Merge pull request #61 from pagopa/github-terraform-apply-fix

feat: Added terraform.sh action
pagopa · Apr 29, 2024 · 7ce2ccd · 7ce2ccd
2 parents 4272952 + d0ae34c
commit 7ce2ccd
Show file tree

Hide file tree

Showing 18 changed files with 75 additions and 85 deletions.
diff --git a/.github/workflows/deploy_with_github_runner.yml b/.github/workflows/deploy_with_github_runner.yml
@@ -50,7 +50,7 @@ jobs:
     environment: ${{ inputs.environment }}
     steps:
       - name: Deploy
-        uses: pagopa/github-actions-template/aks-deploy@main
+        uses: pagopa/github-actions-template/aks-deploy@5db4c9108164a07d96527978da1c3febec934f22 #v1.11.1
         with:
           branch: ${{ github.ref_name }}
           client_id: ${{ secrets.CD_CLIENT_ID }}
@@ -92,34 +92,26 @@ jobs:
       - name: Checkout
         id: checkout
         # from https://github.com/actions/checkout/commits/main
-        uses: actions/checkout@1f9a0c22da41e6ebfa534300ef656657ea2c6707
+        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b #v4.1.4
         with:
           persist-credentials: false
 
+      - name: Read current terraform version
+        run: |
+          VER=$(cat .terraform-version)
+          echo "TERRAFORM_VERSION=$VER" >> $GITHUB_ENV
+
       - name: Setup Terraform
         # from https://github.com/hashicorp/setup-terraform/commits/main
-        uses: hashicorp/setup-terraform@8feba2b913ea459066180f9cb177f58a881cf146
+        uses: hashicorp/setup-terraform@97f030cf6dc0b4f5e0da352c7bca9cca34579800 #v3.1.0
         with:
-          terraform_version: "1.3.6"
+          terraform_version: "${{ env.TERRAFORM_VERSION }}"
 
-      - name: Login
-        id: login
-        # from https://github.com/Azure/login/commits/master
-        uses: azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2
+      - name: Apply terraform.sh
+        uses: pagopa/eng-github-actions-iac-template/azure/terraform-sh-apply-azure-action@ae723dfbdc457ffa6b4acd99f2444fc08c1efb85 #v1.11.0
         with:
-          client-id: ${{ secrets.CD_CLIENT_ID }}
-          tenant-id: ${{ secrets.TENANT_ID }}
-          subscription-id: ${{ secrets.SUBSCRIPTION_ID }}
-
-
-      - name: Terraform Apply
-        shell: bash
-        run: |
-          cd ./infra
-          export ARM_CLIENT_ID="${{ secrets.CD_CLIENT_ID }}"
-          export ARM_SUBSCRIPTION_ID=$(az account show --query id --output tsv)
-          export ARM_TENANT_ID=$(az account show --query tenantId --output tsv)
-          export ARM_USE_OIDC=true
-          export ARM_ACCESS_KEY=$(az storage account keys list --resource-group io-infra-rg --account-name pagopainfraterraform${{inputs.environment}} --query '[0].value' -o tsv)
-          bash ./terraform.sh init weu-${{ inputs.environment }}
-          bash ./terraform.sh apply weu-${{ inputs.environment }} -auto-approve
+          client_id: "${{ secrets.CD_CLIENT_ID }}"
+          tenant_id: "${{ secrets.TENANT_ID }}"
+          subscription_id: "${{ secrets.SUBSCRIPTION_ID }}"
+          tf_environment: "weu-${{ inputs.environment }}"
+          dir: "infra"
diff --git a/.github/workflows/release_deploy.yml b/.github/workflows/release_deploy.yml
@@ -113,20 +113,20 @@ jobs:
       #          branch: ${{ github.ref_name}}
       #          github_token: ${{ secrets.GITHUB_TOKEN }}
       #          tag: ${{ needs.release.outputs.version }}
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b #v4.1.4
         with:
           ref: ${{ github.ref_name }}
 
       - name: Login to GitHub Container Registry
-        uses: docker/login-action@v2
+        uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 #v3.1.0
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Docker meta
         id: meta
-        uses: docker/metadata-action@v4.3.0
+        uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 #v5.5.1
         with:
           images: ghcr.io/${{ github.repository }}
           tags: |
@@ -136,7 +136,7 @@ jobs:
             type=sha
 
       - name: Build and push
-        uses: docker/build-push-action@v4
+        uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 #v5.3.0
         with:
           context: .
           push: true
@@ -166,7 +166,7 @@ jobs:
     steps:
       - name: Report Status
         if: ${{ needs.setup.outputs.environment == 'prod' }}
-        uses: ravsamhq/notify-slack-action@v2
+        uses: ravsamhq/notify-slack-action@be814b201e233b2dc673608aa46e5447c8ab13f2 #v2.5.0
         with:
           status: ${{ needs.deploy_aks.result }}
           token: ${{ secrets.GITHUB_TOKEN }}

diff --git a/helm/Chart.yaml b/helm/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 name: pagopa-api-cache-chart
 description: Microservice that handles calculation for pagoPA Advanced Fees Management
 type: application
-version: 0.63.0
+version: 0.64.0
 dependencies:
   - name: microservice-chart
     version: 3.0.0
@@ -54,4 +54,4 @@ dependencies:
     repository: "https://pagopa.github.io/aks-cron-chart-blueprint"
     alias: refresh-oprod
     condition: oracleprod.enabled
-appVersion: 0.9.6
+appVersion: 0.9.6-1-github-terraform-apply-fix
diff --git a/helm/values-dev.yaml b/helm/values-dev.yaml
@@ -2,7 +2,7 @@ microservice-chart: &microservice-chart
   namespace: "apiconfig"
   image:
     repository: ghcr.io/pagopa/pagopa-api-config-cache
-    tag: 0.9.6
+    tag: 0.9.6-1-github-terraform-apply-fix
   canaryDelivery:
     deployment:
       image:

diff --git a/helm/values-prod.yaml b/helm/values-prod.yaml
@@ -2,7 +2,7 @@ microservice-chart: &microservice-chart
   namespace: "apiconfig"
   image:
     repository: ghcr.io/pagopa/pagopa-api-config-cache
-    tag: 0.9.6
+    tag: 0.9.6-1-github-terraform-apply-fix
   canaryDelivery:
     deployment:
       image:

diff --git a/helm/values-uat.yaml b/helm/values-uat.yaml
@@ -2,7 +2,7 @@ microservice-chart: &microservice-chart
   namespace: "apiconfig"
   image:
     repository: ghcr.io/pagopa/pagopa-api-config-cache
-    tag: 0.9.6
+    tag: 0.9.6-1-github-terraform-apply-fix
   canaryDelivery:
     deployment:
       image:

diff --git a/infra/.terraform-version b/infra/.terraform-version
@@ -0,0 +1 @@
+1.6.6
diff --git a/infra/.terraform.lock.hcl b/infra/.terraform.lock.hcl
diff --git a/infra/04_apim_api.tf b/infra/04_apim_api.tf
@@ -10,7 +10,7 @@ resource "azurerm_api_management_api_version_set" "api_apiconfig_cache_node_api_
 }
 
 module "apim_api_apiconfig_cache_node_api_v1_p" {
-  source                = "git::https://github.com/pagopa/terraform-azurerm-v3.git//api_management_api?ref=v5.1.0"
+  source                = "git::https://github.com/pagopa/terraform-azurerm-v3.git//api_management_api?ref=v8.5.0"
   name                  = format("%s-apiconfig-cache-node-%s-api", local.project, local.postgres)
   api_management_name   = local.apim.name
   resource_group_name   = local.apim.rg
@@ -51,7 +51,7 @@ resource "azurerm_api_management_api_version_set" "api_apiconfig_cache_node_api_
 
 
 module "apim_api_apiconfig_cache_node_api_v1_o" {
-  source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//api_management_api?ref=v5.1.0"
+  source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//api_management_api?ref=v8.5.0"
 
   name                  = format("%s-apiconfig-cache-node-%s-api", local.project, local.oracle)
   api_management_name   = local.apim.name
@@ -92,7 +92,7 @@ resource "azurerm_api_management_api_version_set" "api_apiconfig_cache_node_nexi
 
 module "apim_api_apiconfig_cache_node_nexi_api_dev_v1" {
   count  = var.env_short == "d" ? 1 : 0
-  source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//api_management_api?ref=v6.4.1"
+  source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//api_management_api?ref=v8.5.0"
 
   name                  = format("%s-apiconfig-cache-node-%s-api", local.project, "nexi")
   api_management_name   = local.apim.name
@@ -141,7 +141,7 @@ resource "azurerm_api_management_api_version_set" "api_apiconfig_cache_replica_n
 
 
 module "apim_api_apiconfig_cache_replica_node_api_v1_p" {
-  source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//api_management_api?ref=v6.4.1"
+  source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//api_management_api?ref=v8.5.0"
   count  = var.env_short == "p" ? 0 : 1
 
   name                  = format("%s-apiconfig-cache-replica-node-%s-api", local.project, "p")
@@ -172,7 +172,7 @@ module "apim_api_apiconfig_cache_replica_node_api_v1_p" {
 }
 
 module "apim_api_apiconfig_cache_replica_node_api_v1_o" {
-  source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//api_management_api?ref=v6.4.1"
+  source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//api_management_api?ref=v8.5.0"
   count  = var.env_short == "p" ? 0 : 1
 
   name                  = format("%s-apiconfig-cache-replica-node-%s-api", local.project, "o")

diff --git a/infra/04_apim_export.tf b/infra/04_apim_export.tf
@@ -10,7 +10,7 @@ resource "azurerm_api_management_api_version_set" "api_apiconfig_cache_export_no
 }
 
 module "apim_api_apiconfig_cache_export_node_api_v1_p" {
-  source                = "git::https://github.com/pagopa/terraform-azurerm-v3.git//api_management_api?ref=v5.1.0"
+  source                = "git::https://github.com/pagopa/terraform-azurerm-v3.git//api_management_api?ref=v8.5.0"
   name                  = format("%s-apicfg-cache-export-%s-api", local.project, local.postgres)
   api_management_name   = local.apim.name
   resource_group_name   = local.apim.rg
@@ -50,7 +50,7 @@ resource "azurerm_api_management_api_version_set" "api_apiconfig_cache_export_no
 }
 
 module "apim_api_apiconfig_cache_export_node_api_v1_o" {
-  source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//api_management_api?ref=v5.1.0"
+  source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//api_management_api?ref=v8.5.0"
 
   name                  = format("%s-apicfg-cache-export-%s-api", local.project, local.oracle)
   api_management_name   = local.apim.name
@@ -99,7 +99,7 @@ resource "azurerm_api_management_api_version_set" "api_apiconfig_cache_replica_e
 }
 
 module "apim_api_apiconfig_cache_replica_export_node_api_v1_p" {
-  source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//api_management_api?ref=v6.4.1"
+  source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//api_management_api?ref=v8.5.0"
   count  = var.env_short == "p" ? 0 : 1
 
   name                  = format("%s-apicfg-cache-replica-export-%s-api", local.project, "p")
@@ -130,7 +130,7 @@ module "apim_api_apiconfig_cache_replica_export_node_api_v1_p" {
 }
 
 module "apim_api_apiconfig_cache_replica_export_node_api_v1_o" {
-  source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//api_management_api?ref=v6.4.1"
+  source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//api_management_api?ref=v8.5.0"
   count  = var.env_short == "p" ? 0 : 1
 
   name                  = format("%s-apicfg-cache-replica-export-%s-api", local.project, "o")

diff --git a/infra/99_main.tf b/infra/99_main.tf
@@ -2,15 +2,15 @@ terraform {
   required_providers {
     azurerm = {
       source  = "hashicorp/azurerm"
-      version = ">= 3.30.0"
+      version = "<= 3.95.0"
     }
     azuread = {
       source  = "hashicorp/azuread"
-      version = "2.30.0"
+      version = "<= 2.47.0"
     }
     azapi = {
       source  = "Azure/azapi"
-      version = "= 1.3.0"
+      version = "<= 1.3.0"
     }
   }
 

diff --git a/openapi/openapi.json b/openapi/openapi.json
@@ -4,7 +4,7 @@
     "title": "@project.name@ ${service}",
     "description": "@project.description@",
     "termsOfService": "https://www.pagopa.gov.it/",
-    "version": "0.9.6"
+    "version": "0.9.6-1-github-terraform-apply-fix"
   },
   "servers": [
     {

diff --git a/openapi/openapi_export.json b/openapi/openapi_export.json
@@ -4,7 +4,7 @@
     "title": "@project.name@ ${service}",
     "description": "@project.description@",
     "termsOfService": "https://www.pagopa.gov.it/",
-    "version": "0.9.6"
+    "version": "0.9.6-1-github-terraform-apply-fix"
   },
   "servers": [
     {

diff --git a/openapi/openapi_fdrv1.json b/openapi/openapi_fdrv1.json
@@ -4,7 +4,7 @@
     "title": "@project.name@ ${service}",
     "description": "@project.description@",
     "termsOfService": "https://www.pagopa.gov.it/",
-    "version": "0.9.6"
+    "version": "0.9.6-1-github-terraform-apply-fix"
   },
   "servers": [
     {

diff --git a/openapi/openapi_nodev1.json b/openapi/openapi_nodev1.json
@@ -4,7 +4,7 @@
     "title": "@project.name@ ${service}",
     "description": "@project.description@",
     "termsOfService": "https://www.pagopa.gov.it/",
-    "version": "0.9.6"
+    "version": "0.9.6-1-github-terraform-apply-fix"
   },
   "servers": [
     {

diff --git a/openapi/openapi_standinv1.json b/openapi/openapi_standinv1.json
@@ -4,7 +4,7 @@
     "title": "@project.name@ ${service}",
     "description": "@project.description@",
     "termsOfService": "https://www.pagopa.gov.it/",
-    "version": "0.9.6"
+    "version": "0.9.6-1-github-terraform-apply-fix"
   },
   "servers": [
     {

diff --git a/openapi/openapi_verifierv1.json b/openapi/openapi_verifierv1.json
@@ -4,7 +4,7 @@
     "title": "@project.name@ ${service}",
     "description": "@project.description@",
     "termsOfService": "https://www.pagopa.gov.it/",
-    "version": "0.9.6"
+    "version": "0.9.6-1-github-terraform-apply-fix"
   },
   "servers": [
     {

diff --git a/pom.xml b/pom.xml
@@ -12,7 +12,7 @@
 
   <groupId>it.gov.pagopa.api-config</groupId>
   <artifactId>cache</artifactId>
-  <version>0.9.6</version>
+  <version>0.9.6-1-github-terraform-apply-fix</version>
   <name>API-Config Cache</name>
   <description>Generate cache for various microservices</description>