Skip to content

Commit

Permalink
Initial commit
Browse files Browse the repository at this point in the history
  • Loading branch information
antonioT90 authored Dec 16, 2024
0 parents commit 85feb0c
Show file tree
Hide file tree
Showing 53 changed files with 2,452 additions and 0 deletions.
182 changes: 182 additions & 0 deletions .devops/deploy-pipelines.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,182 @@
# Build and push image to Azure Container Registry; Deploy to Azure Kubernetes Service
# https://docs.microsoft.com/azure/devops/pipelines/languages/docker

parameters:
- name: 'executeBuild'
displayName: 'Launch docker build'
type: boolean
default: true

trigger:
branches:
include:
- develop
- uat
- main
paths:
include:
- src/*
- build.gradle.kts
- helm/*
- Dockerfile
- settings.gradle.kts

pr: none

resources:
- repo: self

variables:

# vmImageNameDefault: 'ubuntu-latest'
vmImageNameDefault: ubuntu-22.04

imageRepository: '$(K8S_IMAGE_REPOSITORY_NAME)'
deployNamespace: '$(DEPLOY_NAMESPACE)'
helmReleaseName : '$(HELM_RELEASE_NAME)'
canDeploy: true

${{ if eq(variables['Build.SourceBranch'], 'refs/heads/uat') }}:
environment: 'UAT'
dockerRegistryName: '$(UAT_CONTAINER_REGISTRY_NAME)'
dockerRegistryServiceConnection: '$(UAT_CONTAINER_REGISTRY_SERVICE_CONN)'
kubernetesServiceConnection: '$(UAT_KUBERNETES_SERVICE_CONN)'
containerRegistry: '$(UAT_CONTAINER_REGISTRY_NAME)'
selfHostedAgentPool: $(UAT_AGENT_POOL)
postmanEnvFile: p4pa_UAT.postman_environment.json

${{ elseif eq(variables['Build.SourceBranch'], 'refs/heads/main') }}:
environment: 'PROD'
dockerRegistryName: '$(PROD_CONTAINER_REGISTRY_NAME)'
dockerRegistryServiceConnection: '$(PROD_CONTAINER_REGISTRY_SERVICE_CONN)'
kubernetesServiceConnection: '$(PROD_KUBERNETES_SERVICE_CONN)'
containerRegistry: '$(PROD_CONTAINER_REGISTRY_NAME)'
selfHostedAgentPool: $(PROD_AGENT_POOL)
postmanEnvFile: p4pa_PROD.postman_environment.json #Not used

${{ else }}:
environment: 'DEV'
dockerRegistryName: '$(DEV_CONTAINER_REGISTRY_NAME)'
dockerRegistryServiceConnection: '$(DEV_CONTAINER_REGISTRY_SERVICE_CONN)'
kubernetesServiceConnection: '$(DEV_KUBERNETES_SERVICE_CONN)'
containerRegistry: '$(DEV_CONTAINER_REGISTRY_NAME)'
selfHostedAgentPool: $(DEV_AGENT_POOL)
postmanEnvFile: p4pa_DEV.postman_environment.json

stages:
- stage: stage_build
condition: eq(variables.canDeploy, true)
displayName: 'Build and publish image to ${{ variables.environment }} registry'
jobs:
- job: job_build
displayName: Build
pool:
vmImage: $(vmImageNameDefault)
steps:
- task: Bash@3
displayName: Get app version
name: getAppVersion
condition: and(succeeded(), eq(variables.canDeploy, true))
inputs:
targetType: 'inline'
script: |
version=$(cat build.gradle.kts | grep "version = '.*'" | cut -d"'" -f2)
echo "Building $version version"
echo "##vso[task.setvariable variable=appVersion;isOutput=true]$version"
failOnStderr: true

- task: Docker@2
condition: and(succeeded(), ${{ parameters.executeBuild }})
displayName: 'Build and publish $(imageRepository) image'
inputs:
containerRegistry: '$(dockerRegistryServiceConnection)'
repository: '$(imageRepository)'
command: 'buildAndPush'
tags: |
latest
$(Build.SourceVersion)
$(getAppVersion.appVersion)
- task: PublishPipelineArtifact@1
displayName: 'Publish manifests into pipeline artifacts'
condition: succeeded()
inputs:
targetPath: '$(Build.Repository.LocalPath)/helm'
artifact: 'helm'
publishLocation: 'pipeline'
- task: 'Bash@3'
displayName: 'Send message on Slack'
condition: in(variables['Agent.JobStatus'], 'SucceededWithIssues', 'Failed')
inputs:
targetType: 'inline'
script: >
curl -X POST \
-H "Content-type: application/json" \
--data '{"text": "*Attention: There is an error in pipeline $(System.DefinitionName) in step _build_!*\nCheck the logs for more details $(System.CollectionUri)$(System.TeamProject)/_build/results?buildId=$(Build.BuildId) to view the build results."}' \
$(SLACK_WEBHOOK_URL)
- stage: stage_deploy
displayName: 'Deploy to ${{ variables.environment }} K8S'
dependsOn: [ stage_build ]
variables:
appVersion: $[ stageDependencies.stage_build.job_build.outputs['getAppVersion.appVersion'] ]
condition: and(succeeded(), eq(variables.canDeploy, true))
jobs:
- deployment: job_deploy
displayName: 'Deploy'
pool:
name: $(selfHostedAgentPool)
environment: '$(environment)'
strategy:
runOnce:
deploy:
steps:
- download: none
- task: DownloadPipelineArtifact@2
inputs:
buildType: 'current'
artifactName: 'helm'
targetPath: '$(Pipeline.Workspace)/helm'
- task: KubectlInstaller@0
- task: Bash@3
name: helm_dependency_build
displayName: Helm dependency build
inputs:
workingDirectory: '$(Pipeline.Workspace)/helm'
targetType: 'inline'
script: |
helm repo add pagopa-microservice https://pagopa.github.io/aks-microservice-chart-blueprint
helm dep build
failOnStderr: true
- bash: |
echo 'microservice-chart:
podAnnotations:
"build/buildNumber": "$(Build.BuildNumber)"
"build/appVersion": "$(appVersion)"
"build/sourceVersion": "$(Build.SourceVersion)"' > buildMetadata.yaml
displayName: Writing build metadata
- task: HelmDeploy@0
displayName: Helm upgrade
inputs:
kubernetesServiceEndpoint: ${{ variables.kubernetesServiceConnection }}
namespace: '$(deployNamespace)'
command: upgrade
chartType: filepath
chartPath: $(Pipeline.Workspace)/helm
chartName: ${{ variables.helmReleaseName }}
releaseName: ${{ variables.helmReleaseName }}
valueFile: "$(Pipeline.Workspace)/helm/values-${{ lower(variables.environment) }}.yaml"
install: true
waitForExecution: true
arguments: --timeout 5m0s
--values buildMetadata.yaml
- task: 'Bash@3'
displayName: 'Send message on Slack'
condition: in(variables['Agent.JobStatus'], 'SucceededWithIssues', 'Failed')
inputs:
targetType: 'inline'
script: >
curl -X POST \
-H "Content-type: application/json" \
--data '{"text": "*Attention: There is an error in pipeline $(System.DefinitionName) in step _deploy_!*\nCheck the logs for more details $(System.CollectionUri)$(System.TeamProject)/_build/results?buildId=$(Build.BuildId) to view the build results."}' \
$(SLACK_WEBHOOK_URL)
30 changes: 30 additions & 0 deletions .editorconfig
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
# EditorConfig is awesome: http://EditorConfig.org
# Uses editorconfig to maintain consistent coding styles

# top-most EditorConfig file
root = true

# Unix-style newlines with a newline ending every file
[*]
charset = utf-8
end_of_line = lf
indent_size = 2
indent_style = space
insert_final_newline = true
max_line_length = 80
trim_trailing_whitespace = true

[*.{tf,tfvars}]
indent_size = 2
indent_style = space

[*.md]
max_line_length = 0
trim_trailing_whitespace = false

[Makefile]
tab_width = 2
indent_style = tab

[COMMIT_EDITMSG]
max_line_length = 0
2 changes: 2 additions & 0 deletions .github/CODEOWNERS
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
# Add the repository's code owners here
* @pagopa/p4pa-admins @pagopa/payments-cloud-admin
39 changes: 39 additions & 0 deletions .github/PULL_REQUEST_TEMPLATE.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
#### Description
<!--- Please always add a PR description as if nobody knows anything about the context these changes come from. -->
<!--- Even if we are all from our internal team, we may not be on the same page. -->
<!--- Write this PR as you were contributing to a public OSS project, where nobody knows you and you have to earn their trust. -->
<!--- This will improve our projects in the long run! Thanks. -->

#### List of Changes
<!--- Describe your changes in detail -->

#### Motivation and Context
<!--- Why is this change required? What problem does it solve? -->

#### How Has This Been Tested?
<!--- Please describe in detail how you tested your changes. -->
<!--- Include details of your testing environment, tests ran to see how -->
<!--- your change affects other areas of the code, etc. -->
- Pre-Deploy Test
- [ ] Unit
- [ ] Integration (Narrow)
- Post-Deploy Test
- [ ] Isolated Microservice
- [ ] Broader Integration
- [ ] Acceptance
- [ ] Performance & Load

#### Types of changes
<!--- What types of changes does your code introduce? Put an `x` in all the boxes that apply: -->

- [ ] PATCH - Bug fix (backwards compatible bug fixes)
- [ ] MINOR - New feature (add functionality in a backwards compatible manner)
- [ ] MAJOR - Breaking change (fix or feature that would cause existing functionality to not work as expected)
- [ ] CHORE - Minor Change (fix or feature that don't impact the functionality e.g. Documentation or lint configuration)

#### Checklist:
<!--- Go over all the following points, and put an `x` in all the boxes that apply. -->
<!--- If you're unsure about any of these, don't hesitate to ask. We're here to help! -->

- [ ] My change requires a change to the documentation.
- [ ] I have updated the documentation accordingly.
17 changes: 17 additions & 0 deletions .github/terraform/00_data.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
# KV Core
data "azurerm_key_vault" "key_vault_core" {
name = "${var.prefix}-${var.env_short}-${var.location_short}-core-kv"
resource_group_name = "${var.prefix}-${var.env_short}-${var.location_short}-core-sec-rg"
}

# Kv Domain
data "azurerm_key_vault" "key_vault_domain" {
name = "${var.prefix}-${var.env_short}-${var.location_short}-${var.domain}-kv"
resource_group_name = "${var.prefix}-${var.env_short}-${var.location_short}-${var.domain}-sec-rg"
}

# Github
data "github_organization_teams" "all" {
root_teams_only = true
summary_only = true
}
86 changes: 86 additions & 0 deletions .github/terraform/03_github_environment.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,86 @@
#################################
# Repository Environment #
#################################
resource "github_repository_environment" "github_repository_environment" {
environment = var.env
repository = local.github.repository
# filter teams reviewers from github_organization_teams
# if reviewers_teams is null no reviewers will be configured for environment
dynamic "reviewers" {
for_each = (var.github_repository_environment.reviewers_teams == null || var.env_short != "p" ? [] : [1])
content {
teams = matchkeys(
data.github_organization_teams.all.teams.*.id,
data.github_organization_teams.all.teams.*.name,
var.github_repository_environment.reviewers_teams
)
}
}
deployment_branch_policy {
protected_branches = var.github_repository_environment.protected_branches
custom_branch_policies = var.github_repository_environment.custom_branch_policies
}
}


###############
# ENV Secrets #
###############

resource "github_actions_environment_secret" "environment_secrets" {
for_each = local.env_secrets

repository = local.github.repository
environment = var.env
secret_name = each.key
plaintext_value = each.value
}

#################
# ENV Variables #
#################

resource "github_actions_environment_variable" "environment_variables" {
for_each = local.env_variables

repository = local.github.repository
environment = var.env
variable_name = each.key
value = each.value
}

#################################
# Environment Deployment Policy #
#################################

resource "github_repository_environment_deployment_policy" "this" {
repository = local.github.repository
environment = var.env
branch_pattern = local.map_repo[var.env]

depends_on = [
github_repository_environment.github_repository_environment
]
}

##########################################
# Environment Variable of the Repository #
##########################################
resource "github_actions_variable" "repo_env" {
for_each = var.env_short == "p" ? local.repo_env : {}

repository = local.github.repository
variable_name = each.key
value = each.value
}

#############################
# Secrets of the Repository #
#############################
resource "github_actions_secret" "repo_secrets" {
for_each = var.env_short == "p" ? local.repo_secrets : {}

repository = local.github.repository
secret_name = each.key
plaintext_value = each.value
}
36 changes: 36 additions & 0 deletions .github/terraform/99_locals.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
locals {
# Common Tags:
common_tags = {
CreatedBy = "Terraform"
Environment = var.env
Owner = upper(var.prefix)
Source = "" # Repository URL
CostCenter = ""
}

# Repo
github = {
org = "pagopa"
repository = "" # Repository Name
}

env_secrets = {
ENV_SECRET = "data.azurerm_key_vault_secret.CHANGE_ME.value"
}
env_variables = {
ENV_VARIABLE = "ENV_VARIABLE"
}

repo_secrets = var.env_short == "p" ? {
SECRET = "SECRET"
} : {}
repo_env = var.env_short == "p" ? {
ENV_VARIABLE = "ENV_VARIABLE"
} : {}

map_repo = {
"dev" : "*",
"uat" : "uat"
"prod" : "main"
}
}
Loading

0 comments on commit 85feb0c

Please sign in to comment.