diff --git a/.github/workflows/opex_api.yml b/.github/workflows/opex_api.yml
index 187909fe..9ee45646 100644
--- a/.github/workflows/opex_api.yml
+++ b/.github/workflows/opex_api.yml
@@ -1,6 +1,5 @@
name: Opex Dashboard B4f Onboarding
-# Controls when the workflow will run
on:
push:
branches:
@@ -12,10 +11,6 @@ on:
env:
TEMPLATE_DIR: azure-dashboard
- ARM_USE_OIDC: true
- ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID_CD }}
- ARM_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
- ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
API_NAME: api-selfcare-onboarding
DOCKER_IMAGE_TAG: sha256:04d8ead53c772d23b094c2a395292dc159e6f2905e1b13b5f828f31eac6eb27f
@@ -23,19 +18,14 @@ permissions:
id-token: write
contents: read
-# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
build:
- # The type of runner that the job will run on
runs-on: ubuntu-22.04
-
environment: 'prod-cd'
- # Steps represent a sequence of tasks that will be executed as part of the job
steps:
- name: Checkout
id: checkout
- # from https://github.com/actions/checkout/commits/main
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
with:
persist-credentials: false
@@ -48,7 +38,6 @@ jobs:
echo "TERRAFORM_VERSION=`cat .terraform-version`" >> $GITHUB_ENV
- name: Setup Terraform
- # from https://github.com/hashicorp/setup-terraform/commits/main
uses: hashicorp/setup-terraform@69c00852f1304c321337f45a105731218c2d5544
with:
terraform_version: ${{ env.TERRAFORM_VERSION }}
@@ -58,7 +47,7 @@ jobs:
environment: prod
api-name: ${{ env.API_NAME }}
config: .opex/${{ env.API_NAME }}/env/prod/config.yaml
- client-id: ${{ secrets.AZURE_CLIENT_ID_CD }}
- tenant-id: ${{ secrets.AZURE_TENANT_ID }}
- subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+ client-id: ${{ secrets.ARM_CLIENT_ID }}
+ tenant-id: ${{ vars.ARM_TENANT_ID }}
+ subscription-id: ${{ vars.ARM_SUBSCRIPTION_ID }}
docker-version: ${{ env.DOCKER_IMAGE_TAG }}
diff --git a/.github/workflows/opex_api_pnpg.yml b/.github/workflows/opex_api_pnpg.yml
index 82c5e98f..a7eb2d38 100644
--- a/.github/workflows/opex_api_pnpg.yml
+++ b/.github/workflows/opex_api_pnpg.yml
@@ -1,6 +1,5 @@
name: Opex Dashboard B4f Onboarding PNPG
-# Controls when the workflow will run
on:
push:
branches:
@@ -12,10 +11,6 @@ on:
env:
TEMPLATE_DIR: azure-dashboard
- ARM_USE_OIDC: true
- ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID_CD }}
- ARM_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
- ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
API_NAME: api-selfcare-onboarding-pnpg
DOCKER_IMAGE_TAG: sha256:04d8ead53c772d23b094c2a395292dc159e6f2905e1b13b5f828f31eac6eb27f
@@ -23,19 +18,14 @@ permissions:
id-token: write
contents: read
-# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
build:
- # The type of runner that the job will run on
runs-on: ubuntu-22.04
-
environment: 'prod-cd'
- # Steps represent a sequence of tasks that will be executed as part of the job
steps:
- name: Checkout
id: checkout
- # from https://github.com/actions/checkout/commits/main
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
with:
persist-credentials: false
@@ -48,7 +38,6 @@ jobs:
echo "TERRAFORM_VERSION=`cat .terraform-version`" >> $GITHUB_ENV
- name: Setup Terraform
- # from https://github.com/hashicorp/setup-terraform/commits/main
uses: hashicorp/setup-terraform@69c00852f1304c321337f45a105731218c2d5544
with:
terraform_version: ${{ env.TERRAFORM_VERSION }}
@@ -58,7 +47,7 @@ jobs:
environment: prod
api-name: ${{ env.API_NAME }}
config: .opex/${{ env.API_NAME }}/env/prod/config.yaml
- client-id: ${{ secrets.AZURE_CLIENT_ID_CD }}
- tenant-id: ${{ secrets.AZURE_TENANT_ID }}
- subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+ client-id: ${{ secrets.ARM_CLIENT_ID }}
+ tenant-id: ${{ vars.ARM_TENANT_ID }}
+ subscription-id: ${{ vars.ARM_SUBSCRIPTION_ID }}
docker-version: ${{ env.DOCKER_IMAGE_TAG }}
diff --git a/.github/workflows/pr_ms.yml b/.github/workflows/pr_ms.yml
new file mode 100644
index 00000000..af1be6fb
--- /dev/null
+++ b/.github/workflows/pr_ms.yml
@@ -0,0 +1,37 @@
+name: Code Review onboarding-backend
+on:
+ workflow_dispatch:
+
+ pull_request:
+ types:
+ - synchronize
+ - reopened
+ - ready_for_review
+ paths:
+ - '.github/workflows/pr_ms.yml'
+ - '.github/workflows/release_ms.yml'
+ - '.github/workflows/release_ms_pnpg.yml'
+ - '!.devops/**'
+ - '!helm/**'
+ - '!**.md'
+ - '!**ignore'
+ - '!infra/**'
+ - '!.terraform-version'
+ - '!CODEOWNERS'
+
+jobs:
+
+ code_review:
+ uses: pagopa/selfcare-commons/.github/workflows/call_code_review_spring.yml@EC-149-template-git-hub-workflows
+ name: 'Code Review'
+ secrets: inherit
+ if: github.base_ref == 'main' && github.event_name == 'pull_request'
+ with:
+ pr_number: ${{ github.event.pull_request.number }}
+ source_branch: ${{ github.head_ref }}
+ target_branch: ${{ github.base_ref }}
+ sonar_key: 'pagopa_selfcare-onboarding-backend'
+
+ docker_build:
+ uses: pagopa/selfcare-commons/.github/workflows/call_code_review_docker.yml@EC-149-template-git-hub-workflows
+ name: 'Docker'
\ No newline at end of file
diff --git a/.github/workflows/release_ms.yml b/.github/workflows/release_ms.yml
new file mode 100644
index 00000000..206ea052
--- /dev/null
+++ b/.github/workflows/release_ms.yml
@@ -0,0 +1,46 @@
+name: Release ms-onboarding-backend
+
+on:
+ workflow_dispatch:
+
+ push:
+ branches:
+ - main
+ - releases/*
+ paths:
+ - '!.devops/**'
+ - '!helm/**'
+ - '!**.md'
+ - '!**ignore'
+ - '!infra/**'
+ - '!.terraform-version'
+ - '!CODEOWNERS'
+
+jobs:
+
+ release_dev:
+ uses: pagopa/selfcare-commons/.github/workflows/call_release_docker.yml@EC-149-template-git-hub-workflows
+ name: '[Dev] OnboardingBackend ms Release'
+ if: startsWith(github.ref_name, 'releases/') != true
+ secrets: inherit
+ with:
+ environment: dev
+ dir: 'infra'
+
+ release_uat:
+ uses: pagopa/selfcare-commons/.github/workflows/call_release_docker.yml@EC-149-template-git-hub-workflows
+ name: '[UAT] OnboardingBackend ms Release'
+ if: startsWith(github.ref_name, 'releases/')
+ secrets: inherit
+ with:
+ environment: uat
+ dir: 'infra'
+
+ release_prod:
+ uses: pagopa/selfcare-commons/.github/workflows/call_release_docker.yml@EC-149-template-git-hub-workflows
+ name: '[Prod] OnboardingBackend ms Release'
+ if: startsWith(github.ref_name, 'releases/')
+ secrets: inherit
+ with:
+ environment: prod
+ dir: 'infra'
\ No newline at end of file
diff --git a/.github/workflows/release_open_api.yml b/.github/workflows/release_open_api.yml
index ec5a597b..ed98ee78 100644
--- a/.github/workflows/release_open_api.yml
+++ b/.github/workflows/release_open_api.yml
@@ -4,14 +4,13 @@ on:
branches:
- release-dev
types: [ opened, synchronize, reopened ]
- workflow_dispatch: #allow to run github action manually
+ workflow_dispatch:
permissions:
contents: write
jobs:
build:
runs-on: ubuntu-latest
permissions: write-all
- #if: github.event.pull_request.merged == true
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
- name: Set up JDK 17
diff --git a/.gitignore b/.gitignore
index 82f0672b..c6501a05 100644
--- a/.gitignore
+++ b/.gitignore
@@ -40,4 +40,13 @@ build/
### VS Code ###
.vscode/
-.DS_Store
\ No newline at end of file
+.DS_Store
+
+**/.terraform/*
+*.tfstate
+*.tfstate.*
+**/.tfsec/*
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
\ No newline at end of file
diff --git a/.identity/.terraform-version b/.identity/.terraform-version
deleted file mode 100644
index ec70f755..00000000
--- a/.identity/.terraform-version
+++ /dev/null
@@ -1 +0,0 @@
-1.6.6
diff --git a/.identity/.terraform.lock.hcl b/.identity/.terraform.lock.hcl
deleted file mode 100644
index 06e38ff8..00000000
--- a/.identity/.terraform.lock.hcl
+++ /dev/null
@@ -1,64 +0,0 @@
-# This file is maintained automatically by "terraform init".
-# Manual edits may be lost in future updates.
-
-provider "registry.terraform.io/hashicorp/azuread" {
- version = "2.30.0"
- constraints = "2.30.0"
- hashes = [
- "h1:WnSPiREAFwnBUKREokMdHQ8Cjs47MzvS9pG8VS1ktec=",
- "zh:1c3e89cf19118fc07d7b04257251fc9897e722c16e0a0df7b07fcd261f8c12e7",
- "zh:2e62c193030e04ebb10cc0526119cf69824bf2d7e4ea5a2f45bd5d5fb7221d36",
- "zh:2f3c7a35257332d68b778cefc5201a5f044e4914dd03794a4da662ddfe756483",
- "zh:35d0d3a1b58fdb8b8c4462d6b7e7016042da43ea9cc734ce897f52a73407d9b0",
- "zh:47ede0cd0206ec953d40bf4a80aa6e59af64e26cbbd877614ac424533dbb693b",
- "zh:48c190307d4d42ea67c9b8cc544025024753f46cef6ea64db84735e7055a72da",
- "zh:6fff9b2c6a962252a70a15b400147789ab369b35a781e9d21cce3804b04d29af",
- "zh:7646980cf3438bff29c91ffedb74458febbb00a996638751fbd204ab1c628c9b",
- "zh:77aa2fa7ca6d5446afa71d4ff83cb87b70a2f3b72110fc442c339e8e710b2928",
- "zh:e20b2b2c37175b89dd0db058a096544d448032e28e3b56e2db368343533a9684",
- "zh:eab175b1dfe9865ad9404dccb6d5542899f8c435095aa7c679314b811c717ce7",
- "zh:efc862bd78c55d2ff089729e2a34c1831ab4b0644fc11b36ee4ebed00a4797ba",
- ]
-}
-
-provider "registry.terraform.io/hashicorp/azurerm" {
- version = "3.86.0"
- constraints = "<= 3.86.0"
- hashes = [
- "h1:y+kGEfUoR81RNTeJkcohwvFtIyS3c/VxIjwN6cT9lCk=",
- "zh:10473870b663b3becca1127687ed0d002d61f417c279e7daac546d265ff1f3db",
- "zh:1dfe2446d7530cd082f817a8d37ec9fb0260b275085978bd81ba0e8167aa6f7c",
- "zh:31712a4d9727a5970354eb3c26b4d6dc45b5103c6599cb97c2bd3f9915062baf",
- "zh:51dcb102e17e49d675d6865f1ca9eaa8a2aa566ba56a93bb77aab703112d1de5",
- "zh:54d5053cd88ed99e804c7b4d72f91ec1bab5fe8b6769db5c120d60b5e6a653dc",
- "zh:58388274d406a55c84199d1a22b8143b47321b7b508a18ddeed9e824a864cb5d",
- "zh:7b8afa8d62431512197aa5aed4e902b06bce3f8362d6ddf2c841e03c2658f4a7",
- "zh:b7d3c1e8bfdd4e099e174724be41cdbc916868a7ca637bcf8682a57ef3453f7f",
- "zh:ea0cc2751ef9a15b48e42d6ae62f4329c567335e348f57e577ce727d8167c29f",
- "zh:f3a48fdf58a34deae9221923f30112b18ce1ab6cabb46d6c38e1a3234340cfd0",
- "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
- "zh:fbd1d24b6bc67d5c370f2a3934da70ea3b93d612fe83b71e0dae592b48d030ce",
- ]
-}
-
-provider "registry.terraform.io/integrations/github" {
- version = "5.42.0"
- constraints = "5.42.0"
- hashes = [
- "h1:CZUAXhUhMIuIyTPm9VDcvOZgM1Lsl9tuKm5wW9tBEsM=",
- "zh:0f97039c6b70295c4a82347bc8a0bcea700b3fb3df0e0be53585da025584bb7c",
- "zh:12e78898580cc2a72b5f2a77e191b158f88e974b0500489b691f34842288745c",
- "zh:23660933e4f00293c0d4d6cd6b4d72e382c0df46b70cecf22b5c4c090d3b61e3",
- "zh:74119174b46d8d197dd209a246bf8b5db113c66467e02c831e68a8ceea312d3e",
- "zh:829c4c0c202fc646eb0e1759eb9c8f0757df5295be2d3344b8fd6ca8ce9ef33b",
- "zh:92043e667f520aee4e08a10a183ad5abe5487f3e9c8ad5a55ea1358b14b17b1a",
- "zh:998909806b4ff42cf480fcd359ec1f12b868846f89284b991987f55de24876b7",
- "zh:9f758447db3bf386516562abd6da1e54d22ddc207bda25961d2b5b049f32da0f",
- "zh:a6259215612d4d6a281c671b2d5aa3a0a0b0a3ae92ed60b633998bb692e922d3",
- "zh:ad7d78056beb44191911db9443bf5eec41a3d60e7b01def2a9e608d1c4288d27",
- "zh:b697e7b0abef3000e1db482c897b82cd455621b488bb6c4cd3d270763d7b08ac",
- "zh:db8e849eded8aebff780f89ab7e1339053d2f15c1c8f94103d70266a090527ad",
- "zh:e5bdbb85fb148dd75877a7b94b595d4e8680e495c241db02c4b12b91e9d08953",
- "zh:ee812c5fd77d3817fb688f720e5eb42d7ff04db67a125de48b05458c9f657483",
- ]
-}
diff --git a/.identity/00_data.tf b/.identity/00_data.tf
deleted file mode 100644
index ece9bd0a..00000000
--- a/.identity/00_data.tf
+++ /dev/null
@@ -1,14 +0,0 @@
-data "github_organization_teams" "all" {
- root_teams_only = true
- summary_only = true
-}
-
-data "azurerm_key_vault" "key_vault" {
- name = "${local.prefix}-${var.env_short}-kv"
- resource_group_name = "${local.prefix}-${var.env_short}-sec-rg"
-}
-
-data "azurerm_key_vault_secret" "sonar_token" {
- name = "sonar-token"
- key_vault_id = data.azurerm_key_vault.key_vault.id
-}
diff --git a/.identity/03_github_environment.tf b/.identity/03_github_environment.tf
deleted file mode 100644
index 2c155cfe..00000000
--- a/.identity/03_github_environment.tf
+++ /dev/null
@@ -1,107 +0,0 @@
-data "azurerm_resource_group" "dashboards" {
- name = "dashboards"
-}
-
-data "azurerm_resource_group" "identity_rg" {
- name = "${local.project}-identity-rg"
-}
-
-data "azurerm_user_assigned_identity" "identity_ci" {
- name = "${local.project}-ms-github-ci-identity"
- resource_group_name = data.azurerm_resource_group.identity_rg.name
-}
-
-data "azurerm_user_assigned_identity" "identity_cd" {
- name = "${local.project}-ms-github-cd-identity"
- resource_group_name = data.azurerm_resource_group.identity_rg.name
-}
-
-resource "github_repository_environment" "environment_ci" {
- environment = "${var.env}-ci"
- repository = local.github.repository
-}
-
-
-resource "github_repository_environment" "environment_cd" {
- environment = "${var.env}-cd"
- repository = local.github.repository
-
- # filter teams reviewers from github_organization_teams
- # if reviewers_teams is null no reviewers will be configured for environment
- dynamic "reviewers" {
- for_each = (var.github_repository_environment.reviewers_teams == null || var.env_short == "d" ? [] : [1])
- content {
- teams = matchkeys(
- data.github_organization_teams.all.teams.*.id,
- data.github_organization_teams.all.teams.*.name,
- var.github_repository_environment.reviewers_teams
- )
- }
- }
-}
-
-locals {
- env_secrets_ci = {
- "AZURE_CLIENT_ID_CI" : data.azurerm_user_assigned_identity.identity_ci.client_id,
- "AZURE_TENANT_ID" : data.azurerm_client_config.current.tenant_id,
- "AZURE_SUBSCRIPTION_ID" : data.azurerm_subscription.current.subscription_id
- }
- env_secrets_cd = {
- "AZURE_CLIENT_ID_CD" : data.azurerm_user_assigned_identity.identity_cd.client_id,
- "AZURE_TENANT_ID" : data.azurerm_client_config.current.tenant_id,
- "AZURE_SUBSCRIPTION_ID" : data.azurerm_subscription.current.subscription_id
- }
- env_variables = {
-
- }
- repo_secrets = {
- "SONAR_TOKEN" : data.azurerm_key_vault_secret.sonar_token.value,
- "AZURE_CLIENT_ID" : data.azurerm_user_assigned_identity.identity_cd.client_id,
- "AZURE_TENANT_ID" : data.azurerm_client_config.current.tenant_id,
- "AZURE_SUBSCRIPTION_ID" : data.azurerm_subscription.current.subscription_id
- }
-}
-
-###############
-# ENV Secrets #
-###############
-
-resource "github_actions_environment_secret" "github_environment_ci_secrets" {
- for_each = local.env_secrets_ci
- repository = local.github.repository
- environment = github_repository_environment.environment_ci.environment
- secret_name = each.key
- plaintext_value = each.value
-}
-
-resource "github_actions_environment_secret" "github_environment_cd_secrets" {
- for_each = local.env_secrets_cd
- repository = local.github.repository
- environment = github_repository_environment.environment_cd.environment
- secret_name = each.key
- plaintext_value = each.value
-}
-
-#################
-# ENV Variables #
-#################
-
-resource "github_actions_environment_variable" "github_environment_cd_variables" {
- for_each = local.env_variables
- repository = local.github.repository
- environment = github_repository_environment.environment_cd.environment
- variable_name = each.key
- value = each.value
-}
-
-#############################
-# Secrets of the Repository #
-#############################
-
-
-resource "github_actions_secret" "repo_secrets" {
- for_each = local.repo_secrets
- repository = local.github.repository
- secret_name = each.key
- plaintext_value = each.value
-}
diff --git a/.identity/99_main.tf b/.identity/99_main.tf
deleted file mode 100644
index b13f079a..00000000
--- a/.identity/99_main.tf
+++ /dev/null
@@ -1,32 +0,0 @@
-terraform {
- required_version = ">=1.6.0"
-
- required_providers {
- azuread = {
- source = "hashicorp/azuread"
- version = "2.30.0"
- }
- azurerm = {
- source = "hashicorp/azurerm"
- version = "<= 3.86.0"
- }
- github = {
- source = "integrations/github"
- version = "5.42.0"
- }
- }
-
- backend "azurerm" {}
-}
-
-provider "azurerm" {
- features {}
-}
-
-provider "github" {
- owner = "pagopa"
-}
-
-data "azurerm_subscription" "current" {}
-
-data "azurerm_client_config" "current" {}
\ No newline at end of file
diff --git a/.identity/99_outputs.tf b/.identity/99_outputs.tf
deleted file mode 100644
index 468f12d8..00000000
--- a/.identity/99_outputs.tf
+++ /dev/null
@@ -1,7 +0,0 @@
-output "tenant_id" {
- value = data.azurerm_client_config.current.tenant_id
-}
-
-output "subscription_id" {
- value = data.azurerm_subscription.current.subscription_id
-}
diff --git a/.identity/99_variables.tf b/.identity/99_variables.tf
deleted file mode 100644
index 6700d1a3..00000000
--- a/.identity/99_variables.tf
+++ /dev/null
@@ -1,66 +0,0 @@
-locals {
- github = {
- org = "pagopa"
- repository = "selfcare-onboarding-backend"
- }
-
- prefix = "selc"
- domain = "b4f-onboarding"
- location_short = "weu"
- location = "westeurope"
- project = "${var.prefix}-${var.env_short}"
-}
-
-variable "env" {
- type = string
-}
-
-variable "env_short" {
- type = string
-}
-
-variable "domain" {
- type = string
-}
-
-variable "prefix" {
- type = string
- default = "selc"
- validation {
- condition = (
- length(var.prefix) <= 6
- )
- error_message = "Max length is 6 chars."
- }
-}
-
-variable "cd_github_federations" {
- type = list(object({
- repository = string
- credentials_scope = optional(string, "environment")
- subject = string
- }))
- description = "GitHub Organization, repository name and scope permissions"
-}
-
-variable "environment_cd_roles" {
- type = object({
- subscription = list(string)
- resource_groups = map(list(string))
- })
- description = "Continous Delivery roles for managed identity"
-}
-
-variable "github_repository_environment" {
- type = object({
- protected_branches = bool
- custom_branch_policies = bool
- reviewers_teams = list(string)
- })
- description = "GitHub Continuous Integration roles"
- default = {
- protected_branches = false
- custom_branch_policies = true
- reviewers_teams = ["selfcare-contributors"]
- }
-}
diff --git a/.identity/env/prod/backend.ini b/.identity/env/prod/backend.ini
deleted file mode 100644
index dc3318a8..00000000
--- a/.identity/env/prod/backend.ini
+++ /dev/null
@@ -1 +0,0 @@
-subscription=PROD-SelfCare
diff --git a/.identity/env/prod/backend.tfvars b/.identity/env/prod/backend.tfvars
deleted file mode 100644
index 771755f9..00000000
--- a/.identity/env/prod/backend.tfvars
+++ /dev/null
@@ -1,4 +0,0 @@
-resource_group_name = "terraform-state-rg"
-storage_account_name = "tfappprodselfcare"
-container_name = "terraform-state"
-key = "b4f-onboarding.identity.tfstate"
diff --git a/.identity/env/prod/terraform.tfvars b/.identity/env/prod/terraform.tfvars
deleted file mode 100644
index cb447f5d..00000000
--- a/.identity/env/prod/terraform.tfvars
+++ /dev/null
@@ -1,20 +0,0 @@
-prefix = "selc"
-env = "prod"
-env_short = "p"
-domain = "b4f-dashboard"
-
-cd_github_federations = [
- {
- repository = "selfcare-onboarding-backend"
- subject = "prod-cd"
- }
-]
-
-environment_cd_roles = {
- subscription = ["Contributor"]
- resource_groups = {
- "terraform-state-rg" = [
- "Storage Blob Data Contributor"
- ]
- }
-}
diff --git a/.identity/terraform.sh b/.identity/terraform.sh
deleted file mode 100755
index 885fa6ce..00000000
--- a/.identity/terraform.sh
+++ /dev/null
@@ -1,69 +0,0 @@
-#!/bin/bash
-
-set -e
-
-ACTION=$1
-ENV=$2
-shift 2
-other="$@"
-# must be subscription in lower case
-subscription=""
-BACKEND_CONFIG_PATH="./env/${ENV}/backend.tfvars"
-
-if [ -z "$ACTION" ]; then
- echo "[ERROR] Missed ACTION: init, apply, plan"
- exit 0
-fi
-
-if [ -z "$ENV" ]; then
- echo "[ERROR] ENV should be: dev, uat or prod."
- exit 0
-fi
-
-#
-# 🏁 Source & init shell
-#
-
-# shellcheck source=/dev/null
-source "./env/$ENV/backend.ini"
-
-# Subscription set
-az account set -s "${subscription}"
-
-# if using cygwin, we have to transcode the WORKDIR
-if [[ $WORKDIR == /cygdrive/* ]]; then
- WORKDIR=$(cygpath -w $WORKDIR)
-fi
-
-# Helm
-export HELM_DEBUG=1
-export TF_VAR_github_token="${GITHUB_TOKEN}"
-# TODO set your PAT TOKEN as env var
-if [ -z "$GITHUB_TOKEN" ]; then
- echo "Error: Set an environment variable named GITHUB_TOKEN with your GitHub PAT Token"
- exit 1
-fi
-
-#
-# 🌎 Terraform
-#
-if echo "init plan apply refresh import output state taint destroy" | grep -w "$ACTION" > /dev/null; then
- if [ "$ACTION" = "init" ]; then
- echo "[INFO] init tf on ENV: ${ENV}"
- terraform "$ACTION" -backend-config="${BACKEND_CONFIG_PATH}" $other
- elif [ "$ACTION" = "output" ] || [ "$ACTION" = "state" ] || [ "$ACTION" = "taint" ]; then
- # init terraform backend
- terraform init -reconfigure -backend-config="${BACKEND_CONFIG_PATH}"
- terraform "$ACTION" $other
- else
- # init terraform backend
- echo "[INFO] init tf on ENV: ${ENV}"
- terraform init -reconfigure -backend-config="${BACKEND_CONFIG_PATH}"
-
- echo "[INFO] run tf with: ${ACTION} on ENV: ${ENV} and other: >${other}<"
- terraform "${ACTION}" -var-file="./env/${ENV}/terraform.tfvars" -compact-warnings $other
- fi
-else
- echo "[ERROR] ACTION not allowed."
- exit 1
-fi
\ No newline at end of file
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
new file mode 100644
index 00000000..e991df9b
--- /dev/null
+++ b/.pre-commit-config.yaml
@@ -0,0 +1,10 @@
+repos:
+ - repo: https://github.com/antonbabenko/pre-commit-terraform
+ rev: v1.86.0
+ hooks:
+ - id: terraform_fmt
+ - id: terraform_docs
+ - id: terraform_validate
+ args:
+ - --args=-json
+ - --args=-no-color
\ No newline at end of file
diff --git a/.terraform-version b/.terraform-version
new file mode 100644
index 00000000..83d1a5eb
--- /dev/null
+++ b/.terraform-version
@@ -0,0 +1 @@
+1.6.6
\ No newline at end of file
diff --git a/Dockerfile.new b/Dockerfile.new
new file mode 100644
index 00000000..13dc1062
--- /dev/null
+++ b/Dockerfile.new
@@ -0,0 +1,20 @@
+FROM maven:3-eclipse-temurin-17 AS builder
+
+COPY . .
+
+RUN mvn clean package -DskipTests=true
+
+FROM openjdk:17-jdk AS runtime
+
+ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en'
+
+WORKDIR /app
+
+COPY --from=builder ./target/*.jar ./app.jar
+
+ADD https://github.com/microsoft/ApplicationInsights-Java/releases/download/3.1.1/applicationinsights-agent-3.1.1.jar /applicationinsights-agent.jar
+
+EXPOSE 8080
+USER 1001
+
+ENTRYPOINT ["java", "-jar", "app.jar"]
\ No newline at end of file
diff --git a/Dockerfile.new.dockerignore b/Dockerfile.new.dockerignore
new file mode 100644
index 00000000..427b8ce4
--- /dev/null
+++ b/Dockerfile.new.dockerignore
@@ -0,0 +1,117 @@
+**/.dockerignore
+**/.git
+**/bin
+**/docker-compose*
+**/Dockerfile*
+**/node_modules
+**/npm-debug.log
+**/obj
+**/secrets.dev.yaml
+**/values.dev.yaml
+LICENSE
+README.md
+
+**/.idea
+.idea
+**/.mvn
+.mvn
+
+**/target
+
+# Created by .ignore support plugin (hsz.mobi)
+### Maven template
+target/
+pom.xml.tag
+pom.xml.releaseBackup
+pom.xml.versionsBackup
+pom.xml.next
+release.properties
+dependency-reduced-pom.xml
+buildNumber.properties
+.mvn/timing.properties
+.mvn/wrapper/maven-wrapper.jar
+### Java template
+# Compiled class file
+*.class
+
+# Log file
+*.log
+
+# BlueJ files
+*.ctxt
+
+# Mobile Tools for Java (J2ME)
+.mtj.tmp/
+
+# Package Files #
+*.jar
+*.war
+*.nar
+*.ear
+*.zip
+*.tar.gz
+*.rar
+
+# virtual machine crash logs, see http://www.java.com/en/download/help/error_hotspot.xml
+hs_err_pid*
+### JetBrains template
+# Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio and WebStorm
+# Reference: https://intellij-support.jetbrains.com/hc/en-us/articles/206544839
+
+# User-specific stuff
+.idea/**/workspace.xml
+.idea/**/tasks.xml
+.idea/**/usage.statistics.xml
+.idea/**/dictionaries
+.idea/**/shelf
+
+# Sensitive or high-churn files
+.idea/**/dataSources/
+.idea/**/dataSources.ids
+.idea/**/dataSources.local.xml
+.idea/**/sqlDataSources.xml
+.idea/**/dynamic.xml
+.idea/**/uiDesigner.xml
+.idea/**/dbnavigator.xml
+
+# Gradle
+.idea/**/gradle.xml
+.idea/**/libraries
+
+# Gradle and Maven with auto-import
+# When using Gradle or Maven with auto-import, you should exclude module files,
+# since they will be recreated, and may cause churn. Uncomment if using
+# auto-import.
+# .idea/modules.xml
+# .idea/*.iml
+# .idea/modules
+
+# CMake
+cmake-build-*/
+
+# Mongo Explorer plugin
+.idea/**/mongoSettings.xml
+
+# File-based project format
+*.iws
+
+# IntelliJ
+out/
+
+# mpeltonen/sbt-idea plugin
+.idea_modules/
+
+# JIRA plugin
+atlassian-ide-plugin.xml
+
+# Cursive Clojure plugin
+.idea/replstate.xml
+
+# Crashlytics plugin (for Android Studio and IntelliJ)
+com_crashlytics_export_strings.xml
+crashlytics.properties
+crashlytics-build.properties
+fabric.properties
+
+# Editor-based Rest Client
+.idea/httpRequests
\ No newline at end of file
diff --git a/infra/repository/.terraform.lock.hcl b/infra/repository/.terraform.lock.hcl
new file mode 100644
index 00000000..30e3c99f
--- /dev/null
+++ b/infra/repository/.terraform.lock.hcl
@@ -0,0 +1,50 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/azurerm" {
+ version = "3.91.0"
+ constraints = ">= 3.90.0"
+ hashes = [
+ "h1:8hMFuaTQsZIV69D0J/W+6hSlhRRDzYSpC0Eg9yWYF0o=",
+ "h1:FEDNnFv/uKI2+FQ+nDoyswEI3trJ3d7Fx2Cy7Ff4Rq8=",
+ "h1:Iv9CR+7491iozaK2AkCSAK2u4a2rPyJDQpyHijClj6Y=",
+ "h1:t0I5G4canK6UdlgHGfMV4rUNBPGdrMiIB01VGizlXB8=",
+ "zh:13928b71b1235783f3f877a799e28fb91e50512b051eb8ccb370500fc140cf3f",
+ "zh:3264341657e9ff3963d69b0fa088f64665349e2a29b2f3aeb4deee6d9d7584b7",
+ "zh:467a2ddd2eee26353db65e949bfbe533481ca0fb53c152724380b63a308f11b9",
+ "zh:6133e57087167b163180df3a77fab0c63b3e11609d139d39db8d3be3d6ec7ccd",
+ "zh:6df24730bc9247647ffb44832c3c64e45ab731dd83a3592d33d28235a453235a",
+ "zh:775aae148223a4a86e2dd25533a95a5fea4817085b6c5e643a7192453270cd68",
+ "zh:89d51148c7c123685d3e2f7e291888a3af009656e5c0ad66235a7c686ecb19d2",
+ "zh:9c89552051226eeb7c0fc66ad5aa57d1d0f5acc1d56afad06b6596707ae6c85e",
+ "zh:c4f3bc269837fa3b6ad803de2c7d1125dd791d78a521dcad2e7a63b905a13a53",
+ "zh:e48f05de1ffdcc998c5ff915570fb0557c7ac1d3af971dd76aff82e66d45bf06",
+ "zh:f1945716c7b9c23c25ca9fb4a68f27b6cfa25f5d235112c31f9412eba47f93c6",
+ "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
+ ]
+}
+
+provider "registry.terraform.io/integrations/github" {
+ version = "5.45.0"
+ constraints = "5.45.0"
+ hashes = [
+ "h1:6nxolUZ963kZ3squxzUbO1F+WPXKUxtpuiVsVtbaY7U=",
+ "h1:cP5uEN9jpePr+/Kc7OyAZMhysbDhQoLGpLqgQpLFewg=",
+ "h1:mX5tPDK7RNmtEjSoaI47oimBJBnujcAI7REnhpGqZhg=",
+ "h1:sP/Er9osOsz4vhKZAul+GeV0c5XdvMblJBMiP+T5tWc=",
+ "zh:2afb8ee5b847071e51d5a39bcad5cf466c4d22452450d37c44a5f9d2eb9879e5",
+ "zh:38d087b88c86ddd63b60d14d613f86a5885d154048098c0484266a9a69018b16",
+ "zh:3e6a787e3e40f1535d85f8dc5f2e8c90242ab8237feebd027f696fa154261394",
+ "zh:55dac5a813b3774b48ca45b8a797c32e6d787d4f282b43b622155cad3daac46a",
+ "zh:563f2782f3c4c584b249c5fa0628951a57b4593f3c5805a4efb6d494f8686716",
+ "zh:677180ec9376d5f926286592998e2864c85f06d6b416c1d89031d817a285c72e",
+ "zh:80eec141fa47131e8f60a6478e51b3a5920efe803444e684f9605fca09a24e34",
+ "zh:8b9f1e1f4b42b51e53767f4f927eabdcefe55fb0369e996ac2a0063148b5e48d",
+ "zh:95627f75848561830f8c20949f024f902a2100a022c68aa8d84320f43e75cc46",
+ "zh:95ac41b99dfca3ce556092e036bb04dc03367d0779071112e59d4bf11259a89d",
+ "zh:9e966482729ba8214b480bdd786aff9a15234e9c093c5406b56ce89ccb07dcab",
+ "zh:b7a9d563613f1b9a233f8f285848cc9d8c08c556aad7ea57cd63e0abb19b10cf",
+ "zh:ce56bb7ca876f47f5beee01de3ab84d27964b972c9adceb8e2f7824891e05c27",
+ "zh:f73e063ad5b84f1943eafb8a52a26dd805d06ac11d6c951175ac76c07187f553",
+ ]
+}
diff --git a/infra/repository/README.md b/infra/repository/README.md
new file mode 100644
index 00000000..b9c2ba0d
--- /dev/null
+++ b/infra/repository/README.md
@@ -0,0 +1,43 @@
+# Repository Settings
+
+Define settings of this GitHub repository.
+
+## How to use
+
+Make sure your PAT has access to this repository. Then, follow these steps:
+
+- set the subscription: `az account set --subscription "PROD-SelfCare"`
+- run `terraform init -backend-config="backend.tfvars"`
+- run `terraform plan`
+- run `terraform apply`
+
+
+
+## Requirements
+
+| Name | Version |
+|------|---------|
+| [terraform](#requirement\_terraform) | >= 1.6.0 |
+
+## Providers
+
+No providers.
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| [repository](#module\_repository) | github.com/pagopa/selfcare-commons//infra/terraform-modules/github_repository_settings | main |
+
+## Resources
+
+No resources.
+
+## Inputs
+
+No inputs.
+
+## Outputs
+
+No outputs.
+
\ No newline at end of file
diff --git a/infra/repository/backend.tfvars b/infra/repository/backend.tfvars
new file mode 100644
index 00000000..c8c0e191
--- /dev/null
+++ b/infra/repository/backend.tfvars
@@ -0,0 +1,4 @@
+resource_group_name = "terraform-state-rg"
+storage_account_name = "tfinfprodselfcare"
+container_name = "terraform-state"
+key = "selfcare-onboarding-backend.repository.tfstate"
\ No newline at end of file
diff --git a/infra/repository/main.tf b/infra/repository/main.tf
new file mode 100644
index 00000000..7408e0d2
--- /dev/null
+++ b/infra/repository/main.tf
@@ -0,0 +1,17 @@
+terraform {
+ required_version = ">= 1.6.0"
+
+ backend "azurerm" {}
+}
+
+provider "azurerm" {
+ features {}
+}
+
+module "repository" {
+ source = "github.com/pagopa/selfcare-commons//infra/terraform-modules/github_repository_settings?ref=main"
+
+ github = {
+ repository = "selfcare-onboarding-backend"
+ }
+}
\ No newline at end of file
diff --git a/pom.xml b/pom.xml
index 201a5088..5573324a 100644
--- a/pom.xml
+++ b/pom.xml
@@ -23,6 +23,7 @@
2.5.1
+ https://sonarcloud.io/