Merge branch 'main' into IOCOM-550-remove-legalmessage-endpoint-from-…

…apim
pagopa · Sep 27, 2023 · c3716df · c3716df
2 parents 65c6239 + e0b5e90
commit c3716df
Show file tree

Hide file tree

Showing 167 changed files with 5,172 additions and 714 deletions.
diff --git a/.github/workflows/gh_runner-scheduler.yml b/.github/workflows/gh_runner-scheduler.yml
@@ -0,0 +1,47 @@
+name: GitHub Runner Job AutoScaler
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: '0 09 * * MON-FRI'
+    - cron: '0 18 * * MON-FRI'
+
+permissions:
+  id-token: write
+  contents: read
+
+env:
+  resource-group: 'io-p-github-runner-rg'
+  job-name: 'io-infra-github-runner-job'
+  maximum_replica: 10
+
+jobs:
+  scheduler:
+    runs-on: ubuntu-22.04
+    environment: prod-runner
+    steps:
+      - name: Azure Login
+        id: login
+        uses: azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2
+        with:
+          client-id: ${{ secrets.AZURE_CLIENT_ID }}
+          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+
+      - name: Increase minimum replicas
+        if: github.event.schedule == '0 09 * * *'
+        run: |
+          az containerapp job update \
+            --resource-group ${{ env.resource-group }} \
+            --name ${{ env.job-name }} \
+            --min-executions 1 \
+            --max-executions ${{ env.maximum_replica }}
+
+      - name: Decrease minimum replicas
+        if: github.event.schedule == '0 18 * * *'
+        run: |
+          az containerapp job update \
+            --resource-group ${{ env.resource-group }} \
+            --name ${{ env.job-name }} \
+            --min-executions 0 \
+            --max-executions ${{ env.maximum_replica }}
diff --git a/.github/workflows/ioweb_prod_cd.yml b/.github/workflows/ioweb_prod_cd.yml
@@ -0,0 +1,143 @@
+name: Continuous Delivery on prod ioweb
+
+on:
+  workflow_dispatch:
+  # Trigger the workflow on push on the main branch
+  push:
+    branches:
+      - main
+    paths:
+      - "src/domains/ioweb**"
+      - ".github/workflows/ioweb_prod**"
+
+permissions:
+  id-token: write
+  contents: read
+
+env:
+  DIR: "src/domains/ioweb"
+  AZURE_ENVIRONMENT: prod
+
+jobs:
+  create_runner:
+    name: Create Runner
+    runs-on: ubuntu-22.04
+    environment: prod-runner
+    outputs:
+      runner_name: ${{ steps.create_github_runner.outputs.runner_name }}
+    steps:
+      - name: Create GitHub Runner
+        id: create_github_runner
+        # from https://github.com/pagopa/eng-github-actions-iac-template/tree/main/azure/github-self-hosted-runner-azure-create-action
+        uses: pagopa/eng-github-actions-iac-template/azure/github-self-hosted-runner-azure-create-action@main
+        with:
+          client_id: ${{ secrets.AZURE_CLIENT_ID }}
+          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          container_app_environment_name: ${{ secrets.AZURE_CONTAINER_APP_ENVIRONMENT_NAME }}
+          resource_group_name: ${{ secrets.AZURE_RESOURCE_GROUP_NAME }}
+          pat_token: ${{ secrets.BOT_TOKEN }}
+
+  terraform_preapply_job:
+    name: Terraform Pre Apply
+    runs-on: [self-hosted, "${{ needs.create_runner.outputs.runner_name }}"]
+    environment: prod-ci
+    needs: create_runner
+    steps:
+      - name: Checkout
+        id: checkout
+        # from https://github.com/actions/checkout/commits/main
+        uses: actions/checkout@1f9a0c22da41e6ebfa534300ef656657ea2c6707
+        with:
+          persist-credentials: false
+          fetch-depth: 0
+
+      - name: Setup terraform
+        id: setup-version
+        # https://github.com/pagopa/terraform-install-action/commits/main
+        uses: pagopa/terraform-install-action@1f76f593176e58c423b88d72273a612ba7ba430b
+
+      - name: Terraform pre apply common
+        # from https://github.com/pagopa/terraform-preapply-azure-action/commits/main
+        uses: pagopa/terraform-preapply-azure-action@54ded8cda3437c3f6a9f46baf69cb321ce82f5cd
+        with:
+          client_id: ${{ secrets.AZURE_CLIENT_ID }}
+          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          dir: ${{ env.DIR }}-common
+          azure_environment: prod
+
+      # - name: Terraform pre apply app (weu-beta)
+      #   # from https://github.com/pagopa/terraform-preapply-azure-action/commits/main
+      #   uses: pagopa/terraform-preapply-azure-action@54ded8cda3437c3f6a9f46baf69cb321ce82f5cd
+      #   with:
+      #     client_id: ${{ secrets.AZURE_CLIENT_ID }}
+      #     tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+      #     subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+      #     dir: ${{ env.DIR }}-app
+      #     azure_environment: weu-beta
+
+      - name: Terraform pre apply app (weu-prod01)
+        # from https://github.com/pagopa/terraform-preapply-azure-action/commits/main
+        uses: pagopa/terraform-preapply-azure-action@54ded8cda3437c3f6a9f46baf69cb321ce82f5cd
+        with:
+          client_id: ${{ secrets.AZURE_CLIENT_ID }}
+          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          dir: ${{ env.DIR }}-app
+          azure_environment: weu-prod01
+
+  terraform_apply_job:
+    name: Terraform Apply
+    runs-on: [self-hosted, "${{ needs.create_runner.outputs.runner_name }}"]
+    environment: prod-cd
+    needs: [create_runner, terraform_preapply_job]
+    steps:
+      - name: Terraform apply common
+        # from https://github.com/pagopa/terraform-apply-azure-action/commits/main
+        uses: pagopa/terraform-apply-azure-action@87efc4aa9b093b99ae5fd1915977e29cd80861ab
+        with:
+          client_id: ${{ secrets.AZURE_CLIENT_ID }}
+          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          dir: ${{ env.DIR }}-common
+          azure_environment: prod
+
+      # - name: Terraform apply app (weu-beta)
+      #   # from https://github.com/pagopa/terraform-apply-azure-action/commits/main
+      #   uses: pagopa/terraform-apply-azure-action@87efc4aa9b093b99ae5fd1915977e29cd80861ab
+      #   with:
+      #     client_id: ${{ secrets.AZURE_CLIENT_ID }}
+      #     tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+      #     subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+      #     dir: ${{ env.DIR }}-app
+      #     azure_environment: weu-beta
+
+      - name: Terraform apply app (weu-prod01)
+        # from https://github.com/pagopa/terraform-apply-azure-action/commits/main
+        uses: pagopa/terraform-apply-azure-action@87efc4aa9b093b99ae5fd1915977e29cd80861ab
+        with:
+          client_id: ${{ secrets.AZURE_CLIENT_ID }}
+          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          dir: ${{ env.DIR }}-app
+          azure_environment: weu-prod01
+
+  cleanup_runner:
+    name: Cleanup Runner
+    if: always()
+    runs-on: ubuntu-22.04
+    environment: prod-runner
+    needs: [create_runner, terraform_preapply_job, terraform_apply_job]
+    steps:
+      - name: Cleanup GitHub Runner
+        id: cleanup_github_runner
+        # from https://github.com/pagopa/github-self-hosted-runner-azure-cleanup-action/commits/main
+        uses: pagopa/github-self-hosted-runner-azure-cleanup-action@97731a35e6ffc79b66c4dfd2aae5e4fd04e3ebb5
+        with:
+          client_id: ${{ secrets.AZURE_CLIENT_ID }}
+          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          resource_group_name: ${{ secrets.AZURE_RESOURCE_GROUP_NAME }}
+          runner_name: ${{ needs.create_runner.outputs.runner_name }}
+          pat_token: ${{ secrets.BOT_TOKEN }}
diff --git a/.github/workflows/ioweb_prod_ci.yml b/.github/workflows/ioweb_prod_ci.yml
@@ -0,0 +1,109 @@
+name: Continuous Integration on prod ioweb
+
+on:
+  workflow_dispatch:
+  pull_request:
+    types:
+      - opened
+      - edited
+      - synchronize
+      - reopened
+    paths:
+      - "src/domains/ioweb**"
+      - ".github/workflows/ioweb_prod**"
+
+permissions:
+  id-token: write
+  contents: read
+
+env:
+  DIR: "src/domains/ioweb"
+  AZURE_ENVIRONMENT: prod
+
+jobs:
+  create_runner:
+    name: Create Runner
+    runs-on: ubuntu-22.04
+    environment: prod-runner
+    outputs:
+      runner_name: ${{ steps.create_github_runner.outputs.runner_name }}
+    steps:
+      - name: Create GitHub Runner
+        id: create_github_runner
+        # from https://github.com/pagopa/eng-github-actions-iac-template/tree/main/azure/github-self-hosted-runner-azure-create-action
+        uses: pagopa/eng-github-actions-iac-template/azure/github-self-hosted-runner-azure-create-action@main
+        with:
+          client_id: ${{ secrets.AZURE_CLIENT_ID }}
+          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          container_app_environment_name: ${{ secrets.AZURE_CONTAINER_APP_ENVIRONMENT_NAME }}
+          resource_group_name: ${{ secrets.AZURE_RESOURCE_GROUP_NAME }}
+          pat_token: ${{ secrets.BOT_TOKEN }}
+
+  terraform_plan_job:
+    name: Terraform Plan
+    runs-on: [self-hosted, "${{ needs.create_runner.outputs.runner_name }}"]
+    environment: prod-ci
+    needs: create_runner
+    steps:
+      - name: Checkout
+        id: checkout
+        # from https://github.com/actions/checkout/commits/main
+        uses: actions/checkout@1f9a0c22da41e6ebfa534300ef656657ea2c6707
+        with:
+          persist-credentials: false
+          fetch-depth: 0
+
+      - name: Setup terraform
+        id: setup-version
+        # https://github.com/pagopa/terraform-install-action/commits/main
+        uses: pagopa/terraform-install-action@1f76f593176e58c423b88d72273a612ba7ba430b
+
+      - name: Terraform plan common
+        # from https://github.com/pagopa/terraform-plan-azure-action/commits/main
+        uses: pagopa/terraform-plan-azure-action@392aca28cbb33f5dc28215dfb72385e136fd813b
+        with:
+          client_id: ${{ secrets.AZURE_CLIENT_ID }}
+          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          dir: ${{ env.DIR }}-common
+          azure_environment: prod
+
+      # - name: Terraform plan app (weu-beta)
+      #   # from https://github.com/pagopa/terraform-plan-azure-action/commits/main
+      #   uses: pagopa/terraform-plan-azure-action@392aca28cbb33f5dc28215dfb72385e136fd813b
+      #   with:
+      #     client_id: ${{ secrets.AZURE_CLIENT_ID }}
+      #     tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+      #     subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+      #     dir: ${{ env.DIR }}-app
+      #     azure_environment: weu-beta
+
+      - name: Terraform plan app (weu-prod01)
+        # from https://github.com/pagopa/terraform-plan-azure-action/commits/main
+        uses: pagopa/terraform-plan-azure-action@392aca28cbb33f5dc28215dfb72385e136fd813b
+        with:
+          client_id: ${{ secrets.AZURE_CLIENT_ID }}
+          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          dir: ${{ env.DIR }}-app
+          azure_environment: weu-prod01
+
+  cleanup_runner:
+    name: Cleanup Runner
+    if: always()
+    runs-on: ubuntu-22.04
+    environment: prod-runner
+    needs: [create_runner, terraform_plan_job]
+    steps:
+      - name: Cleanup GitHub Runner
+        id: cleanup_github_runner
+        # from https://github.com/pagopa/eng-github-actions-iac-template/tree/main/azure/github-self-hosted-runner-azure-cleanup-action
+        uses: pagopa/eng-github-actions-iac-template/azure/github-self-hosted-runner-azure-cleanup-action@main
+        with:
+          client_id: ${{ secrets.AZURE_CLIENT_ID }}
+          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          resource_group_name: ${{ secrets.AZURE_RESOURCE_GROUP_NAME }}
+          runner_name: ${{ needs.create_runner.outputs.runner_name }}
+          pat_token: ${{ secrets.BOT_TOKEN }}