Oppgradere GHA bygg

gtcno · gtcno · commit 3f8069de6443 · 2023-09-19T14:13:36.000+02:00
diff --git a/.github/workflows/dp-inntekt-api-deploy.yaml b/.github/workflows/dp-inntekt-api-deploy.yaml
@@ -2,43 +2,37 @@ name: Build and deploy
 
 on: [push]
 
-env:
-  IMAGE: ghcr.io/${{ github.repository }}:${{ github.sha }}
-
 jobs:
   build:
+    permissions:
+      contents: "read"
+      id-token: "write"
     name: Build and publish Docker image
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4.0.0
       - uses: actions/setup-java@v3
         with:
           distribution: temurin
           java-version: 17
 
-      - uses: gradle/gradle-build-action@v2
+      - uses: gradle/gradle-build-action@v2.8.0
         with:
-          # arguments: --configuration-cache
           arguments: check build
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
-
-      - name: Login to GitHub Container Registry
-        uses: docker/login-action@v2
+      - uses: nais/docker-build-push@v0
+        name: docker-build-push
+        id: docker-build-push
         with:
-          registry: ghcr.io
-          username: ${{ github.repository_owner }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Build and push
-        uses: docker/build-push-action@v4
-        with:
-          context: .
-          tags: ${{ env.IMAGE }}
-          push: true
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
+          team: teamdagpenger
+          tag: latest
+          push_image: true # optional, default true
+          dockerfile: Dockerfile # optional, default Dockerfile
+          docker_context: . # optional, default .
+          identity_provider: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }}
+          project_id: ${{ vars.NAIS_MANAGEMENT_PROJECT_ID }}
+          tag_latest: true # optional, default false
+    outputs:
+      image: ${{ steps.docker-build-push.outputs.image }}
 
   deploy-dev:
     name: Deploy to dev
@@ -47,13 +41,14 @@ jobs:
     runs-on: ubuntu-latest
     environment: dev-fss
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4.0.0
       - uses: nais/deploy/actions/deploy@v1
         env:
           APIKEY: ${{ secrets.NAIS_DEPLOY_APIKEY }}
           CLUSTER: dev-fss
           RESOURCE: nais/dev/nais.yaml,nais/grpc-svc.yaml
           VARS: nais/vars.yaml
+          VAR: image=${{ needs.build.outputs.image }}
           PRINT_PAYLOAD: true
   deploy-prod:
     name: Deploy to Production
@@ -62,12 +57,12 @@ jobs:
     runs-on: ubuntu-latest
     environment: prod-fss
     steps:
-      - uses: actions/checkout@v3
-
+      - uses: actions/checkout@v4.0.0
       - uses: nais/deploy/actions/deploy@v1
         env:
           APIKEY: ${{ secrets.NAIS_DEPLOY_APIKEY }}
           CLUSTER: prod-fss
           RESOURCE: nais/prod/nais.yaml,nais/grpc-svc.yaml
           VARS: nais/vars.yaml
+          VAR: image=${{ needs.build.outputs.image }}
           PRINT_PAYLOAD: true
