Skip to content

Commit

Permalink
feature/forbedring_workflows (#3405)
Browse files Browse the repository at this point in the history
- Optimalisert workflows (apps, proxies, libs) for vår bruk.
- Overgang til tokenless deploy for alle workflows.
  • Loading branch information
rfc3092 authored Feb 8, 2024
1 parent c4d919e commit 6de0163
Show file tree
Hide file tree
Showing 118 changed files with 428 additions and 1,032 deletions.
8 changes: 5 additions & 3 deletions .github/workflows/alert-dolly.yml
Original file line number Diff line number Diff line change
Expand Up @@ -8,12 +8,14 @@ jobs:
apply-alerts:
name: Apply alerts to cluster
runs-on: ubuntu-latest
permissions:
contents: read
id-token: write
steps:
- name: Checkout code
uses: actions/checkout@v3
uses: actions/checkout@v4
- name: deploy to dev
uses: nais/deploy/actions/deploy@v1
uses: nais/deploy/actions/deploy@v2
env:
APIKEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }}
CLUSTER: dev-gcp
RESOURCE: .nais/alerting-dolly.yml
42 changes: 9 additions & 33 deletions .github/workflows/all.workflows.yml
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ on:
- "frontend"
type:
type: choice
description: "App or proxy. Used to resolve the working directory together with name, as <type>/<name>."
description: "Apps or proxies. Used to resolve the working directory together with name, as <type>/<name>."
options:
- "apps"
- "proxies"
Expand All @@ -28,31 +28,22 @@ on:
type: boolean
description: "Deploy? Make sure the effective working directory contains a NAIS manifest as named below! Note: For dolly-frontend, this will also deploy with config.idporten.yml."
default: false
nais-manifest:
type: string
description: "Custom NAIS manifest filename."
default: "config.yml"
force-deploy-test:
type: boolean
description: "Deploy to test? Make sure the effective working directory contains a config.test.yml! Note: For dolly-frontend, this will also deploy with config.unstable.yml."
default: false
sonar-enabled:
type: boolean
description: "Run Sonar scan?"
default: true

permissions:
contents: read
id-token: write

jobs:

start:
runs-on: ubuntu-latest
steps:
- name: "Log inputs"
run: |
echo "branch: ${{ github.ref_name }}"
echo "inputs: ${{ toJSON(inputs) }}"
backend:
needs: start
if: inputs.workflow == 'backend'
uses: ./.github/workflows/common.workflow.backend.yml
with:
Expand All @@ -62,35 +53,20 @@ jobs:
deploy-tag: ""
force-deploy: ${{ inputs.force-deploy }}
force-deploy-test: ${{ inputs.force-deploy-test }}
permissions:
contents: read
id-token: write
secrets:
NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }}
NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }}
NAV_TOKEN: ${{ secrets.NAV_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
sonar-enabled: ${{ inputs.sonar-enabled }}
secrets: inherit

frontend:
needs: start
if: inputs.workflow == 'frontend'
uses: ./.github/workflows/common.workflow.frontend.yml
with:
cluster: ${{ inputs.cluster }}
working-directory: "${{ inputs.type }}/${{ inputs.name }}"
image-suffix: ${{ inputs.name }}
deploy-tag: ""
nais-manifest: ${{ inputs.nais-manifest }}
force-deploy: ${{ inputs.force-deploy }}
force-deploy-test: ${{ inputs.force-deploy-test }}
force-deploy-idporten: ${{ inputs.name == 'dolly-frontend' && inputs.force-deploy }}
force-deploy-unstable: ${{ inputs.name == 'dolly-frontend' && inputs.force-deploy-test }}
permissions:
contents: read
id-token: write
secrets:
NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }}
NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }}
NAV_TOKEN: ${{ secrets.NAV_TOKEN }}
READER_TOKEN: ${{ secrets.READER_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
sonar-enabled: ${{ inputs.sonar-enabled }}
secrets: inherit
6 changes: 1 addition & 5 deletions .github/workflows/app.adresse-service.yml
Original file line number Diff line number Diff line change
Expand Up @@ -19,8 +19,4 @@ jobs:
permissions:
contents: read
id-token: write
secrets:
NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }}
NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }}
NAV_TOKEN: ${{ secrets.NAV_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
secrets: inherit
6 changes: 1 addition & 5 deletions .github/workflows/app.amelding-service.yml
Original file line number Diff line number Diff line change
Expand Up @@ -21,8 +21,4 @@ jobs:
permissions:
contents: read
id-token: write
secrets:
NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }}
NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }}
NAV_TOKEN: ${{ secrets.NAV_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
secrets: inherit
6 changes: 1 addition & 5 deletions .github/workflows/app.app-tilgang-analyse-service.yml
Original file line number Diff line number Diff line change
Expand Up @@ -18,8 +18,4 @@ jobs:
permissions:
contents: read
id-token: write
secrets:
NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }}
NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }}
NAV_TOKEN: ${{ secrets.NAV_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
secrets: inherit
6 changes: 1 addition & 5 deletions .github/workflows/app.arbeidsforhold-service.yml
Original file line number Diff line number Diff line change
Expand Up @@ -21,8 +21,4 @@ jobs:
permissions:
contents: read
id-token: write
secrets:
NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }}
NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }}
NAV_TOKEN: ${{ secrets.NAV_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
secrets: inherit
6 changes: 1 addition & 5 deletions .github/workflows/app.batch-bestilling-service.yml
Original file line number Diff line number Diff line change
Expand Up @@ -22,8 +22,4 @@ jobs:
permissions:
contents: read
id-token: write
secrets:
NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }}
NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }}
NAV_TOKEN: ${{ secrets.NAV_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
secrets: inherit
6 changes: 1 addition & 5 deletions .github/workflows/app.brreg-stub.yml
Original file line number Diff line number Diff line change
Expand Up @@ -18,8 +18,4 @@ jobs:
permissions:
contents: read
id-token: write
secrets:
NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }}
NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }}
NAV_TOKEN: ${{ secrets.NAV_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
secrets: inherit
6 changes: 1 addition & 5 deletions .github/workflows/app.bruker-service.yml
Original file line number Diff line number Diff line change
Expand Up @@ -21,8 +21,4 @@ jobs:
permissions:
contents: read
id-token: write
secrets:
NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }}
NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }}
NAV_TOKEN: ${{ secrets.NAV_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
secrets: inherit
6 changes: 1 addition & 5 deletions .github/workflows/app.budpro-service.yml
Original file line number Diff line number Diff line change
Expand Up @@ -22,8 +22,4 @@ jobs:
permissions:
contents: read
id-token: write
secrets:
NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }}
NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }}
NAV_TOKEN: ${{ secrets.NAV_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
secrets: inherit
6 changes: 1 addition & 5 deletions .github/workflows/app.dolly-backend.yml
Original file line number Diff line number Diff line change
Expand Up @@ -23,8 +23,4 @@ jobs:
permissions:
contents: read
id-token: write
secrets:
NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }}
NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }}
NAV_TOKEN: ${{ secrets.NAV_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
secrets: inherit
7 changes: 1 addition & 6 deletions .github/workflows/app.dolly-frontend.yml
Original file line number Diff line number Diff line change
Expand Up @@ -35,9 +35,4 @@ jobs:
permissions:
contents: read
id-token: write
secrets:
NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }}
NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }}
NAV_TOKEN: ${{ secrets.NAV_TOKEN }}
READER_TOKEN: ${{ secrets.READER_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
secrets: inherit
7 changes: 1 addition & 6 deletions .github/workflows/app.dollystatus.yml
Original file line number Diff line number Diff line change
Expand Up @@ -15,9 +15,4 @@ jobs:
permissions:
contents: read
id-token: write
secrets:
NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }}
NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }}
NAV_TOKEN: ${{ secrets.NAV_TOKEN }}
READER_TOKEN: ${{ secrets.READER_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
secrets: inherit
7 changes: 1 addition & 6 deletions .github/workflows/app.endringsmelding-frontend.yml
Original file line number Diff line number Diff line change
Expand Up @@ -19,9 +19,4 @@ jobs:
permissions:
contents: read
id-token: write
secrets:
NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }}
NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }}
NAV_TOKEN: ${{ secrets.NAV_TOKEN }}
READER_TOKEN: ${{ secrets.READER_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
secrets: inherit
6 changes: 1 addition & 5 deletions .github/workflows/app.endringsmelding-service.yml
Original file line number Diff line number Diff line change
Expand Up @@ -19,8 +19,4 @@ jobs:
permissions:
contents: read
id-token: write
secrets:
NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }}
NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }}
NAV_TOKEN: ${{ secrets.NAV_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
secrets: inherit
6 changes: 1 addition & 5 deletions .github/workflows/app.ereg-batch-status-service.yml
Original file line number Diff line number Diff line change
Expand Up @@ -20,8 +20,4 @@ jobs:
permissions:
contents: read
id-token: write
secrets:
NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }}
NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }}
NAV_TOKEN: ${{ secrets.NAV_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
secrets: inherit
7 changes: 1 addition & 6 deletions .github/workflows/app.faste-data-frontend.yml
Original file line number Diff line number Diff line change
Expand Up @@ -19,9 +19,4 @@ jobs:
permissions:
contents: read
id-token: write
secrets:
NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }}
NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }}
NAV_TOKEN: ${{ secrets.NAV_TOKEN }}
READER_TOKEN: ${{ secrets.READER_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
secrets: inherit
Original file line number Diff line number Diff line change
Expand Up @@ -20,8 +20,4 @@ jobs:
permissions:
contents: read
id-token: write
secrets:
NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }}
NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }}
NAV_TOKEN: ${{ secrets.NAV_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
secrets: inherit
6 changes: 1 addition & 5 deletions .github/workflows/app.generer-navn-service.yml
Original file line number Diff line number Diff line change
Expand Up @@ -21,8 +21,4 @@ jobs:
permissions:
contents: read
id-token: write
secrets:
NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }}
NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }}
NAV_TOKEN: ${{ secrets.NAV_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
secrets: inherit
Original file line number Diff line number Diff line change
Expand Up @@ -25,8 +25,4 @@ jobs:
permissions:
contents: read
id-token: write
secrets:
NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }}
NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }}
NAV_TOKEN: ${{ secrets.NAV_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
secrets: inherit
6 changes: 1 addition & 5 deletions .github/workflows/app.generer-synt-amelding-service.yml
Original file line number Diff line number Diff line change
Expand Up @@ -20,8 +20,4 @@ jobs:
permissions:
contents: read
id-token: write
secrets:
NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }}
NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }}
NAV_TOKEN: ${{ secrets.NAV_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
secrets: inherit
6 changes: 1 addition & 5 deletions .github/workflows/app.geografiske-kodeverk-service.yml
Original file line number Diff line number Diff line change
Expand Up @@ -18,8 +18,4 @@ jobs:
permissions:
contents: read
id-token: write
secrets:
NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }}
NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }}
NAV_TOKEN: ${{ secrets.NAV_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
secrets: inherit
6 changes: 1 addition & 5 deletions .github/workflows/app.helsepersonell-service.yml
Original file line number Diff line number Diff line change
Expand Up @@ -21,8 +21,4 @@ jobs:
permissions:
contents: read
id-token: write
secrets:
NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }}
NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }}
NAV_TOKEN: ${{ secrets.NAV_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
secrets: inherit
6 changes: 1 addition & 5 deletions .github/workflows/app.inntektsmelding-generator-service.yml
Original file line number Diff line number Diff line change
Expand Up @@ -18,8 +18,4 @@ jobs:
permissions:
contents: read
id-token: write
secrets:
NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }}
NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }}
NAV_TOKEN: ${{ secrets.NAV_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
secrets: inherit
6 changes: 1 addition & 5 deletions .github/workflows/app.inntektsmelding-service.yml
Original file line number Diff line number Diff line change
Expand Up @@ -19,8 +19,4 @@ jobs:
permissions:
contents: read
id-token: write
secrets:
NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }}
NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }}
NAV_TOKEN: ${{ secrets.NAV_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
secrets: inherit
6 changes: 1 addition & 5 deletions .github/workflows/app.jenkins-batch-status-service.yml
Original file line number Diff line number Diff line change
Expand Up @@ -21,8 +21,4 @@ jobs:
permissions:
contents: read
id-token: write
secrets:
NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }}
NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }}
NAV_TOKEN: ${{ secrets.NAV_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
secrets: inherit
6 changes: 1 addition & 5 deletions .github/workflows/app.joark-dokument-service.yml
Original file line number Diff line number Diff line change
Expand Up @@ -21,8 +21,4 @@ jobs:
permissions:
contents: read
id-token: write
secrets:
NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }}
NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }}
NAV_TOKEN: ${{ secrets.NAV_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
secrets: inherit
6 changes: 1 addition & 5 deletions .github/workflows/app.miljoer-service.yml
Original file line number Diff line number Diff line change
Expand Up @@ -20,8 +20,4 @@ jobs:
permissions:
contents: read
id-token: write
secrets:
NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }}
NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }}
NAV_TOKEN: ${{ secrets.NAV_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
secrets: inherit
6 changes: 1 addition & 5 deletions .github/workflows/app.oppsummeringsdokument-service.yml
Original file line number Diff line number Diff line change
Expand Up @@ -20,8 +20,4 @@ jobs:
permissions:
contents: read
id-token: write
secrets:
NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }}
NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }}
NAV_TOKEN: ${{ secrets.NAV_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
secrets: inherit
6 changes: 1 addition & 5 deletions .github/workflows/app.organisasjon-bestilling-service.yml
Original file line number Diff line number Diff line change
Expand Up @@ -21,8 +21,4 @@ jobs:
permissions:
contents: read
id-token: write
secrets:
NAIS_DOLLY_DEPLOY_API_KEY: ${{ secrets.NAIS_DOLLY_DEPLOY_API_KEY }}
NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }}
NAV_TOKEN: ${{ secrets.NAV_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
secrets: inherit
Loading

0 comments on commit 6de0163

Please sign in to comment.