features/943 - Add initial terraform project and pipeline

.github/workflows/infrastructure-template.yaml

@@ -0,0 +1,66 @@
+name: Infrastructure
+
+on:
+  workflow_call:
+    inputs:
+      tf_should_apply:
+        default: false
+        type: boolean
+        description: Specifies if terraform should apply plan
+
+      environment:
+        type: string
+        description: GitHub environment
+        required: true
+
+env:
+  TF_STATE_NAME: infrastructure.tfstate
+  WORKING_DIR: ./infrastructure/authorization
+
+permissions:
+  id-token: write
+  contents: write
+  pull-requests: write
+
+jobs:
+  plan:
+    runs-on: ubuntu-latest
+    environment: ${{ inputs.environment }}
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v4
+
+      - name: Terraform Initialize
+        uses: altinn/altinn-platform/actions/terraform/plan@main
+        with:
+          working_directory: ${{ env.WORKING_DIR }}
+          oidc_type: environment
+          oidc_value: ${{ inputs.environment }}
+
+          arm_client_id: ${{ vars.ARM_CLIENT_ID }}
+          arm_subscription_id: ${{ vars.ARM_SUBSCRIPTION_ID }}
+
+          tf_state_name: ${{ env.TF_STATE_NAME }}
+          tf_args: -var environment=${{ inputs.environment }}
+          gh_token: ${{ secrets.GITHUB_TOKEN }}
+
+  apply:
+    runs-on: ubuntu-latest
+    environment: ${{ inputs.environment }}
+    if: inputs.tf_should_apply
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v4
+
+      - name: Terraform Initialize
+        uses: altinn/altinn-platform/actions/terraform/plan@main
+        with:
+          working_directory: ${{ env.WORKING_DIR }}
+          oidc_type: environment
+          oidc_value: ${{ inputs.environment }}
+
+          arm_client_id: ${{ vars.ARM_CLIENT_ID }}
+          arm_subscription_id: ${{ vars.ARM_SUBSCRIPTION_ID }}
+
+          tf_args: -var environment=${{ inputs.environment }}
+          tf_state_name: ${{ env.TF_STATE_NAME }}

.github/workflows/infrastructure.yaml

@@ -0,0 +1,58 @@
+name: Infrastructure
+
+on:
+  push:
+  release:
+    types:
+      - released
+
+permissions:
+  id-token: write
+  contents: write
+  pull-requests: write
+
+jobs:
+  ci:
+    name: Continous Integration
+    secrets: inherit
+    strategy:
+      fail-fast: false
+      matrix:
+        environment: [AT21, AT22, AT23, AT24]
+    uses: ./.github/workflows/infrastructure-template.yaml
+    with:
+      environment: ${{ matrix.environment }}
+
+  at:
+    name: AT
+    secrets: inherit
+    needs: ci
+    if: github.event_name == 'release'
+    strategy:
+      fail-fast: false
+      matrix:
+        environment: [AT21, AT22, AT23, AT24]
+    uses: ./.github/workflows/infrastructure-template.yaml
+    with:
+      environment: ${{ matrix.environment }}
+      tf_should_apply: true
+
+  tt02:
+    name: TT02
+    if: github.event_name == 'release'
+    needs: at
+    secrets: inherit
+    uses: ./.github/workflows/infrastructure-template.yaml
+    with:
+      environment: TT02
+      tf_should_apply: true
+
+  prod:
+    name: PROD
+    if: github.event_name == 'release'
+    needs: tt02
+    secrets: inherit
+    uses: ./.github/workflows/infrastructure-template.yaml
+    with:
+      environment: PROD
+      tf_should_apply: true

infrastructure/authorization/main.tf

@@ -0,0 +1,18 @@
+terraform {
+  required_providers {
+    azurerm = {
+      source  = "hashicorp/azurerm"
+      version = "3.112.0"
+    }
+  }
+
+  backend "azurerm" {
+    use_azuread_auth = true
+  }
+}
+
+
+resource "azurerm_resource_group" "auth" {
+  name     = "rg-altinn-authorization-${var.environment}-001"
+  location = "norwayeast"
+}

infrastructure/authorization/provider.tf

@@ -0,0 +1,4 @@
+provider "azurerm" {
+  use_oidc = true
+  features {}
+}

infrastructure/authorization/variables.tf

@@ -0,0 +1,4 @@
+
+variable "environment" {
+  type = string
+}