diff --git a/.changeset/giant-owls-sin.md b/.changeset/giant-owls-sin.md
new file mode 100644
index 000000000..fe6088456
--- /dev/null
+++ b/.changeset/giant-owls-sin.md
@@ -0,0 +1,5 @@
+---
+"azure_core_infra": patch
+---
+
+Added GitHub Runner and Log Analytics configuration
diff --git a/infra/github-runner/dev/.terraform.lock.hcl b/infra/github-runner/dev/.terraform.lock.hcl
new file mode 100644
index 000000000..fc61373aa
--- /dev/null
+++ b/infra/github-runner/dev/.terraform.lock.hcl
@@ -0,0 +1,25 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/azurerm" {
+ version = "3.117.0"
+ constraints = ">= 3.110.0, <= 3.117.0, < 5.0.0"
+ hashes = [
+ "h1:Ew2CcKxce0b1gv3KpztpPt54dw1y7qEnkda5n0fuoPg=",
+ "h1:Ynfg+Iy7x6K8M6W1AhqXCe3wkoiqIQhROlca7C3KC3w=",
+ "h1:h4lGsuXDO9QRtFWrJrCWU355FDnlzX8CqKdTtZsgoBI=",
+ "h1:pAXy9cKU+bX1rvWog4YWeLbg7VFHqRTAFKbjayIXK1k=",
+ "zh:2e25f47492366821a786762369f0e0921cc9452d64bfd5075f6fdfcf1a9c6d70",
+ "zh:41eb34f2f7469bf3eb1019dfb0e7fc28256f809824016f4f8b9d691bf473b2ac",
+ "zh:48bb9c87b3d928da1abc1d3db75453c9725de4674c612daf3800160cc7145d30",
+ "zh:5d6b0de0bbd78943fcc65c53944ef4496329e247f434c6eab86ed051c5cea67b",
+ "zh:78c9f6fdb1206a89cf0e6706b4f46178169a93b6c964a4cad8a321058ccbd9b4",
+ "zh:793b702c352589d4360b580d4a1cf654a7439d2ad6bdb7bfea91de07bc4b0fac",
+ "zh:7ed687ff0a5509463a592f97431863574fe5cc80a34e395be06766215b8c6285",
+ "zh:955ba18789bd15592824eb426a8d0f38595bd09fffc6939c1c58933489c1a71e",
+ "zh:bf5949a55be0714cd9c8815d472eae4baa48ba06d0f6bf2b96775869acda8a54",
+ "zh:da5d31f635abd2c645ffc76d6176d73f646128e73720cc368247cc424975c127",
+ "zh:eed5a66d59883c9c56729b0a964a2b60d758ea7489ef3e920a6fbd48518ce5f5",
+ "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
+ ]
+}
diff --git a/infra/github-runner/dev/README.md b/infra/github-runner/dev/README.md
new file mode 100644
index 000000000..8696ed64a
--- /dev/null
+++ b/infra/github-runner/dev/README.md
@@ -0,0 +1,39 @@
+# dev
+
+
+## Requirements
+
+| Name | Version |
+|------|---------|
+| [azurerm](#requirement\_azurerm) | <= 3.117.0 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| [azurerm](#provider\_azurerm) | 3.117.0 |
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| [container\_app\_job\_selfhosted\_runner](#module\_container\_app\_job\_selfhosted\_runner) | ../../modules/github_selfhosted_runner_on_container_app_jobs | n/a |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [azurerm_container_app_environment.gh_runner](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/container_app_environment) | data source |
+| [azurerm_key_vault.key_vault](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault) | data source |
+| [azurerm_resource_group.gh_runner](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source |
+
+## Inputs
+
+No inputs.
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| [container\_app\_job](#output\_container\_app\_job) | n/a |
+
diff --git a/infra/github-runner/dev/data.tf b/infra/github-runner/dev/data.tf
new file mode 100644
index 000000000..1cbf6c041
--- /dev/null
+++ b/infra/github-runner/dev/data.tf
@@ -0,0 +1,13 @@
+data "azurerm_resource_group" "gh_runner" {
+ name = "${local.prefix}-${local.env_short}-${local.location_short}-github-runner-rg-${local.suffix}"
+}
+
+data "azurerm_container_app_environment" "gh_runner" {
+ name = "${local.prefix}-${local.env_short}-${local.location_short}-github-runner-cae-${local.suffix}"
+ resource_group_name = data.azurerm_resource_group.gh_runner.name
+}
+
+data "azurerm_key_vault" "key_vault" {
+ name = "${local.prefix}-${local.env_short}-${local.location_short}-common-kv-${local.suffix}"
+ resource_group_name = "${local.prefix}-${local.env_short}-${local.location_short}-common-rg-${local.suffix}"
+}
\ No newline at end of file
diff --git a/infra/github-runner/dev/locals.tf b/infra/github-runner/dev/locals.tf
new file mode 100644
index 000000000..4f3b45560
--- /dev/null
+++ b/infra/github-runner/dev/locals.tf
@@ -0,0 +1,16 @@
+locals {
+ prefix = "dx"
+ suffix = "01"
+ env_short = "d"
+ location = "italynorth"
+ location_short = "itn"
+ repo_name = "dx"
+
+ tags = {
+ CostCenter = "TS700 - ENGINEERING"
+ CreatedBy = "Terraform"
+ Environment = "Dev"
+ Owner = "DevEx"
+ Source = "https://github.com/pagopa/dx/blob/main/infra/resources/dev"
+ }
+}
\ No newline at end of file
diff --git a/infra/github-runner/dev/main.tf b/infra/github-runner/dev/main.tf
new file mode 100644
index 000000000..9a0e30f00
--- /dev/null
+++ b/infra/github-runner/dev/main.tf
@@ -0,0 +1,50 @@
+terraform {
+ required_providers {
+ azurerm = {
+ source = "hashicorp/azurerm"
+ version = "<= 3.117.0"
+ }
+ }
+
+ backend "azurerm" {
+ resource_group_name = "terraform-state-rg"
+ storage_account_name = "tfdevdx"
+ container_name = "terraform-state"
+ key = "dx.github-runner.dev.tfstate"
+ }
+}
+
+provider "azurerm" {
+ features {
+ }
+}
+
+module "container_app_job_selfhosted_runner" {
+ source = "../../modules/github_selfhosted_runner_on_container_app_jobs"
+
+ environment = {
+ prefix = local.prefix
+ env_short = local.env_short
+ location = local.location
+ instance_number = local.suffix
+ }
+
+ resource_group_name = data.azurerm_resource_group.gh_runner.name
+
+ repository = {
+ name = local.repo_name
+ }
+
+ container_app_environment = {
+ id = data.azurerm_container_app_environment.gh_runner.id
+ location = local.location
+ }
+
+ key_vault = {
+ name = data.azurerm_key_vault.key_vault.name
+ resource_group_name = data.azurerm_key_vault.key_vault.resource_group_name
+ use_rbac = true
+ }
+
+ tags = local.tags
+}
\ No newline at end of file
diff --git a/infra/github-runner/dev/outputs.tf b/infra/github-runner/dev/outputs.tf
new file mode 100644
index 000000000..75a417041
--- /dev/null
+++ b/infra/github-runner/dev/outputs.tf
@@ -0,0 +1,7 @@
+output "container_app_job" {
+ value = {
+ id = module.container_app_job_selfhosted_runner.container_app_job.id
+ name = module.container_app_job_selfhosted_runner.container_app_job.name
+ resource_group_name = module.container_app_job_selfhosted_runner.container_app_job.resource_group_name
+ }
+}
diff --git a/infra/identity/dev/README.md b/infra/identity/dev/README.md
index b98c7d09c..7a31be0fd 100644
--- a/infra/identity/dev/README.md
+++ b/infra/identity/dev/README.md
@@ -19,6 +19,8 @@
| Name | Source | Version |
|------|--------|---------|
| [federated\_identities](#module\_federated\_identities) | ../../modules/azure_federated_identity_with_github | n/a |
+| [roles\_cd](#module\_roles\_cd) | ../../modules/azure_role_assignments | n/a |
+| [roles\_ci](#module\_roles\_ci) | ../../modules/azure_role_assignments | n/a |
## Resources
diff --git a/infra/identity/dev/locals.tf b/infra/identity/dev/locals.tf
index e5225fb89..8fecc5533 100644
--- a/infra/identity/dev/locals.tf
+++ b/infra/identity/dev/locals.tf
@@ -1,10 +1,11 @@
locals {
- prefix = "dx"
- env_short = "d"
- env = "dev"
- location = "italynorth"
- project = "${local.prefix}-${local.env_short}"
+ prefix = "dx"
+ env_short = "d"
+ env = "dev"
+ location = "italynorth"
+ location_short = "itn"
+ project = "${local.prefix}-${local.env_short}"
repo_name = "dx"
diff --git a/infra/identity/dev/main.tf b/infra/identity/dev/main.tf
index 2e24e06cb..272c57b75 100644
--- a/infra/identity/dev/main.tf
+++ b/infra/identity/dev/main.tf
@@ -58,3 +58,33 @@ module "federated_identities" {
azurerm_resource_group.rg_identity
]
}
+
+module "roles_ci" {
+ source = "../../modules/azure_role_assignments"
+ principal_id = module.federated_identities.federated_ci_identity.id
+
+ key_vault = [
+ {
+ name = "${local.project}-${local.location_short}-common-kv-01"
+ resource_group_name = "${local.project}-${local.location_short}-common-rg-01"
+ roles = {
+ secrets = "reader"
+ }
+ }
+ ]
+}
+
+module "roles_cd" {
+ source = "../../modules/azure_role_assignments"
+ principal_id = module.federated_identities.federated_cd_identity.id
+
+ key_vault = [
+ {
+ name = "${local.project}-${local.location_short}-common-kv-01"
+ resource_group_name = "${local.project}-${local.location_short}-common-rg-01"
+ roles = {
+ secrets = "reader"
+ }
+ }
+ ]
+}
diff --git a/infra/modules/azure_core_infra/README.md b/infra/modules/azure_core_infra/README.md
index 94d1f3229..08add061f 100644
--- a/infra/modules/azure_core_infra/README.md
+++ b/infra/modules/azure_core_infra/README.md
@@ -42,9 +42,12 @@ module "core" {
| Name | Source | Version |
|------|--------|---------|
+| [common\_log\_analytics](#module\_common\_log\_analytics) | ./_modules/log_analytics | n/a |
| [dns](#module\_dns) | ./_modules/dns | n/a |
+| [github\_runner](#module\_github\_runner) | ./_modules/github_runner | n/a |
| [key\_vault](#module\_key\_vault) | ./_modules/key_vault | n/a |
| [naming\_convention](#module\_naming\_convention) | ../azure_naming_convention | n/a |
+| [naming\_convention\_gh\_runner](#module\_naming\_convention\_gh\_runner) | ../azure_naming_convention | n/a |
| [nat\_gateway](#module\_nat\_gateway) | ./_modules/nat_gateway | n/a |
| [network](#module\_network) | ./_modules/networking | n/a |
| [vpn](#module\_vpn) | ./_modules/vpn | n/a |
@@ -54,6 +57,7 @@ module "core" {
| Name | Type |
|------|------|
| [azurerm_resource_group.common](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
+| [azurerm_resource_group.gh_runner](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
| [azurerm_resource_group.network](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
| [azurerm_resource_group.test](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
| [azurerm_client_config.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/client_config) | data source |
@@ -63,6 +67,7 @@ module "core" {
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| [environment](#input\_environment) | Values which are used to generate resource names and location short names. They are all mandatory except for domain, which should not be used only in the case of a resource used by multiple domains. | object({
prefix = string
env_short = string
location = string
domain = optional(string)
app_name = string
instance_number = string
}) | n/a | yes |
+| [gh\_runner\_snet](#input\_gh\_runner\_snet) | GitHub runner subnet cidr | `string` | `"10.0.242.0/23"` | no |
| [nat\_enabled](#input\_nat\_enabled) | Flag to enable nat gateway creation | `bool` | `false` | no |
| [pep\_subnet\_cidr](#input\_pep\_subnet\_cidr) | CIDR block for the private endpoint subnet | `string` | `"10.0.2.0/23"` | no |
| [tags](#input\_tags) | Resources tags | `map(any)` | n/a | yes |
@@ -74,10 +79,12 @@ module "core" {
| Name | Description |
|------|-------------|
+| [common\_key\_vault](#output\_common\_key\_vault) | n/a |
| [common\_nat\_gateways](#output\_common\_nat\_gateways) | n/a |
| [common\_pep\_snet](#output\_common\_pep\_snet) | n/a |
| [common\_resource\_group\_name](#output\_common\_resource\_group\_name) | n/a |
| [common\_vnet](#output\_common\_vnet) | n/a |
+| [github\_runner](#output\_github\_runner) | n/a |
| [network\_resource\_group\_name](#output\_network\_resource\_group\_name) | n/a |
| [test\_resource\_group\_name](#output\_test\_resource\_group\_name) | n/a |
diff --git a/infra/modules/azure_core_infra/_modules/github_runner/README.md b/infra/modules/azure_core_infra/_modules/github_runner/README.md
new file mode 100644
index 000000000..757141448
--- /dev/null
+++ b/infra/modules/azure_core_infra/_modules/github_runner/README.md
@@ -0,0 +1,41 @@
+# github_runner
+
+
+## Requirements
+
+No requirements.
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [azurerm_container_app_environment.cae](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/container_app_environment) | resource |
+| [azurerm_management_lock.lock_cae](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/management_lock) | resource |
+| [azurerm_subnet.runner_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet) | resource |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| [location](#input\_location) | Location | `string` | n/a | yes |
+| [log\_analytics\_workspace\_id](#input\_log\_analytics\_workspace\_id) | n/a | `string` | n/a | yes |
+| [prefix](#input\_prefix) | Prefix for resource names | `string` | n/a | yes |
+| [resource\_group\_name](#input\_resource\_group\_name) | Resource group name | `string` | n/a | yes |
+| [subnet\_cidr](#input\_subnet\_cidr) | n/a | `string` | `"10.0.242.0/23"` | no |
+| [suffix](#input\_suffix) | Suffix for resource names | `string` | `"01"` | no |
+| [tags](#input\_tags) | Resources tags | `map(any)` | n/a | yes |
+| [virtual\_network](#input\_virtual\_network) | Virtual network where to attach private dns zones | object({
id = string
name = string
resource_group_name = string
}) | n/a | yes |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| [cae\_id](#output\_cae\_id) | Container App Environment id |
+| [cae\_name](#output\_cae\_name) | Container App Environment name |
+| [subnet\_id](#output\_subnet\_id) | Subnet id |
+| [subnet\_name](#output\_subnet\_name) | Subnet name |
+
diff --git a/infra/modules/azure_core_infra/_modules/github_runner/container_app_environment.tf b/infra/modules/azure_core_infra/_modules/github_runner/container_app_environment.tf
new file mode 100644
index 000000000..1a63d8bc7
--- /dev/null
+++ b/infra/modules/azure_core_infra/_modules/github_runner/container_app_environment.tf
@@ -0,0 +1,20 @@
+resource "azurerm_container_app_environment" "cae" {
+ name = "${var.prefix}-cae-${var.suffix}"
+ location = var.location
+ resource_group_name = var.resource_group_name
+
+ log_analytics_workspace_id = var.log_analytics_workspace_id
+
+ infrastructure_subnet_id = azurerm_subnet.runner_snet.id
+ zone_redundancy_enabled = false
+ internal_load_balancer_enabled = false
+
+ tags = var.tags
+}
+
+resource "azurerm_management_lock" "lock_cae" {
+ lock_level = "CanNotDelete"
+ name = "${var.prefix}-cae-${var.suffix}"
+ notes = "This Container App Environment cannot be deleted"
+ scope = azurerm_container_app_environment.cae.id
+}
\ No newline at end of file
diff --git a/infra/modules/azure_core_infra/_modules/github_runner/outputs.tf b/infra/modules/azure_core_infra/_modules/github_runner/outputs.tf
new file mode 100644
index 000000000..8ea9ea29e
--- /dev/null
+++ b/infra/modules/azure_core_infra/_modules/github_runner/outputs.tf
@@ -0,0 +1,19 @@
+output "subnet_name" {
+ value = azurerm_subnet.runner_snet.name
+ description = "Subnet name"
+}
+
+output "subnet_id" {
+ value = azurerm_subnet.runner_snet.id
+ description = "Subnet id"
+}
+
+output "cae_id" {
+ value = azurerm_container_app_environment.cae.id
+ description = "Container App Environment id"
+}
+
+output "cae_name" {
+ value = azurerm_container_app_environment.cae.name
+ description = "Container App Environment name"
+}
\ No newline at end of file
diff --git a/infra/modules/azure_core_infra/_modules/github_runner/subnet.tf b/infra/modules/azure_core_infra/_modules/github_runner/subnet.tf
new file mode 100644
index 000000000..54eab4a46
--- /dev/null
+++ b/infra/modules/azure_core_infra/_modules/github_runner/subnet.tf
@@ -0,0 +1,6 @@
+resource "azurerm_subnet" "runner_snet" {
+ name = "${var.prefix}-snet-${var.suffix}"
+ virtual_network_name = var.virtual_network.name
+ resource_group_name = var.virtual_network.resource_group_name
+ address_prefixes = [var.subnet_cidr]
+}
\ No newline at end of file
diff --git a/infra/modules/azure_core_infra/_modules/github_runner/variables.tf b/infra/modules/azure_core_infra/_modules/github_runner/variables.tf
new file mode 100644
index 000000000..a28ca54b9
--- /dev/null
+++ b/infra/modules/azure_core_infra/_modules/github_runner/variables.tf
@@ -0,0 +1,43 @@
+variable "prefix" {
+ type = string
+ description = "Prefix for resource names"
+}
+
+variable "suffix" {
+ type = string
+ description = "Suffix for resource names"
+ default = "01"
+}
+
+variable "resource_group_name" {
+ type = string
+ description = "Resource group name"
+}
+
+variable "location" {
+ type = string
+ description = "Location"
+}
+
+variable "tags" {
+ type = map(any)
+ description = "Resources tags"
+}
+
+variable "virtual_network" {
+ type = object({
+ id = string
+ name = string
+ resource_group_name = string
+ })
+ description = "Virtual network where to attach private dns zones"
+}
+
+variable "log_analytics_workspace_id" {
+ type = string
+}
+
+variable "subnet_cidr" {
+ type = string
+ default = "10.0.242.0/23"
+}
\ No newline at end of file
diff --git a/infra/modules/azure_core_infra/_modules/key_vault/README.md b/infra/modules/azure_core_infra/_modules/key_vault/README.md
index 7ce9c7cfb..64543550c 100644
--- a/infra/modules/azure_core_infra/_modules/key_vault/README.md
+++ b/infra/modules/azure_core_infra/_modules/key_vault/README.md
@@ -32,5 +32,8 @@ No modules.
## Outputs
-No outputs.
+| Name | Description |
+|------|-------------|
+| [id](#output\_id) | n/a |
+| [name](#output\_name) | n/a |
diff --git a/infra/modules/azure_core_infra/_modules/key_vault/outputs.tf b/infra/modules/azure_core_infra/_modules/key_vault/outputs.tf
new file mode 100644
index 000000000..1ac965328
--- /dev/null
+++ b/infra/modules/azure_core_infra/_modules/key_vault/outputs.tf
@@ -0,0 +1,7 @@
+output "id" {
+ value = azurerm_key_vault.common.id
+}
+
+output "name" {
+ value = azurerm_key_vault.common.name
+}
\ No newline at end of file
diff --git a/infra/modules/azure_core_infra/_modules/log_analytics/README.md b/infra/modules/azure_core_infra/_modules/log_analytics/README.md
new file mode 100644
index 000000000..5721c9aa6
--- /dev/null
+++ b/infra/modules/azure_core_infra/_modules/log_analytics/README.md
@@ -0,0 +1,35 @@
+# log_analytics
+
+
+## Requirements
+
+No requirements.
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [azurerm_log_analytics_workspace.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/log_analytics_workspace) | resource |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| [location](#input\_location) | The location in which the Log Analytics will be created | `string` | n/a | yes |
+| [prefix](#input\_prefix) | Prefix for resource names | `string` | n/a | yes |
+| [resource\_group\_name](#input\_resource\_group\_name) | The name of the resource group in which the Log Analytics will be created | `string` | n/a | yes |
+| [suffix](#input\_suffix) | Suffix for resource names | `string` | n/a | yes |
+| [tags](#input\_tags) | A mapping of tags to assign to the resource | `map(any)` | n/a | yes |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| [id](#output\_id) | n/a |
+| [name](#output\_name) | n/a |
+| [workspace\_id](#output\_workspace\_id) | n/a |
+
diff --git a/infra/modules/azure_core_infra/_modules/log_analytics/main.tf b/infra/modules/azure_core_infra/_modules/log_analytics/main.tf
new file mode 100644
index 000000000..fa0b1efd0
--- /dev/null
+++ b/infra/modules/azure_core_infra/_modules/log_analytics/main.tf
@@ -0,0 +1,9 @@
+resource "azurerm_log_analytics_workspace" "this" {
+ name = "${var.prefix}-common-log-${var.suffix}"
+ location = var.location
+ resource_group_name = var.resource_group_name
+ sku = "PerGB2018"
+ retention_in_days = 30
+
+ tags = var.tags
+}
\ No newline at end of file
diff --git a/infra/modules/azure_core_infra/_modules/log_analytics/outputs.tf b/infra/modules/azure_core_infra/_modules/log_analytics/outputs.tf
new file mode 100644
index 000000000..1a0082945
--- /dev/null
+++ b/infra/modules/azure_core_infra/_modules/log_analytics/outputs.tf
@@ -0,0 +1,11 @@
+output "id" {
+ value = azurerm_log_analytics_workspace.this.id
+}
+
+output "name" {
+ value = azurerm_log_analytics_workspace.this.name
+}
+
+output "workspace_id" {
+ value = azurerm_log_analytics_workspace.this.workspace_id
+}
\ No newline at end of file
diff --git a/infra/modules/azure_core_infra/_modules/log_analytics/variables.tf b/infra/modules/azure_core_infra/_modules/log_analytics/variables.tf
new file mode 100644
index 000000000..7e5781185
--- /dev/null
+++ b/infra/modules/azure_core_infra/_modules/log_analytics/variables.tf
@@ -0,0 +1,24 @@
+variable "prefix" {
+ type = string
+ description = "Prefix for resource names"
+}
+
+variable "suffix" {
+ type = string
+ description = "Suffix for resource names"
+}
+
+variable "resource_group_name" {
+ type = string
+ description = "The name of the resource group in which the Log Analytics will be created"
+}
+
+variable "location" {
+ type = string
+ description = "The location in which the Log Analytics will be created"
+}
+
+variable "tags" {
+ type = map(any)
+ description = "A mapping of tags to assign to the resource"
+}
\ No newline at end of file
diff --git a/infra/modules/azure_core_infra/_modules/nat_gateway/README.md b/infra/modules/azure_core_infra/_modules/nat_gateway/README.md
index fbcb6246b..652266029 100644
--- a/infra/modules/azure_core_infra/_modules/nat_gateway/README.md
+++ b/infra/modules/azure_core_infra/_modules/nat_gateway/README.md
@@ -24,7 +24,7 @@ No modules.
| [location](#input\_location) | Location | `string` | n/a | yes |
| [ng\_ippres\_number](#input\_ng\_ippres\_number) | Number of Public IP Prefix assigned to the nat gateway | `number` | `3` | no |
| [ng\_number](#input\_ng\_number) | Number of nat gateways to deploy | `number` | `1` | no |
-| [project](#input\_project) | IO prefix, short environment and short location | `string` | n/a | yes |
+| [project](#input\_project) | env prefix, short environment and short location | `string` | n/a | yes |
| [resource\_group\_name](#input\_resource\_group\_name) | Resource group name | `string` | n/a | yes |
| [tags](#input\_tags) | Resources tags | `map(any)` | n/a | yes |
diff --git a/infra/modules/azure_core_infra/_modules/nat_gateway/variables.tf b/infra/modules/azure_core_infra/_modules/nat_gateway/variables.tf
index 5d3bd84ad..0758f70ef 100644
--- a/infra/modules/azure_core_infra/_modules/nat_gateway/variables.tf
+++ b/infra/modules/azure_core_infra/_modules/nat_gateway/variables.tf
@@ -1,6 +1,6 @@
variable "project" {
type = string
- description = "IO prefix, short environment and short location"
+ description = "env prefix, short environment and short location"
}
variable "resource_group_name" {
diff --git a/infra/modules/azure_core_infra/_modules/networking/README.md b/infra/modules/azure_core_infra/_modules/networking/README.md
index cb71e67b5..228b4d29d 100644
--- a/infra/modules/azure_core_infra/_modules/networking/README.md
+++ b/infra/modules/azure_core_infra/_modules/networking/README.md
@@ -22,7 +22,7 @@ No modules.
|------|-------------|------|---------|:--------:|
| [location](#input\_location) | Location | `string` | n/a | yes |
| [pep\_snet\_cidr](#input\_pep\_snet\_cidr) | PEP subnet CIDR block | `string` | n/a | yes |
-| [project](#input\_project) | IO prefix, short environment and short location | `string` | n/a | yes |
+| [project](#input\_project) | env prefix, short environment and short location | `string` | n/a | yes |
| [resource\_group\_name](#input\_resource\_group\_name) | Resource group name | `string` | n/a | yes |
| [tags](#input\_tags) | Resources tags | `map(any)` | n/a | yes |
| [vnet\_cidr](#input\_vnet\_cidr) | VNet CIDR block | `string` | n/a | yes |
diff --git a/infra/modules/azure_core_infra/_modules/networking/variables.tf b/infra/modules/azure_core_infra/_modules/networking/variables.tf
index 4f5001cb2..737baa2d3 100644
--- a/infra/modules/azure_core_infra/_modules/networking/variables.tf
+++ b/infra/modules/azure_core_infra/_modules/networking/variables.tf
@@ -1,6 +1,6 @@
variable "project" {
type = string
- description = "IO prefix, short environment and short location"
+ description = "env prefix, short environment and short location"
}
variable "resource_group_name" {
diff --git a/infra/modules/azure_core_infra/_modules/vpn/README.md b/infra/modules/azure_core_infra/_modules/vpn/README.md
index 4b31aab92..82da8d078 100644
--- a/infra/modules/azure_core_infra/_modules/vpn/README.md
+++ b/infra/modules/azure_core_infra/_modules/vpn/README.md
@@ -26,7 +26,7 @@ No requirements.
|------|-------------|------|---------|:--------:|
| [dnsforwarder\_cidr\_subnet](#input\_dnsforwarder\_cidr\_subnet) | DNS forwarder network address space. | `string` | n/a | yes |
| [location](#input\_location) | Location | `string` | n/a | yes |
-| [project](#input\_project) | IO prefix, short environment and short location | `string` | n/a | yes |
+| [project](#input\_project) | env prefix, short environment and short location | `string` | n/a | yes |
| [resource\_group\_name](#input\_resource\_group\_name) | Resource group name | `string` | n/a | yes |
| [tags](#input\_tags) | Resources tags | `map(any)` | n/a | yes |
| [tenant\_id](#input\_tenant\_id) | Tenant ID | `string` | n/a | yes |
diff --git a/infra/modules/azure_core_infra/_modules/vpn/variables.tf b/infra/modules/azure_core_infra/_modules/vpn/variables.tf
index ea1db5cbd..973b41047 100644
--- a/infra/modules/azure_core_infra/_modules/vpn/variables.tf
+++ b/infra/modules/azure_core_infra/_modules/vpn/variables.tf
@@ -1,6 +1,6 @@
variable "project" {
type = string
- description = "IO prefix, short environment and short location"
+ description = "env prefix, short environment and short location"
}
variable "resource_group_name" {
diff --git a/infra/modules/azure_core_infra/main.tf b/infra/modules/azure_core_infra/main.tf
index 3f296988c..70245016a 100644
--- a/infra/modules/azure_core_infra/main.tf
+++ b/infra/modules/azure_core_infra/main.tf
@@ -20,6 +20,18 @@ module "naming_convention" {
}
}
+module "naming_convention_gh_runner" {
+ source = "../azure_naming_convention"
+
+ environment = {
+ prefix = var.environment.prefix
+ env_short = var.environment.env_short
+ location = var.environment.location
+ app_name = "github-runner"
+ instance_number = var.environment.instance_number
+ }
+}
+
#------------------------#
# COMMON RESOURCE GROUPS #
#------------------------#
@@ -37,6 +49,13 @@ resource "azurerm_resource_group" "network" {
tags = var.tags
}
+resource "azurerm_resource_group" "gh_runner" {
+ name = "${local.project}-github-runner-rg-01"
+ location = var.environment.location
+
+ tags = var.tags
+}
+
resource "azurerm_resource_group" "test" {
count = var.test_enabled ? 1 : 0
@@ -136,5 +155,45 @@ module "dns" {
name = module.network.vnet.name
}
+ tags = var.tags
+}
+
+#------#
+# LOGS #
+#------#
+
+module "common_log_analytics" {
+ source = "./_modules/log_analytics"
+
+ prefix = local.project
+ suffix = local.suffix
+
+ resource_group_name = azurerm_resource_group.common.name
+ location = var.environment.location
+
+ tags = var.tags
+}
+
+#---------------#
+# GITHUB RUNNER #
+#---------------#
+
+module "github_runner" {
+ source = "./_modules/github_runner"
+
+ prefix = module.naming_convention_gh_runner.prefix
+ suffix = module.naming_convention_gh_runner.suffix
+
+ resource_group_name = azurerm_resource_group.gh_runner.name
+ location = var.environment.location
+ virtual_network = {
+ id = module.network.vnet.id
+ name = module.network.vnet.name
+ resource_group_name = azurerm_resource_group.network.name
+ }
+ subnet_cidr = var.gh_runner_snet
+
+ log_analytics_workspace_id = module.common_log_analytics.id
+
tags = var.tags
}
\ No newline at end of file
diff --git a/infra/modules/azure_core_infra/outputs.tf b/infra/modules/azure_core_infra/outputs.tf
index d1b9ca0ed..46a45ae27 100644
--- a/infra/modules/azure_core_infra/outputs.tf
+++ b/infra/modules/azure_core_infra/outputs.tf
@@ -10,6 +10,14 @@ output "test_resource_group_name" {
value = var.test_enabled ? azurerm_resource_group.test[0].name : null
}
+output "github_runner" {
+ value = {
+ environment_id = module.github_runner.cae_id
+ resource_group_name = azurerm_resource_group.gh_runner.name
+ subnet_id = module.github_runner.subnet_id
+ }
+}
+
# Networking
output "common_vnet" {
@@ -35,4 +43,14 @@ output "common_nat_gateways" {
}
]
])
+}
+
+# Key Vault
+
+output "common_key_vault" {
+ value = {
+ name = module.key_vault.name
+ id = module.key_vault.id
+ resource_group_name = azurerm_resource_group.common.name
+ }
}
\ No newline at end of file
diff --git a/infra/modules/azure_core_infra/variables.tf b/infra/modules/azure_core_infra/variables.tf
index 1f6716e3d..d78fe9721 100644
--- a/infra/modules/azure_core_infra/variables.tf
+++ b/infra/modules/azure_core_infra/variables.tf
@@ -59,3 +59,10 @@ variable "nat_enabled" {
description = "Flag to enable nat gateway creation"
default = false
}
+
+
+variable "gh_runner_snet" {
+ type = string
+ default = "10.0.242.0/23"
+ description = "GitHub runner subnet cidr"
+}
\ No newline at end of file
diff --git a/infra/resources/dev/locals.tf b/infra/resources/dev/locals.tf
index 520f890a7..dafb771de 100644
--- a/infra/resources/dev/locals.tf
+++ b/infra/resources/dev/locals.tf
@@ -5,7 +5,7 @@ locals {
location_short = "itn"
tags = {
- CostCenter = "TS310 - PAGAMENTI & SERVIZI"
+ CostCenter = "TS700 - ENGINEERING"
CreatedBy = "Terraform"
Environment = "Dev"
Owner = "DevEx"
diff --git a/infra/resources/dev/main.tf b/infra/resources/dev/main.tf
index b3d3810cb..614d18c28 100644
--- a/infra/resources/dev/main.tf
+++ b/infra/resources/dev/main.tf
@@ -41,8 +41,9 @@ module "core" {
virtual_network_cidr = "10.50.0.0/16"
pep_subnet_cidr = "10.50.2.0/23"
+ gh_runner_snet = "10.50.242.0/23"
+
vpn = {
- enabled = true
cidr_subnet = "10.50.133.0/24"
dnsforwarder_cidr_subnet = "10.50.252.8/29"
}