Merge pull request #866 from pagopa/ops/SELC-6005/infra-scaffold

[SELC-6005] Azure DevOps pipelines migrated into GitHub Actions
pagopa · Dec 18, 2024 · 852e9fb · 852e9fb
2 parents f9853f8 + 46f72e7
commit 852e9fb
Show file tree

Hide file tree

Showing 15 changed files with 366 additions and 6 deletions.
diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md
@@ -11,12 +11,6 @@
 
 <!--- Why is this change required? What problem does it solve? -->
 
-#### How Has This Been Tested?
-
-<!--- Please describe in detail how you tested your changes. -->
-<!--- Include details of your testing environment, tests ran to see how -->
-<!--- your change affects other areas of the code, etc. -->
-
 #### Screenshots (if appropriate):
 
 <!--- Attach screenshots in case changes impact UI. -->

diff --git a/.github/workflows/code_review.yaml b/.github/workflows/code_review.yaml
@@ -0,0 +1,47 @@
+name: Code Review
+
+on:
+  workflow_dispatch:
+  pull_request:
+    types: [opened, synchronize]
+    paths:
+      - "*"
+      - "!infra/*"
+      - "!.github/*"
+
+env:
+  DANGER_GITHUB_API_TOKEN: ${{ secrets.DANGER_GITHUB_API_TOKEN }}
+
+jobs:
+  code_review:
+    runs-on: ubuntu-22.04
+
+    steps:
+      - name: Check-out code
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+
+      - name: Setup Node.js
+        uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3
+        with:
+          node-version-file: ".node-version"
+          cache: "yarn"
+
+      - name: Install dependencies
+        run: yarn install --immutable
+
+      - name: Build
+        run: yarn build
+
+      - name: Lint
+        run: yarn lint
+
+      # Check where find DANGER_GITHUB_API_TOKEN secret
+      - name: Danger CI
+        if: ${{ env.DANGER_GITHUB_API_TOKEN != '' }}
+        run: yarn danger ci
+        shell: bash
+        env:
+          DANGER_GITHUB_API_TOKEN: ${{ env.DANGER_GITHUB_API_TOKEN }}
+
+      - name: Unit tests exec
+        run: yarn test:coverage --watchAll=false
diff --git a/.github/workflows/create_release_branch.yml b/.github/workflows/create_release_branch.yml
@@ -0,0 +1,42 @@
+name: Create Release branch
+
+on:
+  workflow_dispatch:
+    inputs:
+      version-bump:
+        required: false
+        type: choice
+        options:
+          - major
+          - minor
+          - patch
+        default: patch
+        description: 'Major, Minor, or Patch version bump'
+
+jobs:
+  create_branch:
+    name: 'Create Release Branch'
+    runs-on: ubuntu-20.04
+    permissions:
+      contents: write
+      actions: write
+    env:
+      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+    steps:
+
+      - name: Create Release Branch
+        id: create_branch
+        uses: pagopa/selfcare-commons/github-actions-template/create-release@main
+        with:
+          version_bump: ${{ inputs.version-bump }}
+          github_path_token: ${{ secrets.GH_PAT_VARIABLES }}
+
+      - name: Trigger release and Deploy on CDN
+        run: |
+          gh workflow run deploy_cdn.yml \
+            --ref ${{ steps.create_branch.outputs.new_branch_name }}
+      - name: Trigger release and Deploy on CDN PNPG
+        run: |
+          gh workflow run deploy_cdn_pnpg.yml \
+            --ref ${{ steps.create_branch.outputs.new_branch_name }}
diff --git a/.github/workflows/deploy_cdn.yml b/.github/workflows/deploy_cdn.yml
@@ -0,0 +1,51 @@
+name: Deploy CDN
+
+on:
+  push:
+    branches:
+      - main
+      - releases/*
+    paths:
+      - "!.github/**"
+      - "!.devops/**"
+      - "!infra/**"
+      - "!.pre-commit-config.yaml"
+      - "!.terraform-version"
+      - "!CODEOWNERS"
+
+  workflow_dispatch:
+    inputs:
+      env:
+        type: choice
+        description: Environment
+        options: 
+        - dev
+        - uat
+        - prod
+
+
+jobs:
+  release_and_deploy:
+    uses: pagopa/selfcare-commons/.github/workflows/call_release_cdn.yml@main
+    name: "Release [${{ inputs.env != null && inputs.env || (startsWith(github.ref_name, 'releases/') && 'uat') || 'dev' }}]"
+    secrets: inherit
+    with:
+      environment: ${{ inputs.env != null && inputs.env || (startsWith(github.ref_name, 'releases/') && 'uat') || 'dev' }}
+      file_environment: ${{ format('fe_{0}.env', (inputs.env != null && inputs.env || (startsWith(github.ref_name, 'releases/') && 'uat') || 'dev')) }}
+      storage_account_name: "checkoutsa"
+      profile_name: checkout-cdn-profile
+      endpoint_name: checkout-cdn-endpoint
+      resource_group_name: checkout-fe-rg
+      blob_container_name: "$web"
+      base_path: dashboard
+
+  promote_release:
+    name: 'Promote prerelase release'
+    if: ${{ inputs.env == 'prod' }}
+    runs-on: ubuntu-20.04
+    needs: [release_and_deploy]
+    steps:
+      - uses: pagopa/selfcare-commons/github-actions-template/promote-release@main
+        with:
+          github_path_token: ${{ secrets.GH_PAT_VARIABLES }}
+          release_version: ${{ vars.CURRENT_UAT_VERSION }}
diff --git a/.github/workflows/deploy_cdn_pnpg.yml b/.github/workflows/deploy_cdn_pnpg.yml
@@ -0,0 +1,39 @@
+name: Deploy CDN PNPG
+
+on:
+  push:
+    branches:
+      - main
+      - releases/*
+    paths:
+      - "!.github/**"
+      - "!.devops/**"
+      - "!infra/**"
+      - "!.pre-commit-config.yaml"
+      - "!.terraform-version"
+      - "!CODEOWNERS"
+
+  workflow_dispatch:
+    inputs:
+      env:
+        type: choice
+        description: Environment
+        options: 
+        - dev
+        - uat
+        - prod
+
+jobs:
+  release_and_deploy:
+    uses: pagopa/selfcare-commons/.github/workflows/call_release_cdn.yml@main
+    name: "Release [${{ inputs.env != null && inputs.env || (startsWith(github.ref_name, 'releases/') && 'uat') || 'dev' }}]"
+    secrets: inherit
+    with:
+      environment: ${{ inputs.env != null && inputs.env || (startsWith(github.ref_name, 'releases/') && 'uat') || 'dev' }}
+      file_environment: ${{ format('fe_{0}_pnpg.env', (inputs.env != null && inputs.env || (startsWith(github.ref_name, 'releases/') && 'uat') || 'dev')) }}
+      storage_account_name: "weupnpgcheckoutsa"
+      profile_name: weu-pnpg-checkout-cdn-profile
+      endpoint_name: weu-pnpg-checkout-cdn-endpoint
+      resource_group_name: weu-pnpg-checkout-fe-rg
+      blob_container_name: "$web"
+      base_path: dashboard
diff --git a/.gitignore b/.gitignore
@@ -56,3 +56,7 @@ yarn-error.log
 !.release-it.js
 .idea
 .vscode
+
+
+# Local .terraform directories
+**/.terraform/*
diff --git a/.node-version b/.node-version
@@ -0,0 +1 @@
+20.18.1
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -0,0 +1,16 @@
+repos:
+  - repo: /~https://github.com/antonbabenko/pre-commit-terraform
+    rev: v1.83.0
+    hooks:
+      - id: terraform_fmt
+      - id: terraform_docs
+      - id: terraform_tfsec
+        files: ^infra/
+        args:
+          - --args=--exclude-downloaded-modules
+      - id: terraform_validate
+        exclude: '(\/_?modules\/.*)'
+        args:
+          - --init-args=-lockfile=readonly
+          - --args=-json
+          - --args=-no-color
diff --git a/.terraform-version b/.terraform-version
@@ -0,0 +1 @@
+1.7.5
diff --git a/infra/repository/.terraform.lock.hcl b/infra/repository/.terraform.lock.hcl
diff --git a/infra/repository/README.md b/infra/repository/README.md
@@ -0,0 +1,39 @@
+# Repository Settings
+
+Define settings of this GitHub repository.
+
+## How to use
+
+Make sure your PAT has access to this repository. Then, follow these steps:
+
+- set the subscription: `az account set --subscription "PROD-SelfCare"`
+- run `terraform init`
+- run `terraform plan`
+- run `terraform apply`
+
+<!-- markdownlint-disable -->
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.6.0 |
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_repository"></a> [repository](#module\_repository) | github.com/pagopa/selfcare-commons//infra/terraform-modules/github_repository_settings | main |
+
+## Resources
+
+No resources.
+
+## Inputs
+
+No inputs.
+
+## Outputs
+
+No outputs.
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/infra/repository/github_repository.tf b/infra/repository/github_repository.tf
@@ -0,0 +1,44 @@
+resource "github_repository" "this" {
+  name        = "selfcare-dashboard-frontend"
+  description = ""
+
+  #tfsec:ignore:github-repositories-private
+  visibility = "public"
+
+  allow_auto_merge            = false
+  allow_rebase_merge          = true
+  allow_merge_commit          = true
+  allow_squash_merge          = true
+  squash_merge_commit_title   = "COMMIT_OR_PR_TITLE"
+  squash_merge_commit_message = "COMMIT_MESSAGES"
+
+  delete_branch_on_merge = true
+
+  has_projects    = true
+  has_wiki        = true
+  has_discussions = false
+  has_issues      = true
+  has_downloads   = true
+
+  topics = []
+
+  vulnerability_alerts = true
+
+  security_and_analysis {
+    secret_scanning {
+      status = "enabled"
+    }
+
+    secret_scanning_push_protection {
+      status = "enabled"
+    }
+  }
+}
+
+module "repository" {
+  source = "github.com/pagopa/selfcare-commons//infra/terraform-modules/github_repository_settings?ref=main"
+
+  github = {
+    repository = "selfcare-dashboard-frontend"
+  }
+}
diff --git a/infra/repository/locals.tf b/infra/repository/locals.tf
@@ -0,0 +1,3 @@
+locals {
+  prefix = "selc"
+}