Bumper pakker (#6765) #2694
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy Docker image | |
| on: | |
| push: | |
| paths-ignore: | |
| - '**.md' | |
| - '.gitignore' | |
| - 'CODEOWNERS' | |
| branches: | |
| - master | |
| env: | |
| TAG_LATEST_PROD: latest_prod | |
| jobs: | |
| build-docker-image: | |
| name: Build Docker image | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| id-token: write | |
| outputs: | |
| tag: ${{ steps.docker-push.outputs.tag }} | |
| image: ${{ steps.docker-push.outputs.image }} | |
| steps: | |
| - name: Hente kode | |
| uses: actions/checkout@v4 | |
| - name: Setup + Install | |
| uses: ./.github/actions/setup-install | |
| with: | |
| npmAuthToken: ${{ secrets.READER_TOKEN }} | |
| - name: Set timestamp | |
| run: echo "TIMESTAMP=$(expr $(date +%Y%m%d%H%M%S))" >> $GITHUB_ENV | |
| - name: Bygge dist | |
| run: yarn build | |
| - name: Opprett release med Sentry | |
| run: yarn sentry-release | |
| env: | |
| SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} | |
| - uses: nais/docker-build-push@v0 | |
| id: docker-push | |
| with: | |
| tag: 'latest' | |
| team: k9saksbehandling | |
| project_id: ${{ vars.NAIS_MANAGEMENT_PROJECT_ID }} | |
| identity_provider: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} | |
| - name: Sett image for nais deploy | |
| run: | | |
| echo "IMAGE=${{steps.docker-push.outputs.image}}" >> $GITHUB_OUTPUT | |
| echo "TAG=${{steps.docker-push.outputs.tag}}" >> $GITHUB_OUTPUT | |
| - name: Git diff url | |
| shell: bash | |
| run: | | |
| dynamic_url="https://github.com/${{ github.repository }}/compare/${{ env.TAG_LATEST_PROD }}...${{ github.sha }}" | |
| echo "Forskjell mellom denne build og prod: <${dynamic_url}>" >> $GITHUB_STEP_SUMMARY | |
| verdikjede-tester: | |
| name: Verdikjedetester | |
| secrets: inherit | |
| permissions: | |
| id-token: write | |
| contents: read | |
| packages: read | |
| uses: navikt/sif-gha-workflows/.github/workflows/verdikjede-test-v2.yml@main | |
| needs: build-docker-image | |
| with: | |
| tag: ${{ needs.build-docker-image.outputs.tag }} | |
| suites: "frontend" | |
| image_version: ${{ needs.build-docker-image.outputs.tag }} | |
| trivy: | |
| needs: [build-docker-image] | |
| uses: navikt/sif-gha-workflows/.github/workflows/trivy.yml@main | |
| permissions: | |
| contents: write | |
| id-token: write | |
| security-events: write | |
| actions: read | |
| secrets: inherit | |
| with: | |
| image: ${{ needs.build-docker-image.outputs.image }} | |
| team: k9saksbehandling | |
| deploy-dev: | |
| name: Deploy to dev | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| id-token: write | |
| env: | |
| CLUSTER: dev-fss | |
| environment: dev-fss:k9saksbehandling | |
| needs: [build-docker-image] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: nais/deploy/actions/deploy@v2 | |
| env: | |
| CLUSTER: ${{ env.CLUSTER }} | |
| RESOURCE: deploy/${{ env.CLUSTER }}-k9saksbehandling.yml | |
| VARS: deploy/dev.yaml | |
| VAR: image=${{ needs.build-docker-image.outputs.image }} | |
| deploy-prod: | |
| name: Deploy to prod | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| id-token: write | |
| env: | |
| CLUSTER: prod-fss | |
| environment: prod-fss:k9saksbehandling | |
| if: github.ref_name == 'master' | |
| needs: [build-docker-image, deploy-dev, verdikjede-tester, trivy] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| # Ta med litt historie og tags for å finne latest_prod commit hash | |
| fetch-tags: true | |
| fetch-depth: 100 | |
| - name: tag deployment image tag | |
| uses: actions/github-script@v7 | |
| env: | |
| TAG: prod_${{ needs.build-docker-image.outputs.tag }} | |
| with: | |
| script: | | |
| try { | |
| await github.rest.git.createRef({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| ref: 'refs/tags/${{ env.TAG }}', | |
| sha: context.sha | |
| }) | |
| } catch (err) { | |
| if(err.status === 422) { // tag already exists | |
| console.info('Tag for deployment ${{ env.TAG }} already existed. Will leave it as is'); | |
| } else { | |
| throw err; | |
| } | |
| } | |
| - name: Print static git diff url | |
| shell: bash | |
| run: | | |
| # disable exit on error temporarily in case latest_prod tag does not exist | |
| set +e | |
| latest_prod_sha="$(git rev-list -n 1 tags/${{ env.TAG_LATEST_PROD }})" | |
| # re-enable exit on error | |
| set -e | |
| if [ -n "${latest_prod_sha}" ]; then | |
| static_url="https://github.com/${{ github.repository }}/compare/${latest_prod_sha}...${{ github.sha }}" | |
| echo "Endringer prodsatt i denne utrulling : <${static_url}>" >> $GITHUB_STEP_SUMMARY | |
| fi | |
| - uses: nais/deploy/actions/deploy@v2 | |
| env: | |
| CLUSTER: ${{ env.CLUSTER }} | |
| RESOURCE: deploy/${{ env.CLUSTER }}-k9saksbehandling.yml | |
| VAR: image=${{ needs.build-docker-image.outputs.image }} | |
| - name: tag deployment done | |
| uses: actions/github-script@v7 | |
| with: | |
| script: | | |
| try { | |
| await github.rest.git.updateRef({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| ref: 'tags/${{ env.TAG_LATEST_PROD }}', | |
| sha: context.sha, | |
| force: true | |
| }) | |
| } catch (err) { | |
| if(err.status === 422) { // tag did not exist, try creating it | |
| console.info('Tag for ${{ env.TAG_LATEST_PROD }} did not exist. Will try creating it'); | |
| await github.rest.git.createRef({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| ref: 'refs/tags/${{ env.TAG_LATEST_PROD }}', | |
| sha: context.sha | |
| }) | |
| } else { | |
| throw err; | |
| } | |
| } |