From 1b322778b749f1fc4aa5250f71c2cc4e81e844bf Mon Sep 17 00:00:00 2001 From: Mads Opheim <71336041+madsop-nav@users.noreply.github.com> Date: Tue, 19 Dec 2023 09:34:47 +0100 Subject: [PATCH] =?UTF-8?q?Konfig=20for=20=C3=A5=20deploye=20utan=20=C3=A5?= =?UTF-8?q?=20bruke=20API-n=C3=B8kkel=20(#166)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Konfig for å deploye utan å bruke API-nøkkel * Også for prod * Fordel å hugse å oppdatere versjon overalt --- .github/workflows/.deploy.yaml | 6 ++---- .github/workflows/app-etterlatte-proxy.yaml | 5 ++++- .github/workflows/app-ey-pdfgen.yaml | 5 ++++- .github/workflows/etterlatte-notifikasjoner.yaml | 5 ++++- .github/workflows/ey-slackbot.yaml | 3 +++ 5 files changed, 17 insertions(+), 7 deletions(-) diff --git a/.github/workflows/.deploy.yaml b/.github/workflows/.deploy.yaml index 6c684b83..9883bdb0 100644 --- a/.github/workflows/.deploy.yaml +++ b/.github/workflows/.deploy.yaml @@ -19,9 +19,8 @@ jobs: timeout-minutes: 10 steps: - uses: actions/checkout@v4 - - uses: nais/deploy/actions/deploy@v1 + - uses: nais/deploy/actions/deploy@v2 env: - APIKEY: ${{ secrets.NAIS_DEPLOY_APIKEY }} CLUSTER: dev-${{ inputs.cluster }} RESOURCE: apps/${{ github.workflow }}/.nais/dev.yaml VAR: image=${{ inputs.image }} @@ -38,10 +37,9 @@ jobs: id: check_files with: files: "apps/${{ github.workflow }}/.nais/prod.yaml" - - uses: nais/deploy/actions/deploy@v1 + - uses: nais/deploy/actions/deploy@v2 if: steps.check_files.outputs.files_exists == 'true' env: - APIKEY: ${{ secrets.NAIS_DEPLOY_APIKEY }} CLUSTER: prod-${{ inputs.cluster }} RESOURCE: apps/${{ github.workflow }}/.nais/prod.yaml VAR: image=${{ inputs.image }} diff --git a/.github/workflows/app-etterlatte-proxy.yaml b/.github/workflows/app-etterlatte-proxy.yaml index bddad32c..b0237f80 100644 --- a/.github/workflows/app-etterlatte-proxy.yaml +++ b/.github/workflows/app-etterlatte-proxy.yaml @@ -41,4 +41,7 @@ jobs: with: image: ${{ needs.build.outputs.image }} cluster: 'fss' - secrets: inherit \ No newline at end of file + secrets: inherit + permissions: + contents: 'read' + id-token: 'write' \ No newline at end of file diff --git a/.github/workflows/app-ey-pdfgen.yaml b/.github/workflows/app-ey-pdfgen.yaml index b58bf43c..0d73cb28 100644 --- a/.github/workflows/app-ey-pdfgen.yaml +++ b/.github/workflows/app-ey-pdfgen.yaml @@ -29,4 +29,7 @@ jobs: with: image: ${{ needs.build.outputs.image }} cluster: 'gcp' - secrets: inherit \ No newline at end of file + secrets: inherit + permissions: + contents: 'read' + id-token: 'write' \ No newline at end of file diff --git a/.github/workflows/etterlatte-notifikasjoner.yaml b/.github/workflows/etterlatte-notifikasjoner.yaml index 8660d763..7f18c5f2 100644 --- a/.github/workflows/etterlatte-notifikasjoner.yaml +++ b/.github/workflows/etterlatte-notifikasjoner.yaml @@ -41,4 +41,7 @@ jobs: with: image: ${{ needs.build.outputs.image }} cluster: 'gcp' - secrets: inherit \ No newline at end of file + secrets: inherit + permissions: + contents: 'read' + id-token: 'write' \ No newline at end of file diff --git a/.github/workflows/ey-slackbot.yaml b/.github/workflows/ey-slackbot.yaml index ac5f98c3..88223387 100644 --- a/.github/workflows/ey-slackbot.yaml +++ b/.github/workflows/ey-slackbot.yaml @@ -25,3 +25,6 @@ jobs: image: ${{ needs.build.outputs.image }} cluster: 'gcp' secrets: inherit + permissions: + contents: 'read' + id-token: 'write'