fix: [PAYMCLOUD-109] Update roles in GitHub runner TF files to fix pe…

…rmissions (#143) * Update roles in GitHub runner TF files to fix permissions Replaced 'Contributor' with 'Reader' and added 'Azure Kubernetes Service Cluster User Role' to ensure proper access controls. Also removed redundant polling_interval in container_app_jobs configuration. * Update precommit version in static analysis workflow Updated the precommit version in the GitHub Actions static analysis workflow from v1.89.1 to v1.96.1. This ensures the latest static analysis checks and improvements are included in the pipeline. * Update precommit_version in static_analysis_pr.yml Switch precommit_version to nightly for improved stability checks. This update ensures the latest nightly features and fixes are integrated into the static analysis process. * Update precommit_version in static_analysis_pr.yml Changed the precommit_version from a nightly build to a stable version (v1.96.1). This ensures more reliable and predictable performance during static analysis. * Fix markdown formatting for pre elements in README.md Removed unnecessary slashes from the closing pre tags to ensure proper markdown rendering. This change improves the readability and formatting consistency of the table in the documentation.
pagopa · Oct 31, 2024 · 142f41b · 142f41b
1 parent 4af4f27
commit 142f41b
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 7 deletions.
diff --git a/.github/workflows/static_analysis_pr.yml b/.github/workflows/static_analysis_pr.yml
@@ -22,4 +22,4 @@ jobs:
         if: env.dir_changes_detected == 'true'
         uses: pagopa/eng-github-actions-iac-template/azure/terraform-static-analysis@v1.14.1
         with:
-          precommit_version: 'v1.89.1@sha256:1ea921bc4fe87651d41677218e537afdcdb8202e757e554b9866668eaba144c5'
+          precommit_version: 'v1.96.1@sha256:9aea677ac51d67eb96b3bbb4cf93b16afdde5476f984e75e87888850d18146c9'
diff --git a/src/github-runner/01_github_identity.tf b/src/github-runner/01_github_identity.tf
@@ -21,17 +21,18 @@ locals {
   # to avoid subscription Contributor -> https://github.com/microsoft/azure-container-apps/issues/35
   environment_cd_roles = {
     subscription = [
-      "Contributor"
+      "Reader"
     ]
     resource_groups = {
       "${azurerm_resource_group.rg_github_runner.name}" = [
         "Key Vault Reader"
       ],
       "${data.azurerm_kubernetes_cluster.aks.resource_group_name}" = [
-        "Contributor"
+        "Reader",
+        "Azure Kubernetes Service Cluster User Role"
       ],
       "${azurerm_resource_group.rg_github_runner.name}" = [
-        "Contributor"
+        "Reader"
       ]
     }
   }

diff --git a/src/github-runner/02_container_app_jobs.tf b/src/github-runner/02_container_app_jobs.tf
@@ -23,10 +23,9 @@ module "container_app_job" {
   environment_rg   = module.container_app_environment_runner.resource_group_name
 
   polling_interval_in_seconds = 10
+
   job = {
-    name             = "infra"
-    repo             = "devops-app-status"
-    polling_interval = 20
+    name = "infra"
   }
 
   container = {