Comparing changes

This adds caching to the details- and search authorization calls. Keys are derived from the request models, using only the principal claims relevant for user identification (skipping `jti`, `exp` etc which will needlessly bloat the number of keys and reduce hit rate). This will create several keys per user, and for some bulk-operating end user systems, potentially thousands within the total TTL of the entries. To control RAM usage, memory cache is disabled and this relies solely on the Redis cache. This trades replica memory usage against Redis ingress/egress. For end user systems performing each search/details request just once, this makes no difference (as calls will miss the cache anyway), but for normal users in the portal which might navigate back and forth and change ordering/non-auth-related filters, the Redis traffic will increase compared to having the memory level cache enabled.

## Description Ensures that migrations are run when running docker-compose  ## Related Issue(s) - #{issue number} ## Verification - [X] **Your** code builds clean without any errors or warnings - [X] Manual testing done (required) - [X] Relevant automated test added (if you find this hard, leave it and we'll help out) ## Documentation - [X] Documentation is updated (either in `docs`-directory, Altinnpedia or a separate linked PR in [altinn-studio-docs.](https://github.com/Altinn/altinn-studio-docs), if applicable) --------- Co-authored-by: Ole Jørgen Skogstad <skogstad@softis.net>

New major version of flexible PostgreSQL available in our Azure region ## Verification - [x] **Your** code builds clean without any errors or warnings - [x] Manual testing done (required) - [x] Relevant automated test added (if you find this hard, leave it and we'll help out) ## Documentation - [x] Documentation is updated (either in `docs`-directory, Altinnpedia or a separate linked PR in [altinn-studio-docs.](https://github.com/Altinn/altinn-studio-docs), if applicable)

[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [Azure.Identity](https://togithub.com/Azure/azure-sdk-for-net/blob/Azure.Identity_1.11.0/sdk/identity/Azure.Identity/README.md) ([source](https://togithub.com/Azure/azure-sdk-for-net)) | `1.10.4` -> `1.11.0` | [![age](https://developer.mend.io/api/mc/badges/age/nuget/Azure.Identity/1.11.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/nuget/Azure.Identity/1.11.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/nuget/Azure.Identity/1.10.4/1.11.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/nuget/Azure.Identity/1.10.4/1.11.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>Azure/azure-sdk-for-net (Azure.Identity)</summary> ### [`v1.11.0`](https://togithub.com/Azure/azure-sdk-for-net/releases/tag/Azure.Identity_1.11.0) ##### 1.11.0 (2024-04-09) ##### Bugs Fixed - `AzurePowerShellCredential` now handles the case where it falls back to legacy PowerShell without relying on the error message string. ##### Breaking Changes - `DefaultAzureCredential` now sends a probe request with no retries for IMDS managed identity environments to avoid excessive retry delays when the IMDS endpoint is not available. This should improve credential chain resolution for local development scenarios. See [BREAKING_CHANGES.md](https://togithub.com/Azure/azure-sdk-for-net/blob/main/sdk/identity/Azure.Identity/BREAKING_CHANGES.md#1110). </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 7am on Sunday,before 7am on Wednesday" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/digdir/dialogporten).  Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Ole Jørgen Skogstad <skogstad@softis.net>

@arealmaas

Forgot to change these on @arealmaas suggestion on the SeenLog endpoint PR

Co-authored-by: Magnus Sandgren <5285192+MagnusSandgren@users.noreply.github.com>

…nt via docker-compose (#640) - Adding new container app for GraphQL - Refactor apim URL to be optional until we add GraphQL service to the APIM - Add graphql to docker-compose and an nginx ingress with a new nginx config - Remove explicit add of banana cake pop ## Related Issue(s) #490 ## Verification - [ ] **Your** code builds clean without any errors or warnings - [ ] Manual testing done (required) - [ ] Relevant automated test added (if you find this hard, leave it and we'll help out) ## Documentation - [ ] Documentation is updated (either in `docs`-directory, Altinnpedia or a separate linked PR in [altinn-studio-docs.](https://github.com/Altinn/altinn-studio-docs), if applicable) --------- Co-authored-by: Are Almaas <arealmaas@gmail.com>

## Description  ## Related Issue(s) - #{issue number} ## Verification - [ ] **Your** code builds clean without any errors or warnings - [ ] Manual testing done (required) - [ ] Relevant automated test added (if you find this hard, leave it and we'll help out) ## Documentation - [ ] Documentation is updated (either in `docs`-directory, Altinnpedia or a separate linked PR in [altinn-studio-docs.](https://github.com/Altinn/altinn-studio-docs), if applicable)

## Description - Add app configuration & extension for Azure app configuration auth - Add serilog request logger  ## Related Issue(s) - #490 ## Verification - [ ] **Your** code builds clean without any errors or warnings - [ ] Manual testing done (required) - [ ] Relevant automated test added (if you find this hard, leave it and we'll help out) ## Documentation - [ ] Documentation is updated (either in `docs`-directory, Altinnpedia or a separate linked PR in [altinn-studio-docs.](https://github.com/Altinn/altinn-studio-docs), if applicable) --------- Co-authored-by: Ole Jørgen Skogstad <skogstad@softis.net>

) Adding a custom DiagnosticEventListener for sending telemetry from GQL to ApplicationInsights ## Related Issue(s) - #490 ## Verification - [x] **Your** code builds clean without any errors or warnings - [x] Manual testing done (required) - [x] Relevant automated test added (if you find this hard, leave it and we'll help out) ## Documentation - [ ] Documentation is updated (either in `docs`-directory, Altinnpedia or a separate linked PR in [altinn-studio-docs.](https://github.com/Altinn/altinn-studio-docs), if applicable)

[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [azure/login](https://togithub.com/azure/login) | action | major | `v1` -> `v2` | --- ### Release Notes <details> <summary>azure/login (azure/login)</summary> ### [`v2`](https://togithub.com/azure/login/compare/v1...v2) [Compare Source](https://togithub.com/azure/login/compare/v1...v2) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 7am on Sunday,before 7am on Wednesday" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/digdir/dialogporten).  Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

Automatic testing for changes in GraphQL schema (same as OpenAPI) Renamed `docs/swagger` to `docs/schema` to host the two files in the same npm package. Renamed npm package to `dialogporten-schema` Automatic versioning/publishing of this npm package is being worked on in another branch ## Related Issue(s) - #490 ## Verification - [x] **Your** code builds clean without any errors or warnings - [x] Manual testing done (required) - [x] Relevant automated test added (if you find this hard, leave it and we'll help out) ## Documentation - [ ] Documentation is updated (either in `docs`-directory, Altinnpedia or a separate linked PR in [altinn-studio-docs.](https://github.com/Altinn/altinn-studio-docs), if applicable)

…#643) This enables automatic running of K6 E2E tests after successful app revision deploy ## Description This refactors the dispatch-only K6 runner to a reusable action, which is used in CI/CD workflows as well as a dispatch-workflow, which now takes a path to a test suite to run, eliminating the need for different dispatches for functional and non-functional tests. Reporting of the tests are performed with a third-party action-plugin to utilize GIthub support for junit.xml format. Having some issues getting this to work properly locally with `act`, so this will have to be tested in Github. Unclear how rich the reporting within Github can be, but hopefully we can at least get the job to be marked as failed if any tests fail as reported by K6. For additional details, the stdout log will have to be consulted. In the future, we might want to incorporate more custom handling of the summary and eg. integrate the Slack Notifier bot. ## Related Issue(s) - #80 ## Verification - [x] **Your** code builds clean without any errors or warnings - [x] Manual testing done (required) - [ ] Relevant automated test added (if you find this hard, leave it and we'll help out) ## Documentation - [ ] Documentation is updated (either in `docs`-directory, Altinnpedia or a separate linked PR in [altinn-studio-docs.](https://github.com/Altinn/altinn-studio-docs), if applicable)

…#653)

Before refactoring more, let's do a review on this if this is the best approach or not.. ## Description  - Adds a new function to get the long names of the organization - Caches the result with a new cache key ## Related Issue(s) - #404 ## Verification - [X] **Your** code builds clean without any errors or warnings - [X] Manual testing done (required) - [ ] Relevant automated test added (if you find this hard, leave it and we'll help out) ## Documentation - [X] Documentation is updated (either in `docs`-directory, Altinnpedia or a separate linked PR in [altinn-studio-docs.](https://github.com/Altinn/altinn-studio-docs), if applicable) --------- Co-authored-by: Ole Jørgen Skogstad <skogstad@softis.net> Co-authored-by: Magnus Sandgren <5285192+MagnusSandgren@users.noreply.github.com>

[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [MassTransit](https://masstransit.io/) ([source](https://togithub.com/MassTransit/MassTransit)) | `8.2.0` -> `8.2.1` | [![age](https://developer.mend.io/api/mc/badges/age/nuget/MassTransit/8.2.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/nuget/MassTransit/8.2.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/nuget/MassTransit/8.2.0/8.2.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/nuget/MassTransit/8.2.0/8.2.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | --- ### Configuration 📅 **Schedule**: Branch creation - "before 7am on Sunday,before 7am on Wednesday" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/digdir/dialogporten).  Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

… to 2023-09-01 (#657) [![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Resource | Change | |---|---| | Microsoft.OperationalInsights/workspaces | `2022-10-01` -> `2023-09-01` | --- ### Configuration 📅 **Schedule**: Branch creation - "before 7am on Sunday,before 7am on Wednesday" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/digdir/dialogporten).  Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

Hard coded IUser set to LocalDevelopmentUser ## Related Issue(s) - #490 ## Verification - [x] **Your** code builds clean without any errors or warnings - [ ] Manual testing done (required) - [ ] Relevant automated test added (if you find this hard, leave it and we'll help out) ## Documentation - [ ] Documentation is updated (either in `docs`-directory, Altinnpedia or a separate linked PR in [altinn-studio-docs.](https://github.com/Altinn/altinn-studio-docs), if applicable)

Minor code/comment cleaning 🧹 * Unused usings * Expression bodies * Trailing commas * Collection expressions * Remove unnecessary fields * Redundant namespace * Use const * Grammar

In order to support app instances in the Dialogporten, we need to be able to refer to apps as service resources ## Description This adds support for urn:altinn:app in dialog validator and Altinn auth helpers, and changes the Resource Registry client to use the "resourcelist" endpoint, which includes Altinn 3 apps (unfortunately this also includes Altinn 2 services, which baloons the response size considerably, but this is filtered before storing to cache). The Fusion cache settings has been changed to reflect this (ie. increasing factory timeouts). Yet to be fixed: - [x] ~~Handling of "ttd" services (the Digdir test organization). These contain an empty string as "organization" in the RR, where there usually is a organization number. Special code will be required to handle TTD service authorization and dialog.org population.~~ Moved to #663 - [x] ~~Handling of app instance delegations. Since app instance ids are a bit weird (has the form `{partyId}/{instanceId}`) we cannot just map the dialogId to `urn:altinn:instance-id` (like we do with resource id) as this will cause an exception in the PDP API. Preferably the PDP context handler should be able to deal with this, and map the missing partyId into the instance-id (since it needs to get the partyId for organizationnumbers/SSNs anyway)~~ Moved to #664 - [x] ~~Handling of resource constraints for app in the authorization requests for search. Currently we assume name of the resource to be unique, but an app-name may be reused between service owners.~~ Edit: we include the reserved `app_{org}_` prefix, avoiding this potential ambiguity. ## Related Issue(s) - #651 ## Verification - [x] **Your** code builds clean without any errors or warnings - [x] Manual testing done (required) - [x] Relevant automated test added (if you find this hard, leave it and we'll help out) ## Documentation - [ ] Documentation is updated (either in `docs`-directory, Altinnpedia or a separate linked PR in [altinn-studio-docs.](https://github.com/Altinn/altinn-studio-docs), if applicable)

## Description Ensure that we run all the jobs regardless if any files has changed when we do a manual dispatch of the workflows  ## Related Issue(s) - #{issue number} ## Verification - [ ] **Your** code builds clean without any errors or warnings - [ ] Manual testing done (required) - [ ] Relevant automated test added (if you find this hard, leave it and we'll help out) ## Documentation - [ ] Documentation is updated (either in `docs`-directory, Altinnpedia or a separate linked PR in [altinn-studio-docs.](https://github.com/Altinn/altinn-studio-docs), if applicable)

Adds [RedisInsight](https://redis.io/insight/) to the compose setup

## Description - Only run migrations if relevant files are changed - Run the deployment of apps regardless of if migration was run  ## Related Issue(s) - #{issue number} ## Verification - [ ] **Your** code builds clean without any errors or warnings - [ ] Manual testing done (required) - [ ] Relevant automated test added (if you find this hard, leave it and we'll help out) ## Documentation - [ ] Documentation is updated (either in `docs`-directory, Altinnpedia or a separate linked PR in [altinn-studio-docs.](https://github.com/Altinn/altinn-studio-docs), if applicable)

[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Update | Change | |---|---|---| | nginx | minor | `1.25.4` -> `1.26.0` | --- ### Configuration 📅 **Schedule**: Branch creation - "before 7am on Sunday,before 7am on Wednesday" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/digdir/dialogporten).  Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

## Description This adds a parties endpoint in the enduser-API, proxying requests to access-management and returning a custom DTO for all parties that the user has some sort of access relation to. ## Related Issue(s) - #660 ## Verification - [x] **Your** code builds clean without any errors or warnings - [x] Manual testing done (required) - [x] Relevant automated test added (if you find this hard, leave it and we'll help out) ## Documentation - [ ] Documentation is updated (either in `docs`-directory, Altinnpedia or a separate linked PR in [altinn-studio-docs.](https://github.com/Altinn/altinn-studio-docs), if applicable) --------- Co-authored-by: Ole Jørgen Skogstad <skogstad@softis.net>

…t to 03476e8 (#676) [![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [mcr.microsoft.com/dotnet/sdk](https://togithub.com/dotnet/sdk) | stage | digest | `7861b15` -> `03476e8` | --- ### Configuration 📅 **Schedule**: Branch creation - "before 7am on Sunday,before 7am on Wednesday" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/digdir/dialogporten).  Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [Azure.Identity](https://togithub.com/Azure/azure-sdk-for-net/blob/Azure.Identity_1.11.2/sdk/identity/Azure.Identity/README.md) ([source](https://togithub.com/Azure/azure-sdk-for-net)) | `1.11.1` -> `1.11.2` | [![age](https://developer.mend.io/api/mc/badges/age/nuget/Azure.Identity/1.11.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/nuget/Azure.Identity/1.11.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/nuget/Azure.Identity/1.11.1/1.11.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/nuget/Azure.Identity/1.11.1/1.11.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>Azure/azure-sdk-for-net (Azure.Identity)</summary> ### [`v1.11.2`](https://togithub.com/Azure/azure-sdk-for-net/releases/tag/Azure.Identity_1.11.2) ##### 1.11.2 (2024-04-19) ##### Bugs Fixed - Fixed an issue which caused claims to be incorrectly added to confidential client credentials such as `DeviceCodeCredential` [#43468](https://togithub.com/Azure/azure-sdk-for-net/issues/43468) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 7am on Sunday,before 7am on Wednesday" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/digdir/dialogporten).  Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

Adding tests for hash length on seen log, EndUser queries ## Description Making sure we don't leak un-hashed user IDs ## Related Issue(s) - #460 ## Verification - [x] **Your** code builds clean without any errors or warnings - [x] Manual testing done (required) - [x] Relevant automated test added (if you find this hard, leave it and we'll help out) ## Documentation - [ ] Documentation is updated (either in `docs`-directory, Altinnpedia or a separate linked PR in [altinn-studio-docs.](https://github.com/Altinn/altinn-studio-docs), if applicable)

Splits tests into folders for EndUser/ServiceOwner

Adding the same test as for EU, verifying user ID hashes length ## Related Issue(s) - #460 ## Verification - [x] **Your** code builds clean without any errors or warnings - [x] Manual testing done (required) - [x] Relevant automated test added (if you find this hard, leave it and we'll help out) ## Documentation - [ ] Documentation is updated (either in `docs`-directory, Altinnpedia or a separate linked PR in [altinn-studio-docs.](https://github.com/Altinn/altinn-studio-docs), if applicable)

## Description This adds e2e for "org"-filtering and add ExtendedStatus to the test data. This also fixes some clean up issues, making sure a test run purges all data it inserts. ## Related Issue(s) N/A ## Verification - [x] **Your** code builds clean without any errors or warnings - [x] Manual testing done (required)

## Description This fixes the handling of service resource values referring to Altinn apps so that they too use the same prefix as generic resources. The decision request helper now only checks for the reserved resource name prefix (`app_`) in order to determine how the XACML request should be constructed. ## Related Issue(s) - #681 ## Verification - [x] **Your** code builds clean without any errors or warnings - [x] Manual testing done (required) - [x] Relevant automated test added (if you find this hard, leave it and we'll help out) ## Documentation - [ ] Documentation is updated (either in `docs`-directory, Altinnpedia or a separate linked PR in [altinn-studio-docs.](https://github.com/Altinn/altinn-studio-docs), if applicable)

-Original file line number
+Diff line change
@@ -0,0 +1,83 @@
+    targetScope = 'resourceGroup'
+    @minLength(3)
+    param imageTag string
+    @minLength(3)
+    param environment string
+    @minLength(3)
+    param location string
+    @minLength(3)
+    @secure()
+    param containerAppEnvironmentName string
+    @minLength(3)
+    @secure()
+    param appInsightConnectionString string
+    @minLength(5)
+    @secure()
+    param appConfigurationName string
+    @minLength(3)
+    @secure()
+    param environmentKeyVaultName string
+    var namePrefix = 'dp-be-${environment}'
+    var baseImageUrl = 'ghcr.io/digdir/dialogporten-'
+    resource appConfiguration 'Microsoft.AppConfiguration/configurationStores@2023-03-01' existing = {
+      name: appConfigurationName
+    }
+    resource containerAppEnvironment 'Microsoft.App/managedEnvironments@2023-05-01' existing = {
+      name: containerAppEnvironmentName
+    }
+    var containerAppEnvVars = [
+      {
+        name: 'ASPNETCORE_ENVIRONMENT'
+        value: environment
+      }
+      {
+        name: 'APPLICATIONINSIGHTS_CONNECTION_STRING'
+        value: appInsightConnectionString
+      }
+      {
+        name: 'AZURE_APPCONFIG_URI'
+        value: appConfiguration.properties.endpoint
+      }
+    ]
+    resource environmentKeyVaultResource 'Microsoft.KeyVault/vaults@2023-07-01' existing = {
+      name: environmentKeyVaultName
+    }
+    var containerAppName = '${namePrefix}-graphql-ca'
+    module containerApp '../../modules/containerApp/main.bicep' = {
+      name: containerAppName
+      params: {
+        name: containerAppName
+        image: '${baseImageUrl}graphql:${imageTag}'
+        location: location
+        envVariables: containerAppEnvVars
+        containerAppEnvId: containerAppEnvironment.id
+      }
+    }
+    module keyVaultReaderAccessPolicy '../../modules/keyvault/addReaderRoles.bicep' = {
+      name: 'keyVaultReaderAccessPolicy-${containerAppName}'
+      params: {
+        keyvaultName: environmentKeyVaultResource.name
+        principalIds: [containerApp.outputs.identityPrincipalId]
+      }
+    }
+    module appConfigReaderAccessPolicy '../../modules/appConfiguration/addReaderRoles.bicep' = {
+      name: 'appConfigReaderAccessPolicy-${containerAppName}'
+      params: {
+        appConfigurationName: appConfigurationName
+        principalIds: [containerApp.outputs.identityPrincipalId]
+      }
+    }
+    output name string = containerApp.outputs.name
+    output revisionName string = containerApp.outputs.revisionName

-Original file line number
+Diff line change
@@ -0,0 +1,11 @@
+    using './main.bicep'
+    param environment = 'staging'
+    param location = 'norwayeast'
+    param imageTag = readEnvironmentVariable('IMAGE_TAG')
+    // secrets
+    param environmentKeyVaultName = readEnvironmentVariable('ENVIRONMENT_KEY_VAULT_NAME')
+    param containerAppEnvironmentName = readEnvironmentVariable('CONTAINER_APP_ENVIRONMENT_NAME')
+    param appInsightConnectionString = readEnvironmentVariable('APP_INSIGHTS_CONNECTION_STRING')
+    param appConfigurationName = readEnvironmentVariable('APP_CONFIGURATION_NAME')

-Original file line number
+Diff line change
@@ -0,0 +1,11 @@
+    using './main.bicep'
+    param environment = 'test'
+    param location = 'norwayeast'
+    param imageTag = readEnvironmentVariable('IMAGE_TAG')
+    // secrets
+    param environmentKeyVaultName = readEnvironmentVariable('ENVIRONMENT_KEY_VAULT_NAME')
+    param containerAppEnvironmentName = readEnvironmentVariable('CONTAINER_APP_ENVIRONMENT_NAME')
+    param appInsightConnectionString = readEnvironmentVariable('APP_INSIGHTS_CONNECTION_STRING')
+    param appConfigurationName = readEnvironmentVariable('APP_CONFIGURATION_NAME')

-Original file line number
+Diff line change
@@ @@ -7,7 +7,7 @@ type Sku = { @@
     }
     param sku Sku
-    resource appInsightsWorkspace 'Microsoft.OperationalInsights/workspaces@2022-10-01' = {
+    resource appInsightsWorkspace 'Microsoft.OperationalInsights/workspaces@2023-09-01' = {
         name: '${namePrefix}-insightsWorkspace'
         location: location
         properties: {

-Original file line number
+Diff line change
@@ @@ -3,7 +3,7 @@ param envVariables array = [] @@
     param port int = 8080
     param name string
     param image string
-    param apimIp string
+    param apimIp string?
     param containerAppEnvId string
@@ @@ -28,16 +28,20 @@ var probes = [ @@
       }
     ]
+    var ipSecurityRestrictions = empty(apimIp)
+      ? []
+      : [
+          {
+            name: 'apim'
+            action: 'Allow'
+            ipAddressRange: apimIp!
+          }
+        ]
     var ingress = {
       targetPort: port
       external: true
-      ipSecurityRestrictions: [
-        {
-          name: 'apim'
-          action: 'Allow'
-          ipAddressRange: apimIp
-        }
-      ]
+      ipSecurityRestrictions: ipSecurityRestrictions
     }
     resource containerApp 'Microsoft.App/containerApps@2023-05-01' = {

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Comparing changes

Open a pull request

Commits on Apr 10, 2024

Commits on Apr 12, 2024

Commits on Apr 16, 2024

Commits on Apr 17, 2024

Commits on Apr 18, 2024

Commits on Apr 19, 2024

Commits on Apr 20, 2024

Commits on Apr 22, 2024

Commits on Apr 23, 2024

Commits on Apr 24, 2024

Commits on Apr 25, 2024

Commits on Apr 26, 2024

Commits on Apr 28, 2024

Commits on Apr 29, 2024

Commits on Apr 30, 2024

There are no files selected for viewing

-Original file line number
+Diff line change
@@ @@ -3,7 +3,7 @@ param namePrefix string @@
     param appInsightWorkspaceName string
-    resource appInsightsWorkspace 'Microsoft.OperationalInsights/workspaces@2022-10-01' existing = {
+    resource appInsightsWorkspace 'Microsoft.OperationalInsights/workspaces@2023-09-01' existing = {
       name: appInsightWorkspaceName
     }

-Original file line number
+Diff line change
@@ -1,22 +1,22 @@
     ---
     name: Bug
-    about: Hvis du finner noe som ikke fungerer som det skal.
+    about: If you find something that is not working as it should.
     title: ''
     labels: bug
     assignees: ''
     ---
-    ### Beskrivelse
-    En kort og konsis beskrivelse av feilen
+    ### Description
+    A short and concise description of the error
-    ### Reproduksjon
-    Punktvise steg for å reprodusere feilen, med informasjon om hvilke requests som ble foretatt (URL-er med parametre, metoder, headers (ikke tokens!), inklusive evt DTO-er som ble brukt hvis POST/PUT/PATCH)
+    ### Reproduction
+    Step-by-step instructions to reproduce the error, with information about the requests that were made (URLs with parameters, methods, headers (no tokens!), including any DTOs used if POST/PUT/PATCH)
-    ### Forventet oppførsel
-    En kort og konsis beskrivelse av hva du forventet skulle skje
+    ### Expected behavior
+    A short and concise description of what you expected to happen
-    ### Faktisk oppførsel
-    En kort og konsis beskrivelse av hva som faktisk skjedde
+    ### Actual behavior
+    A short and concise description of what actually happened
-    ### Ytterligere informasjon
-    Hvis det er ytterligere kontekst som er relevant å ta med.
+    ### Additional information
+    If there is additional context that is relevant to include.

-Original file line number
+Diff line change
@@ -0,0 +1,35 @@
+    ---
+    name: New/change of functionality
+    about: New or changed functionality
+    title: ''
+    labels: ''
+    assignees: ''
+    projects: ['digdir/7']
+    ---
+    ### Introduction
+    A short and concise description of the functionality this issue addresses.
+    ### Description
+    A longer description that accounts for the need, and describes how the functionality should work in detail (in prose form, see also acceptance criteria).
+    If this is functionality that does not have a clear solution, tag the issue with `analysis`. The task list then consists of clarification questions.
+    ### Implementation
+    If there are guidelines on architecture or other implementation choices, they are added here. Different approaches can also be discussed here.
+    ```[tasklist]
+    ### Tasks
+    - [ ] Implementation tasks are added here
+    - [ ] Prepare documentation (if relevant - either update working document, or add a new file in `docs`)
+    - [ ] Add e2e-test (if relevant)
+    ```
+    ### Acceptance criteria
+    _GIVEN_ ...
+    _WHEN_ ....
+    _THEN_ ...
+    _GIVEN_ ...
+    _WHEN_ ....
+    _THEN_ ...

-Original file line number
+Diff line change
@@ @@ -12,6 +12,9 @@ on: @@
           hasSlackNotifierChanges:
             description: "Slack Notifier function related files changed"
             value: ${{ jobs.check-for-changes.outputs.hasSlackNotifierChanges }}
+          hasMigrationChanges:
+            description: "Migration related files changed"
+            value: ${{ jobs.check-for-changes.outputs.hasMigrationChanges }}
     jobs:
       check-for-changes:
         name: Filter
@@ @@ -20,7 +23,7 @@ jobs: @@
           hasBackendChanges: ${{ steps.filter.outputs.backend_any_changed == 'true' }}
           hasAzureChanges: ${{ steps.filter.outputs.azure_any_changed == 'true' }}
           hasSlackNotifierChanges: ${{ steps.filter.outputs.slackNotifier_any_changed == 'true'}}
+          hasMigrationChanges: ${{ steps.filter.outputs.migration_any_changed == 'true'}}
         steps:
           - name: Checkout
             uses: actions/checkout@v4
@@ @@ -43,3 +46,5 @@ jobs: @@
                 slackNotifier:
                   - '.github/**/*'
                   - 'src/Digdir.Tool.Dialogporten.SlackNotifier/**/*'
+                migration:
+                  - 'src/Digdir.Domain.Dialogporten.Infrastructure/Persistence/Migrations/**/*'

-Original file line number
+Diff line change
@@ @@ -37,6 +37,11 @@ on: @@
             description: "Current version to use as tag"
             required: true
             type: string
+          runMigration:
+            description: "If true, the migration job will be run."
+            required: false
+            type: boolean
+            default: false
     concurrency:
       # Existing runs are cancelled if someone repeatedly commits to their own Pull Request (PR). However, it does not stop others' dry runs or actual deployments from the main branch.
       # Also, the cancellation does not occur on merges to the main branch. Therefore, if multiple merges to main are performed simultaneously, they will just be queued up.
@@ @@ -47,6 +52,7 @@ jobs: @@
       deploy-migration-job:
         name: Deploy migration job to ${{ inputs.environment }}
         runs-on: ubuntu-latest
+        if: ${{ inputs.runMigration }}
         environment: ${{inputs.environment}}
         permissions:
           id-token: write
@@ @@ -56,7 +62,7 @@ jobs: @@
             uses: actions/checkout@v4
           - name: OIDC Login to Azure Public Cloud
-            uses: azure/login@v1
+            uses: azure/login@v2
             with:
               client-id: ${{ secrets.AZURE_CLIENT_ID }}
               tenant-id: ${{ secrets.AZURE_TENANT_ID }}
@@ @@ -108,13 +114,16 @@ jobs: @@
       deploy-apps:
         name: Deploy ${{ matrix.name }} to ${{ inputs.environment }}
         runs-on: ubuntu-latest
+        # Should run even though the migration job was skipped
+        if: ${{ always() && !failure() && !cancelled() }}
         needs: deploy-migration-job
         strategy:
           fail-fast: true
           matrix:
             include:
               - name: web-api-eu
               - name: web-api-so
+              - name: graphql
         environment: ${{ inputs.environment }}
         permissions:
           id-token: write

-Original file line number
+Diff line change
@@ @@ -27,6 +27,8 @@ jobs: @@
             include:
               - dockerfile: ./src/Digdir.Domain.Dialogporten.WebApi/Dockerfile
                 imageName: webapi
+              - dockerfile: ./src/Digdir.Domain.Dialogporten.GraphQL/Dockerfile
+                imageName: graphql
               - dockerfile: ./src/Digdir.Domain.Dialogporten.Service/Dockerfile
                 imageName: service
               - dockerfile: ./src/Digdir.Domain.Dialogporten.ChangeDataCapture/Dockerfile