Skip to content

FAGSYSTEM-360070 Støtte oppdatering av ident UTEN hendelse (#6604) #9447

FAGSYSTEM-360070 Støtte oppdatering av ident UTEN hendelse (#6604)

FAGSYSTEM-360070 Støtte oppdatering av ident UTEN hendelse (#6604) #9447

name: etterlatte-saksbehandling-ui
env:
APP_NAME: ${{ github.workflow }}
on:
workflow_dispatch: # Allow manually triggered workflow run
inputs:
deploy-prod:
description: 'Deploy til produksjon'
required: false
default: 'false'
type: choice
options:
- true
- false
push:
branches:
- main
paths:
- apps/etterlatte-saksbehandling-ui/**
pull_request:
branches:
- main
paths:
- apps/etterlatte-saksbehandling-ui/**
- "!apps/etterlatte-saksbehandling-ui/.nais/*"
permissions:
contents: read
id-token: write
jobs:
test:
if: github.event_name == 'pull_request'
name: Test
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup Node
uses: actions/setup-node@v4
with:
node-version: '20.x'
cache: 'yarn'
cache-dependency-path: apps/${{ env.APP_NAME }}/client/yarn.lock
- name: Install client
working-directory: apps/${{ env.APP_NAME }}
run: yarn --cwd client install --frozen-lockfile && yarn --cwd client build
- name: Install server
working-directory: apps/${{ env.APP_NAME }}
run: yarn --cwd server install --frozen-lockfile && yarn --cwd server build
- name: Run tests
working-directory: apps/${{ env.APP_NAME }}/client
run: CI=true yarn test
build:
if: github.event_name != 'pull_request'
name: Build, test and publish
runs-on: ubuntu-latest
outputs:
image: ${{ steps.docker-build-push.outputs.image }}
digest: ${{ steps.docker-build-push.outputs.digest }}
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup Node
uses: actions/setup-node@v4
with:
node-version: '20.x'
cache: 'yarn'
cache-dependency-path: apps/${{ env.APP_NAME }}/client/yarn.lock
- name: Inject slug/short variables
uses: rlespinasse/github-slug-action@v5
- name: License check top level
working-directory: apps/${{ env.APP_NAME }}
run: yarn install --frozen-lockfile && yarn lisenssjekk
- name: Install and build client
working-directory: apps/${{ env.APP_NAME }}
run: yarn --cwd client install --frozen-lockfile && yarn --cwd client build
- name: Install and build server
working-directory: apps/${{ env.APP_NAME }}
run: yarn --cwd server install --frozen-lockfile && yarn --cwd server build
- name: Run tests
working-directory: apps/${{ env.APP_NAME }}/client
run: CI=true yarn test
- name: Build and publish Docker image
uses: nais/docker-build-push@v0
id: docker-build-push
with:
team: etterlatte
identity_provider: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }}
project_id: ${{ vars.NAIS_MANAGEMENT_PROJECT_ID }}
salsa: false
docker_context: apps/${{ env.APP_NAME }}/
image_suffix: ${{ github.workflow }}
tag: ${{ env.GITHUB_REF_SLUG }}
salsa:
name: Generate SBOM, attest and sign image
runs-on: ubuntu-latest
needs: build
permissions:
id-token: write
steps:
- name: NAIS login
uses: nais/login@v0
id: login
with:
identity_provider: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }}
project_id: ${{ vars.NAIS_MANAGEMENT_PROJECT_ID }}
team: etterlatte
- name: Lag image-referanse med digest
run: |
IMAGE_WITH_TAG="${{ needs.build.outputs.image }}"
IMAGE="${IMAGE_WITH_TAG%%:*}"
echo "IMAGE_WITH_DIGEST=${IMAGE}@${{ needs.build.outputs.digest }}" >> $GITHUB_ENV
- name: Generate SBOM, attest and sign image
id: attest-sign
uses: nais/attest-sign@v1
env:
TRIVY_JAVA_DB_REPOSITORY: "public.ecr.aws/aquasecurity/trivy-java-db:1"
with:
image_ref: ${{ env.IMAGE_WITH_DIGEST }}
deploy-to-dev-gcp:
if: github.event_name != 'pull_request'
name: Deploy to dev-gcp
needs: build
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: nais/deploy/actions/deploy@v2
env:
CLUSTER: dev-gcp
RESOURCE: apps/${{ env.APP_NAME }}/.nais/dev.yaml
VAR: image=${{ needs.build.outputs.image }}
deploy-to-prod-gcp:
name: Deploy to prod-gcp
if: ${{ github.ref == 'refs/heads/main' || github.event.inputs.deploy-prod == 'true' }}
needs: [build,deploy-to-dev-gcp]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: nais/deploy/actions/deploy@v2
env:
CLUSTER: prod-gcp
RESOURCE: apps/${{ env.APP_NAME }}/.nais/prod.yaml
VAR: image=${{ needs.build.outputs.image }}