Merge branch 'master' into TAG-2154_tokenx_pam

navikt · Oct 2, 2023 · 663731c · 663731c
2 parents e5617f0 + 56fb29f
commit 663731c
Show file tree

Hide file tree

Showing 53 changed files with 13,504 additions and 38,086 deletions.
diff --git a/.github/workflows/bygg-branch.yml b/.github/workflows/bygg-branch.yml
diff --git a/.github/workflows/bygg-og-deploy-master.yml b/.github/workflows/bygg-og-deploy-master.yml
diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml
@@ -0,0 +1,109 @@
+name: CICD
+
+on:
+    push:
+    workflow_dispatch:
+
+jobs:
+    cicd:
+        name: CICD
+        runs-on: ubuntu-latest
+        permissions:
+            contents: 'read'
+            id-token: 'write'
+            packages: 'write'
+        steps:
+            - uses: actions/checkout@v3
+
+            - uses: actions/setup-node@v3
+              with:
+                  node-version: '20'
+                  registry-url: https://npm.pkg.github.com/
+                  cache: 'npm'
+
+            - name: Installer avhengigheter (client)
+              run: npm ci --omit=dev --omit=optional
+              env:
+                  NODE_AUTH_TOKEN: ${{ secrets.READER_TOKEN }}
+
+            - name: Installer avhengigheter (server)
+              run: npm ci --omit=dev --omit=optional
+              env:
+                  NODE_AUTH_TOKEN: ${{ secrets.READER_TOKEN }}
+              working-directory: ./server
+
+            - run: npm run lint
+
+            - run: npm run build
+              env:
+                  PUBLIC_URL: https://cdn.nav.no/fager/min-side-arbeidsgiver/build/
+
+            - uses: nais/docker-build-push@v0
+              id: dockerpush
+              with:
+                  team: fager
+                  tag: ${{ github.sha }}
+                  project_id: ${{ vars.NAIS_MANAGEMENT_PROJECT_ID }}
+                  identity_provider: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }}
+
+            - id: upload
+              uses: navikt/frontend/actions/cdn-upload/v1@main
+              with:
+                  cdn-team-name: fager
+                  source: ./build/
+                  destination: '/min-side-arbeidsgiver'
+
+            - name: Lag sentry release
+              continue-on-error: true
+              env:
+                  SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
+              run: |
+                  npx -p @sentry/cli sentry-cli releases new "${{ github.sha }}"
+                  npx -p @sentry/cli sentry-cli releases files "${{ github.sha }}" upload-sourcemaps build/static/js \
+                      --url-prefix '~/min-side-arbeidsgiver/static/js'
+                  npx -p @sentry/cli sentry-cli releases set-commits --auto "${{ github.sha }}"
+                  npx -p @sentry/cli sentry-cli releases finalize "${{ github.sha }}"
+
+            - name: Deploy til dev-gcp
+              uses: nais/deploy/actions/deploy@v1
+              if: github.ref == 'refs/heads/master'
+              env:
+                  APIKEY: ${{ secrets.NAIS_DEPLOY_APIKEY }}
+                  IMAGE: ${{ steps.dockerpush.outputs.image }}
+                  CLUSTER: dev-gcp
+                  RESOURCE: nais/dev-gcp.yaml
+                  PRINT_PAYLOAD: true
+                  VAR: commit=${{ github.sha }}
+
+            - name: Deploy til prod-gcp
+              uses: nais/deploy/actions/deploy@v1
+              if: github.ref == 'refs/heads/master'
+              env:
+                  APIKEY: ${{ secrets.NAIS_DEPLOY_APIKEY }}
+                  IMAGE: ${{ steps.dockerpush.outputs.image }}
+                  CLUSTER: prod-gcp
+                  RESOURCE: nais/prod-gcp.yaml
+                  PRINT_PAYLOAD: true
+                  VAR: commit=${{ github.sha }}
+
+            - name: Deploy til labs-gcp
+              uses: nais/deploy/actions/deploy@v1
+              if: github.ref == 'refs/heads/master'
+              env:
+                  APIKEY: ${{ secrets.NAIS_DEPLOY_APIKEY }}
+                  IMAGE: ${{ steps.dockerpush.outputs.image }}
+                  CLUSTER: dev-gcp
+                  RESOURCE: nais/labs-gcp.yaml
+                  PRINT_PAYLOAD: true
+                  VAR: commit=${{ github.sha }}
+
+            - name: Deploy til labs-gcp
+              if: github.ref == 'refs/heads/master'
+              uses: nais/deploy/actions/deploy@v1
+              env:
+                  APIKEY: ${{ secrets.NAIS_DEPLOY_APIKEY }}
+                  IMAGE: ${{ steps.dockerpush.outputs.image }}
+                  CLUSTER: dev-gcp
+                  RESOURCE: nais/experimental-labs-gcp.yaml
+                  PRINT_PAYLOAD: true
+                  VAR: commit=${{ github.sha }}
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -22,6 +22,11 @@ on:
 
 jobs:
   analyze:
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
     name: Analyze
     runs-on: ubuntu-latest
 
@@ -35,11 +40,11 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v1
+      uses: github/codeql-action/init@v2
       with:
         languages: ${{ matrix.language }}
         # If you wish to specify custom queries, you can do so here or in a config file.
@@ -50,7 +55,7 @@ jobs:
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
-      uses: github/codeql-action/autobuild@v1
+      uses: github/codeql-action/autobuild@v2
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 https://git.io/JvXDl
@@ -64,4 +69,4 @@ jobs:
     #   make release
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v1
+      uses: github/codeql-action/analyze@v2