Merge pull request #58 from pagopa/test-deploy

cd(HELM): [PAGOPA-deploy] Add HELM 3 GHA

.github/workflows/04_release_deploy.yml

@@ -2,8 +2,8 @@ name: Release And Deploy
 
 # Controls when the workflow will run
 on:
-#  pull_request:
-#    types: [ closed ] CURRENTLY COMMENTED IN ORDER TO AVOID AUTOMATIC DEPLOY ON DEV AFTER PR CLOSING
+  #  pull_request:
+  #    types: [ closed ] CURRENTLY COMMENTED IN ORDER TO AVOID AUTOMATIC DEPLOY ON DEV AFTER PR CLOSING
 
   # Allows you to run this workflow manually from the Actions tab
   workflow_dispatch:
@@ -16,6 +16,14 @@ on:
           - dev
           - uat
           - prod
+      component:
+        required: true
+        type: choice
+        description: Select fdr or cron
+        default: "fdr"
+        options:
+          - fdr
+          - cron
       beta:
         required: false
         type: boolean
@@ -44,6 +52,7 @@ jobs:
     outputs:
       semver: ${{ steps.get_semver.outputs.semver }}
       environment: ${{ steps.get_env.outputs.environment }}
+      working_dir: ${{ steps.set_working_directory.outputs.helm_folder }}
     steps:
       - name: pull request rejected
         if: github.event_name == 'pull_request' && github.event.action == 'closed' && github.event.pull_request.merged != true
@@ -83,7 +92,6 @@ jobs:
         name: Set Output
         run: echo "environment=${{env.ENVIRNOMENT}}" >> $GITHUB_OUTPUT
 
-
   release:
     name: Create a New Release
     runs-on: ubuntu-latest
@@ -93,26 +101,30 @@ jobs:
     steps:
       - name: Make Release
         id: release
-        uses: pagopa/github-actions-template/maven-release@d91a1fd0b913c9830589be5d86cdb71c90813fae # v1.5.4
+        uses: pagopa/github-actions-template/sbt-release@a93315d4b293eb883c4f126c2bae7dcef2f70c20 # v1.21.0
         with:
           semver: ${{ needs.setup.outputs.semver }}
           github_token: ${{ secrets.BOT_TOKEN_GITHUB }}
           beta: ${{ inputs.beta }}
           skip_ci: false
+          working_directory: helm-${{ inputs.component }}
 
   image:
     needs: [ setup, release ]
     name: Build and Push Docker Image
     runs-on: ubuntu-latest
     if: ${{ inputs.semver != 'skip' }}
     steps:
-      #      - name: Build and Push
-      #        id: semver
-      #        uses: pagopa/github-actions-template/[email protected]
-      #        with:
-      #          branch: ${{ github.ref_name}}
-      #          github_token: ${{ secrets.GITHUB_TOKEN }}
-      #          tag: ${{ needs.release.outputs.version }}
+
+      - name: Checkout Java
+        uses: actions/checkout@v4
+
+      - name: Setup Java
+        uses: actions/setup-java@v4
+        with:
+          distribution: 'temurin'
+          java-version: '11'
+
       - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
         with:
           ref: ${{ github.ref_name }}
@@ -135,10 +147,16 @@ jobs:
             type=ref,event=branch
             type=sha
 
+      - name: Create Dockerfile
+        env:
+          LIGHTBEND_KEY: ${{ secrets.LIGHTBEND_KEY }}
+        run: |
+          ./sbt -v docker:stage
+
       - name: Build and push
         uses: docker/build-push-action@0a97817b6ade9f46837855d676c4cca3a2471fc9 # v4
         with:
-          context: .
+          context: ./fdr/target/docker/stage
           push: true
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
@@ -156,6 +174,7 @@ jobs:
     with:
       environment: ${{ matrix.environment }}
       target: ${{ needs.setup.outputs.environment }}
+      component: ${{ inputs.component }}
     secrets: inherit
 
   notify:

.github/workflows/04h_deploy_with_github_runner.yml

@@ -11,11 +11,14 @@ on:
         required: true
         description: The environment target of the job
         type: string
+      component:
+        required: true
+        description: The component to deploy
+        type: string
 
 env:
   APP_NAME: fdr-nodo
 
-
 permissions:
   id-token: write
   contents: read
@@ -41,6 +44,7 @@ jobs:
           container_app_environment_name: ${{ vars.CONTAINER_APP_ENVIRONMENT_NAME }}
           resource_group_name: ${{ vars.CONTAINER_APP_ENVIRONMENT_RESOURCE_GROUP_NAME }} # RG of the runner
           pat_token: ${{ secrets.BOT_TOKEN_GITHUB }}
+          self_hosted_runner_image_tag: "latest"
 
   deploy:
     needs: [ create_runner ]
@@ -49,8 +53,16 @@ jobs:
     name: Deploy on AKS
     environment: ${{ inputs.environment }}
     steps:
+
+      - name: Set Helm Component
+        id: get_wdir
+        run: |
+          echo "component=helm-${{ inputs.component }}" >> $GITHUB_ENV
+          echo "APP_NAME=${{ inputs.component }}-nodo" >> $GITHUB_ENV
+          echo "Component determined: $component"
+
       - name: Deploy
-        uses: pagopa/github-actions-template/aks-deploy@main
+        uses: pagopa/github-actions-template/aks-deploy@a93315d4b293eb883c4f126c2bae7dcef2f70c20 #v1.21.0
         with:
           branch: ${{ github.ref_name }}
           client_id: ${{ secrets.CD_CLIENT_ID }}
@@ -61,7 +73,8 @@ jobs:
           cluster_name: ${{ vars.CLUSTER_NAME }}
           resource_group: ${{ vars.CLUSTER_RESOURCE_GROUP }}
           app_name: ${{ env.APP_NAME }}
-          helm_upgrade_options: ${{ inputs.environment == 'dev' && ' --debug --set postgresql.enabled=true --set oracle.enabled=true --set oracledev.enabled=true --set oracleprod.enabled=true' || ' --debug --set postgresql.enabled=true --set oracle.enabled=true' }}
+          working_directory: ${{ env.component }}
+          helm_upgrade_options: --set-file ${{ inputs.component }}nodo.configMapFromFile.logback\\.xml=./helm/config/${{ inputs.environment }}/logback.xml --set-file ${{ inputs.component }}nodo.configMapFromFile.config-app\\.conf=./helm/config/${{ inputs.environment }}/config-app.conf
 
   cleanup_runner:
     name: Cleanup Runner
@@ -81,45 +94,46 @@ jobs:
           resource_group_name: ${{ vars.CONTAINER_APP_ENVIRONMENT_RESOURCE_GROUP_NAME }}
           runner_name: ${{ needs.create_runner.outputs.runner_name }}
           pat_token: ${{ secrets.BOT_TOKEN_GITHUB }}
+          self_hosted_runner_image_tag: "latest"
 
-  update_openapi:
-    needs: [ deploy ]
-    runs-on: ubuntu-latest
-    name: Update OpenAPI
-    if: ${{ inputs.target == inputs.environment }}
-    environment: ${{ inputs.environment }}
-    steps:
-      - name: Checkout
-        id: checkout
-        # from https://github.com/actions/checkout/commits/main
-        uses: actions/checkout@1f9a0c22da41e6ebfa534300ef656657ea2c6707
-        with:
-          persist-credentials: false
-
-      - name: Setup Terraform
-        # from https://github.com/hashicorp/setup-terraform/commits/main
-        uses: hashicorp/setup-terraform@8feba2b913ea459066180f9cb177f58a881cf146
-        with:
-          terraform_version: "1.3.6"
-
-      - name: Login
-        id: login
-        # from https://github.com/Azure/login/commits/master
-        uses: azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2
-        with:
-          client-id: ${{ secrets.CD_CLIENT_ID }}
-          tenant-id: ${{ secrets.TENANT_ID }}
-          subscription-id: ${{ secrets.SUBSCRIPTION_ID }}
-
-
-      - name: Terraform Apply
-        shell: bash
-        run: |
-          cd ./infra
-          export ARM_CLIENT_ID="${{ secrets.CD_CLIENT_ID }}"
-          export ARM_SUBSCRIPTION_ID=$(az account show --query id --output tsv)
-          export ARM_TENANT_ID=$(az account show --query tenantId --output tsv)
-          export ARM_USE_OIDC=true
-          export ARM_ACCESS_KEY=$(az storage account keys list --resource-group io-infra-rg --account-name pagopainfraterraform${{inputs.environment}} --query '[0].value' -o tsv)
-          bash ./terraform.sh init weu-${{ inputs.environment }}
-          bash ./terraform.sh apply weu-${{ inputs.environment }} -auto-approve
+#  update_openapi:
+#    needs: [ deploy ]
+#    runs-on: ubuntu-latest
+#    name: Update OpenAPI
+#    if: ${{ inputs.target == inputs.environment }}
+#    environment: ${{ inputs.environment }}
+#    steps:
+#      - name: Checkout
+#        id: checkout
+#        # from https://github.com/actions/checkout/commits/main
+#        uses: actions/checkout@1f9a0c22da41e6ebfa534300ef656657ea2c6707
+#        with:
+#          persist-credentials: false
+#
+#      - name: Setup Terraform
+#        # from https://github.com/hashicorp/setup-terraform/commits/main
+#        uses: hashicorp/setup-terraform@8feba2b913ea459066180f9cb177f58a881cf146
+#        with:
+#          terraform_version: "1.3.6"
+#
+#      - name: Login
+#        id: login
+#        # from https://github.com/Azure/login/commits/master
+#        uses: azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2
+#        with:
+#          client-id: ${{ secrets.CD_CLIENT_ID }}
+#          tenant-id: ${{ secrets.TENANT_ID }}
+#          subscription-id: ${{ secrets.SUBSCRIPTION_ID }}
+#
+#
+#      - name: Terraform Apply
+#        shell: bash
+#        run: |
+#          cd ./infra
+#          export ARM_CLIENT_ID="${{ secrets.CD_CLIENT_ID }}"
+#          export ARM_SUBSCRIPTION_ID=$(az account show --query id --output tsv)
+#          export ARM_TENANT_ID=$(az account show --query tenantId --output tsv)
+#          export ARM_USE_OIDC=true
+#          export ARM_ACCESS_KEY=$(az storage account keys list --resource-group io-infra-rg --account-name pagopainfraterraform${{inputs.environment}} --query '[0].value' -o tsv)
+#          bash ./terraform.sh init weu-${{ inputs.environment }}
+#          bash ./terraform.sh apply weu-${{ inputs.environment }} -auto-approve

.gitignore

@@ -19,14 +19,15 @@ output*yaml
 akka-diagnostics
 lightbend.sbt
 /devops/deploy-local/kustomize-nodo-cron/dev/resources/
-/helm/Chart.lock
-/helm/charts/
-/helm/nodo-cron/Chart.lock
-/helm/nodo/Chart.lock
-/helm/nodo/charts/
-/helm/nodo-cron/charts/
+/helm-old-version/Chart.lock
+/helm-old-version/charts/
+/helm-old-version/nodo-cron/Chart.lock
+/helm-old-version/nodo/Chart.lock
+/helm-old-version/nodo/charts/
+/helm-old-version/nodo-cron/charts/
 *__pycache__
+.identity/.terraform/*!/.run/MainTest dev.run.xml
 .identity/.terraform/*
 /integration-test/reports/
 /integration-test/results/
-**/.venv/
+**/.venv/

.identity/00_data.tf

@@ -65,4 +65,9 @@ data "azurerm_key_vault_secret" "integration_test_subscription_key" {
   count        = var.env_short == "p" ? 0 : 1
   name         = "integration-test-fdr1-subscription-key"
   key_vault_id = data.azurerm_key_vault.domain_key_vault.id
+}
+
+data "azurerm_key_vault_secret" "key_vault_lightbend_key" {
+  name         = "lightbend-key"
+  key_vault_id = data.azurerm_key_vault.domain_key_vault.id
 }

.identity/03_github_environment.tf

@@ -62,6 +62,12 @@ resource "github_actions_environment_variable" "github_environment_runner_variab
   value         = each.value
 }
 
+resource "github_actions_secret" "lightbend_key" {
+  repository       = local.github.repository
+  secret_name      = "LIGHTBEND_KEY"
+  plaintext_value  = data.azurerm_key_vault_secret.key_vault_lightbend_key.value
+}
+
 
 #tfsec:ignore:github-actions-no-plain-text-action-secrets # not real secret
 resource "github_actions_secret" "secret_sonar_token" {
@@ -75,7 +81,7 @@ resource "github_actions_secret" "secret_bot_token" {
 
   repository       = local.github.repository
   secret_name      = "BOT_TOKEN_GITHUB"
-  plaintext_value  = data.azurerm_key_vault_secret.key_vault_bot_token.value
+  plaintext_value  = data.azurerm_key_vault_secret.key_vault_bot_cd_token.value
 }
 
 #tfsec:ignore:github-actions-no-plain-text-action-secrets # not real secret

.run/MainTest dev.run.xml

@@ -6,7 +6,7 @@
       <env name="INSTANCE" value="local" />
     </envs>
     <option name="MAIN_CLASS_NAME" value="eu.sia.pagopa.mains.MainTest" />
-    <module name="pagopa-fdr.fdr" />
+    <module name="fdr" />
     <option name="VM_PARAMETERS" value="-javaagent:./agent/cinnamon-agent-2.16.2.jar" />
     <extension name="coverage">
       <pattern>
@@ -24,6 +24,11 @@
         <ENTRY IS_ENABLED="true" PARSER="runconfig" IS_EXECUTABLE="false" />
       </ENTRIES>
     </extension>
+    <extension name="software.aws.toolkits.jetbrains.core.execution.JavaAwsConnectionExtension">
+      <option name="credential" />
+      <option name="region" />
+      <option name="useCurrentConnection" value="false" />
+    </extension>
     <method v="2">
       <option name="Make" enabled="true" />
     </method>

build.sbt

@@ -52,7 +52,7 @@ lazy val pgversion = "42.5.0"
 lazy val azureStorageBlob = "12.22.2"
 lazy val azureIdentity = "1.9.0"
 
-val lightbendKey = sys.env.getOrElse("LIGHTBEND_KEY","5IDMAq0poMpRYz1HD58Y7c8jQ9kjlFs_yKCMkg3tdeBTeqiL")
+val lightbendKey = sys.env("LIGHTBEND_KEY")
 
 ThisBuild / organization := "eu.sia.pagopa"
 ThisBuild / scalaVersion := "2.13.6"

helm/fdr-cron/Chart.yaml → helm-cron/helm/Chart.yaml

@@ -3,9 +3,9 @@ name: fdr-cron-chart
 description: Flussi di rendicontazione cron job
 type: application
 version: 2.1.9
-appVersion: 2.1.9
+appVersion: 2.1.9-40-deploy-gh-action
 dependencies:
   - name: cron-chart
     version: 2.3.0
     repository: "https://pagopa.github.io/aks-cron-chart-blueprint"
-    alias: cj-ftp-upload
+    alias: cronnodo

helm/fdr-cron/weu-dev/values-dev.yaml → helm-cron/helm/values-dev.yaml

@@ -1,4 +1,4 @@
-cj-ftp-upload:
+cronnodo:
   namespace: "fdr"
   schedule: "4 * * * *"
   args: [ ftpUpload ]
@@ -8,8 +8,8 @@ cj-ftp-upload:
   parallelism: 1
   terminationGracePeriodSeconds: 140
   image:
-    repository: pagopadcommonacr.azurecr.io/pagopafdrnododeipagamenti
-    tag: "1.0.0-SNAPSHOT"
+    repository: ghcr.io/pagopa/pagopa-fdr-nodo-dei-pagamenti
+    tag: 2.1.9-40-test-deploy
   tmpVolumeMount:
     create: true
   resources:
@@ -48,6 +48,9 @@ cj-ftp-upload:
     BLOB_RE_CONTAINER_NAME: "payload"
     AZURE_STORAGE_BLOB_NAME: "xmlsharefile"
     ADDITIONAL_FDR_VALIDATIONS: "true"
+    AZURE_QUEUE_NAME: "queueconversion"
+    EVENT_HUB_FLOWTX_NAME: "fdr-qi-flows"
+    EVENT_HUB_REPORTEDIUV_NAME: "fdr-qi-reported-iuv"
   secretProvider:
     create: true
     envSecrets:
@@ -59,6 +62,8 @@ cj-ftp-upload:
       FDR_SUBSCRIPTION_KEY: "fdr-subscription-key-string"
       FDR_LEGACY_SUBSCRIPTION_KEY: "fdr-legacy-subscription-key"
       DB_FDR_PASSWORD: "db-fdr-password"
+      EVENT_HUB_REPORTEDIUV_CONNECTION_STRING: "fdr-qi-reported-iuv-tx-connection-string"
+      EVENT_HUB_FLOWTX_CONNECTION_STRING: "fdr-qi-flows-tx-connection-string"
     keyvault:
       name: "pagopa-d-fdr-kv"
       tenantId: "7788edaf-0346-4068-9d79-c868aed15b3d"

helm/fdr-cron/weu-prod/values-prod.yaml → helm-cron/helm/values-prod.yaml

@@ -1,4 +1,4 @@
-cj-ftp-upload:
+cronnodo:
   namespace: "fdr"
   schedule: "0/5 * * * *"
   args: [ ftpUpload ]

helm/fdr-cron/weu-uat/values-uat.yaml → helm-cron/helm/values-uat.yaml

@@ -1,4 +1,4 @@
-cj-ftp-upload:
+cronnodo:
   namespace: "fdr"
   schedule: "0/5 * * * *"
   args: [ ftpUpload ]