From df09f9b3a469b4f3fe15613bd47b5dec95a00fcc Mon Sep 17 00:00:00 2001
From: Andrea Grillo <andrea.grillo@pagopa.it>
Date: Fri, 9 Feb 2024 17:10:26 +0100
Subject: [PATCH 1/4] [EC-132] Add Terraform configuration to manage repository
 settings (#77)

---
 .dockerignore                        |  12 +++
 .github/workflows/pr_ms.yml          |  37 +++++++++
 .github/workflows/release_ms.yml     |  46 +++++++++++
 .gitignore                           |   9 +++
 .pre-commit-config.yaml              |  10 +++
 .terraform-version                   |   1 +
 Dockerfile.new                       |  20 +++++
 Dockerfile.new.dockerignore          | 117 +++++++++++++++++++++++++++
 infra/repository/.terraform.lock.hcl |  50 ++++++++++++
 infra/repository/README.md           |  43 ++++++++++
 infra/repository/backend.tfvars      |   4 +
 infra/repository/main.tf             |  17 ++++
 12 files changed, 366 insertions(+)
 create mode 100644 .dockerignore
 create mode 100644 .github/workflows/pr_ms.yml
 create mode 100644 .github/workflows/release_ms.yml
 create mode 100644 .pre-commit-config.yaml
 create mode 100644 .terraform-version
 create mode 100644 Dockerfile.new
 create mode 100644 Dockerfile.new.dockerignore
 create mode 100644 infra/repository/.terraform.lock.hcl
 create mode 100644 infra/repository/README.md
 create mode 100644 infra/repository/backend.tfvars
 create mode 100644 infra/repository/main.tf

diff --git a/.dockerignore b/.dockerignore
new file mode 100644
index 00000000..68df2c5d
--- /dev/null
+++ b/.dockerignore
@@ -0,0 +1,12 @@
+**/.dockerignore
+**/.git
+**/bin
+**/docker-compose*
+**/Dockerfile*
+**/node_modules
+**/npm-debug.log
+**/obj
+**/secrets.dev.yaml
+**/values.dev.yaml
+LICENSE
+README.md
\ No newline at end of file
diff --git a/.github/workflows/pr_ms.yml b/.github/workflows/pr_ms.yml
new file mode 100644
index 00000000..021193b0
--- /dev/null
+++ b/.github/workflows/pr_ms.yml
@@ -0,0 +1,37 @@
+name: Code Review ms-external-interceptor
+on:
+  workflow_dispatch:
+
+  pull_request:
+    types:
+      - synchronize
+      - reopened
+      - ready_for_review
+    paths:
+      - '.github/workflows/pr_ms.yml'
+      - '.github/workflows/release_ms.yml'
+      - '.github/workflows/release_ms_pnpg.yml'
+      - '!.devops/**'
+      - '!helm/**'
+      - '!**.md'
+      - '!**ignore'
+      - '!infra/**'
+      - '!.terraform-version'
+      - '!CODEOWNERS'
+
+jobs:
+
+  code_review:
+    uses: pagopa/selfcare-commons/.github/workflows/call_code_review_spring.yml@EC-149-template-git-hub-workflows
+    name: 'Code Review'
+    secrets: inherit
+    if: github.base_ref == 'main' && github.event_name == 'pull_request'
+    with:
+      pr_number: ${{ github.event.pull_request.number }}
+      source_branch: ${{ github.head_ref }}
+      target_branch: ${{ github.base_ref }}
+      sonar_key: 'pagopa_selfcare-ms-external-interceptor'
+
+  docker_build:
+    uses: pagopa/selfcare-commons/.github/workflows/call_code_review_docker.yml@EC-149-template-git-hub-workflows
+    name: 'Docker'
\ No newline at end of file
diff --git a/.github/workflows/release_ms.yml b/.github/workflows/release_ms.yml
new file mode 100644
index 00000000..23190439
--- /dev/null
+++ b/.github/workflows/release_ms.yml
@@ -0,0 +1,46 @@
+name: Release ms-external-interceptor
+
+on:
+  workflow_dispatch:
+
+  push:
+    branches:
+      - main
+      - releases/*
+    paths:
+      - '!.devops/**'
+      - '!helm/**'
+      - '!**.md'
+      - '!**ignore'
+      - '!infra/**'
+      - '!.terraform-version'
+      - '!CODEOWNERS'
+
+jobs:
+
+  release_dev:
+    uses: pagopa/selfcare-commons/.github/workflows/call_release_docker.yml@EC-149-template-git-hub-workflows
+    name: '[Dev] ExternalInterceptor ms Release'
+    if: startsWith(github.ref_name, 'releases/') != true
+    secrets: inherit
+    with:
+      environment: dev
+      dir: 'infra'
+
+  release_uat:
+    uses: pagopa/selfcare-commons/.github/workflows/call_release_docker.yml@EC-149-template-git-hub-workflows
+    name: '[UAT] ExternalInterceptor ms Release'
+    if: startsWith(github.ref_name, 'releases/')
+    secrets: inherit
+    with:
+      environment: uat
+      dir: 'infra'
+
+  release_prod:
+    uses: pagopa/selfcare-commons/.github/workflows/call_release_docker.yml@EC-149-template-git-hub-workflows
+    name: '[Prod] ExternalInterceptor ms Release'
+    if: startsWith(github.ref_name, 'releases/')
+    secrets: inherit
+    with:
+      environment: prod
+      dir: 'infra'
\ No newline at end of file
diff --git a/.gitignore b/.gitignore
index 038d65a9..94cd88ea 100644
--- a/.gitignore
+++ b/.gitignore
@@ -32,3 +32,12 @@ build/
 ### VS Code ###
 .vscode/
 .DS_Store
+
+**/.terraform/*
+*.tfstate
+*.tfstate.*
+**/.tfsec/*
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
\ No newline at end of file
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
new file mode 100644
index 00000000..e991df9b
--- /dev/null
+++ b/.pre-commit-config.yaml
@@ -0,0 +1,10 @@
+repos:
+  - repo: https://github.com/antonbabenko/pre-commit-terraform
+    rev: v1.86.0
+    hooks:
+      - id: terraform_fmt
+      - id: terraform_docs
+      - id: terraform_validate
+        args:
+          - --args=-json
+          - --args=-no-color
\ No newline at end of file
diff --git a/.terraform-version b/.terraform-version
new file mode 100644
index 00000000..83d1a5eb
--- /dev/null
+++ b/.terraform-version
@@ -0,0 +1 @@
+1.6.6
\ No newline at end of file
diff --git a/Dockerfile.new b/Dockerfile.new
new file mode 100644
index 00000000..13dc1062
--- /dev/null
+++ b/Dockerfile.new
@@ -0,0 +1,20 @@
+FROM maven:3-eclipse-temurin-17 AS builder
+
+COPY . .
+
+RUN mvn clean package -DskipTests=true
+
+FROM openjdk:17-jdk AS runtime
+
+ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en'
+
+WORKDIR /app
+
+COPY --from=builder ./target/*.jar ./app.jar
+
+ADD https://github.com/microsoft/ApplicationInsights-Java/releases/download/3.1.1/applicationinsights-agent-3.1.1.jar /applicationinsights-agent.jar
+
+EXPOSE 8080
+USER 1001
+
+ENTRYPOINT ["java", "-jar", "app.jar"]
\ No newline at end of file
diff --git a/Dockerfile.new.dockerignore b/Dockerfile.new.dockerignore
new file mode 100644
index 00000000..427b8ce4
--- /dev/null
+++ b/Dockerfile.new.dockerignore
@@ -0,0 +1,117 @@
+**/.dockerignore
+**/.git
+**/bin
+**/docker-compose*
+**/Dockerfile*
+**/node_modules
+**/npm-debug.log
+**/obj
+**/secrets.dev.yaml
+**/values.dev.yaml
+LICENSE
+README.md
+
+**/.idea
+.idea
+**/.mvn
+.mvn
+
+**/target
+
+# Created by .ignore support plugin (hsz.mobi)
+### Maven template
+target/
+pom.xml.tag
+pom.xml.releaseBackup
+pom.xml.versionsBackup
+pom.xml.next
+release.properties
+dependency-reduced-pom.xml
+buildNumber.properties
+.mvn/timing.properties
+.mvn/wrapper/maven-wrapper.jar
+### Java template
+# Compiled class file
+*.class
+
+# Log file
+*.log
+
+# BlueJ files
+*.ctxt
+
+# Mobile Tools for Java (J2ME)
+.mtj.tmp/
+
+# Package Files #
+*.jar
+*.war
+*.nar
+*.ear
+*.zip
+*.tar.gz
+*.rar
+
+# virtual machine crash logs, see http://www.java.com/en/download/help/error_hotspot.xml
+hs_err_pid*
+### JetBrains template
+# Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio and WebStorm
+# Reference: https://intellij-support.jetbrains.com/hc/en-us/articles/206544839
+
+# User-specific stuff
+.idea/**/workspace.xml
+.idea/**/tasks.xml
+.idea/**/usage.statistics.xml
+.idea/**/dictionaries
+.idea/**/shelf
+
+# Sensitive or high-churn files
+.idea/**/dataSources/
+.idea/**/dataSources.ids
+.idea/**/dataSources.local.xml
+.idea/**/sqlDataSources.xml
+.idea/**/dynamic.xml
+.idea/**/uiDesigner.xml
+.idea/**/dbnavigator.xml
+
+# Gradle
+.idea/**/gradle.xml
+.idea/**/libraries
+
+# Gradle and Maven with auto-import
+# When using Gradle or Maven with auto-import, you should exclude module files,
+# since they will be recreated, and may cause churn.  Uncomment if using
+# auto-import.
+# .idea/modules.xml
+# .idea/*.iml
+# .idea/modules
+
+# CMake
+cmake-build-*/
+
+# Mongo Explorer plugin
+.idea/**/mongoSettings.xml
+
+# File-based project format
+*.iws
+
+# IntelliJ
+out/
+
+# mpeltonen/sbt-idea plugin
+.idea_modules/
+
+# JIRA plugin
+atlassian-ide-plugin.xml
+
+# Cursive Clojure plugin
+.idea/replstate.xml
+
+# Crashlytics plugin (for Android Studio and IntelliJ)
+com_crashlytics_export_strings.xml
+crashlytics.properties
+crashlytics-build.properties
+fabric.properties
+
+# Editor-based Rest Client
+.idea/httpRequests
\ No newline at end of file
diff --git a/infra/repository/.terraform.lock.hcl b/infra/repository/.terraform.lock.hcl
new file mode 100644
index 00000000..30e3c99f
--- /dev/null
+++ b/infra/repository/.terraform.lock.hcl
@@ -0,0 +1,50 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/azurerm" {
+  version     = "3.91.0"
+  constraints = ">= 3.90.0"
+  hashes = [
+    "h1:8hMFuaTQsZIV69D0J/W+6hSlhRRDzYSpC0Eg9yWYF0o=",
+    "h1:FEDNnFv/uKI2+FQ+nDoyswEI3trJ3d7Fx2Cy7Ff4Rq8=",
+    "h1:Iv9CR+7491iozaK2AkCSAK2u4a2rPyJDQpyHijClj6Y=",
+    "h1:t0I5G4canK6UdlgHGfMV4rUNBPGdrMiIB01VGizlXB8=",
+    "zh:13928b71b1235783f3f877a799e28fb91e50512b051eb8ccb370500fc140cf3f",
+    "zh:3264341657e9ff3963d69b0fa088f64665349e2a29b2f3aeb4deee6d9d7584b7",
+    "zh:467a2ddd2eee26353db65e949bfbe533481ca0fb53c152724380b63a308f11b9",
+    "zh:6133e57087167b163180df3a77fab0c63b3e11609d139d39db8d3be3d6ec7ccd",
+    "zh:6df24730bc9247647ffb44832c3c64e45ab731dd83a3592d33d28235a453235a",
+    "zh:775aae148223a4a86e2dd25533a95a5fea4817085b6c5e643a7192453270cd68",
+    "zh:89d51148c7c123685d3e2f7e291888a3af009656e5c0ad66235a7c686ecb19d2",
+    "zh:9c89552051226eeb7c0fc66ad5aa57d1d0f5acc1d56afad06b6596707ae6c85e",
+    "zh:c4f3bc269837fa3b6ad803de2c7d1125dd791d78a521dcad2e7a63b905a13a53",
+    "zh:e48f05de1ffdcc998c5ff915570fb0557c7ac1d3af971dd76aff82e66d45bf06",
+    "zh:f1945716c7b9c23c25ca9fb4a68f27b6cfa25f5d235112c31f9412eba47f93c6",
+    "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
+  ]
+}
+
+provider "registry.terraform.io/integrations/github" {
+  version     = "5.45.0"
+  constraints = "5.45.0"
+  hashes = [
+    "h1:6nxolUZ963kZ3squxzUbO1F+WPXKUxtpuiVsVtbaY7U=",
+    "h1:cP5uEN9jpePr+/Kc7OyAZMhysbDhQoLGpLqgQpLFewg=",
+    "h1:mX5tPDK7RNmtEjSoaI47oimBJBnujcAI7REnhpGqZhg=",
+    "h1:sP/Er9osOsz4vhKZAul+GeV0c5XdvMblJBMiP+T5tWc=",
+    "zh:2afb8ee5b847071e51d5a39bcad5cf466c4d22452450d37c44a5f9d2eb9879e5",
+    "zh:38d087b88c86ddd63b60d14d613f86a5885d154048098c0484266a9a69018b16",
+    "zh:3e6a787e3e40f1535d85f8dc5f2e8c90242ab8237feebd027f696fa154261394",
+    "zh:55dac5a813b3774b48ca45b8a797c32e6d787d4f282b43b622155cad3daac46a",
+    "zh:563f2782f3c4c584b249c5fa0628951a57b4593f3c5805a4efb6d494f8686716",
+    "zh:677180ec9376d5f926286592998e2864c85f06d6b416c1d89031d817a285c72e",
+    "zh:80eec141fa47131e8f60a6478e51b3a5920efe803444e684f9605fca09a24e34",
+    "zh:8b9f1e1f4b42b51e53767f4f927eabdcefe55fb0369e996ac2a0063148b5e48d",
+    "zh:95627f75848561830f8c20949f024f902a2100a022c68aa8d84320f43e75cc46",
+    "zh:95ac41b99dfca3ce556092e036bb04dc03367d0779071112e59d4bf11259a89d",
+    "zh:9e966482729ba8214b480bdd786aff9a15234e9c093c5406b56ce89ccb07dcab",
+    "zh:b7a9d563613f1b9a233f8f285848cc9d8c08c556aad7ea57cd63e0abb19b10cf",
+    "zh:ce56bb7ca876f47f5beee01de3ab84d27964b972c9adceb8e2f7824891e05c27",
+    "zh:f73e063ad5b84f1943eafb8a52a26dd805d06ac11d6c951175ac76c07187f553",
+  ]
+}
diff --git a/infra/repository/README.md b/infra/repository/README.md
new file mode 100644
index 00000000..b9c2ba0d
--- /dev/null
+++ b/infra/repository/README.md
@@ -0,0 +1,43 @@
+# Repository Settings
+
+Define settings of this GitHub repository.
+
+## How to use
+
+Make sure your PAT has access to this repository. Then, follow these steps:
+
+- set the subscription: `az account set --subscription "PROD-SelfCare"`
+- run `terraform init -backend-config="backend.tfvars"`
+- run `terraform plan`
+- run `terraform apply`
+
+<!-- markdownlint-disable -->
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.6.0 |
+
+## Providers
+
+No providers.
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_repository"></a> [repository](#module\_repository) | github.com/pagopa/selfcare-commons//infra/terraform-modules/github_repository_settings | main |
+
+## Resources
+
+No resources.
+
+## Inputs
+
+No inputs.
+
+## Outputs
+
+No outputs.
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
\ No newline at end of file
diff --git a/infra/repository/backend.tfvars b/infra/repository/backend.tfvars
new file mode 100644
index 00000000..bc6f8ff2
--- /dev/null
+++ b/infra/repository/backend.tfvars
@@ -0,0 +1,4 @@
+resource_group_name  = "terraform-state-rg"
+storage_account_name = "tfinfprodselfcare"
+container_name       = "terraform-state"
+key                  = "selfcare-ms-external-interceptor.repository.tfstate"
\ No newline at end of file
diff --git a/infra/repository/main.tf b/infra/repository/main.tf
new file mode 100644
index 00000000..4af690a4
--- /dev/null
+++ b/infra/repository/main.tf
@@ -0,0 +1,17 @@
+terraform {
+  required_version = ">= 1.6.0"
+
+  backend "azurerm" {}
+}
+
+provider "azurerm" {
+  features {}
+}
+
+module "repository" {
+  source = "github.com/pagopa/selfcare-commons//infra/terraform-modules/github_repository_settings?ref=main"
+
+  github = {
+    repository = "selfcare-ms-external-interceptor"
+  }
+}

From 553d233e063803c655c793d9070e0579fcec427c Mon Sep 17 00:00:00 2001
From: Andrea Grillo <andrea.grillo@pagopa.it>
Date: Mon, 12 Feb 2024 15:06:36 +0100
Subject: [PATCH 2/4] [EC-153] Add microservice PNPG pipeline (#78)

---
 .github/workflows/release_ms_pnpg.yml | 49 +++++++++++++++++++++++++++
 1 file changed, 49 insertions(+)
 create mode 100644 .github/workflows/release_ms_pnpg.yml

diff --git a/.github/workflows/release_ms_pnpg.yml b/.github/workflows/release_ms_pnpg.yml
new file mode 100644
index 00000000..4aab7c45
--- /dev/null
+++ b/.github/workflows/release_ms_pnpg.yml
@@ -0,0 +1,49 @@
+name: Release PNPG ms-external-interceptor
+
+on:
+  workflow_dispatch:
+
+  push:
+    branches:
+      - main
+      - releases/*
+    paths:
+      - '!.devops/**'
+      - '!helm/**'
+      - '!**.md'
+      - '!**ignore'
+      - '!infra/**'
+      - '!.terraform-version'
+      - '!CODEOWNERS'
+
+jobs:
+
+  release_dev:
+    uses: pagopa/selfcare-commons/.github/workflows/call_release_docker.yml@EC-149-template-git-hub-workflows
+    name: '[Dev] ExternalInterceptor ms Release'
+    if: startsWith(github.ref_name, 'releases/') != true
+    secrets: inherit
+    with:
+      environment: dev
+      tf_environment: dev-pnpg
+      dir: 'infra'
+
+  release_uat:
+    uses: pagopa/selfcare-commons/.github/workflows/call_release_docker.yml@EC-149-template-git-hub-workflows
+    name: '[UAT] ExternalInterceptor ms Release'
+    if: startsWith(github.ref_name, 'releases/')
+    secrets: inherit
+    with:
+      environment: uat
+      tf_environment: uat-pnpg
+      dir: 'infra'
+
+  release_prod:
+    uses: pagopa/selfcare-commons/.github/workflows/call_release_docker.yml@EC-149-template-git-hub-workflows
+    name: '[Prod] ExternalInterceptor ms Release'
+    if: startsWith(github.ref_name, 'releases/')
+    secrets: inherit
+    with:
+      environment: prod
+      tf_environment: prod-pnpg
+      dir: 'infra'
\ No newline at end of file

From a86977e9a7caf2ae3143128d6d7be175f0245b97 Mon Sep 17 00:00:00 2001
From: Andrea Grillo <andrea.grillo@pagopa.it>
Date: Tue, 12 Mar 2024 15:18:40 +0100
Subject: [PATCH 3/4] [EC-122] Add Container App infrastructure (#79)

Co-authored-by: manuraf <manuel.rafeli@pagopa.it>
---
 .github/workflows/pr_ms.yml                   |   4 +-
 .github/workflows/release_ms.yml              |  29 ++--
 .github/workflows/release_ms_pnpg.yml         |  49 -------
 Dockerfile.new                                |   3 +-
 infra/container_apps/.terraform.lock.hcl      |  48 +++++++
 infra/container_apps/README.md                |  42 ++++++
 infra/container_apps/env/dev/backend.ini      |   1 +
 infra/container_apps/env/dev/backend.tfvars   |   4 +
 infra/container_apps/env/dev/terraform.tfvars | 110 +++++++++++++++
 infra/container_apps/env/prod/backend.ini     |   1 +
 infra/container_apps/env/prod/backend.tfvars  |   4 +
 .../container_apps/env/prod/terraform.tfvars  | 125 ++++++++++++++++++
 infra/container_apps/env/uat/backend.ini      |   1 +
 infra/container_apps/env/uat/backend.tfvars   |   4 +
 infra/container_apps/env/uat/terraform.tfvars | 112 ++++++++++++++++
 infra/container_apps/main.tf                  |  25 ++++
 infra/container_apps/terraform.sh             |  69 ++++++++++
 infra/container_apps/variables.tf             |  57 ++++++++
 pom.xml                                       |   1 +
 19 files changed, 628 insertions(+), 61 deletions(-)
 delete mode 100644 .github/workflows/release_ms_pnpg.yml
 create mode 100644 infra/container_apps/.terraform.lock.hcl
 create mode 100644 infra/container_apps/README.md
 create mode 100644 infra/container_apps/env/dev/backend.ini
 create mode 100644 infra/container_apps/env/dev/backend.tfvars
 create mode 100644 infra/container_apps/env/dev/terraform.tfvars
 create mode 100644 infra/container_apps/env/prod/backend.ini
 create mode 100644 infra/container_apps/env/prod/backend.tfvars
 create mode 100644 infra/container_apps/env/prod/terraform.tfvars
 create mode 100644 infra/container_apps/env/uat/backend.ini
 create mode 100644 infra/container_apps/env/uat/backend.tfvars
 create mode 100644 infra/container_apps/env/uat/terraform.tfvars
 create mode 100644 infra/container_apps/main.tf
 create mode 100644 infra/container_apps/terraform.sh
 create mode 100644 infra/container_apps/variables.tf

diff --git a/.github/workflows/pr_ms.yml b/.github/workflows/pr_ms.yml
index 021193b0..66d85b5d 100644
--- a/.github/workflows/pr_ms.yml
+++ b/.github/workflows/pr_ms.yml
@@ -22,7 +22,7 @@ on:
 jobs:
 
   code_review:
-    uses: pagopa/selfcare-commons/.github/workflows/call_code_review_spring.yml@EC-149-template-git-hub-workflows
+    uses: pagopa/selfcare-commons/.github/workflows/call_code_review_spring.yml@main
     name: 'Code Review'
     secrets: inherit
     if: github.base_ref == 'main' && github.event_name == 'pull_request'
@@ -33,5 +33,5 @@ jobs:
       sonar_key: 'pagopa_selfcare-ms-external-interceptor'
 
   docker_build:
-    uses: pagopa/selfcare-commons/.github/workflows/call_code_review_docker.yml@EC-149-template-git-hub-workflows
+    uses: pagopa/selfcare-commons/.github/workflows/call_code_review_docker.yml@main
     name: 'Docker'
\ No newline at end of file
diff --git a/.github/workflows/release_ms.yml b/.github/workflows/release_ms.yml
index 23190439..2ec55382 100644
--- a/.github/workflows/release_ms.yml
+++ b/.github/workflows/release_ms.yml
@@ -2,6 +2,14 @@ name: Release ms-external-interceptor
 
 on:
   workflow_dispatch:
+    inputs:
+      env:
+        type: choice
+        description: Environment
+        options: 
+        - dev
+        - uat
+        - prod
 
   push:
     branches:
@@ -19,28 +27,31 @@ on:
 jobs:
 
   release_dev:
-    uses: pagopa/selfcare-commons/.github/workflows/call_release_docker.yml@EC-149-template-git-hub-workflows
+    uses: pagopa/selfcare-commons/.github/workflows/call_release_docker.yml@main
     name: '[Dev] ExternalInterceptor ms Release'
-    if: startsWith(github.ref_name, 'releases/') != true
+    if: ${{ (startsWith(github.ref_name, 'releases/') != true && inputs.env == null) || inputs.env == 'dev' }}
     secrets: inherit
     with:
       environment: dev
-      dir: 'infra'
+      tf_environment: dev
+      dir: 'infra/container_apps'
 
   release_uat:
-    uses: pagopa/selfcare-commons/.github/workflows/call_release_docker.yml@EC-149-template-git-hub-workflows
+    uses: pagopa/selfcare-commons/.github/workflows/call_release_docker.yml@main
     name: '[UAT] ExternalInterceptor ms Release'
-    if: startsWith(github.ref_name, 'releases/')
+    if: ${{ (startsWith(github.ref_name, 'releases/') == true && inputs.env == null) || inputs.env == 'uat' }}
     secrets: inherit
     with:
       environment: uat
-      dir: 'infra'
+      tf_environment: uat
+      dir: 'infra/container_apps'
 
   release_prod:
-    uses: pagopa/selfcare-commons/.github/workflows/call_release_docker.yml@EC-149-template-git-hub-workflows
+    uses: pagopa/selfcare-commons/.github/workflows/call_release_docker.yml@main
     name: '[Prod] ExternalInterceptor ms Release'
-    if: startsWith(github.ref_name, 'releases/')
+    if: ${{ inputs.env == 'prod' }}
     secrets: inherit
     with:
       environment: prod
-      dir: 'infra'
\ No newline at end of file
+      tf_environment: prod
+      dir: 'infra/container_apps'
\ No newline at end of file
diff --git a/.github/workflows/release_ms_pnpg.yml b/.github/workflows/release_ms_pnpg.yml
deleted file mode 100644
index 4aab7c45..00000000
--- a/.github/workflows/release_ms_pnpg.yml
+++ /dev/null
@@ -1,49 +0,0 @@
-name: Release PNPG ms-external-interceptor
-
-on:
-  workflow_dispatch:
-
-  push:
-    branches:
-      - main
-      - releases/*
-    paths:
-      - '!.devops/**'
-      - '!helm/**'
-      - '!**.md'
-      - '!**ignore'
-      - '!infra/**'
-      - '!.terraform-version'
-      - '!CODEOWNERS'
-
-jobs:
-
-  release_dev:
-    uses: pagopa/selfcare-commons/.github/workflows/call_release_docker.yml@EC-149-template-git-hub-workflows
-    name: '[Dev] ExternalInterceptor ms Release'
-    if: startsWith(github.ref_name, 'releases/') != true
-    secrets: inherit
-    with:
-      environment: dev
-      tf_environment: dev-pnpg
-      dir: 'infra'
-
-  release_uat:
-    uses: pagopa/selfcare-commons/.github/workflows/call_release_docker.yml@EC-149-template-git-hub-workflows
-    name: '[UAT] ExternalInterceptor ms Release'
-    if: startsWith(github.ref_name, 'releases/')
-    secrets: inherit
-    with:
-      environment: uat
-      tf_environment: uat-pnpg
-      dir: 'infra'
-
-  release_prod:
-    uses: pagopa/selfcare-commons/.github/workflows/call_release_docker.yml@EC-149-template-git-hub-workflows
-    name: '[Prod] ExternalInterceptor ms Release'
-    if: startsWith(github.ref_name, 'releases/')
-    secrets: inherit
-    with:
-      environment: prod
-      tf_environment: prod-pnpg
-      dir: 'infra'
\ No newline at end of file
diff --git a/Dockerfile.new b/Dockerfile.new
index 13dc1062..9dfa915d 100644
--- a/Dockerfile.new
+++ b/Dockerfile.new
@@ -12,7 +12,8 @@ WORKDIR /app
 
 COPY --from=builder ./target/*.jar ./app.jar
 
-ADD https://github.com/microsoft/ApplicationInsights-Java/releases/download/3.1.1/applicationinsights-agent-3.1.1.jar /applicationinsights-agent.jar
+ADD https://github.com/microsoft/ApplicationInsights-Java/releases/download/3.2.11/applicationinsights-agent-3.2.11.jar ./applicationinsights-agent.jar
+RUN chmod 755 ./applicationinsights-agent.jar
 
 EXPOSE 8080
 USER 1001
diff --git a/infra/container_apps/.terraform.lock.hcl b/infra/container_apps/.terraform.lock.hcl
new file mode 100644
index 00000000..bdcbd8fe
--- /dev/null
+++ b/infra/container_apps/.terraform.lock.hcl
@@ -0,0 +1,48 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/azure/azapi" {
+  version     = "1.9.0"
+  constraints = "~> 1.9.0"
+  hashes = [
+    "h1:Ow1rr5fYBGSkplH/kcXeWz9y2wA81BnhZ7vTBzJfAAg=",
+    "h1:shpEoqcAbf+p6AvspiYO1YrX//8l1LV/owEcQpujWHw=",
+    "h1:yIJQVdnmGZdvS3yrw0M8ke9KiB/c0tjZ7KUXC46Hjx0=",
+    "h1:zaLH2Owmj61RX2G1Cy6VDy8Ttfzx+lDsSCyiu5cXkm4=",
+    "zh:349569471fbf387feaaf8b88da1690669e201147c342f905e5eb03df42b3cf87",
+    "zh:54346d5fb78cbad3eb7cfd96e1dd7ce4f78666cabaaccfec6ee9437476330018",
+    "zh:64b799da915ea3a9a58ac7a926c6a31c59fd0d911687804d8e815eda88c5580b",
+    "zh:9336ed9e112555e0fda8af6be9ba21478e30117d79ba662233311d9560d2b7c6",
+    "zh:a8aace9897b28ea0b2dbd7a3be3df033e158af40412c9c7670be0956f216ed7e",
+    "zh:ab23df7de700d9e785009a4ca9ceb38ae1ab894a13f5788847f15d018556f415",
+    "zh:b4f13f0b13560a67d427c71c85246f8920f98987120341830071df4535842053",
+    "zh:e58377bf36d8a14d28178a002657865ee17446182dac03525fd43435e41a1b5c",
+    "zh:ea5db4acc6413fd0fe6b35981e58cdc9850f5f3118031cc3d2581de511aee6aa",
+    "zh:f0b32c06c6bd4e4af2c02a62be07b947766aeeb09289a03f21aba16c2fd3c60f",
+    "zh:f1518e766a90c257d7eb36d360dafaf311593a4a9352ff8db0bcfe0ed8cf45ae",
+    "zh:fa89e84cff0776b5b61ff27049b1d8ed52040bd58c81c4628890d644a6fb2989",
+  ]
+}
+
+provider "registry.terraform.io/hashicorp/azurerm" {
+  version     = "3.91.0"
+  constraints = "<= 3.91.0"
+  hashes = [
+    "h1:8hMFuaTQsZIV69D0J/W+6hSlhRRDzYSpC0Eg9yWYF0o=",
+    "h1:FEDNnFv/uKI2+FQ+nDoyswEI3trJ3d7Fx2Cy7Ff4Rq8=",
+    "h1:Iv9CR+7491iozaK2AkCSAK2u4a2rPyJDQpyHijClj6Y=",
+    "h1:t0I5G4canK6UdlgHGfMV4rUNBPGdrMiIB01VGizlXB8=",
+    "zh:13928b71b1235783f3f877a799e28fb91e50512b051eb8ccb370500fc140cf3f",
+    "zh:3264341657e9ff3963d69b0fa088f64665349e2a29b2f3aeb4deee6d9d7584b7",
+    "zh:467a2ddd2eee26353db65e949bfbe533481ca0fb53c152724380b63a308f11b9",
+    "zh:6133e57087167b163180df3a77fab0c63b3e11609d139d39db8d3be3d6ec7ccd",
+    "zh:6df24730bc9247647ffb44832c3c64e45ab731dd83a3592d33d28235a453235a",
+    "zh:775aae148223a4a86e2dd25533a95a5fea4817085b6c5e643a7192453270cd68",
+    "zh:89d51148c7c123685d3e2f7e291888a3af009656e5c0ad66235a7c686ecb19d2",
+    "zh:9c89552051226eeb7c0fc66ad5aa57d1d0f5acc1d56afad06b6596707ae6c85e",
+    "zh:c4f3bc269837fa3b6ad803de2c7d1125dd791d78a521dcad2e7a63b905a13a53",
+    "zh:e48f05de1ffdcc998c5ff915570fb0557c7ac1d3af971dd76aff82e66d45bf06",
+    "zh:f1945716c7b9c23c25ca9fb4a68f27b6cfa25f5d235112c31f9412eba47f93c6",
+    "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
+  ]
+}
diff --git a/infra/container_apps/README.md b/infra/container_apps/README.md
new file mode 100644
index 00000000..6cf55732
--- /dev/null
+++ b/infra/container_apps/README.md
@@ -0,0 +1,42 @@
+# Container App
+
+Deploy container on a Container App instance.
+
+<!-- markdownlint-disable -->
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.6.0 |
+
+## Providers
+
+No providers.
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_container_app_dashboard_backend"></a> [container\_app\_dashboard\_backend](#module\_container\_app\_dashboard\_backend) | github.com/pagopa/selfcare-commons//infra/terraform-modules/container_app_microservice | main |
+
+## Resources
+
+No resources.
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_app_settings"></a> [app\_settings](#input\_app\_settings) | n/a | <pre>list(object({<br>    name  = string<br>    value = string<br>  }))</pre> | n/a | yes |
+| <a name="input_container_app"></a> [container\_app](#input\_container\_app) | Container App configuration | <pre>object({<br>    min_replicas = number<br>    max_replicas = number<br><br>    scale_rules = list(object({<br>      name = string<br>      custom = object({<br>        metadata = map(string)<br>        type     = string<br>      })<br>    }))<br><br>    cpu    = number<br>    memory = string<br>  })</pre> | n/a | yes |
+| <a name="input_env_short"></a> [env\_short](#input\_env\_short) | Environment short name | `string` | n/a | yes |
+| <a name="input_image_tag"></a> [image\_tag](#input\_image\_tag) | Image tag to use for the container | `string` | `"latest"` | no |
+| <a name="input_is_pnpg"></a> [is\_pnpg](#input\_is\_pnpg) | (Optional) True if you want to apply changes to PNPG environment | `bool` | `false` | no |
+| <a name="input_secrets_names"></a> [secrets\_names](#input\_secrets\_names) | KeyVault secrets to get values from | `map(string)` | n/a | yes |
+| <a name="input_tags"></a> [tags](#input\_tags) | n/a | `map(any)` | n/a | yes |
+
+## Outputs
+
+No outputs.
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
\ No newline at end of file
diff --git a/infra/container_apps/env/dev/backend.ini b/infra/container_apps/env/dev/backend.ini
new file mode 100644
index 00000000..73ee9c6b
--- /dev/null
+++ b/infra/container_apps/env/dev/backend.ini
@@ -0,0 +1 @@
+subscription=DEV-SelfCare
\ No newline at end of file
diff --git a/infra/container_apps/env/dev/backend.tfvars b/infra/container_apps/env/dev/backend.tfvars
new file mode 100644
index 00000000..174ca256
--- /dev/null
+++ b/infra/container_apps/env/dev/backend.tfvars
@@ -0,0 +1,4 @@
+resource_group_name  = "terraform-state-rg"
+storage_account_name = "tfappdevselfcare"
+container_name       = "terraform-state"
+key                  = "selfcare-external-interceptor.container_app.tfstate"
\ No newline at end of file
diff --git a/infra/container_apps/env/dev/terraform.tfvars b/infra/container_apps/env/dev/terraform.tfvars
new file mode 100644
index 00000000..43fea221
--- /dev/null
+++ b/infra/container_apps/env/dev/terraform.tfvars
@@ -0,0 +1,110 @@
+env_short = "d"
+
+tags = {
+  CreatedBy   = "Terraform"
+  Environment = "Dev"
+  Owner       = "SelfCare"
+  Source      = "https://github.com/pagopa/selfcare-ms-external-interceptor"
+  CostCenter  = "TS310 - PAGAMENTI & SERVIZI"
+}
+
+container_app = {
+  min_replicas = 1
+  max_replicas = 1
+  scale_rules  = []
+  cpu          = 0.5
+  memory       = "1Gi"
+}
+
+app_settings = [
+  {
+    name  = "INTERNAL_API_SERVICE_URL"
+    value = "https://api.dev.selfcare.pagopa.it"
+  },
+  {
+    name  = "MS_EXTERNAL_INTERCEPTOR_LOG_LEVEL"
+    value = "DEBUG"
+  },
+  {
+    name  = "SAP_ALLOWED_INSTITUTION_TYPES"
+    value = "PA,GSP,SA,SA,SCP"
+  },
+  {
+    name  = "SAP_ALLOWED_ORIGIN"
+    value = "IPA,SELC"
+  },
+  {
+    name  = "PRODUCTS_TO_RESEND"
+    value = "prod-pn,prod-io-sign,prod-io-premium"
+  },
+  {
+    name  = "JAVA_TOOL_OPTIONS"
+    value = "-javaagent:applicationinsights-agent.jar"
+  },
+  {
+    name  = "APPLICATIONINSIGHTS_ROLE_NAME"
+    value = "ms-external-interceptor"
+  },
+  {
+    name  = "KAFKA_AUTO_OFFSET_RESET_CONFIG"
+    value = "earliest"
+  },
+  {
+    name  = "ALLOWED_PRODUCER_TOPICS"
+    value = "{'prod-fd': 'selfcare-fd', 'prod-fd-garantito': 'selfcare-fd'}"
+  },
+  {
+    name  = "USERVICE_PARTY_REGISTRY_PROXY_URL"
+    value = "https://selc-d-party-reg-proxy-ca.gentleflower-c63e62fe.westeurope.azurecontainerapps.io"
+  },
+  {
+    name  = "EXTERNAL_API_BACKEND_URL"
+    value = "https://selc-d-external-api-backend-ca.gentleflower-c63e62fe.westeurope.azurecontainerapps.io"
+  },
+  {
+    name  = "MS_CORE_URL"
+    value = "https://selc-d-ms-core-ca.gentleflower-c63e62fe.westeurope.azurecontainerapps.io"
+  },
+  {
+    name  = "PROD_FD_URL"
+    value = "https://fid00001fe.siachain.sv.sia.eu:30008"
+  },
+  {
+    name  = "KAFKA_BROKER"
+    value = "selc-d-eventhub-ns.servicebus.windows.net:9093"
+  },
+  {
+    name  = "KAFKA_SECURITY_PROTOCOL"
+    value = "SASL_SSL"
+  },
+  {
+    name  = "KAFKA_SASL_MECHANISM"
+    value = "PLAIN"
+  },
+  {
+    name  = "KAFKA_CONTRACTS_TOPIC"
+    value = "SC-Contracts"
+  },
+  {
+    name  = "KAFKA_FD_TOPIC"
+    value = "Selfcare-FD"
+  },
+  {
+    name  = "KAFKA_USERS_TOPIC"
+    value = "SC-Users"
+  }
+]
+
+secrets_names = {
+  "APPLICATIONINSIGHTS_CONNECTION_STRING"        = "appinsights-connection-string"
+  "SELFCARE_APIM_INTERNAL_API_KEY"               = "onboarding-interceptor-apim-internal"
+  "FD_TOKEN_GRANT_TYPE"                          = "prod-fd-grant-type"
+  "FD_TOKEN_CLIENT_ID"                           = "prod-fd-client-id"
+  "FD_TOKEN_CLIENT_SECRET"                       = "prod-fd-client-secret"
+  "MONGODB_CONNECTION_URI"                       = "mongodb-connection-string"
+  "KAFKA_CONTRACTS_SELFCARE_RO_SASL_JAAS_CONFIG" = "eventhub-sc-contracts-selfcare-wo-connection-string-lc"
+  "KAFKA_USERS_SELFCARE_RO_SASL_JAAS_CONFIG"     = "eventhub-sc-users-selfcare-wo-connection-string-lc"
+  "KAFKA_SELFCARE_FD_WO_SASL_JAAS_CONFIG"        = "eventhub-selfcare-fd-fd-connection-string-lc"
+  "KAFKA_SC_CONTRACTS_SAP_WO_SASL_JAAS_CONFIG"   = "eventhub-sc-contracts-sap-sap-connection-string-lc"
+  "K8S_AUTHORIZATION_TOKEN"                      = "jwt-bearer-token-functions"
+}
diff --git a/infra/container_apps/env/prod/backend.ini b/infra/container_apps/env/prod/backend.ini
new file mode 100644
index 00000000..0343b4a0
--- /dev/null
+++ b/infra/container_apps/env/prod/backend.ini
@@ -0,0 +1 @@
+subscription=PROD-SelfCare
\ No newline at end of file
diff --git a/infra/container_apps/env/prod/backend.tfvars b/infra/container_apps/env/prod/backend.tfvars
new file mode 100644
index 00000000..d8af03fa
--- /dev/null
+++ b/infra/container_apps/env/prod/backend.tfvars
@@ -0,0 +1,4 @@
+resource_group_name  = "terraform-state-rg"
+storage_account_name = "tfappprodselfcare"
+container_name       = "terraform-state"
+key                  = "selfcare-external-interceptor.container_app.tfstate"
\ No newline at end of file
diff --git a/infra/container_apps/env/prod/terraform.tfvars b/infra/container_apps/env/prod/terraform.tfvars
new file mode 100644
index 00000000..92312d12
--- /dev/null
+++ b/infra/container_apps/env/prod/terraform.tfvars
@@ -0,0 +1,125 @@
+env_short = "p"
+
+tags = {
+  CreatedBy   = "Terraform"
+  Environment = "Prod"
+  Owner       = "SelfCare"
+  Source      = "https://github.com/pagopa/selfcare-ms-external-interceptor"
+  CostCenter  = "TS310 - PAGAMENTI & SERVIZI"
+}
+
+container_app = {
+  min_replicas = 1
+  max_replicas = 5
+  scale_rules = [
+    {
+      custom = {
+        metadata = {
+          "desiredReplicas" = "3"
+          "start"           = "0 8 * * MON-FRI"
+          "end"             = "0 19 * * MON-FRI"
+          "timezone"        = "Europe/Rome"
+        }
+        type = "cron"
+      }
+      name = "cron-scale-rule"
+    }
+  ]
+  cpu    = 1.25
+  memory = "2.5Gi"
+}
+
+
+
+app_settings = [
+  {
+    name  = "INTERNAL_API_SERVICE_URL"
+    value = "https://api.selfcare.pagopa.it"
+  },
+  {
+    name  = "MS_EXTERNAL_INTERCEPTOR_LOG_LEVEL"
+    value = "INFO"
+  },
+  {
+    name  = "SAP_ALLOWED_INSTITUTION_TYPES"
+    value = "PA,GSP,SA,SA,SCP"
+  },
+  {
+    name  = "SAP_ALLOWED_ORIGIN"
+    value = "IPA,SELC"
+  },
+  {
+    name  = "PRODUCTS_TO_RESEND"
+    value = "prod-pn,prod-io-sign,prod-io-premium"
+  },
+  {
+    name  = "JAVA_TOOL_OPTIONS"
+    value = "-javaagent:applicationinsights-agent.jar"
+  },
+  {
+    name  = "APPLICATIONINSIGHTS_ROLE_NAME"
+    value = "ms-external-interceptor"
+  },
+  {
+    name  = "KAFKA_AUTO_OFFSET_RESET_CONFIG"
+    value = "earliest"
+  },
+  {
+    name  = "ALLOWED_PRODUCER_TOPICS"
+    value = "{'prod-fd': 'selfcare-fd', 'prod-fd-garantito': 'selfcare-fd'}"
+  },
+  {
+    name  = "USERVICE_PARTY_REGISTRY_PROXY_URL"
+    value = "https://selc-p-party-reg-proxy-ca.bluedune-cc0f8752.westeurope.azurecontainerapps.io"
+  },
+  {
+    name  = "EXTERNAL_API_BACKEND_URL"
+    value = "https://selc-p-external-api-backend-ca.bluedune-cc0f8752.westeurope.azurecontainerapps.io"
+  },
+  {
+    name  = "MS_CORE_URL"
+    value = "https://selc-p-ms-core-ca.bluedune-cc0f8752.westeurope.azurecontainerapps.io"
+  },
+  {
+    name  = "PROD_FD_URL"
+    value = "https://portale.fideiussionidigitali.it"
+  },
+  {
+    name  = "KAFKA_BROKER"
+    value = "selc-p-eventhub-ns.servicebus.windows.net:9093"
+  },
+  {
+    name  = "KAFKA_SECURITY_PROTOCOL"
+    value = "SASL_SSL"
+  },
+  {
+    name  = "KAFKA_SASL_MECHANISM"
+    value = "PLAIN"
+  },
+  {
+    name  = "KAFKA_CONTRACTS_TOPIC"
+    value = "SC-Contracts"
+  },
+  {
+    name  = "KAFKA_FD_TOPIC"
+    value = "Selfcare-FD"
+  },
+  {
+    name  = "KAFKA_USERS_TOPIC"
+    value = "SC-Users"
+  }
+]
+
+secrets_names = {
+  "APPLICATIONINSIGHTS_CONNECTION_STRING"        = "appinsights-connection-string"
+  "SELFCARE_APIM_INTERNAL_API_KEY"               = "onboarding-interceptor-apim-internal"
+  "FD_TOKEN_GRANT_TYPE"                          = "prod-fd-grant-type"
+  "FD_TOKEN_CLIENT_ID"                           = "prod-fd-client-id"
+  "FD_TOKEN_CLIENT_SECRET"                       = "prod-fd-client-secret"
+  "MONGODB_CONNECTION_URI"                       = "mongodb-connection-string"
+  "KAFKA_CONTRACTS_SELFCARE_RO_SASL_JAAS_CONFIG" = "eventhub-sc-contracts-selfcare-wo-connection-string-lc"
+  "KAFKA_USERS_SELFCARE_RO_SASL_JAAS_CONFIG"     = "eventhub-sc-users-selfcare-wo-connection-string-lc"
+  "KAFKA_SELFCARE_FD_WO_SASL_JAAS_CONFIG"        = "eventhub-selfcare-fd-fd-connection-string-lc"
+  "KAFKA_SC_CONTRACTS_SAP_WO_SASL_JAAS_CONFIG"   = "eventhub-sc-contracts-sap-sap-connection-string-lc"
+  "K8S_AUTHORIZATION_TOKEN"                      = "jwt-bearer-token-functions"
+}
\ No newline at end of file
diff --git a/infra/container_apps/env/uat/backend.ini b/infra/container_apps/env/uat/backend.ini
new file mode 100644
index 00000000..8cadfd65
--- /dev/null
+++ b/infra/container_apps/env/uat/backend.ini
@@ -0,0 +1 @@
+subscription=UAT-SelfCare
\ No newline at end of file
diff --git a/infra/container_apps/env/uat/backend.tfvars b/infra/container_apps/env/uat/backend.tfvars
new file mode 100644
index 00000000..d684b904
--- /dev/null
+++ b/infra/container_apps/env/uat/backend.tfvars
@@ -0,0 +1,4 @@
+resource_group_name  = "terraform-state-rg"
+storage_account_name = "tfappuatselfcare"
+container_name       = "terraform-state"
+key                  = "selfcare-external-interceptor.container_app.tfstate"
\ No newline at end of file
diff --git a/infra/container_apps/env/uat/terraform.tfvars b/infra/container_apps/env/uat/terraform.tfvars
new file mode 100644
index 00000000..4f9bcefb
--- /dev/null
+++ b/infra/container_apps/env/uat/terraform.tfvars
@@ -0,0 +1,112 @@
+env_short = "u"
+
+tags = {
+  CreatedBy   = "Terraform"
+  Environment = "Uat"
+  Owner       = "SelfCare"
+  Source      = "https://github.com/pagopa/selfcare-ms-external-interceptor"
+  CostCenter  = "TS310 - PAGAMENTI & SERVIZI"
+}
+
+container_app = {
+  min_replicas = 1
+  max_replicas = 2
+  scale_rules  = []
+  cpu          = 0.5
+  memory       = "1Gi"
+}
+
+
+
+app_settings = [
+  {
+    name  = "INTERNAL_API_SERVICE_URL"
+    value = "https://api.uat.selfcare.pagopa.it"
+  },
+  {
+    name  = "MS_EXTERNAL_INTERCEPTOR_LOG_LEVEL"
+    value = "INFO"
+  },
+  {
+    name  = "SAP_ALLOWED_INSTITUTION_TYPES"
+    value = "PA,GSP,SA,SA,SCP"
+  },
+  {
+    name  = "SAP_ALLOWED_ORIGIN"
+    value = "IPA,SELC"
+  },
+  {
+    name  = "PRODUCTS_TO_RESEND"
+    value = "prod-pn,prod-io-sign,prod-io-premium"
+  },
+  {
+    name  = "JAVA_TOOL_OPTIONS"
+    value = "-javaagent:applicationinsights-agent.jar"
+  },
+  {
+    name  = "APPLICATIONINSIGHTS_ROLE_NAME"
+    value = "ms-external-interceptor"
+  },
+  {
+    name  = "KAFKA_AUTO_OFFSET_RESET_CONFIG"
+    value = "earliest"
+  },
+  {
+    name  = "ALLOWED_PRODUCER_TOPICS"
+    value = "{'prod-fd': 'selfcare-fd', 'prod-fd-garantito': 'selfcare-fd'}"
+  },
+  {
+    name  = "USERVICE_PARTY_REGISTRY_PROXY_URL"
+    value = "https://selc-u-party-reg-proxy-ca.calmsky-143987c1.westeurope.azurecontainerapps.io"
+  },
+  {
+    name  = "EXTERNAL_API_BACKEND_URL"
+    value = "https://selc-u-external-api-backend-ca.calmsky-143987c1.westeurope.azurecontainerapps.io"
+  },
+  {
+    name  = "MS_CORE_URL"
+    value = "https://selc-u-ms-core-ca.calmsky-143987c1.westeurope.azurecontainerapps.io"
+  },
+  {
+    name  = "PROD_FD_URL"
+    value = "https://fid00001fe.siachain.sv.sia.eu:30008"
+  },
+  {
+    name  = "KAFKA_BROKER"
+    value = "selc-u-eventhub-ns.servicebus.windows.net:9093"
+  },
+  {
+    name  = "KAFKA_SECURITY_PROTOCOL"
+    value = "SASL_SSL"
+  },
+  {
+    name  = "KAFKA_SASL_MECHANISM"
+    value = "PLAIN"
+  },
+  {
+    name  = "KAFKA_CONTRACTS_TOPIC"
+    value = "SC-Contracts"
+  },
+  {
+    name  = "KAFKA_FD_TOPIC"
+    value = "Selfcare-FD"
+  },
+  {
+    name  = "KAFKA_USERS_TOPIC"
+    value = "SC-Users"
+  }
+]
+
+secrets_names = {
+  "APPLICATIONINSIGHTS_CONNECTION_STRING"        = "appinsights-connection-string"
+  "SELFCARE_APIM_INTERNAL_API_KEY"               = "onboarding-interceptor-apim-internal"
+  "FD_TOKEN_GRANT_TYPE"                          = "prod-fd-grant-type"
+  "FD_TOKEN_CLIENT_ID"                           = "prod-fd-client-id"
+  "FD_TOKEN_CLIENT_SECRET"                       = "prod-fd-client-secret"
+  "MONGODB_CONNECTION_URI"                       = "mongodb-connection-string"
+  "KAFKA_CONTRACTS_SELFCARE_RO_SASL_JAAS_CONFIG" = "eventhub-sc-contracts-selfcare-wo-connection-string-lc"
+  "KAFKA_USERS_SELFCARE_RO_SASL_JAAS_CONFIG"     = "eventhub-sc-users-selfcare-wo-connection-string-lc"
+  "KAFKA_SELFCARE_FD_WO_SASL_JAAS_CONFIG"        = "eventhub-selfcare-fd-fd-connection-string-lc"
+  "KAFKA_SC_CONTRACTS_SAP_WO_SASL_JAAS_CONFIG"   = "eventhub-sc-contracts-sap-sap-connection-string-lc"
+  "K8S_AUTHORIZATION_TOKEN"                      = "jwt-bearer-token-functions"
+}
diff --git a/infra/container_apps/main.tf b/infra/container_apps/main.tf
new file mode 100644
index 00000000..89d7ec83
--- /dev/null
+++ b/infra/container_apps/main.tf
@@ -0,0 +1,25 @@
+terraform {
+  required_version = ">= 1.6.0"
+
+  backend "azurerm" {}
+}
+
+provider "azurerm" {
+  features {}
+}
+
+module "container_app_dashboard_backend" {
+  source = "github.com/pagopa/selfcare-commons//infra/terraform-modules/container_app_microservice?ref=main"
+
+  is_pnpg = var.is_pnpg
+
+  env_short          = var.env_short
+  container_app      = var.container_app
+  container_app_name = "ext-interceptor"
+  image_name         = "selfcare-ms-external-interceptor"
+  image_tag          = var.image_tag
+  app_settings       = var.app_settings
+  secrets_names      = var.secrets_names
+
+  tags = var.tags
+}
diff --git a/infra/container_apps/terraform.sh b/infra/container_apps/terraform.sh
new file mode 100644
index 00000000..e8fe0425
--- /dev/null
+++ b/infra/container_apps/terraform.sh
@@ -0,0 +1,69 @@
+#!/bin/bash
+
+set -e
+
+action=$1
+env=$2
+shift 2
+other=$@
+# must be subscription in lower case
+subscription=""
+BACKEND_CONFIG_PATH="./env/${ENV}/backend.tfvars"
+
+if [ -z "$action" ]; then
+  echo "Missed action: init, apply, plan"
+  exit 0
+fi
+
+if [ -z "$env" ]; then
+  echo "env should be: dev, uat or prod."
+  exit 0
+fi
+
+source "./env/$env/backend.ini"
+
+az account set -s "${subscription}"
+
+# if using cygwin, we have to transcode the WORKDIR
+if [[ $WORKDIR == /cygdrive/* ]]; then
+  WORKDIR=$(cygpath -w $WORKDIR)
+fi
+
+if [ "$action" = "force-unlock" ]; then
+  echo "🧭 terraform INIT in env: ${env}"
+  terraform init -reconfigure -backend-config="./env/$env/backend.tfvars" $other
+  warn_message="You are about to unlock Terraform's remote state. 
+  This is a dangerous task you want to be aware of before going on.
+  This operation won't affect your infrastructure directly.
+  However, please note that you may lose pieces of information about partially-applied configurations.
+
+  Please refer to the official Terraform documentation about the command:
+  https://developer.hashicorp.com/terraform/cli/commands/force-unlock"
+  printf "\n\e[33m%s\e[0m\n\n" "$warn_message"
+
+  read -r -p "Please enter the LOCK ID: " lock_id
+  terraform force-unlock "$lock_id"
+  
+  exit 0 # this line prevents the script to go on
+fi
+
+if echo "init plan apply refresh import output state taint destroy" | grep -w "$action" > /dev/null; then
+  if [ "$action" = "init" ]; then
+    echo "🧭 terraform INIT in env: ${env}"
+    terraform "$action" -reconfigure -backend-config="./env/$env/backend.tfvars" $other
+  elif [ "$action" = "output" ] || [ "$action" = "state" ] || [ "$action" = "taint" ]; then
+    # init terraform backend
+    echo "🧭 terraform (output|state|taint) launched with action: ${action} in env: ${env}"
+    terraform init -reconfigure -backend-config="./env/$env/backend.tfvars"
+    terraform "$action" $other
+  else
+    # init terraform backend
+    echo "🧭 terraform launched with action: ${action} in env: ${env}"
+
+    terraform init -reconfigure -backend-config="./env/$env/backend.tfvars"
+    terraform "$action" -var-file="./env/$env/terraform.tfvars" $other
+  fi
+else
+    echo "Action not allowed."
+    exit 1
+fi
\ No newline at end of file
diff --git a/infra/container_apps/variables.tf b/infra/container_apps/variables.tf
new file mode 100644
index 00000000..b9baf169
--- /dev/null
+++ b/infra/container_apps/variables.tf
@@ -0,0 +1,57 @@
+variable "is_pnpg" {
+  type        = bool
+  default     = false
+  description = "(Optional) True if you want to apply changes to PNPG environment"
+}
+
+variable "env_short" {
+  description = "Environment short name"
+  type        = string
+  validation {
+    condition = (
+      length(var.env_short) <= 1
+    )
+    error_message = "Max length is 1 chars."
+  }
+}
+
+variable "tags" {
+  type = map(any)
+}
+
+variable "container_app" {
+  description = "Container App configuration"
+  type = object({
+    min_replicas = number
+    max_replicas = number
+
+    scale_rules = list(object({
+      name = string
+      custom = object({
+        metadata = map(string)
+        type     = string
+      })
+    }))
+
+    cpu    = number
+    memory = string
+  })
+}
+
+variable "image_tag" {
+  type        = string
+  default     = "latest"
+  description = "Image tag to use for the container"
+}
+
+variable "app_settings" {
+  type = list(object({
+    name  = string
+    value = string
+  }))
+}
+
+variable "secrets_names" {
+  type        = map(string)
+  description = "KeyVault secrets to get values from"
+}
diff --git a/pom.xml b/pom.xml
index 6f25a2da..1ef6ee50 100644
--- a/pom.xml
+++ b/pom.xml
@@ -17,6 +17,7 @@
     <description>Microservice to manage Self Care events for external Products</description>
     <properties>
         <selc-commons.version>2.5.1</selc-commons.version>
+        <sonar.host.url>https://sonarcloud.io/</sonar.host.url>
     </properties>
 
     <dependencyManagement>

From 1076108aab53a3633b36521b9a2ae2301af4dada Mon Sep 17 00:00:00 2001
From: Manuel Rafeli <manuel.rafeli@pagopa.it>
Date: Wed, 13 Mar 2024 10:49:52 +0100
Subject: [PATCH 4/4] [EC-122] fix: added JWT_TOKEN_PUBLIC_KEY as secret (#82)

---
 .github/workflows/release_ms.yml               | 2 +-
 infra/container_apps/env/dev/terraform.tfvars  | 1 +
 infra/container_apps/env/prod/terraform.tfvars | 1 +
 infra/container_apps/env/uat/terraform.tfvars  | 1 +
 4 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/release_ms.yml b/.github/workflows/release_ms.yml
index 2ec55382..a13075fe 100644
--- a/.github/workflows/release_ms.yml
+++ b/.github/workflows/release_ms.yml
@@ -20,7 +20,7 @@ on:
       - '!helm/**'
       - '!**.md'
       - '!**ignore'
-      - '!infra/**'
+      - '!infra/repository/**'
       - '!.terraform-version'
       - '!CODEOWNERS'
 
diff --git a/infra/container_apps/env/dev/terraform.tfvars b/infra/container_apps/env/dev/terraform.tfvars
index 43fea221..daec13e5 100644
--- a/infra/container_apps/env/dev/terraform.tfvars
+++ b/infra/container_apps/env/dev/terraform.tfvars
@@ -107,4 +107,5 @@ secrets_names = {
   "KAFKA_SELFCARE_FD_WO_SASL_JAAS_CONFIG"        = "eventhub-selfcare-fd-fd-connection-string-lc"
   "KAFKA_SC_CONTRACTS_SAP_WO_SASL_JAAS_CONFIG"   = "eventhub-sc-contracts-sap-sap-connection-string-lc"
   "K8S_AUTHORIZATION_TOKEN"                      = "jwt-bearer-token-functions"
+  "JWT_TOKEN_PUBLIC_KEY"                         = "jwt-public-key"
 }
diff --git a/infra/container_apps/env/prod/terraform.tfvars b/infra/container_apps/env/prod/terraform.tfvars
index 92312d12..892bf1f7 100644
--- a/infra/container_apps/env/prod/terraform.tfvars
+++ b/infra/container_apps/env/prod/terraform.tfvars
@@ -122,4 +122,5 @@ secrets_names = {
   "KAFKA_SELFCARE_FD_WO_SASL_JAAS_CONFIG"        = "eventhub-selfcare-fd-fd-connection-string-lc"
   "KAFKA_SC_CONTRACTS_SAP_WO_SASL_JAAS_CONFIG"   = "eventhub-sc-contracts-sap-sap-connection-string-lc"
   "K8S_AUTHORIZATION_TOKEN"                      = "jwt-bearer-token-functions"
+  "JWT_TOKEN_PUBLIC_KEY"                         = "jwt-public-key"
 }
\ No newline at end of file
diff --git a/infra/container_apps/env/uat/terraform.tfvars b/infra/container_apps/env/uat/terraform.tfvars
index 4f9bcefb..4297a551 100644
--- a/infra/container_apps/env/uat/terraform.tfvars
+++ b/infra/container_apps/env/uat/terraform.tfvars
@@ -109,4 +109,5 @@ secrets_names = {
   "KAFKA_SELFCARE_FD_WO_SASL_JAAS_CONFIG"        = "eventhub-selfcare-fd-fd-connection-string-lc"
   "KAFKA_SC_CONTRACTS_SAP_WO_SASL_JAAS_CONFIG"   = "eventhub-sc-contracts-sap-sap-connection-string-lc"
   "K8S_AUTHORIZATION_TOKEN"                      = "jwt-bearer-token-functions"
+  "JWT_TOKEN_PUBLIC_KEY"                         = "jwt-public-key"
 }