Continuous Delivery on prod citizen-auth

Continuous Delivery on prod citizen-auth #99

Workflow file for this run

.github/workflows/prod_cd_citizen-auth.yml at 32e84e3

	name: Continuous Delivery on prod citizen-auth

	on:
	workflow_dispatch:
	push:
	branches:
	- main
	paths:
	- "src/domains/citizen-auth**"
	- ".github/workflows/prod**citizen-auth.yml"

	permissions:
	id-token: write
	contents: read

	env:
	DIR: "src/domains/citizen-auth"
	AZURE_ENVIRONMENT: prod

	jobs:

	terraform_preapply_job:
	name: Terraform Pre Apply
	runs-on: self-hosted
	environment: prod-ci
	env:
	ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID_CI }}
	ARM_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
	ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
	ARM_USE_OIDC: true
	ARM_USE_AZUREAD: true
	ARM_STORAGE_USE_AZUREAD: true

	steps:

	- name: Checkout
	id: checkout
	# from https://github.com/actions/checkout/commits/main
	uses: actions/checkout@1f9a0c22da41e6ebfa534300ef656657ea2c6707
	with:
	persist-credentials: false
	fetch-depth: 0

	- name: Azure Login
	id: az_login
	uses: azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2
	with:
	client-id: ${{ secrets.AZURE_CLIENT_ID_CI }}
	tenant-id: ${{ secrets.AZURE_TENANT_ID }}
	subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}

	# - name: Set Terraform Version
	# id: env_tf_version
	# run: \|
	# echo "terraform_version=$(cat .terraform-version)" >> $GITHUB_OUTPUT

	- uses: hashicorp/setup-terraform@a1502cd9e758c50496cc9ac5308c4843bcd56d36
	id: terraform_setup
	name: Setup Terraform
	continue-on-error: true
	with:
	terraform_version: $(cat .terraform-version)
	terraform_wrapper: true

	# - uses: hashicorp/setup-terraform@a1502cd9e758c50496cc9ac5308c4843bcd56d36
	# id: terraform_setup_2
	# name: Setup Terraform
	# continue-on-error: true
	# with:
	# terraform_version: cat .terraform-version
	# terraform_wrapper: true

	- name: Terraform pre apply common
	shell: bash
	working-directory: ${{ env.DIR }}-common
	env:
	azure_environment: prod
	run: \|
	terraform -version
	bash ./terraform.sh plan ${{ env.azure_environment }} -lock-timeout=3000s -out=tfplan-${{ env.azure_environment }}-${{ github.sha }} -input=false

	# - name: Terraform pre apply common
	# # from https://github.com/pagopa/terraform-preapply-azure-action/commits/main
	# uses: pagopa/terraform-preapply-azure-action@54ded8cda3437c3f6a9f46baf69cb321ce82f5cd
	# with:
	# client_id: ${{ secrets.AZURE_CLIENT_ID_CI }}
	# tenant_id: ${{ secrets.AZURE_TENANT_ID }}
	# subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
	# dir: ${{ env.DIR }}-common
	# azure_environment: prod

	# - name: Terraform pre apply weu-beta
	# # from https://github.com/pagopa/terraform-preapply-azure-action/commits/main
	# uses: pagopa/terraform-preapply-azure-action@54ded8cda3437c3f6a9f46baf69cb321ce82f5cd
	# with:
	# client_id: ${{ secrets.AZURE_CLIENT_ID_CI }}
	# tenant_id: ${{ secrets.AZURE_TENANT_ID }}
	# subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
	# dir: ${{ env.DIR }}-app
	# azure_environment: weu-beta

	# - name: Terraform pre apply weu-prod01
	# # from https://github.com/pagopa/terraform-preapply-azure-action/commits/main
	# uses: pagopa/terraform-preapply-azure-action@54ded8cda3437c3f6a9f46baf69cb321ce82f5cd
	# with:
	# client_id: ${{ secrets.AZURE_CLIENT_ID_CI }}
	# tenant_id: ${{ secrets.AZURE_TENANT_ID }}
	# subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
	# dir: ${{ env.DIR }}-app
	# azure_environment: weu-prod01

	- uses: actions/upload-artifact@c7d193f32edcb7bfad88892161225aeda64e9392
	with:
	name: tfplan-output
	if-no-files-found: error
	path: \|
	*/tfplan-prod-
	*/tfplan-weu-beta-
	*/tfplan-weu-prod01-

	terraform_apply_job:
	name: Terraform Apply
	runs-on: self-hosted
	environment: prod-cd
	needs: [terraform_preapply_job]
	env:
	ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID_CD }}
	ARM_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
	ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
	ARM_USE_OIDC: true
	ARM_USE_AZUREAD: true
	ARM_STORAGE_USE_AZUREAD: true

	steps:

	- name: Checkout
	id: checkout
	# from https://github.com/actions/checkout/commits/main
	uses: actions/checkout@1f9a0c22da41e6ebfa534300ef656657ea2c6707
	with:
	persist-credentials: false
	fetch-depth: 0

	- uses: actions/download-artifact@f44cd7b40bfd40b6aa1cc1b9b5b7bf03d3c67110
	with:
	name: tfplan-output

	- name: Azure Login
	id: az_login
	uses: azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2
	with:
	client-id: ${{ secrets.AZURE_CLIENT_ID_CD }}
	tenant-id: ${{ secrets.AZURE_TENANT_ID }}
	subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}

	- name: Set Terraform Version
	id: env_tf_version
	run: \|
	echo "terraform_version=$(cat .terraform-version)" >> $GITHUB_OUTPUT

	- uses: hashicorp/setup-terraform@a1502cd9e758c50496cc9ac5308c4843bcd56d36
	id: terraform_setup
	name: Setup Terraform
	with:
	terraform_version: ${{ steps.env_tf_version.outputs.terraform_version}}
	terraform_wrapper: true

	- name: Terraform Init common
	id: terraform_init_common
	working-directory: ${{ env.DIR }}-common
	shell: bash
	run: \|
	bash ./terraform.sh init prod

	- name: Terraform apply common
	shell: bash
	working-directory: ${{ env.DIR }}-common
	env:
	azure_environment: prod
	run: \|
	terraform apply -lock-timeout=3000s -auto-approve -input=false tfplan-${{ env.azure_environment }}-${{ github.sha }}
	rm -rf tfplan-${{ env.azure_environment }}-${{ github.sha }}

	# with:
	# client_id: ${{ secrets.AZURE_CLIENT_ID_CD }}
	# tenant_id: ${{ secrets.AZURE_TENANT_ID }}
	# subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
	# dir: ${{ env.DIR }}-common
	# azure_environment: prod

	# - name: Terraform Init weu-beta
	# id: terraform_init_weu-beta
	# working-directory: ${{ env.DIR }}-app
	# shell: bash
	# run: \|
	# bash ./terraform.sh init weu-beta

	# - name: Terraform apply weu-beta
	# # from https://github.com/pagopa/terraform-apply-azure-action/commits/main
	# uses: pagopa/terraform-apply-azure-action@87efc4aa9b093b99ae5fd1915977e29cd80861ab
	# with:
	# client_id: ${{ secrets.AZURE_CLIENT_ID_CD }}
	# tenant_id: ${{ secrets.AZURE_TENANT_ID }}
	# subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
	# dir: ${{ env.DIR }}-app
	# azure_environment: weu-beta

	# - name: Terraform Init weu-prod01
	# id: terraform_init_weu-prod01
	# working-directory: ${{ env.DIR }}-app
	# shell: bash
	# run: \|
	# bash ./terraform.sh init weu-prod01

	# - name: Terraform apply weu-prod01
	# # from https://github.com/pagopa/terraform-apply-azure-action/commits/main
	# uses: pagopa/terraform-apply-azure-action@87efc4aa9b093b99ae5fd1915977e29cd80861ab
	# with:
	# client_id: ${{ secrets.AZURE_CLIENT_ID_CD }}
	# tenant_id: ${{ secrets.AZURE_TENANT_ID }}
	# subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
	# dir: ${{ env.DIR }}-app
	# azure_environment: weu-prod01

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Continuous Delivery on prod citizen-auth #99

Workflow file

Continuous Delivery on prod citizen-auth #99

Jobs

Run details

Workflow file for this run