SRTP-769-implement-api-send-gpd-message

Author: LarissaASLeite

.github/workflows/docker-publish.yml

@@ -0,0 +1,31 @@
+name: Build & Push Docker image to GHCR
+
+on:
+  push:
+    branches:
+      - '**'
+jobs:
+  build-and-push:
+    runs-on: ubuntu-latest
+    permissions:
+      packages: write
+      contents: read
+
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+
+    - name: Log in to GitHub Container Registry
+      uses: docker/login-action@v3
+      with:
+        registry: ghcr.io
+        username: ${{ github.actor }}
+        password: ${{ secrets.GITHUB_TOKEN }}
+
+    - name: Build and push Docker image
+      uses: docker/build-push-action@v5
+      with:
+        context: .
+        file: gpd-test/Dockerfile
+        push: true
+        tags: ghcr.io/${{ github.repository_owner }}/gpd-test:latest

gpd-test/Dockerfile

@@ -0,0 +1,12 @@
+FROM python:3.13-slim
+
+WORKDIR /app
+
+# Copy only gpd-test
+COPY gpd-test/ /app/
+
+# Install dependecies
+COPY ../requirements.txt /app/
+RUN pip install --no-cache-dir -r requirements.txt
+
+CMD ["uvicorn", "main:app", "--host", "0.0.0.0", "--port", "8000"]

gpd-test/deploy/deploy-dev.yaml

@@ -0,0 +1,38 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: gpd-producer-sa
+  namespace: srtp
+  annotations:
+    azure.workload.identity/client-id: <CLIENT_ID_WORKLOAD_IDENTITY>
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: gpd-producer-dev
+  namespace: srtp
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: gpd-producer-dev
+  template:
+    metadata:
+      labels:
+        app: gpd-producer-dev
+    spec:
+      serviceAccountName: gpd-producer-sa
+      containers:
+      - name: gpd-producer
+        image: ghcr.io/__OWNER__/gpd-test:latest
+        ports:
+        - containerPort: 8000
+        env:
+        - name: KEYVAULT_NAME
+          value: cstar-d-itn-srtp-kv
+        - name: EVENTHUB_SECRET_NAME
+          value: gdp-eventhub-connection-string
+        - name: EVENTHUB_NAMESPACE
+          value: pagopa-d-itn-gps-rtp-integration-evh
+        - name: EVENTHUB_TOPIC
+          value: rtp-events

gpd-test/deploy/deploy-uat.yaml

@@ -0,0 +1,38 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: gpd-producer-sa
+  namespace: srtp
+  annotations:
+    azure.workload.identity/client-id: <CLIENT_ID_WORKLOAD_IDENTITY>
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: gpd-producer-uat
+  namespace: srtp
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: gpd-producer-uat
+  template:
+    metadata:
+      labels:
+        app: gpd-producer-uat
+    spec:
+      serviceAccountName: gpd-producer-sa
+      containers:
+      - name: gpd-producer
+        image: ghcr.io/__OWNER__/gpd-test:latest
+        ports:
+        - containerPort: 8000
+        env:
+        - name: KEYVAULT_NAME
+          value: cstar-u-itn-srtp-kv
+        - name: EVENTHUB_SECRET_NAME
+          value: gdp-eventhub-connection-string
+        - name: EVENTHUB_NAMESPACE
+          value: pagopa-u-itn-gps-rtp-integration-evh
+        - name: EVENTHUB_TOPIC
+          value: rtp-events

gpd-test/deploy/deploy.sh

@@ -0,0 +1,13 @@
+#!/bin/bash
+
+OWNER=$(git config --get remote.origin.url | sed -E 's|.*github.com[:/](.*)/.*|\1|' | cut -d/ -f1)
+
+if [[ $# -ne 1 ]]; then
+  echo "Usage: $0 <deployment-file.yaml>"
+  exit 1
+fi
+
+FILE="$1"
+
+echo "Deploying $FILE with GHCR owner: $OWNER"
+sed "s|__OWNER__|$OWNER|g" "$FILE" | kubectl apply -n srtp -f -

gpd-test/keyvault.py

@@ -1,18 +1,18 @@
-# from azure.identity import AzureCliCredential
-# from azure.keyvault.secrets import SecretClient
-# import os
-#
-# def get_eventhub_connection_string():
-#     keyvault_name = os.environ["KEYVAULT_NAME"]
-#     secret_name = os.environ["EVENTHUB_SECRET_NAME"]
-#
-#     keyvault_url = f"https://{keyvault_name}.vault.azure.net"
-#     credential = AzureCliCredential()
-#     client = SecretClient(vault_url=keyvault_url, credential=credential)
-#
-#     secret = client.get_secret(secret_name)
-#     print(f"[KeyVault] Retrieved secret '{secret_name}' from '{keyvault_name}'")
-#     return secret.value
+from azure.identity import AzureCliCredential
+from azure.keyvault.secrets import SecretClient
+import os
+
+def get_eventhub_connection_string():
+    keyvault_name = os.environ["KEYVAULT_NAME"]
+    secret_name = os.environ["EVENTHUB_SECRET_NAME"]
+
+    keyvault_url = f"https://{keyvault_name}.vault.azure.net"
+    credential = AzureCliCredential()
+    client = SecretClient(vault_url=keyvault_url, credential=credential)
+
+    secret = client.get_secret(secret_name)
+    print(f"[KeyVault] Retrieved secret '{secret_name}' from '{keyvault_name}'")
+    return secret.value
 
 from azure.identity import DefaultAzureCredential
 from azure.keyvault.secrets import SecretClient

gpd-test/producer.py

@@ -1,12 +1,14 @@
 from aiokafka import AIOKafkaProducer
-import os, ssl
+import os
+import ssl
+import certifi
 from keyvault import get_eventhub_connection_string
 
 async def setup_producer():
     connection_string = get_eventhub_connection_string()
     namespace = os.environ["EVENTHUB_NAMESPACE"]
 
-    ssl_context = ssl.create_default_context()
+    ssl_context = ssl.create_default_context(cafile=certifi.where())
     ssl_context.check_hostname = True
     ssl_context.verify_mode = ssl.CERT_REQUIRED
 

requirements.txt

@@ -14,4 +14,5 @@ pytest~=8.4.1
 fastapi~=0.116.1
 aiokafka~=0.12.0
 keyvault~=0.2.1
-azure-core~=1.35.0
+azure-core~=1.35.0
+certifi~=2025.7.14