/create_dashboard.yaml +++ b/.github/workflows/create_dashboard.yaml @@ -42,7 +42,7 @@ jobs: - uses: pagopa/opex-dashboard-azure-action@v1.1.2 with: environment: ${{ matrix.environment }} - api-name: ${{ matrix.product }} + api-name: config: .opex/${{ matrix.product }}/env/${{ matrix.environment }}/config.yaml client-id: ${{ secrets.CD_CLIENT_ID }} tenant-id: ${{ secrets.TENANT_ID }} From 1b55ed6ec2bd98ee0e016d670aa4d7a695b04d44 Mon Sep 17 00:00:00 2001 From: pasqualespica <36746022+pasqualespica@users.noreply.github.com> Date: Thu, 28 Mar 2024 11:53:38 +0100 Subject: [PATCH 11/12] restore old style --- .github/workflows/create_dashboard.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/create_dashboard.yaml b/.github/workflows/create_dashboard.yaml index 6d4865fa..faad575a 100644 --- a/.github/workflows/create_dashboard.yaml +++ b/.github/workflows/create_dashboard.yaml @@ -42,7 +42,7 @@ jobs: - uses: pagopa/opex-dashboard-azure-action@v1.1.2 with: environment: ${{ matrix.environment }} - api-name: + api-name: ${{ matrix.product }} config: .opex/${{ matrix.product }}/env/${{ matrix.environment }}/config.yaml client-id: ${{ secrets.CD_CLIENT_ID }} tenant-id: ${{ secrets.TENANT_ID }} From 8b5f1536020e07a48cd20421002aff84901f0f10 Mon Sep 17 00:00:00 2001 From: pasqualespica <36746022+pasqualespica@users.noreply.github.com> Date: Thu, 28 Mar 2024 12:02:50 +0100 Subject: [PATCH 12/12] restore old style --- openapi/openapi-v1.json | 31 ------------------------------- 1 file changed, 31 deletions(-) diff --git a/openapi/openapi-v1.json b/openapi/openapi-v1.json index f6f07564..a1086b2e 100644 --- a/openapi/openapi-v1.json +++ b/openapi/openapi-v1.json @@ -570,37 +570,6 @@ } } } - }, - "/actuator/health/**": { - "get": { - "tags": [ - "Actuator" - ], - "summary": "Actuator web endpoint 'health-path'", - "operationId": "health-path", - "responses": { - "200": { - "description": "OK", - "content": { - "application/vnd.spring-boot.actuator.v3+json": { - "schema": { - "type": "object" - } - }, - "application/vnd.spring-boot.actuator.v2+json": { - "schema": { - "type": "object" - } - }, - "application/json": { - "schema": { - "type": "object" - } - } - } - } - } - } } }, "components": {