Skip to content

Drift Detection on prod citizen-auth #212

Drift Detection on prod citizen-auth

Drift Detection on prod citizen-auth #212

name: Drift Detection on prod citizen-auth
on:
workflow_dispatch:
schedule:
- cron: '08 00 * * *'
permissions:
id-token: write
contents: read
env:
DIR: "src/domains/citizen-auth"
AZURE_ENVIRONMENT: prod
jobs:
create_runner:
name: Create Runner
runs-on: ubuntu-22.04
environment: prod-runner
outputs:
runner_name: ${{ steps.create_github_runner.outputs.runner_name }}
steps:
- name: Create GitHub Runner
id: create_github_runner
# from https://github.com/pagopa/eng-github-actions-iac-template/tree/main/azure/github-self-hosted-runner-azure-create-action
uses: pagopa/eng-github-actions-iac-template/azure/github-self-hosted-runner-azure-create-action@main
with:
client_id: ${{ secrets.AZURE_CLIENT_ID }}
tenant_id: ${{ secrets.AZURE_TENANT_ID }}
subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
container_app_environment_name: ${{ secrets.AZURE_CONTAINER_APP_ENVIRONMENT_NAME }}
resource_group_name: ${{ secrets.AZURE_RESOURCE_GROUP_NAME }}
pat_token: ${{ secrets.BOT_TOKEN }}
terraform_driftdetection_job:
name: Terraform Drift Detection
runs-on: [self-hosted, "${{ needs.create_runner.outputs.runner_name }}"]
environment: prod-ci
needs: create_runner
steps:
- name: Checkout
id: checkout
# from https://github.com/actions/checkout/commits/main
uses: actions/checkout@1f9a0c22da41e6ebfa534300ef656657ea2c6707
with:
persist-credentials: false
fetch-depth: 0
- name: Setup terraform
id: setup-version
# https://github.com/pagopa/terraform-install-action/commits/main
uses: pagopa/terraform-install-action@1f76f593176e58c423b88d72273a612ba7ba430b
- name: Terraform drift detection common
# from https://github.com/pagopa/terraform-driftdetection-azure-action/commits/main
uses: pagopa/terraform-driftdetection-azure-action@71bd771b3a071c78b36e5e0ecbd666ac39b1113c
with:
client_id: ${{ secrets.AZURE_CLIENT_ID }}
tenant_id: ${{ secrets.AZURE_TENANT_ID }}
subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
dir: ${{ env.DIR }}-common
azure_environment: prod
- name: Terraform drift detection weu-beta
# from https://github.com/pagopa/terraform-driftdetection-azure-action/commits/main
uses: pagopa/terraform-driftdetection-azure-action@71bd771b3a071c78b36e5e0ecbd666ac39b1113c
with:
client_id: ${{ secrets.AZURE_CLIENT_ID }}
tenant_id: ${{ secrets.AZURE_TENANT_ID }}
subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
dir: ${{ env.DIR }}-app
azure_environment: weu-beta
- name: Terraform drift detection weu-prod01
# from https://github.com/pagopa/terraform-driftdetection-azure-action/commits/main
uses: pagopa/terraform-driftdetection-azure-action@71bd771b3a071c78b36e5e0ecbd666ac39b1113c
with:
client_id: ${{ secrets.AZURE_CLIENT_ID }}
tenant_id: ${{ secrets.AZURE_TENANT_ID }}
subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
dir: ${{ env.DIR }}-app
azure_environment: weu-prod01
cleanup_runner:
name: Cleanup Runner
if: always()
runs-on: ubuntu-22.04
environment: prod-runner
needs: [create_runner, terraform_driftdetection_job]
steps:
- name: Cleanup GitHub Runner
id: cleanup_github_runner
# from https://github.com/pagopa/github-self-hosted-runner-azure-cleanup-action/commits/main
uses: pagopa/github-self-hosted-runner-azure-cleanup-action@97731a35e6ffc79b66c4dfd2aae5e4fd04e3ebb5
with:
client_id: ${{ secrets.AZURE_CLIENT_ID }}
tenant_id: ${{ secrets.AZURE_TENANT_ID }}
subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
resource_group_name: ${{ secrets.AZURE_RESOURCE_GROUP_NAME }}
runner_name: ${{ needs.create_runner.outputs.runner_name }}
pat_token: ${{ secrets.BOT_TOKEN }}