-
Notifications
You must be signed in to change notification settings - Fork 0
157 lines (140 loc) · 5.18 KB
/
build-and-deploy.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
# This workflow will build and push a new Docker image to the default Artifact Registry in SSB.
#
# Overview:
# 1. Authenticate to Google Cloud
# 2. Authenticate to Artifact Registry
# 3. Build and publish a docker image to Google Artifact Registry
#
# To configure this workflow:
# 1. Change the values for the IMAGE_NAME and TEAM_NAME environment variables (below).
# 2. The image will be tagged with the git commit hash and latest. To override the default tags, add tags to the build_metadata step.
#
# This workflow is tailored for SSB´s setup, however if you wish to use this in a non SSB context ensure/change the following:
# 1. Create GitHub secrets for GAR_PROJECT_NUMBER and GAR_PROJECT_ID (Number and ID for the Artifact Registry project).
# 2. Create and configure Workload Identity Federation for GitHub.
name: Image Build and Deploy
on:
push:
branches:
- master
paths:
- .github/**
- src/**
- conf/**
- Dockerfile
- pom.xml
release:
types: [ published ]
workflow_dispatch:
env:
REGISTRY: europe-north1-docker.pkg.dev/artifact-registry-5n/dapla-stat-docker
IMAGE: maskinporten-guardian
jobs:
docker-build:
name: Docker build
permissions:
contents: "read"
id-token: "write"
runs-on: ubuntu-latest
outputs:
image: ${{ env.DOCKER_IMAGE }}
image-digest: ${{ steps.docker_build.outputs.digest }}
steps:
- name: Setup Maven Action # Composite action
uses: s4u/[email protected]
with:
java-version: 21
java-distribution: zulu
maven-version: 3.9.9
- name: Set docker image env var
run: |
echo "DOCKER_IMAGE=${REGISTRY}/${IMAGE}" >> $GITHUB_ENV
- name: "Authenticate to Google Cloud"
id: "auth"
uses: "google-github-actions/[email protected]"
with:
workload_identity_provider: "projects/848539402404/locations/global/workloadIdentityPools/gh-actions/providers/gh-actions"
service_account: "gh-actions-dapla-stat@artifact-registry-5n.iam.gserviceaccount.com"
token_format: "access_token"
- name: Login to registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: "oauth2accesstoken"
password: "${{ steps.auth.outputs.access_token }}"
- name: Build with Maven and deploy to Artifact Registry
run: mvn --batch-mode -P ssb-bip deploy
- name: Clean up artifacts that are no longer needed
run: |
rm -f target/maskinporten-guardian-*-sources.jar
rm -f target/maskinporten-guardian-*-javadoc.jar
ls -al target/maskinporten-guardian-*.jar
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v2
- name: Login to Artifact Registry
uses: docker/login-action@v2
with:
registry: ${{ env.REGISTRY }}
username: "oauth2accesstoken"
password: "${{ steps.auth.outputs.access_token }}"
- name: Docker meta
id: metadata
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE }}
# Docker tags based on the following events/attributes
tags: |
type=ref,event=branch
type=ref,event=pr,suffix=-${{ github.event.pull_request.head.sha }}
type=raw,value=latest,enable={{is_default_branch}}
type=raw,value={{branch}}-{{sha}}-{{date 'YYYYMMDDHHmmss'}},enable={{is_default_branch}}
type=semver,pattern=v{{version}}
type=semver,pattern=v{{major}}.{{minor}}
type=semver,pattern=v{{major}}
- name: Build and push
id: docker_build
uses: docker/build-push-action@v4
with:
file: Dockerfile
push: true
context: .
tags: |
${{ steps.metadata.outputs.tags }}
labels: ${{ steps.metadata.outputs.labels }}
- name: Image digest
run: echo ${{ steps.docker_build.outputs.digest }}
deploy:
name: Deploy to NAIS
runs-on: ubuntu-latest
needs: docker-build
permissions:
contents: "read"
id-token: "write"
steps:
- uses: actions/checkout@v4
- name: Deploy to dev
if: ${{ github.event_name != 'release' }}
uses: nais/deploy/actions/deploy@v2
env:
CLUSTER: dev
RESOURCE: .nais/dev.yaml
VAR: image=${{ needs.docker-build.outputs.image }}:latest
DEPLOY_SERVER: deploy.ssb.cloud.nais.io:443
- name: Deploy to test
if: ${{ github.event_name != 'release' }}
uses: nais/deploy/actions/deploy@v2
env:
CLUSTER: test
RESOURCE: .nais/test.yaml
VAR: image=${{ needs.docker-build.outputs.image }}:latest
DEPLOY_SERVER: deploy.ssb.cloud.nais.io:443
- name: Deploy to prod
if: ${{ github.event_name == 'release' }}
uses: nais/deploy/actions/deploy@v2
env:
CLUSTER: prod
RESOURCE: .nais/prod.yaml
## github.event.ref
VAR: image=${{ needs.docker-build.outputs.image }}:${{github.event.ref}}
DEPLOY_SERVER: deploy.ssb.cloud.nais.io:443