diff --git a/.devops/azure-templates/chart-current-version.yml b/.devops/azure-templates/chart-current-version.yml new file mode 100644 index 0000000..f2e324e --- /dev/null +++ b/.devops/azure-templates/chart-current-version.yml @@ -0,0 +1,23 @@ +# Read the current chart version and output it two variables +# -> 'chart_current_version.version' : the Chart version +# -> 'chart_current_version.appVersion': the application version + +steps: + - task: Bash@3 + name: chart_current_version + displayName: 'Read chart current version' + inputs: + targetType: "inline" + script: | + CHART_FILE="helm/Chart.yaml" + version=$(yq -r '.version' $CHART_FILE) + appVersion=$(yq -r '.appVersion' $CHART_FILE) + trimmed_repo_url=$(echo $(Build.Repository.Uri) | sed -e "s/\.git//g") + releaseUrl=$(echo $trimmed_repo_url/releases/tag/$appVersion) + commitUrl=$(echo $trimmed_repo_url/commit/$(Build.SourceVersion)) + echo "##vso[task.setvariable variable=version;isOutput=true]$version" + echo "##vso[task.setvariable variable=appVersion;isOutput=true]$appVersion" + echo "##vso[task.setvariable variable=releaseUrl;isOutput=true]$releaseUrl" + echo "##vso[task.setvariable variable=commitUrl;isOutput=true]$commitUrl" + failOnStderr: true + \ No newline at end of file diff --git a/.devops/azure-templates/gradle-github-release.yml b/.devops/azure-templates/gradle-github-release.yml new file mode 100644 index 0000000..a0d8104 --- /dev/null +++ b/.devops/azure-templates/gradle-github-release.yml @@ -0,0 +1,153 @@ +# Node Github Relase steps +# Mark a release on the project repository, with version bump and tag, +# and publish a release on Github + +parameters: + + # Versioning parameters + - name: 'semver' + type: string + values: + - major + - minor + - patch + - none + + # Versioning parameters + - name: 'semver_chart' + type: string + values: + - major + - minor + - patch + - none + + # This is the branch in which we will push the release tag. + # It'll be master, but it can be overridden + # Basically, this variable is used to enforce the fact that we use the very same branch in different steps + - name: 'release_branch' + type: string + default: main + + # Github parameters + - name: 'gitUsername' + type: string + - name: 'gitEmail' + type: string + - name: 'gitHubConnection' + type: string + +steps: + # setup git author + - script: | + git config --global user.email "${{ parameters.gitEmail }}" && git config --global user.name "${{ parameters.gitUsername }}" + displayName: 'Git setup' + + # Without this step, changes would be applied to a detached head + - script: | + git checkout ${{ parameters.release_branch }} + displayName: 'Checkout release branch' + - task: JavaToolInstaller@0 + displayName: 'Installing JDK' + inputs: + versionSpec: "17" + jdkArchitectureOption: x64 + jdkSourceOption: 'PreInstalled' + # bump version + - ${{ if ne(parameters['semver'], 'none') }}: + - task: Gradle@3 + displayName: 'Bump version' + name: bump_version + inputs: + tasks: 'help' + options: 'incrementVersion --versionIncrementType=${{ parameters.semver }}' + jdkVersionOption: '1.17' + - task: Bash@3 + name: next_version_app + displayName: 'Set release variables' + inputs: + targetType: "inline" + script: | + version=$(./gradlew printVersion -Psnapshot=false -q | head -n1 | cut -d' ' -f2) + echo "##vso[task.setvariable variable=value;isOutput=true]$version" + git add build.gradle.kts + failOnStderr: true + - task: Bash@3 + displayName: Update Version Values Helm + name: update_version_helm + inputs: + targetType: 'inline' + script: | + for i in helm/values-*.yaml; do + [ -f "$i" ] || break + yq -i ".microservice-chart.image.tag = \"$(next_version_app.value)\"" "$i" + git add "$i" + done + - task: Bash@3 + name: update_app_version + displayName: 'Setup helm microservice chart' + inputs: + targetType: "inline" + script: | + CHART_FILE="helm/Chart.yaml" + if [[ -f "$CHART_FILE" ]]; then + yq -i ".appVersion = \"$(next_version_app.value)\"" "$CHART_FILE" + git add "$CHART_FILE" + fi + + - task: Bash@3 + name: setup_semver_utility + displayName: 'Setup semver utility' + inputs: + targetType: "inline" + script: | + yarn global add semver + - task: Bash@3 + name: update_chart_version + displayName: 'Setup helm microservice chart' + inputs: + targetType: "inline" + script: | + RELEASE_CHART_SEMVER=${{parameters.semver_chart}} + CHART_FILE="helm/Chart.yaml" + CURRENT_CHART_VERSION=$(yq -r '.version' $CHART_FILE) + if [[ -f "$CHART_FILE" ]]; then + yq -i ".version = \"$(semver $CURRENT_CHART_VERSION -i $RELEASE_CHART_SEMVER )\"" "$CHART_FILE" + git add "$CHART_FILE" + fi + - task: Bash@3 + name: next_version_chart + displayName: 'Set release chart variables' + inputs: + targetType: "inline" + script: | + CHART_FILE="helm/Chart.yaml" + version=$(yq -r '.version' $CHART_FILE) + echo "##vso[task.setvariable variable=value;isOutput=true]$version" + failOnStderr: true + # push new version + - script: | + git commit -m "Bump version [skip ci]" + git push origin ${{ parameters.release_branch }} + displayName: 'Push to the release branch' + + - script: | + HEAD_SHA=$(git rev-parse HEAD) + TAG="$(next_version_chart.value)" + TITLE="Release $(next_version_chart.value)" + echo "##vso[task.setvariable variable=title]$TITLE" + echo "##vso[task.setvariable variable=sha]$HEAD_SHA" + echo "##vso[task.setvariable variable=tag]$TAG" + displayName: 'Set release variables' + + # create new release + - task: GitHubRelease@0 + inputs: + gitHubConnection: ${{ parameters.gitHubConnection }} + repositoryName: $(Build.Repository.Name) + action: create + target: $(sha) + tagSource: manual + tag: $(tag) + title: $(title) + addChangelog: true diff --git a/.devops/azure-templates/helm-microservice-chart-deploy.yml b/.devops/azure-templates/helm-microservice-chart-deploy.yml new file mode 100644 index 0000000..749bb8d --- /dev/null +++ b/.devops/azure-templates/helm-microservice-chart-deploy.yml @@ -0,0 +1,88 @@ +parameters: + # Required + - name: "DO_DEPLOY" + type: boolean + - name: "ENV" + type: string + - name: "KUBERNETES_SERVICE_CONN" + type: string + - name: "NAMESPACE" + type: string + - name: "APP_NAME" + type: string + - name: "VALUE_FILE" + type: string + - name: "GREEN_VERSION" + type: string + # Optional + - name: "DO_BLUE_GREEN_DEPLOY" + type: boolean + default: false + - name: "BLUE_VERSION" + type: string + default: "none" + - name: "CHART_TYPE" + type: string + default: "filepath" + - name: "CHART_PATH" + type: string + default: "helm" + - name: "WAIT_FOR_EXECUTION" + type: boolean + default: true + - name: "ARGUMENTS" + type: string + default: "--timeout 5m0s" + - name: "APPINSIGHTS_SERVICE_CONN" + type: string + default: "none" + - name: "APPINSIGHTS_RESOURCE_ID" + type: string + default: "none" + +steps: + - task: HelmDeploy@0 + displayName: Deploy on ${{ parameters.ENV }} BLUEGREEN + condition: and(succeeded(), eq(${{ parameters.DO_DEPLOY }}, True)) + inputs: + kubernetesServiceEndpoint: ${{ parameters.KUBERNETES_SERVICE_CONN }} + namespace: ${{ parameters.NAMESPACE }} + command: upgrade + chartType: ${{ parameters.CHART_TYPE }} + chartPath: ${{ parameters.CHART_PATH }} + chartName: ${{ parameters.APP_NAME }} + releaseName: ${{ parameters.APP_NAME }} + valueFile: ${{ parameters.VALUE_FILE }} + install: true + waitForExecution: ${{ parameters.WAIT_FOR_EXECUTION }} + arguments: ${{ parameters.ARGUMENTS }} + overrideValues: microservice-chart.image.tag=${{ parameters.GREEN_VERSION }},microservice-chart.canaryDelivery.create=${{ parameters.DO_BLUE_GREEN_DEPLOY }},microservice-chart.canaryDelivery.deployment.image.tag=${{ parameters.BLUE_VERSION }} + - template: ./chart-current-version.yml + - ${{ if ne(parameters['APPINSIGHTS_SERVICE_CONN'], 'none') }}: + - task: AzureCLI@2 + displayName: Release annotations + condition: and(succeeded(), eq(${{ parameters.DO_DEPLOY }}, True)) + inputs: + azureSubscription: '${{ parameters.APPINSIGHTS_SERVICE_CONN }}' + addSpnToEnvironment: true + scriptType: 'bash' + scriptLocation: 'inlineScript' + failOnStandardError: true + inlineScript: | + echo "[INFO] Creating release annotation in Application Insights" + + APPINSIGHTS_ID=${{ parameters.APPINSIGHTS_RESOURCE_ID }} + UUID=$(uuidgen) + releaseName="${{ parameters.APP_NAME }}-${{ parameters.ENV }}" + releaseDescription="$(chart_current_version.appVersion)" + triggerBy="Azure DevOps" + eventTime=$(date -u '+%Y-%m-%dT%H:%M:%S') + category="Deployment" + label="Success" + + body='{ "Id": "'$UUID'", "AnnotationName": "'$releaseName'", "EventTime":"'$eventTime'", "Category":"'$category'", "Properties":"{ \"ReleaseName\":\"'$releaseName'\", \"ReleaseDescription\" : \"'$releaseDescription'\", \"TriggerBy\": \"'$triggerBy'\" }"}' + + # echo "[INFO] body: $body" + # echo "[INFO] APPINSIGHTS_ID: $APPINSIGHTS_ID" + + az rest --method put --uri "$APPINSIGHTS_ID/Annotations?api-version=2015-05-01" --body "$body" -o none \ No newline at end of file diff --git a/.devops/code-review-pipelines.yml b/.devops/code-review-pipelines.yml new file mode 100644 index 0000000..70db2e3 --- /dev/null +++ b/.devops/code-review-pipelines.yml @@ -0,0 +1,64 @@ +variables: + BRANCH_NAME: $[ replace(variables['System.PullRequest.SourceBranch'], 'refs/heads/', '') ] + GRADLE_USER_HOME: $(Pipeline.Workspace)/.gradle +trigger: none + +pool: + vmImage: ubuntu-latest + +stages: + - stage: BuildEndUnitTest + jobs: + - job: make_buildEndUnitTest + steps: + - task: Cache@2 + inputs: + key: 'gradle | "$(Agent.OS)" | **/build.gradle.kts' # Swap build.gradle.kts for build.gradle when using Groovy + restoreKeys: | + gradle | "$(Agent.OS)" + gradle + path: $(GRADLE_USER_HOME) + displayName: Configure gradle caching + + - task: SonarCloudPrepare@1 + displayName: 'Prepare SonarCloud analysis configuration' + inputs: + SonarCloud: '$(SONARCLOUD_SERVICE_CONN)' + organization: '$(SONARCLOUD_ORG)' + scannerMode: Other + extraProperties: | + sonar.projectKey=$(SONARCLOUD_PROJECT_KEY) + sonar.projectName=$(SONARCLOUD_PROJECT_NAME) + sonar.coverage.exclusions=**/config/*,**/*Mock*,**/model/* + sonar.coverage.jacoco.xmlReportPaths=./build/reports/jacoco/test/jacocoTestReport.xml + sonar.junit.reportPaths=./build/test-results/test + + - task: Gradle@3 + inputs: + gradleWrapperFile: 'gradlew' # string. Alias: wrapperScript. Required. Gradle wrapper. Default: gradlew. + tasks: 'build' # string. Required. Tasks. Default: build. + publishJUnitResults: true + testResultsFiles: '**/TEST-*.xml' # string. Required when publishJUnitResults = true. Test results files. Default: **/TEST-*.xml. + codeCoverageToolOption: 'None' # 'None' | 'Cobertura' | 'JaCoCo'. Alias: codeCoverageTool. Code coverage tool. Default: None. + codeCoverageClassFilesDirectories: 'build/classes/main/' # string. Alias: classFilesDirectories. Required when codeCoverageTool != None. Class files directories. Default: build/classes/main/. + javaHomeOption: 'JDKVersion' # 'JDKVersion' | 'Path'. Alias: javaHomeSelection. Required. Set JAVA_HOME by. Default: JDKVersion. + jdkVersionOption: '1.17' # 'default' | '1.11' | '1.10' | '1.9' | '1.8' | '1.7' | '1.6'. Alias: jdkVersion. Optional. Use when javaHomeSelection = JDKVersion. JDK version. Default: default. + sonarQubeRunAnalysis: true + + - task: SonarCloudPublish@1 + displayName: 'Publish SonarCloud results on build summary' + inputs: + pollingTimeoutSec: '300' + - script: | + # stop the Gradle daemon to ensure no files are left open (impacting the save cache operation later) + ./gradlew --stop + displayName: Gradlew stop + + - task: PublishCodeCoverageResults@1 + inputs: + codeCoverageTool: 'JaCoCo' + summaryFileLocation: 'build/reports/jacoco/test/jacocoTestReport.xml' + reportDirectory: 'build/reports/jacoco/test/html' + displayName: 'Publish Code Coverage on Azure Devops' + + diff --git a/.devops/deploy-pipelines.yml b/.devops/deploy-pipelines.yml new file mode 100644 index 0000000..c74eed8 --- /dev/null +++ b/.devops/deploy-pipelines.yml @@ -0,0 +1,331 @@ +# Deploy to Azure Kubernetes Service: +# - DEV +# - UAT -> PROD +# Build and push image to Azure Container Registry; Deploy to Azure Kubernetes Service +# https://docs.microsoft.com/azure/devops/pipelines/languages/docker + +parameters: + - name: 'DEV_DEPLOY' + displayName: 'DEV deployment without release' + type: boolean + default: True + values: + - False + - True + + - name: 'UAT_PROD_DEPLOY' + displayName: 'Deploy on UAT environment with PROD promotion' + type: boolean + default: False + values: + - False + - True + + - name: 'SKIP_BUILD' + displayName: 'Check this flag to skip build and proceed to deploy a docker image previously built' + type: boolean + default: False + values: + - False + - True + + - name: 'RELEASE_CHART_SEMVER' + displayName: 'When upgrading helm chart, define the version bump to apply' + type: string + values: + - major + - minor + - patch + - none + default: none + + - name: 'RELEASE_SEMVER' + displayName: 'When packing a release, define the version bump to apply (release is done automatically when deploying on UAT and skipped on DEV) ' + type: string + values: + - major + - minor + - patch + - none + default: patch + + - name: "FORCE_REPLACE_DOCKER_IMAGE" + displayName: "Force the existing docker image to be replaced (latest tag)" + type: boolean + default: False + values: + - False + - True + + - name: "SKIP_RELEASE" + displayName: "Skip release" + type: boolean + default: False + values: + - False + - True + + - name: "UAT_SKIP_BLUE_DEPLOYMENT" + displayName: "Skip blue/green UAT deployment strategy: activating this parameter no blue version will be created and the pipeline proceed building and deploy artifact green version" + type: boolean + default: True + values: + - False + - True + - name: "PROD_SKIP_BLUE_DEPLOYMENT" + displayName: "Skip blue/green PROD deployment strategy: activating this parameter no blue version will be created and the pipeline proceed building and deploy artifact green version" + type: boolean + default: True + values: + - False + - True + + +resources: + repositories: + - repository: pagopaCommons + type: github + name: pagopa/azure-pipeline-templates + ref: refs/tags/v2.10.1 + endpoint: 'io-azure-devops-github-ro' + - repository: pagopaWalletTests + type: github + name: pagopa/pagopa-wallet-tests + ref: main + endpoint: 'io-azure-devops-github-ro' + +pool: + vmImage: ubuntu-latest + +stages: + - stage: 'Build_for_DEV' + displayName: 'Build for DEV deployment' + condition: and(succeeded(), eq(${{parameters.DEV_DEPLOY}}, true)) + jobs: + - job: Build_docker + displayName: Build docker with Build.SourceVersion as TAG + steps: + - template: templates/docker-release/template.yaml@pagopaCommons + parameters: + CONTAINER_REGISTRY_SERVICE_CONN: $(DEV_CONTAINER_REGISTRY_SERVICE_CONN) + CONTAINER_REGISTRY_FQDN: $(DEV_CONTAINER_NAMESPACE) + DOCKER_IMAGE_NAME: $(K8S_IMAGE_REPOSITORY_NAME) + DOCKER_IMAGE_TAG: $(Build.SourceVersion) + FORCE_REPLACE_DOCKER_IMAGE: ${{ parameters.FORCE_REPLACE_DOCKER_IMAGE }} + - stage: 'Deploy_for_DEV' + displayName: 'Deploy DEV' + dependsOn: Build_for_DEV + condition: and(succeeded(), eq(${{parameters.DEV_DEPLOY}}, true) ) + jobs: + - deployment: "deploy" + environment: 'DEV' + strategy: + runOnce: + deploy: + steps: + - checkout: self + displayName: "Checkout" + - task: Bash@3 + name: update_chart_version + displayName: 'Setup helm microservice chart' + inputs: + targetType: "inline" + script: | + helm repo add microservice-chart https://pagopa.github.io/aks-microservice-chart-blueprint + helm dep build helm + - template: azure-templates/helm-microservice-chart-deploy.yml + parameters: + DO_DEPLOY: true + ENV: 'DEV' + KUBERNETES_SERVICE_CONN: $(DEV_KUBERNETES_SERVICE_CONN) + NAMESPACE: "pay-wallet" + APP_NAME: $(K8S_IMAGE_REPOSITORY_NAME) + VALUE_FILE: "helm/pay-wallet-values-dev.yaml" + GREEN_VERSION: $(Build.SourceVersion) + # --- END Deploy DEV --- # + + # --- START Deploy UAT --- # + - stage: "Build_release_candidate" + displayName: 'Build release candidate' + dependsOn: [ ] + condition: + and( + succeeded(), + eq(${{parameters.UAT_PROD_DEPLOY}}, true), + or( + eq(variables['Build.SourceBranch'], 'refs/heads/main'), + startsWith(variables['Build.SourceBranch'], 'refs/tags') + )) + jobs: + - job: "build" + displayName: 'Build release candidate docker image' + steps: + - template: templates/docker-release/template.yaml@pagopaCommons + parameters: + CONTAINER_REGISTRY_SERVICE_CONN: $(UAT_CONTAINER_REGISTRY_SERVICE_CONN) + CONTAINER_REGISTRY_FQDN: $(UAT_CONTAINER_NAMESPACE) + DOCKER_IMAGE_NAME: $(K8S_IMAGE_REPOSITORY_NAME) + DOCKER_IMAGE_TAG: $(Build.SourceVersion) + FORCE_REPLACE_DOCKER_IMAGE: ${{ parameters.FORCE_REPLACE_DOCKER_IMAGE }} + - template: azure-templates/chart-current-version.yml + + - stage: "Deploy_UAT_Blue" + displayName: 'UAT blue deployment' + dependsOn: Build_release_candidate + condition: + and( + succeeded(), + eq(${{parameters.UAT_SKIP_BLUE_DEPLOYMENT}}, False) + ) + variables: + green_app_version: $[ stageDependencies.Build_release_candidate.build.outputs['chart_current_version.appVersion'] ] + jobs: + - deployment: "Blue_deployment" + displayName: "Blue deployment" + pool: + name: pagopa-uat-linux + environment: 'UAT' + strategy: + runOnce: + deploy: + steps: + - checkout: self + displayName: "Checkout" + - task: KubectlInstaller@0 + - task: Bash@3 + name: update_chart_version + displayName: 'Setup helm microservice chart' + inputs: + targetType: "inline" + script: | + helm repo add microservice-chart https://pagopa.github.io/aks-microservice-chart-blueprint + helm dep build helm + - template: azure-templates/helm-microservice-chart-deploy.yml + parameters: + DO_DEPLOY: true + DO_BLUE_GREEN_DEPLOY: true + ENV: 'UAT' + KUBERNETES_SERVICE_CONN: $(UAT_KUBERNETES_SERVICE_CONN) + NAMESPACE: "pay-wallet" + APP_NAME: $(K8S_IMAGE_REPOSITORY_NAME) + VALUE_FILE: "helm/pay-wallet-values-uat.yaml" + GREEN_VERSION: $(green_app_version) + BLUE_VERSION: $(Build.SourceVersion) + + - stage: "Bluegreen_WaitForApproval" + displayName: 'UAT green approval deployment' + dependsOn: Deploy_UAT_Blue + variables: + commitUrl: $[ stageDependencies.Build_release_candidate.build.outputs['chart_current_version.commitUrl'] ] + jobs: + - job: Bluegreen_WaitForApproval + displayName: Manual blue deploy approval + pool: server + timeoutInMinutes: 4320 # 3 days + steps: + - task: ManualValidation@0 + timeoutInMinutes: 4320 # 3 days + inputs: + notifyUsers: $(APPROVE_TOUCHPOINT_MAIL) + instructions: "Please approve or reject UAT blue green promotions for $(commitUrl)" + onTimeout: 'reject' + + - stage: Release + ${{ if eq(parameters['UAT_SKIP_BLUE_DEPLOYMENT'], True) }}: + dependsOn: Build_release_candidate + ${{ if eq(parameters['UAT_SKIP_BLUE_DEPLOYMENT'], False) }}: + dependsOn: Bluegreen_WaitForApproval + condition: succeeded() + jobs: + - job: make_release + displayName: Make github release + steps: + - ${{ if eq(parameters['SKIP_RELEASE'], False) }}: + - template: templates/node-job-setup/template.yaml@pagopaCommons + parameters: + persistCredentials: true + - template: azure-templates/gradle-github-release.yml + parameters: + gitEmail: $(GIT_EMAIL) + gitUsername: $(GIT_USERNAME) + gitHubConnection: $(GITHUB_CONNECTION) + release_branch: main + semver_chart: '${{ parameters.RELEASE_CHART_SEMVER }}' + semver: '${{ parameters.RELEASE_SEMVER }}' + - template: azure-templates/chart-current-version.yml + + - stage: "tag_docker_release" + displayName: 'Tag Docker image to be release' + dependsOn: Release + condition: + and( + succeeded(), + ne('${{parameters.RELEASE_SEMVER}}', 'none') + ) + variables: + app_version: $[ stageDependencies.Release.make_release.outputs['chart_current_version.appVersion'] ] + jobs: + - job: "build" + displayName: 'Build UAT service beta' + steps: + - task: Docker@2 + displayName: "docker login" + inputs: + containerRegistry: $(UAT_CONTAINER_REGISTRY_SERVICE_CONN) + command: "login" + - task: Bash@3 + displayName: "docker tag new version" + inputs: + targetType: "inline" + script: | + docker pull $(UAT_CONTAINER_NAMESPACE)/$(K8S_IMAGE_REPOSITORY_NAME):$(Build.SourceVersion) + docker tag $(UAT_CONTAINER_NAMESPACE)/$(K8S_IMAGE_REPOSITORY_NAME):$(Build.SourceVersion) $(UAT_CONTAINER_NAMESPACE)/$(K8S_IMAGE_REPOSITORY_NAME):$(app_version) + docker push $(UAT_CONTAINER_NAMESPACE)/$(K8S_IMAGE_REPOSITORY_NAME):$(app_version) + + - stage: "Deploy_UAT_Green" + displayName: 'UAT green deployment' + dependsOn: [ tag_docker_release,Release ] + condition: | + and( + eq(${{parameters.UAT_PROD_DEPLOY}}, true), + in(dependencies.tag_docker_release.result, 'Succeeded', 'Skipped'), + in(dependencies.Release.result, 'Succeeded', 'Skipped'), + or( + eq(variables['Build.SourceBranch'], 'refs/heads/main'), + startsWith(variables['Build.SourceBranch'], 'refs/tags') + ) + ) + variables: + app_version: $[ stageDependencies.Release.make_release.outputs['chart_current_version.appVersion'] ] + jobs: + - deployment: "Green_deployment" + displayName: "Green deployment" + pool: + name: pagopa-uat-linux + environment: 'UAT' + strategy: + runOnce: + deploy: + steps: + - checkout: self + displayName: "Checkout" + - task: KubectlInstaller@0 + - task: Bash@3 + name: update_chart_version + displayName: 'Setup helm microservice chart' + inputs: + targetType: "inline" + script: | + helm repo add microservice-chart https://pagopa.github.io/aks-microservice-chart-blueprint + helm dep build helm + - template: azure-templates/helm-microservice-chart-deploy.yml + parameters: + DO_DEPLOY: true + DO_BLUE_GREEN_DEPLOY: false + ENV: 'UAT' + KUBERNETES_SERVICE_CONN: $(UAT_KUBERNETES_SERVICE_CONN) + NAMESPACE: "pay-wallet" + APP_NAME: $(K8S_IMAGE_REPOSITORY_NAME) + VALUE_FILE: "helm/pay-wallet-values-uat.yaml" + GREEN_VERSION: $(app_version) + # --- END Deploy UAT --- # diff --git a/helm/.helmignore b/helm/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/helm/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/Chart.lock b/helm/Chart.lock new file mode 100644 index 0000000..e29657d --- /dev/null +++ b/helm/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: microservice-chart + repository: https://pagopa.github.io/aks-microservice-chart-blueprint + version: 2.8.0 +digest: sha256:379d9a7c312874dd1771386d92d8f597cb3fed497bb80dfde102513b582123d4 +generated: "2023-11-09T10:45:20.978616+01:00" diff --git a/helm/Chart.yaml b/helm/Chart.yaml new file mode 100644 index 0000000..9e49389 --- /dev/null +++ b/helm/Chart.yaml @@ -0,0 +1,10 @@ +apiVersion: v2 +name: wallet +description: Microservice that handles crud operations on wallet resources +type: application +version: 1.0.2 +appVersion: 1.0.2 +dependencies: + - name: microservice-chart + version: 2.8.0 + repository: "https://pagopa.github.io/aks-microservice-chart-blueprint" diff --git a/helm/pay-wallet-values-dev.yaml b/helm/pay-wallet-values-dev.yaml new file mode 100644 index 0000000..166901e --- /dev/null +++ b/helm/pay-wallet-values-dev.yaml @@ -0,0 +1,111 @@ +microservice-chart: + namespace: "pay-wallet" + nameOverride: "" + fullnameOverride: "pagopa-pay-wallet-cdc-service" + image: + repository: pagopaditncoreacr.azurecr.io/pagopapaymentwalletcdcservice + tag: "0.14.2" + pullPolicy: Always + livenessProbe: + httpGet: + path: /actuator/health/liveness + port: 8080 + initialDelaySeconds: 120 + failureThreshold: 6 + periodSeconds: 10 + readinessProbe: + httpGet: + path: /actuator/health/readiness + port: 8080 + initialDelaySeconds: 120 + failureThreshold: 6 + periodSeconds: 10 + deployment: + create: true + service: + create: true + type: ClusterIP + ports: + - 8080 + ingress: + create: true + host: "itndev.pay-wallet.internal.dev.platform.pagopa.it" + path: /pagopa-payment-wallet-cdc-service/(.*) + servicePort: 8080 + serviceAccount: + create: false + annotations: { } + name: "" + podAnnotations: { } + podSecurityContext: + seccompProfile: + type: RuntimeDefault + securityContext: + allowPrivilegeEscalation: false + resources: + requests: + memory: "512Mi" + cpu: "300m" + limits: + memory: "512Mi" + cpu: "300m" + autoscaling: + enable: false + minReplica: 1 + maxReplica: 10 + pollingInterval: 10 # seconds + cooldownPeriod: 50 # seconds + triggers: + - type: cpu + metadata: + type: Utilization # Allowed types are 'Utilization' or 'AverageValue' + value: "75" + terminationGracePeriodSeconds: 30 + strategy: + type: "RollingUpdate" + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + envConfig: + OTEL_SERVICE_NAME: "pagopa-payment-wallet-cdc-service" + OTEL_SERVICE_ENVIRONMENT: "dev" + OTEL_RESOURCE_ATTRIBUTES: "deployment.environment=dev" + OTEL_EXPORTER_OTLP_ENDPOINT: "https://weudev.kibana.internal.dev.platform.pagopa.it/apm" + OTEL_EXPORTER_OTLP_PROTOCOL: http/protobuf + OTEL_TRACES_EXPORTER: otlp + OTEL_METRICS_EXPORTER: otlp + OTEL_LOGS_EXPORTER: otlp + OTEL_TRACES_SAMPLER: "always_on" + envSecret: + OTEL_EXPORTER_OTLP_HEADERS: elastic-otel-token-header + keyvault: + name: "pagopa-d-pay-wallet-kv" + tenantId: "7788edaf-0346-4068-9d79-c868aed15b3d" + nodeSelector: { } + canaryDelivery: + deployment: + image: + tag: "" + tolerations: + - effect: "NoSchedule" + key: "paymentWalletOnly" + operator: "Equal" + value: "true" + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: domain + operator: In + values: + - paywallet + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchLabels: + aadpodidbinding: pay-wallet-pod-identity + namespaces: [ "pay-wallet" ] + topologyKey: topology.kubernetes.io/zone diff --git a/helm/pay-wallet-values-uat.yaml b/helm/pay-wallet-values-uat.yaml new file mode 100644 index 0000000..3a5d154 --- /dev/null +++ b/helm/pay-wallet-values-uat.yaml @@ -0,0 +1,129 @@ +microservice-chart: + namespace: "pay-wallet" + nameOverride: "" + fullnameOverride: "pagopa-pay-wallet-cdc-service" + canaryDelivery: + create: false + ingress: + create: true + canary: + type: bluegreen + headerName: deployment + headerValue: blue + service: + create: true + deployment: + create: true + image: + repository: pagopauitncoreacr.azurecr.io/pagopapaymentwalletcdcservice + tag: "latest" + pullPolicy: Always + envConfig: + OTEL_SERVICE_NAME: "pagopa-payment-wallet-cdc-service-blue" + OTEL_RESOURCE_ATTRIBUTES: "service.name=pagopa-payment-wallet-cdc-service-blue,deployment.environment=uat" + envSecret: { } + image: + repository: pagopauitncoreacr.azurecr.io/pagopapaymentwalletcdcservice + tag: "0.0.0" + pullPolicy: Always + livenessProbe: + httpGet: + path: /actuator/health/liveness + port: 8080 + initialDelaySeconds: 40 + failureThreshold: 6 + periodSeconds: 10 + readinessProbe: + httpGet: + path: /actuator/health/readiness + port: 8080 + initialDelaySeconds: 40 + failureThreshold: 6 + periodSeconds: 10 + deployment: + create: true + replicas: 2 + service: + create: true + type: ClusterIP + ports: + - 8080 + ingress: + create: true + host: "itnuat.pay-wallet.internal.uat.platform.pagopa.it" + path: /pagopa-payment-wallet-cdc-service/(.*) + servicePort: 8080 + serviceAccount: + create: false + annotations: { } + name: "" + podAnnotations: { } + podSecurityContext: + seccompProfile: + type: RuntimeDefault + securityContext: + allowPrivilegeEscalation: false + resources: + requests: + memory: "512Mi" + cpu: "400m" + limits: + memory: "512Mi" + cpu: "600m" + autoscaling: + enable: true + minReplica: 2 + maxReplica: 10 + pollingInterval: 10 # seconds + cooldownPeriod: 50 # seconds + triggers: + - type: cpu + metadata: + # Required + type: Utilization # Allowed types are 'Utilization' or 'AverageValue' + value: "75" + terminationGracePeriodSeconds: 30 + strategy: + type: "RollingUpdate" + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + envConfig: + OTEL_SERVICE_NAME: "pagopa-payment-wallet-cc-service" + OTEL_SERVICE_ENVIRONMENT: "uat" + OTEL_RESOURCE_ATTRIBUTES: "deployment.environment=uat" + OTEL_EXPORTER_OTLP_ENDPOINT: "https://weuuat.kibana.internal.uat.platform.pagopa.it/apm" + OTEL_EXPORTER_OTLP_PROTOCOL: http/protobuf + OTEL_TRACES_EXPORTER: otlp + OTEL_METRICS_EXPORTER: otlp + OTEL_LOGS_EXPORTER: otlp + OTEL_TRACES_SAMPLER: "always_on" + envSecret: + OTEL_EXPORTER_OTLP_HEADERS: elastic-otel-token-header + keyvault: + name: "pagopa-u-pay-wallet-kv" + tenantId: "7788edaf-0346-4068-9d79-c868aed15b3d" + nodeSelector: { } + tolerations: + - effect: "NoSchedule" + key: "paymentWalletOnly" + operator: "Equal" + value: "true" + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: domain + operator: In + values: + - paywallet + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchLabels: + aadpodidbinding: pay-wallet-pod-identity + namespaces: [ "pay-wallet" ] + topologyKey: topology.kubernetes.io/zone