From 34f6a9c5a2ff46107fae47d2d90ca4966e16cd93 Mon Sep 17 00:00:00 2001 From: Christian Calabrese Date: Tue, 16 Jun 2026 11:09:24 +0200 Subject: [PATCH 1/5] Configure Docker release for project targets Set project-level Docker release metadata and align Docker build target options for repositories that use package.json and project.json. --- apps/dx-metrics-import/package.json | 19 +++++++++++++++++++ apps/dx-metrics/package.json | 19 +++++++++++++++++++ apps/mcpserver/Dockerfile | 4 ++-- apps/mcpserver/package.json | 12 ++++++++++++ containers/self-hosted-runner/project.json | 8 ++++++++ .../tests/apps/all_scenarios/project.json | 6 +++++- .../tests/apps/network_access/project.json | 6 +++++- .../tests/apps/blob_rbac_probe/project.json | 11 +++++++++-- 8 files changed, 79 insertions(+), 6 deletions(-) diff --git a/apps/dx-metrics-import/package.json b/apps/dx-metrics-import/package.json index f17c8390e0..01dac8798e 100644 --- a/apps/dx-metrics-import/package.json +++ b/apps/dx-metrics-import/package.json @@ -36,5 +36,24 @@ "tsx": "catalog:", "typescript": "catalog:", "vitest": "catalog:" + }, + "nx": { + "targets": { + "docker:build": { + "options": { + "env": { + "DOCKER_BUILD_PLATFORMS": "linux/arm64" + } + } + }, + "nx-release-publish": { + "executor": "nx:run-commands" + } + }, + "release": { + "docker": { + "repositoryName": "pagopa/dx-metrics-import" + } + } } } diff --git a/apps/dx-metrics/package.json b/apps/dx-metrics/package.json index c9e0a1e3eb..317e0b77f9 100644 --- a/apps/dx-metrics/package.json +++ b/apps/dx-metrics/package.json @@ -35,5 +35,24 @@ "tailwindcss": "^4.2.4", "typescript": "catalog:", "vitest": "catalog:" + }, + "nx": { + "targets": { + "docker:build": { + "options": { + "env": { + "DOCKER_BUILD_PLATFORMS": "linux/arm64" + } + } + }, + "nx-release-publish": { + "executor": "nx:run-commands" + } + }, + "release": { + "docker": { + "repositoryName": "pagopa/dx-metrics" + } + } } } diff --git a/apps/mcpserver/Dockerfile b/apps/mcpserver/Dockerfile index 5c3c448d10..722366940c 100644 --- a/apps/mcpserver/Dockerfile +++ b/apps/mcpserver/Dockerfile @@ -1,4 +1,4 @@ -FROM public.ecr.aws/docker/library/node:24-alpine@sha256:2bdb65ed1dab192432bc31c95f94155ca5ad7fc1392fb7eb7526ab682fa5bf14 AS base +FROM --platform=$BUILDPLATFORM public.ecr.aws/docker/library/node:24-alpine@sha256:2bdb65ed1dab192432bc31c95f94155ca5ad7fc1392fb7eb7526ab682fa5bf14 AS base # 1. Enable pnpm RUN corepack enable @@ -15,7 +15,7 @@ COPY ./packages ./packages # 5. Install ALL dependencies for mcpserver and its workspace dependencies RUN pnpm install --filter @pagopa/dx-mcpserver... # 6. Build the mcpserver app -RUN pnpm nx build @pagopa/dx-mcpserver +RUN NX_DAEMON=false pnpm nx build @pagopa/dx-mcpserver # 7. Prune development-only dependencies for the final image RUN pnpm --filter @pagopa/dx-mcpserver deploy --legacy --prod /app/deploy diff --git a/apps/mcpserver/package.json b/apps/mcpserver/package.json index 3dd714bace..647acd6f68 100644 --- a/apps/mcpserver/package.json +++ b/apps/mcpserver/package.json @@ -45,5 +45,17 @@ "format": "prettier --write .", "format:check": "prettier --check .", "version": "node ./scripts/generate-server-manifest.js" + }, + "nx": { + "targets": { + "nx-release-publish": { + "executor": "nx:run-commands" + } + }, + "release": { + "docker": { + "repositoryName": "pagopa/dx-mcpserver" + } + } } } diff --git a/containers/self-hosted-runner/project.json b/containers/self-hosted-runner/project.json index fe11d363ea..fc274af719 100644 --- a/containers/self-hosted-runner/project.json +++ b/containers/self-hosted-runner/project.json @@ -2,8 +2,16 @@ "$schema": "../../node_modules/nx/schemas/project-schema.json", "name": "self-hosted-runner", "targets": { + "nx-release-publish": { + "executor": "nx:run-commands" + }, "docker:build": { "options": { + "cwd": "containers/self-hosted-runner", + "args": [ + "--tag containers-self-hosted-runner", + "-f Dockerfile" + ], "platform": "linux/amd64" } } diff --git a/infra/modules/azure_app_configuration/tests/apps/all_scenarios/project.json b/infra/modules/azure_app_configuration/tests/apps/all_scenarios/project.json index a4a99d2208..54ac04d72e 100644 --- a/infra/modules/azure_app_configuration/tests/apps/all_scenarios/project.json +++ b/infra/modules/azure_app_configuration/tests/apps/all_scenarios/project.json @@ -5,9 +5,13 @@ "description": "Simple application for Terraform E2E tests, which exposes endpoints to test connectivity and integration with App Configuration", "private": true, "targets": { + "nx-release-publish": { + "executor": "nx:run-commands" + }, "docker:build": { + "command": "docker build -f ../Dockerfile {args} .", "options": { - "platform": "linux/amd64,linux/arm64" + "cwd": "infra/modules/azure_app_configuration/tests/apps/all_scenarios/src" } }, "docker:run": { diff --git a/infra/modules/azure_cosmos_account/tests/apps/network_access/project.json b/infra/modules/azure_cosmos_account/tests/apps/network_access/project.json index 532b68bc71..910d701afb 100644 --- a/infra/modules/azure_cosmos_account/tests/apps/network_access/project.json +++ b/infra/modules/azure_cosmos_account/tests/apps/network_access/project.json @@ -5,9 +5,13 @@ "description": "Simple application for Terraform E2E tests, which exposes a single HTTP endpoint to test connectivity to Cosmos DB", "private": true, "targets": { + "nx-release-publish": { + "executor": "nx:run-commands" + }, "docker:build": { + "command": "docker build -f ../Dockerfile {args} .", "options": { - "platform": "linux/amd64,linux/arm64" + "cwd": "infra/modules/azure_cosmos_account/tests/apps/network_access/src" } }, "docker:run": { diff --git a/infra/modules/azure_merge_roles/tests/apps/blob_rbac_probe/project.json b/infra/modules/azure_merge_roles/tests/apps/blob_rbac_probe/project.json index 6dc72e69c8..772bb9f759 100644 --- a/infra/modules/azure_merge_roles/tests/apps/blob_rbac_probe/project.json +++ b/infra/modules/azure_merge_roles/tests/apps/blob_rbac_probe/project.json @@ -5,9 +5,16 @@ "description": "Simple application for Terraform E2E tests, exposing a single HTTP endpoint to verify merged Blob RBAC permissions with managed identity", "private": true, "targets": { + "nx-release-publish": { + "executor": "nx:run-commands" + }, "docker:build": { "options": { - "platform": "linux/amd64,linux/arm64" + "cwd": "infra/modules/azure_merge_roles/tests/apps/blob_rbac_probe", + "args": [ + "--tag infra-modules-azure_merge_roles-tests-apps-blob_rbac_probe", + "-f Dockerfile" + ] } }, "docker:run": { @@ -16,4 +23,4 @@ } } } -} \ No newline at end of file +} From 7a51a11e421631b428d149c8879d18bda51b7747 Mon Sep 17 00:00:00 2001 From: Christian Calabrese Date: Wed, 17 Jun 2026 14:06:35 +0200 Subject: [PATCH 2/5] Define Docker publish command per project --- apps/dx-metrics-import/package.json | 5 ++++- apps/dx-metrics/package.json | 5 ++++- apps/mcpserver/package.json | 5 ++++- containers/self-hosted-runner/project.json | 5 ++++- .../tests/apps/all_scenarios/project.json | 5 ++++- .../tests/apps/network_access/project.json | 5 ++++- .../tests/apps/blob_rbac_probe/project.json | 5 ++++- 7 files changed, 28 insertions(+), 7 deletions(-) diff --git a/apps/dx-metrics-import/package.json b/apps/dx-metrics-import/package.json index 01dac8798e..e737991416 100644 --- a/apps/dx-metrics-import/package.json +++ b/apps/dx-metrics-import/package.json @@ -47,7 +47,10 @@ } }, "nx-release-publish": { - "executor": "nx:run-commands" + "executor": "nx:run-commands", + "options": { + "command": "pnpm --filter @pagopa/nx-docker-release-tools exec dx-docker-release-publish-with-latest --project-root {projectRoot}" + } } }, "release": { diff --git a/apps/dx-metrics/package.json b/apps/dx-metrics/package.json index 317e0b77f9..842656c570 100644 --- a/apps/dx-metrics/package.json +++ b/apps/dx-metrics/package.json @@ -46,7 +46,10 @@ } }, "nx-release-publish": { - "executor": "nx:run-commands" + "executor": "nx:run-commands", + "options": { + "command": "pnpm --filter @pagopa/nx-docker-release-tools exec dx-docker-release-publish-with-latest --project-root {projectRoot}" + } } }, "release": { diff --git a/apps/mcpserver/package.json b/apps/mcpserver/package.json index 647acd6f68..be623f05c9 100644 --- a/apps/mcpserver/package.json +++ b/apps/mcpserver/package.json @@ -49,7 +49,10 @@ "nx": { "targets": { "nx-release-publish": { - "executor": "nx:run-commands" + "executor": "nx:run-commands", + "options": { + "command": "pnpm --filter @pagopa/nx-docker-release-tools exec dx-docker-release-publish-with-latest --project-root {projectRoot}" + } } }, "release": { diff --git a/containers/self-hosted-runner/project.json b/containers/self-hosted-runner/project.json index fc274af719..6b26776a68 100644 --- a/containers/self-hosted-runner/project.json +++ b/containers/self-hosted-runner/project.json @@ -3,7 +3,10 @@ "name": "self-hosted-runner", "targets": { "nx-release-publish": { - "executor": "nx:run-commands" + "executor": "nx:run-commands", + "options": { + "command": "pnpm --filter @pagopa/nx-docker-release-tools exec dx-docker-release-publish-with-latest --project-root {projectRoot}" + } }, "docker:build": { "options": { diff --git a/infra/modules/azure_app_configuration/tests/apps/all_scenarios/project.json b/infra/modules/azure_app_configuration/tests/apps/all_scenarios/project.json index 54ac04d72e..5eb5a39a87 100644 --- a/infra/modules/azure_app_configuration/tests/apps/all_scenarios/project.json +++ b/infra/modules/azure_app_configuration/tests/apps/all_scenarios/project.json @@ -6,7 +6,10 @@ "private": true, "targets": { "nx-release-publish": { - "executor": "nx:run-commands" + "executor": "nx:run-commands", + "options": { + "command": "pnpm --filter @pagopa/nx-docker-release-tools exec dx-docker-release-publish-with-latest --project-root {projectRoot}" + } }, "docker:build": { "command": "docker build -f ../Dockerfile {args} .", diff --git a/infra/modules/azure_cosmos_account/tests/apps/network_access/project.json b/infra/modules/azure_cosmos_account/tests/apps/network_access/project.json index 910d701afb..74aa9cdd5b 100644 --- a/infra/modules/azure_cosmos_account/tests/apps/network_access/project.json +++ b/infra/modules/azure_cosmos_account/tests/apps/network_access/project.json @@ -6,7 +6,10 @@ "private": true, "targets": { "nx-release-publish": { - "executor": "nx:run-commands" + "executor": "nx:run-commands", + "options": { + "command": "pnpm --filter @pagopa/nx-docker-release-tools exec dx-docker-release-publish-with-latest --project-root {projectRoot}" + } }, "docker:build": { "command": "docker build -f ../Dockerfile {args} .", diff --git a/infra/modules/azure_merge_roles/tests/apps/blob_rbac_probe/project.json b/infra/modules/azure_merge_roles/tests/apps/blob_rbac_probe/project.json index 772bb9f759..d99ff655b1 100644 --- a/infra/modules/azure_merge_roles/tests/apps/blob_rbac_probe/project.json +++ b/infra/modules/azure_merge_roles/tests/apps/blob_rbac_probe/project.json @@ -6,7 +6,10 @@ "private": true, "targets": { "nx-release-publish": { - "executor": "nx:run-commands" + "executor": "nx:run-commands", + "options": { + "command": "pnpm --filter @pagopa/nx-docker-release-tools exec dx-docker-release-publish-with-latest --project-root {projectRoot}" + } }, "docker:build": { "options": { From e53a6a3a0e3c0ee83b2d0a6158cd3ca492dc4fb3 Mon Sep 17 00:00:00 2001 From: Christian Calabrese Date: Wed, 17 Jun 2026 14:25:07 +0200 Subject: [PATCH 3/5] Align deployment workflows with Nx docker image configuration --- .../_release-docker-dx-metrics-import-v1.yaml | 16 +++++++++++- .../_release-docker-dx-metrics-v1.yaml | 26 ++++++++++++++++++- .../_release-docker-e2e-appconfiguration.yaml | 20 ++++++++++---- ...ocker-e2e-azure-merge-roles-blob-rbac.yaml | 19 +++++++++++--- ...lease-docker-e2e-cosmos-networkaccess.yaml | 20 ++++++++++---- ...idate-docker-e2e-cosmos-networkaccess.yaml | 18 ++++++++++--- .../release-azure-containerapp-v1.yaml | 11 +++++++- .../tests/apps/all_scenarios/project.json | 5 ++++ .../tests/apps/network_access/project.json | 5 ++++ .../tests/apps/blob_rbac_probe/project.json | 5 ++++ 10 files changed, 125 insertions(+), 20 deletions(-) diff --git a/.github/workflows/_release-docker-dx-metrics-import-v1.yaml b/.github/workflows/_release-docker-dx-metrics-import-v1.yaml index b667131456..24352f808e 100644 --- a/.github/workflows/_release-docker-dx-metrics-import-v1.yaml +++ b/.github/workflows/_release-docker-dx-metrics-import-v1.yaml @@ -26,6 +26,20 @@ jobs: - name: Checkout uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - name: Resolve Docker image name from Nx config + id: image_name + shell: bash + run: | + set -euo pipefail + + image_name=$(jq -r '.nx.release.docker.repositoryName // empty' apps/dx-metrics-import/package.json) + if [[ -z "$image_name" ]]; then + echo "::error::Missing nx.release.docker.repositoryName in apps/dx-metrics-import/package.json" + exit 1 + fi + + echo "image_name=$image_name" >> "$GITHUB_OUTPUT" + - name: Docker Build and Push uses: pagopa/dx/actions/docker-build-push@main env: @@ -33,7 +47,7 @@ jobs: with: dockerfile_path: ./apps/dx-metrics-import/Dockerfile dockerfile_context: . - docker_image_name: pagopa/dx-metrics-import + docker_image_name: ${{ steps.image_name.outputs.image_name }} docker_image_description: "Scheduled import job for the DX Metrics portal. Fetches GitHub engineering metrics and writes them to PostgreSQL." docker_image_authors: PagoPA build_platforms: linux/amd64 diff --git a/.github/workflows/_release-docker-dx-metrics-v1.yaml b/.github/workflows/_release-docker-dx-metrics-v1.yaml index 3a1874d7d7..2e2e03c9ba 100644 --- a/.github/workflows/_release-docker-dx-metrics-v1.yaml +++ b/.github/workflows/_release-docker-dx-metrics-v1.yaml @@ -16,8 +16,32 @@ permissions: attestations: write jobs: + resolve-image-name: + name: Resolve Docker Image Name + runs-on: ubuntu-latest + outputs: + image_name: ${{ steps.image_name.outputs.image_name }} + steps: + - name: Checkout + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + + - name: Resolve Docker image name from Nx config + id: image_name + shell: bash + run: | + set -euo pipefail + + image_name=$(jq -r '.nx.release.docker.repositoryName // empty' apps/dx-metrics/package.json) + if [[ -z "$image_name" ]]; then + echo "::error::Missing nx.release.docker.repositoryName in apps/dx-metrics/package.json" + exit 1 + fi + + echo "image_name=$image_name" >> "$GITHUB_OUTPUT" + deploy: name: Deploy DX Metrics as Container App + needs: resolve-image-name concurrency: group: ${{ github.workflow }}-cd # Override this configuration to prevent cancelling a running deploy. @@ -27,7 +51,7 @@ jobs: with: dockerfile_path: ./apps/dx-metrics/Dockerfile dockerfile_context: . - docker_image_name: pagopa/dx-metrics + docker_image_name: ${{ needs.resolve-image-name.outputs.image_name }} docker_image_description: "DX Metrics is a monitoring and analytics service for the PagoPA Developer Experience (DX) team, providing insights into development experience." container_app: dx-p-itn-metrics-portal-ca-01 resource_group_name: dx-p-itn-common-rg-01 diff --git a/.github/workflows/_release-docker-e2e-appconfiguration.yaml b/.github/workflows/_release-docker-e2e-appconfiguration.yaml index 89052f3d81..fc17b3e74f 100644 --- a/.github/workflows/_release-docker-e2e-appconfiguration.yaml +++ b/.github/workflows/_release-docker-e2e-appconfiguration.yaml @@ -21,14 +21,24 @@ jobs: id-token: write attestations: write packages: write - env: - IMAGE_NAME: "pagopa/e2e-appconfiguration-all-scenarios" - IMAGE_TAG: "latest" - steps: - name: Checkout uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - name: Resolve Docker image name from Nx config + id: image_name + shell: bash + run: | + set -euo pipefail + + image_name=$(jq -r '.release.docker.repositoryName // empty' infra/modules/${{ env.MODULE_NAME }}/tests/apps/all_scenarios/project.json) + if [[ -z "$image_name" ]]; then + echo "::error::Missing release.docker.repositoryName in infra/modules/${{ env.MODULE_NAME }}/tests/apps/all_scenarios/project.json" + exit 1 + fi + + echo "image_name=$image_name" >> "$GITHUB_OUTPUT" + - name: Docker Build and Push id: docker_build uses: pagopa/dx/actions/docker-build-push@main @@ -37,7 +47,7 @@ jobs: with: dockerfile_path: infra/modules/${{ env.MODULE_NAME }}/tests/apps/all_scenarios/Dockerfile dockerfile_context: infra/modules/${{ env.MODULE_NAME }}/tests/apps/all_scenarios/src - docker_image_name: ${{ env.IMAGE_NAME }} + docker_image_name: ${{ steps.image_name.outputs.image_name }} docker_image_description: "Web app which exposes endpoints to access App Configuration. Used for E2E tests of the Azure App Configuration Terraform module." docker_image_authors: "PagoPA" build_platforms: "linux/amd64,linux/arm64" diff --git a/.github/workflows/_release-docker-e2e-azure-merge-roles-blob-rbac.yaml b/.github/workflows/_release-docker-e2e-azure-merge-roles-blob-rbac.yaml index 25150102a6..0db05c6813 100644 --- a/.github/workflows/_release-docker-e2e-azure-merge-roles-blob-rbac.yaml +++ b/.github/workflows/_release-docker-e2e-azure-merge-roles-blob-rbac.yaml @@ -18,13 +18,24 @@ jobs: id-token: write attestations: write packages: write - env: - IMAGE_NAME: "pagopa/e2e-azure-merge-roles-blob-rbac" - steps: - name: Checkout uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - name: Resolve Docker image name from Nx config + id: image_name + shell: bash + run: | + set -euo pipefail + + image_name=$(jq -r '.release.docker.repositoryName // empty' infra/modules/azure_merge_roles/tests/apps/blob_rbac_probe/project.json) + if [[ -z "$image_name" ]]; then + echo "::error::Missing release.docker.repositoryName in infra/modules/azure_merge_roles/tests/apps/blob_rbac_probe/project.json" + exit 1 + fi + + echo "image_name=$image_name" >> "$GITHUB_OUTPUT" + - name: Docker Build and Push id: docker_build uses: ./actions/docker-build-push @@ -33,7 +44,7 @@ jobs: with: dockerfile_path: infra/modules/azure_merge_roles/tests/apps/blob_rbac_probe/Dockerfile dockerfile_context: infra/modules/azure_merge_roles/tests/apps/blob_rbac_probe - docker_image_name: ${{ env.IMAGE_NAME }} + docker_image_name: ${{ steps.image_name.outputs.image_name }} docker_image_description: "Web app which exposes data-plane and control-plane endpoints to probe Azure Storage RBAC. Used for E2E tests of the Azure Merge Roles Terraform module." diff --git a/.github/workflows/_release-docker-e2e-cosmos-networkaccess.yaml b/.github/workflows/_release-docker-e2e-cosmos-networkaccess.yaml index 133f31d1c1..2f751175de 100644 --- a/.github/workflows/_release-docker-e2e-cosmos-networkaccess.yaml +++ b/.github/workflows/_release-docker-e2e-cosmos-networkaccess.yaml @@ -18,14 +18,24 @@ jobs: id-token: write attestations: write packages: write - env: - IMAGE_NAME: "pagopa/e2e-cosmos-network-access" - IMAGE_TAG: "latest" - steps: - name: Checkout uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - name: Resolve Docker image name from Nx config + id: image_name + shell: bash + run: | + set -euo pipefail + + image_name=$(jq -r '.release.docker.repositoryName // empty' infra/modules/azure_cosmos_account/tests/apps/network_access/project.json) + if [[ -z "$image_name" ]]; then + echo "::error::Missing release.docker.repositoryName in infra/modules/azure_cosmos_account/tests/apps/network_access/project.json" + exit 1 + fi + + echo "image_name=$image_name" >> "$GITHUB_OUTPUT" + - name: Docker Build and Push id: docker_build uses: pagopa/dx/actions/docker-build-push@main @@ -34,7 +44,7 @@ jobs: with: dockerfile_path: infra/modules/azure_cosmos_account/tests/apps/network_access/Dockerfile dockerfile_context: infra/modules/azure_cosmos_account/tests/apps/network_access/src - docker_image_name: ${{ env.IMAGE_NAME }} + docker_image_name: ${{ steps.image_name.outputs.image_name }} docker_image_description: "Web app which exposes a single endpoint to probe Azure Cosmos DB. Used for E2E tests of the Azure Cosmos DB Terraform module." docker_image_authors: "PagoPA" build_platforms: "linux/amd64,linux/arm64" diff --git a/.github/workflows/_validate-docker-e2e-cosmos-networkaccess.yaml b/.github/workflows/_validate-docker-e2e-cosmos-networkaccess.yaml index d68f7cffd4..0d96c028d1 100644 --- a/.github/workflows/_validate-docker-e2e-cosmos-networkaccess.yaml +++ b/.github/workflows/_validate-docker-e2e-cosmos-networkaccess.yaml @@ -19,13 +19,25 @@ jobs: runs-on: ubuntu-latest permissions: contents: read - env: - IMAGE_NAME: "pagopa/e2e-cosmos-network-access" steps: - name: Checkout uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - name: Resolve Docker image name from Nx config + id: image_name + shell: bash + run: | + set -euo pipefail + + image_name=$(jq -r '.release.docker.repositoryName // empty' infra/modules/azure_cosmos_account/tests/apps/network_access/project.json) + if [[ -z "$image_name" ]]; then + echo "::error::Missing release.docker.repositoryName in infra/modules/azure_cosmos_account/tests/apps/network_access/project.json" + exit 1 + fi + + echo "image_name=$image_name" >> "$GITHUB_OUTPUT" + - name: Docker Build id: docker_build uses: pagopa/dx/actions/docker-build-push@main @@ -34,7 +46,7 @@ jobs: with: dockerfile_path: infra/modules/azure_cosmos_account/tests/apps/network_access/Dockerfile dockerfile_context: infra/modules/azure_cosmos_account/tests/apps/network_access/src - docker_image_name: ${{ env.IMAGE_NAME }} + docker_image_name: ${{ steps.image_name.outputs.image_name }} docker_image_description: "Web app which exposes a single endpoint to probe Azure Cosmos DB. Used for E2E tests of the Azure Cosmos DB Terraform module." docker_image_authors: "PagoPA" build_platforms: "linux/amd64,linux/arm64" diff --git a/.github/workflows/release-azure-containerapp-v1.yaml b/.github/workflows/release-azure-containerapp-v1.yaml index 51708fb89a..140d9f8397 100644 --- a/.github/workflows/release-azure-containerapp-v1.yaml +++ b/.github/workflows/release-azure-containerapp-v1.yaml @@ -35,6 +35,11 @@ on: required: false default: linux/amd64 description: Image runtime platform, supports multiple comma-separated values + docker_registry: + type: string + required: false + default: ghcr + description: Container registry used by docker-build-push (ghcr or ecr) container_app: type: string required: true @@ -59,6 +64,8 @@ jobs: build: name: Build Docker Image runs-on: ubuntu-latest + outputs: + registry_uri: ${{ steps.docker_build.outputs.registry_uri }} permissions: contents: read id-token: write @@ -75,6 +82,7 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: + registry: ${{ inputs.docker_registry }} dockerfile_path: ${{ inputs.dockerfile_path }} dockerfile_context: ${{ inputs.dockerfile_context }} docker_image_name: ${{ env.IMAGE_NAME }} @@ -99,6 +107,7 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} CONTAINER_APP_NAME: ${{ inputs.container_app }} RESOURCE_GROUP_NAME: ${{ inputs.resource_group_name }} + REGISTRY_URI: ${{ needs.build.outputs.registry_uri }} steps: - name: Checkout @@ -169,7 +178,7 @@ jobs: new_revision=$(az containerapp revision copy \ --name "$CONTAINER_APP_NAME" \ - --image "ghcr.io/$IMAGE_NAME:sha-$SHORT_SHA" \ + --image "$REGISTRY_URI/$IMAGE_NAME:sha-$SHORT_SHA" \ --from-revision "$CURRENT_REVISION" \ --revision-suffix "$SUFFIX" \ --query "properties.latestRevisionName" \ diff --git a/infra/modules/azure_app_configuration/tests/apps/all_scenarios/project.json b/infra/modules/azure_app_configuration/tests/apps/all_scenarios/project.json index 5eb5a39a87..4fc27bd68e 100644 --- a/infra/modules/azure_app_configuration/tests/apps/all_scenarios/project.json +++ b/infra/modules/azure_app_configuration/tests/apps/all_scenarios/project.json @@ -4,6 +4,11 @@ "version": "0.0.0", "description": "Simple application for Terraform E2E tests, which exposes endpoints to test connectivity and integration with App Configuration", "private": true, + "release": { + "docker": { + "repositoryName": "pagopa/e2e-appconfiguration-all-scenarios" + } + }, "targets": { "nx-release-publish": { "executor": "nx:run-commands", diff --git a/infra/modules/azure_cosmos_account/tests/apps/network_access/project.json b/infra/modules/azure_cosmos_account/tests/apps/network_access/project.json index 74aa9cdd5b..29d5b23207 100644 --- a/infra/modules/azure_cosmos_account/tests/apps/network_access/project.json +++ b/infra/modules/azure_cosmos_account/tests/apps/network_access/project.json @@ -4,6 +4,11 @@ "version": "0.1.0", "description": "Simple application for Terraform E2E tests, which exposes a single HTTP endpoint to test connectivity to Cosmos DB", "private": true, + "release": { + "docker": { + "repositoryName": "pagopa/e2e-cosmos-network-access" + } + }, "targets": { "nx-release-publish": { "executor": "nx:run-commands", diff --git a/infra/modules/azure_merge_roles/tests/apps/blob_rbac_probe/project.json b/infra/modules/azure_merge_roles/tests/apps/blob_rbac_probe/project.json index d99ff655b1..46e7c1d2a2 100644 --- a/infra/modules/azure_merge_roles/tests/apps/blob_rbac_probe/project.json +++ b/infra/modules/azure_merge_roles/tests/apps/blob_rbac_probe/project.json @@ -4,6 +4,11 @@ "version": "0.1.0", "description": "Simple application for Terraform E2E tests, exposing a single HTTP endpoint to verify merged Blob RBAC permissions with managed identity", "private": true, + "release": { + "docker": { + "repositoryName": "pagopa/e2e-azure-merge-roles-blob-rbac" + } + }, "targets": { "nx-release-publish": { "executor": "nx:run-commands", From ba986f2c6ad0626148d0c6c556501e052020d837 Mon Sep 17 00:00:00 2001 From: Christian Calabrese Date: Wed, 17 Jun 2026 14:30:52 +0200 Subject: [PATCH 4/5] Start Docker release workflows on Nx release tags --- .github/workflows/_release-docker-dx-metrics-import-v1.yaml | 4 ++++ .github/workflows/_release-docker-dx-metrics-v1.yaml | 4 ++++ .github/workflows/_release-docker-e2e-appconfiguration.yaml | 4 ++++ .../_release-docker-e2e-azure-merge-roles-blob-rbac.yaml | 4 ++++ .../workflows/_release-docker-e2e-cosmos-networkaccess.yaml | 4 ++++ 5 files changed, 20 insertions(+) diff --git a/.github/workflows/_release-docker-dx-metrics-import-v1.yaml b/.github/workflows/_release-docker-dx-metrics-import-v1.yaml index 24352f808e..d5b9784144 100644 --- a/.github/workflows/_release-docker-dx-metrics-import-v1.yaml +++ b/.github/workflows/_release-docker-dx-metrics-import-v1.yaml @@ -5,6 +5,10 @@ on: push: branches: - main + # Path filters are not evaluated for tag pushes. + # Trigger image publication on project release tags as well. + tags: + - "dx-metrics-import@*" paths: - "apps/dx-metrics-import/package.json" - "packages/dx-metrics-core/**" diff --git a/.github/workflows/_release-docker-dx-metrics-v1.yaml b/.github/workflows/_release-docker-dx-metrics-v1.yaml index 2e2e03c9ba..ab994c1844 100644 --- a/.github/workflows/_release-docker-dx-metrics-v1.yaml +++ b/.github/workflows/_release-docker-dx-metrics-v1.yaml @@ -5,6 +5,10 @@ on: push: branches: - main + # Path filters are not evaluated for tag pushes. + # Trigger production deploys on project release tags as well. + tags: + - "dx-metrics@*" paths: - "apps/dx-metrics/package.json" - "packages/dx-metrics-core/**" diff --git a/.github/workflows/_release-docker-e2e-appconfiguration.yaml b/.github/workflows/_release-docker-e2e-appconfiguration.yaml index fc17b3e74f..3ef4abdddd 100644 --- a/.github/workflows/_release-docker-e2e-appconfiguration.yaml +++ b/.github/workflows/_release-docker-e2e-appconfiguration.yaml @@ -6,6 +6,10 @@ on: push: branches: - main + # Path filters are not evaluated for tag pushes. + # Trigger image publication on project release tags as well. + tags: + - "app_configuration_tests_all_scenarios@*" paths: - "infra/modules/azure_app_configuration/tests/apps/all_scenarios/**" diff --git a/.github/workflows/_release-docker-e2e-azure-merge-roles-blob-rbac.yaml b/.github/workflows/_release-docker-e2e-azure-merge-roles-blob-rbac.yaml index 0db05c6813..b02f9fe383 100644 --- a/.github/workflows/_release-docker-e2e-azure-merge-roles-blob-rbac.yaml +++ b/.github/workflows/_release-docker-e2e-azure-merge-roles-blob-rbac.yaml @@ -6,6 +6,10 @@ on: push: branches: - main + # Path filters are not evaluated for tag pushes. + # Trigger image publication on project release tags as well. + tags: + - "azure_merge_roles_tests_blob_rbac_probe@*" paths: - "infra/modules/azure_merge_roles/tests/apps/blob_rbac_probe/**" diff --git a/.github/workflows/_release-docker-e2e-cosmos-networkaccess.yaml b/.github/workflows/_release-docker-e2e-cosmos-networkaccess.yaml index 2f751175de..aee6d75ca4 100644 --- a/.github/workflows/_release-docker-e2e-cosmos-networkaccess.yaml +++ b/.github/workflows/_release-docker-e2e-cosmos-networkaccess.yaml @@ -6,6 +6,10 @@ on: push: branches: - main + # Path filters are not evaluated for tag pushes. + # Trigger image publication on project release tags as well. + tags: + - "cosmos_db_tests_network_access@*" paths: - "infra/modules/azure_cosmos_account/tests/apps/network_access/**" From 4ec8d67afa7074ac8552daa6c726ba13d6519d2d Mon Sep 17 00:00:00 2001 From: Christian Calabrese Date: Wed, 17 Jun 2026 15:04:56 +0200 Subject: [PATCH 5/5] Restore reusable container app workflow --- .github/workflows/release-azure-containerapp-v1.yaml | 11 +---------- 1 file changed, 1 insertion(+), 10 deletions(-) diff --git a/.github/workflows/release-azure-containerapp-v1.yaml b/.github/workflows/release-azure-containerapp-v1.yaml index 140d9f8397..51708fb89a 100644 --- a/.github/workflows/release-azure-containerapp-v1.yaml +++ b/.github/workflows/release-azure-containerapp-v1.yaml @@ -35,11 +35,6 @@ on: required: false default: linux/amd64 description: Image runtime platform, supports multiple comma-separated values - docker_registry: - type: string - required: false - default: ghcr - description: Container registry used by docker-build-push (ghcr or ecr) container_app: type: string required: true @@ -64,8 +59,6 @@ jobs: build: name: Build Docker Image runs-on: ubuntu-latest - outputs: - registry_uri: ${{ steps.docker_build.outputs.registry_uri }} permissions: contents: read id-token: write @@ -82,7 +75,6 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: - registry: ${{ inputs.docker_registry }} dockerfile_path: ${{ inputs.dockerfile_path }} dockerfile_context: ${{ inputs.dockerfile_context }} docker_image_name: ${{ env.IMAGE_NAME }} @@ -107,7 +99,6 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} CONTAINER_APP_NAME: ${{ inputs.container_app }} RESOURCE_GROUP_NAME: ${{ inputs.resource_group_name }} - REGISTRY_URI: ${{ needs.build.outputs.registry_uri }} steps: - name: Checkout @@ -178,7 +169,7 @@ jobs: new_revision=$(az containerapp revision copy \ --name "$CONTAINER_APP_NAME" \ - --image "$REGISTRY_URI/$IMAGE_NAME:sha-$SHORT_SHA" \ + --image "ghcr.io/$IMAGE_NAME:sha-$SHORT_SHA" \ --from-revision "$CURRENT_REVISION" \ --revision-suffix "$SUFFIX" \ --query "properties.latestRevisionName" \