feat(infrastructure): create new yt01 app environment

[arealmaas]

Description

Dependent on #1290

Related Issue(s)

• Etablere YT-miljø #1258

Verification

• Your code builds clean without any errors or warnings
• Manual testing done (required)
• Relevant automated test added (if you find this hard, leave it and we'll help out)

Documentation

• Documentation is updated (either in docs-directory, Altinnpedia or a separate linked PR in altinn-studio-docs., if applicable)

Summary by CodeRabbit

• New Features

  • Introduced new Bicep parameter files for various applications, allowing for dynamic configuration based on environment variables.
  • Added a deploy-apps job to the CI/CD workflow for streamlined application deployment to the yt01 environment.
  • Updated workflow dispatch options to include yt01 as a selectable environment.

• Bug Fixes

  • Streamlined CI/CD configuration by removing commented-out sections for clarity.

• Documentation

  • Enhanced parameter definitions for better clarity in deployment configurations.

[coderabbitai]

📝 Walkthrough

📝 Walkthrough

Walkthrough

This pull request introduces several new Bicep parameter files for the yt01 environment, each defining parameters essential for deployment configurations. The parameters include environment-specific settings such as environment, location, and various Azure service configurations that are sourced from environment variables. Additionally, the CI/CD workflow has been updated to include a new job for deploying applications to the yt01 environment, reflecting changes in dependencies and streamlining the configuration.

Changes

File Path	Change Summary
.azure/applications/graphql/yt01.bicepparam	Added parameters for Bicep deployment including environment, location, apimIp, and several others sourced from env vars.
.azure/applications/sync-subject-resource-mappings-job/yt01.bicepparam	Introduced parameters for deployment configuration including environment, location, imageTag, and others.
.azure/applications/web-api-eu/yt01.bicepparam	Added parameters for deployment configuration similar to previous files, including apimIp and others.
.azure/applications/web-api-migration-job/yt01.bicepparam	Introduced parameters focusing on environment settings and secrets management.
.azure/applications/web-api-so/yt01.bicepparam	Added parameters for Azure application deployment, including apimIp and others.
.github/workflows/ci-cd-yt01.yml	Updated CI/CD workflow to add deploy-apps job and modified dependencies for existing jobs.
.github/workflows/dispatch-apps.yml	Modified workflow to include yt01 as an option in the workflow_dispatch trigger.

Possibly related issues

• Etablere YT-miljø #1258: This issue discusses establishing a new environment for application/infrastructure (yt01), which aligns with the creation of new Bicep parameter files and workflow entries in this PR.

Possibly related PRs

• ci: ensure unique revisions for deployments #1211: Directly introduces the REVISION_SUFFIX environment variable, which is utilized in the main PR's new parameter revisionSuffix.
• feat(service): deploy application in container apps #1303: Adds a revisionSuffix parameter to the Bicep file for deploying applications in container apps, directly relating to the revisionSuffix parameter added in this PR.
• feat(service): add permissions for service-bus #1305: Introduces a new parameter serviceBusNamespaceName in the Bicep file, expanding configuration options for Azure services, similar to the parameters added in this PR.

Suggested reviewers

• oskogstad
• MagnusSandgren
• knuhau

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 2

🧹 Outside diff range and nitpick comments (16)

.azure/applications/web-api-migration-job/yt01.bicepparam (3)

3-4: LGTM: Environment and location parameters are correctly defined.

The environment name 'yt01' aligns with the PR objective. 'norwayeast' is a valid Azure region, which is appropriate if the deployment is intended for Norway.

Consider adding a brief comment explaining why 'norwayeast' was chosen as the location, to provide context for future maintainers.

---

5-5: LGTM: Image tag parameter is correctly defined using an environment variable.

Using an environment variable for the image tag is a good practice for CI/CD pipelines, allowing for dynamic setting of the image version during deployment.

Consider adding error handling for cases where the 'IMAGE_TAG' environment variable is not set. You could use a default value or throw a clear error message. For example:

param imageTag = readEnvironmentVariable('IMAGE_TAG', 'latest')

This sets 'latest' as a default if 'IMAGE_TAG' is not defined.

---

7-9: LGTM: Secret parameters are correctly defined using environment variables.

Using environment variables for sensitive information like environment names and key vault names is a good security practice. The parameters are correctly labeled as secrets in the comment.

For consistency and enhanced security, consider the following improvements:

1. Use the @secure() decorator for these parameters to ensure they're treated as sensitive throughout the deployment process:

@secure()
param containerAppEnvironmentName = readEnvironmentVariable('AZURE_CONTAINER_APP_ENVIRONMENT_NAME')

@secure()
param environmentKeyVaultName = readEnvironmentVariable('AZURE_ENVIRONMENT_KEY_VAULT_NAME')

2. Add error handling similar to the imageTag parameter to ensure these critical values are always set:

@secure()
param containerAppEnvironmentName = readEnvironmentVariable('AZURE_CONTAINER_APP_ENVIRONMENT_NAME', '')

@secure()
param environmentKeyVaultName = readEnvironmentVariable('AZURE_ENVIRONMENT_KEY_VAULT_NAME', '')

// Add validation
@description('Validation to ensure required parameters are not empty')
resource validator 'Microsoft.Resources/deployments@2021-04-01' = {
  name: 'validator'
  properties: {
    mode: 'Incremental'
    template: {
      '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#'
      contentVersion: '1.0.0.0'
      resources: []
      outputs: {
        result: {
          type: 'String'
          value: 'Validation passed'
        }
      }
    }
  }
}

output validationResult string = empty(containerAppEnvironmentName) || empty(environmentKeyVaultName) ? 'Validation failed: Required parameters are missing' : validator.properties.outputs.result

This addition ensures that the deployment will fail if these critical parameters are not set, providing clear error messages.

.azure/applications/sync-subject-resource-mappings-job/yt01.bicepparam (3)

3-4: LGTM: Environment and location parameters are correctly defined.

The environment parameter 'yt01' matches the file name and PR objective. 'norwayeast' is a valid Azure region.

Consider adding a brief comment explaining the choice of 'norwayeast' for better clarity:

param location = 'norwayeast' // Primary Azure region for this environment

---

5-6: LGTM: Image tag and job schedule parameters are well-defined.

The use of an environment variable for imageTag provides flexibility. The job schedule is correctly set to run every 5 minutes.

Consider adding a default value for the imageTag parameter to handle cases where the environment variable might not be set:

param imageTag = readEnvironmentVariable('IMAGE_TAG', 'latest')

This ensures that if the IMAGE_TAG environment variable is not set, it will default to 'latest'.

---

9-11: Good use of environment variables for sensitive information.

Using environment variables for the container app environment, key vault, and app insights connection string is a good security practice.

Consider adding error handling for cases where the environment variables are not set. You can use the ?? operator in Bicep to provide a clear error message:

param containerAppEnvironmentName = readEnvironmentVariable('AZURE_CONTAINER_APP_ENVIRONMENT_NAME') ?? throw('AZURE_CONTAINER_APP_ENVIRONMENT_NAME is not set')
param environmentKeyVaultName = readEnvironmentVariable('AZURE_ENVIRONMENT_KEY_VAULT_NAME') ?? throw('AZURE_ENVIRONMENT_KEY_VAULT_NAME is not set')
param appInsightConnectionString = readEnvironmentVariable('AZURE_APP_INSIGHTS_CONNECTION_STRING') ?? throw('AZURE_APP_INSIGHTS_CONNECTION_STRING is not set')

This will provide clearer error messages if any of these critical environment variables are missing.

.azure/applications/graphql/yt01.bicepparam (2)

3-5: Consider using a more flexible approach for APIM IP

The environment and location parameters look good. However, for better maintainability, consider using an environment variable or a centralized configuration for the APIM IP address. This would make it easier to update across different environments if needed.

You could modify the APIM IP parameter like this:

param apimIp = readEnvironmentVariable('AZURE_APIM_IP', '51.13.85.197')

This way, you can easily override the IP address using an environment variable if needed, while still providing a default value.

---

9-13: LGTM: Good security practices with minor suggestions

Using environment variables for sensitive information is a good security practice. Here are a few minor suggestions:

1. Consider adding more descriptive comments for each secret parameter.
2. You might want to add a clear separation between regular parameters and secret parameters for better readability.

Here's an example of how you could improve the structure:

// Regular parameters
param environment = 'yt01'
param location = 'norwayeast'
param apimIp = readEnvironmentVariable('AZURE_APIM_IP', '51.13.85.197')
param imageTag = readEnvironmentVariable('IMAGE_TAG')
param revisionSuffix = readEnvironmentVariable('REVISION_SUFFIX')

// Secure parameters
@secure()
param environmentKeyVaultName = readEnvironmentVariable('AZURE_ENVIRONMENT_KEY_VAULT_NAME')
@secure()
param containerAppEnvironmentName = readEnvironmentVariable('AZURE_CONTAINER_APP_ENVIRONMENT_NAME')
@secure()
param appInsightConnectionString = readEnvironmentVariable('AZURE_APP_INSIGHTS_CONNECTION_STRING')
@secure()
param appConfigurationName = readEnvironmentVariable('AZURE_APP_CONFIGURATION_NAME')

This structure clearly separates regular and secure parameters, and uses the @secure() decorator to ensure these parameters are treated as sensitive.

.azure/applications/web-api-eu/yt01.bicepparam (2)

1-5: LGTM for import and environment parameters. Consider parameterizing apimIp.

The import of the main Bicep file and the environment-specific parameters look good. The environment name 'yt01' matches the file name, which is good for consistency.

However, consider parameterizing the apimIp value. Hardcoding IP addresses can lead to maintenance issues if they need to change in the future.

You could consider using an environment variable for apimIp, similar to other parameters:

param apimIp = readEnvironmentVariable('AZURE_APIM_IP')

This would make it easier to update the IP address if needed, without changing the Bicep file.

---

9-13: LGTM for secret parameters. Minor suggestion for consistency.

Using environment variables for sensitive information is a good security practice. All necessary Azure resources are properly parameterized.

For consistency, consider prefixing all Azure-related environment variables with 'AZURE_'. The 'IMAGE_TAG' and 'REVISION_SUFFIX' variables could be renamed to 'AZURE_IMAGE_TAG' and 'AZURE_REVISION_SUFFIX' respectively.

This change would make all environment variable names consistent:

param imageTag = readEnvironmentVariable('AZURE_IMAGE_TAG')
param revisionSuffix = readEnvironmentVariable('AZURE_REVISION_SUFFIX')

.azure/applications/web-api-so/yt01.bicepparam (3)

3-5: Consider making APIM IP configurable.

The environment and location parameters look good and align with the PR objectives. However, the hardcoded APIM IP might limit flexibility across different environments.

Consider making the APIM IP configurable by using an environment variable:

-param apimIp = '51.13.85.197'
+param apimIp = readEnvironmentVariable('AZURE_APIM_IP')

This change would allow for easier management of different APIM IPs across environments.

---

6-7: LGTM: Good use of environment variables. Consider adding default values.

The use of environment variables for imageTag and revisionSuffix is a good practice, allowing for flexibility in deployments.

For improved robustness, consider adding default values in case the environment variables are not set:

-param imageTag = readEnvironmentVariable('IMAGE_TAG')
-param revisionSuffix = readEnvironmentVariable('REVISION_SUFFIX')
+param imageTag = readEnvironmentVariable('IMAGE_TAG', 'latest')
+param revisionSuffix = readEnvironmentVariable('REVISION_SUFFIX', '')

This change ensures that the deployment won't fail if these environment variables are accidentally not set.

---

9-13: LGTM: Good security practices. Consider improvements for robustness and clarity.

The use of environment variables for sensitive parameters is a good security practice. The naming convention is consistent and clear.

Consider the following improvements:

1. Add default values to prevent deployment failures if environment variables are not set:

-param environmentKeyVaultName = readEnvironmentVariable('AZURE_ENVIRONMENT_KEY_VAULT_NAME')
-param containerAppEnvironmentName = readEnvironmentVariable('AZURE_CONTAINER_APP_ENVIRONMENT_NAME')
-param appInsightConnectionString = readEnvironmentVariable('AZURE_APP_INSIGHTS_CONNECTION_STRING')
-param appConfigurationName = readEnvironmentVariable('AZURE_APP_CONFIGURATION_NAME')
+param environmentKeyVaultName = readEnvironmentVariable('AZURE_ENVIRONMENT_KEY_VAULT_NAME', '')
+param containerAppEnvironmentName = readEnvironmentVariable('AZURE_CONTAINER_APP_ENVIRONMENT_NAME', '')
+param appInsightConnectionString = readEnvironmentVariable('AZURE_APP_INSIGHTS_CONNECTION_STRING', '')
+param appConfigurationName = readEnvironmentVariable('AZURE_APP_CONFIGURATION_NAME', '')

2. Improve the comment for better clarity:

-// secrets
+// Azure resource configuration (sensitive information)

These changes will enhance the robustness of the deployment and improve code documentation.

.github/workflows/dispatch-apps.yml (1)

Line range hint 1-71: Robust implementation, consider updating documentation.

The current workflow implementation is flexible and can accommodate the new 'yt01' environment without requiring additional changes. The use of reusable workflows and dynamic input passing allows for easy integration of new environments.

To maintain clarity:

Consider updating any relevant documentation (e.g., README files, deployment guides) to mention the new 'yt01' environment option for completeness.

.github/workflows/ci-cd-yt01.yml (2)

51-72: LGTM! Consider addressing the TODO comment.

The new deploy-apps job is well-structured and integrates nicely with the existing workflow. It has appropriate dependencies and conditions for execution.

Consider addressing the TODO comment on line 62-63:

# todo: consider resolving these in another way since they are created in the infra-step

This might involve creating a separate job to fetch these values from the infrastructure deployment output or using GitHub Actions outputs to pass these values between jobs.

---

74-88: LGTM! Consider addressing the TODO comment.

The new deploy-slack-notifier job is well-structured and integrates appropriately with the existing workflow. It has proper dependencies and conditions for execution.

Consider addressing the TODO comment on line 83-84:

# todo: resolve this automatically, or use tags

This might involve using GitHub Actions outputs from the infrastructure deployment job to pass the function app name, or implementing a tagging system for resources to allow automatic discovery.

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL

📥 Commits

Files that changed from the base of the PR and between 1ae4f41 and e8141f0.

📒 Files selected for processing (7)

• .azure/applications/graphql/yt01.bicepparam (1 hunks)
• .azure/applications/sync-subject-resource-mappings-job/yt01.bicepparam (1 hunks)
• .azure/applications/web-api-eu/yt01.bicepparam (1 hunks)
• .azure/applications/web-api-migration-job/yt01.bicepparam (1 hunks)
• .azure/applications/web-api-so/yt01.bicepparam (1 hunks)
• .github/workflows/ci-cd-yt01.yml (1 hunks)
• .github/workflows/dispatch-apps.yml (1 hunks)

🧰 Additional context used

📓 Learnings (1)

.github/workflows/dispatch-apps.yml (1)

Learnt from: arealmaas
PR: digdir/dialogporten#1290
File: .github/workflows/dispatch-infrastructure.yml:13-13
Timestamp: 2024-10-14T13:53:04.880Z
Learning: In the workflow `.github/workflows/dispatch-infrastructure.yml`, the `environment` input is generic and used to select the correct GitHub secrets and `bicepparams`. Adding a new environment option like 'yt01' is sufficient without needing additional deployment steps or configurations.

🔇 Additional comments (11)

.azure/applications/web-api-migration-job/yt01.bicepparam (1)

1-1: LGTM: Correct usage of the using statement.

The using statement correctly references the main Bicep file. This separation of environment-specific parameters from the main template is a good practice for maintainability and reusability.

.azure/applications/sync-subject-resource-mappings-job/yt01.bicepparam (2)

1-1: LGTM: Import statement is correct.

The import statement correctly references the main Bicep file using a relative path.

---

1-11: Overall, excellent implementation of the yt01 environment parameters.

This Bicep parameter file successfully defines all necessary configurations for the yt01 environment, aligning well with the PR objective of creating a new yt01 app environment. The use of environment variables for sensitive information and the clear structure of the file demonstrate good practices in Infrastructure as Code.

A few minor suggestions were made to enhance clarity and error handling, but these are not critical issues. The file is well-prepared for the deployment of the sync-subject-resource-mappings-job in the yt01 environment.

To ensure consistency across the repository, let's verify if similar parameter files exist for other environments:

This will help confirm that the structure is consistent across environments and that the referenced main.bicep file exists.

✅ Verification successful

Verification Successful: Consistent Parameter Files Across Environments

All .bicepparam files are consistently structured across different environments, and the main.bicep file is present in the sync-subject-resource-mappings-job directory. This confirms that the implementation aligns with repository standards and the PR objectives.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check for similar Bicep parameter files in other environments

# Test: List all .bicepparam files in the applications directory
fd -e bicepparam . .azure/applications

# Test: Check if the main.bicep file exists in the same directory
fd main.bicep .azure/applications/sync-subject-resource-mappings-job

Length of output: 1260

.azure/applications/graphql/yt01.bicepparam (2)

1-1: LGTM: Correct file import

The main Bicep file is properly imported using the correct syntax.

---

6-7: LGTM: Good use of environment variables

The use of environment variables for imageTag and revisionSuffix is a good practice. It allows for dynamic configuration and flexibility in deployments.

.azure/applications/web-api-eu/yt01.bicepparam (1)

6-7: LGTM for deployment-specific parameters.

Using environment variables for imageTag and revisionSuffix is a good practice. This allows for dynamic values to be passed during deployment, which is ideal for CI/CD pipelines.

.azure/applications/web-api-so/yt01.bicepparam (2)

1-1: LGTM: Correct reference to the main Bicep file.

The file correctly references the main Bicep file using a relative path. This follows best practices for modularizing Bicep templates.

---

1-13: Overall, the file is well-structured and aligns with PR objectives.

This new Bicep parameter file for the yt01 environment is well-organized and follows good practices. It successfully defines the necessary parameters for deploying the new application environment, which aligns with the PR objectives.

Key points:

1. Proper use of environment variables for sensitive information.
2. Consistent naming conventions.
3. Clear separation of environment-specific and dynamic parameters.

The suggested improvements (configurable APIM IP, default values for environment variables, and improved comments) will further enhance the file's robustness and maintainability.

.github/workflows/dispatch-apps.yml (1)

13-13: LGTM: New environment option added correctly.

The addition of the 'yt01' environment option to the workflow dispatch inputs is correct and aligns with the PR objectives to establish a new "yt01" app environment. This change is consistent with the retrieved learning, which indicates that adding a new environment option is sufficient without needing additional deployment steps or configurations.

To ensure this change doesn't require updates elsewhere in the workflow, let's verify the usage of the environment input:

✅ Verification successful

Verification Successful: 'yt01' Environment Option Properly Configured.

The addition of the 'yt01' environment option is correctly implemented. There are no other hardcoded environment names in the workflow, and the inputs.environment is used consistently throughout the file.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check for any hardcoded environment names that might need updating

# Test: Search for hardcoded environment names in the workflow file
rg --type yaml '(test|staging|prod|yt01)' .github/workflows/dispatch-apps.yml

# Test: Check if the environment input is used consistently
rg --type yaml '\$\{\{ *inputs\.environment *\}\}' .github/workflows/dispatch-apps.yml

Length of output: 440

.github/workflows/ci-cd-yt01.yml (2)

90-105: LGTM! The updates to the run-e2e-tests job are appropriate.

The changes to this job, including the updated dependency on deploy-apps and the more robust conditional execution, are well-implemented and consistent with the overall workflow changes.

---

107-121: LGTM! The updates to the send-slack-message-on-failure job are appropriate.

The changes to this job, including the updated dependencies and input parameters, are well-implemented and consistent with the overall workflow changes. The job now correctly includes the status of all relevant jobs in the Slack message.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

[coderabbitai]

Actionable comments posted: 0

🧹 Outside diff range and nitpick comments (2)

.github/workflows/ci-cd-yt01.yml (2)

62-68: Consider improving secret management

The TODO comment suggests that some secrets are created in the infra step. Consider using dynamic secret retrieval or output passing between jobs to avoid hardcoding these values.

You could explore using job outputs from the deploy-infra job to pass these values dynamically, or implement a secret retrieval mechanism using Azure Key Vault in the workflow-deploy-apps.yml file.

---

84-85: Consider automating function app name resolution

The TODO comment suggests manual resolution of the function app name. Consider using Azure resource naming conventions and generating the name dynamically based on the environment.

You could implement a naming convention like func-slacknotifier-${environment} and generate it within the workflow, eliminating the need for a separate secret.

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL

📥 Commits

Files that changed from the base of the PR and between e8141f0 and 728b5df.

📒 Files selected for processing (2)

• .github/workflows/ci-cd-yt01.yml (1 hunks)
• .github/workflows/dispatch-apps.yml (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• .github/workflows/dispatch-apps.yml

🧰 Additional context used

🔇 Additional comments (5)

.github/workflows/ci-cd-yt01.yml (5)

51-73: LGTM: Well-structured deploy-apps job

The new deploy-apps job is well-structured with appropriate dependencies, conditions, and use of a separate workflow for deployment. This modular approach enhances maintainability and reusability.

---

75-89: LGTM: Improved deploy-slack-notifier job

The deploy-slack-notifier job has been improved with appropriate dependency on the check-for-changes job and conditional execution. This ensures the job runs only when necessary, improving efficiency.

---

91-106: LGTM: Well-structured run-e2e-tests job

The run-e2e-tests job has been improved with appropriate dependencies on deploy-apps and check-for-changes jobs. The conditional execution ensures tests run only when necessary, and the use of a separate workflow enhances modularity.

---

108-122: LGTM: Improved send-slack-message-on-failure job

The send-slack-message-on-failure job has been updated to include the new deploy-apps job in its dependencies. This ensures comprehensive failure reporting across all critical jobs in the workflow.

---

Line range hint 1-122: Overall: Well-structured and improved CI/CD workflow for YT01

The changes to this workflow file significantly improve the CI/CD process for the YT01 environment. The addition of the deploy-apps job and updates to existing jobs enhance modularity, efficiency, and reliability. The workflow now better handles dependencies between jobs and conditionally executes tasks based on changes or manual triggers.

Some minor improvements could be made in secret management and resource naming, as noted in previous comments. However, these are relatively minor concerns in an otherwise well-structured workflow.