feat(infrastructure): create new yt01 app environment

.azure/applications/graphql/yt01.bicepparam

@@ -0,0 +1,13 @@
+using './main.bicep'
+
+param environment = 'yt01'
+param location = 'norwayeast'
+param apimIp = '51.13.86.131' // todo: replace with APIM IP for YT
+param imageTag = readEnvironmentVariable('IMAGE_TAG')
+param revisionSuffix = readEnvironmentVariable('REVISION_SUFFIX')
+
+// secrets
+param environmentKeyVaultName = readEnvironmentVariable('AZURE_ENVIRONMENT_KEY_VAULT_NAME')
+param containerAppEnvironmentName = readEnvironmentVariable('AZURE_CONTAINER_APP_ENVIRONMENT_NAME')
+param appInsightConnectionString = readEnvironmentVariable('AZURE_APP_INSIGHTS_CONNECTION_STRING')
+param appConfigurationName = readEnvironmentVariable('AZURE_APP_CONFIGURATION_NAME')

.azure/applications/sync-subject-resource-mappings-job/yt01.bicepparam

@@ -0,0 +1,11 @@
+using './main.bicep'
+
+param environment = 'yt01'
+param location = 'norwayeast'
+param imageTag = readEnvironmentVariable('IMAGE_TAG')
+param jobSchedule = '*/5 * * * *' // Runs every 5 minutes
+
+//secrets
+param containerAppEnvironmentName = readEnvironmentVariable('AZURE_CONTAINER_APP_ENVIRONMENT_NAME')
+param environmentKeyVaultName = readEnvironmentVariable('AZURE_ENVIRONMENT_KEY_VAULT_NAME')
+param appInsightConnectionString = readEnvironmentVariable('AZURE_APP_INSIGHTS_CONNECTION_STRING')

.azure/applications/web-api-eu/yt01.bicepparam

@@ -0,0 +1,13 @@
+using './main.bicep'
+
+param environment = 'yt01'
+param location = 'norwayeast'
+param apimIp = '51.13.86.131' // todo: replace with APIM IP for YT
+param imageTag = readEnvironmentVariable('IMAGE_TAG')
+param revisionSuffix = readEnvironmentVariable('REVISION_SUFFIX')
+
+// secrets
+param environmentKeyVaultName = readEnvironmentVariable('AZURE_ENVIRONMENT_KEY_VAULT_NAME')
+param containerAppEnvironmentName = readEnvironmentVariable('AZURE_CONTAINER_APP_ENVIRONMENT_NAME')
+param appInsightConnectionString = readEnvironmentVariable('AZURE_APP_INSIGHTS_CONNECTION_STRING')
+param appConfigurationName = readEnvironmentVariable('AZURE_APP_CONFIGURATION_NAME')

.azure/applications/web-api-migration-job/yt01.bicepparam

@@ -0,0 +1,9 @@
+using './main.bicep'
+
+param environment = 'yt01'
+param location = 'norwayeast'
+param imageTag = readEnvironmentVariable('IMAGE_TAG')
+
+//secrets
+param containerAppEnvironmentName = readEnvironmentVariable('AZURE_CONTAINER_APP_ENVIRONMENT_NAME')
+param environmentKeyVaultName = readEnvironmentVariable('AZURE_ENVIRONMENT_KEY_VAULT_NAME')

.azure/applications/web-api-so/yt01.bicepparam

@@ -0,0 +1,13 @@
+using './main.bicep'
+
+param environment = 'yt01'
+param location = 'norwayeast'
+param apimIp = '51.13.86.131' // todo: replace with APIM IP for YT
+param imageTag = readEnvironmentVariable('IMAGE_TAG')
+param revisionSuffix = readEnvironmentVariable('REVISION_SUFFIX')
+
+// secrets
+param environmentKeyVaultName = readEnvironmentVariable('AZURE_ENVIRONMENT_KEY_VAULT_NAME')
+param containerAppEnvironmentName = readEnvironmentVariable('AZURE_CONTAINER_APP_ENVIRONMENT_NAME')
+param appInsightConnectionString = readEnvironmentVariable('AZURE_APP_INSIGHTS_CONNECTION_STRING')
+param appConfigurationName = readEnvironmentVariable('AZURE_APP_CONFIGURATION_NAME')

.azure/infrastructure/soak.bicepparam → .azure/infrastructure/yt01.bicepparam

@@ -1,6 +1,6 @@
 using './main.bicep'
 
-param environment = 'soak'
+param environment = 'yt01'
 param location = 'norwayeast'
 param keyVaultSourceKeys = json(readEnvironmentVariable('AZURE_KEY_VAULT_SOURCE_KEYS'))
 
@@ -45,6 +45,5 @@ param serviceBusSku = {
   tier: 'Premium'
   capacity: 1
 }
-
 // Altinn Product Dialogporten: Developers Dev
 param sshJumperAdminLoginGroupObjectId = 'c12e51e3-5cbd-4229-8a31-5394c423fb5f'

.github/workflows/ci-cd-yt01.yml

@@ -0,0 +1,121 @@
+name: CI/CD YT01
+
+on:
+  workflow_dispatch:
+  push:
+    tags:
+      - "v*.*.*"
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref_name }}
+
+jobs:
+  # Get changed files between previous tag and current tag: https://github.com/marketplace/actions/changed-files
+  check-for-changes:
+    name: Check for changes
+    uses: ./.github/workflows/workflow-check-for-changes.yml
+
+  get-current-version:
+    name: Get current version
+    uses: ./.github/workflows/workflow-get-current-version.yml
+
+  publish:
+    name: Build and publish docker images
+    uses: ./.github/workflows/workflow-publish.yml
+    if: ${{ github.event_name == 'workflow_dispatch' || needs.check-for-changes.outputs.hasBackendChanges == 'true' }}
+    needs: [get-current-version, check-for-changes]
+    secrets:
+      GCR_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
+    with:
+      dockerImageBaseName: ghcr.io/digdir/dialogporten-
+      version: ${{ needs.get-current-version.outputs.version }}
+
+  deploy-infra:
+    name: Deploy infra to yt01
+    if: ${{ github.event_name == 'workflow_dispatch' || needs.check-for-changes.outputs.hasAzureChanges == 'true' }}
+    needs: [get-current-version, check-for-changes]
+    uses: ./.github/workflows/workflow-deploy-infra.yml
+    secrets:
+      AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
+      AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
+      AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+      AZURE_SOURCE_KEY_VAULT_NAME: ${{ secrets.AZURE_SOURCE_KEY_VAULT_NAME }}
+      AZURE_SOURCE_KEY_VAULT_SUBSCRIPTION_ID: ${{ secrets.AZURE_SOURCE_KEY_VAULT_SUBSCRIPTION_ID }}
+      AZURE_SOURCE_KEY_VAULT_RESOURCE_GROUP: ${{ secrets.AZURE_SOURCE_KEY_VAULT_RESOURCE_GROUP }}
+      AZURE_SOURCE_KEY_VAULT_SSH_JUMPER_SSH_PUBLIC_KEY: ${{ secrets.AZURE_SOURCE_KEY_VAULT_SSH_JUMPER_SSH_PUBLIC_KEY }}
+    with:
+      environment: yt01
+      region: norwayeast
+      version: ${{ needs.get-current-version.outputs.version }}
+
+  deploy-apps:
+    name: Deploy apps to yt01
+    needs:
+      [get-current-version, check-for-changes, deploy-infra, publish]
+    # we want deployment of apps to be dependent on deployment of infrastructure, but if infrastructure is skipped, we still want to deploy the apps
+    if: ${{ always() && !failure() && !cancelled() && (github.event_name == 'workflow_dispatch' || needs.check-for-changes.outputs.hasBackendChanges == 'true') }}
+    uses: ./.github/workflows/workflow-deploy-apps.yml
+    secrets:
+      AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
+      AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
+      AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+      # todo: consider resolving these in another way since they are created in the infra-step
+      AZURE_RESOURCE_GROUP_NAME: ${{ secrets.AZURE_RESOURCE_GROUP_NAME }}
+      AZURE_ENVIRONMENT_KEY_VAULT_NAME: ${{ secrets.AZURE_ENVIRONMENT_KEY_VAULT_NAME }}
+      AZURE_CONTAINER_APP_ENVIRONMENT_NAME: ${{ secrets.AZURE_CONTAINER_APP_ENVIRONMENT_NAME }}
+      AZURE_APP_INSIGHTS_CONNECTION_STRING: ${{ secrets.AZURE_APP_INSIGHTS_CONNECTION_STRING }}
+      AZURE_APP_CONFIGURATION_NAME: ${{ secrets.AZURE_APP_CONFIGURATION_NAME }}
+    with:
+      environment: yt01
+      region: norwayeast
+      version: ${{ needs.get-current-version.outputs.version }}
+      runMigration: ${{ github.event_name == 'workflow_dispatch' || needs.check-for-changes.outputs.hasMigrationChanges == 'true' }}
+
+  deploy-slack-notifier:
+    name: Deploy slack notifier (yt01)
+    needs: [check-for-changes]
+    if: ${{ github.event_name == 'workflow_dispatch' || needs.check-for-changes.outputs.hasSlackNotifierChanges == 'true' }}
+    uses: ./.github/workflows/workflow-deploy-function.yml
+    secrets:
+      AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
+      AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
+      AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+      # todo: resolve this automatically, or use tags
+      AZURE_FUNCTION_APP_NAME: ${{ secrets.AZURE_SLACK_NOTIFIER_FUNCTION_APP_NAME }}
+    with:
+      function-app-name: "slack-notifier"
+      function-project-path: "./src/Digdir.Tool.Dialogporten.SlackNotifier"
+      environment: yt01
+
+  run-e2e-tests:
+    name: "Run K6 functional end-to-end tests"
+    # we want the end-to-end tests to be dependent on deployment of infrastructure and apps, but if infrastructure is skipped, we still want to run the tests
+    if: ${{ always() && !failure() && !cancelled() && (github.event_name == 'workflow_dispatch' || needs.check-for-changes.outputs.hasBackendChanges == 'true') }}
+    needs: [deploy-apps, check-for-changes]
+    uses: ./.github/workflows/workflow-run-k6-tests.yml
+    secrets:
+      TOKEN_GENERATOR_USERNAME: ${{ secrets.TOKEN_GENERATOR_USERNAME }}
+      TOKEN_GENERATOR_PASSWORD: ${{ secrets.TOKEN_GENERATOR_PASSWORD }}
+    with:
+      environment: yt01
+      apiVersion: v1
+      testSuitePath: tests/k6/suites/all-single-pass.js
+    permissions:
+      checks: write
+      pull-requests: write
+
+  send-slack-message-on-failure:
+    name: Send Slack message on failure
+    needs: [deploy-infra, deploy-apps, deploy-slack-notifier, run-e2e-tests, publish]
+    if: ${{ always() && failure() && !cancelled() }}
+    uses: ./.github/workflows/workflow-send-ci-cd-status-slack-message.yml
+    with:
+      environment: yt01
+      infra_status: ${{ needs.deploy-infra.result }}
+      apps_status: ${{ needs.deploy-apps.result }}
+      slack_notifier_status: ${{ needs.deploy-slack-notifier.result }}
+      e2e_tests_status: ${{ needs.run-e2e-tests.result }}
+      publish_status: ${{ needs.publish.result }}
+    secrets:
+      SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}
+      SLACK_CHANNEL_ID: ${{ secrets.SLACK_CHANNEL_ID_FOR_CI_CD_STATUS }}

.github/workflows/dispatch-apps.yml

@@ -10,6 +10,7 @@ on:
         type: choice
         options:
           - test
+          - yt01
           - staging
           - prod
       version:

.github/workflows/dispatch-infrastructure.yml

@@ -10,6 +10,7 @@ on:
         type: choice
         options:
           - test
+          - yt01
           - staging
           - prod
       version: