feat: added Azure Function deploy action

pagopa · Sep 15, 2023 · 7217818 · 7217818
1 parent 951496e
commit 7217818
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 8 deletions.
diff --git a/.github/workflows/release_deploy.yml b/.github/workflows/release_deploy.yml
@@ -58,6 +58,8 @@ permissions:
   id-token: write
   actions: read
 
+env:
+  ENV_SHORT: ${{ (contains(github.event.inputs.environment,'dev') && 'd') || (contains(github.event.inputs.environment, 'uat') && 'u') || (contains(github.event.inputs.environment,'prod') && 'p') }}
 
 # A workflow run is made up of one or more jobs that can run sequentially or in parallel
 jobs:
@@ -89,7 +91,6 @@ jobs:
         run: |
           echo "environment=${{env.ENVIRNOMENT}}" >> $GITHUB_OUTPUT
 
-
   release:
     name: Create a New Release
     runs-on: ubuntu-latest
@@ -106,30 +107,34 @@ jobs:
           beta: ${{ inputs.beta }}
           skip_ci: ${{ inputs.beta }}
 
-  image:
+  build-and-push:
     needs: [ setup, release ]
     name: Build and Push Docker Image
     runs-on: ubuntu-latest
     if: ${{ inputs.semver != 'skip' }}
+    environment: ${{ inputs.environment }}
     steps:
       - name: Build and Push
         id: semver
-        uses: pagopa/github-actions-template/ghcr-build-push@v1.4.1
+        uses: pagopa/github-actions-template/ghcr-build-push@v1.5.4
         with:
+          branch: ${{ github.ref_name}}
           github_token: ${{ secrets.GITHUB_TOKEN }}
           tag: ${{ needs.release.outputs.version }}
 
   deploy_azure_fn:
     name: Deploy Azure function
     needs: [ setup, release, build-and-push ]
+    runs-on: ubuntu-latest
     if: ${{ always() && !contains(needs.*.result, 'failure') && !contains(needs.*.result, 'cancelled') }}
-    env:
-      ENV_SHORT: ${{ (contains(github.event.inputs.environment,'dev') && 'd') || (contains(github.event.inputs.environment, 'uat') && 'u') || (contains(github.event.inputs.environment,'prod') && 'p') }}
-      RESOURCE_GROUP: 'pagopa-${{ env.ENV_SHORT }}-weu-shared-rg'
-      APP_NAME: 'pagopa-${{ env.ENV_SHORT }}-weu-shared-authorizer-fn'
-      REGISTRY_IMAGE: 'ghcr.io/pagopa/pagopa-platform-authorizer:${{needs.release.outputs.version}}'
 
     steps:
+      - name: Set env variables
+        run: |
+          echo "RESOURCE_GROUP=pagopa-${{env.ENV_SHORT}}-weu-shared-rg" >> $GITHUB_ENV
+          echo "APP_NAME=pagopa-${{env.ENV_SHORT}}-weu-shared-authorizer-fn" >> $GITHUB_ENV
+          echo "REGISTRY_IMAGE=ghcr.io/pagopa/pagopa-platform-authorizer:${{needs.release.outputs.version}}" >> $GITHUB_ENV
+
       - name: 'Checkout GitHub Action'
         uses: actions/checkout@v3
 

diff --git a/.identity/00_data.tf b/.identity/00_data.tf
@@ -27,6 +27,10 @@ data "azurerm_key_vault" "domain_key_vault" {
   resource_group_name = "pagopa-${var.env_short}-${local.domain}-sec-rg"
 }
 
+data "azurerm_resource_group" "shared_rg" {
+  name  = "pagopa-${var.env_short}-weu-shared-rg"
+}
+
 data "azurerm_resource_group" "apim_resource_group" {
   name = "${local.product}-api-rg"
 }

diff --git a/.identity/02_application_action.tf b/.identity/02_application_action.tf
@@ -59,6 +59,12 @@ resource "azurerm_role_assignment" "environment_terraform_resource_group_dashboa
   principal_id         = module.github_runner_app.object_id
 }
 
+resource "azurerm_role_assignment" "environment_function" {
+  scope                = data.azurerm_resource_group.shared_rg.id
+  role_definition_name = "Contributor"
+  principal_id         = module.github_runner_app.object_id
+}
+
 resource "azurerm_role_assignment" "environment_key_vault" {
   scope                = data.azurerm_key_vault.key_vault.id
   role_definition_name = "Reader"