Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[EC-62] Migrate pipelines to container app jobs and managed identities #811

Merged
merged 11 commits into from
Jan 5, 2024
Merged

[EC-62] Migrate pipelines to container app jobs and managed identities #811

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
73ea4b6
remove custom gh runner from pipelines
Krusty93 Dec 22, 2023
fd30b67
test without environment
Krusty93 Dec 22, 2023
f1cc248
ci env
Krusty93 Jan 2, 2024
8d7141d
add ad group permissions
Krusty93 Jan 3, 2024
c71a8b7
update other pipelines
Krusty93 Jan 3, 2024
b8585f0
add permissions
Krusty93 Jan 3, 2024
2b6824f
fix permission
Krusty93 Jan 3, 2024
f9c7fde
add comments
Krusty93 Jan 4, 2024
203d826
change permissions to single mi
Krusty93 Jan 4, 2024
a779907
remove old groups
Krusty93 Jan 4, 2024
399e2dd
docs
Krusty93 Jan 4, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
73 changes: 7 additions & 66 deletions .github/workflows/ioweb_prod_cd.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ name: Continuous Delivery on prod ioweb

on:
workflow_dispatch:
# Trigger the workflow on push on the main branch
push:
branches:
- main
Expand All @@ -19,30 +18,11 @@ env:
AZURE_ENVIRONMENT: prod

jobs:
create_runner:
name: Create Runner
runs-on: ubuntu-22.04
environment: prod-runner
outputs:
runner_name: ${{ steps.create_github_runner.outputs.runner_name }}
steps:
- name: Create GitHub Runner
id: create_github_runner
# from https://github.com/pagopa/eng-github-actions-iac-template/tree/main/azure/github-self-hosted-runner-azure-create-action
uses: pagopa/eng-github-actions-iac-template/azure/github-self-hosted-runner-azure-create-action@main
with:
client_id: ${{ secrets.AZURE_CLIENT_ID }}
tenant_id: ${{ secrets.AZURE_TENANT_ID }}
subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
container_app_environment_name: ${{ secrets.AZURE_CONTAINER_APP_ENVIRONMENT_NAME }}
resource_group_name: ${{ secrets.AZURE_RESOURCE_GROUP_NAME }}
pat_token: ${{ secrets.BOT_TOKEN }}

terraform_preapply_job:
name: Terraform Pre Apply
runs-on: [self-hosted, "${{ needs.create_runner.outputs.runner_name }}"]
runs-on: self-hosted
environment: prod-ci
needs: create_runner
steps:
- name: Checkout
id: checkout
Expand All @@ -61,83 +41,44 @@ jobs:
# from https://github.com/pagopa/terraform-preapply-azure-action/commits/main
uses: pagopa/terraform-preapply-azure-action@54ded8cda3437c3f6a9f46baf69cb321ce82f5cd
with:
client_id: ${{ secrets.AZURE_CLIENT_ID }}
client_id: ${{ secrets.AZURE_CLIENT_ID_CI }}
tenant_id: ${{ secrets.AZURE_TENANT_ID }}
subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
dir: ${{ env.DIR }}-common
azure_environment: prod

# - name: Terraform pre apply app (weu-beta)
# # from https://github.com/pagopa/terraform-preapply-azure-action/commits/main
# uses: pagopa/terraform-preapply-azure-action@54ded8cda3437c3f6a9f46baf69cb321ce82f5cd
# with:
# client_id: ${{ secrets.AZURE_CLIENT_ID }}
# tenant_id: ${{ secrets.AZURE_TENANT_ID }}
# subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
# dir: ${{ env.DIR }}-app
# azure_environment: weu-beta

- name: Terraform pre apply app (weu-prod01)
# from https://github.com/pagopa/terraform-preapply-azure-action/commits/main
uses: pagopa/terraform-preapply-azure-action@54ded8cda3437c3f6a9f46baf69cb321ce82f5cd
with:
client_id: ${{ secrets.AZURE_CLIENT_ID }}
client_id: ${{ secrets.AZURE_CLIENT_ID_CI }}
tenant_id: ${{ secrets.AZURE_TENANT_ID }}
subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
dir: ${{ env.DIR }}-app
azure_environment: weu-prod01

terraform_apply_job:
name: Terraform Apply
runs-on: [self-hosted, "${{ needs.create_runner.outputs.runner_name }}"]
runs-on: self-hosted
environment: prod-cd
needs: [create_runner, terraform_preapply_job]
needs: [terraform_preapply_job]
steps:
- name: Terraform apply common
# from https://github.com/pagopa/terraform-apply-azure-action/commits/main
uses: pagopa/terraform-apply-azure-action@87efc4aa9b093b99ae5fd1915977e29cd80861ab
with:
client_id: ${{ secrets.AZURE_CLIENT_ID }}
client_id: ${{ secrets.AZURE_CLIENT_ID_CD }}
tenant_id: ${{ secrets.AZURE_TENANT_ID }}
subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
dir: ${{ env.DIR }}-common
azure_environment: prod

# - name: Terraform apply app (weu-beta)
# # from https://github.com/pagopa/terraform-apply-azure-action/commits/main
# uses: pagopa/terraform-apply-azure-action@87efc4aa9b093b99ae5fd1915977e29cd80861ab
# with:
# client_id: ${{ secrets.AZURE_CLIENT_ID }}
# tenant_id: ${{ secrets.AZURE_TENANT_ID }}
# subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
# dir: ${{ env.DIR }}-app
# azure_environment: weu-beta

- name: Terraform apply app (weu-prod01)
# from https://github.com/pagopa/terraform-apply-azure-action/commits/main
uses: pagopa/terraform-apply-azure-action@87efc4aa9b093b99ae5fd1915977e29cd80861ab
with:
client_id: ${{ secrets.AZURE_CLIENT_ID }}
client_id: ${{ secrets.AZURE_CLIENT_ID_CD }}
tenant_id: ${{ secrets.AZURE_TENANT_ID }}
subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
dir: ${{ env.DIR }}-app
azure_environment: weu-prod01

cleanup_runner:
name: Cleanup Runner
if: always()
runs-on: ubuntu-22.04
environment: prod-runner
needs: [create_runner, terraform_preapply_job, terraform_apply_job]
steps:
- name: Cleanup GitHub Runner
id: cleanup_github_runner
# from https://github.com/pagopa/github-self-hosted-runner-azure-cleanup-action/commits/main
uses: pagopa/github-self-hosted-runner-azure-cleanup-action@97731a35e6ffc79b66c4dfd2aae5e4fd04e3ebb5
with:
client_id: ${{ secrets.AZURE_CLIENT_ID }}
tenant_id: ${{ secrets.AZURE_TENANT_ID }}
subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
resource_group_name: ${{ secrets.AZURE_RESOURCE_GROUP_NAME }}
runner_name: ${{ needs.create_runner.outputs.runner_name }}
pat_token: ${{ secrets.BOT_TOKEN }}
55 changes: 4 additions & 51 deletions .github/workflows/ioweb_prod_ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ on:
- edited
- synchronize
- reopened
- ready_for_review
paths:
- "src/domains/ioweb**"
- ".github/workflows/ioweb_prod**"
Expand All @@ -21,30 +22,11 @@ env:
AZURE_ENVIRONMENT: prod

jobs:
create_runner:
name: Create Runner
runs-on: ubuntu-22.04
environment: prod-runner
outputs:
runner_name: ${{ steps.create_github_runner.outputs.runner_name }}
steps:
- name: Create GitHub Runner
id: create_github_runner
# from https://github.com/pagopa/eng-github-actions-iac-template/tree/main/azure/github-self-hosted-runner-azure-create-action
uses: pagopa/eng-github-actions-iac-template/azure/github-self-hosted-runner-azure-create-action@main
with:
client_id: ${{ secrets.AZURE_CLIENT_ID }}
tenant_id: ${{ secrets.AZURE_TENANT_ID }}
subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
container_app_environment_name: ${{ secrets.AZURE_CONTAINER_APP_ENVIRONMENT_NAME }}
resource_group_name: ${{ secrets.AZURE_RESOURCE_GROUP_NAME }}
pat_token: ${{ secrets.BOT_TOKEN }}

terraform_plan_job:
name: Terraform Plan
runs-on: [self-hosted, "${{ needs.create_runner.outputs.runner_name }}"]
runs-on: self-hosted
environment: prod-ci
needs: create_runner
steps:
- name: Checkout
id: checkout
Expand All @@ -63,47 +45,18 @@ jobs:
# from https://github.com/pagopa/terraform-plan-azure-action/commits/main
uses: pagopa/terraform-plan-azure-action@392aca28cbb33f5dc28215dfb72385e136fd813b
with:
client_id: ${{ secrets.AZURE_CLIENT_ID }}
client_id: ${{ secrets.AZURE_CLIENT_ID_CI }}
tenant_id: ${{ secrets.AZURE_TENANT_ID }}
subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
dir: ${{ env.DIR }}-common
azure_environment: prod

# - name: Terraform plan app (weu-beta)
# # from https://github.com/pagopa/terraform-plan-azure-action/commits/main
# uses: pagopa/terraform-plan-azure-action@392aca28cbb33f5dc28215dfb72385e136fd813b
# with:
# client_id: ${{ secrets.AZURE_CLIENT_ID }}
# tenant_id: ${{ secrets.AZURE_TENANT_ID }}
# subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
# dir: ${{ env.DIR }}-app
# azure_environment: weu-beta

- name: Terraform plan app (weu-prod01)
# from https://github.com/pagopa/terraform-plan-azure-action/commits/main
uses: pagopa/terraform-plan-azure-action@392aca28cbb33f5dc28215dfb72385e136fd813b
with:
client_id: ${{ secrets.AZURE_CLIENT_ID }}
client_id: ${{ secrets.AZURE_CLIENT_ID_CI }}
tenant_id: ${{ secrets.AZURE_TENANT_ID }}
subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
dir: ${{ env.DIR }}-app
azure_environment: weu-prod01

cleanup_runner:
name: Cleanup Runner
if: always()
runs-on: ubuntu-22.04
environment: prod-runner
needs: [create_runner, terraform_plan_job]
steps:
- name: Cleanup GitHub Runner
id: cleanup_github_runner
# from https://github.com/pagopa/eng-github-actions-iac-template/tree/main/azure/github-self-hosted-runner-azure-cleanup-action
uses: pagopa/eng-github-actions-iac-template/azure/github-self-hosted-runner-azure-cleanup-action@main
with:
client_id: ${{ secrets.AZURE_CLIENT_ID }}
tenant_id: ${{ secrets.AZURE_TENANT_ID }}
subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
resource_group_name: ${{ secrets.AZURE_RESOURCE_GROUP_NAME }}
runner_name: ${{ needs.create_runner.outputs.runner_name }}
pat_token: ${{ secrets.BOT_TOKEN }}
55 changes: 3 additions & 52 deletions .github/workflows/ioweb_prod_drift.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,30 +14,11 @@ env:
AZURE_ENVIRONMENT: prod

jobs:
create_runner:
name: Create Runner
runs-on: ubuntu-22.04
environment: prod-runner
outputs:
runner_name: ${{ steps.create_github_runner.outputs.runner_name }}
steps:
- name: Create GitHub Runner
id: create_github_runner
# from https://github.com/pagopa/eng-github-actions-iac-template/tree/main/azure/github-self-hosted-runner-azure-create-action
uses: pagopa/eng-github-actions-iac-template/azure/github-self-hosted-runner-azure-create-action@main
with:
client_id: ${{ secrets.AZURE_CLIENT_ID }}
tenant_id: ${{ secrets.AZURE_TENANT_ID }}
subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
container_app_environment_name: ${{ secrets.AZURE_CONTAINER_APP_ENVIRONMENT_NAME }}
resource_group_name: ${{ secrets.AZURE_RESOURCE_GROUP_NAME }}
pat_token: ${{ secrets.BOT_TOKEN }}

terraform_driftdetection_job:
name: Terraform Drift Detection
runs-on: [self-hosted, "${{ needs.create_runner.outputs.runner_name }}"]
runs-on: self-hosted
environment: prod-ci
needs: create_runner
steps:
- name: Checkout
id: checkout
Expand All @@ -56,48 +37,18 @@ jobs:
# from https://github.com/pagopa/terraform-driftdetection-azure-action/commits/main
uses: pagopa/terraform-driftdetection-azure-action@71bd771b3a071c78b36e5e0ecbd666ac39b1113c
with:
client_id: ${{ secrets.AZURE_CLIENT_ID }}
client_id: ${{ secrets.AZURE_CLIENT_ID_CI }}
tenant_id: ${{ secrets.AZURE_TENANT_ID }}
subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
dir: ${{ env.DIR }}-common
azure_environment: prod

# - name: Terraform drift detection app (weu-beta)
# # from https://github.com/pagopa/terraform-driftdetection-azure-action/commits/main
# uses: pagopa/terraform-driftdetection-azure-action@71bd771b3a071c78b36e5e0ecbd666ac39b1113c
# with:
# client_id: ${{ secrets.AZURE_CLIENT_ID }}
# tenant_id: ${{ secrets.AZURE_TENANT_ID }}
# subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
# dir: ${{ env.DIR }}-app
# azure_environment: weu-beta

- name: Terraform drift detection app (weu-prod01)
# from https://github.com/pagopa/terraform-driftdetection-azure-action/commits/main
uses: pagopa/terraform-driftdetection-azure-action@71bd771b3a071c78b36e5e0ecbd666ac39b1113c
with:
client_id: ${{ secrets.AZURE_CLIENT_ID }}
client_id: ${{ secrets.AZURE_CLIENT_ID_CI }}
tenant_id: ${{ secrets.AZURE_TENANT_ID }}
subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
dir: ${{ env.DIR }}-app
azure_environment: weu-prod01

cleanup_runner:
name: Cleanup Runner
if: always()
runs-on: ubuntu-22.04
environment: prod-runner
needs: [create_runner, terraform_driftdetection_job]
steps:
- name: Cleanup GitHub Runner
id: cleanup_github_runner
# from https://github.com/pagopa/github-self-hosted-runner-azure-cleanup-action/commits/main
uses: pagopa/github-self-hosted-runner-azure-cleanup-action@97731a35e6ffc79b66c4dfd2aae5e4fd04e3ebb5
with:
client_id: ${{ secrets.AZURE_CLIENT_ID }}
tenant_id: ${{ secrets.AZURE_TENANT_ID }}
subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
resource_group_name: ${{ secrets.AZURE_RESOURCE_GROUP_NAME }}
runner_name: ${{ needs.create_runner.outputs.runner_name }}
pat_token: ${{ secrets.BOT_TOKEN }}

Loading