breaking: Upgrated the payments flow actions (#71)

diegolagospagopa · web-flow · commit b825ee193430 · 2025-01-15T09:56:10.000+01:00
* added snapshot-branch name to snapshot docker

* removed azdo trigger from snapshot docker

* added azure devops trigger action

* removed azdo trigger

* minor fix

* fix docs for azdo trigger

* flow docker snapshot: fix docs

* updated documentation for flow release
diff --git a/azure-devops-trigger-pipeline/README.md b/azure-devops-trigger-pipeline/README.md
@@ -0,0 +1,33 @@
+# azure-devops-trigger-pipeline
+
+This action helps to triggers an Azure DevOps pipeline.
+
+## Azure PAT
+
+the PAT which is personal to a user (we still can't have a bot) and must have the following permissions:
+
+* build: read & execute
+* code: read
+* release: read
+
+## how to use
+
+```yaml
+  azure-devops-trigger:
+    name: 🅰️ Azure DevOps Pipeline Trigger
+    needs: payments-flow-release
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Trigger Azure DevOps Pipeline
+        uses: pagopa/github-actions-template/azure-devops-trigger-pipeline@new-azdo-trigger-pipeline
+        with:
+          enable_azure_devops_step: 'true'
+          azure_devops_project_url: 'https://dev.azure.com/pagopaspa/p4pa-projects'
+          azure_devops_pipeline_name: 'p4pa-payhub-deploy-aks.deploy'
+          azure_devops_pat: ${{ secrets.AZURE_DEVOPS_TOKEN }}
+          azure_template_parameters: |
+            {
+              "APPS_TOP": "[p4pa-auth]",
+              "POSTMAN_BRANCH": "${{ github.ref_name }}"
+            }
+```
diff --git a/azure-devops-trigger-pipeline/action.yml b/azure-devops-trigger-pipeline/action.yml
@@ -0,0 +1,45 @@
+name: 🅰️ Azure Devops pipeline trigger
+description: 🅰️ Azure Devops pipeline trigger
+
+inputs:
+  enable_azure_devops_step:
+    description: Are azure devops triggers enabled?
+    default: "false"
+  azure_devops_project_url:
+    description: Azure devops project url like (e.g. `https://dev.azure.com/pagopaspa/arc-projects``)
+  azure_devops_pipeline_name:
+    description: Pipeline name inside the project (e.g. `arc-cittadini-deploy-aks.deploy`)
+  azure_devops_pat:
+    description: Personal secret azure devops PAT
+    default: ''
+  azure_template_parameters:
+    description: Json attribute with all the parameters that must be send to the pipeline. See README for example (⚠️ this parameters must exists)
+
+runs:
+  using: "composite"
+  steps:
+
+    #
+    # AZDO
+    #
+    - name: 🤔 Check azure_devops_pat
+      if: ${{ inputs.enable_azure_devops_step == 'true' }}
+      shell: bash
+      run: |
+        if [ -z "${{ inputs.azure_devops_pat }}" ]; then
+          echo "Error: azure_devops_pat is empty. This is required for triggering the Azure DevOps pipeline."
+          exit 1
+        fi
+
+        echo "🔨 Start launch trigger with Azure Devops"
+
+    - name: 🚂 Trigger Azure DevOps pipeline
+      if: inputs.enable_azure_devops_step == 'true'
+      # https://github.com/pagopa/azure-pipelines/releases/tag/v2.0.0
+      uses: pagopa/azure-pipelines@51d971651241601a348e4e2ed2431b8b7576d4f0
+      with:
+        azure-devops-project-url: ${{ inputs.azure_devops_project_url }}
+        azure-pipeline-name: ${{ inputs.azure_devops_pipeline_name }}
+        azure-devops-token: ${{ inputs.azure_devops_pat }}
+        azure-pipeline-variables: '{"system.debug": "true"}'
+        azure-template-parameters: ${{ inputs.azure_template_parameters }}
diff --git a/payments-flow-docker-snapshot/README.md b/payments-flow-docker-snapshot/README.md
@@ -5,49 +5,65 @@ Allows to build docker image with the follow tags:
 - snapshot
 - snapshot-(branch name)
 
-and if runned manually, create a fake tag called `develop-snapshot`
+and if runned manually, create a fake tag called `develop-snapshot` + the previous tag.
 
 ## how to use
 
 ```yaml
-name: 📦 Payments Snapshot docker
+name: 📦 Flow Snapshot Docker
 
 on:
   push:
     branches-ignore:
+      - 'develop'
+      - 'uat'
       - 'main'
     paths-ignore:
       - 'CODEOWNERS'
       - '**.md'
       - '.**'
   workflow_dispatch:
+    inputs:
+      docker_build_enabled:
+        description: 'Enable Docker build'
+        required: false
+        default: 'true'
+      azdo_trigger_enabled:
+        description: 'Enable Azure DevOps trigger'
+        required: false
+        default: 'true'
+      deploy_aks_branch:
+          description: 'argocd deploy aks branch name'
+          required: false
+          default: 'main'
 
 env:
+  # branch choosed by workflow_dispatch or by push event
   CURRENT_BRANCH: ${{ github.event.inputs.branch || github.ref_name }}
 
 jobs:
-  payments-flow-docker-snapshot:
+  checkout:
+    name: 🔖 Checkout Repository
     runs-on: ubuntu-22.04
-    environment: dev
     steps:
-      - name: 🔖 Checkout code
-        # https://github.com/actions/checkout/releases/tag/v4.2.1
+      - name: Checkout code
         uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871
         with:
           ref: ${{ env.CURRENT_BRANCH }}
 
-      - name: 📦 Run Snapshot Docker Build/Push & Trigger
-        # https://github.com/pagopa/github-actions-template/releases/tag/v1.16.0
-        uses: pagopa/github-actions-template/payments-flow-docker-snapshot@main
+  docker-build:
+    name: 📦 Docker Build and Push
+    needs: checkout
+    runs-on: ubuntu-22.04
+    if: ${{ github.event_name == 'push' || github.event.inputs.docker_build_enabled == 'true' }}
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871
+        with:
+          ref: ${{ env.CURRENT_BRANCH }}
+          
+      - name: Run Snapshot Docker Build/Push
+        uses: pagopa/github-actions-template/payments-flow-docker-snapshot@new-azdo-trigger-pipeline
         with:
           current_branch: ${{ github.ref_name }}
-          enable_azure_devops_step: 'true'
-          azure_devops_project_url: 'https://dev.azure.com/pagopaspa/devopslab-projects'
-          azure_devops_pipeline_name: 'devopslab-diego-deploy.deploy'
-          azure_devops_pat: ${{ secrets.AZUREDEVOPS_PAT }}
-          azure_template_parameters: |
-            {
-              "APPS": "[one-color]",
-              "POSTMAN_BRANCH": "${{ github.ref_name }}"
-            }
 ```
diff --git a/payments-flow-docker-snapshot/action.yml b/payments-flow-docker-snapshot/action.yml
@@ -11,23 +11,6 @@ inputs:
     default: |
       maintainer=https://pagopa.it
       org.opencontainers.image.source=https://github.com/${{ github.repository }}
-  enable_azure_devops_step:
-    description: Are azure devops triggers enabled?
-    required: false
-    default: "false"
-  azure_devops_project_url:
-    description: Azure devops project url like (e.g. `https://dev.azure.com/pagopaspa/arc-projects``)
-    required: false
-  azure_devops_pipeline_name:
-    description: Pipeline name inside the project (e.g. `arc-cittadini-deploy-aks.deploy`)
-    required: false
-  azure_devops_pat:
-    description: Personal secret azure devops PAT
-    required: false
-    default: ''
-  azure_template_parameters:
-    description: Json attribute with all the parameters that must be send to the pipeline. See README for example (⚠️ this parameters must exists)
-    required: false
 
 runs:
   using: "composite"
@@ -48,7 +31,7 @@ runs:
         shell: bash
         run: |
           if [[ "${{ github.event_name }}" == "workflow_dispatch" ]]; then
-            echo "DOCKER_TAGS=ghcr.io/${{ github.repository }}:develop-latest,ghcr.io/${{ github.repository }}:snapshot" >> $GITHUB_OUTPUT
+            echo "DOCKER_TAGS=ghcr.io/${{ github.repository }}:develop-latest,ghcr.io/${{ github.repository }}:snapshot,ghcr.io/${{ github.repository }}:snapshot-${{ inputs.current_branch }}" >> $GITHUB_OUTPUT
           else
             echo "DOCKER_TAGS=ghcr.io/${{ github.repository }}:snapshot,ghcr.io/${{ github.repository }}:snapshot-${{ inputs.current_branch }}" >> $GITHUB_OUTPUT
           fi
@@ -61,28 +44,3 @@ runs:
           push: true
           tags: ${{ steps.set_docker_tags.outputs.DOCKER_TAGS }}
           labels: ${{ inputs.docker_labels }}
-
-      #
-      # AZDO
-      #
-      - name: 🤔 Check azure_devops_pat
-        if: ${{ inputs.enable_azure_devops_step == 'true' }}
-        shell: bash
-        run: |
-          if [ -z "${{ inputs.azure_devops_pat }}" ]; then
-            echo "Error: azure_devops_pat is empty. This is required for triggering the Azure DevOps pipeline."
-            exit 1
-          fi
-
-          echo "🔨 Start launch trigger with Azure Devops"
-
-      - name: 🚂 Trigger Azure DevOps pipeline
-        if: ${{ inputs.enable_azure_devops_step == 'true' }}
-        # https://github.com/pagopa/azure-pipelines/releases/tag/v2.0.0
-        uses: pagopa/azure-pipelines@51d971651241601a348e4e2ed2431b8b7576d4f0
-        with:
-          azure-devops-project-url: ${{ inputs.azure_devops_project_url }}
-          azure-pipeline-name: ${{ inputs.azure_devops_pipeline_name }}
-          azure-devops-token: ${{ inputs.azure_devops_pat }}
-          azure-pipeline-variables: '{"system.debug": "true"}'
-          azure-template-parameters: ${{ inputs.azure_template_parameters }}
diff --git a/payments-flow-release/README.md b/payments-flow-release/README.md
@@ -1,15 +1,15 @@
 # payments-flow-release
 
-Allows to make a release and build docker image with the follow tags:
+Allows to make a release and build a docker image with the follow tags:
 
-- develop-vX.Y.Z
-- uat-vX.Y.Z
+- develop-vX.Y.Z + develop-latest + latest
+- uat-vX.Y.Z + uat-latest
 - vX.Y.Z
 
 ## how to use
 
 ```yaml
-name: 🚀 Payments release
+name: 🚀 Flow Release
 
 on:
   push:
@@ -24,28 +24,24 @@ on:
   workflow_dispatch:
 
 jobs:
-  payments-flow-release:
+
+  checkout:
+    name: 🔖 Checkout Repository
     runs-on: ubuntu-22.04
-    environment: dev
     steps:
-      - name: 🔖 Checkout code
-        # https://github.com/actions/checkout/releases/tag/v4.2.1
+      - name: Checkout code
         uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871
         with:
           ref: ${{ github.ref_name }}
 
-      - name: 🚀 release + docker + azdo
-        # https://github.com/pagopa/github-actions-template/releases/tag/v1.16.0
-        uses: pagopa/github-actions-template/payments-flow-release@payments-release
+  payments-flow-release:
+    name: 🚀 Release
+    runs-on: ubuntu-22.04
+    needs: checkout
+    steps:
+      - name: 🚀 release + docker
+        # https://github.com/pagopa/github-actions-template/releases/tag/v1.19.1
+        uses: pagopa/github-actions-template/payments-flow-release@new-azdo-trigger-pipeline
         with:
           current_branch: ${{ github.ref_name }}
-          enable_azure_devops_step: 'true'
-          azure_devops_project_url: 'https://dev.azure.com/pagopaspa/devopslab-projects'
-          azure_devops_pipeline_name: 'devopslab-diego-deploy.deploy'
-          azure_devops_pat: ${{ secrets.AZUREDEVOPS_PAT }}
-          azure_template_parameters: |
-            {
-              "APPS": "[one-color]",
-              "POSTMAN_BRANCH": "${{ github.ref_name }}"
-            }
 ```
diff --git a/payments-flow-release/action.yml b/payments-flow-release/action.yml
@@ -1,33 +1,20 @@
-name: Payments release
-description: Payments release
+name: 🚀 Payments Release
+description: 🚀 Payments Release + Docker image
 
 inputs:
   current_branch:
     description: Branch used to launch the action
     required: true
+  docker_build: 
+    description: Docker build
+    required: false
+    default: "true"
   docker_labels:
     description: Labels for docker push
     required: false
     default: |
       maintainer=https://pagopa.it
       org.opencontainers.image.source=https://github.com/${{ github.repository }}
-  enable_azure_devops_step:
-    description: Are azure devops triggers enabled?
-    required: false
-    default: "false"
-  azure_devops_project_url:
-    description: Azure devops project url like (e.g. `https://dev.azure.com/pagopaspa/arc-projects``)
-    required: false
-  azure_devops_pipeline_name:
-    description: Pipeline name inside the project (e.g. `arc-cittadini-deploy-aks.deploy`)
-    required: false
-  azure_devops_pat:
-    description: Personal secret azure devops PAT
-    required: false
-    default: ''
-  azure_template_parameters:
-    description: Json attribute with all the parameters that must be send to the pipeline. See README for example (⚠️ this parameters must exists)
-    required: false
 
 runs:
   using: "composite"
@@ -57,20 +44,23 @@ runs:
     #
     - name: 🔨 Set Docker tags
       id: set_docker_tags
-      if: steps.release.outputs.new_release_published == 'true'
+      if: steps.release.outputs.new_release_published == 'true' && inputs.docker_build == 'true'
       shell: bash
       run: |
         if [[ "${{ github.ref }}" == "refs/heads/develop" ]]; then
+          # develop-latest, develop-vx.y.z, latest
           echo "DOCKER_TAGS=ghcr.io/${{ github.repository }}:develop-v${{ steps.release.outputs.new_release_version }},ghcr.io/${{ github.repository }}:develop-latest,ghcr.io/${{ github.repository }}:latest" >> $GITHUB_OUTPUT
         elif [[ "${{ github.ref }}" == "refs/heads/uat" ]]; then
+          # uat-vx.y.z, uat-latest
           echo "DOCKER_TAGS=ghcr.io/${{ github.repository }}:uat-v${{ steps.release.outputs.new_release_version }},ghcr.io/${{ github.repository }}:uat-latest" >> $GITHUB_OUTPUT
         elif [[ "${{ github.ref }}" == "refs/heads/main" ]]; then
+          # vx.y.z, latest
           echo "DOCKER_TAGS=ghcr.io/${{ github.repository }}:v${{ steps.release.outputs.new_release_version }}" >> $GITHUB_OUTPUT
         fi
 
     - name: 🛃 Log in to the Github Container registry
       id: docker_login
-      if: steps.release.outputs.new_release_published == 'true'
+      if: steps.release.outputs.new_release_published == 'true' && inputs.docker_build == 'true'
       uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 #v3.2.0
       with:
         registry: ghcr.io
@@ -79,35 +69,10 @@ runs:
 
     - name: 📦 Build and push Docker image with release version
       id: docker_build_push
-      if: steps.release.outputs.new_release_published == 'true'
+      if: steps.release.outputs.new_release_published == 'true' && inputs.docker_build == 'true'
       uses: docker/build-push-action@1a162644f9a7e87d8f4b053101d1d9a712edc18c #v6.3.0
       with:
         context: .
         push: true
         tags: ${{ steps.set_docker_tags.outputs.DOCKER_TAGS }}
         labels: ${{ inputs.docker_labels }}
-
-    #
-    # AZDO
-    #
-    - name: 🤔 Check azure_devops_pat
-      if: ${{ inputs.enable_azure_devops_step == 'true' }}
-      shell: bash
-      run: |
-        if [ -z "${{ inputs.azure_devops_pat }}" ]; then
-          echo "Error: azure_devops_pat is empty. This is required for triggering the Azure DevOps pipeline."
-          exit 1
-        fi
-
-        echo "🔨 Start launch trigger with Azure Devops"
-
-    - name: 🚂 Trigger Azure DevOps pipeline
-      if: inputs.enable_azure_devops_step == 'true' && steps.release.outputs.new_release_published == 'true'
-      # https://github.com/pagopa/azure-pipelines/releases/tag/v2.0.0
-      uses: pagopa/azure-pipelines@51d971651241601a348e4e2ed2431b8b7576d4f0
-      with:
-        azure-devops-project-url: ${{ inputs.azure_devops_project_url }}
-        azure-pipeline-name: ${{ inputs.azure_devops_pipeline_name }}
-        azure-devops-token: ${{ inputs.azure_devops_pat }}
-        azure-pipeline-variables: '{"system.debug": "true"}'
-        azure-template-parameters: ${{ inputs.azure_template_parameters }}
