Comparing changes

…#2881) feat(checkout-auth): add allowed headers to v3 base policy

* feat: GPD for ACA availability alert * feat: GPD for ACA availability alert * fix: pre-commit * ix: re-use opsgenie webhook conf instead of domain specific one * fix: optimize query using operationId instaead of regex match * useless resource * minor fix --------- Co-authored-by: Pasquale Spica <36746022+pasqualespica@users.noreply.github.com> Co-authored-by: pasqualespica <pasqualespica@gmail.com>

* chore: add mock for identity provider mock * fix: endpoint * fix: precommit * fix: login path for oi mock

[PQ-363] observability bdi opnapi improvement Co-authored-by: Pasquale Spica <36746022+pasqualespica@users.noreply.github.com>

…#2886) * feat: [Selfcare-secret] Add quickisght dashboard env UAT * add prod selfcare secrers aws dash integration * feat: [Selfcare-secret] Change quickisght dashboard env UAT --------- Co-authored-by: pasqualespica <pasqualespica@gmail.com> Co-authored-by: Pasquale Spica <36746022+pasqualespica@users.noreply.github.com>

* add 2 connection eventhub data exp * add azurerm_role_assignment --------- Co-authored-by: Pasquale Spica <36746022+pasqualespica@users.noreply.github.com> Co-authored-by: pasqualespica <pasqualespica@gmail.com>

* update openapi GPD-Core PIDM-35, PIDM-42 * fix: updated OpenAPI files for GPD external's APIs * fix: updated OpenAPI files for GPD internal's APIs * fix: updated OpenAPI files for GPD-for-SEND's APIs * fix: updated OpenAPI files for GPD-for-ACA's APIs * fix aca openapi --------- Co-authored-by: Andrea D. <117269497+andrea-deri@users.noreply.github.com> Co-authored-by: Andrea De Rinaldis <andrea.derinaldis@pagopa.it>

* db-fdr1-password-read * add uat and prod

* feat: [PAGOPA-2750] Introduced workload identity NODO domain * fix: redundant line in file PAGOPA-2750 * feat: [PAGOPA-2750] Cert mounter host name nodo * fix --------- Co-authored-by: Federico Ruzzier <federicoruzzier96@gmail.com> Co-authored-by: pasqualespica <pasqualespica@gmail.com>

* feat: add secret for tests * feat: add mock for uat env

* feat: alerts for checkout auth api * fix: handle v3 api into availability alert * fix: file formatting * fix: file formatting * fix: file formatting * fix: login success rate alert refactoring * fix: remove duplicate data definition * feat: add alert for unauthorized api calls percentage * fix: query alert * fix: alert query * fix: remove login success rate alert

…priority 1 (#2904) Set severity to 1 for app gateway alerts. Updated the severity level from 2 to 1 in app gateway and app gateway integration alert configurations. This change ensures higher priority for abnormal compute unit usage alerts, aligning with the critical nature of potential high traffic peaks. Signed-off-by: Fabio Felici <fabio.felici@pagopa.it>

* feat(checkout-auth): add checkout v3 policies for POST /auth-request, GET /transaction and DELETE /transaction * fix: formatting * fix: formatting --------- Co-authored-by: Pietro Tota <115724836+pietro-tota@users.noreply.github.com> Co-authored-by: Pietro Tota <pietro.tota@pagopa.it>

* enable autodashboard * ignore grafana major * module version --------- Co-authored-by: ffppa <fabio.felici@pagopa.it>

secret prod

Update static analysis workflow to ignore additional patterns Added `.github`, `.devops`, `.vscode`, and `.terraform-version` to ignored patterns in the `get-modified-folders` action. This prevents unnecessary folder checks and optimizes the workflow execution. The change ensures more precise static analysis targeting. Signed-off-by: Fabio Felici <fabio.felici@pagopa.it>

* Add caching for Terraform plugins in static analysis workflow This update introduces a caching mechanism for Terraform plugins to improve workflow efficiency. It uses the `actions/cache` action to store and restore the plugin cache and configures the cache directory in the Terraform settings. A cleanup step is also added for manual workflow dispatch events. Signed-off-by: Fabio Felici <fabio.felici@pagopa.it> * Update TF_PLUGIN_CACHE_DIR path in workflow configuration Changed TF_PLUGIN_CACHE_DIR and related paths to an absolute directory (`/home/runner/...`) for consistency and to avoid potential path issues. Minor adjustments were also made to step names to improve clarity and localization. Signed-off-by: Fabio Felici <fabio.felici@pagopa.it> * Update workflow step names for clarity and consistency Renamed steps in the static analysis workflow to use clearer and consistent English phrases. This improves readability and aligns step names with standard naming conventions. Signed-off-by: Fabio Felici <fabio.felici@pagopa.it> * Update Terraform caching and cleanup in CI workflow Reorganized and enhanced Terraform plugin caching by introducing a cleanup step for provider directories and ensuring efficient cache management. Removed redundant manual cache cleanup and clarified setup for the plugin cache directory. Signed-off-by: Fabio Felici <fabio.felici@pagopa.it> * Update terraform modules and improve workload identity setup Updated existing terraform modules to their latest versions, ensuring better compatibility and functionality. Enhanced readability by aligning assignments and refined workload identity configurations for consistency and clarity. These changes streamline infrastructure management and maintain alignment with best practices. Signed-off-by: Fabio Felici <fabio.felici@pagopa.it> * Update Terraform plugin cache path to use /tmp directory Switching the plugin cache directory to /tmp ensures a more consistent and isolated environment for the GitHub Actions runner. This change helps avoid potential conflicts or leftover files between workflow runs. Signed-off-by: Fabio Felici <fabio.felici@pagopa.it> * Remove unnecessary logging from static_analysis workflow The redundant echo statements were removed to streamline the workflow script. This cleanup reduces noise in logs and improves overall readability. Signed-off-by: Fabio Felici <fabio.felici@pagopa.it> * Update static analysis workflow to remove Terraform lock files Added a step to delete .terraform.lock.hcl files during the cleanup process. This ensures a more thorough removal of Terraform-related files before caching or analysis tasks. Signed-off-by: Fabio Felici <fabio.felici@pagopa.it> * Update Terraform init to include provider lock generation Enabled Terraform provider lock file generation to ensure consistent provider installations across platforms. This improves build reliability by explicitly defining supported platforms in the static analysis workflow. Signed-off-by: Fabio Felici <fabio.felici@pagopa.it> * Remove unnecessary echo statement from workflow script The "Show space 3" echo statement was redundant and served no functional purpose. Cleaning up such statements improves readability and maintains a streamlined workflow. Signed-off-by: Fabio Felici <fabio.felici@pagopa.it> --------- Signed-off-by: Fabio Felici <fabio.felici@pagopa.it>

* fix: [NODO] New runner configuration * fix: [NODO] New runner configuration * fix: [NODO] Runner configuration * fix: [NODO] Runner configuration * fix: [NODO] Runner configuration * fix: [NODO] Deleted gh runner location in prod * fix: [NODO] APIM rmbd * fix --------- Co-authored-by: pasqualespica <pasqualespica@gmail.com> Co-authored-by: Pasquale Spica <36746022+pasqualespica@users.noreply.github.com>

Update from pagopa/pagopa-afm-marketplace-be@dddb8a6 Co-authored-by: pagopa-github-bot <github-bot@pagopa.it> Co-authored-by: Samuele Varianti <128470180+svariant@users.noreply.github.com>

* added gh runner cleanup pipeline

* [PAGOPA-2721] updated calculator openapi * fix: openapi v2 paths PAGOPA-2721 --------- Co-authored-by: Federico Ruzzier <federicoruzzier96@gmail.com> Co-authored-by: Pasquale Spica <36746022+pasqualespica@users.noreply.github.com>

* feat(checkout-auth): remove userId from getUsers response body * feat(checkout-auth): remove userId from getUsers response body * feat(checkout-auth): add response body validation * feat(checkout-auth): update max-size value

fix gh runner cleanup script

refact-fdr1-alert-PPT_SYSTEM_ERROR

* chore: remove unused POD identity * feat: update cert mounter --------- Co-authored-by: Simone infante <52280205+infantesimone@users.noreply.github.com>

Co-authored-by: CianoDanilo <danilo.ciano@pagopa.it>

* feat: rate limit * chore: comment --------- Co-authored-by: CianoDanilo <danilo.ciano@pagopa.it>

removed prod elastic agent itn

removed prod otel collector, moved to elasticloud infra

* auto dashboard version * fix * remove output * pre-commit

…d its infrastructure (#2924) * [PIDM-265] feat: adding consumer for bizevents sync application * feat: [PIDM-265] Configure workload identity for BizEvents domain (#2865) feat: [PIDM-265] Introduce workload identity to BizEvents domain Co-authored-by: Andrea D. <117269497+andrea-deri@users.noreply.github.com> * [PIDM-265] fix: resolving wrong dependence on variable * [PIDM-265] chore: removing unused data * [PIDM-265] feat: adding secrets via SOPS in DEV and UAT environments * [PIDM-265] feat: adding subscription key automatic generation * [PIDM-265] feat: adding new container app for deployment running on GH Actions * [PIDM-265] fix: adding repo on identity_cd_01 * fix prod --------- Co-authored-by: Samuele Varianti <128470180+svariant@users.noreply.github.com> Co-authored-by: pasqualespica <pasqualespica@gmail.com> Co-authored-by: Pasquale Spica <36746022+pasqualespica@users.noreply.github.com>

* fix: [CHK-3792] Buyerbank storage account disposal * fix: swagger * Revert "fix: swagger" This reverts commit 55d1a8f. * Revert "fix: [CHK-3792] Buyerbank storage account disposal" This reverts commit 6f407c6. * fix: buyerbank storage disposal * fix: pre-commit --------- Co-authored-by: Simone infante <52280205+infantesimone@users.noreply.github.com> Co-authored-by: Pietro Tota <pietro.tota@pagopa.it> Co-authored-by: Pietro Tota <115724836+pietro-tota@users.noreply.github.com>

* added new flag with custom ip list * fix * Update src/domains/checkout-app/api/fragments/_fragment_feature_flag_filter.tpl.xml Co-authored-by: Pietro Tota <115724836+pietro-tota@users.noreply.github.com> * Update src/domains/checkout-app/api/fragments/_fragment_feature_flag_filter.tpl.xml Co-authored-by: Pietro Tota <115724836+pietro-tota@users.noreply.github.com> * Update 06_aks_middleware_tools.tf * Update README.md * Update 06_aks_middleware_tools.tf * Update 06_aks_middleware_tools.tf * fix: restore file format * Update 04_apim_checkout_feature_flags.tf * Update _fragment_feature_flag_filter.tpl.xml * Update _fragment_feature_flag_filter.tpl.xml * Update 04_apim_checkout_feature_flags.tf * Update _fragment_feature_flag_filter.tpl.xml * Update _fragment_feature_flag_filter.tpl.xml * Update _fragment_feature_flag_filter.tpl.xml * fix: resolve ambiguity between IDictionary and IReadOnlyDictionary --------- Co-authored-by: Pietro Tota <115724836+pietro-tota@users.noreply.github.com> Co-authored-by: Pietro Tota <pietro.tota@pagopa.it> Co-authored-by: Simone infante <52280205+infantesimone@users.noreply.github.com>

* feat: add x-rpt-id header into auth-service api * feat: add x-rpt-id allow header for cors * feat: add x-rpt-id header into auth validate * fix: remove last comma on rpt id concat * feat(checkout-auth): remove userId from getUsers response body * Update src/domains/checkout-app/api/checkout/checkout_auth_service/v1/_openapi.json.tpl Co-authored-by: Pietro Tota <115724836+pietro-tota@users.noreply.github.com> * fix: restore userId * Update src/domains/ecommerce-app/api/ecommerce-checkout/v3/_transaction_policy.xml.tpl Co-authored-by: Pietro Tota <115724836+pietro-tota@users.noreply.github.com> * fix: code align * fix: rename x-rpt-id with plural version * fix: revert x-rpt-id header plural * feat: add x-rpt-id header to all ecommerce checkout v3 api for auth/validate * fix: remove unecessary rpt-id calculation * fix: add x-rpt-id allorw header to checout v3 api * fix: revert payment-request rptId getter * fix: remove set-header delete ox x-rpt-id * fix: policy for x-rpt-id header --------- Co-authored-by: CianoDanilo <danilo.ciano@pagopa.it> Co-authored-by: Pietro Tota <115724836+pietro-tota@users.noreply.github.com> Co-authored-by: Simone infante <52280205+infantesimone@users.noreply.github.com>

* [PIDM-328] update for the new enrichment consumer * fix --------- Co-authored-by: pasqualespica <pasqualespica@gmail.com> Co-authored-by: Pasquale Spica <36746022+pasqualespica@users.noreply.github.com>

* [PPANTT-216] configured gps domain for workload identity * [PPANTT-216] fix version and removed commented code * fix * fix --------- Co-authored-by: pasqualespica <pasqualespica@gmail.com>

…o` application (#2929) [PIDM-265] feat: defining new product for pagopa-biz-events-sync-nodo application Co-authored-by: Francesco Cesareo <cesareo.francesco@gmail.com>

* new ip in dns and route * pre-commit * fix comment --------- Co-authored-by: Pasquale Spica <36746022+pasqualespica@users.noreply.github.com>

fix route table

* added fdr-xml-to-json to identity_oidc_01 * added github runner * update openapi fdr-xml-to-json * clean code * clean code * PAGOPA-2745 added json-to-xml * feat: [PAGOPA-2640] [FDR] Add fdr-technical-support to workload identity * minor fix --------- Co-authored-by: svariant <samuele.varianti@nttdata.com> Co-authored-by: pasqualespica <pasqualespica@gmail.com> Co-authored-by: Pasquale Spica <36746022+pasqualespica@users.noreply.github.com>

changed backoffice UAT AWS quicksight dashboard env to reference PROD

rotate-pwd-fdr3-db-uat-dev

…dr (#2928)

-Original file line number
+Diff line change
@@ -0,0 +1,87 @@
+    # only manual
+    trigger: none
+    pr: none
+    parameters:
+      - name: 'DEV'
+        displayName: 'Run on DEV environment'
+        type: boolean
+        default: True
+        values:
+          - False
+          - True
+      - name: 'UAT'
+        displayName: 'Run on UAT environment'
+        type: boolean
+        default: True
+        values:
+          - False
+          - True
+      - name: 'PROD'
+        displayName: 'Run on PROD environment'
+        type: boolean
+        default: True
+        values:
+          - False
+          - True
+    variables:
+      TIME_OUT: 10
+      # working dir
+      WORKING_DIR: 'src'
+      poolNameDev: '$(TF_POOL_NAME_DEV)'
+      poolNameUat: '$(TF_POOL_NAME_UAT)'
+      poolNameProd: '$(TF_POOL_NAME_PROD)'
+      #APPLY
+      azureServiceConnectionApplyNameDev: '$(TF_AZURE_SERVICE_CONNECTION_APPLY_NAME_DEV)'
+      azureServiceConnectionApplyNameUat: '$(TF_AZURE_SERVICE_CONNECTION_APPLY_NAME_UAT)'
+      azureServiceConnectionApplyNameProd: '$(TF_AZURE_SERVICE_CONNECTION_APPLY_NAME_PROD)'
+    pool:
+      vmImage: 'ubuntu-latest'
+    resources:
+      repositories:
+        - repository: terraform
+          type: github
+          name: pagopa/azure-pipeline-templates
+          ref: refs/tags/v6.2.0
+          endpoint: "io-azure-devops-github-ro"
+    stages:
+      - stage: DEV
+        displayName: DEV cleanup
+        dependsOn: []
+        condition: and(succeeded(), eq(${{parameters.DEV}}, true))
+        jobs:
+          - template: templates/clean-runner-job.yml
+            parameters:
+              TIME_OUT: ${{variables.TIME_OUT}}
+              AZ_SERVICE_CONNECTION: '$(TF_AZURE_SERVICE_CONNECTION_APPLY_NAME_DEV)'
+              RUNNER_RG: 'pagopa-d-weu-github-runner-rg'
+      - stage: UAT
+        displayName: UAT cleanup
+        dependsOn: []
+        condition: and(succeeded(), eq(${{parameters.UAT}}, true))
+        jobs:
+          - template: templates/clean-runner-job.yml
+            parameters:
+              TIME_OUT: ${{variables.TIME_OUT}}
+              AZ_SERVICE_CONNECTION: '$(TF_AZURE_SERVICE_CONNECTION_APPLY_NAME_UAT)'
+              RUNNER_RG: 'pagopa-u-weu-github-runner-rg'
+      - stage: PROD
+        displayName: PROD cleanup
+        dependsOn: []
+        condition: and(succeeded(), eq(${{parameters.PROD}}, true))
+        jobs:
+          - template: templates/clean-runner-job.yml
+            parameters:
+              TIME_OUT: ${{variables.TIME_OUT}}
+              AZ_SERVICE_CONNECTION: '$(TF_AZURE_SERVICE_CONNECTION_APPLY_NAME_PROD)'
+              RUNNER_RG: 'pagopa-p-weu-github-runner-rg'

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Comparing changes

Open a pull request

Commits on Mar 14, 2025

Commits on Mar 17, 2025

Commits on Mar 18, 2025

Commits on Mar 19, 2025

Commits on Mar 20, 2025

Commits on Mar 21, 2025

Commits on Mar 24, 2025

Commits on Mar 25, 2025

Commits on Mar 26, 2025

Commits on Mar 27, 2025

There are no files selected for viewing