Merge pull request #73 from pagopa/opex

opex dashboard

Author: jacopocarlini

.github/workflows/create_dashboard.yaml

@@ -2,14 +2,6 @@ name: Create Dashboard
 
 # Controls when the workflow will run
 on:
-  push:
-    branches:
-      - main
-    paths:
-      - 'openapi/**'
-      - '.github/workflows/create_dashboard.yaml'
-      - '.opex/**'
-
   workflow_dispatch:
 
 permissions:
@@ -26,6 +18,9 @@ jobs:
     strategy:
       matrix:
         environment: [prod]
+        product:
+          - selfcare_integration
+      max-parallel: 1
     environment:
       name: ${{ matrix.environment }}
     # Steps represent a sequence of tasks that will be executed as part of the job
@@ -37,48 +32,63 @@ jobs:
         with:
           persist-credentials: false
 
-      # from https://github.com/pagopa/opex-dashboard-azure-action/
-      - uses: pagopa/opex-dashboard-azure-action@ece3bc2b133be74cabb50aec14cdb9b8051b886f # v1.1.2
+      - run: |
+          python -m venv venv
+          source venv/bin/activate
+          git clone --branch fix-availability-dashboard https://github.com/pagopa/opex-dashboard
+          cd opex-dashboard
+          git checkout 6c6b91d31133081d4b954e6be0a8f941e3559733
+          pip install -e .
+          cd ..
+          source venv/bin/activate
+          venv/bin/opex_dashboard generate \
+            --template-name azure-dashboard \
+            --package ./dashboard \
+            --config-file .opex/${{ matrix.product }}/env/${{ matrix.environment }}/config.yaml
+
+      # we need to set env variables in the folder /azure-dashboard
+      - name: Copy Environments
+        shell: bash
+        run: |
+          cp -R .opex/${{ matrix.product }}/env ./dashboard/azure-dashboard
+
+      - name: Setup Terraform
+        id: setup_terraform
+        # from https://github.com/hashicorp/setup-terraform/commits/main
+        uses: hashicorp/setup-terraform@8feba2b913ea459066180f9cb177f58a881cf146
+        with:
+          terraform_version: 1.3.6
+
+      - name: Login
+        id: login
+        # from https://github.com/Azure/login/commits/master
+        uses: azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2
         with:
-          environment: ${{ matrix.environment }}
-          api-name:
-          config: .opex/env/${{ matrix.environment }}/config.yaml
           client-id: ${{ secrets.CLIENT_ID }}
           tenant-id: ${{ secrets.TENANT_ID }}
           subscription-id: ${{ secrets.SUBSCRIPTION_ID }}
-          # from https://github.com/pagopa/opex-dashboard-azure-action/pkgs/container/opex-dashboard-azure-action
-          docker-version: sha256:e4245954566cd3470e1b5527d33bb58ca132ce7493eac01be9e808fd25a11c8d
 
-  delete_github_deployments:
-    runs-on: ubuntu-latest
-    needs: dashboard
-    if: ${{ always() }}
-    steps:
-      - name: Delete Previous deployments
-        uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6
+      # now is possible to launch the command: terraform apply
+      - name: Terraform Apply
+        shell: bash
         env:
-          SHA_HEAD: ${{ (github.event_name == 'pull_request' && github.event.pull_request.head.sha) || github.sha}}
-        with:
-          script: |
-            const { SHA_HEAD } = process.env
+          ARM_CLIENT_ID: ${{ secrets.CLIENT_ID }}
+          ARM_TENANT_ID: ${{ secrets.TENANT_ID }}
+          ARM_SUBSCRIPTION_ID: ${{ secrets.SUBSCRIPTION_ID }}
+          ARM_USE_OIDC: true
+        run: |
+          cd ./dashboard/azure-dashboard
+  
+          bash ./terraform.sh apply ${{ matrix.environment }} -auto-approve
 
-            const deployments = await github.rest.repos.listDeployments({
-              owner: context.repo.owner,
-              repo: context.repo.repo,
-              sha: SHA_HEAD
-            });
-            await Promise.all(
-              deployments.data.map(async (deployment) => {
-                await github.rest.repos.createDeploymentStatus({
-                  owner: context.repo.owner,
-                  repo: context.repo.repo,
-                  deployment_id: deployment.id,
-                  state: 'inactive'
-                });
-                return github.rest.repos.deleteDeployment({
-                  owner: context.repo.owner,
-                  repo: context.repo.repo,
-                  deployment_id: deployment.id
-                });
-              })
-            );
+#      # from https://github.com/pagopa/opex-dashboard-azure-action/
+#      - uses: pagopa/opex-dashboard-azure-action@v1.2.2
+#        with:
+#          environment: ${{ matrix.environment }}
+#          api-name: ${{ matrix.product }}
+#          config: .opex/${{ matrix.product }}/env/${{ matrix.environment }}/config.yaml
+#          client-id: ${{ secrets.CLIENT_ID }}
+#          tenant-id: ${{ secrets.TENANT_ID }}
+#          subscription-id: ${{ secrets.SUBSCRIPTION_ID }}
+#          # from https://github.com/pagopa/opex-dashboard-azure-action/pkgs/container/opex-dashboard-azure-action
+#          docker-version: sha256:b17f49fc762cc2049f887f0999642c95b5546d1eb44e5ae19bed080f9d1859d4

.identity/.terraform.lock.hcl

@@ -1,29 +1,10 @@
-data "azurerm_storage_account" "tf_storage_account"{
-  name                = "pagopainfraterraform${var.env}"
-  resource_group_name = "io-infra-rg"
-}
-
-data "azurerm_resource_group" "dashboards" {
-  name = "dashboards"
-}
-
-data "azurerm_resource_group" "apim_resource_group" {
-  name = "${local.product}-api-rg"
-}
-
-data "azurerm_kubernetes_cluster" "aks" {
-  name                = local.aks_cluster.name
-  resource_group_name = local.aks_cluster.resource_group_name
-}
-
 data "github_organization_teams" "all" {
   root_teams_only = true
   summary_only    = true
 }
 
 data "azurerm_key_vault" "key_vault" {
-
-  name = "pagopa-${var.env_short}-kv"
+  name                = "pagopa-${var.env_short}-kv"
   resource_group_name = "pagopa-${var.env_short}-sec-rg"
 }
 
@@ -33,36 +14,43 @@ data "azurerm_key_vault" "domain_key_vault" {
 }
 
 data "azurerm_key_vault_secret" "key_vault_sonar" {
-
-  name = "sonar-token"
+  name         = "sonar-token"
   key_vault_id = data.azurerm_key_vault.key_vault.id
 }
 
 data "azurerm_key_vault_secret" "key_vault_bot_token" {
-
-  name = "bot-token-github"
-  key_vault_id = data.azurerm_key_vault.key_vault.id
+  name         = "pagopa-platform-domain-github-bot-cd-pat"
+  key_vault_id = data.azurerm_key_vault.domain_key_vault.id
 }
 
-data "azurerm_key_vault_secret" "key_vault_cucumber_token" {
+data "azurerm_user_assigned_identity" "workload_identity_clientid" {
+  name                = "${local.domain}-workload-identity"
+  resource_group_name = "pagopa-${var.env_short}-weu-${var.env}-aks-rg"
+}
 
-  name = "cucumber-token"
-  key_vault_id = data.azurerm_key_vault.key_vault.id
+data "azurerm_user_assigned_identity" "identity_cd" {
+  name = "${local.product}-${local.domain}-01-github-cd-identity"
+  resource_group_name = "${local.product}-identity-rg"
 }
 
-data "azurerm_key_vault_secret" "key_vault_read_package_token" {
+data "azurerm_key_vault_secret" "key_vault_deploy_slack_webhook" {
+  name         = "pagopa-pagamenti-deploy-slack-webhook"
+  key_vault_id = data.azurerm_key_vault.domain_key_vault.id
+}
 
-  name = "github-token-read-packages-bot"
-  key_vault_id = data.azurerm_key_vault.key_vault.id
+data "azurerm_key_vault_secret" "key_vault_integration_test_slack_webhook" {
+  name         = "pagopa-pagamenti-integration-test-slack-webhook"
+  key_vault_id = data.azurerm_key_vault.domain_key_vault.id
 }
 
-data "azurerm_user_assigned_identity" "workload_identity_clientid" {
-  name                = "apiconfig-workload-identity"
-  resource_group_name = "pagopa-${var.env_short}-${local.location_short}-${var.env}-aks-rg"
+data "azurerm_key_vault_secret" "key_vault_report_slack_webhook" {
+  name         = "pagopa-pagamenti-report-slack-webhook"
+  key_vault_id = data.azurerm_key_vault.domain_key_vault.id
 }
 
-data "azurerm_user_assigned_identity" "identity_cd_01" {
-  resource_group_name = "${local.product}-identity-rg"
-  name                = "${local.product}-${local.domain}-job-01-github-cd-identity"
+data "azurerm_key_vault_secret" "key_vault_read_package_token" {
+
+  name = "github-token-read-packages-bot"
+  key_vault_id = data.azurerm_key_vault.key_vault.id
 }