resolve large commit files

pagopa · Feb 3, 2025 · 445ce16 · 445ce16
1 parent 0b937ce
commit 445ce16
Show file tree

Hide file tree

Showing 17 changed files with 178 additions and 342 deletions.
diff --git a/.gitignore b/.gitignore
@@ -37,3 +37,5 @@ hs_err_pid*
 local.settings.json
 bin/
 obj/
+
+**/.terraform
diff --git a/.identity/.terraform.lock.hcl b/.identity/.terraform.lock.hcl
diff --git a/.identity/00_data.tf b/.identity/00_data.tf
@@ -22,15 +22,21 @@ data "azurerm_key_vault" "key_vault" {
   resource_group_name = "pagopa-${var.env_short}-sec-rg"
 }
 
+data "azurerm_user_assigned_identity" "identity_cd_01"{
+  name = "${local.prefix}-${var.env_short}-${local.domain}-job-01-github-cd-identity"
+  resource_group_name = "${local.prefix}-${var.env_short}-identity-rg"
+}
+
+# data "azurerm_user_assigned_identity" "identity_pr_01" {
+#   name                = "${local.prefix}-${var.env_short}-${local.domain}-01-pr-github-cd-identity"
+#   resource_group_name = "${local.prefix}-${var.env_short}-identity-rg"
+# }
+
 data "azurerm_key_vault" "domain_key_vault" {
   name                = "pagopa-${var.env_short}-${local.domain}-kv"
   resource_group_name = "pagopa-${var.env_short}-${local.domain}-sec-rg"
 }
 
-data "azurerm_resource_group" "apim_resource_group" {
-  name = "${local.product}-api-rg"
-}
-
 data "azurerm_key_vault_secret" "key_vault_sonar" {
   name         = "sonar-token"
   key_vault_id = data.azurerm_key_vault.key_vault.id
@@ -46,7 +52,8 @@ data "azurerm_key_vault_secret" "key_vault_cucumber_token" {
   key_vault_id = data.azurerm_key_vault.key_vault.id
 }
 
-data "azurerm_key_vault_secret" "key_vault_integration_test_subkey" {
-  name         = "integration-test-subkey"
-  key_vault_id = data.azurerm_key_vault.key_vault.id
-}
+# data "azurerm_user_assigned_identity" "workload_identity_clientid" {
+#   name                = "ebollo-workload-identity"
+#   resource_group_name = "pagopa-${var.env_short}-${var.env}-aks-rg"
+# }
+
diff --git a/.identity/00_locals.tf b/.identity/00_locals.tf
diff --git a/.identity/00_main.tf b/.identity/00_main.tf
diff --git a/.identity/00_variables.tf b/.identity/00_variables.tf
diff --git a/.identity/01_data.tf b/.identity/01_data.tf
diff --git a/.identity/01_github_environment.tf b/.identity/01_github_environment.tf
@@ -0,0 +1,89 @@
+resource "github_repository_environment" "github_repository_environment" {
+  environment = var.env
+  repository  = local.github.repository
+  # filter teams reviewers from github_organization_teams
+  # if reviewers_teams is null no reviewers will be configured for environment
+  dynamic "reviewers" {
+    for_each = (var.github_repository_environment.reviewers_teams == null || var.env_short != "p" ? [] : [1])
+    content {
+      teams = matchkeys(
+        data.github_organization_teams.all.teams.*.id,
+        data.github_organization_teams.all.teams.*.name,
+        var.github_repository_environment.reviewers_teams
+      )
+    }
+  }
+  deployment_branch_policy {
+    protected_branches     = var.github_repository_environment.protected_branches
+    custom_branch_policies = var.github_repository_environment.custom_branch_policies
+  }
+}
+
+locals {
+  env_secrets = {
+    "CLIENT_ID" : data.azurerm_user_assigned_identity.identity_cd_01.client_id,
+    "TENANT_ID" : data.azurerm_client_config.current.tenant_id,
+    "SUBSCRIPTION_ID" : data.azurerm_subscription.current.subscription_id,
+  }
+  env_variables = {
+    "CONTAINER_APP_ENVIRONMENT_NAME" : local.container_app_environment.name,
+    "CONTAINER_APP_ENVIRONMENT_RESOURCE_GROUP_NAME" : local.container_app_environment.resource_group,
+    "CLUSTER_NAME" : local.aks_cluster.name,
+    "CLUSTER_RESOURCE_GROUP" : local.aks_cluster.resource_group_name,
+    "NAMESPACE" : local.domain,
+    # "WORKLOAD_IDENTITY_ID": data.azurerm_user_assigned_identity.workload_identity_clientid.client_id
+  }
+  repo_secrets = {
+    "SONAR_TOKEN" : data.azurerm_key_vault_secret.key_vault_sonar.value,
+    "BOT_TOKEN_GITHUB" : data.azurerm_key_vault_secret.key_vault_bot_token.value,
+    "CUCUMBER_PUBLISH_TOKEN" : data.azurerm_key_vault_secret.key_vault_cucumber_token.value,
+    # "SLACK_WEBHOOK_URL" : data.azurerm_key_vault_secret.key_vault_slack_webhook_url.value,
+  }
+  special_repo_secrets = {
+  }
+}
+
+###############
+# ENV Secrets #
+###############
+
+resource "github_actions_environment_secret" "github_environment_runner_secrets" {
+  for_each        = local.env_secrets
+  repository      = local.github.repository
+  environment     = var.env
+  secret_name     = each.key
+  plaintext_value = each.value
+}
+
+#################
+# ENV Variables #
+#################
+
+
+resource "github_actions_environment_variable" "github_environment_runner_variables" {
+  for_each      = local.env_variables
+  repository    = local.github.repository
+  environment   = var.env
+  variable_name = each.key
+  value         = each.value
+}
+
+#############################
+# Secrets of the Repository #
+#############################
+
+
+resource "github_actions_secret" "repo_secrets" {
+  for_each        = local.repo_secrets
+  repository      = local.github.repository
+  secret_name     = each.key
+  plaintext_value = each.value
+}
+
+
+resource "github_actions_secret" "special_repo_secrets" {
+  for_each        = local.special_repo_secrets
+  repository      = local.github.repository
+  secret_name     = each.value.key
+  plaintext_value = each.value.value
+}
diff --git a/.identity/02_application_action.tf b/.identity/02_application_action.tf
-Original file line number
+Diff line change
@@ Expand Up / @@ -37,3 +37,5 @@ hs_err_pid* @@
     local.settings.json
     bin/
     obj/
+    **/.terraform