This repository has been archived by the owner on Jul 5, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 1
86 lines (75 loc) · 3.07 KB
/
build-and-deploy.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
name: Bygg og deploy
on:
push:
branches:
- main
paths-ignore:
- '**.md'
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
IMAGE: europe-north1-docker.pkg.dev/${{ vars.NAIS_MANAGEMENT_PROJECT_ID }}/aap/${{ github.event.repository.name }}
jobs:
bygg:
permissions:
contents: write
id-token: write
runs-on: ubuntu-latest
outputs:
image: ${{ steps.kompiler.outputs.image }}
steps:
- name: Sjekker ut kode
uses: actions/[email protected]
- name: Setter opp Java 17
uses: actions/[email protected]
with:
java-version: 17
distribution: temurin
cache: maven
# - name: Installerer cosign
# uses: sigstore/[email protected]
# with:
# cosign-release: 'v1.3.1'
# - name: Verifiserer distroless base-image
# run: cosign verify --key distroless.pub gcr.io/distroless/Java17
- name: Setter tag-navn
run: echo "TAG=$(date +%Y.%m.%d.%H%M%S)-$(echo $GITHUB_SHA | cut -c1-7)" >> $GITHUB_ENV
- name: Login GAR
uses: nais/login@v0
with:
project_id: ${{ vars.NAIS_MANAGEMENT_PROJECT_ID }}
identity_provider: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }}
team: aap
- name: Submit Dependency Snapshot
uses: advanced-security/maven-dependency-submission-action@v3
with:
settings-file: .github/.m2/settings.xml
- name: Kompilerer og bygger image
id: kompiler
run: |
echo "image=${{ env.IMAGE }}:${{ env.TAG }}" >> $GITHUB_OUTPUT
./mvnw -Dmaven.plugin.validation=VERBOSE --settings .github/.m2/settings.xml -Djib.to.tags=${TAG} -DGAR_TOKEN=${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} -Drevision=${TAG} package jib:build
echo "DIGEST=$(cat target/jib-image.digest)" >> $GITHUB_ENV
- name: Attester og signer
uses: nais/[email protected]
with:
sbom: target/bom.json
image_ref: ${{ env.IMAGE }}@${{ env.DIGEST }}
deploy:
strategy:
matrix:
cluster: [ dev-gcp, prod-gcp ]
name: Deploy til ${{matrix.cluster}}
needs: bygg
runs-on: ubuntu-latest
timeout-minutes: 30
environment: ${{matrix.cluster}}:aap
env:
PRINT_PAYLOAD: true
APIKEY: ${{secrets.NAIS_DEPLOY_APIKEY}}
RESOURCE: .nais/naiserator.yaml,.nais/${{matrix.cluster}}-alerts.yaml
CLUSTER: ${{matrix.cluster}}
VARS: .nais/${{matrix.cluster}}.json
IMAGE: ${{needs.bygg.outputs.image}}
steps:
- uses: actions/[email protected]
- uses: nais/deploy/actions/deploy@master