Merge pull request #18 from pagopa/chart

Chart

.github/workflows/deploy_with_github_runner.yml

@@ -7,10 +7,6 @@ on:
         required: true
         description: The name of the environment where to deploy
         type: string
-      target:
-        required: true
-        description: The environment target of the job
-        type: string
 
 env:
   NAMESPACE: apiconfig
@@ -27,7 +23,6 @@ jobs:
     runs-on: ubuntu-22.04
     environment:
       name: ${{ inputs.environment }}
-    if: ${{ inputs.target == inputs.environment || inputs.target == 'all' }}
     outputs:
       runner_name: ${{ steps.create_github_runner.outputs.runner_name }}
     steps:
@@ -42,12 +37,10 @@ jobs:
           container_app_environment_name: ${{ vars.CONTAINER_APP_ENVIRONMENT_NAME }}
           resource_group_name: ${{ vars.CONTAINER_APP_ENVIRONMENT_RESOURCE_GROUP_NAME }} # RG of the runner
           pat_token: ${{ secrets.BOT_TOKEN_GITHUB }}
-          self_hosted_runner_image_tag: "v1.4.1"
 
   deploy:
     needs: [ create_runner ]
     runs-on: [ self-hosted, "${{ needs.create_runner.outputs.runner_name }}" ]
-    if: ${{ inputs.target == inputs.environment || inputs.target == 'all' }}
     name: Deploy on AKS
     environment: ${{ inputs.environment }}
     steps:
@@ -68,7 +61,7 @@ jobs:
   cleanup_runner:
     name: Cleanup Runner
     needs: [ create_runner, deploy ]
-    if: ${{ success() || failure() && inputs.target == inputs.environment || inputs.target == 'all' }}
+    if: ${{ success() || failure() }}
     runs-on: ubuntu-22.04
     environment: ${{ inputs.environment }}
     steps:

.github/workflows/release_deploy.yml

@@ -16,17 +16,22 @@ on:
           - dev
           - uat
           - prod
-          - all
+      version:
+        required: false
+        type: choice
+        description: Select the version
+        options:
+          - ''
+          - skip
+          - promote
+          - new_release
+          - breaking_change
+
       beta:
         required: false
         type: boolean
         description: deploy beta version on AKS
         default: false
-      skip_release:
-        required: false
-        type: boolean
-        description: skip the release. Only deploy
-        default: false
 
 
 permissions:
@@ -55,19 +60,20 @@ jobs:
       # Set Semvar
       - run: echo "SEMVER=patch" >> $GITHUB_ENV
 
-      - if: ${{ (github.event.pull_request.merged && contains(github.event.pull_request.labels.*.name, 'breaking-change ')) }}
+      - if: ${{ (github.event.pull_request.merged && contains(github.event.pull_request.labels.*.name, 'breaking-change')) }}
         run: echo "SEMVER=major" >> $GITHUB_ENV
 
-      - if: ${{ inputs.environment == 'uat' }}
+      # force semver if dev, !=main or skip release
+      - if: ${{ inputs.version == 'new_release' }}
         run: echo "SEMVER=minor" >> $GITHUB_ENV
 
-      - if: ${{ inputs.environment == 'prod' }}
-        run: echo "SEMVER=skip" >> $GITHUB_ENV
+      - if: ${{ inputs.version == 'breaking_change' }}
+        run: echo "SEMVER=major" >> $GITHUB_ENV
 
       - if: ${{ github.ref_name != 'main' }}
         run: echo "SEMVER=buildNumber" >> $GITHUB_ENV
 
-      - if: ${{ inputs.skip_release }}
+      - if: ${{ inputs.version == 'skip' ||  inputs.version == 'promote' }}
         run: echo "SEMVER=skip" >> $GITHUB_ENV
 
       - id: get_semver
@@ -107,13 +113,13 @@ jobs:
     runs-on: ubuntu-latest
     if: ${{ inputs.semver != 'skip' }}
     steps:
-#      - name: Build and Push
-#        id: semver
-#        uses: pagopa/github-actions-template/[email protected]
-#        with:
-#          branch: ${{ github.ref_name}}
-#          github_token: ${{ secrets.GITHUB_TOKEN }}
-#          tag: ${{ needs.release.outputs.version }}
+      #      - name: Build and Push
+      #        id: semver
+      #        uses: pagopa/github-actions-template/[email protected]
+      #        with:
+      #          branch: ${{ github.ref_name}}
+      #          github_token: ${{ secrets.GITHUB_TOKEN }}
+      #          tag: ${{ needs.release.outputs.version }}
       - uses: actions/checkout@v3
         with:
           ref: ${{ github.ref_name }}
@@ -146,27 +152,41 @@ jobs:
           secrets: |
             GH_TOKEN=${{ secrets.READ_PACKAGES_TOKEN }}
 
-  deploy_aks:
-    name: Deploy on AKS
+  deploy_aks_dev:
+    name: Deploy on AKS DEV
     needs: [ setup, release, image ]
     if: ${{ always() && !contains(needs.*.result, 'failure') && !contains(needs.*.result, 'cancelled') }}
-    strategy:
-      matrix:
-        environment: [ dev, uat, prod ]
     uses: ./.github/workflows/deploy_with_github_runner.yml
     with:
-      environment: ${{ matrix.environment }}
-      target: ${{ needs.setup.outputs.environment }}
+      environment: ${{ needs.setup.outputs.environment }}
+    secrets: inherit
+
+  deploy_aks_uat:
+    name: Deploy on AKS UAT
+    needs: [ setup, release, image ]
+    if: ${{ always() && !contains(needs.*.result, 'failure') && !contains(needs.*.result, 'cancelled')  && needs.setup.outputs.environment != 'dev' }}
+    uses: ./.github/workflows/deploy_with_github_runner.yml
+    with:
+      environment: ${{ needs.setup.outputs.environment }}
+    secrets: inherit
+
+  deploy_aks_prod:
+    name: Deploy on AKS PROD
+    needs: [ setup, release, image ]
+    if: ${{ always() && !contains(needs.*.result, 'failure') && !contains(needs.*.result, 'cancelled')  && needs.setup.outputs.environment == 'prod' }}
+    uses: ./.github/workflows/deploy_with_github_runner.yml
+    with:
+      environment: ${{ needs.setup.outputs.environment }}
     secrets: inherit
 
   notify:
-    needs: [ setup, release, deploy_aks ]
+    needs: [ setup, release, deploy_aks_prod ]
     runs-on: ubuntu-latest
     name: Notify
     if: always()
     steps:
       - name: Report Status
-        if: ${{ needs.setup.outputs.environment == 'prod' || needs.setup.outputs.environment == 'all'  }}
+        if: ${{ needs.setup.outputs.environment == 'prod' }}
         uses: ravsamhq/notify-slack-action@v2
         with:
           status: ${{ needs.deploy_aks.result }}

.gitignore

@@ -37,3 +37,6 @@ hs_err_pid*
 .identity/.terraform/*
 **/.terraform.lock.hcl
 **/.terraform
+/docker/.env
+/.cache/
+/docker/secrets

Dockerfile

@@ -7,13 +7,14 @@ COPY . .
 RUN --mount=type=secret,id=GH_TOKEN,dst=/tmp/secret_token export GITHUB_TOKEN_READ_PACKAGES="$(cat /tmp/secret_token)" \
   && mvn clean package -Dmaven.test.skip=true
 
-
 FROM adoptopenjdk/openjdk11:alpine-jre as builder
 COPY --from=buildtime /build/target/*.jar application.jar
 RUN java -Djarmode=layertools -jar application.jar extract
 
 
 FROM ghcr.io/pagopa/docker-base-springboot-openjdk11:v1.0.1@sha256:bbbe948e91efa0a3e66d8f308047ec255f64898e7f9250bdb63985efd3a95dbf
+ADD --chown=spring:spring https://github.com/open-telemetry/opentelemetry-java-instrumentation/releases/download/v1.25.1/opentelemetry-javaagent.jar .
+
 COPY --chown=spring:spring  --from=builder dependencies/ ./
 COPY --chown=spring:spring  --from=builder snapshot-dependencies/ ./
 # https://github.com/moby/moby/issues/37965#issuecomment-426853382
@@ -22,3 +23,5 @@ COPY --chown=spring:spring  --from=builder spring-boot-loader/ ./
 COPY --chown=spring:spring  --from=builder application/ ./
 
 EXPOSE 8080
+
+ENTRYPOINT ["java","-javaagent:opentelemetry-javaagent.jar","--enable-preview","org.springframework.boot.loader.JarLauncher"]

docker/run_docker.sh

@@ -44,7 +44,7 @@ done
 echo $GH_TOKEN > ./secrets
 
 DOCKER_BUILDKIT=1 docker build -t selfcare-integration --secret id=GH_TOKEN,src=./secrets ../
-docker run -p8080:8080 --env-file ./.env selfcare-integration
+docker run -d -p8080:8080 --env-file ./.env selfcare-integration
 
 
 # waiting the containers

helm/Chart.lock

@@ -0,0 +1,6 @@
+dependencies:
+- name: microservice-chart
+  repository: https://pagopa.github.io/aks-microservice-chart-blueprint
+  version: 2.4.0
+digest: sha256:db3f9abdcf9a458c7dc3ae6f5ace7292293cbf05a4ca398c4173807f9d14c561
+generated: "2023-09-12T14:13:45.260548+02:00"

helm/Chart.yaml

@@ -2,9 +2,9 @@ apiVersion: v2
 name: pagopa-api-config-selfcare-integration
 description: Microservice that manages requests from selfcare
 type: application
-version: 1.16.0
-appVersion: 1.3.6
+version: 1.24.0
+appVersion: 1.3.6-11-chart
 dependencies:
   - name: microservice-chart
-    version: 1.21.0
+    version: 2.4.0
     repository: "https://pagopa.github.io/aks-microservice-chart-blueprint"

helm/values-dev.yaml

@@ -4,7 +4,7 @@ microservice-chart:
   fullnameOverride: ""
   image:
     repository: ghcr.io/pagopa/pagopa-api-config-selfcare-integration
-    tag: "1.3.6"
+    tag: 1.3.6-11-chart
     pullPolicy: Always
   livenessProbe:
     httpGet:
@@ -17,42 +17,54 @@ microservice-chart:
     httpGet:
       path: /actuator/health/readiness
       port: 8080
-    initialDelaySeconds: 90
+    initialDelaySeconds: 180
     failureThreshold: 6
     periodSeconds: 10
   deployment:
     create: true
-  service:
+  serviceMonitor:
     create: true
+    endpoints:
+      - interval: 10s #jmx-exporter
+        targetPort: 12345
+        path: /metrics
+  ports:
+    - 80 #http
+    - 12345 #jmx-exporter
+  service:
     type: ClusterIP
-    port: 8080
+    ports:
+      - 8080
   ingress:
     create: true
     host: "weudev.apiconfig.internal.dev.platform.pagopa.it"
     path: /pagopa-api-config-selfcare-integration/(.*)
+    servicePort: 8080
   serviceAccount:
     create: false
-    annotations: {}
-    name: ""
   podAnnotations: {}
   podSecurityContext:
     seccompProfile:
       type: RuntimeDefault
   securityContext:
+    readOnlyRootFilesystem: false
     allowPrivilegeEscalation: false
+    capabilities:
+      drop:
+        - all
   resources:
     requests:
       memory: "512Mi"
-      cpu: "0.25"
+      cpu: "0.40"
     limits:
       memory: "512Mi"
-      cpu: "0.25"
+      cpu: "0.5"
   autoscaling:
     enable: true
     minReplica: 1
-    maxReplica: 10
-    pollingInterval: 10 # seconds
-    cooldownPeriod: 50 # seconds
+    maxReplica: 2
+    pollingInterval: 30 # seconds
+    cooldownPeriod: 60 # seconds
     triggers:
       - type: cpu
         metadata:
@@ -61,8 +73,6 @@ microservice-chart:
           value: "75"
   envConfig:
     WEBSITE_SITE_NAME: 'pagopaapiconfigselfcareintegration' # required to show cloud role name in application insights
-    APPLICATIONINSIGHTS_CONNECTION_STRING: 'ai-d-connection-string'
-    APPLICATIONINSIGHTS_ROLE_NAME: "pagopa-api-config-selfcare-integration"
     ENV: 'azure-dev'
     APP_LOGGING_LEVEL: 'DEBUG'
     DEFAULT_LOGGING_LEVEL: 'INFO'
@@ -73,8 +83,18 @@ microservice-chart:
     DB_CONFIG_DRIVER: 'oracle.jdbc.OracleDriver'
     DATABASE_SCHEMA: 'NODO4_CFG'
     SPRING_JPA_DB_PLATFORM: 'org.hibernate.dialect.Oracle12cDialect'
+    OTEL_SERVICE_NAME: "pagopa-api-config-selfcare-integration"
+    OTEL_RESOURCE_ATTRIBUTES: "deployment.environment=azure-dev"
+    OTEL_EXPORTER_OTLP_ENDPOINT: "http://otel-collector.elastic-system.svc:4317"
+    OTEL_LOGS_EXPORTER: none
+    OTEL_TRACES_SAMPLER: "always_on"
+  envFieldRef:
+    APP_NAME: "metadata.labels['app.kubernetes.io/instance']"
+    APP_VERSION: "metadata.labels['app.kubernetes.io/version']"
   envSecret:
+    APPLICATIONINSIGHTS_CONNECTION_STRING: 'ai-d-connection-string'
     SPRING_DATASOURCE_PASSWORD: 'oracle-db-cfg-password'
+    OTEL_EXPORTER_OTLP_HEADERS: elastic-apm-secret-token
   keyvault:
     name: "pagopa-d-apiconfig-kv"
     tenantId: "7788edaf-0346-4068-9d79-c868aed15b3d"
@@ -90,9 +110,8 @@ microservice-chart:
                 values:
                   - user
   canaryDelivery:
-    create: true
+    create: false
     ingress:
-      create: true
       canary:
         type: header
         headerName: X-Canary
@@ -104,7 +123,7 @@ microservice-chart:
       create: true
       image:
         repository: ghcr.io/pagopa/pagopa-api-config-selfcare-integration
-        tag: 1.3.6
-        pullPolicy: Always
-      envConfig: {}
-      envSecret: {}
+        tag: 1.3.6-3-chart
+      pullPolicy: Always
+      envConfig:
+      envSecret: