[EC-130] Add Terraform configuration to hold repository settings (#343)

pagopa · Feb 9, 2024 · af7a0e2 · af7a0e2
1 parent 410f921
commit af7a0e2
Show file tree

Hide file tree

Showing 20 changed files with 141 additions and 423 deletions.
diff --git a/.github/workflows/opex_api.yml b/.github/workflows/opex_api.yml
@@ -1,6 +1,5 @@
 name: Opex Dashboard
 
-# Controls when the workflow will run
 on:
   push:
     branches:
@@ -13,30 +12,21 @@ on:
 
 env:
   TEMPLATE_DIR: azure-dashboard
-  ARM_USE_OIDC: true
-  ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID_CD }}
-  ARM_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
-  ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
   API_NAME: api-selfcare-dashboard
   DOCKER_IMAGE_TAG: sha256:04d8ead53c772d23b094c2a395292dc159e6f2905e1b13b5f828f31eac6eb27f
 
 permissions:
   id-token: write
   contents: read
 
-# A workflow run is made up of one or more jobs that can run sequentially or in parallel
 jobs:
   build:
-    # The type of runner that the job will run on
     runs-on: ubuntu-22.04
-
     environment: 'prod-cd'
 
-    # Steps represent a sequence of tasks that will be executed as part of the job
     steps:
       - name: Checkout
         id: checkout
-        # from https://github.com/actions/checkout/commits/main
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
         with:
           persist-credentials: false
@@ -49,7 +39,6 @@ jobs:
           echo "TERRAFORM_VERSION=`cat .terraform-version`" >> $GITHUB_ENV
 
       - name: Setup Terraform
-        # from https://github.com/hashicorp/setup-terraform/commits/main
         uses: hashicorp/setup-terraform@69c00852f1304c321337f45a105731218c2d5544
         with:
           terraform_version: ${{ env.TERRAFORM_VERSION }}
@@ -59,7 +48,7 @@ jobs:
           environment: prod
           api-name: ${{ env.API_NAME }}
           config: .opex/${{ env.API_NAME }}/env/prod/config.yaml
-          client-id: ${{ secrets.AZURE_CLIENT_ID_CD }}
-          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
-          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          client-id: ${{ secrets.ARM_CLIENT_ID }}
+          tenant-id: ${{ vars.ARM_TENANT_ID }}
+          subscription-id: ${{ vars.ARM_SUBSCRIPTION_ID }}
           docker-version: ${{ env.DOCKER_IMAGE_TAG }}
diff --git a/.github/workflows/opex_api_pnpg.yml b/.github/workflows/opex_api_pnpg.yml
@@ -1,6 +1,5 @@
 name: Opex Dashboard PNPG
 
-# Controls when the workflow will run
 on:
   push:
     branches:
@@ -13,30 +12,21 @@ on:
 
 env:
   TEMPLATE_DIR: azure-dashboard
-  ARM_USE_OIDC: true
-  ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID_CD }}
-  ARM_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
-  ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
   API_NAME: api-selfcare-dashboard-pnpg
   DOCKER_IMAGE_TAG: sha256:04d8ead53c772d23b094c2a395292dc159e6f2905e1b13b5f828f31eac6eb27f
 
 permissions:
   id-token: write
   contents: read
 
-# A workflow run is made up of one or more jobs that can run sequentially or in parallel
 jobs:
   build:
-    # The type of runner that the job will run on
     runs-on: ubuntu-22.04
-
     environment: 'prod-cd'
 
-    # Steps represent a sequence of tasks that will be executed as part of the job
     steps:
       - name: Checkout
         id: checkout
-        # from https://github.com/actions/checkout/commits/main
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
         with:
           persist-credentials: false
@@ -49,7 +39,6 @@ jobs:
           echo "TERRAFORM_VERSION=`cat .terraform-version`" >> $GITHUB_ENV
 
       - name: Setup Terraform
-        # from https://github.com/hashicorp/setup-terraform/commits/main
         uses: hashicorp/setup-terraform@69c00852f1304c321337f45a105731218c2d5544
         with:
           terraform_version: ${{ env.TERRAFORM_VERSION }}
@@ -59,7 +48,7 @@ jobs:
           environment: prod
           api-name: ${{ env.API_NAME }}
           config: .opex/${{ env.API_NAME }}/env/prod/config.yaml
-          client-id: ${{ secrets.AZURE_CLIENT_ID_CD }}
-          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
-          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          client-id: ${{ secrets.ARM_CLIENT_ID }}
+          tenant-id: ${{ vars.ARM_TENANT_ID }}
+          subscription-id: ${{ vars.ARM_SUBSCRIPTION_ID }}
           docker-version: ${{ env.DOCKER_IMAGE_TAG }}
diff --git a/.gitignore b/.gitignore
@@ -4,15 +4,6 @@ target/
 !**/src/main/**/target/
 !**/src/test/**/target/
 
-/.terraform/
-/.identity/.terraform/
-# Local .terraform directories
-**/.terraform/*
-
-# .tfstate files
-*.tfstate
-*.tfstate.*
-
 ### STS ###
 .apt_generated
 .classpath
@@ -40,4 +31,13 @@ build/
 
 ### VS Code ###
 .vscode/
-.DS_Store
+.DS_Store
+
+**/.terraform/*
+*.tfstate
+*.tfstate.*
+**/.tfsec/*
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
diff --git a/.identity/.terraform-version b/.identity/.terraform-version
diff --git a/.identity/.terraform.lock.hcl b/.identity/.terraform.lock.hcl
diff --git a/.identity/00_data.tf b/.identity/00_data.tf
diff --git a/.identity/03_github_environment.tf b/.identity/03_github_environment.tf
diff --git a/.identity/99_main.tf b/.identity/99_main.tf
diff --git a/.identity/99_outputs.tf b/.identity/99_outputs.tf