From 951496e0e25ed76d00e6c77c81a650b52debedde Mon Sep 17 00:00:00 2001 From: Andrea De Rinaldis Date: Thu, 10 Aug 2023 15:58:46 +0200 Subject: [PATCH 01/15] feat: added .identity folder --- .gitignore | 3 +- .identity/.terraform.lock.hcl | 83 +++++++++++++++++++++++++ .identity/00_data.tf | 52 ++++++++++++++++ .identity/02_application_action.tf | 96 +++++++++++++++++++++++++++++ .identity/03_github_environment.tf | 78 +++++++++++++++++++++++ .identity/99_main.tf | 32 ++++++++++ .identity/99_variables.tf | 56 +++++++++++++++++ .identity/env/dev/backend.ini | 1 + .identity/env/dev/backend.tfvars | 4 ++ .identity/env/dev/terraform.tfvars | 11 ++++ .identity/env/prod/backend.ini | 1 + .identity/env/prod/backend.tfvars | 4 ++ .identity/env/prod/terraform.tfvars | 11 ++++ .identity/env/uat/backend.ini | 1 + .identity/env/uat/backend.tfvars | 4 ++ .identity/env/uat/terraform.tfvars | 11 ++++ .identity/terraform.sh | 69 +++++++++++++++++++++ 17 files changed, 516 insertions(+), 1 deletion(-) create mode 100644 .identity/.terraform.lock.hcl create mode 100644 .identity/00_data.tf create mode 100644 .identity/02_application_action.tf create mode 100644 .identity/03_github_environment.tf create mode 100644 .identity/99_main.tf create mode 100644 .identity/99_variables.tf create mode 100644 .identity/env/dev/backend.ini create mode 100644 .identity/env/dev/backend.tfvars create mode 100644 .identity/env/dev/terraform.tfvars create mode 100644 .identity/env/prod/backend.ini create mode 100644 .identity/env/prod/backend.tfvars create mode 100644 .identity/env/prod/terraform.tfvars create mode 100644 .identity/env/uat/backend.ini create mode 100644 .identity/env/uat/backend.tfvars create mode 100644 .identity/env/uat/terraform.tfvars create mode 100644 .identity/terraform.sh diff --git a/.gitignore b/.gitignore index e159f14..e72ef74 100644 --- a/.gitignore +++ b/.gitignore @@ -46,4 +46,5 @@ bin/ **/application-azure.properties .cache_ggshield *azure.properties -**/node_modules \ No newline at end of file +**/node_modules +**/.terraform/ \ No newline at end of file diff --git a/.identity/.terraform.lock.hcl b/.identity/.terraform.lock.hcl new file mode 100644 index 0000000..4e16852 --- /dev/null +++ b/.identity/.terraform.lock.hcl @@ -0,0 +1,83 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/azuread" { + version = "2.30.0" + constraints = "2.30.0" + hashes = [ + "h1:Uw4TcmJBEJ71h+oCwwidlkk5jFpyFRDPAFCMs/bT/cw=", + "zh:1c3e89cf19118fc07d7b04257251fc9897e722c16e0a0df7b07fcd261f8c12e7", + "zh:2e62c193030e04ebb10cc0526119cf69824bf2d7e4ea5a2f45bd5d5fb7221d36", + "zh:2f3c7a35257332d68b778cefc5201a5f044e4914dd03794a4da662ddfe756483", + "zh:35d0d3a1b58fdb8b8c4462d6b7e7016042da43ea9cc734ce897f52a73407d9b0", + "zh:47ede0cd0206ec953d40bf4a80aa6e59af64e26cbbd877614ac424533dbb693b", + "zh:48c190307d4d42ea67c9b8cc544025024753f46cef6ea64db84735e7055a72da", + "zh:6fff9b2c6a962252a70a15b400147789ab369b35a781e9d21cce3804b04d29af", + "zh:7646980cf3438bff29c91ffedb74458febbb00a996638751fbd204ab1c628c9b", + "zh:77aa2fa7ca6d5446afa71d4ff83cb87b70a2f3b72110fc442c339e8e710b2928", + "zh:e20b2b2c37175b89dd0db058a096544d448032e28e3b56e2db368343533a9684", + "zh:eab175b1dfe9865ad9404dccb6d5542899f8c435095aa7c679314b811c717ce7", + "zh:efc862bd78c55d2ff089729e2a34c1831ab4b0644fc11b36ee4ebed00a4797ba", + ] +} + +provider "registry.terraform.io/hashicorp/azurerm" { + version = "3.45.0" + constraints = "3.45.0" + hashes = [ + "h1:VQWxV5+qelZeUCjpdLvZ7iAom4RvG+fVVgK6ELvw/cs=", + "zh:04c5dbb8845366ce5eb0dc2d55e151270cc2c0ace20993867fdae9af43b953ad", + "zh:2589585da615ccae341400d45d672ee3fae413fdd88449b5befeff12a85a44b2", + "zh:603869ed98fff5d9bf841a51afd9e06b628533c59356c8433aef4b15df63f5f7", + "zh:853fecab9c987b6772c8d9aa10362675f6c626b60ebc7118aa33ce91366fcc38", + "zh:979848c45e8e058862c36ba3a661457f7c81ef26ebb6634f479600de9c203d65", + "zh:9b512c8588ecc9c1b803b746a3a8517422561a918f0dfb0faaa707ed53ef1760", + "zh:a9601ffb58043426bcff1220662d6d137f0b2857a24f2dcf180aeac2c9cea688", + "zh:d52d2652328f0ed3ba202561d88cb9f43c174edbfaab1abf69f772125dbfe15e", + "zh:d92d91ca597c47f575bf3ae129f4b723be9b7dcb71b906ec6ec740fac29b1aaa", + "zh:ded73b730e4197b70fda9e83447c119f92f75dc37be3ff2ed45730c8f0348c28", + "zh:ec37ac332d50f8ca5827f97198346b0f8ecbf470e2e3ba1e027bb389d826b902", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} + +provider "registry.terraform.io/hashicorp/null" { + version = "3.2.1" + hashes = [ + "h1:ydA0/SNRVB1o95btfshvYsmxA+jZFRZcvKzZSB+4S1M=", + "zh:58ed64389620cc7b82f01332e27723856422820cfd302e304b5f6c3436fb9840", + "zh:62a5cc82c3b2ddef7ef3a6f2fedb7b9b3deff4ab7b414938b08e51d6e8be87cb", + "zh:63cff4de03af983175a7e37e52d4bd89d990be256b16b5c7f919aff5ad485aa5", + "zh:74cb22c6700e48486b7cabefa10b33b801dfcab56f1a6ac9b6624531f3d36ea3", + "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", + "zh:79e553aff77f1cfa9012a2218b8238dd672ea5e1b2924775ac9ac24d2a75c238", + "zh:a1e06ddda0b5ac48f7e7c7d59e1ab5a4073bbcf876c73c0299e4610ed53859dc", + "zh:c37a97090f1a82222925d45d84483b2aa702ef7ab66532af6cbcfb567818b970", + "zh:e4453fbebf90c53ca3323a92e7ca0f9961427d2f0ce0d2b65523cc04d5d999c2", + "zh:e80a746921946d8b6761e77305b752ad188da60688cfd2059322875d363be5f5", + "zh:fbdb892d9822ed0e4cb60f2fedbdbb556e4da0d88d3b942ae963ed6ff091e48f", + "zh:fca01a623d90d0cad0843102f9b8b9fe0d3ff8244593bd817f126582b52dd694", + ] +} + +provider "registry.terraform.io/integrations/github" { + version = "5.18.3" + constraints = "5.18.3" + hashes = [ + "h1:WbZvLB2qXKVoh4BvOOwFfEds+SZQrkINfSAWPnWFxGo=", + "zh:050b37d96628cb7451137755929ca8d21ea546bc46d11a715652584070e83ff2", + "zh:053051061f1b7f7673b0ceffac1f239ba28b0e5b375999206fd39976e85d9f2b", + "zh:0c300a977ca66d0347ed62bb116fd8fc9abb376a554d4c192d14f3ea71c83500", + "zh:1d5a1a5243eba78819d2f92ff2d504ebf9a9008a6670fb5f5660f44eb6a156d8", + "zh:a13ac15d251ebf4e7dc40acb0e40df066f443f4c7799186a29e2e44addc7d8e7", + "zh:a316d94b885953c036ebc9fba64a23da93974746bc3ac9d207462a6f02d44540", + "zh:a658a00373bff5979cc227052c693cbde8ca4c8f9fef1bc8094a3516f2e2a96d", + "zh:a7bfc6ad8465d5dc11b6f19d6805364de87fffe27622bb4f37da2319bb1c4956", + "zh:d7379a76861f1a6bfc36eca7a20f1f477711247563b105744d69d7bd1f365fad", + "zh:de1cd959fd4821248e8d21570601193408648474e74f49597f1d0c43185a4ab7", + "zh:e0b281240dd6f2aa405b2d6fe329bc15ab877161affe163fb150d1efca2fccdb", + "zh:e372c171358757a983d7aa878abfd05a84484fb4d22167e45c9c1267e78ed060", + "zh:f6d3116526030b3f6905f530cd6c04b23d42890d973fa2abe10ce9c89cb1db80", + "zh:f99eec731e03cc6a28996c875bd435887cd7ea75ec07cc77b9e768bb12da2227", + ] +} diff --git a/.identity/00_data.tf b/.identity/00_data.tf new file mode 100644 index 0000000..bbb772f --- /dev/null +++ b/.identity/00_data.tf @@ -0,0 +1,52 @@ +data "azurerm_storage_account" "tf_storage_account"{ + name = "pagopainfraterraform${var.env}" + resource_group_name = "io-infra-rg" +} + +data "azurerm_resource_group" "dashboards" { + name = "dashboards" +} + +data "azurerm_kubernetes_cluster" "aks" { + name = local.aks_cluster.name + resource_group_name = local.aks_cluster.resource_group_name +} + +data "github_organization_teams" "all" { + root_teams_only = true + summary_only = true +} + +data "azurerm_key_vault" "key_vault" { + name = "pagopa-${var.env_short}-kv" + resource_group_name = "pagopa-${var.env_short}-sec-rg" +} + +data "azurerm_key_vault" "domain_key_vault" { + name = "pagopa-${var.env_short}-${local.domain}-kv" + resource_group_name = "pagopa-${var.env_short}-${local.domain}-sec-rg" +} + +data "azurerm_resource_group" "apim_resource_group" { + name = "${local.product}-api-rg" +} + +data "azurerm_key_vault_secret" "key_vault_sonar" { + name = "sonar-token" + key_vault_id = data.azurerm_key_vault.key_vault.id +} + +data "azurerm_key_vault_secret" "key_vault_bot_token" { + name = "bot-token-github" + key_vault_id = data.azurerm_key_vault.key_vault.id +} + +data "azurerm_key_vault_secret" "key_vault_cucumber_token" { + name = "cucumber-token" + key_vault_id = data.azurerm_key_vault.key_vault.id +} + +data "azurerm_key_vault_secret" "key_vault_integration_test_subkey" { + name = "integration-test-subkey" + key_vault_id = data.azurerm_key_vault.key_vault.id +} \ No newline at end of file diff --git a/.identity/02_application_action.tf b/.identity/02_application_action.tf new file mode 100644 index 0000000..ebcff97 --- /dev/null +++ b/.identity/02_application_action.tf @@ -0,0 +1,96 @@ +module "github_runner_app" { + source = "git::https://github.com/pagopa/github-actions-tf-modules.git//app-github-runner-creator?ref=main" + + app_name = local.app_name + + subscription_id = data.azurerm_subscription.current.id + + github_org = local.github.org + github_repository = local.github.repository + github_environment_name = var.env + + container_app_github_runner_env_rg = local.container_app_environment.resource_group +} + +resource "null_resource" "github_runner_app_permissions_to_namespace" { + triggers = { + aks_id = data.azurerm_kubernetes_cluster.aks.id + service_principal_id = module.github_runner_app.client_id + namespace = local.domain + version = "v2" + } + + provisioner "local-exec" { + command = < /dev/null; then + if [ "$ACTION" = "init" ]; then + echo "[INFO] init tf on ENV: ${ENV}" + terraform "$ACTION" -backend-config="${BACKEND_CONFIG_PATH}" $other + elif [ "$ACTION" = "output" ] || [ "$ACTION" = "state" ] || [ "$ACTION" = "taint" ]; then + # init terraform backend + terraform init -reconfigure -backend-config="${BACKEND_CONFIG_PATH}" + terraform "$ACTION" $other + else + # init terraform backend + echo "[INFO] init tf on ENV: ${ENV}" + terraform init -reconfigure -backend-config="${BACKEND_CONFIG_PATH}" + + echo "[INFO] run tf with: ${ACTION} on ENV: ${ENV} and other: >${other}<" + terraform "${ACTION}" -var-file="./env/${ENV}/terraform.tfvars" -compact-warnings $other + fi +else + echo "[ERROR] ACTION not allowed." + exit 1 +fi \ No newline at end of file From 72178185096cf981d64811c1cddb9133420f4bc5 Mon Sep 17 00:00:00 2001 From: Andrea De Rinaldis Date: Fri, 15 Sep 2023 16:01:44 +0200 Subject: [PATCH 02/15] feat: added Azure Function deploy action --- .github/workflows/release_deploy.yml | 21 +++++++++++++-------- .identity/00_data.tf | 4 ++++ .identity/02_application_action.tf | 6 ++++++ 3 files changed, 23 insertions(+), 8 deletions(-) diff --git a/.github/workflows/release_deploy.yml b/.github/workflows/release_deploy.yml index 5d29b09..949bc1a 100644 --- a/.github/workflows/release_deploy.yml +++ b/.github/workflows/release_deploy.yml @@ -58,6 +58,8 @@ permissions: id-token: write actions: read +env: + ENV_SHORT: ${{ (contains(github.event.inputs.environment,'dev') && 'd') || (contains(github.event.inputs.environment, 'uat') && 'u') || (contains(github.event.inputs.environment,'prod') && 'p') }} # A workflow run is made up of one or more jobs that can run sequentially or in parallel jobs: @@ -89,7 +91,6 @@ jobs: run: | echo "environment=${{env.ENVIRNOMENT}}" >> $GITHUB_OUTPUT - release: name: Create a New Release runs-on: ubuntu-latest @@ -106,30 +107,34 @@ jobs: beta: ${{ inputs.beta }} skip_ci: ${{ inputs.beta }} - image: + build-and-push: needs: [ setup, release ] name: Build and Push Docker Image runs-on: ubuntu-latest if: ${{ inputs.semver != 'skip' }} + environment: ${{ inputs.environment }} steps: - name: Build and Push id: semver - uses: pagopa/github-actions-template/ghcr-build-push@v1.4.1 + uses: pagopa/github-actions-template/ghcr-build-push@v1.5.4 with: + branch: ${{ github.ref_name}} github_token: ${{ secrets.GITHUB_TOKEN }} tag: ${{ needs.release.outputs.version }} deploy_azure_fn: name: Deploy Azure function needs: [ setup, release, build-and-push ] + runs-on: ubuntu-latest if: ${{ always() && !contains(needs.*.result, 'failure') && !contains(needs.*.result, 'cancelled') }} - env: - ENV_SHORT: ${{ (contains(github.event.inputs.environment,'dev') && 'd') || (contains(github.event.inputs.environment, 'uat') && 'u') || (contains(github.event.inputs.environment,'prod') && 'p') }} - RESOURCE_GROUP: 'pagopa-${{ env.ENV_SHORT }}-weu-shared-rg' - APP_NAME: 'pagopa-${{ env.ENV_SHORT }}-weu-shared-authorizer-fn' - REGISTRY_IMAGE: 'ghcr.io/pagopa/pagopa-platform-authorizer:${{needs.release.outputs.version}}' steps: + - name: Set env variables + run: | + echo "RESOURCE_GROUP=pagopa-${{env.ENV_SHORT}}-weu-shared-rg" >> $GITHUB_ENV + echo "APP_NAME=pagopa-${{env.ENV_SHORT}}-weu-shared-authorizer-fn" >> $GITHUB_ENV + echo "REGISTRY_IMAGE=ghcr.io/pagopa/pagopa-platform-authorizer:${{needs.release.outputs.version}}" >> $GITHUB_ENV + - name: 'Checkout GitHub Action' uses: actions/checkout@v3 diff --git a/.identity/00_data.tf b/.identity/00_data.tf index bbb772f..a85f720 100644 --- a/.identity/00_data.tf +++ b/.identity/00_data.tf @@ -27,6 +27,10 @@ data "azurerm_key_vault" "domain_key_vault" { resource_group_name = "pagopa-${var.env_short}-${local.domain}-sec-rg" } +data "azurerm_resource_group" "shared_rg" { + name = "pagopa-${var.env_short}-weu-shared-rg" +} + data "azurerm_resource_group" "apim_resource_group" { name = "${local.product}-api-rg" } diff --git a/.identity/02_application_action.tf b/.identity/02_application_action.tf index ebcff97..deca70c 100644 --- a/.identity/02_application_action.tf +++ b/.identity/02_application_action.tf @@ -59,6 +59,12 @@ resource "azurerm_role_assignment" "environment_terraform_resource_group_dashboa principal_id = module.github_runner_app.object_id } +resource "azurerm_role_assignment" "environment_function" { + scope = data.azurerm_resource_group.shared_rg.id + role_definition_name = "Contributor" + principal_id = module.github_runner_app.object_id +} + resource "azurerm_role_assignment" "environment_key_vault" { scope = data.azurerm_key_vault.key_vault.id role_definition_name = "Reader" From a6ccfefdfdfd2b927b6fd27b3ed2b3988bc1362d Mon Sep 17 00:00:00 2001 From: Andrea De Rinaldis Date: Fri, 15 Sep 2023 16:26:47 +0200 Subject: [PATCH 03/15] fix: resolved typo on vars --- .identity/env/uat/backend.tfvars | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.identity/env/uat/backend.tfvars b/.identity/env/uat/backend.tfvars index 64462ed..5226ed5 100644 --- a/.identity/env/uat/backend.tfvars +++ b/.identity/env/uat/backend.tfvars @@ -1,4 +1,4 @@ resource_group_name = "io-infra-rg" storage_account_name = "pagopainfraterraformuat" container_name = "azurermstate" -key = "pagopa-platform-authorizer-config.tfstate" \ No newline at end of file +key = "pagopa-platform-authorizer.tfstate" \ No newline at end of file From f5bdb3c5a252f344157a4996297239fb22e0f856 Mon Sep 17 00:00:00 2001 From: Andrea De Rinaldis Date: Fri, 15 Sep 2023 16:57:26 +0200 Subject: [PATCH 04/15] fix: refactored setup job --- .github/workflows/release_deploy.yml | 59 ++++++++++++++++++---------- 1 file changed, 38 insertions(+), 21 deletions(-) diff --git a/.github/workflows/release_deploy.yml b/.github/workflows/release_deploy.yml index 949bc1a..0ab0d20 100644 --- a/.github/workflows/release_deploy.yml +++ b/.github/workflows/release_deploy.yml @@ -68,28 +68,45 @@ jobs: runs-on: ubuntu-latest outputs: semver: ${{ steps.get_semver.outputs.semver }} - environment: ${{ steps.output.outputs.environment }} + environment: ${{ steps.get_env.outputs.environment }} steps: - - name: Get semver - id: get_semver - uses: pagopa/github-actions-template/semver-setup@v1.3.0 + - name: pull request rejected + if: github.event_name == 'pull_request' && github.event.action == 'closed' && github.event.pull_request.merged != true + run: | + echo "❌ PR was closed without a merge" + exit 1 - - if: ${{ github.event.inputs.environment == null || github.event.inputs.environment == 'dev' }} - run: echo "ENVIRNOMENT=dev" >> $GITHUB_ENV + # Set Semvar + - run: echo "SEMVER=patch" >> $GITHUB_ENV + + - if: ${{ (github.event.pull_request.merged && contains(github.event.pull_request.labels.*.name, 'breaking-change ')) }} + run: echo "SEMVER=major" >> $GITHUB_ENV - - if: ${{ github.event.inputs.environment == 'uat' }} - run: echo "ENVIRNOMENT=uat" >> $GITHUB_ENV + - if: ${{ inputs.environment == 'uat' }} + run: echo "SEMVER=minor" >> $GITHUB_ENV - - if: ${{ github.event.inputs.environment == 'prod' }} - run: echo "ENVIRNOMENT=prod" >> $GITHUB_ENV + - if: ${{ inputs.environment == 'prod' }} + run: echo "SEMVER=skip" >> $GITHUB_ENV - - if: ${{ github.event.inputs.environment == 'all' }} - run: echo "ENVIRNOMENT=all" >> $GITHUB_ENV + - if: ${{ github.ref_name != 'main' }} + run: echo "SEMVER=buildNumber" >> $GITHUB_ENV - - id: output + - if: ${{ inputs.skip_release }} + run: echo "SEMVER=skip" >> $GITHUB_ENV + + - id: get_semver name: Set Output - run: | - echo "environment=${{env.ENVIRNOMENT}}" >> $GITHUB_OUTPUT + run: echo "semver=${{env.SEMVER}}" >> $GITHUB_OUTPUT + + # Set Environment + - run: echo "ENVIRNOMENT=${{ inputs.environment}}" >> $GITHUB_ENV + + - if: ${{ inputs.environment == null }} + run: echo "ENVIRNOMENT=dev" >> $GITHUB_ENV + + - id: get_env + name: Set Output + run: echo "environment=${{env.ENVIRNOMENT}}" >> $GITHUB_OUTPUT release: name: Create a New Release @@ -129,12 +146,6 @@ jobs: if: ${{ always() && !contains(needs.*.result, 'failure') && !contains(needs.*.result, 'cancelled') }} steps: - - name: Set env variables - run: | - echo "RESOURCE_GROUP=pagopa-${{env.ENV_SHORT}}-weu-shared-rg" >> $GITHUB_ENV - echo "APP_NAME=pagopa-${{env.ENV_SHORT}}-weu-shared-authorizer-fn" >> $GITHUB_ENV - echo "REGISTRY_IMAGE=ghcr.io/pagopa/pagopa-platform-authorizer:${{needs.release.outputs.version}}" >> $GITHUB_ENV - - name: 'Checkout GitHub Action' uses: actions/checkout@v3 @@ -145,6 +156,12 @@ jobs: tenant-id: ${{ secrets.TENANT_ID }} subscription-id: ${{ secrets.SUBSCRIPTION_ID }} + - name: Set env variables + run: | + echo "RESOURCE_GROUP=pagopa-${{env.ENV_SHORT}}-weu-shared-rg" >> $GITHUB_ENV + echo "APP_NAME=pagopa-${{env.ENV_SHORT}}-weu-shared-authorizer-fn" >> $GITHUB_ENV + echo "REGISTRY_IMAGE=ghcr.io/pagopa/pagopa-platform-authorizer:${{needs.release.outputs.version}}" >> $GITHUB_ENV + - name: 'Azure CLI script: start staging slot' uses: azure/CLI@v1 if: ${{ contains(github.event.inputs.environment, 'prod') }} From c2a2561247067a54ed7250c9138c3d071a948e03 Mon Sep 17 00:00:00 2001 From: pagopa-github-bot Date: Fri, 15 Sep 2023 14:58:38 +0000 Subject: [PATCH 05/15] Bump to version 0.2.1-1-github-action-fix [skip ci] --- openapi/openapi.json | 2 +- pom.xml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/openapi/openapi.json b/openapi/openapi.json index 2de8d9a..bb978a1 100644 --- a/openapi/openapi.json +++ b/openapi/openapi.json @@ -2,7 +2,7 @@ "openapi": "3.0.1", "info": { "title": "OpenAPI definition - Enrolled EC", - "version": "0.2.1" + "version": "0.2.1-1-github-action-fix" }, "servers": [ { diff --git a/pom.xml b/pom.xml index 180b231..0d4139e 100644 --- a/pom.xml +++ b/pom.xml @@ -5,7 +5,7 @@ it.gov.pagopa.authorizer platform-authorizer - 0.2.1 + 0.2.1-1-github-action-fix jar Azure Authorizer cache Fn From 8c8d304812b3128ca7c875a0e0ce11f1590c2b2a Mon Sep 17 00:00:00 2001 From: Andrea De Rinaldis Date: Fri, 15 Sep 2023 17:02:05 +0200 Subject: [PATCH 06/15] fix: refactored setup job --- .github/workflows/release_deploy.yml | 36 ++++++---------------------- 1 file changed, 7 insertions(+), 29 deletions(-) diff --git a/.github/workflows/release_deploy.yml b/.github/workflows/release_deploy.yml index 0ab0d20..6d72821 100644 --- a/.github/workflows/release_deploy.yml +++ b/.github/workflows/release_deploy.yml @@ -1,10 +1,8 @@ -name: Release And Deploy +name: Release And Deploy Azure Function # Controls when the workflow will run on: pull_request: - branches: - - main types: [ closed ] # Allows you to run this workflow manually from the Actions tab @@ -19,36 +17,15 @@ on: - uat - prod - all - semver: - required: true - type: choice - description: Select the new Semantic Version - options: - - major - - minor - - patch - - buildNumber - - skip - default: skip beta: required: false type: boolean - description: deploy beta version + description: deploy beta function version on Azure default: false - - workflow_call: - inputs: - environment: - required: true - type: string - semver: - required: true - type: string - default: skip - beta: + skip_release: required: false type: boolean - description: deploy beta version + description: skip the release. Only deploy default: false permissions: @@ -58,8 +35,8 @@ permissions: id-token: write actions: read -env: - ENV_SHORT: ${{ (contains(github.event.inputs.environment,'dev') && 'd') || (contains(github.event.inputs.environment, 'uat') && 'u') || (contains(github.event.inputs.environment,'prod') && 'p') }} +# env: +# ENV_SHORT: ${{ (contains(github.event.inputs.environment,'dev') && 'd') || (contains(github.event.inputs.environment, 'uat') && 'u') || (contains(github.event.inputs.environment,'prod') && 'p') }} # A workflow run is made up of one or more jobs that can run sequentially or in parallel jobs: @@ -161,6 +138,7 @@ jobs: echo "RESOURCE_GROUP=pagopa-${{env.ENV_SHORT}}-weu-shared-rg" >> $GITHUB_ENV echo "APP_NAME=pagopa-${{env.ENV_SHORT}}-weu-shared-authorizer-fn" >> $GITHUB_ENV echo "REGISTRY_IMAGE=ghcr.io/pagopa/pagopa-platform-authorizer:${{needs.release.outputs.version}}" >> $GITHUB_ENV + - name: 'Azure CLI script: start staging slot' uses: azure/CLI@v1 From 1d91e185b225314ebb32514865c8cb533b9883aa Mon Sep 17 00:00:00 2001 From: Andrea De Rinaldis Date: Fri, 15 Sep 2023 17:40:02 +0200 Subject: [PATCH 07/15] fix: wip --- .github/workflows/release_deploy.yml | 290 +++++++++++++++++++++++---- 1 file changed, 250 insertions(+), 40 deletions(-) diff --git a/.github/workflows/release_deploy.yml b/.github/workflows/release_deploy.yml index 6d72821..10eee58 100644 --- a/.github/workflows/release_deploy.yml +++ b/.github/workflows/release_deploy.yml @@ -35,8 +35,11 @@ permissions: id-token: write actions: read -# env: -# ENV_SHORT: ${{ (contains(github.event.inputs.environment,'dev') && 'd') || (contains(github.event.inputs.environment, 'uat') && 'u') || (contains(github.event.inputs.environment,'prod') && 'p') }} +env: + REGISTRY: 'ghcr.io' + NAMESPACE: 'pagopa' + IMAGE: 'pagopa-platform-authorizer' + # A workflow run is made up of one or more jobs that can run sequentially or in parallel jobs: @@ -88,18 +91,18 @@ jobs: release: name: Create a New Release runs-on: ubuntu-latest - needs: [setup] + needs: [ setup ] outputs: version: ${{ steps.release.outputs.version }} steps: - name: Make Release id: release - uses: pagopa/github-actions-template/maven-release@main + uses: pagopa/github-actions-template/maven-release@v1.5.4 with: semver: ${{ needs.setup.outputs.semver }} github_token: ${{ secrets.BOT_TOKEN_GITHUB }} beta: ${{ inputs.beta }} - skip_ci: ${{ inputs.beta }} + skip_ci: false build-and-push: needs: [ setup, release ] @@ -118,10 +121,10 @@ jobs: deploy_azure_fn: name: Deploy Azure function + environment: ${{ inputs.environment }} needs: [ setup, release, build-and-push ] runs-on: ubuntu-latest if: ${{ always() && !contains(needs.*.result, 'failure') && !contains(needs.*.result, 'cancelled') }} - steps: - name: 'Checkout GitHub Action' uses: actions/checkout@v3 @@ -133,31 +136,40 @@ jobs: tenant-id: ${{ secrets.TENANT_ID }} subscription-id: ${{ secrets.SUBSCRIPTION_ID }} - - name: Set env variables - run: | - echo "RESOURCE_GROUP=pagopa-${{env.ENV_SHORT}}-weu-shared-rg" >> $GITHUB_ENV - echo "APP_NAME=pagopa-${{env.ENV_SHORT}}-weu-shared-authorizer-fn" >> $GITHUB_ENV - echo "REGISTRY_IMAGE=ghcr.io/pagopa/pagopa-platform-authorizer:${{needs.release.outputs.version}}" >> $GITHUB_ENV - - - name: 'Azure CLI script: start staging slot' uses: azure/CLI@v1 if: ${{ contains(github.event.inputs.environment, 'prod') }} + env: + ENV_SHORT: ${{ (contains(github.event.inputs.environment,'prod') && 'p') }} with: inlineScript: | - az functionapp start --name ${{ env.APP_NAME }} --resource-group ${{ env.RESOURCE_GROUP }} --slot staging + az functionapp start --name pagopa-${{ env.ENV_SHORT }}-weu-shared-authorizer-fn --resource-group pagopa-${{ env.ENV_SHORT }}-weu-shared-rg --slot staging - - name: 'Run Azure Functions Container Action: staging slot' + - name: 'Run Azure Functions Container Action DEV|UAT: deploy on production slot' uses: Azure/functions-container-action@v1.2.1 - if: ${{ contains(github.event.inputs.environment, 'prod')}} + if: ${{ contains(github.event.inputs.environment, 'dev') || contains(github.event.inputs.environment, 'uat') }} + env: + ENV_SHORT: ${{ (contains(github.event.inputs.environment,'dev') && 'd') || (contains(github.event.inputs.environment, 'uat') && 'u') }} + TAG: ${{needs.release.outputs.version}} with: - app-name: ${{ env.APP_NAME }} - image: ${{ env.REGISTRY_IMAGE }} + app-name: "pagopa-${{ env.ENV_SHORT }}-weu-shared-authorizer-fn" + image: ${{ env.REGISTRY }}/${{ env.NAMESPACE }}/${{ env.IMAGE }}:${{ env.TAG }} + slot-name: production + + - name: 'Run Azure Functions Container Action PROD: deploy on staging slot' + uses: Azure/functions-container-action@v1.2.1 + if: ${{ contains(github.event.inputs.environment, 'prod') }} + env: + ENV_SHORT: ${{ (contains(github.event.inputs.environment,'prod') && 'p') }} + TAG: ${{needs.release.outputs.version}} + with: + app-name: "pagopa-${{ env.ENV_SHORT }}-weu-shared-authorizer-fn" + image: ${{ env.REGISTRY }}/${{ env.NAMESPACE }}/${{ env.IMAGE }}:${{ env.TAG }} slot-name: staging - - name: 'Deploy Approval' + - name: 'PROD Deploy Approval' uses: trstringer/manual-approval@v1 - if: ${{ contains(github.event.inputs.environment, 'prod')}} + if: ${{ contains(github.event.inputs.environment, 'prod') }} with: secret: ${{ secrets.BOT_TOKEN_GITHUB }} approvers: pagopa-team-core @@ -167,39 +179,237 @@ jobs: exclude-workflow-initiator-as-approver: false timeout-minutes: 360 - - name: 'Run Azure Functions Container Action' + - name: 'Run Azure Functions Container Action PROD: deploy on production slot' uses: Azure/functions-container-action@v1.2.1 + if: ${{ contains(github.event.inputs.environment, 'prod') }} + env: + ENV_SHORT: ${{ (contains(github.event.inputs.environment,'prod') && 'p') }} + TAG: ${{needs.release.outputs.version}} with: - app-name: ${{ env.APP_NAME }} - image: ${{ env.REGISTRY_IMAGE }} + app-name: "pagopa-${{ env.ENV_SHORT }}-weu-shared-authorizer-fn" + image: ${{ env.REGISTRY }}/${{ env.NAMESPACE }}/${{ env.IMAGE }}:${{ env.TAG }} slot-name: production - - name: 'Azure CLI script: end staging slot' + - name: 'Azure CLI script: stop staging slot' uses: azure/CLI@v1 if: ${{ contains(github.event.inputs.environment, 'prod') }} + env: + ENV_SHORT: ${{ (contains(github.event.inputs.environment,'prod') && 'p') }} with: inlineScript: | - az functionapp stop --name ${{ env.APP_NAME }} --resource-group ${{ env.RESOURCE_GROUP }} --slot staging + az functionapp stop --name pagopa-${{ env.ENV_SHORT }}-weu-shared-authorizer-fn --resource-group pagopa-${{ env.ENV_SHORT }}-weu-shared-rg --slot staging - name: Azure logout run: | az logout -# notify: -# needs: [ deploy ] + + + + + +#name: Release And Deploy Azure Function +# +## Controls when the workflow will run +#on: +# pull_request: +# types: [ closed ] +# +# # Allows you to run this workflow manually from the Actions tab +# workflow_dispatch: +# inputs: +# environment: +# required: true +# type: choice +# description: Select the Environment +# options: +# - dev +# - uat +# - prod +# - all +# beta: +# required: false +# type: boolean +# description: deploy beta function version on Azure +# default: false +# skip_release: +# required: false +# type: boolean +# description: skip the release. Only deploy +# default: false +# +#permissions: +# packages: write +# contents: write +# issues: write +# id-token: write +# actions: read +# +## env: +## ENV_SHORT: ${{ (contains(github.event.inputs.environment,'dev') && 'd') || (contains(github.event.inputs.environment, 'uat') && 'u') || (contains(github.event.inputs.environment,'prod') && 'p') }} +# +## A workflow run is made up of one or more jobs that can run sequentially or in parallel +#jobs: +# setup: +# name: Setup +# runs-on: ubuntu-latest +# outputs: +# semver: ${{ steps.get_semver.outputs.semver }} +# environment: ${{ steps.get_env.outputs.environment }} +# steps: +# - name: pull request rejected +# if: github.event_name == 'pull_request' && github.event.action == 'closed' && github.event.pull_request.merged != true +# run: | +# echo "❌ PR was closed without a merge" +# exit 1 +# +# # Set Semvar +# - run: echo "SEMVER=patch" >> $GITHUB_ENV +# +# - if: ${{ (github.event.pull_request.merged && contains(github.event.pull_request.labels.*.name, 'breaking-change ')) }} +# run: echo "SEMVER=major" >> $GITHUB_ENV +# +# - if: ${{ inputs.environment == 'uat' }} +# run: echo "SEMVER=minor" >> $GITHUB_ENV +# +# - if: ${{ inputs.environment == 'prod' }} +# run: echo "SEMVER=skip" >> $GITHUB_ENV +# +# - if: ${{ github.ref_name != 'main' }} +# run: echo "SEMVER=buildNumber" >> $GITHUB_ENV +# +# - if: ${{ inputs.skip_release }} +# run: echo "SEMVER=skip" >> $GITHUB_ENV +# +# - id: get_semver +# name: Set Output +# run: echo "semver=${{env.SEMVER}}" >> $GITHUB_OUTPUT +# +# # Set Environment +# - run: echo "ENVIRNOMENT=${{ inputs.environment}}" >> $GITHUB_ENV +# +# - if: ${{ inputs.environment == null }} +# run: echo "ENVIRNOMENT=dev" >> $GITHUB_ENV +# +# - id: get_env +# name: Set Output +# run: echo "environment=${{env.ENVIRNOMENT}}" >> $GITHUB_OUTPUT +# +# release: +# name: Create a New Release # runs-on: ubuntu-latest -# name: Notify -# if: always() +# needs: [setup] +# outputs: +# version: ${{ steps.release.outputs.version }} # steps: -# - name: Report Status -# if: always() -# uses: ravsamhq/notify-slack-action@v2 +# - name: Make Release +# id: release +# uses: pagopa/github-actions-template/maven-release@main +# with: +# semver: ${{ needs.setup.outputs.semver }} +# github_token: ${{ secrets.BOT_TOKEN_GITHUB }} +# beta: ${{ inputs.beta }} +# skip_ci: ${{ inputs.beta }} +# +# build-and-push: +# needs: [ setup, release ] +# name: Build and Push Docker Image +# runs-on: ubuntu-latest +# if: ${{ inputs.semver != 'skip' }} +# environment: ${{ inputs.environment }} +# steps: +# - name: Build and Push +# id: semver +# uses: pagopa/github-actions-template/ghcr-build-push@v1.5.4 +# with: +# branch: ${{ github.ref_name}} +# github_token: ${{ secrets.GITHUB_TOKEN }} +# tag: ${{ needs.release.outputs.version }} +# +# deploy_azure_fn: +# name: Deploy Azure function +# needs: [ setup, release, build-and-push ] +# runs-on: ubuntu-latest +# if: ${{ always() && !contains(needs.*.result, 'failure') && !contains(needs.*.result, 'cancelled') }} +# +# steps: +# - name: 'Checkout GitHub Action' +# uses: actions/checkout@v3 +# +# - name: 'Login via Azure CLI' +# uses: azure/login@v1 +# with: +# client-id: ${{ secrets.CLIENT_ID }} +# tenant-id: ${{ secrets.TENANT_ID }} +# subscription-id: ${{ secrets.SUBSCRIPTION_ID }} +# +# - name: Set env variables +# run: | +# echo "RESOURCE_GROUP=pagopa-${{env.ENV_SHORT}}-weu-shared-rg" >> $GITHUB_ENV +# echo "APP_NAME=pagopa-${{env.ENV_SHORT}}-weu-shared-authorizer-fn" >> $GITHUB_ENV +# echo "REGISTRY_IMAGE=ghcr.io/pagopa/pagopa-platform-authorizer:${{needs.release.outputs.version}}" >> $GITHUB_ENV +# +# +# - name: 'Azure CLI script: start staging slot' +# uses: azure/CLI@v1 +# if: ${{ contains(github.event.inputs.environment, 'prod') }} +# with: +# inlineScript: | +# az functionapp start --name ${{ env.APP_NAME }} --resource-group ${{ env.RESOURCE_GROUP }} --slot staging +# +# - name: 'Run Azure Functions Container Action: staging slot' +# uses: Azure/functions-container-action@v1.2.1 +# if: ${{ contains(github.event.inputs.environment, 'prod')}} +# with: +# app-name: ${{ env.APP_NAME }} +# image: ${{ env.REGISTRY_IMAGE }} +# slot-name: staging +# +# - name: 'Deploy Approval' +# uses: trstringer/manual-approval@v1 +# if: ${{ contains(github.event.inputs.environment, 'prod')}} +# with: +# secret: ${{ secrets.BOT_TOKEN_GITHUB }} +# approvers: pagopa-team-core +# minimum-approvals: 1 +# issue-title: "Deploying ${{ env.TAG }} to prod from staging" +# issue-body: "Please approve or deny the deployment of version ${{ env.TAG }}." +# exclude-workflow-initiator-as-approver: false +# timeout-minutes: 360 +# +# - name: 'Run Azure Functions Container Action' +# uses: Azure/functions-container-action@v1.2.1 +# with: +# app-name: ${{ env.APP_NAME }} +# image: ${{ env.REGISTRY_IMAGE }} +# slot-name: production +# +# - name: 'Azure CLI script: end staging slot' +# uses: azure/CLI@v1 +# if: ${{ contains(github.event.inputs.environment, 'prod') }} # with: -# status: ${{ needs.deploy.result }} -# token: ${{ secrets.GITHUB_TOKEN }} -# notify_when: 'failure,skipped' -# notification_title: '{workflow} has {status_message}' -# message_format: '{emoji} <{workflow_url}|{workflow}> {status_message} in <{repo_url}|{repo}>' -# footer: 'Linked to Repo <{repo_url}|{repo}>' -# env: -# SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} +# inlineScript: | +# az functionapp stop --name ${{ env.APP_NAME }} --resource-group ${{ env.RESOURCE_GROUP }} --slot staging +# +# - name: Azure logout +# run: | +# az logout +# +## notify: +## needs: [ deploy ] +## runs-on: ubuntu-latest +## name: Notify +## if: always() +## steps: +## - name: Report Status +## if: always() +## uses: ravsamhq/notify-slack-action@v2 +## with: +## status: ${{ needs.deploy.result }} +## token: ${{ secrets.GITHUB_TOKEN }} +## notify_when: 'failure,skipped' +## notification_title: '{workflow} has {status_message}' +## message_format: '{emoji} <{workflow_url}|{workflow}> {status_message} in <{repo_url}|{repo}>' +## footer: 'Linked to Repo <{repo_url}|{repo}>' +## env: +## SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} From bb4f9ea4b4873b46bb10fab48678b93582d8f318 Mon Sep 17 00:00:00 2001 From: Francesco Cesareo Date: Fri, 15 Sep 2023 17:48:21 +0200 Subject: [PATCH 08/15] applied identity --- .identity/.terraform.lock.hcl | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.identity/.terraform.lock.hcl b/.identity/.terraform.lock.hcl index 4e16852..8a81fd0 100644 --- a/.identity/.terraform.lock.hcl +++ b/.identity/.terraform.lock.hcl @@ -6,6 +6,7 @@ provider "registry.terraform.io/hashicorp/azuread" { constraints = "2.30.0" hashes = [ "h1:Uw4TcmJBEJ71h+oCwwidlkk5jFpyFRDPAFCMs/bT/cw=", + "h1:WnSPiREAFwnBUKREokMdHQ8Cjs47MzvS9pG8VS1ktec=", "zh:1c3e89cf19118fc07d7b04257251fc9897e722c16e0a0df7b07fcd261f8c12e7", "zh:2e62c193030e04ebb10cc0526119cf69824bf2d7e4ea5a2f45bd5d5fb7221d36", "zh:2f3c7a35257332d68b778cefc5201a5f044e4914dd03794a4da662ddfe756483", @@ -26,6 +27,7 @@ provider "registry.terraform.io/hashicorp/azurerm" { constraints = "3.45.0" hashes = [ "h1:VQWxV5+qelZeUCjpdLvZ7iAom4RvG+fVVgK6ELvw/cs=", + "h1:gQLNY1I5e9kcle1p/VYEWb0eteQ/t5kUfnqVu2/GBNY=", "zh:04c5dbb8845366ce5eb0dc2d55e151270cc2c0ace20993867fdae9af43b953ad", "zh:2589585da615ccae341400d45d672ee3fae413fdd88449b5befeff12a85a44b2", "zh:603869ed98fff5d9bf841a51afd9e06b628533c59356c8433aef4b15df63f5f7", @@ -44,6 +46,7 @@ provider "registry.terraform.io/hashicorp/azurerm" { provider "registry.terraform.io/hashicorp/null" { version = "3.2.1" hashes = [ + "h1:tSj1mL6OQ8ILGqR2mDu7OYYYWf+hoir0pf9KAQ8IzO8=", "h1:ydA0/SNRVB1o95btfshvYsmxA+jZFRZcvKzZSB+4S1M=", "zh:58ed64389620cc7b82f01332e27723856422820cfd302e304b5f6c3436fb9840", "zh:62a5cc82c3b2ddef7ef3a6f2fedb7b9b3deff4ab7b414938b08e51d6e8be87cb", @@ -65,6 +68,7 @@ provider "registry.terraform.io/integrations/github" { constraints = "5.18.3" hashes = [ "h1:WbZvLB2qXKVoh4BvOOwFfEds+SZQrkINfSAWPnWFxGo=", + "h1:rv3mwpUeJ0n13sY+KZMI25WAVCSeipX4n8JMWKD1XcE=", "zh:050b37d96628cb7451137755929ca8d21ea546bc46d11a715652584070e83ff2", "zh:053051061f1b7f7673b0ceffac1f239ba28b0e5b375999206fd39976e85d9f2b", "zh:0c300a977ca66d0347ed62bb116fd8fc9abb376a554d4c192d14f3ea71c83500", From ddb6093c1c89987d8fc9fd331b0072d8a015c83a Mon Sep 17 00:00:00 2001 From: Andrea De Rinaldis Date: Fri, 15 Sep 2023 17:51:11 +0200 Subject: [PATCH 09/15] fix: resolved missing field --- .github/workflows/release_deploy.yml | 469 ++++++++++++++------------- 1 file changed, 235 insertions(+), 234 deletions(-) diff --git a/.github/workflows/release_deploy.yml b/.github/workflows/release_deploy.yml index 10eee58..2ee93b4 100644 --- a/.github/workflows/release_deploy.yml +++ b/.github/workflows/release_deploy.yml @@ -1,3 +1,213 @@ +#name: Release And Deploy Azure Function +# +## Controls when the workflow will run +#on: +# pull_request: +# types: [ closed ] +# +# # Allows you to run this workflow manually from the Actions tab +# workflow_dispatch: +# inputs: +# environment: +# required: true +# type: choice +# description: Select the Environment +# options: +# - dev +# - uat +# - prod +# - all +# beta: +# required: false +# type: boolean +# description: deploy beta function version on Azure +# default: false +# skip_release: +# required: false +# type: boolean +# description: skip the release. Only deploy +# default: false +# +#permissions: +# packages: write +# contents: write +# issues: write +# id-token: write +# actions: read +# +#env: +# REGISTRY: 'ghcr.io' +# NAMESPACE: 'pagopa' +# IMAGE: 'pagopa-platform-authorizer' +# +# +## A workflow run is made up of one or more jobs that can run sequentially or in parallel +#jobs: +# setup: +# name: Setup +# runs-on: ubuntu-latest +# outputs: +# semver: ${{ steps.get_semver.outputs.semver }} +# environment: ${{ steps.get_env.outputs.environment }} +# steps: +# - name: pull request rejected +# if: github.event_name == 'pull_request' && github.event.action == 'closed' && github.event.pull_request.merged != true +# run: | +# echo "❌ PR was closed without a merge" +# exit 1 +# +# # Set Semvar +# - run: echo "SEMVER=patch" >> $GITHUB_ENV +# +# - if: ${{ (github.event.pull_request.merged && contains(github.event.pull_request.labels.*.name, 'breaking-change ')) }} +# run: echo "SEMVER=major" >> $GITHUB_ENV +# +# - if: ${{ inputs.environment == 'uat' }} +# run: echo "SEMVER=minor" >> $GITHUB_ENV +# +# - if: ${{ inputs.environment == 'prod' }} +# run: echo "SEMVER=skip" >> $GITHUB_ENV +# +# - if: ${{ github.ref_name != 'main' }} +# run: echo "SEMVER=buildNumber" >> $GITHUB_ENV +# +# - if: ${{ inputs.skip_release }} +# run: echo "SEMVER=skip" >> $GITHUB_ENV +# +# - id: get_semver +# name: Set Output +# run: echo "semver=${{env.SEMVER}}" >> $GITHUB_OUTPUT +# +# # Set Environment +# - run: echo "ENVIRNOMENT=${{ inputs.environment}}" >> $GITHUB_ENV +# +# - if: ${{ inputs.environment == null }} +# run: echo "ENVIRNOMENT=dev" >> $GITHUB_ENV +# +# - id: get_env +# name: Set Output +# run: echo "environment=${{env.ENVIRNOMENT}}" >> $GITHUB_OUTPUT +# +# release: +# name: Create a New Release +# runs-on: ubuntu-latest +# needs: [ setup ] +# outputs: +# version: ${{ steps.release.outputs.version }} +# steps: +# - name: Make Release +# id: release +# uses: pagopa/github-actions-template/maven-release@v1.5.4 +# with: +# semver: ${{ needs.setup.outputs.semver }} +# github_token: ${{ secrets.BOT_TOKEN_GITHUB }} +# beta: ${{ inputs.beta }} +# skip_ci: false +# +# build-and-push: +# needs: [ setup, release ] +# name: Build and Push Docker Image +# runs-on: ubuntu-latest +# if: ${{ inputs.semver != 'skip' }} +# environment: ${{ inputs.environment }} +# steps: +# - name: Build and Push +# id: semver +# uses: pagopa/github-actions-template/ghcr-build-push@v1.5.4 +# with: +# branch: ${{ github.ref_name}} +# github_token: ${{ secrets.GITHUB_TOKEN }} +# tag: ${{ needs.release.outputs.version }} +# +# deploy_azure_fn: +# name: Deploy Azure function +# environment: ${{ inputs.environment }} +# needs: [ setup, release, build-and-push ] +# runs-on: ubuntu-latest +# if: ${{ always() && !contains(needs.*.result, 'failure') && !contains(needs.*.result, 'cancelled') }} +# steps: +# - name: 'Checkout GitHub Action' +# uses: actions/checkout@v3 +# +# - name: 'Login via Azure CLI' +# uses: azure/login@v1 +# with: +# client-id: ${{ secrets.CLIENT_ID }} +# tenant-id: ${{ secrets.TENANT_ID }} +# subscription-id: ${{ secrets.SUBSCRIPTION_ID }} +# +# - name: 'Azure CLI script: start staging slot' +# uses: azure/CLI@v1 +# if: ${{ contains(github.event.inputs.environment, 'prod') }} +# env: +# ENV_SHORT: ${{ (contains(github.event.inputs.environment,'prod') && 'p') }} +# with: +# inlineScript: | +# az functionapp start --name pagopa-${{ env.ENV_SHORT }}-weu-shared-authorizer-fn --resource-group pagopa-${{ env.ENV_SHORT }}-weu-shared-rg --slot staging +# +# - name: 'Run Azure Functions Container Action DEV|UAT: deploy on production slot' +# uses: Azure/functions-container-action@v1.2.1 +# if: ${{ contains(github.event.inputs.environment, 'dev') || contains(github.event.inputs.environment, 'uat') }} +# env: +# ENV_SHORT: ${{ (contains(github.event.inputs.environment,'dev') && 'd') || (contains(github.event.inputs.environment, 'uat') && 'u') }} +# TAG: ${{needs.release.outputs.version}} +# with: +# app-name: "pagopa-${{ env.ENV_SHORT }}-weu-shared-authorizer-fn" +# image: ${{ env.REGISTRY }}/${{ env.NAMESPACE }}/${{ env.IMAGE }}:${{ env.TAG }} +# slot-name: production +# +# - name: 'Run Azure Functions Container Action PROD: deploy on staging slot' +# uses: Azure/functions-container-action@v1.2.1 +# if: ${{ contains(github.event.inputs.environment, 'prod') }} +# env: +# ENV_SHORT: ${{ (contains(github.event.inputs.environment,'prod') && 'p') }} +# TAG: ${{needs.release.outputs.version}} +# with: +# app-name: "pagopa-${{ env.ENV_SHORT }}-weu-shared-authorizer-fn" +# image: ${{ env.REGISTRY }}/${{ env.NAMESPACE }}/${{ env.IMAGE }}:${{ env.TAG }} +# slot-name: staging +# +# - name: 'PROD Deploy Approval' +# uses: trstringer/manual-approval@v1 +# if: ${{ contains(github.event.inputs.environment, 'prod') }} +# with: +# secret: ${{ secrets.BOT_TOKEN_GITHUB }} +# approvers: pagopa-team-core +# minimum-approvals: 1 +# issue-title: "Deploying ${{ env.TAG }} to prod from staging" +# issue-body: "Please approve or deny the deployment of version ${{ env.TAG }}." +# exclude-workflow-initiator-as-approver: false +# timeout-minutes: 360 +# +# - name: 'Run Azure Functions Container Action PROD: deploy on production slot' +# uses: Azure/functions-container-action@v1.2.1 +# if: ${{ contains(github.event.inputs.environment, 'prod') }} +# env: +# ENV_SHORT: ${{ (contains(github.event.inputs.environment,'prod') && 'p') }} +# TAG: ${{needs.release.outputs.version}} +# with: +# app-name: "pagopa-${{ env.ENV_SHORT }}-weu-shared-authorizer-fn" +# image: ${{ env.REGISTRY }}/${{ env.NAMESPACE }}/${{ env.IMAGE }}:${{ env.TAG }} +# slot-name: production +# +# - name: 'Azure CLI script: stop staging slot' +# uses: azure/CLI@v1 +# if: ${{ contains(github.event.inputs.environment, 'prod') }} +# env: +# ENV_SHORT: ${{ (contains(github.event.inputs.environment,'prod') && 'p') }} +# with: +# inlineScript: | +# az functionapp stop --name pagopa-${{ env.ENV_SHORT }}-weu-shared-authorizer-fn --resource-group pagopa-${{ env.ENV_SHORT }}-weu-shared-rg --slot staging +# +# - name: Azure logout +# run: | +# az logout + + + + + + name: Release And Deploy Azure Function # Controls when the workflow will run @@ -35,11 +245,8 @@ permissions: id-token: write actions: read -env: - REGISTRY: 'ghcr.io' - NAMESPACE: 'pagopa' - IMAGE: 'pagopa-platform-authorizer' - +# env: +# ENV_SHORT: ${{ (contains(github.event.inputs.environment,'dev') && 'd') || (contains(github.event.inputs.environment, 'uat') && 'u') || (contains(github.event.inputs.environment,'prod') && 'p') }} # A workflow run is made up of one or more jobs that can run sequentially or in parallel jobs: @@ -91,18 +298,18 @@ jobs: release: name: Create a New Release runs-on: ubuntu-latest - needs: [ setup ] + needs: [setup] outputs: version: ${{ steps.release.outputs.version }} steps: - name: Make Release id: release - uses: pagopa/github-actions-template/maven-release@v1.5.4 + uses: pagopa/github-actions-template/maven-release@main with: semver: ${{ needs.setup.outputs.semver }} github_token: ${{ secrets.BOT_TOKEN_GITHUB }} beta: ${{ inputs.beta }} - skip_ci: false + skip_ci: ${{ inputs.beta }} build-and-push: needs: [ setup, release ] @@ -125,6 +332,7 @@ jobs: needs: [ setup, release, build-and-push ] runs-on: ubuntu-latest if: ${{ always() && !contains(needs.*.result, 'failure') && !contains(needs.*.result, 'cancelled') }} + steps: - name: 'Checkout GitHub Action' uses: actions/checkout@v3 @@ -136,40 +344,31 @@ jobs: tenant-id: ${{ secrets.TENANT_ID }} subscription-id: ${{ secrets.SUBSCRIPTION_ID }} + - name: Set env variables + run: | + echo "RESOURCE_GROUP=pagopa-${{env.ENV_SHORT}}-weu-shared-rg" >> $GITHUB_ENV + echo "APP_NAME=pagopa-${{env.ENV_SHORT}}-weu-shared-authorizer-fn" >> $GITHUB_ENV + echo "REGISTRY_IMAGE=ghcr.io/pagopa/pagopa-platform-authorizer:${{needs.release.outputs.version}}" >> $GITHUB_ENV + + - name: 'Azure CLI script: start staging slot' uses: azure/CLI@v1 if: ${{ contains(github.event.inputs.environment, 'prod') }} - env: - ENV_SHORT: ${{ (contains(github.event.inputs.environment,'prod') && 'p') }} with: inlineScript: | - az functionapp start --name pagopa-${{ env.ENV_SHORT }}-weu-shared-authorizer-fn --resource-group pagopa-${{ env.ENV_SHORT }}-weu-shared-rg --slot staging - - - name: 'Run Azure Functions Container Action DEV|UAT: deploy on production slot' - uses: Azure/functions-container-action@v1.2.1 - if: ${{ contains(github.event.inputs.environment, 'dev') || contains(github.event.inputs.environment, 'uat') }} - env: - ENV_SHORT: ${{ (contains(github.event.inputs.environment,'dev') && 'd') || (contains(github.event.inputs.environment, 'uat') && 'u') }} - TAG: ${{needs.release.outputs.version}} - with: - app-name: "pagopa-${{ env.ENV_SHORT }}-weu-shared-authorizer-fn" - image: ${{ env.REGISTRY }}/${{ env.NAMESPACE }}/${{ env.IMAGE }}:${{ env.TAG }} - slot-name: production + az functionapp start --name ${{ env.APP_NAME }} --resource-group ${{ env.RESOURCE_GROUP }} --slot staging - - name: 'Run Azure Functions Container Action PROD: deploy on staging slot' + - name: 'Run Azure Functions Container Action: staging slot' uses: Azure/functions-container-action@v1.2.1 - if: ${{ contains(github.event.inputs.environment, 'prod') }} - env: - ENV_SHORT: ${{ (contains(github.event.inputs.environment,'prod') && 'p') }} - TAG: ${{needs.release.outputs.version}} + if: ${{ contains(github.event.inputs.environment, 'prod')}} with: - app-name: "pagopa-${{ env.ENV_SHORT }}-weu-shared-authorizer-fn" - image: ${{ env.REGISTRY }}/${{ env.NAMESPACE }}/${{ env.IMAGE }}:${{ env.TAG }} + app-name: ${{ env.APP_NAME }} + image: ${{ env.REGISTRY_IMAGE }} slot-name: staging - - name: 'PROD Deploy Approval' + - name: 'Deploy Approval' uses: trstringer/manual-approval@v1 - if: ${{ contains(github.event.inputs.environment, 'prod') }} + if: ${{ contains(github.event.inputs.environment, 'prod')}} with: secret: ${{ secrets.BOT_TOKEN_GITHUB }} approvers: pagopa-team-core @@ -179,222 +378,24 @@ jobs: exclude-workflow-initiator-as-approver: false timeout-minutes: 360 - - name: 'Run Azure Functions Container Action PROD: deploy on production slot' + - name: 'Run Azure Functions Container Action' uses: Azure/functions-container-action@v1.2.1 - if: ${{ contains(github.event.inputs.environment, 'prod') }} - env: - ENV_SHORT: ${{ (contains(github.event.inputs.environment,'prod') && 'p') }} - TAG: ${{needs.release.outputs.version}} with: - app-name: "pagopa-${{ env.ENV_SHORT }}-weu-shared-authorizer-fn" - image: ${{ env.REGISTRY }}/${{ env.NAMESPACE }}/${{ env.IMAGE }}:${{ env.TAG }} + app-name: ${{ env.APP_NAME }} + image: ${{ env.REGISTRY_IMAGE }} slot-name: production - - name: 'Azure CLI script: stop staging slot' + - name: 'Azure CLI script: end staging slot' uses: azure/CLI@v1 if: ${{ contains(github.event.inputs.environment, 'prod') }} - env: - ENV_SHORT: ${{ (contains(github.event.inputs.environment,'prod') && 'p') }} with: inlineScript: | - az functionapp stop --name pagopa-${{ env.ENV_SHORT }}-weu-shared-authorizer-fn --resource-group pagopa-${{ env.ENV_SHORT }}-weu-shared-rg --slot staging + az functionapp stop --name ${{ env.APP_NAME }} --resource-group ${{ env.RESOURCE_GROUP }} --slot staging - name: Azure logout run: | az logout - - - - - -#name: Release And Deploy Azure Function -# -## Controls when the workflow will run -#on: -# pull_request: -# types: [ closed ] -# -# # Allows you to run this workflow manually from the Actions tab -# workflow_dispatch: -# inputs: -# environment: -# required: true -# type: choice -# description: Select the Environment -# options: -# - dev -# - uat -# - prod -# - all -# beta: -# required: false -# type: boolean -# description: deploy beta function version on Azure -# default: false -# skip_release: -# required: false -# type: boolean -# description: skip the release. Only deploy -# default: false -# -#permissions: -# packages: write -# contents: write -# issues: write -# id-token: write -# actions: read -# -## env: -## ENV_SHORT: ${{ (contains(github.event.inputs.environment,'dev') && 'd') || (contains(github.event.inputs.environment, 'uat') && 'u') || (contains(github.event.inputs.environment,'prod') && 'p') }} -# -## A workflow run is made up of one or more jobs that can run sequentially or in parallel -#jobs: -# setup: -# name: Setup -# runs-on: ubuntu-latest -# outputs: -# semver: ${{ steps.get_semver.outputs.semver }} -# environment: ${{ steps.get_env.outputs.environment }} -# steps: -# - name: pull request rejected -# if: github.event_name == 'pull_request' && github.event.action == 'closed' && github.event.pull_request.merged != true -# run: | -# echo "❌ PR was closed without a merge" -# exit 1 -# -# # Set Semvar -# - run: echo "SEMVER=patch" >> $GITHUB_ENV -# -# - if: ${{ (github.event.pull_request.merged && contains(github.event.pull_request.labels.*.name, 'breaking-change ')) }} -# run: echo "SEMVER=major" >> $GITHUB_ENV -# -# - if: ${{ inputs.environment == 'uat' }} -# run: echo "SEMVER=minor" >> $GITHUB_ENV -# -# - if: ${{ inputs.environment == 'prod' }} -# run: echo "SEMVER=skip" >> $GITHUB_ENV -# -# - if: ${{ github.ref_name != 'main' }} -# run: echo "SEMVER=buildNumber" >> $GITHUB_ENV -# -# - if: ${{ inputs.skip_release }} -# run: echo "SEMVER=skip" >> $GITHUB_ENV -# -# - id: get_semver -# name: Set Output -# run: echo "semver=${{env.SEMVER}}" >> $GITHUB_OUTPUT -# -# # Set Environment -# - run: echo "ENVIRNOMENT=${{ inputs.environment}}" >> $GITHUB_ENV -# -# - if: ${{ inputs.environment == null }} -# run: echo "ENVIRNOMENT=dev" >> $GITHUB_ENV -# -# - id: get_env -# name: Set Output -# run: echo "environment=${{env.ENVIRNOMENT}}" >> $GITHUB_OUTPUT -# -# release: -# name: Create a New Release -# runs-on: ubuntu-latest -# needs: [setup] -# outputs: -# version: ${{ steps.release.outputs.version }} -# steps: -# - name: Make Release -# id: release -# uses: pagopa/github-actions-template/maven-release@main -# with: -# semver: ${{ needs.setup.outputs.semver }} -# github_token: ${{ secrets.BOT_TOKEN_GITHUB }} -# beta: ${{ inputs.beta }} -# skip_ci: ${{ inputs.beta }} -# -# build-and-push: -# needs: [ setup, release ] -# name: Build and Push Docker Image -# runs-on: ubuntu-latest -# if: ${{ inputs.semver != 'skip' }} -# environment: ${{ inputs.environment }} -# steps: -# - name: Build and Push -# id: semver -# uses: pagopa/github-actions-template/ghcr-build-push@v1.5.4 -# with: -# branch: ${{ github.ref_name}} -# github_token: ${{ secrets.GITHUB_TOKEN }} -# tag: ${{ needs.release.outputs.version }} -# -# deploy_azure_fn: -# name: Deploy Azure function -# needs: [ setup, release, build-and-push ] -# runs-on: ubuntu-latest -# if: ${{ always() && !contains(needs.*.result, 'failure') && !contains(needs.*.result, 'cancelled') }} -# -# steps: -# - name: 'Checkout GitHub Action' -# uses: actions/checkout@v3 -# -# - name: 'Login via Azure CLI' -# uses: azure/login@v1 -# with: -# client-id: ${{ secrets.CLIENT_ID }} -# tenant-id: ${{ secrets.TENANT_ID }} -# subscription-id: ${{ secrets.SUBSCRIPTION_ID }} -# -# - name: Set env variables -# run: | -# echo "RESOURCE_GROUP=pagopa-${{env.ENV_SHORT}}-weu-shared-rg" >> $GITHUB_ENV -# echo "APP_NAME=pagopa-${{env.ENV_SHORT}}-weu-shared-authorizer-fn" >> $GITHUB_ENV -# echo "REGISTRY_IMAGE=ghcr.io/pagopa/pagopa-platform-authorizer:${{needs.release.outputs.version}}" >> $GITHUB_ENV -# -# -# - name: 'Azure CLI script: start staging slot' -# uses: azure/CLI@v1 -# if: ${{ contains(github.event.inputs.environment, 'prod') }} -# with: -# inlineScript: | -# az functionapp start --name ${{ env.APP_NAME }} --resource-group ${{ env.RESOURCE_GROUP }} --slot staging -# -# - name: 'Run Azure Functions Container Action: staging slot' -# uses: Azure/functions-container-action@v1.2.1 -# if: ${{ contains(github.event.inputs.environment, 'prod')}} -# with: -# app-name: ${{ env.APP_NAME }} -# image: ${{ env.REGISTRY_IMAGE }} -# slot-name: staging -# -# - name: 'Deploy Approval' -# uses: trstringer/manual-approval@v1 -# if: ${{ contains(github.event.inputs.environment, 'prod')}} -# with: -# secret: ${{ secrets.BOT_TOKEN_GITHUB }} -# approvers: pagopa-team-core -# minimum-approvals: 1 -# issue-title: "Deploying ${{ env.TAG }} to prod from staging" -# issue-body: "Please approve or deny the deployment of version ${{ env.TAG }}." -# exclude-workflow-initiator-as-approver: false -# timeout-minutes: 360 -# -# - name: 'Run Azure Functions Container Action' -# uses: Azure/functions-container-action@v1.2.1 -# with: -# app-name: ${{ env.APP_NAME }} -# image: ${{ env.REGISTRY_IMAGE }} -# slot-name: production -# -# - name: 'Azure CLI script: end staging slot' -# uses: azure/CLI@v1 -# if: ${{ contains(github.event.inputs.environment, 'prod') }} -# with: -# inlineScript: | -# az functionapp stop --name ${{ env.APP_NAME }} --resource-group ${{ env.RESOURCE_GROUP }} --slot staging -# -# - name: Azure logout -# run: | -# az logout -# ## notify: ## needs: [ deploy ] ## runs-on: ubuntu-latest From 2a8bd269885a8b31b5613da09c641778c89ac039 Mon Sep 17 00:00:00 2001 From: pagopa-github-bot Date: Fri, 15 Sep 2023 15:54:29 +0000 Subject: [PATCH 10/15] Bump to version 0.2.1-2-github-action-fix [skip ci] --- openapi/openapi.json | 2 +- pom.xml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/openapi/openapi.json b/openapi/openapi.json index bb978a1..2bc651a 100644 --- a/openapi/openapi.json +++ b/openapi/openapi.json @@ -2,7 +2,7 @@ "openapi": "3.0.1", "info": { "title": "OpenAPI definition - Enrolled EC", - "version": "0.2.1-1-github-action-fix" + "version": "0.2.1-2-github-action-fix" }, "servers": [ { diff --git a/pom.xml b/pom.xml index 0d4139e..dbcf5a9 100644 --- a/pom.xml +++ b/pom.xml @@ -5,7 +5,7 @@ it.gov.pagopa.authorizer platform-authorizer - 0.2.1-1-github-action-fix + 0.2.1-2-github-action-fix jar Azure Authorizer cache Fn From 78f8d721399f7be574a7fb114b985ddafa32653d Mon Sep 17 00:00:00 2001 From: Andrea De Rinaldis Date: Fri, 15 Sep 2023 18:05:50 +0200 Subject: [PATCH 11/15] fix: resolved missing env parameter --- .github/workflows/release_deploy.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release_deploy.yml b/.github/workflows/release_deploy.yml index 2ee93b4..7eb14a1 100644 --- a/.github/workflows/release_deploy.yml +++ b/.github/workflows/release_deploy.yml @@ -245,8 +245,8 @@ permissions: id-token: write actions: read -# env: -# ENV_SHORT: ${{ (contains(github.event.inputs.environment,'dev') && 'd') || (contains(github.event.inputs.environment, 'uat') && 'u') || (contains(github.event.inputs.environment,'prod') && 'p') }} +env: + ENV_SHORT: ${{ (contains(github.event.inputs.environment,'dev') && 'd') || (contains(github.event.inputs.environment, 'uat') && 'u') || (contains(github.event.inputs.environment,'prod') && 'p') }} # A workflow run is made up of one or more jobs that can run sequentially or in parallel jobs: From 21f3ff470664f0e426f9871d76e78b625573800a Mon Sep 17 00:00:00 2001 From: Andrea De Rinaldis Date: Mon, 18 Sep 2023 10:24:50 +0200 Subject: [PATCH 12/15] chore: testing staging slot in DEV environment --- .github/workflows/release_deploy.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/release_deploy.yml b/.github/workflows/release_deploy.yml index 7eb14a1..c14648e 100644 --- a/.github/workflows/release_deploy.yml +++ b/.github/workflows/release_deploy.yml @@ -353,14 +353,14 @@ jobs: - name: 'Azure CLI script: start staging slot' uses: azure/CLI@v1 - if: ${{ contains(github.event.inputs.environment, 'prod') }} + #if: ${{ contains(github.event.inputs.environment, 'prod') }} with: inlineScript: | az functionapp start --name ${{ env.APP_NAME }} --resource-group ${{ env.RESOURCE_GROUP }} --slot staging - name: 'Run Azure Functions Container Action: staging slot' uses: Azure/functions-container-action@v1.2.1 - if: ${{ contains(github.event.inputs.environment, 'prod')}} + # if: ${{ contains(github.event.inputs.environment, 'prod')}} with: app-name: ${{ env.APP_NAME }} image: ${{ env.REGISTRY_IMAGE }} @@ -368,7 +368,7 @@ jobs: - name: 'Deploy Approval' uses: trstringer/manual-approval@v1 - if: ${{ contains(github.event.inputs.environment, 'prod')}} + # if: ${{ contains(github.event.inputs.environment, 'prod')}} with: secret: ${{ secrets.BOT_TOKEN_GITHUB }} approvers: pagopa-team-core @@ -387,7 +387,7 @@ jobs: - name: 'Azure CLI script: end staging slot' uses: azure/CLI@v1 - if: ${{ contains(github.event.inputs.environment, 'prod') }} + # if: ${{ contains(github.event.inputs.environment, 'prod') }} with: inlineScript: | az functionapp stop --name ${{ env.APP_NAME }} --resource-group ${{ env.RESOURCE_GROUP }} --slot staging From acadfa13f3e2b4ad0fd88ff0a525244859df8174 Mon Sep 17 00:00:00 2001 From: Andrea De Rinaldis Date: Mon, 18 Sep 2023 12:52:35 +0200 Subject: [PATCH 13/15] fix: deleted Azure DevOps pipelines --- .devops/code-review-pipelines.yml | 64 ------- .devops/deploy-pipelines.yml | 308 ------------------------------ 2 files changed, 372 deletions(-) delete mode 100644 .devops/code-review-pipelines.yml delete mode 100644 .devops/deploy-pipelines.yml diff --git a/.devops/code-review-pipelines.yml b/.devops/code-review-pipelines.yml deleted file mode 100644 index ee63c66..0000000 --- a/.devops/code-review-pipelines.yml +++ /dev/null @@ -1,64 +0,0 @@ -# Maven -# Build your Java project and run tests with Apache Maven. -# Add steps that analyze code, save build artifacts, deploy, and more: -# https://docs.microsoft.com/azure/devops/pipelines/languages/java - -# Automatically triggered on PR -# https://docs.microsoft.com/en-us/azure/devops/pipelines/yaml-schema?view=azure-devops&tabs=schema%2Cparameter-schema#pr-trigger -trigger: - - main -pr: - - main - -pool: - vmImage: ubuntu-latest - -variables: - MAVEN_CACHE_FOLDER: $(Pipeline.Workspace)/.m2/repository - MAVEN_OPTS: '-Dmaven.repo.local=$(MAVEN_CACHE_FOLDER)' - -steps: - - task: Cache@2 - inputs: - key: 'maven | "$(Agent.OS)" | pom.xml' - restoreKeys: | - maven | "$(Agent.OS)" - maven - path: $(MAVEN_CACHE_FOLDER) - displayName: Cache Maven local repo - - - task: SonarCloudPrepare@1 - displayName: 'Prepare SonarCloud analysis configuration' - inputs: - SonarCloud: '$(SONARCLOUD_SERVICE_CONN)' - organization: '$(SONARCLOUD_ORG)' - scannerMode: Other - extraProperties: | - sonar.projectKey=$(SONARCLOUD_PROJECT_KEY) - sonar.projectName=$(SONARCLOUD_PROJECT_NAME) - sonar.coverage.exclusions=**/config/*,**/*Mock*,**/model/**,**/entity/* - sonar.cpd.exclusions=**/model/**,**/entity/* - - - - task: Maven@3 - displayName: 'Run Junit Test' - inputs: - mavenPomFile: 'pom.xml' - mavenOptions: '-Xmx3072m $(MAVEN_OPTS)' - mavenVersionOption: 'Default' - mavenAuthenticateFeed: false - javaHomeOption: 'JDKVersion' - jdkVersionOption: '1.11' - publishJUnitResults: true - testResultsFiles: '**/surefire-reports/TEST-*.xml' - goals: 'clean verify' - sonarQubeRunAnalysis: true - codeCoverageToolOption: 'JaCoCo' - effectivePomSkip: false - isJacocoCoverageReportXML: true - sqMavenPluginVersionChoice: 'latest' - - - task: SonarCloudPublish@1 - displayName: 'Publish SonarCloud results on build summary' - inputs: - pollingTimeoutSec: '300' diff --git a/.devops/deploy-pipelines.yml b/.devops/deploy-pipelines.yml deleted file mode 100644 index 51c57fc..0000000 --- a/.devops/deploy-pipelines.yml +++ /dev/null @@ -1,308 +0,0 @@ -parameters: - - name: ENV - displayName: Target Environment - type: string - default: dev - values: - - dev - - uat - - prod - - name: SEMVER - displayName: "When packing a release, define the version bump to apply. Use only buildNumber or skip for manual deployment" - type: string - values: - - major - - minor - - patch - - buildNumber - - skip - default: skip - - name: TEST - displayName: Run integration tests - type: boolean - default: false - - name: "FORCE_REPLACE_DOCKER_IMAGE" - displayName: "Force the existing docker image to be replaced" - type: boolean - default: False - values: - - False - - True - -variables: - imageRepository: '$(IMAGE_REPOSITORY_NAME)' - - ${{ if eq(parameters['ENV'], 'dev') }}: - poolImage: 'pagopa-dev-linux' - AZURE_SUBSCRIPTION: $(DEV_AZURE_SUBSCRIPTION) - APP_NAME: $(DEV_WEB_APP_NAME) - STAGE: "d" - RESOURCE_GROUP: 'pagopa-d-weu-shared-rg' - CONTAINER_REGISTRY_SERVICE_CONN: $(DEV_CONTAINER_REGISTRY_SERVICE_CONN) - CONTAINER_NAMESPACE: $(DEV_CONTAINER_NAMESPACE) - # integration tests variables - COSMOSDB_URI: $(DEV_AUTH_COSMOS_URI) - COSMOSDB_KEY: $(DEV_AUTH_COSMOS_KEY) - INTEGRTEST_EXT_SUBSCRIPTION_KEY: $(DEV_INTEGRTEST_EXT_SUBSCRIPTION_KEY) - INTEGRTEST_VALID_SUBKEY: $(DEV_INTEGRTEST_VALID_SUBKEY) - INTEGRTEST_INVALID_SUBKEY: $(DEV_INTEGRTEST_INVALID_SUBKEY) - - ${{ if eq(parameters['ENV'], 'uat') }}: - poolImage: 'pagopa-uat-loadtest-linux' - AZURE_SUBSCRIPTION: $(UAT_AZURE_SUBSCRIPTION) - APP_NAME: $(UAT_WEB_APP_NAME) - STAGE: "u" - RESOURCE_GROUP: 'pagopa-u-weu-shared-rg' - CONTAINER_REGISTRY_SERVICE_CONN: $(UAT_CONTAINER_REGISTRY_SERVICE_CONN) - CONTAINER_NAMESPACE: $(UAT_CONTAINER_NAMESPACE) - # integration tests variables - COSMOSDB_URI: $(UAT_AUTH_COSMOS_URI) - COSMOSDB_KEY: $(UAT_AUTH_COSMOS_KEY) - INTEGRTEST_EXT_SUBSCRIPTION_KEY: $(UAT_INTEGRTEST_EXT_SUBSCRIPTION_KEY) - INTEGRTEST_VALID_SUBKEY: $(UAT_INTEGRTEST_VALID_SUBKEY) - INTEGRTEST_INVALID_SUBKEY: $(UAT_INTEGRTEST_INVALID_SUBKEY) - - ${{ if eq(parameters['ENV'], 'prod') }}: - poolImage: 'pagopa-prod-linux' - AZURE_SUBSCRIPTION: $(PROD_AZURE_SUBSCRIPTION) - APP_NAME: $(PROD_WEB_APP_NAME) - STAGE: "p" - RESOURCE_GROUP: 'pagopa-p-weu-shared-rg' - CONTAINER_REGISTRY_SERVICE_CONN: $(PROD_CONTAINER_REGISTRY_SERVICE_CONN) - CONTAINER_NAMESPACE: $(PROD_CONTAINER_NAMESPACE) - - ${{ if eq(variables['Build.SourceBranchName'], 'merge') }}: - SOURCE_BRANCH: "main" # force to main branch - ${{ if ne(variables['Build.SourceBranchName'], 'merge') }}: - SOURCE_BRANCH: ${{ variables['Build.SourceBranchName'] }} - - - - MAVEN_CACHE_FOLDER: $(Pipeline.Workspace)/.m2/repository - MAVEN_OPTS: "-Dmaven.repo.local=$(MAVEN_CACHE_FOLDER)" - title: "" - sha: "" - tag: "" - -# Only manual triggers -trigger: none -pr: none - -pool: - vmImage: ubuntu-latest - -resources: - repositories: - - repository: pagopaCommons - type: github - name: pagopa/azure-pipeline-templates - ref: refs/tags/v2.10.1 - endpoint: 'io-azure-devops-github-ro' - -stages: - - # Create a release on GitHub - - stage: Release - jobs: - - job: make_release - steps: - - checkout: self - clean: true - persistCredentials: true - - - ${{ if ne(parameters.SEMVER, 'skip') }}: - - template: templates/maven-github-release/template.yaml@pagopaCommons - parameters: - release_branch: $(SOURCE_BRANCH) - gitEmail: $(GIT_EMAIL) - gitUsername: $(GIT_USERNAME) - gitHubConnection: $(GITHUB_CONNECTION) - ${{ if ne(parameters.SEMVER, 'skip') }}: - semver: '${{ parameters.SEMVER }}' - ${{ if eq(parameters.SEMVER, 'skip') }}: - semver: 'buildNumber' # this case is impossible due to main condition, but it is necessary to work property - - - template: templates/maven-github-current-version/template.yaml@pagopaCommons - - # Build and Push Docker Image - - stage: Build - dependsOn: Release - variables: - current_version: $[ stageDependencies.Release.make_release.outputs['current_version.value'] ] - jobs: - - job: "build" - steps: - - checkout: self - persistCredentials: true - - - script: | - git checkout $(SOURCE_BRANCH) - displayName: Checkout and update branch - - - template: templates/docker-release/template.yaml@pagopaCommons - parameters: - CONTAINER_REGISTRY_SERVICE_CONN: $(CONTAINER_REGISTRY_SERVICE_CONN) - CONTAINER_REGISTRY_FQDN: $(CONTAINER_NAMESPACE) - DOCKER_IMAGE_NAME: $(imageRepository) - DOCKER_IMAGE_TAG: $(current_version) - FORCE_REPLACE_DOCKER_IMAGE: ${{ parameters.FORCE_REPLACE_DOCKER_IMAGE }} - - # Deploy on Azure - - stage: deploy - variables: - current_version: $[ stageDependencies.Release.make_release.outputs['current_version.value'] ] - condition: not(failed('releaseService')) - pool: - vmImage: "ubuntu-latest" - jobs: - - job: deployJava - steps: - - - script: | - echo ${{variables['Build.SourceBranchName']}} - echo $(SOURCE_BRANCH) - echo $(TEST) - - - checkout: self - clean: true - persistCredentials: true - submodules: true - - - script: | - echo "Checkout on $(SOURCE_BRANCH)" - git checkout $(SOURCE_BRANCH) - displayName: Checkout on source branch - - - task: Cache@2 - inputs: - key: 'maven | "$(Agent.OS)" | pom.xml' - restoreKeys: | - maven | "$(Agent.OS)" - maven - path: $(MAVEN_CACHE_FOLDER) - displayName: Set Maven Cache - - - task: Bash@3 - # When the maven task is installed, mvn can be used in a script - name: pomversion - inputs: - targetType: "inline" - script: | - version=$(mvn -f pom.xml help:evaluate -Dexpression=project.version -q -DforceStdout) - echo "##vso[task.setvariable variable=next;isOutput=true]$version" - failOnStderr: true - - - task: Maven@3 - inputs: - mavenPomFile: 'pom.xml' - publishJUnitResults: false - javaHomeOption: 'JDKVersion' - jdkVersionOption: '1.11' - mavenVersionOption: 'Default' - mavenOptions: '-Xmx3072m $(MAVEN_OPTS)' - mavenAuthenticateFeed: false - effectivePomSkip: false - sonarQubeRunAnalysis: false - - # deploy function on dev/uat environment - - task: AzureFunctionAppContainer@1 - displayName: Deploy Function App [DEV|UAT] - condition: in('${{ parameters.ENV }}', 'dev', 'uat') - inputs: - azureSubscription: $(AZURE_SUBSCRIPTION) - appName: "${{variables.APP_NAME}}-shared-authorizer-fn" - imageName: "${{variables.CONTAINER_NAMESPACE}}/${{ variables.imageRepository }}:latest" - slotName: production - resourceGroupName: $(RESOURCE_GROUP) - - # deploy function on production environment - - task: AzureFunctionAppContainer@1 - displayName: Deploy Function App [PROD] staging - condition: eq('${{ parameters.ENV }}', 'prod') - inputs: - azureSubscription: $(AZURE_SUBSCRIPTION) - appName: "${{variables.APP_NAME}}-shared-authorizer-fn" - imageName: "${{variables.CONTAINER_NAMESPACE}}/${{ variables.imageRepository }}:latest" - deployToSlotOrASE: true - slotName: staging - resourceGroupName: $(RESOURCE_GROUP) - - - script: | - echo "##vso[task.setvariable variable=version;isOutput=true]$(pomversion.next)" - name: dockerTag - - - stage: deployApprovalPROD - condition: eq('${{ parameters.ENV }}', 'prod') - dependsOn: deploy - pool: - vmImage: "ubuntu-latest" - jobs: - - job: waitForApprovalPROD - displayName: waiting for approval - pool: server - timeoutInMinutes: 4320 # 3 days - steps: - - task: ManualValidation@0 - displayName: Manual Approval - inputs: - onTimeout: "reject" - - - job: completeProdDeployFn - displayName: Complete function deploy on production environment - dependsOn: waitForApprovalPROD - steps: - # deploy functions - swap - - task: AzureAppServiceManage@0 - displayName: Swapping App Service Deploy - inputs: - ConnectedServiceName: $(AZURE_SUBSCRIPTION) - WebAppName: "${{variables.APP_NAME}}-shared-authorizer-fn" - ResourceGroupName: $(RESOURCE_GROUP) - SourceSlot: staging - SwapWithProduction: true - Slot: production - - # Run test - - stage: test - # run this stage only if 'test' is enabled and is not deploying in prod - condition: and(and(not(failed('deployJava')), eq('${{ parameters.TEST }}', 'true')), ne('${{ parameters.ENV }}', 'prod')) - - pool: - vmImage: "ubuntu-latest" - jobs: - # is needed to wait for startup of application - - job: waitStartup - pool: Server - steps: - - task: Delay@1 - inputs: - delayForMinutes: '5' - - - job: integrationTests - dependsOn: waitStartup - pool: - name: $(poolImage) - steps: - - checkout: self - persistCredentials: true - - - script: | - git checkout $(SOURCE_BRANCH) - git pull - displayName: Checkout and update branch - - - task: Docker@2 - displayName: "Docker login" - inputs: - containerRegistry: "$(CONTAINER_REGISTRY_SERVICE_CONN)" - command: "login" - - - script: | - cd ./integration-test - export COSMOSDB_URI=$(COSMOSDB_URI) - export COSMOSDB_KEY=$(COSMOSDB_KEY) - export INTEGRTEST_EXT_SUBSCRIPTION_KEY=$(INTEGRTEST_EXT_SUBSCRIPTION_KEY) - export INTEGRTEST_VALID_SUBKEY=$(INTEGRTEST_VALID_SUBKEY) - export INTEGRTEST_INVALID_SUBKEY=$(INTEGRTEST_INVALID_SUBKEY) - sh run_integration_test.sh ${{ parameters.ENV }} - displayName: Run integration test From f44d51f289d73093dccbc5c60e77110bfe6ccbca Mon Sep 17 00:00:00 2001 From: Andrea De Rinaldis Date: Mon, 18 Sep 2023 12:54:49 +0200 Subject: [PATCH 14/15] chore: removed comments --- .github/workflows/release_deploy.yml | 210 --------------------------- 1 file changed, 210 deletions(-) diff --git a/.github/workflows/release_deploy.yml b/.github/workflows/release_deploy.yml index c14648e..58d4770 100644 --- a/.github/workflows/release_deploy.yml +++ b/.github/workflows/release_deploy.yml @@ -1,213 +1,3 @@ -#name: Release And Deploy Azure Function -# -## Controls when the workflow will run -#on: -# pull_request: -# types: [ closed ] -# -# # Allows you to run this workflow manually from the Actions tab -# workflow_dispatch: -# inputs: -# environment: -# required: true -# type: choice -# description: Select the Environment -# options: -# - dev -# - uat -# - prod -# - all -# beta: -# required: false -# type: boolean -# description: deploy beta function version on Azure -# default: false -# skip_release: -# required: false -# type: boolean -# description: skip the release. Only deploy -# default: false -# -#permissions: -# packages: write -# contents: write -# issues: write -# id-token: write -# actions: read -# -#env: -# REGISTRY: 'ghcr.io' -# NAMESPACE: 'pagopa' -# IMAGE: 'pagopa-platform-authorizer' -# -# -## A workflow run is made up of one or more jobs that can run sequentially or in parallel -#jobs: -# setup: -# name: Setup -# runs-on: ubuntu-latest -# outputs: -# semver: ${{ steps.get_semver.outputs.semver }} -# environment: ${{ steps.get_env.outputs.environment }} -# steps: -# - name: pull request rejected -# if: github.event_name == 'pull_request' && github.event.action == 'closed' && github.event.pull_request.merged != true -# run: | -# echo "❌ PR was closed without a merge" -# exit 1 -# -# # Set Semvar -# - run: echo "SEMVER=patch" >> $GITHUB_ENV -# -# - if: ${{ (github.event.pull_request.merged && contains(github.event.pull_request.labels.*.name, 'breaking-change ')) }} -# run: echo "SEMVER=major" >> $GITHUB_ENV -# -# - if: ${{ inputs.environment == 'uat' }} -# run: echo "SEMVER=minor" >> $GITHUB_ENV -# -# - if: ${{ inputs.environment == 'prod' }} -# run: echo "SEMVER=skip" >> $GITHUB_ENV -# -# - if: ${{ github.ref_name != 'main' }} -# run: echo "SEMVER=buildNumber" >> $GITHUB_ENV -# -# - if: ${{ inputs.skip_release }} -# run: echo "SEMVER=skip" >> $GITHUB_ENV -# -# - id: get_semver -# name: Set Output -# run: echo "semver=${{env.SEMVER}}" >> $GITHUB_OUTPUT -# -# # Set Environment -# - run: echo "ENVIRNOMENT=${{ inputs.environment}}" >> $GITHUB_ENV -# -# - if: ${{ inputs.environment == null }} -# run: echo "ENVIRNOMENT=dev" >> $GITHUB_ENV -# -# - id: get_env -# name: Set Output -# run: echo "environment=${{env.ENVIRNOMENT}}" >> $GITHUB_OUTPUT -# -# release: -# name: Create a New Release -# runs-on: ubuntu-latest -# needs: [ setup ] -# outputs: -# version: ${{ steps.release.outputs.version }} -# steps: -# - name: Make Release -# id: release -# uses: pagopa/github-actions-template/maven-release@v1.5.4 -# with: -# semver: ${{ needs.setup.outputs.semver }} -# github_token: ${{ secrets.BOT_TOKEN_GITHUB }} -# beta: ${{ inputs.beta }} -# skip_ci: false -# -# build-and-push: -# needs: [ setup, release ] -# name: Build and Push Docker Image -# runs-on: ubuntu-latest -# if: ${{ inputs.semver != 'skip' }} -# environment: ${{ inputs.environment }} -# steps: -# - name: Build and Push -# id: semver -# uses: pagopa/github-actions-template/ghcr-build-push@v1.5.4 -# with: -# branch: ${{ github.ref_name}} -# github_token: ${{ secrets.GITHUB_TOKEN }} -# tag: ${{ needs.release.outputs.version }} -# -# deploy_azure_fn: -# name: Deploy Azure function -# environment: ${{ inputs.environment }} -# needs: [ setup, release, build-and-push ] -# runs-on: ubuntu-latest -# if: ${{ always() && !contains(needs.*.result, 'failure') && !contains(needs.*.result, 'cancelled') }} -# steps: -# - name: 'Checkout GitHub Action' -# uses: actions/checkout@v3 -# -# - name: 'Login via Azure CLI' -# uses: azure/login@v1 -# with: -# client-id: ${{ secrets.CLIENT_ID }} -# tenant-id: ${{ secrets.TENANT_ID }} -# subscription-id: ${{ secrets.SUBSCRIPTION_ID }} -# -# - name: 'Azure CLI script: start staging slot' -# uses: azure/CLI@v1 -# if: ${{ contains(github.event.inputs.environment, 'prod') }} -# env: -# ENV_SHORT: ${{ (contains(github.event.inputs.environment,'prod') && 'p') }} -# with: -# inlineScript: | -# az functionapp start --name pagopa-${{ env.ENV_SHORT }}-weu-shared-authorizer-fn --resource-group pagopa-${{ env.ENV_SHORT }}-weu-shared-rg --slot staging -# -# - name: 'Run Azure Functions Container Action DEV|UAT: deploy on production slot' -# uses: Azure/functions-container-action@v1.2.1 -# if: ${{ contains(github.event.inputs.environment, 'dev') || contains(github.event.inputs.environment, 'uat') }} -# env: -# ENV_SHORT: ${{ (contains(github.event.inputs.environment,'dev') && 'd') || (contains(github.event.inputs.environment, 'uat') && 'u') }} -# TAG: ${{needs.release.outputs.version}} -# with: -# app-name: "pagopa-${{ env.ENV_SHORT }}-weu-shared-authorizer-fn" -# image: ${{ env.REGISTRY }}/${{ env.NAMESPACE }}/${{ env.IMAGE }}:${{ env.TAG }} -# slot-name: production -# -# - name: 'Run Azure Functions Container Action PROD: deploy on staging slot' -# uses: Azure/functions-container-action@v1.2.1 -# if: ${{ contains(github.event.inputs.environment, 'prod') }} -# env: -# ENV_SHORT: ${{ (contains(github.event.inputs.environment,'prod') && 'p') }} -# TAG: ${{needs.release.outputs.version}} -# with: -# app-name: "pagopa-${{ env.ENV_SHORT }}-weu-shared-authorizer-fn" -# image: ${{ env.REGISTRY }}/${{ env.NAMESPACE }}/${{ env.IMAGE }}:${{ env.TAG }} -# slot-name: staging -# -# - name: 'PROD Deploy Approval' -# uses: trstringer/manual-approval@v1 -# if: ${{ contains(github.event.inputs.environment, 'prod') }} -# with: -# secret: ${{ secrets.BOT_TOKEN_GITHUB }} -# approvers: pagopa-team-core -# minimum-approvals: 1 -# issue-title: "Deploying ${{ env.TAG }} to prod from staging" -# issue-body: "Please approve or deny the deployment of version ${{ env.TAG }}." -# exclude-workflow-initiator-as-approver: false -# timeout-minutes: 360 -# -# - name: 'Run Azure Functions Container Action PROD: deploy on production slot' -# uses: Azure/functions-container-action@v1.2.1 -# if: ${{ contains(github.event.inputs.environment, 'prod') }} -# env: -# ENV_SHORT: ${{ (contains(github.event.inputs.environment,'prod') && 'p') }} -# TAG: ${{needs.release.outputs.version}} -# with: -# app-name: "pagopa-${{ env.ENV_SHORT }}-weu-shared-authorizer-fn" -# image: ${{ env.REGISTRY }}/${{ env.NAMESPACE }}/${{ env.IMAGE }}:${{ env.TAG }} -# slot-name: production -# -# - name: 'Azure CLI script: stop staging slot' -# uses: azure/CLI@v1 -# if: ${{ contains(github.event.inputs.environment, 'prod') }} -# env: -# ENV_SHORT: ${{ (contains(github.event.inputs.environment,'prod') && 'p') }} -# with: -# inlineScript: | -# az functionapp stop --name pagopa-${{ env.ENV_SHORT }}-weu-shared-authorizer-fn --resource-group pagopa-${{ env.ENV_SHORT }}-weu-shared-rg --slot staging -# -# - name: Azure logout -# run: | -# az logout - - - - - - name: Release And Deploy Azure Function # Controls when the workflow will run From 10c65a2d324c7d907fec50d228553707bfdb022e Mon Sep 17 00:00:00 2001 From: Andrea De Rinaldis Date: Mon, 18 Sep 2023 12:57:46 +0200 Subject: [PATCH 15/15] chore: se-inserted conditional steps --- .github/workflows/release_deploy.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/release_deploy.yml b/.github/workflows/release_deploy.yml index 58d4770..c84feb0 100644 --- a/.github/workflows/release_deploy.yml +++ b/.github/workflows/release_deploy.yml @@ -143,14 +143,14 @@ jobs: - name: 'Azure CLI script: start staging slot' uses: azure/CLI@v1 - #if: ${{ contains(github.event.inputs.environment, 'prod') }} + if: ${{ contains(github.event.inputs.environment, 'prod') }} with: inlineScript: | az functionapp start --name ${{ env.APP_NAME }} --resource-group ${{ env.RESOURCE_GROUP }} --slot staging - name: 'Run Azure Functions Container Action: staging slot' uses: Azure/functions-container-action@v1.2.1 - # if: ${{ contains(github.event.inputs.environment, 'prod')}} + if: ${{ contains(github.event.inputs.environment, 'prod')}} with: app-name: ${{ env.APP_NAME }} image: ${{ env.REGISTRY_IMAGE }} @@ -158,7 +158,7 @@ jobs: - name: 'Deploy Approval' uses: trstringer/manual-approval@v1 - # if: ${{ contains(github.event.inputs.environment, 'prod')}} + if: ${{ contains(github.event.inputs.environment, 'prod')}} with: secret: ${{ secrets.BOT_TOKEN_GITHUB }} approvers: pagopa-team-core @@ -177,7 +177,7 @@ jobs: - name: 'Azure CLI script: end staging slot' uses: azure/CLI@v1 - # if: ${{ contains(github.event.inputs.environment, 'prod') }} + if: ${{ contains(github.event.inputs.environment, 'prod') }} with: inlineScript: | az functionapp stop --name ${{ env.APP_NAME }} --resource-group ${{ env.RESOURCE_GROUP }} --slot staging