project initialization

.github/workflows/01_add_patch_label.yml

@@ -0,0 +1,60 @@
+name: Add PATCH default label
+
+# Controls when the workflow will run
+on:
+  # Triggers the workflow on push or pull request events but only for the main branch
+  pull_request_target:
+    branches:
+      - main
+    types: [ opened, reopened ]
+
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
+
+# A workflow run is made up of one or more jobs that can run sequentially or in parallel
+jobs:
+  add_patch_label:
+    runs-on: ubuntu-latest
+    name: Add default label
+    steps:
+      - name: Check user labels
+        id: check_user_labels
+        uses: actions/[email protected]
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+            var addPatch = "true";
+            // retrieve label list
+            let labels = await github.rest.issues.listLabelsOnIssue({
+                issue_number: context.issue.number,
+                owner: context.repo.owner,
+                repo: context.repo.repo
+            });
+            
+            // verify if user have already added IGNORE-FOR-RELEASE, then skip add PATCH
+            // note: GitHub labels are added in .identity/03_github_environment.tf as github_issue_label resource
+            if (labels.data.find(label => label.name === 'ignore-for-release')){
+              addPatch = "false";
+            }
+            return addPatch;
+          result-encoding: string
+
+      - name: Add PATCH label
+        if: ${{ steps.check_user_labels.outputs.result == 'true' }}
+        uses: pagopa/github-actions-template/default-label@main
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          label: 'patch'
+
+      - name: Add comment
+        if: ${{ steps.check_user_labels.outputs.result == 'true' }}
+        uses: actions/[email protected]
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+            github.rest.issues.createComment({
+                issue_number: context.issue.number,
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                body: 'The default action is to increase the `PATCH` number of `SEMVER`. Set `IGNORE-FOR-RELEASE` if you want to skip `SEMVER` bump. `BREAKING-CHANGE` and `NEW-RELEASE` must be run from GH Actions section manually.'
+              });

.github/workflows/01_assignee.yml

@@ -0,0 +1,26 @@
+name: Auto Assign
+
+# Controls when the workflow will run
+on:
+  # Triggers the workflow on push or pull request events but only for the main branch
+  pull_request_target:
+    branches:
+      - main
+    types: [ opened, reopened ]
+
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
+
+# A workflow run is made up of one or more jobs that can run sequentially or in parallel
+jobs:
+  build:
+    # The type of runner that the job will run on
+    runs-on: ubuntu-latest
+
+    # Steps represent a sequence of tasks that will be executed as part of the job
+    steps:
+      - name: Assign Me
+        # You may pin to the exact commit or the version.
+        uses: kentaro-m/[email protected]
+        with:
+          configuration-path: '.github/auto_assign.yml'

.github/workflows/02_check_pr.yml

@@ -0,0 +1,113 @@
+name: Check PR
+
+# Controls when the workflow will run
+on:
+  pull_request:
+    branches:
+      - main
+    types: [ opened, synchronize, labeled, unlabeled, reopened, edited ]
+
+
+permissions:
+  pull-requests: write
+
+
+# A workflow run is made up of one or more jobs that can run sequentially or in parallel
+jobs:
+
+  check_labels:
+    name: Check Required Labels
+    # The type of runner that the job will run on
+    runs-on: ubuntu-latest
+
+    # Steps represent a sequence of tasks that will be executed as part of the job
+    steps:
+      - name: Verify PR Labels
+        if: ${{ !contains(github.event.pull_request.labels.*.name, 'patch') && !contains(github.event.pull_request.labels.*.name, 'ignore-for-release') }}
+        uses: actions/[email protected]
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+            var comments = await github.rest.issues.listComments({
+                issue_number: context.issue.number,
+                owner: context.repo.owner,
+                repo: context.repo.repo
+            });
+            for (const comment of comments.data) {
+              if (comment.body.includes('This pull request does not contain a valid label')){
+                github.rest.issues.deleteComment({
+                  issue_number: context.issue.number,
+                  owner: context.repo.owner,
+                  repo: context.repo.repo,
+                  comment_id: comment.id
+                })
+              }
+            }
+            github.rest.issues.createComment({
+              issue_number: context.issue.number,
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              body: 'This pull request does not contain a valid label. Please add one of the following labels: `[patch, ignore-for-release]`'
+            })
+            core.setFailed('Missing required labels')
+
+
+  check_format:
+    name: Check Format
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+      - name: Formatting
+        id: format
+        continue-on-error: true
+        uses: axel-op/googlejavaformat-action@v3
+        with:
+          args: "--set-exit-if-changed"
+
+      - uses: actions/[email protected]
+        if: steps.format.outcome != 'success'
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+            console.log(context);
+            var comments = await github.rest.issues.listComments({
+                issue_number: context.issue.number,
+                owner: context.repo.owner,
+                repo: context.repo.repo
+            });
+            for (const comment of comments.data) {
+              console.log(comment);
+              if (comment.body.includes('Comment this PR with')){
+                github.rest.issues.deleteComment({
+                  issue_number: context.issue.number,
+                  owner: context.repo.owner,
+                  repo: context.repo.repo,
+                  comment_id: comment.id
+                })
+              }
+            }
+            github.rest.issues.createComment({
+                issue_number: context.issue.number,
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                body: 'Comment this PR with *update_code* to format the code. Consider to use pre-commit to format the code.'
+            })
+            core.setFailed('Format your code.')
+
+
+  check_size:
+    runs-on: ubuntu-latest
+    name: Check Size
+    steps:
+
+      - name: Dump GitHub context
+        run: echo $JSON
+        env:
+          JSON: ${{ toJSON(github) }}
+
+      - name: Check PR Size
+        uses: pagopa/github-actions-template/check-pr-size@main
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          ignored_files: 'openapi.json'

.github/workflows/03_code_review.yml

@@ -0,0 +1,44 @@
+name: Code Review
+
+# Controls when the workflow will run
+on:
+  pull_request:
+    branches:
+      - main
+    types:
+      - opened
+      - synchronize
+      - reopened
+  push:
+    branches:
+      - main
+
+
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
+
+env:
+  PROJECT_KEY: pagopa_pagopa-wisp-converter
+
+
+permissions:
+  id-token: write
+  contents: read
+
+# A workflow run is made up of one or more jobs that can run sequentially or in parallel
+jobs:
+  code-review:
+    name: Code Review
+    # The type of runner that the job will run on
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Code Review
+        uses: pagopa/github-actions-template/[email protected]
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          sonar_token: ${{ secrets.SONAR_TOKEN }}
+          project_key: ${{env.PROJECT_KEY}}
+          coverage_exclusions: "**/config/**,**/*Mock*,**/model/**,**/entity/*,**/util/*"
+          cpd_exclusions: "**/model/**,**/entity/*"
+          java_version: 17

.github/workflows/release_deploy.yml → .github/workflows/04_release_deploy.yml

@@ -32,7 +32,6 @@ on:
         description: deploy beta version on AKS
         default: false
 
-
 permissions:
   packages: write
   contents: write
@@ -41,6 +40,7 @@ permissions:
   actions: read
 
 
+
 # A workflow run is made up of one or more jobs that can run sequentially or in parallel
 jobs:
   setup:
@@ -89,7 +89,6 @@ jobs:
         name: Set Output
         run: echo "environment=${{env.ENVIRNOMENT}}" >> $GITHUB_OUTPUT
 
-
   release:
     name: Create a New Release
     runs-on: ubuntu-latest
@@ -99,7 +98,7 @@ jobs:
     steps:
       - name: Make Release
         id: release
-        uses: pagopa/github-actions-template/maven-release@v1.6.8
+        uses: pagopa/github-actions-template/maven-release@v1.5.4
         with:
           semver: ${{ needs.setup.outputs.semver }}
           github_token: ${{ secrets.BOT_TOKEN_GITHUB }}
@@ -123,27 +122,7 @@ jobs:
     name: Deploy on AKS
     needs: [ setup, release, image ]
     if: ${{ always() && !contains(needs.*.result, 'failure') && !contains(needs.*.result, 'cancelled') }}
-    uses: ./.github/workflows/deploy_with_github_runner.yml
+    uses: ./.github/workflows/04h_deploy_with_github_runner.yml
     with:
       environment: ${{ needs.setup.outputs.environment }}
     secrets: inherit
-
-
-  notify:
-    needs: [ setup, release, deploy_aks ]
-    runs-on: ubuntu-latest
-    name: Notify
-    if: always()
-    steps:
-      - name: Report Status
-        if: ${{ needs.setup.outputs.environment == 'prod' }}
-        uses: ravsamhq/notify-slack-action@v2
-        with:
-          status: ${{ needs.deploy_aks.result }}
-          token: ${{ secrets.GITHUB_TOKEN }}
-          notification_title: 'New Release on Production ${{ needs.release.outputs.version }} has {status_message}'
-          message_format: '{emoji} <{run_url}|{workflow}> {status_message} in <{repo_url}|{repo}>'
-          footer: 'Linked to <{workflow_url}| workflow file>'
-          icon_success: ':white_check_mark:'
-        env:
-          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}

.github/workflows/deploy_with_github_runner.yml → .github/workflows/04h_deploy_with_github_runner.yml

@@ -9,7 +9,8 @@ on:
         type: string
 
 env:
-  APP_NAME: # TODO
+  NAMESPACE: nodo
+  APP_NAME: pagopawispconverter
 
 
 permissions:
@@ -30,7 +31,7 @@ jobs:
         # from https://github.com/pagopa/eng-github-actions-iac-template/tree/main/azure/github-self-hosted-runner-azure-create-action
         uses: pagopa/eng-github-actions-iac-template/azure/github-self-hosted-runner-azure-create-action@main
         with:
-          client_id: ${{ secrets.CLIENT_ID }}
+          client_id: ${{ secrets.CD_CLIENT_ID }}
           tenant_id: ${{ secrets.TENANT_ID }}
           subscription_id: ${{ secrets.SUBSCRIPTION_ID }}
           container_app_environment_name: ${{ vars.CONTAINER_APP_ENVIRONMENT_NAME }}
@@ -47,7 +48,7 @@ jobs:
         uses: pagopa/github-actions-template/aks-deploy@main
         with:
           branch: ${{ github.ref_name }}
-          client_id: ${{ secrets.CLIENT_ID }}
+          client_id: ${{ secrets.CD_CLIENT_ID }}
           subscription_id: ${{ secrets.SUBSCRIPTION_ID }}
           tenant_id: ${{ secrets.TENANT_ID }}
           env: ${{ inputs.environment }}
@@ -56,6 +57,7 @@ jobs:
           resource_group: ${{ vars.CLUSTER_RESOURCE_GROUP }}
           app_name: ${{ env.APP_NAME }}
           helm_upgrade_options: "--debug"
+          timeout: "10m0s"
 
   cleanup_runner:
     name: Cleanup Runner
@@ -69,50 +71,9 @@ jobs:
         # from https://github.com/pagopa/eng-github-actions-iac-template/tree/main/azure/github-self-hosted-runner-azure-cleanup-action
         uses: pagopa/eng-github-actions-iac-template/azure/github-self-hosted-runner-azure-cleanup-action@0ee2f58fd46d10ac7f00bce4304b98db3dbdbe9a
         with:
-          client_id: ${{ secrets.CLIENT_ID }}
+          client_id: ${{ secrets.CD_CLIENT_ID }}
           tenant_id: ${{ secrets.TENANT_ID }}
           subscription_id: ${{ secrets.SUBSCRIPTION_ID }}
           resource_group_name: ${{ vars.CONTAINER_APP_ENVIRONMENT_RESOURCE_GROUP_NAME }}
           runner_name: ${{ needs.create_runner.outputs.runner_name }}
           pat_token: ${{ secrets.BOT_TOKEN_GITHUB }}
-
-  update_openapi:
-    needs: [ deploy ]
-    runs-on: ubuntu-latest
-    name: Update OpenAPI
-    environment: ${{ inputs.environment }}
-    steps:
-      - name: Checkout
-        id: checkout
-        # from https://github.com/actions/checkout/commits/main
-        uses: actions/checkout@1f9a0c22da41e6ebfa534300ef656657ea2c6707
-        with:
-          persist-credentials: false
-
-      - name: Setup Terraform
-        # from https://github.com/hashicorp/setup-terraform/commits/main
-        uses: hashicorp/setup-terraform@8feba2b913ea459066180f9cb177f58a881cf146
-        with:
-          terraform_version: "1.3.6"
-
-      - name: Login
-        id: login
-        # from https://github.com/Azure/login/commits/master
-        uses: azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2
-        with:
-          client-id: ${{ secrets.CLIENT_ID }}
-          tenant-id: ${{ secrets.TENANT_ID }}
-          subscription-id: ${{ secrets.SUBSCRIPTION_ID }}
-
-
-      - name: Terraform Apply
-        shell: bash
-        run: |
-          cd ./infra
-          export ARM_CLIENT_ID="${{ secrets.CLIENT_ID }}"
-          export ARM_SUBSCRIPTION_ID=$(az account show --query id --output tsv)
-          export ARM_TENANT_ID=$(az account show --query tenantId --output tsv)
-          export ARM_USE_OIDC=true
-          export ARM_ACCESS_KEY=$(az storage account keys list --resource-group io-infra-rg --account-name pagopainfraterraform${{inputs.environment}} --query '[0].value' -o tsv)
-          bash ./terraform.sh init weu-${{ inputs.environment }}
-          bash ./terraform.sh apply weu-${{ inputs.environment }} -auto-approve