Skip to content
This repository was archived by the owner on Mar 15, 2025. It is now read-only.

pagopa-archive/terraform-azurerm-dx-azure-github-environment-bootstrap

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

46 Commits
tests
tests
 
 
CHANGELOG.md
CHANGELOG.md
 
 
README.md
README.md
 
 
ad_admin_iam.tf
ad_admin_iam.tf
 
 
ad_devs_iam.tf
ad_devs_iam.tf
 
 
ad_ext_iam.tf
ad_ext_iam.tf
 
 
container_app_job_runner.tf
container_app_job_runner.tf
 
 
data.tf
data.tf
 
 
github_branch_rules.tf
github_branch_rules.tf
 
 
github_environments_cd.tf
github_environments_cd.tf
 
 
github_environments_ci.tf
github_environments_ci.tf
 
 
github_repository.tf
github_repository.tf
 
 
github_repository_secrets.tf
github_repository_secrets.tf
 
 
id_app.tf
id_app.tf
 
 
id_app_iam.tf
id_app_iam.tf
 
 
id_infra.tf
id_infra.tf
 
 
id_infra_cd_iam.tf
id_infra_cd_iam.tf
 
 
id_infra_ci_iam.tf
id_infra_ci_iam.tf
 
 
id_opex.tf
id_opex.tf
 
 
id_opex_iam.tf
id_opex_iam.tf
 
 
locals.tf
locals.tf
 
 
main.tf
main.tf
 
 
outputs.tf
outputs.tf
 
 
package.json
package.json
 
 
resource_group.tf
resource_group.tf
 
 
variables.tf
variables.tf
 
 

Repository files navigation

DX - Azure GitHub Environment Bootstrap

Requirements

Name Version
azurerm ~>4
github ~>6

Modules

Name Source Version
naming_convention pagopa/dx-azure-naming-convention/azurerm ~>0

Resources

Name Type
azurerm_container_app_job.github_runner resource
azurerm_federated_identity_credential.github_app_cd resource
azurerm_federated_identity_credential.github_infra_cd resource
azurerm_federated_identity_credential.github_infra_ci resource
azurerm_federated_identity_credential.github_opex_cd resource
azurerm_federated_identity_credential.github_opex_ci resource
azurerm_key_vault_access_policy.infra_cd_kv_common resource
azurerm_key_vault_access_policy.infra_ci_kv_common resource
azurerm_key_vault_access_policy.keyvault_containerapp resource
azurerm_resource_group.main resource
azurerm_role_assignment.admins_group_rgs resource
azurerm_role_assignment.admins_group_rgs_kv_admin resource
azurerm_role_assignment.admins_group_rgs_kv_data resource
azurerm_role_assignment.app_cd_rgs_contributor resource
azurerm_role_assignment.app_cd_subscription_reader resource
azurerm_role_assignment.app_cd_tf_rg_blob_contributor resource
azurerm_role_assignment.devs_group_rgs resource
azurerm_role_assignment.devs_group_tf_rgs_kv_secr resource
azurerm_role_assignment.externals_group_rgs resource
azurerm_role_assignment.infra_cd_apim_service_contributor resource
azurerm_role_assignment.infra_cd_rg_nat_gw_network_contributor resource
azurerm_role_assignment.infra_cd_rg_network_contributor resource
azurerm_role_assignment.infra_cd_rg_private_dns_zone_contributor resource
azurerm_role_assignment.infra_cd_rgs_contributor resource
azurerm_role_assignment.infra_cd_rgs_kv_cert resource
azurerm_role_assignment.infra_cd_rgs_kv_crypto resource
azurerm_role_assignment.infra_cd_rgs_kv_secr resource
azurerm_role_assignment.infra_cd_rgs_st_blob_contributor resource
azurerm_role_assignment.infra_cd_rgs_user_access_admin resource
azurerm_role_assignment.infra_cd_st_tf_blob_contributor resource
azurerm_role_assignment.infra_cd_subscription_rbac_admin resource
azurerm_role_assignment.infra_cd_subscription_reader resource
azurerm_role_assignment.infra_cd_vnet_network_contributor resource
azurerm_role_assignment.infra_ci_rgs_cosmos_contributor resource
azurerm_role_assignment.infra_ci_rgs_kv_cert resource
azurerm_role_assignment.infra_ci_rgs_kv_crypto resource
azurerm_role_assignment.infra_ci_rgs_kv_secr resource
azurerm_role_assignment.infra_ci_rgs_st_blob_reader resource
azurerm_role_assignment.infra_ci_rgs_st_queue_contributor resource
azurerm_role_assignment.infra_ci_rgs_st_queue_reader resource
azurerm_role_assignment.infra_ci_rgs_st_table_contributor resource
azurerm_role_assignment.infra_ci_rgs_st_table_reader resource
azurerm_role_assignment.infra_ci_subscription_apim_secrets resource
azurerm_role_assignment.infra_ci_subscription_data_access resource
azurerm_role_assignment.infra_ci_subscription_pagopa_iac_reader resource
azurerm_role_assignment.infra_ci_subscription_reader resource
azurerm_role_assignment.infra_ci_tf_st_blob_contributor resource
azurerm_role_assignment.opex_cd_rg_monitoring_contributor resource
azurerm_role_assignment.opex_cd_rg_opex_contributor resource
azurerm_role_assignment.opex_cd_subscription_reader resource
azurerm_role_assignment.opex_cd_tf_rg_blob_contributor resource
azurerm_role_assignment.opex_cd_tf_rg_blob_data_access resource
azurerm_role_assignment.opex_ci_subscription_data_access resource
azurerm_role_assignment.opex_ci_subscription_reader resource
azurerm_role_assignment.opex_ci_tf_rg_blob_contributor resource
azurerm_user_assigned_identity.app_cd resource
azurerm_user_assigned_identity.infra_cd resource
azurerm_user_assigned_identity.infra_ci resource
azurerm_user_assigned_identity.opex_cd resource
azurerm_user_assigned_identity.opex_ci resource
github_actions_environment_secret.app_prod_cd resource
github_actions_environment_secret.infra_prod_cd resource
github_actions_environment_secret.infra_prod_ci resource
github_actions_environment_secret.opex_prod_cd resource
github_actions_environment_secret.opex_prod_ci resource
github_actions_secret.repo_secrets resource
github_branch_default.main resource
github_branch_protection.main resource
github_repository.this resource
github_repository_environment.app_prod_cd resource
github_repository_environment.infra_prod_cd resource
github_repository_environment.infra_prod_ci resource
github_repository_environment.opex_prod_cd resource
github_repository_environment.opex_prod_ci resource
github_repository_environment_deployment_policy.app_prod_cd_branch resource
github_repository_environment_deployment_policy.app_prod_cd_tag resource
github_repository_environment_deployment_policy.infra_prod_cd_branch resource
github_repository_environment_deployment_policy.infra_prod_cd_tag resource
github_repository_environment_deployment_policy.opex_prod_cd_branch resource
github_repository_environment_deployment_policy.opex_prod_cd_tag resource
azurerm_key_vault.runner data source
github_organization_teams.all data source

Inputs

Name Description Type Default Required
additional_resource_group_ids (Optional) List of existing resource groups of which the domain team is the owner. set(string) [] no
apim_id (Optional) ID of the APIM instance string null no
entraid_groups Azure Entra Id groups to give role to 
object({
    admins_object_id    = string
    devs_object_id      = string
    externals_object_id = optional(string, null)
  })
 n/a yes
environment Values which are used to generate resource names and location short names. They are all mandatory except for domain, which should not be used only in the case of a resource used by multiple domains. 
object({
    prefix          = string
    env_short       = string
    location        = string
    domain          = string
    instance_number = string
  })
 n/a yes
github_private_runner n/a 
object({
    container_app_environment_id       = string
    container_app_environment_location = string
    polling_interval_in_seconds        = optional(number, 30)
    min_instances                      = optional(number, 0)
    max_instances                      = optional(number, 30)
    labels                             = optional(list(string), [])
    key_vault = object({
      name                = string
      resource_group_name = string
      secret_name         = optional(string, "github-runner-pat")
    })
    cpu    = optional(number, 0.5)
    memory = optional(string, "1Gi")
  })
 n/a yes
keyvault_common_ids Id of the KeyVault containing common secrets list(string) [] no
nat_gateway_resource_group_id (Optional) Id of the resource group hosting NAT Gateways string null no
opex_resource_group_id Id of the resource group containing Opex dashboards string n/a yes
pep_vnet_id ID of the VNet holding Private Endpoint-dedicated subnet string n/a yes
private_dns_zone_resource_group_id Id of the resource group holding private DNS zones string n/a yes
repository Information about this repository 
object({
    owner                    = optional(string, "pagopa")
    name                     = string
    description              = string
    topics                   = list(string)
    reviewers_teams          = list(string)
    default_branch_name      = optional(string, "main")
    infra_cd_policy_branches = optional(set(string), ["main"])
    opex_cd_policy_branches  = optional(set(string), ["main"])
    app_cd_policy_branches   = optional(set(string), ["main"])
    infra_cd_policy_tags     = optional(set(string), [])
    opex_cd_policy_tags      = optional(set(string), [])
    app_cd_policy_tags       = optional(set(string), [])
  })
 n/a yes
subscription_id The subscription ID where resources are created string n/a yes
tags Resources tags map(string) n/a yes
tenant_id The tenant ID where resources are created string n/a yes
terraform_storage_account Name and resource group name of the Storage Account hosting the Terraform state file 
object({
    resource_group_name = string
    name                = string
  })
 n/a yes

Outputs

Name Description
github_private_runner n/a
identities n/a
repository n/a
resource_group n/a

About

Sets up monorepo's settings and required Azure permissions and roles

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

9 tags

Packages

No packages published

Contributors 7

Languages