[PAGOPA-1176] login

.github/workflows/release_deploy.yml

@@ -132,7 +132,9 @@ jobs:
       - name: 'Login via Azure CLI'
         uses: azure/login@v1
         with:
-          creds: ${{ secrets.AZURE_CREDENTIALS }}
+          client-id: ${{ secrets.CLIENT_ID }}
+          tenant-id: ${{ secrets.TENANT_ID }}
+          subscription-id: ${{ secrets.SUBSCRIPTION_ID }}
 
       - name: 'Run Azure Functions Container Action'
         uses: Azure/functions-container-action@v1.2.1

.identity/00_data.tf

@@ -12,6 +12,10 @@ data "github_organization_teams" "all" {
   summary_only    = true
 }
 
+data "azurerm_resource_group" "gpd_rg" {
+  name  = "pagopa-${var.env_short}-weu-gps-gpd-rg"
+}
+
 data "azurerm_key_vault" "key_vault" {
   name                = "pagopa-${var.env_short}-kv"
   resource_group_name = "pagopa-${var.env_short}-sec-rg"
@@ -45,4 +49,4 @@ data "azurerm_key_vault_secret" "key_vault_integration_test_subkey" {
 data "azurerm_key_vault_secret" "flow_sa_connection_string" {
   name         = "flows-sa-${var.env_short}-connection-string"
   key_vault_id = data.azurerm_key_vault.domain_key_vault.id
-}
+}

.identity/02_application_action.tf

@@ -47,6 +47,12 @@ resource "azurerm_role_assignment" "environment_terraform_resource_group_dashboa
   principal_id         = module.github_runner_app.object_id
 }
 
+resource "azurerm_role_assignment" "environment_function" {
+  scope                = data.azurerm_resource_group.gpd_rg.id
+  role_definition_name = "Contributor"
+  principal_id         = module.github_runner_app.object_id
+}
+
 resource "azurerm_role_assignment" "environment_key_vault" {
   scope                = data.azurerm_key_vault.key_vault.id
   role_definition_name = "Reader"