Deploy til nais via GHA

navikt/dagpenger#531

Author: geiralund

.github/workflows/dp-inntekt-api-deploy.yaml

@@ -0,0 +1,128 @@
+name: Build and deploy
+
+on: [push]
+
+env:
+  IMAGE: docker.pkg.github.com/${{ github.repository }}/dp-inntekt-api:${{ github.sha }}
+jobs:
+  build:
+    name: Build and publish Docker image
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+
+      - name: Set up Java
+        uses: actions/setup-java@v1
+        with:
+          java-version: '13.x'
+
+      - name: Cache gradle dependencies
+        uses: actions/cache@v1
+        with:
+          path: ~/.gradle/caches
+          key: ${{ runner.os }}-gradle-${{ hashFiles('build.gradle.kts', 'buildSrc/src/main/kotlin/Constants.kt') }}
+          restore-keys: |
+            ${{ runner.os }}-gradle-
+      - name: Build with Gradle
+        run: ./gradlew build --info
+
+      - name: Build and Publish Docker image
+        if: github.ref == 'refs/heads/master'
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          docker build -t $IMAGE .
+          docker login docker.pkg.github.com -u ${GITHUB_REPOSITORY} -p ${GITHUB_TOKEN}
+          docker push $IMAGE
+      - name: Archive NAIS yaml
+        if: github.ref == 'refs/heads/master'
+        uses: actions/upload-artifact@v1
+        with:
+          name: nais-yaml
+          path: nais
+
+deploy-dev:
+  name: Deploy to dev
+  needs: [build]
+  if: github.ref == 'refs/heads/master'
+  runs-on: ubuntu-latest
+  steps:
+    - name: Fetch NAIS yaml
+      uses: actions/download-artifact@v1
+      with:
+        name: nais-yaml
+        path: nais
+
+    - uses: nais/deploy/actions/deploy@v1
+      env:
+        APIKEY: ${{ secrets.NAIS_DEPLOY_APIKEY }}
+        CLUSTER: dev-fss
+        RESOURCE: nais/alerts.yaml,nais/grpc-svc.yaml,nais/dev/nais.yaml
+        VARS: nais/vars.yaml
+        VAR: alerts_slack_channel=#team-dagpenger-alerts-non-prod
+        PRINT_PAYLOAD: true
+
+  deploy-q2:
+    name: Deploy to q2
+    needs: [build]
+    if: github.ref == 'refs/heads/master'
+    runs-on: ubuntu-latest
+    steps:
+      - name: Fetch NAIS yaml
+        uses: actions/download-artifact@v1
+        with:
+          name: nais-yaml
+          path: nais
+
+      - uses: nais/deploy/actions/deploy@v1
+        env:
+          APIKEY: ${{ secrets.NAIS_DEPLOY_APIKEY }}
+          CLUSTER: dev-fss
+          RESOURCE: nais/alerts.yaml,nais/grpc-svc.yaml,nais/q2/nais.yaml
+          VARS: nais/vars.yaml
+          VAR: alerts_slack_channel=#team-dagpenger-alerts-non-prod,namespace=q2
+          PRINT_PAYLOAD: true
+
+  acceptance-tests:
+    name: Run acceptance tests
+    needs: [deploy-dev]
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+        with:
+          repository: navikt/dagpenger-funksjonelle-tester
+      - id: repo-name
+        name: Split owner from repository name
+        run: |
+          echo ::set-output name=name::$(echo ${{github.repository}} | sed -e "s/^navikt\///" )
+      - uses: nais/deploy/actions/deploy@v1
+        name: Run tests
+        env:
+          APIKEY: ${{ secrets.NAIS_DEPLOY_APIKEY }}
+          CLUSTER: dev-fss
+          VAR: GITHUB_REPO=${{ steps.repo-name.outputs.name }}
+          RESOURCE: nais/tests.yml
+        timeout-minutes: 5
+
+  deploy-prod:
+    name: Deploy to Production
+    needs: [acceptance-tests]
+    if: github.ref == 'refs/heads/master'
+    runs-on: ubuntu-latest
+    steps:
+      - name: Fetch NAIS yaml
+        uses: actions/download-artifact@v1
+        with:
+          name: nais-yaml
+          path: nais
+
+      - uses: nais/deploy/actions/deploy@v1
+        env:
+          APIKEY: ${{ secrets.NAIS_DEPLOY_APIKEY }}
+          CLUSTER: prod-fss
+          RESOURCE: nais/alerts.yaml,nais/grpc-svc.yaml,nais/prod/nais.yaml
+          VARS: nais/vars.yaml
+          VAR: alerts_slack_channel=#team-dagpenger-alerts
+          PRINT_PAYLOAD: true

Jenkinsfile

@@ -0,0 +1,29 @@
+apiVersion: nais.io/v1
+kind: Alert
+metadata:
+  name: {{app}}
+  namespace: {{namespace}}
+  labels:
+    team: {{team}}
+spec:
+  alerts:
+    - action: '`kubectl describe pod -l app=\{{ $labels.deployment }} -n \{{ $labels.namespace }}` for events og `kubectl get  pods -l app=\{{ $labels.deployment }} -n \{{ $labels.namespace }}` for å se feilende podder'
+      alert: applikasjon nede
+      description: '\{{ $labels.deployment }} har utilgjengelige podder i \{{ $labels.namespace }}'
+      expr: kube_deployment_status_replicas_unavailable{deployment="{{app}}",job="kubernetes-service-endpoints"} > 0
+      for: 2m
+
+    - action: Sjekk loggene til \{{ $labels.log_app }} i \{{ $labels.log_namespace }}, for å se hvorfor det er så mye feil
+      alert: høy feilrate i logger
+      expr: (100 * sum by (log_app, log_namespace) (rate(logd_messages_total{log_app="{{app}}",log_level="Error"}[3m])) / sum by (log_app, log_namespace) (rate(logd_messages_total{log_app="{{app}}"}[3m]))) > 90
+      for: 3m
+
+    - action: Sjekk \{{ $labels.app }} i \{{ $labels.kubernetes_namespace }} sine selftest for å se hva som er galt
+      alert: feil i selftest
+      expr: selftests_aggregate_result_status{app="{{app}}"} > 0
+      for: 1m
+
+  receivers:
+    slack:
+      channel: '{{alerts_slack_channel}}'
+      prependText: '<!here> | '