FAGSYSTEM-360070 Støtte oppdatering av ident UTEN hendelse (#6604) #9447
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: etterlatte-saksbehandling-ui | |
env: | |
APP_NAME: ${{ github.workflow }} | |
on: | |
workflow_dispatch: # Allow manually triggered workflow run | |
inputs: | |
deploy-prod: | |
description: 'Deploy til produksjon' | |
required: false | |
default: 'false' | |
type: choice | |
options: | |
- true | |
- false | |
push: | |
branches: | |
- main | |
paths: | |
- apps/etterlatte-saksbehandling-ui/** | |
pull_request: | |
branches: | |
- main | |
paths: | |
- apps/etterlatte-saksbehandling-ui/** | |
- "!apps/etterlatte-saksbehandling-ui/.nais/*" | |
permissions: | |
contents: read | |
id-token: write | |
jobs: | |
test: | |
if: github.event_name == 'pull_request' | |
name: Test | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Setup Node | |
uses: actions/setup-node@v4 | |
with: | |
node-version: '20.x' | |
cache: 'yarn' | |
cache-dependency-path: apps/${{ env.APP_NAME }}/client/yarn.lock | |
- name: Install client | |
working-directory: apps/${{ env.APP_NAME }} | |
run: yarn --cwd client install --frozen-lockfile && yarn --cwd client build | |
- name: Install server | |
working-directory: apps/${{ env.APP_NAME }} | |
run: yarn --cwd server install --frozen-lockfile && yarn --cwd server build | |
- name: Run tests | |
working-directory: apps/${{ env.APP_NAME }}/client | |
run: CI=true yarn test | |
build: | |
if: github.event_name != 'pull_request' | |
name: Build, test and publish | |
runs-on: ubuntu-latest | |
outputs: | |
image: ${{ steps.docker-build-push.outputs.image }} | |
digest: ${{ steps.docker-build-push.outputs.digest }} | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Setup Node | |
uses: actions/setup-node@v4 | |
with: | |
node-version: '20.x' | |
cache: 'yarn' | |
cache-dependency-path: apps/${{ env.APP_NAME }}/client/yarn.lock | |
- name: Inject slug/short variables | |
uses: rlespinasse/github-slug-action@v5 | |
- name: License check top level | |
working-directory: apps/${{ env.APP_NAME }} | |
run: yarn install --frozen-lockfile && yarn lisenssjekk | |
- name: Install and build client | |
working-directory: apps/${{ env.APP_NAME }} | |
run: yarn --cwd client install --frozen-lockfile && yarn --cwd client build | |
- name: Install and build server | |
working-directory: apps/${{ env.APP_NAME }} | |
run: yarn --cwd server install --frozen-lockfile && yarn --cwd server build | |
- name: Run tests | |
working-directory: apps/${{ env.APP_NAME }}/client | |
run: CI=true yarn test | |
- name: Build and publish Docker image | |
uses: nais/docker-build-push@v0 | |
id: docker-build-push | |
with: | |
team: etterlatte | |
identity_provider: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} | |
project_id: ${{ vars.NAIS_MANAGEMENT_PROJECT_ID }} | |
salsa: false | |
docker_context: apps/${{ env.APP_NAME }}/ | |
image_suffix: ${{ github.workflow }} | |
tag: ${{ env.GITHUB_REF_SLUG }} | |
salsa: | |
name: Generate SBOM, attest and sign image | |
runs-on: ubuntu-latest | |
needs: build | |
permissions: | |
id-token: write | |
steps: | |
- name: NAIS login | |
uses: nais/login@v0 | |
id: login | |
with: | |
identity_provider: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} | |
project_id: ${{ vars.NAIS_MANAGEMENT_PROJECT_ID }} | |
team: etterlatte | |
- name: Lag image-referanse med digest | |
run: | | |
IMAGE_WITH_TAG="${{ needs.build.outputs.image }}" | |
IMAGE="${IMAGE_WITH_TAG%%:*}" | |
echo "IMAGE_WITH_DIGEST=${IMAGE}@${{ needs.build.outputs.digest }}" >> $GITHUB_ENV | |
- name: Generate SBOM, attest and sign image | |
id: attest-sign | |
uses: nais/attest-sign@v1 | |
env: | |
TRIVY_JAVA_DB_REPOSITORY: "public.ecr.aws/aquasecurity/trivy-java-db:1" | |
with: | |
image_ref: ${{ env.IMAGE_WITH_DIGEST }} | |
deploy-to-dev-gcp: | |
if: github.event_name != 'pull_request' | |
name: Deploy to dev-gcp | |
needs: build | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: nais/deploy/actions/deploy@v2 | |
env: | |
CLUSTER: dev-gcp | |
RESOURCE: apps/${{ env.APP_NAME }}/.nais/dev.yaml | |
VAR: image=${{ needs.build.outputs.image }} | |
deploy-to-prod-gcp: | |
name: Deploy to prod-gcp | |
if: ${{ github.ref == 'refs/heads/main' || github.event.inputs.deploy-prod == 'true' }} | |
needs: [build,deploy-to-dev-gcp] | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: nais/deploy/actions/deploy@v2 | |
env: | |
CLUSTER: prod-gcp | |
RESOURCE: apps/${{ env.APP_NAME }}/.nais/prod.yaml | |
VAR: image=${{ needs.build.outputs.image }} |