feat(wallet): Add pipelines for payment-wallet-event-dispatcher (#323)

pagopa · Apr 10, 2024 · 1cb09f9 · 1cb09f9
1 parent 5244aa1
commit 1cb09f9
Show file tree

Hide file tree

Showing 3 changed files with 135 additions and 1 deletion.
diff --git a/azure-devops/wallet/00_generic.tf b/azure-devops/wallet/00_generic.tf
@@ -11,4 +11,8 @@ data "azurerm_subscriptions" "prod" {
   display_name_prefix = local.prod_subscription_name
 }
 
-
+resource "azurerm_role_assignment" "aks_to_acr" {
+  scope                = module.acr.id
+  role_definition_name = "AcrPull"
+  principal_id         = module.aks.kubelet_identity_id
+}
diff --git a/azure-devops/wallet/06_pagopa-wallet-event-dispatcher-service.tf b/azure-devops/wallet/06_pagopa-wallet-event-dispatcher-service.tf
@@ -0,0 +1,126 @@
+variable "pagopa-payment-wallet-event-dispatcher-service" {
+  default = {
+    repository = {
+      organization    = "pagopa"
+      name            = "pagopa-payment-wallet-event-dispatcher-service"
+      branch_name     = "refs/heads/main"
+      pipelines_path  = ".devops"
+      yml_prefix_name = null
+    }
+    pipeline = {
+      enable_code_review = true
+      enable_deploy      = true
+      sonarcloud = {
+        # TODO azure devops terraform provider does not support SonarCloud service endpoint
+        service_connection = "SONARCLOUD-SERVICE-CONN"
+        org                = "pagopa"
+        project_key        = "pagopa_pagopa-payment-wallet-event-dispatcher-service"
+        project_name       = "pagopa-payment-wallet-event-dispatcher-service"
+      }
+    }
+  }
+}
+
+locals {
+  # global vars
+  pagopa-payment-wallet-event-dispatcher-service-variables = {
+    cache_version_id = "v1"
+    default_branch   = var.pagopa-payment-wallet-event-dispatcher-service.repository.branch_name
+  }
+  # global secrets
+  pagopa-payment-wallet-event-dispatcher-service-variables_secret = {
+
+  }
+  # code_review vars
+  pagopa-payment-wallet-event-dispatcher-service-variables_code_review = {
+    danger_github_api_token = "skip"
+    sonarcloud_service_conn = var.pagopa-payment-wallet-event-dispatcher-service.pipeline.sonarcloud.service_connection
+    sonarcloud_org          = var.pagopa-payment-wallet-event-dispatcher-service.pipeline.sonarcloud.org
+    sonarcloud_project_key  = var.pagopa-payment-wallet-event-dispatcher-service.pipeline.sonarcloud.project_key
+    sonarcloud_project_name = var.pagopa-payment-wallet-event-dispatcher-service.pipeline.sonarcloud.project_name
+  }
+  # code_review secrets
+  pagopa-payment-wallet-event-dispatcher-service-variables_secret_code_review = {
+
+  }
+  # deploy vars
+  pagopa-payment-wallet-event-dispatcher-service-variables_deploy = {
+    github_connection = data.azuredevops_serviceendpoint_github.github_rw.service_endpoint_name
+
+    # acr section
+    k8s_image_repository_name           = replace(var.pagopa-payment-wallet-event-dispatcher-service.repository.name, "-", "")
+    dev_container_registry_service_conn = data.azuredevops_serviceendpoint_azurecr.dev.id
+    dev_container_registry_name         = data.azuredevops_serviceendpoint_azurecr.dev.service_endpoint_name
+    uat_container_registry_service_conn = data.azuredevops_serviceendpoint_azurecr.uat.id
+    uat_container_registry_name         = data.azuredevops_serviceendpoint_azurecr.uat.service_endpoint_name
+
+    # aks section
+    dev_kubernetes_service_conn = azuredevops_serviceendpoint_kubernetes.aks_dev.id
+    uat_kubernetes_service_conn = azuredevops_serviceendpoint_kubernetes.aks_uat.id
+
+    dev_container_namespace = "pagopadcommonacr.azurecr.io"
+    uat_container_namespace = "pagopaucommonacr.azurecr.io"
+    # prod_container_namespace = "pagopapcommonacr.azurecr.io"
+
+  }
+  # deploy secrets
+  pagopa-payment-wallet-event-dispatcher-service-variables_secret_deploy = {
+    git_mail     = module.secrets.values["azure-devops-github-EMAIL"].value
+    git_username = module.secrets.values["azure-devops-github-USERNAME"].value
+    tenant_id    = data.azurerm_client_config.current.tenant_id
+  }
+}
+
+module "pagopa-payment-wallet-event-dispatcher-service_code_review" {
+  source = "git::https://github.com/pagopa/azuredevops-tf-modules.git//azuredevops_build_definition_code_review?ref=v5.1.1"
+  count  = var.pagopa-payment-wallet-event-dispatcher-service.pipeline.enable_code_review == true ? 1 : 0
+
+  project_id                   = data.azuredevops_project.project.id
+  repository                   = var.pagopa-payment-wallet-event-dispatcher-service.repository
+  github_service_connection_id = data.azuredevops_serviceendpoint_github.github_pr.service_endpoint_id
+  path                         = "${local.domain}\\pagopa-payment-wallet-event-dispatcher-service"
+
+  variables = merge(
+    local.pagopa-payment-wallet-event-dispatcher-service-variables,
+    local.pagopa-payment-wallet-event-dispatcher-service-variables_code_review,
+  )
+
+  variables_secret = merge(
+    local.pagopa-payment-wallet-event-dispatcher-service-variables_secret,
+    local.pagopa-payment-wallet-event-dispatcher-service-variables_secret_code_review,
+  )
+
+  service_connection_ids_authorization = [
+    data.azuredevops_serviceendpoint_github.github_ro.id,
+    local.azuredevops_serviceendpoint_sonarcloud_id
+  ]
+}
+
+module "pagopa-payment-wallet-event-dispatcher-service_deploy" {
+  source = "git::https://github.com/pagopa/azuredevops-tf-modules.git//azuredevops_build_definition_deploy?ref=v4.2.1"
+  count  = var.pagopa-payment-wallet-event-dispatcher-service.pipeline.enable_deploy == true ? 1 : 0
+
+  project_id                   = data.azuredevops_project.project.id
+  repository                   = var.pagopa-payment-wallet-event-dispatcher-service.repository
+  github_service_connection_id = data.azuredevops_serviceendpoint_github.github_rw.service_endpoint_id
+  path                         = "${local.domain}\\pagopa-payment-wallet-event-dispatcher-service"
+
+  variables = merge(
+    local.pagopa-payment-wallet-event-dispatcher-service-variables,
+    local.pagopa-payment-wallet-event-dispatcher-service-variables_deploy,
+  )
+
+  variables_secret = merge(
+    local.pagopa-payment-wallet-event-dispatcher-service-variables_secret,
+    local.pagopa-payment-wallet-event-dispatcher-service-variables_secret_deploy,
+  )
+
+  service_connection_ids_authorization = [
+    data.azuredevops_serviceendpoint_github.github_ro.id,
+    data.azuredevops_serviceendpoint_azurecr.dev.id,
+    # azuredevops_serviceendpoint_azurecr.acr_aks_uat.id,
+    # azuredevops_serviceendpoint_azurecr.acr_aks_prod.id,
+    data.azuredevops_serviceendpoint_azurerm.dev.id,
+  ]
+}
+
diff --git a/azure-devops/wallet/README.md b/azure-devops/wallet/README.md
@@ -18,6 +18,8 @@
 | <a name="module_UAT-WALLET-TLS-CERT-SERVICE-CONN"></a> [UAT-WALLET-TLS-CERT-SERVICE-CONN](#module\_UAT-WALLET-TLS-CERT-SERVICE-CONN) | git::https://github.com/pagopa/azuredevops-tf-modules.git//azuredevops_serviceendpoint_federated | v4.2.1 |
 | <a name="module_letsencrypt_dev"></a> [letsencrypt\_dev](#module\_letsencrypt\_dev) | git::https://github.com/pagopa/terraform-azurerm-v3.git//letsencrypt_credential | v7.30.0 |
 | <a name="module_letsencrypt_uat"></a> [letsencrypt\_uat](#module\_letsencrypt\_uat) | git::https://github.com/pagopa/terraform-azurerm-v3.git//letsencrypt_credential | v7.30.0 |
+| <a name="module_pagopa-payment-wallet-event-dispatcher-service_code_review"></a> [pagopa-payment-wallet-event-dispatcher-service\_code\_review](#module\_pagopa-payment-wallet-event-dispatcher-service\_code\_review) | git::https://github.com/pagopa/azuredevops-tf-modules.git//azuredevops_build_definition_code_review | v5.1.1 |
+| <a name="module_pagopa-payment-wallet-event-dispatcher-service_deploy"></a> [pagopa-payment-wallet-event-dispatcher-service\_deploy](#module\_pagopa-payment-wallet-event-dispatcher-service\_deploy) | git::https://github.com/pagopa/azuredevops-tf-modules.git//azuredevops_build_definition_deploy | v4.2.1 |
 | <a name="module_pagopa-payment-wallet-fe_code_review"></a> [pagopa-payment-wallet-fe\_code\_review](#module\_pagopa-payment-wallet-fe\_code\_review) | git::https://github.com/pagopa/azuredevops-tf-modules.git//azuredevops_build_definition_code_review | v5.1.1 |
 | <a name="module_pagopa-payment-wallet-fe_deploy"></a> [pagopa-payment-wallet-fe\_deploy](#module\_pagopa-payment-wallet-fe\_deploy) | git::https://github.com/pagopa/azuredevops-tf-modules.git//azuredevops_build_definition_deploy | v4.2.1 |
 | <a name="module_pagopa-wallet-service_code_review"></a> [pagopa-wallet-service\_code\_review](#module\_pagopa-wallet-service\_code\_review) | git::https://github.com/pagopa/azuredevops-tf-modules.git//azuredevops_build_definition_code_review | v5.1.1 |
@@ -39,6 +41,7 @@
 | [azuredevops_serviceendpoint_kubernetes.aks_uat](https://registry.terraform.io/providers/microsoft/azuredevops/latest/docs/resources/serviceendpoint_kubernetes) | resource |
 | [azurerm_key_vault_access_policy.DEV-WALLET-TLS-CERT-SERVICE-CONN_kv_access_policy](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_access_policy) | resource |
 | [azurerm_key_vault_access_policy.UAT-WALLET-TLS-CERT-SERVICE-CONN_kv_access_policy](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_access_policy) | resource |
+| [azurerm_role_assignment.aks_to_acr](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource |
 | [azuredevops_project.project](https://registry.terraform.io/providers/microsoft/azuredevops/latest/docs/data-sources/project) | data source |
 | [azuredevops_serviceendpoint_azurecr.dev](https://registry.terraform.io/providers/microsoft/azuredevops/latest/docs/data-sources/serviceendpoint_azurecr) | data source |
 | [azuredevops_serviceendpoint_azurecr.prod](https://registry.terraform.io/providers/microsoft/azuredevops/latest/docs/data-sources/serviceendpoint_azurecr) | data source |
@@ -62,6 +65,7 @@
 |------|-------------|------|---------|:--------:|
 | <a name="input_dev_subscription_name"></a> [dev\_subscription\_name](#input\_dev\_subscription\_name) | DEV Subscription name | `string` | n/a | yes |
 | <a name="input_location"></a> [location](#input\_location) | n/a | `string` | n/a | yes |
+| <a name="input_pagopa-payment-wallet-event-dispatcher-service"></a> [pagopa-payment-wallet-event-dispatcher-service](#input\_pagopa-payment-wallet-event-dispatcher-service) | n/a | `map` | <pre>{<br>  "pipeline": {<br>    "enable_code_review": true,<br>    "enable_deploy": true,<br>    "sonarcloud": {<br>      "org": "pagopa",<br>      "project_key": "pagopa_pagopa-payment-wallet-event-dispatcher-service",<br>      "project_name": "pagopa-payment-wallet-event-dispatcher-service",<br>      "service_connection": "SONARCLOUD-SERVICE-CONN"<br>    }<br>  },<br>  "repository": {<br>    "branch_name": "refs/heads/main",<br>    "name": "pagopa-payment-wallet-event-dispatcher-service",<br>    "organization": "pagopa",<br>    "pipelines_path": ".devops",<br>    "yml_prefix_name": null<br>  }<br>}</pre> | no |
 | <a name="input_pagopa-payment-wallet-fe"></a> [pagopa-payment-wallet-fe](#input\_pagopa-payment-wallet-fe) | n/a | `map` | <pre>{<br>  "pipeline": {<br>    "enable_code_review": true,<br>    "enable_deploy": true,<br>    "sonarcloud": {<br>      "org": "pagopa",<br>      "project_key": "pagopa_pagopa-wallet-fe",<br>      "project_name": "pagopa-wallet-fe",<br>      "service_connection": "SONARCLOUD-SERVICE-CONN"<br>    }<br>  },<br>  "repository": {<br>    "branch_name": "refs/heads/main",<br>    "name": "pagopa-wallet-fe",<br>    "organization": "pagopa",<br>    "pipelines_path": ".devops",<br>    "yml_prefix_name": "pagopa"<br>  }<br>}</pre> | no |
 | <a name="input_pagopa-wallet-service"></a> [pagopa-wallet-service](#input\_pagopa-wallet-service) | n/a | `map` | <pre>{<br>  "pipeline": {<br>    "enable_code_review": true,<br>    "enable_deploy": true,<br>    "sonarcloud": {<br>      "org": "pagopa",<br>      "project_key": "pagopa_pagopa-wallet-service",<br>      "project_name": "pagopa-wallet-service",<br>      "service_connection": "SONARCLOUD-SERVICE-CONN"<br>    }<br>  },<br>  "repository": {<br>    "branch_name": "refs/heads/main",<br>    "name": "pagopa-wallet-service",<br>    "organization": "pagopa",<br>    "pipelines_path": ".devops",<br>    "yml_prefix_name": null<br>  }<br>}</pre> | no |
 | <a name="input_pagopa-wallet-tests"></a> [pagopa-wallet-tests](#input\_pagopa-wallet-tests) | n/a | `map` | <pre>{<br>  "pipeline": {<br>    "enable_code_review": true<br>  },<br>  "repository": {<br>    "branch_name": "refs/heads/main",<br>    "name": "pagopa-wallet-tests",<br>    "organization": "pagopa",<br>    "pipelines_path": ".devops",<br>    "yml_prefix_name": null<br>  }<br>}</pre> | no |