Bygg med nais/docker-build-push and gradle/gradle-build-action. Går v…

…ekk fra nav baseimages
navikt · Sep 29, 2023 · b590e55 · b590e55
1 parent 1ac3e2a
commit b590e55
Show file tree

Hide file tree

Showing 4 changed files with 55 additions and 46 deletions.
diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml
@@ -1,62 +1,48 @@
 name: Build and deploy
-
 on:
   push:
     branches-ignore:
       - 'dependabot/**'
-env:
-  IMAGE: ghcr.io/${{ github.repository }}/dp-mottak:${{ github.sha }}
-
 
 jobs:
   build:
     name: Build and publish Docker image
     runs-on: ubuntu-latest
-    permissions:
+    permissions: # Sjekk https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs
+      contents: read
       packages: write
+      id-token: write
     steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-
-      - name: Set up Java
-        uses: actions/setup-java@v3
+      - uses: actions/checkout@v4
+      - uses: actions/setup-java@v3
         with:
+          distribution: temurin
           java-version: 17
-          distribution: 'temurin'
-
-      - name: Setup gradle dependency cache
-        uses: actions/cache@v3
-        with:
-          path: |
-            ~/.gradle/caches
-            ~/.gradle/wrapper
-          key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', 'buildSrc/src/main/kotlin/Constants.kt') }}
-          restore-keys: |
-            ${{ runner.os }}-gradle-
-
-      - name: Build with Gradle
-        run: ./gradlew build --info
-
-      - name: Set up Docker Buildx
-        id: buildx
-        uses: docker/setup-buildx-action@v2
-
-      - name: Login to GitHub Container Registry
-        uses: docker/login-action@v2
+      - uses: gradle/[email protected]
+      - uses: gradle/[email protected]
+        env:
+          # Eksluder test dependencies
+          DEPENDENCY_GRAPH_INCLUDE_CONFIGURATIONS: compileClasspath|runtimeClasspath
         with:
-          registry: ghcr.io
-          username: ${{ github.repository_owner }}
-          password: ${{ secrets.GITHUB_TOKEN }}
+          gradle-version: wrapper
+          dependency-graph: generate-and-submit
+          arguments: --configuration-cache build installDist
 
-      - name: Build and push
-        uses: docker/build-push-action@v4
+      - name: docker-build-push
+        uses: nais/docker-build-push@v0
+        if: github.ref == 'refs/heads/main'
+        id: docker-build-push
         with:
-          context: .
-          builder: ${{ steps.buildx.outputs.name }}
-          tags: ${{ env.IMAGE }},${{ env.LATEST_IMAGE }}
-          push: true
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
+          byosbom: dependency-graph-reports/build_and_deploy-build.json
+          team: teamdagpenger
+          push_image: true # optional, default true
+          tag: ${{ github.sha }}
+          dockerfile: mediator/Dockerfile # optional, default Dockerfile
+          docker_context: mediator # optional, default .
+          identity_provider: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }}
+          project_id: ${{ vars.NAIS_MANAGEMENT_PROJECT_ID }}
+    outputs:
+      image: ${{ steps.docker-build-push.outputs.image }}
 
   deploy-dev:
     name: Deploy to dev
@@ -71,6 +57,7 @@ jobs:
           APIKEY: ${{ secrets.NAIS_DEPLOY_APIKEY }}
           CLUSTER: dev-gcp
           RESOURCE: .nais/nais.yaml
+          VAR: image=${{ needs.build.outputs.image }}
           VARS: .nais/dev-vars.yaml
           PRINT_PAYLOAD: true
 
@@ -87,5 +74,6 @@ jobs:
           APIKEY: ${{ secrets.NAIS_DEPLOY_APIKEY }}
           CLUSTER: prod-gcp
           RESOURCE: .nais/nais.yaml
+          VAR: image=${{ needs.build.outputs.image }}
           VARS: .nais/prod-vars.yaml
           PRINT_PAYLOAD: true
diff --git a/Dockerfile b/Dockerfile
diff --git a/.dockerignore → mediator/.dockerignore b/.dockerignore → mediator/.dockerignore
@@ -2,4 +2,4 @@
 **
 
 # Except build jar
-!mediator/build/libs/*.jar
+!build/install/**
diff --git a/mediator/Dockerfile b/mediator/Dockerfile
@@ -0,0 +1,24 @@
+FROM eclipse-temurin:17 as jre-build
+
+# Create a custom Java runtime
+RUN $JAVA_HOME/bin/jlink \
+         --add-modules ALL-MODULE-PATH \
+         --strip-debug \
+         --no-man-pages \
+         --no-header-files \
+         --compress=2 \
+         --output /javaruntime
+
+# Runtime
+FROM debian:buster-slim
+
+ENV LANG='nb_NO.UTF-8' LANGUAGE='nb_NO:nb' LC_ALL='nb:NO.UTF-8' TZ="Europe/Oslo"
+ENV JAVA_HOME=/opt/java/openjdk
+ENV PATH "${JAVA_HOME}/bin:${PATH}"
+
+COPY --from=jre-build /javaruntime $JAVA_HOME
+
+COPY build/install/* /
+
+USER nobody
+CMD ["mediator"]