Pagopa 1594 opex gec carrello

.github/workflows/create_dashboard.yaml

@@ -12,9 +12,6 @@ on:
 
   workflow_dispatch:
 
-env:
-  TEMPLATE_DIR: azure-dashboard
-
 permissions:
   id-token: write
   contents: read
@@ -41,84 +38,14 @@ jobs:
         with:
           persist-credentials: false
 
-      - name: Read terraform version
-        id: read-version
-        shell: bash
-        run: |
-          echo "TERRAFORM_VERSION=`cat .terraform-version`" >> $GITHUB_ENV
-      - name: Setup Terraform
-        # from https://github.com/hashicorp/setup-terraform/commits/main
-        uses: hashicorp/setup-terraform@8feba2b913ea459066180f9cb177f58a881cf146
-        with:
-          terraform_version: ${{ env.TERRAFORM_VERSION }}
-
-      - name: Login
-        id: login
-        # from https://github.com/Azure/login/commits/master
-        uses: azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2
+      # from https://github.com/pagopa/opex-dashboard-azure-action/
+      - uses: pagopa/[email protected]
         with:
-          client-id: ${{ secrets.CLIENT_ID }}
+          environment: ${{ matrix.environment }}
+          api-name: ${{ matrix.product }}
+          config: .opex/${{ matrix.product }}/env/${{ matrix.environment }}/config.yaml
+          client-id: ${{ secrets.CD_CLIENT_ID }}
           tenant-id: ${{ secrets.TENANT_ID }}
           subscription-id: ${{ secrets.SUBSCRIPTION_ID }}
-
-      # this action create a folder named /azure-dashboard
-      - uses: pagopa/opex-dashboard-action@main
-        with:
-          template: ${{ env.TEMPLATE_DIR }}
-          config: .opex/${{ matrix.product }}/env/${{ matrix.environment }}/config.yaml
-
-      # we need to set env variables in the folder /azure-dashboard
-      - name: Copy Environments
-        run: |
-          cp -R .opex/${{ matrix.product }}/env ./${TEMPLATE_DIR}
-      # now is possible to launch the command: terraform apply
-      - name: Terraform Apply
-        shell: bash
-        run: |
-          cd ./${TEMPLATE_DIR}
-          export ARM_CLIENT_ID="${{ secrets.CLIENT_ID }}"
-          export ARM_SUBSCRIPTION_ID=$(az account show --query id --output tsv)
-          export ARM_TENANT_ID=$(az account show --query tenantId --output tsv)
-          export ARM_USE_OIDC=true
-          bash ./terraform.sh apply ${{ matrix.environment }} -auto-approve
-
-
-
-  delete_github_deployments:
-    runs-on: ubuntu-latest
-    needs: dashboard
-    if: ${{ always() }}
-    steps:
-      - name: Dump GitHub context
-        env:
-          GITHUB_CONTEXT: ${{ toJSON(github) }}
-        run: echo "$GITHUB_CONTEXT"
-
-      - name: Delete Previous deployments
-        uses: actions/github-script@v6
-        env:
-          SHA_HEAD: ${{ (github.event_name == 'pull_request' && github.event.pull_request.head.sha) || github.sha}}
-        with:
-          script: |
-            const { SHA_HEAD } = process.env
-
-            const deployments = await github.rest.repos.listDeployments({
-              owner: context.repo.owner,
-              repo: context.repo.repo,
-              sha: SHA_HEAD
-            });
-            await Promise.all(
-              deployments.data.map(async (deployment) => {
-                await github.rest.repos.createDeploymentStatus({
-                  owner: context.repo.owner,
-                  repo: context.repo.repo,
-                  deployment_id: deployment.id,
-                  state: 'inactive'
-                });
-                return github.rest.repos.deleteDeployment({
-                  owner: context.repo.owner,
-                  repo: context.repo.repo,
-                  deployment_id: deployment.id
-                });
-              })
-            );
+          # from https://github.com/pagopa/opex-dashboard-azure-action/pkgs/container/opex-dashboard-azure-action
+          docker-version: sha256:e4245954566cd3470e1b5527d33bb58ca132ce7493eac01be9e808fd25a11c8d

.github/workflows/deploy_with_github_runner.yml

@@ -31,7 +31,7 @@ jobs:
         # from https://github.com/pagopa/eng-github-actions-iac-template/tree/main/azure/github-self-hosted-runner-azure-create-action
         uses: pagopa/eng-github-actions-iac-template/azure/github-self-hosted-runner-azure-create-action@main
         with:
-          client_id: ${{ secrets.CLIENT_ID }}
+          client_id: ${{ secrets.CD_CLIENT_ID }}
           tenant_id: ${{ secrets.TENANT_ID }}
           subscription_id: ${{ secrets.SUBSCRIPTION_ID }}
           container_app_environment_name: ${{ vars.CONTAINER_APP_ENVIRONMENT_NAME }}
@@ -48,7 +48,7 @@ jobs:
         uses: pagopa/github-actions-template/aks-deploy@main
         with:
           branch: ${{ github.ref_name }}
-          client_id: ${{ secrets.CLIENT_ID }}
+          client_id: ${{ secrets.CD_CLIENT_ID }}
           subscription_id: ${{ secrets.SUBSCRIPTION_ID }}
           tenant_id: ${{ secrets.TENANT_ID }}
           env: ${{ inputs.environment }}
@@ -71,7 +71,7 @@ jobs:
         # from https://github.com/pagopa/eng-github-actions-iac-template/tree/main/azure/github-self-hosted-runner-azure-cleanup-action
         uses: pagopa/eng-github-actions-iac-template/azure/github-self-hosted-runner-azure-cleanup-action@0ee2f58fd46d10ac7f00bce4304b98db3dbdbe9a
         with:
-          client_id: ${{ secrets.CLIENT_ID }}
+          client_id: ${{ secrets.CD_CLIENT_ID }}
           tenant_id: ${{ secrets.TENANT_ID }}
           subscription_id: ${{ secrets.SUBSCRIPTION_ID }}
           resource_group_name: ${{ vars.CONTAINER_APP_ENVIRONMENT_RESOURCE_GROUP_NAME }}
@@ -103,7 +103,7 @@ jobs:
 #        # from https://github.com/Azure/login/commits/master
 #        uses: azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2
 #        with:
-#          client-id: ${{ secrets.CLIENT_ID }}
+#          client-id: ${{ secrets.CD_CLIENT_ID }}
 #          tenant-id: ${{ secrets.TENANT_ID }}
 #          subscription-id: ${{ secrets.SUBSCRIPTION_ID }}
 #
@@ -112,7 +112,7 @@ jobs:
 #        shell: bash
 #        run: |
 #          cd ./infra
-#          export ARM_CLIENT_ID="${{ secrets.CLIENT_ID }}"
+#          export ARM_CLIENT_ID="${{ secrets.CD_CLIENT_ID }}"
 #          export ARM_SUBSCRIPTION_ID=$(az account show --query id --output tsv)
 #          export ARM_TENANT_ID=$(az account show --query tenantId --output tsv)
 #          export ARM_USE_OIDC=true

.identity/00_data.tf

@@ -1,3 +1,8 @@
+data "azurerm_user_assigned_identity" "identity_cd" {
+  resource_group_name = "${local.product}-identity-rg"
+  name                = "${local.product}-${local.domain}-01-github-cd-identity"
+}
+
 data "azurerm_resource_group" "dashboards" {
   name = "dashboards"
 }

.identity/03_github_environment.tf

@@ -21,7 +21,7 @@ resource "github_repository_environment" "github_repository_environment" {
 
 locals {
   env_secrets = {
-    "CLIENT_ID" : module.github_runner_app.application_id,
+    "CD_CLIENT_ID" : data.azurerm_user_assigned_identity.identity_cd.client_id,
     "TENANT_ID" : data.azurerm_client_config.current.tenant_id,
     "SUBSCRIPTION_ID" : data.azurerm_subscription.current.subscription_id,
     "ISSUER_RANGE_TABLE" : "${local.prefix}${var.env_short}${local.location_short}${local.domain}saissuerrangetable",

openapi/openapi-v1.json

@@ -570,37 +570,6 @@
           }
         }
       }
-    },
-    "/actuator/health/**": {
-      "get": {
-        "tags": [
-          "Actuator"
-        ],
-        "summary": "Actuator web endpoint 'health-path'",
-        "operationId": "health-path",
-        "responses": {
-          "200": {
-            "description": "OK",
-            "content": {
-              "application/vnd.spring-boot.actuator.v3+json": {
-                "schema": {
-                  "type": "object"
-                }
-              },
-              "application/vnd.spring-boot.actuator.v2+json": {
-                "schema": {
-                  "type": "object"
-                }
-              },
-              "application/json": {
-                "schema": {
-                  "type": "object"
-                }
-              }
-            }
-          }
-        }
-      }
     }
   },
   "components": {