Over på nais-actionen docker-build-push (#136)

* Forbetre dockerfile * Rein kopi av arbeidsflyt-standardane frå Gjennykoden * Treng ikkje så heftige nodar her * Opnar for at vi har forskjellige clustre her * Samkøyrer byggejobbane for kotlin-appane med dei vi har i Gjenny * Samkøyrer også slackbot og pdfgen. Fint å komme oss heilt over på nais-actionen * Ruddar opp
navikt · Dec 11, 2023 · dff9b01 · dff9b01
1 parent 36fc8b5
commit dff9b01
Show file tree

Hide file tree

Showing 10 changed files with 238 additions and 186 deletions.
diff --git a/.github/workflows/.build-frontend.yaml b/.github/workflows/.build-frontend.yaml
@@ -0,0 +1,38 @@
+name: .build-frontend.yaml
+
+on:
+  workflow_call:
+    outputs:
+      image:
+        description: "Docker image url"
+        value: ${{ jobs.build-and-publish.outputs.image }}
+
+jobs:
+  build-and-publish:
+    name: Build & publish
+    runs-on: ubuntu-latest-8-cores
+    timeout-minutes: 10
+    permissions:
+      contents: 'read'
+      id-token: 'write'
+    outputs:
+      image: ${{ steps.docker-build-push.outputs.image }}
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+      - name: Inject slug/short variables
+        uses: rlespinasse/github-slug-action@v4
+
+      - name: Build and publish docker image
+        uses: nais/docker-build-push@v0
+        id: docker-build-push
+        with:
+          team: etterlatte
+          identity_provider: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }}
+          project_id: ${{ vars.NAIS_MANAGEMENT_PROJECT_ID }}
+          dockerfile: docker/Dockerfile
+          docker_context: apps/${{ github.workflow }}/
+          image_suffix: ${{ github.workflow }}
+          tag: ${{ env.GITHUB_REF_SLUG }}
+      - name: Print docker tag
+        run: echo 'Docker-tag er ${{ steps.docker-build-push.outputs.image }} ' >> $GITHUB_STEP_SUMMARY
diff --git a/.github/workflows/.build.yaml b/.github/workflows/.build.yaml
@@ -0,0 +1,48 @@
+name: .build.yaml
+
+on:
+  workflow_call:
+    outputs:
+      image:
+        description: "Docker image url"
+        value: ${{ jobs.build-and-publish.outputs.image }}
+
+jobs:
+  build-and-publish:
+    name: Build & publish
+    runs-on: ubuntu-latest-8-cores
+    timeout-minutes: 10
+    permissions:
+      contents: 'read'
+      id-token: 'write'
+    outputs:
+      image: ${{ steps.docker-build-push.outputs.image }}
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+      - name: Setup Java v17.x
+        uses: actions/setup-java@v4
+        with:
+          distribution: temurin
+          java-version: 17.x
+          cache: gradle
+      - name: Inject slug/short variables
+        uses: rlespinasse/github-slug-action@v4
+      - name: Gradle test and build
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: ./gradlew :apps:${{ github.workflow }}:build
+
+      - name: Build and publish docker image
+        uses: nais/docker-build-push@v0
+        id: docker-build-push
+        with:
+          team: etterlatte
+          identity_provider: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }}
+          project_id: ${{ vars.NAIS_MANAGEMENT_PROJECT_ID }}
+          dockerfile: docker/Dockerfile
+          docker_context: apps/${{ github.workflow }}/
+          image_suffix: ${{ github.workflow }}
+          tag: ${{ env.GITHUB_REF_SLUG }}
+      - name: Print docker tag
+        run: echo 'Docker-tag er ${{ steps.docker-build-push.outputs.image }} ' >> $GITHUB_STEP_SUMMARY
diff --git a/.github/workflows/.deploy.yaml b/.github/workflows/.deploy.yaml
@@ -0,0 +1,47 @@
+name: .deploy.yaml
+
+on:
+  workflow_call:
+    inputs:
+      image:
+        description: 'Lenke til docker image'
+        required: true
+        type: string
+      cluster:
+        description: 'Cluster. gcp eller fss'
+        required: true
+        type: string
+
+jobs:
+  deploy-to-dev-cluster:
+    name: dev-cluster
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    steps:
+      - uses: actions/checkout@v4
+      - uses: nais/deploy/actions/deploy@v1
+        env:
+          APIKEY: ${{ secrets.NAIS_DEPLOY_APIKEY }}
+          CLUSTER: dev-$${{ inputs.cluster }}
+          RESOURCE: apps/${{ github.workflow }}/.nais/dev.yaml
+          VAR: image=${{ inputs.image }}
+
+  deploy-to-prod-cluster:
+    name: prod-cluster
+    if: ${{ github.ref == 'refs/heads/main' || github.event.inputs.deploy-prod == 'true' }}
+    needs: deploy-to-dev-cluster
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    steps:
+      - uses: actions/checkout@v4
+      - uses: andstor/file-existence-action@v2
+        id: check_files
+        with:
+          files: "apps/${{ github.workflow }}/.nais/prod.yaml"
+      - uses: nais/deploy/actions/deploy@v1
+        if: steps.check_files.outputs.files_exists == 'true'
+        env:
+          APIKEY: ${{ secrets.NAIS_DEPLOY_APIKEY }}
+          CLUSTER: prod-${{ inputs.cluster }}
+          RESOURCE: apps/${{ github.workflow }}/.nais/prod.yaml
+          VAR: image=${{ inputs.image }}
diff --git a/.github/workflows/.test.yaml b/.github/workflows/.test.yaml
@@ -0,0 +1,23 @@
+name: .build-backend.yaml
+
+on:
+  workflow_call:
+
+jobs:
+  test:
+    name: Verify pull request
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+      - name: Setup Java v17.x
+        uses: actions/setup-java@v4
+        with:
+          distribution: temurin
+          java-version: 17.x
+          cache: gradle
+      - name: Gradle test and build
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: ./gradlew :apps:${{ github.workflow }}:test --stacktrace
diff --git a/.github/workflows/app-etterlatte-proxy.yaml b/.github/workflows/app-etterlatte-proxy.yaml
@@ -1,9 +1,5 @@
 name: etterlatte-proxy
 
-env:
-  IMAGE: ghcr.io/${{ github.repository }}/${{ github.workflow }}:${{ github.sha }}
-  APP_NAME: ${{ github.workflow }}
-
 on:
   workflow_dispatch: # Allow manually triggered workflow run
     inputs:
@@ -16,60 +12,31 @@ on:
       - main
     paths:
       - apps/etterlatte-proxy/**
+  pull_request:
+    branches:
+      - main
+    paths:
+      - apps/etterlatte-proxy/**
 
 jobs:
-  build-and-publish:
-    name: Build, test, and publish
-    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      packages: write
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-      - name: Setup Java v17.x
-        uses: actions/setup-java@v4
-        with:
-          distribution: temurin
-          java-version: 17.x
-          cache: gradle
-      - name: Gradle test and build
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: |
-          chmod +x ./gradlew
-          ./gradlew :apps:${APP_NAME}:test :apps:${APP_NAME}:build
-      - name: Build and publish docker image
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: |
-          docker login ghcr.io -u ${GITHUB_REPOSITORY} -p ${GITHUB_TOKEN}
-          docker build --tag ${IMAGE} apps/${APP_NAME}
-          docker push ${IMAGE}
+  test:
+    if: github.event_name == 'pull_request'
+    uses: ./.github/workflows/.test.yaml
+    secrets: inherit
 
-  deploy-to-dev-fss:
-    name: Deploy to dev-fss
-    needs: build-and-publish
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      - uses: nais/deploy/actions/deploy@v1
-        env:
-          APIKEY: ${{ secrets.NAIS_DEPLOY_APIKEY }}
-          CLUSTER: dev-fss
-          RESOURCE: apps/${{ env.APP_NAME }}/.nais/dev.yaml
+  build:
+    if: github.event_name != 'pull_request'
+    uses: ./.github/workflows/.build.yaml
+    secrets: inherit
+    permissions:
+      contents: 'read'
+      id-token: 'write'
 
-  deploy-to-prod-fss:
-    name: Deploy to prod-fss
-    if: ${{ github.ref == 'refs/heads/main' || github.event.inputs.deploy-prod == 'true' }}
-    needs: deploy-to-dev-fss
-    runs-on: ubuntu-latest
-    timeout-minutes: 3
-    continue-on-error: true
-    steps:
-      - uses: actions/checkout@v4
-      - uses: nais/deploy/actions/deploy@v1
-        env:
-          APIKEY: ${{ secrets.NAIS_DEPLOY_APIKEY }}
-          CLUSTER: prod-fss
-          RESOURCE: apps/${{ env.APP_NAME }}/.nais/prod.yaml
+  deploy:
+    if: github.event_name != 'pull_request'
+    needs: build
+    uses: ./.github/workflows/.deploy.yaml
+    with:
+      image: ${{ needs.build.outputs.image }}
+      cluster: 'fss'
+    secrets: inherit
diff --git a/.github/workflows/app-ey-pdfgen.yaml b/.github/workflows/app-ey-pdfgen.yaml
@@ -1,9 +1,5 @@
 name: ey-pdfgen
 
-env:
-  IMAGE: ghcr.io/${{ github.repository }}/${{ github.workflow }}:${{ github.sha }}
-  APP_NAME: ${{ github.workflow }}
-
 on:
   workflow_dispatch: # Allow manually triggered workflow run
     inputs:
@@ -18,44 +14,19 @@ on:
       - apps/ey-pdfgen/**
 
 jobs:
-  build-and-publish:
-    name: Build, test, and publish
-    runs-on: ubuntu-latest
+  build:
+    if: github.event_name != 'pull_request'
+    uses: ./.github/workflows/.build-frontend.yaml
+    secrets: inherit
     permissions:
-      contents: read
-      packages: write
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-      - name: Build and publish docker image
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: |
-          docker login ghcr.io -u ${GITHUB_REPOSITORY} -p ${GITHUB_TOKEN}
-          docker build --tag ${IMAGE} apps/${APP_NAME}
-          docker push ${IMAGE}
-
-  deploy-to-dev-gcp:
-    name: Deploy to dev-gcp
-    needs: build-and-publish
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      - uses: nais/deploy/actions/deploy@v1
-        env:
-          APIKEY: ${{ secrets.NAIS_DEPLOY_APIKEY }}
-          CLUSTER: dev-gcp
-          RESOURCE: apps/${{ env.APP_NAME }}/.nais/dev.yaml
+      contents: 'read'
+      id-token: 'write'
 
-  deploy-to-prod-gcp:
-    name: Deploy to prod-gcp
-    if: ${{ github.ref == 'refs/heads/main' || github.event.inputs.deploy-prod == 'true' }}
-    needs: deploy-to-dev-gcp
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      - uses: nais/deploy/actions/deploy@v1
-        env:
-          APIKEY: ${{ secrets.NAIS_DEPLOY_APIKEY }}
-          CLUSTER: prod-gcp
-          RESOURCE: apps/${{ env.APP_NAME }}/.nais/prod.yaml
+  deploy:
+    if: github.event_name != 'pull_request'
+    needs: build
+    uses: ./.github/workflows/.deploy.yaml
+    with:
+      image: ${{ needs.build.outputs.image }}
+      cluster: 'gcp'
+    secrets: inherit