Force ptl only

[reespozzi]

Jira link

See PROJ-XXXXXX

Change description

Testing done

Security Vulnerability Assessment

CVE Suppression: Are there any CVEs present in the codebase (either newly introduced or pre-existing) that are being intentionally suppressed or ignored by this commit?

• Yes
• No

Checklist

• commit messages are meaningful and follow good commit message guidelines
• README and other documentation has been updated / added (if needed)
• tests have been updated / new tests has been added (if needed)
• Does this PR introduce a breaking change

🤖AEP PR SUMMARY🤖

Changes Summary

azure-pipelines.yml

• 🔄 Refactored environment component parameters: removed several environments (sbox, preview, demo, ithc, ptlsbox, perftest, aat, prod) and streamlined to primarily focus on "ptl" environment with updated service connection and subscription details.
• ❌ Removed multiple pipeline stages including Genesis, Network, Managed_Identity, Aks, BootStrapClusters, PipelineTests, and Analyse_plans.
• 🚧 Simplified stage and job definitions primarily to the "CheckingClusters" stage and removed dependencies and conditional steps related to other environments.
• ⚙️ Adjusted variables and jobs to work with the simplified environment setup and removed complex dependencies and conditional logic in the stages.
• 🧹 Removed various terraform.yaml template calls related to different components and stages, simplifying pipeline complexity.
• 🔐 Removed keyvault-read steps and other cross-service connection complexities.
• 🔄 Overall, this PR drastically simplifies the Azure DevOps pipeline YAML focusing on one environment "ptl" and removing multi-environment and multi-stage complexity.

environments/aks/ptl.tfvars

• 🔧 Changed availability_zones from [\"1\", \"2\", \"3\"] to an empty list [].
• ✅ Retained autoShutdown as true.
• 📍 This likely reflects a change in cluster zone configuration, possibly reducing zones used in the "ptl" AKS cluster environment.

[github-actions]

Suggestions for Improvement

1. Duplication and Readability:

   • The pipeline seems to have a significant amount of duplication in stages and jobs templates (e.g., DeployInfrastructure, PipelineTests). Consider refactoring repeated code into reusable templates or parameterized steps to improve readability and maintainability. For example:
     yaml
     • template: pipeline-steps/reusable-job-template.yaml
       parameters:
       env: ${{ component.env }}
       action: ${{ parameters.action }}

2. Commenting for Context:

   • The changes involve numerous pipeline attributes with detailed configurations. Adding comments to explain the purpose of complex conditions (e.g., condition block inside Aks_${{ component.env }}) would enhance understanding for future developers. For example:

     condition: |
       # Check for manual triggers or main branch deployments
       or (
         ... # condition logic
       )

3. Version Control for Scripts:

   • Scripts like checking-clusters.sh and terraform.yaml are referenced but not versioned explicitly. Ensure these scripts are version-controlled in the repository to avoid discrepancies in pipeline execution.

4. Prevent Hardcoding of Identifiers:

   • Subscription IDs, AzureRM resource group names, and key vault names are directly hardcoded. Replace these with variables or secure pipeline constants for better flexibility and security:

     terraformSubscriptionID: ${{ variables.TERRAFORM_SUBSCRIPTION_ID }}
     backendAzureRmResourceGroupName: ${{ variables.BACKEND_RESOURCE_GROUP }}

5. Potential Unresolved Dependence:

   • Many dependsOn stages (e.g., Network_${{ component.env }}) rely on specific upstream jobs. Review dynamically generated dependencies to ensure all dependencies are valid and will execute correctly for different configurations.

6. Availability Zones Update:

   • Changing availability_zones to an empty array ([]) could impact high availability or performance in AKS. Confirm that this change is intentional and aligns with infrastructure requirements. For production environments, avoiding availability zones could be a critical issue.

7. Resource Optimization:

   • Unused variables, such as placeholder sections (+ + +), add unnecessary complexity. Ensure unused variables or actions are removed to reduce pipeline execution time and associated costs.

8. Security Check:

   • Sensitive values such as dcdcftappsprodkv (key vaults) and subscription IDs appear directly in the pipeline. Ensure these values are stored as pipeline secrets or environment variables instead:

     aksKeyVault: $(AKS_KEY_VAULT)
     terraformSubscriptionID: $(TERRAFORM_SUBSCRIPTION_ID)

Impact on Cost and Carbon Usage

• Cost: Removing duplicated jobs and streamlining conditions could cut down build and execution time, reducing Azure DevOps computing cost. Estimation depends on the complexity removed but might save £50–£150/month depending on pipeline frequency.
• Carbon Usage: Optimizing jobs and runs will reduce build agent usage and contribute minor reductions in carbon footprint over time.

Best Practice Overview

• Refactoring the pipeline logic to create generalizable templates and minimizing hardcoding aligns with best practices.
• Protect sensitive data, streamline jobs, and prioritize modular increments in pipeline updates to ensure maintainability, security, and performance.