feat: P4ADEV-3963 adding superset

.devops/deploy-argocd-apps.yml

@@ -0,0 +1,255 @@
+pr: none
+
+trigger:
+  branches:
+    include:
+      - main
+  paths:
+    include:
+      - 'helm/dev/**'
+
+schedules:
+- cron: "12 23 * * *"
+  displayName: Nightly batch run
+  branches:
+    include:
+    - main
+  always: true
+
+parameters:
+- name: ENV
+  displayName: Environment
+  type: string
+  default: dev
+  values:
+    - dev
+    - uat
+    - prod
+
+- name: APPS_TOP
+  displayName: Top ArgoCD Apps. Set to [] to skip deployment.
+  type: object
+  default:
+    - p4pa-superset
+
+- name: APPS_MID
+  displayName: Mid ArgoCD Apps. Set to [] to skip deployment.
+  type: object
+  default: []
+
+- name: APPS_EXT
+  displayName: Extra ArgoCD Apps. Set to [] to skip deployment.
+  type: object
+  default: []
+
+- name: POSTMAN_BRANCH
+  displayName: Postman branch
+  type: string
+  default: 'develop'
+
+- name: ARGOCD_TARGET_BRANCH
+  displayName: ArgoCD target branch or version tag (vX.Y.Z)
+  type: string
+  default: 'main'
+
+- name: TRIGGER_MESSAGE
+  displayName: Trigger Message
+  type: string
+  default: 'none'
+
+variables:
+  # Static variables
+  - name: directoryPattern
+    value: 'helm/${{ parameters.ENV }}'
+  - name: area
+    value: p4pa-analytics
+  - name: sourceBranch
+    value: $[variables['Build.SourceBranch']]
+  - name: buildReason
+    value: $[variables['Build.Reason']]
+  - name: pipelineName
+    ${{ if eq(variables['Build.Reason'], 'Manual') }}:
+      ${{ if ne(parameters.TRIGGER_MESSAGE, 'none') }}:
+        value: '[Trigger-${{ parameters.TRIGGER_MESSAGE }}] [ENV-${{ parameters.ENV }}] [ArgoCD-${{ parameters.ARGOCD_TARGET_BRANCH }}] [Postman-${{ parameters.POSTMAN_BRANCH }}]'
+      ${{ if eq(parameters.TRIGGER_MESSAGE, 'none') }}:
+        value: '[ENV-${{ parameters.ENV }}] [ArgoCD-${{ parameters.ARGOCD_TARGET_BRANCH }}] [Postman-${{ parameters.POSTMAN_BRANCH }}]'
+
+
+  - ${{ if eq(parameters.ENV, 'dev') }}:
+    - name: argocdServer
+      value: $(DEV_ARGOCD_SERVER)
+    - name: argocdUsername
+      value: $(DEV_ARGOCD_USERNAME)
+    - name: argocdPassword
+      value: $(DEV_ARGOCD_PASSWORD)
+    - name: agentPoolName
+      value: $(DEV_AGENT_POOL)
+    - name: azureServiceConnectionName
+      value: $(DEV_AZURE_SERVICE_CONNECTION_NAME)
+    - name: postman_kv_name
+      value: $(DEV_POSTMAN_KV_NAME)
+    - name: postman_env_secret_name
+      value: $(DEV_POSTMAN_ENV_SECRET_NAME)
+
+  - ${{ if eq(parameters.ENV, 'uat') }}:
+    - name: argocdServer
+      value: $(UAT_ARGOCD_SERVER)
+    - name: argocdUsername
+      value: $(UAT_ARGOCD_USERNAME)
+    - name: argocdPassword
+      value: $(UAT_ARGOCD_PASSWORD)
+    - name: agentPoolName
+      value: $(UAT_AGENT_POOL)
+    - name: azureServiceConnectionName
+      value: $(UAT_AZURE_SERVICE_CONNECTION_NAME)
+    - name: postman_kv_name
+      value: $(UAT_POSTMAN_KV_NAME)
+    - name: postman_env_secret_name
+      value: $(UAT_POSTMAN_ENV_SECRET_NAME)
+
+  - ${{ if eq(parameters.ENV, 'prod') }}:
+    - name: argocdServer
+      value: $(PROD_ARGOCD_SERVER)
+    - name: argocdUsername
+      value: $(PROD_ARGOCD_USERNAME)
+    - name: argocdPassword
+      value: $(PROD_ARGOCD_PASSWORD)
+    - name: agentPoolName
+      value: $(PROD_AGENT_POOL)
+    - name: azureServiceConnectionName
+      value: $(PROD_AZURE_SERVICE_CONNECTION_NAME)
+    - name: postman_kv_name
+      value: $(PROD_POSTMAN_KV_NAME)
+    - name: postman_env_secret_name
+      value: $(PROD_POSTMAN_ENV_SECRET_NAME)
+
+resources:
+  repositories:
+    - repository: templates
+      type: github
+      name: pagopa/azure-pipeline-templates
+      ref: refs/tags/v6.8.0
+      endpoint: 'azure-devops-github-ro'
+    - repository: argo-templates
+      type: github
+      name: pagopa/p4pa-payhub-deploy-aks
+      ref: refs/tags/v1.84.0
+      endpoint: 'azure-devops-github-ro'
+
+pool:
+  vmImage: ubuntu-latest
+
+name: $(pipelineName)
+
+stages:
+  # Debug Steps
+  - stage: pre_steps
+    condition: succeeded()
+    jobs:
+    - job: legacy_debug_info
+      pool:
+        vmImage: 'ubuntu-latest'
+      steps:
+      - bash: |
+          echo "build reason: ${{variables['Build.Reason']}}"
+          echo "agentPoolName: ${{variables['agentPoolName']}}"
+          echo "argocdServer: ${{variables['argocdServer']}}"
+          echo "argocdTargetBranch: ${{parameters.ARGOCD_TARGET_BRANCH}}"
+          echo "postmanBranch: ${{parameters.POSTMAN_BRANCH}}"
+          echo "triggerMessage: ${{parameters.TRIGGER_MESSAGE}}"
+          echo "App TOPS: ${{ join(' ', parameters.APPS_TOP) }}"
+          echo "App MID: ${{ join(' ', parameters.APPS_MID) }}"
+          echo "App EXT: ${{ join(' ', parameters.APPS_EXT) }}"
+        displayName: 'Show Debug Information'
+
+  #
+  # ArgoCD
+  #
+  - stage: sync_argo_apps
+    condition: succeeded()
+    jobs:
+      # Top Apps
+      - ${{ if and(ne(length(parameters.APPS_TOP), 0), ne(parameters.APPS_TOP, '[]')) }}:
+        - template: .devops/templates/deploy-argo-template.yml@argo-templates
+          parameters:
+            applicationsList: ${{ parameters.APPS_TOP }}
+            deploymentType: 'top'
+            environment: ${{ parameters.ENV }}
+            argocdServerUrl: $(argocdServer)
+            argocdUserName: $(argocdUsername)
+            argocdUserPassword: $(argocdPassword)
+            agentPoolName: $(agentPoolName)
+            applicationPrefix: $(area)
+            targetBranch: ${{ parameters.ARGOCD_TARGET_BRANCH }}
+
+      # Mid Apps
+      - ${{ if and(ne(length(parameters.APPS_MID), 0), ne(parameters.APPS_MID, '[]')) }}:
+        - template: .devops/templates/deploy-argo-template.yml@argo-templates
+          parameters:
+            applicationsList: ${{ parameters.APPS_MID }}
+            deploymentType: 'mid'
+            environment: ${{ parameters.ENV }}
+            argocdServerUrl: $(argocdServer)
+            argocdUserName: $(argocdUsername)
+            argocdUserPassword: $(argocdPassword)
+            agentPoolName: $(agentPoolName)
+            applicationPrefix: $(area)
+            targetBranch: ${{ parameters.ARGOCD_TARGET_BRANCH }}
+
+      # Ext Apps
+      - ${{ if and(ne(length(parameters.APPS_EXT), 0), ne(parameters.APPS_EXT, '[]')) }}:
+        - template: .devops/templates/deploy-argo-template.yml@argo-templates
+          parameters:
+            applicationsList: ${{ parameters.APPS_EXT }}
+            deploymentType: 'ext'
+            environment: ${{ parameters.ENV }}
+            argocdServerUrl: $(argocdServer)
+            argocdUserName: $(argocdUsername)
+            argocdUserPassword: $(argocdPassword)
+            agentPoolName: $(agentPoolName)
+            applicationPrefix: $(area)
+            targetBranch: ${{ parameters.ARGOCD_TARGET_BRANCH }}
+
+  # Stage for Postman Tests
+  - stage: run_postman_tests
+    condition: and(succeeded(), or(${{eq(parameters.ENV, 'dev')}}, ${{eq(parameters.ENV, 'uat')}}))
+    dependsOn: sync_argo_apps
+    jobs:
+      # Top Apps Tests
+      - ${{ if and(ne(length(parameters.APPS_TOP), 0), ne(parameters.APPS_TOP, '[]')) }}:
+        - template: .devops/templates/postman-tests-template.yml@argo-templates
+          parameters:
+            appsList: ${{ parameters.APPS_TOP }}
+            appCategory: 'top'
+            env: ${{ parameters.ENV }}
+            agentPoolName: $(agentPoolName)
+            postmanBranch: ${{ parameters.POSTMAN_BRANCH }}
+            azureServiceConnection: $(azureServiceConnectionName)
+            keyVaultName: $(postman_kv_name)
+            secretName: $(postman_env_secret_name)
+
+      # Mid Apps Tests
+      - ${{ if and(ne(length(parameters.APPS_MID), 0), ne(parameters.APPS_MID, '[]')) }}:
+        - template: .devops/templates/postman-tests-template.yml@argo-templates
+          parameters:
+            appsList: ${{ parameters.APPS_MID }}
+            appCategory: 'mid'
+            env: ${{ parameters.ENV }}
+            agentPoolName: $(agentPoolName)
+            postmanBranch: ${{ parameters.POSTMAN_BRANCH }}
+            azureServiceConnection: $(azureServiceConnectionName)
+            keyVaultName: $(postman_kv_name)
+            secretName: $(postman_env_secret_name)
+
+      # Ext Apps Tests
+      - ${{ if and(ne(length(parameters.APPS_EXT), 0), ne(parameters.APPS_EXT, '[]')) }}:
+        - template: .devops/templates/postman-tests-template.yml@argo-templates
+          parameters:
+            appsList: ${{ parameters.APPS_EXT }}
+            appCategory: 'ext'
+            env: ${{ parameters.ENV }}
+            agentPoolName: $(agentPoolName)
+            postmanBranch: ${{ parameters.POSTMAN_BRANCH }}
+            azureServiceConnection: $(azureServiceConnectionName)
+            keyVaultName: $(postman_kv_name)
+            secretName: $(postman_env_secret_name)

.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,36 @@
+<!--- Please always add a PR description as if nobody knows anything about the context these changes come from. -->
+<!--- Even if we are all from our internal team, we may not be on the same page. -->
+<!--- Write this PR as you were contributing to a public OSS project, where nobody knows you and you have to earn their trust. -->
+<!--- This will improve our projects in the long run! Thanks. -->
+
+#### List of Changes
+
+<!--- Describe your changes in detail -->
+
+#### Motivation and Context
+
+<!--- Why is this change required? What problem does it solve? -->
+
+#### How Has This Been Tested?
+
+<!--- Please describe in detail how you tested your changes. -->
+<!--- Include details of your testing environment, tests ran to see how -->
+<!--- your change affects other areas of the code, etc. -->
+
+#### Screenshots (if appropriate):
+
+#### Types of changes
+
+<!--- What types of changes does your code introduce? Put an `x` in all the boxes that apply: -->
+
+- [ ] Bug fix (non-breaking change which fixes an issue)
+- [ ] New feature (non-breaking change which adds functionality)
+- [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
+
+#### Checklist:
+
+<!--- Go over all the following points, and put an `x` in all the boxes that apply. -->
+<!--- If you're unsure about any of these, don't hesitate to ask. We're here to help! -->
+
+- [ ] My change requires a change to the documentation.
+- [ ] I have updated the documentation accordingly.

.github/terraform/00_data.tf

@@ -0,0 +1,11 @@
+# Secret
+data "azurerm_key_vault" "key_vault" {
+  name                = "${var.prefix}-${var.env_short}-${local.domain}-kv"
+  resource_group_name = "${var.prefix}-${var.env_short}-${var.location_short}-${local.domain}-sec-rg"
+}
+
+# Github
+data "github_organization_teams" "all" {
+  root_teams_only = true
+  summary_only    = true
+}

.github/terraform/01_global.tf

@@ -0,0 +1,45 @@
+resource "github_branch_default" "default" {
+  repository = local.github.repository
+  branch     = "main"
+}
+
+resource "github_repository_ruleset" "branch_rules" {
+  for_each = var.env == "prod" ? local.branch_rulesets : {}
+
+  name        = each.key
+  repository  = local.github.repository
+  target      = "branch"
+  enforcement = "active"
+
+  conditions {
+    ref_name {
+      include = [each.value.ref_name]
+      exclude = []
+    }
+  }
+
+  dynamic "bypass_actors" {
+    for_each = each.value.bypass_actors == true ? toset(local.bypass_branch_rules_teams) : []
+    content {
+      actor_id    = lookup(local.team_name_to_id, bypass_actors.value)
+      actor_type  = "Team"
+      bypass_mode = "always"
+    }
+  }
+
+  rules {
+    creation                = false
+    update                  = false
+    deletion                = true
+    required_signatures     = false
+    required_linear_history = each.value.required_linear_history
+
+    pull_request {
+      dismiss_stale_reviews_on_push     = false
+      require_last_push_approval        = false
+      required_review_thread_resolution = false
+      require_code_owner_review         = each.value.require_code_owner_review
+      required_approving_review_count   = each.value.required_approving_review_count
+    }
+  }
+}