Skip to content

[Update OpenAPI] Merge openapi dev using openapi-merge-cli (#506) #217

[Update OpenAPI] Merge openapi dev using openapi-merge-cli (#506)

[Update OpenAPI] Merge openapi dev using openapi-merge-cli (#506) #217

name: APIM Infra Release
on:
push:
branches:
- main
- releases/**
paths:
- infra/apim_v2/**
- .github/workflows/apim_infra_plan.yml
workflow_dispatch:
inputs:
environment:
required: true
type: choice
description: "Select the Environment"
default: dev
options:
- dev
- uat
- prod
notification:
required: true
type: boolean
description: "Send notification to Slack"
default: true
env:
DIR: "./infra/apim_v2"
ARM_SUBSCRIPTION_ID: ${{ vars.ARM_SUBSCRIPTION_ID }}
ARM_TENANT_ID: ${{ vars.ARM_TENANT_ID }}
ARM_USE_OIDC: true
ARM_USE_AZUREAD: true
ARM_STORAGE_USE_AZUREAD: true
jobs:
setup:
name: Setup Environment
runs-on: 'ubuntu-latest'
outputs:
environ: ${{ steps.set-env.outputs.environ }}
notification: ${{ steps.set-env.outputs.notification }}
steps:
- name: Set Environment Variable
id: set-env
run: |
if [ "${{ github.event_name }}" == "workflow_dispatch" ]; then
echo "environ=${{ github.event.inputs.environment }}" >> $GITHUB_OUTPUT
echo "notification=${{ github.event.inputs.notification }}" >> $GITHUB_OUTPUT
else
if [ "${{ github.ref }}" == "refs/heads/main" ]; then
echo "environ=dev" >> $GITHUB_OUTPUT
else
echo "environ=uat" >> $GITHUB_OUTPUT
echo "notification=true" >> $GITHUB_OUTPUT
fi
fi
tf_plan:
name: 'Terraform Plan'
runs-on: ubuntu-20.04
environment: ${{ needs.setup.outputs.environ }}-ci
needs: setup
permissions:
id-token: write
contents: read
outputs:
terraform_version: ${{ steps.set-terraform-version.outputs.terraform_version}}
image_tag: ${{ steps.setsha.outputs.short_sha }}
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
name: Checkout
- name: Set Short Git Commit SHA
id: setsha
run: |
calculatedSha=$(git rev-parse --short ${{ github.sha }})
echo "short_sha=sha-$calculatedSha" >> $GITHUB_OUTPUT
- name: Set Terraform Version
id: set-terraform-version
run: |
echo "terraform_version=$(cat .terraform-version)" >> $GITHUB_OUTPUT
- uses: hashicorp/setup-terraform@a1502cd9e758c50496cc9ac5308c4843bcd56d36 # v3.0.0
name: Setup Terraform
with:
terraform_version: ${{ steps.set-terraform-version.outputs.terraform_version}}
- name: Terraform Plan
uses: pagopa/terraform-preapply-azure-action@54ded8cda3437c3f6a9f46baf69cb321ce82f5cd
with:
client_id: ${{ secrets.ARM_CLIENT_ID }}
tenant_id: ${{ vars.ARM_TENANT_ID }}
subscription_id: ${{ vars.ARM_SUBSCRIPTION_ID }}
dir: ${{ env.DIR }}
azure_environment: ${{ needs.setup.outputs.environ }}
env:
TF_VAR_image_tag: ${{ steps.setsha.outputs.short_sha }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: "Upload Terraform Plan as Artifact"
uses: actions/upload-artifact@694cdabd8bdb0f10b2cea11669e1bf5453eed0a6 # v4.2.0
with:
name: tfplan
path: ${{ env.DIR }}/tfplan-${{ needs.setup.outputs.environ }}-${{ github.sha }}
if-no-files-found: error
retention-days: 14
release:
name: 'Release'
runs-on: ubuntu-20.04
needs: [setup,tf_plan]
environment: ${{ needs.setup.outputs.environ }}-cd
permissions:
id-token: write
contents: read
env:
ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
name: Checkout
- name: Azure Login
uses: azure/login@cb79c773a3cfa27f31f25eb3f677781210c9ce3d # v1.6.1
with:
client-id: ${{ secrets.ARM_CLIENT_ID }}
tenant-id: ${{ vars.ARM_TENANT_ID }}
subscription-id: ${{ vars.ARM_SUBSCRIPTION_ID }}
- name: Download Terraform Plan as Artifact
uses: actions/download-artifact@6b208ae046db98c579e8a3aa621ab581ff575935 # v4.1.1
with:
name: tfplan
path: ${{ env.DIR }}
- name: Retrieve Terraform Modules from Cache
id: cache-terraform-modules
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0
with:
path: ${{ env.DIR }}/.terraform
key: terraform-${{ env.DIR }}-${{ github.sha }}
restore-keys: |
terraform-${{ env.DIR }}
- uses: hashicorp/setup-terraform@a1502cd9e758c50496cc9ac5308c4843bcd56d36 # v3.0.0
name: Setup Terraform
with:
terraform_version: ${{ needs.tf_plan.outputs.terraform_version }}
- name: Terraform Init
shell: bash
working-directory: ${{ env.DIR }}
run: |
bash ./terraform.sh init ${{ needs.setup.outputs.environ }}
- name: Terraform Apply
shell: bash
working-directory: ${{ env.DIR }}
run: |
terraform apply -lock-timeout=3000s -auto-approve -input=false tfplan-${{ needs.setup.outputs.environ }}-${{ github.sha }}
env:
TF_VAR_image_tag: ${{ needs.tf_plan.outputs.image_tag }}
update_docs_and_notification_external:
name: "[MS External] Update Developer Docs and Notify using Slack"
uses: ./.github/workflows/call_update_docs_and_notification.yml
needs: [setup,release]
with:
env: ${{ needs.setup.outputs.environ }}
api_folder_path: /api/ms_external_api/v2
docs_openapi_path: developer/external/v2/ms-external-api.json
api_title: External API v2
enable_notification: ${{ needs.setup.outputs.notification == 'true' }}
secrets:
API_NOTIFICATION_TRIGGERS_ID: ${{ secrets.API_NOTIFICATION_TRIGGERS_ID_EXTERNAL }}
ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }}
update_docs_and_notification_support:
name: "[Support API] Update Developer Docs and Notify using Slack"
uses: ./.github/workflows/call_update_docs_and_notification.yml
needs: [setup,release]
with:
env: ${{ needs.setup.outputs.environ }}
api_folder_path: /api/selfcare_support_service/v1
docs_openapi_path: developer/support/v1/selc-support-api.json
api_title: Support API v1
enable_notification: ${{ needs.setup.outputs.notification == 'true' }}
secrets:
API_NOTIFICATION_TRIGGERS_ID: ${{ secrets.API_NOTIFICATION_TRIGGERS_ID_SUPPORT }}
ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }}
update_docs_and_notification_internal:
name: "[Internal API] Update Developer Docs and Notify using Slack"
uses: ./.github/workflows/call_update_docs_and_notification.yml
needs: [setup,release]
with:
env: ${{ needs.setup.outputs.environ }}
api_folder_path: /api/ms_internal_api/v1
docs_openapi_path: developer/internal/v1/selc-internal-api.json
api_title: Internal API v1
enable_notification: ${{ needs.setup.outputs.notification == 'true' }}
secrets:
API_NOTIFICATION_TRIGGERS_ID: ${{ secrets.API_NOTIFICATION_TRIGGERS_ID_INTERNAL }}
ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }}
update_docs_and_notification_support_pnpg:
name: "[Support PNPG API] Update Developer Docs and Notify using Slack"
uses: ./.github/workflows/call_update_docs_and_notification.yml
needs: [setup,release]
with:
env: ${{ needs.setup.outputs.environ }}
api_folder_path: /api_pnpg/pnpg_support_service/v1
docs_openapi_path: developer/support-pnpg/v1/pnpg-support-api.json
api_title: Support PNPG API v1
enable_notification: ${{ needs.setup.outputs.notification == 'true' }}
is_pnpg: true
secrets:
API_NOTIFICATION_TRIGGERS_ID: ${{ secrets.API_NOTIFICATION_TRIGGERS_ID_SUPPORT }}
ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }}
update_docs_and_notification_billing_portal:
name: "[Billing Portal API] Update Developer Docs and Notify using Slack"
uses: ./.github/workflows/call_update_docs_and_notification.yml
needs: [setup,release]
with:
env: ${{ needs.setup.outputs.environ }}
api_folder_path: /api/billing-portal-api/v1
docs_openapi_path: developer/billing-portal/v1/billing-portal-api.json
api_title: Billing Portal API v1
enable_notification: ${{ needs.setup.outputs.notification == 'true' }}
secrets:
API_NOTIFICATION_TRIGGERS_ID: ${{ secrets.API_NOTIFICATION_TRIGGERS_ID_BILLING_PORTAL }}
ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }}