pagopa · cap-ang · Apr 12, 2024 · Apr 11, 2024 · Apr 11, 2024 · Apr 11, 2024
diff --git a/.github/workflows/deploy_with_github_runner.yml b/.github/workflows/deploy_with_github_runner.yml
@@ -7,6 +7,10 @@ on:
         required: true
         description: The name of the environment where to deploy
         type: string
+      target:
+        required: true
+        description: The environment target of the job
+        type: string
 
 env:
   APP_NAME: pagopagpsdonationservice
@@ -22,6 +26,7 @@ jobs:
     runs-on: ubuntu-22.04
     environment:
       name: ${{ inputs.environment }}
+    if: ${{ inputs.target == inputs.environment || inputs.target == 'all' }}
     outputs:
       runner_name: ${{ steps.create_github_runner.outputs.runner_name }}
     steps:
@@ -30,7 +35,7 @@ jobs:
         # from https://github.com/pagopa/eng-github-actions-iac-template/tree/main/azure/github-self-hosted-runner-azure-create-action
         uses: pagopa/eng-github-actions-iac-template/azure/github-self-hosted-runner-azure-create-action@main
         with:
-          client_id: ${{ secrets.CLIENT_ID }}
+          client_id: ${{ secrets.CD_CLIENT_ID }}
           tenant_id: ${{ secrets.TENANT_ID }}
           subscription_id: ${{ secrets.SUBSCRIPTION_ID }}
           container_app_environment_name: ${{ vars.CONTAINER_APP_ENVIRONMENT_NAME }}
@@ -40,14 +45,15 @@ jobs:
   deploy:
     needs: [ create_runner ]
     runs-on: [ self-hosted, "${{ needs.create_runner.outputs.runner_name }}" ]
+    if: ${{ inputs.target == inputs.environment || inputs.target == 'all' }}
     name: Deploy on AKS
     environment: ${{ inputs.environment }}
     steps:
       - name: Deploy
         uses: pagopa/github-actions-template/aks-deploy@main
         with:
           branch: ${{ github.ref_name }}
-          client_id: ${{ secrets.CLIENT_ID }}
+          client_id: ${{ secrets.CD_CLIENT_ID }}
           subscription_id: ${{ secrets.SUBSCRIPTION_ID }}
           tenant_id: ${{ secrets.TENANT_ID }}
           env: ${{ inputs.environment }}
@@ -60,7 +66,7 @@ jobs:
   cleanup_runner:
     name: Cleanup Runner
     needs: [ create_runner, deploy ]
-    if: ${{ success() || failure() }}
+    if: ${{ success() || failure() && inputs.target == inputs.environment || inputs.target == 'all' }}
     runs-on: ubuntu-22.04
     environment: ${{ inputs.environment }}
     steps:
@@ -69,7 +75,7 @@ jobs:
         # from https://github.com/pagopa/eng-github-actions-iac-template/tree/main/azure/github-self-hosted-runner-azure-cleanup-action
         uses: pagopa/eng-github-actions-iac-template/azure/github-self-hosted-runner-azure-cleanup-action@0ee2f58fd46d10ac7f00bce4304b98db3dbdbe9a
         with:
-          client_id: ${{ secrets.CLIENT_ID }}
+          client_id: ${{ secrets.CD_CLIENT_ID }}
           tenant_id: ${{ secrets.TENANT_ID }}
           subscription_id: ${{ secrets.SUBSCRIPTION_ID }}
           resource_group_name: ${{ vars.CONTAINER_APP_ENVIRONMENT_RESOURCE_GROUP_NAME }}

diff --git a/.github/workflows/release_deploy.yml b/.github/workflows/release_deploy.yml
@@ -20,7 +20,7 @@ on:
       beta:
         required: false
         type: boolean
-        description: deploy beta function version on Azure
+        description: deploy beta version on AKS
         default: false
       skip_release:
         required: false
@@ -118,45 +118,30 @@ jobs:
           github_token: ${{ secrets.GITHUB_TOKEN }}
           tag: ${{ needs.release.outputs.version }}
 
-  deploy_aks_dev:
-    name: Deploy on AKS DEV
+  deploy_aks:
+    name: Deploy on AKS
     needs: [ setup, release, image ]
     if: ${{ always() && !contains(needs.*.result, 'failure') && !contains(needs.*.result, 'cancelled') }}
+    strategy:
+      matrix:
+        environment: [ dev, uat, prod ]
     uses: ./.github/workflows/deploy_with_github_runner.yml
     with:
-      environment: ${{ needs.setup.outputs.environment }}
+      environment: ${{ matrix.environment }}
+      target: ${{ needs.setup.outputs.environment }}
     secrets: inherit
 
-  deploy_aks_uat:
-    name: Deploy on AKS UAT
-    needs: [ setup, release, image ]
-    if: ${{ always() && !contains(needs.*.result, 'failure') && !contains(needs.*.result, 'cancelled')  && needs.setup.outputs.environment != 'dev' }}
-    uses: ./.github/workflows/deploy_with_github_runner.yml
-    with:
-      environment: ${{ needs.setup.outputs.environment }}
-    secrets: inherit
-
-  deploy_aks_prod:
-    name: Deploy on AKS PROD
-    needs: [ setup, release, image ]
-    if: ${{ always() && !contains(needs.*.result, 'failure') && !contains(needs.*.result, 'cancelled')  && needs.setup.outputs.environment == 'prod' }}
-    uses: ./.github/workflows/deploy_with_github_runner.yml
-    with:
-      environment: ${{ needs.setup.outputs.environment }}
-    secrets: inherit
-
-
   notify:
-    needs: [ deploy_aks_prod ]
+    needs: [ setup, release, deploy_aks ]
     runs-on: ubuntu-latest
     name: Notify
     if: always()
     steps:
       - name: Report Status
-        if: ${{ needs.setup.outputs.environment == 'prod' }}
+        if: ${{ needs.setup.outputs.environment == 'prod' || needs.setup.outputs.environment == 'all'  }}
         uses: ravsamhq/notify-slack-action@v2
         with:
-          status: ${{ needs.deploy_aks_prod.result }}
+          status: ${{ needs.deploy_aks.result }}
           token: ${{ secrets.GITHUB_TOKEN }}
           notification_title: 'New Release on Production ${{ needs.release.outputs.version }} has {status_message}'
           message_format: '{emoji} <{run_url}|{workflow}> {status_message} in <{repo_url}|{repo}>'

diff --git a/.identity/.terraform.lock.hcl b/.identity/.terraform.lock.hcl
diff --git a/.identity/00_data.tf b/.identity/00_data.tf
@@ -1,6 +1,6 @@
-data "azurerm_storage_account" "tf_storage_account"{
-  name                = "pagopainfraterraform${var.env}"
-  resource_group_name = "io-infra-rg"
+data "azurerm_user_assigned_identity" "identity_cd" {
+  resource_group_name = "${local.product}-identity-rg"
+  name                = "${local.product}-${local.domain}-01-github-cd-identity"
 }
 
 data "azurerm_resource_group" "dashboards" {

diff --git a/.identity/02_application_action.tf b/.identity/02_application_action.tf
diff --git a/.identity/03_github_environment.tf b/.identity/03_github_environment.tf
@@ -21,7 +21,9 @@ resource "github_repository_environment" "github_repository_environment" {
 
 locals {
   env_secrets = {
-    "CLIENT_ID" : module.github_runner_app.application_id,
+    "CD_CLIENT_ID" : data.azurerm_user_assigned_identity.identity_cd.client_id,
+    # <placeholder>
+    # "CT_CLIENT_ID" : data.azurerm_user_assigned_identity.identity_ct.client_id,
     "TENANT_ID" : data.azurerm_client_config.current.tenant_id,
     "SUBSCRIPTION_ID" : data.azurerm_subscription.current.subscription_id,
     "SUBKEY" : data.azurerm_key_vault_secret.key_vault_integration_test_subkey.value,

diff --git a/.identity/99_variables.tf b/.identity/99_variables.tf
@@ -22,6 +22,10 @@ locals {
   }
 }
 
+variable "location" {
+  type = string
+}
+
 variable "env" {
   type = string
 }
@@ -54,3 +58,14 @@ variable "github_repository_environment" {
     reviewers_teams        = ["pagopa-team-core"]
   }
 }
+
+variable "tags" {
+  type = map(any)
+  default = {
+    CreatedBy   = "Terraform"
+    Environment = "PROD"
+    Owner       = "pagoPA"
+    Source      = "https://github.com/pagopa/pagopa-gps-donation-service"
+    CostCenter  = "TS310 - PAGAMENTI & SERVIZI"
+  }
+}
diff --git a/.identity/env/dev/terraform.tfvars b/.identity/env/dev/terraform.tfvars
@@ -1,11 +1,12 @@
 prefix    = "pagopa"
 env       = "dev"
 env_short = "d"
+location  = "westeurope"
 
 tags = {
   CreatedBy   = "Terraform"
   Environment = "Dev"
   Owner       = "pagoPA"
   Source      = "https://github.com/pagopa/pagopa-gps-donation-service"
   CostCenter  = "TS310 - PAGAMENTI & SERVIZI"
-}
+}
diff --git a/.identity/env/prod/terraform.tfvars b/.identity/env/prod/terraform.tfvars
@@ -1,6 +1,7 @@
 prefix    = "pagopa"
 env       = "prod"
 env_short = "p"
+location  = "westeurope"
 
 tags = {
   CreatedBy   = "Terraform"

diff --git a/.identity/env/uat/terraform.tfvars b/.identity/env/uat/terraform.tfvars
@@ -1,11 +1,12 @@
 prefix    = "pagopa"
 env       = "uat"
 env_short = "u"
+location  = "westeurope"
 
 tags = {
   CreatedBy   = "Terraform"
   Environment = "Uat"
   Owner       = "pagoPA"
   Source      = "https://github.com/pagopa/pagopa-gps-donation-service"
   CostCenter  = "TS310 - PAGAMENTI & SERVIZI"
-}
+}
diff --git a/helm/Chart.lock b/helm/Chart.lock
@@ -0,0 +1,6 @@
+dependencies:
+- name: microservice-chart
+  repository: https://pagopa.github.io/aks-microservice-chart-blueprint
+  version: 2.4.0
+digest: sha256:db3f9abdcf9a458c7dc3ae6f5ace7292293cbf05a4ca398c4173807f9d14c561
+generated: "2024-04-11T12:46:51.133864+02:00"
diff --git a/helm/Chart.yaml b/helm/Chart.yaml
@@ -2,8 +2,8 @@ apiVersion: v2
 name: pagopa-gps-donation-service
 description: Microservice to handle Donations for GPS
 type: application
-version: 1.13.0
-appVersion: 1.1.2
+version: 1.18.0
+appVersion: 1.1.2-5-PAGOPA-1668
 dependencies:
   - name: microservice-chart
     version: 2.4.0