initial infrastructure

.github/workflows/infra-cd-template.yml

@@ -0,0 +1,57 @@
+name: infra-cd-template.yml
+
+on:
+  workflow_call:
+    inputs:
+      environment:
+        type: string
+        description: GitHub environment
+        required: true
+      tf_state:
+        type: string
+        description: Name of the Terraform state file
+        required: true
+      working_dir:
+        type: string
+        description: Name of the working directory
+        required: true
+
+permissions:
+  id-token: write
+  contents: read
+  pull-requests: write
+
+jobs:
+  plan:
+    name: Plan
+    secrets: inherit
+    uses: ./.github/workflows/infra-plan-template.yml
+    with:
+      environment: ${{ inputs.environment }}
+      tf_state: ${{ inputs.tf_state }}
+      working_dir: ${{ inputs.working_dir }}
+
+  apply:
+    name: Deploy
+    runs-on: ubuntu-latest
+    environment: ${{ inputs.environment }}
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v4
+
+      - name: Terraform Set TFVARS
+        run: echo "TF_VARS_FILE=$(echo ${{ inputs.environment }} | tr '[:upper:]' '[:lower:]').tfvars" >> $GITHUB_ENV
+
+      - name: Terraform Initialize
+        uses: altinn/altinn-platform/actions/terraform/plan@main
+        with:
+          working_directory: ${{ inputs.working_dir }}
+          oidc_type: environment
+          oidc_value: ${{ inputs.environment }}
+
+          arm_client_id: ${{ vars.ARM_CLIENT_ID }}
+          arm_subscription_id: ${{ vars.ARM_SUBSCRIPTION_ID }}
+
+          tf_state_name: ${{ inputs.tf_state }}
+          tf_args: -var environment=${{ inputs.environment }} -var-file=${{ env.TF_VARS_FILE }}
+          gh_token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/infra-cd.yml

@@ -0,0 +1,41 @@
+name: Infra CD
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - infra/**
+      - .github/workflows/infra-*
+
+permissions:
+  id-token: write
+  contents: read
+  pull-requests: write
+
+jobs:
+  cert:
+    name: Cert
+    secrets: inherit
+    strategy:
+      fail-fast: false
+      matrix:
+        environment: [at22, at23, at24]
+    uses: ./.github/workflows/infra-cd-template.yml
+    with:
+      environment: ${{ matrix.environment }}
+      tf_state: cert.tfstate
+      working_dir: infra/deploy/cert
+
+  auth:
+    name: Auth
+    secrets: inherit
+    strategy:
+      fail-fast: false
+      matrix:
+        environment: [at22, at23, at24]
+    uses: ./.github/workflows/infra-cd-template.yml
+    with:
+      environment: ${{ matrix.environment }}
+      tf_state: auth.tfstate
+      working_dir: infra/deploy/auth

.github/workflows/infra-plan-template.yml → .github/workflows/infra-ci-template.yml

@@ -1,4 +1,4 @@
-name: Infra Plan Template
+name: infra-ci-template.yml
 
 on:
   workflow_call:
@@ -23,6 +23,7 @@ permissions:
 
 jobs:
   plan:
+    name: Plan
     runs-on: ubuntu-latest
     environment: ${{ inputs.environment }}
     steps:

.github/workflows/infra-ci.yml

@@ -0,0 +1,33 @@
+name: Infra CI
+
+on:
+  push:
+    branches-ignore:
+      - main
+    paths:
+      - infra/**
+      - .github/workflows/infra-*
+
+permissions:
+  id-token: write
+  contents: read
+  pull-requests: write
+
+jobs:
+  cert:
+    name: AT21
+    secrets: inherit
+    uses: ./.github/workflows/infra-ci-template.yml
+    with:
+      environment: AT21
+      tf_state: cert.tfstate
+      working_dir: infra/deploy/cert
+
+  auth:
+    name: AT21
+    secrets: inherit
+    uses: ./.github/workflows/infra-ci-template.yml
+    with:
+      environment: AT21
+      tf_state: auth.tfstate
+      working_dir: infra/deploy/auth

infra/deploy/auth/at21.tfvars

@@ -0,0 +1,9 @@
+environment                      = "at21"
+cidr                             = "10.202.0.0/20"
+api_domain                       = "auth.api.at21.altinn.cloud"
+instance                         = "001"
+is_prod_like                     = false
+cert_keyvault_name               = "kvaltinnauthcert001at21"
+cert_resource_group_name         = "rgcert001at21"
+cert_user_assigned_identity_name = "micert001at21"
+domain                           = "altinn.cloud"

infra/deploy/auth/at22.tfvars

@@ -0,0 +1,9 @@
+environment                      = "at22"
+cidr                             = "10.202.0.0/20"
+api_domain                       = "auth.api.at22.altinn.cloud"
+instance                         = "001"
+is_prod_like                     = false
+cert_keyvault_name               = "kvaltinnauthcert001at22"
+cert_resource_group_name         = "rgcert001at22"
+cert_user_assigned_identity_name = "micert001at22"
+domain                           = "altinn.cloud"

infra/deploy/auth/at23.tfvars

@@ -0,0 +1,9 @@
+environment                      = "at23"
+cidr                             = "10.202.0.0/20"
+api_domain                       = "auth.api.at22.altinn.cloud"
+instance                         = "001"
+is_prod_like                     = false
+cert_keyvault_name               = "kvaltinnauthcert001at23"
+cert_resource_group_name         = "rgcert001at23"
+cert_user_assigned_identity_name = "micert001at23"
+domain                           = "altinn.cloud"

infra/deploy/auth/at24.tfvars

@@ -0,0 +1,9 @@
+environment                      = "at24"
+cidr                             = "10.202.0.0/20"
+api_domain                       = "auth.api.at24.altinn.cloud"
+instance                         = "001"
+is_prod_like                     = false
+cert_keyvault_name               = "kvaltinnauthcert001at24"
+cert_resource_group_name         = "rgcert001at24"
+cert_user_assigned_identity_name = "micert001at24"
+domain                           = "altinn.cloud"