Skip to content
This repository has been archived by the owner on Jul 5, 2024. It is now read-only.

Bygg og deploy

Bygg og deploy #14

name: Bygg og deploy
on:
workflow_dispatch:
inputs:
cluster:
description: 'Cluster å deploye til'
required: true
default: 'dev-gcp'
type: choice
options:
- 'dev-gcp'
- 'prod-gcp'
push:
branches:
- main
paths-ignore:
- '**.md'
- '.github/workflows/**.yml'
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
IMAGE: europe-north1-docker.pkg.dev/${{ vars.NAIS_MANAGEMENT_PROJECT_ID }}/aap/${{ github.event.repository.name }}
jobs:
bygg:
permissions:
contents: write
id-token: write
runs-on: ubuntu-latest
outputs:
image: ${{ steps.kompiler.outputs.image }}
steps:
- name: Sjekker ut kode
uses: actions/[email protected]
- name: Setter opp Java 17
uses: actions/[email protected]
with:
java-version: 17
distribution: temurin
cache: maven
- name: Setter tag-navn
run: echo "TAG=$(date +%Y.%m.%d.%H%M%S)-$(echo $GITHUB_SHA | cut -c1-7)" >> $GITHUB_ENV
- name: Login GAR
uses: nais/login@v0
with:
project_id: ${{ vars.NAIS_MANAGEMENT_PROJECT_ID }}
identity_provider: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }}
team: aap
- name: Submit Dependency Snapshot
uses: advanced-security/maven-dependency-submission-action@v3
with:
settings-file: .github/.m2/settings.xml
- name: Kompilerer og bygger image
id: kompiler
run: |
echo "image=${{ env.IMAGE }}:${{ env.TAG }}" >> $GITHUB_OUTPUT
./mvnw -Dmaven.plugin.validation=VERBOSE --settings .github/.m2/settings.xml -Djib.to.tags=${TAG} -DGAR_TOKEN=${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} -Drevision=${TAG} package jib:build
echo "DIGEST=$(cat target/jib-image.digest)" >> $GITHUB_ENV
- name: Attester og signer
uses: nais/[email protected]
with:
sbom: target/bom.json
image_ref: ${{ env.IMAGE }}@${{ env.DIGEST }}
deploy_dev_gcp:
if: github.event.inputs.cluster == 'dev-gcp' || github.event_name == 'push'
needs: bygg
runs-on: ubuntu-latest
timeout-minutes: 30
environment: dev-gcp:aap
env:
PRINT_PAYLOAD: true
APIKEY: ${{secrets.NAIS_DEPLOY_APIKEY}}
RESOURCE: .nais/naiserator.yaml,.nais/dev-gcp-alerts.yaml
CLUSTER: dev-gcp
VARS: .nais/dev-gcp.json
IMAGE: ${{needs.bygg.outputs.image}}
steps:
- uses: actions/[email protected]
- uses: nais/deploy/actions/deploy@v1
deploy_prod_gcp:
if: github.event.inputs.cluster == 'prod-gcp'
needs: bygg
runs-on: ubuntu-latest
timeout-minutes: 30
environment: prod-gcp:aap
env:
PRINT_PAYLOAD: true
APIKEY: ${{secrets.NAIS_DEPLOY_APIKEY}}
RESOURCE: .nais/naiserator.yaml,.nais/prod-gcp-alerts.yaml
CLUSTER: prod-gcp
VARS: .nais/prod-gcp.json
IMAGE: ${{needs.bygg.outputs.image}}
steps:
- uses: actions/[email protected]
- uses: nais/deploy/actions/deploy@v1