GAR and refactor of workflows.

flexable777 · flexable777 · commit 7899af2002c0 · 2023-04-05T09:24:55.000+02:00
diff --git a/.github/workflows/deploy-to-dev.yaml b/.github/workflows/deploy-to-dev.yaml
@@ -0,0 +1,104 @@
+name: Manual deploy to dev
+
+on:
+  workflow_call:
+    secrets:
+      NAIS_DEPLOY_API_KEY:
+        description: "API key for nais/deploy"
+        required: true
+      NAIS_WORKLOAD_IDENTITY_PROVIDER:
+        description: "Identity provider for nais/docker-build-push"
+        required: true
+  workflow_dispatch:
+
+run-name: Dev deploy of ${{ github.ref_name }}
+
+jobs:
+  build:
+    name: Build
+    permissions:
+      contents: read
+      id-token: write
+    outputs:
+      image: ${{ steps.docker-build-push.outputs.image }}
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Cache
+        uses: actions/cache@v3
+        with:
+          path: ~/.gradle/caches
+          key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle.kts') }}
+          restore-keys: |
+            ${{ runner.os }}-gradle-
+
+      - name: Install Java 17
+        uses: actions/setup-java@v3
+        with:
+          java-version: 17
+          distribution: temurin
+
+      - name: Test and build
+        run: ./gradlew test bootJar
+        env:
+          ORG_GRADLE_PROJECT_githubUser: x-access-token
+          ORG_GRADLE_PROJECT_githubPassword: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build & push Docker image
+        uses: nais/docker-build-push@v0
+        id: docker-build-push
+        with:
+          team: klage # required
+          tag: ${{ github.sha }} # optional
+          push_image: true # optional, default true
+          dockerfile: Dockerfile # optional, default Dockerfile
+          docker_context: . # optional, default .
+          image_suffix: # optional, default empty
+          cache_from: type=gha # optional, default type=gha
+          cache_to: type=gha,mode=max # optional, default type=gha,mode=max
+          identity_provider: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} # required, but is defined as an organization secret
+          project_id: ${{ vars.NAIS_MANAGEMENT_PROJECT_ID }} # required, but is defined as an organization variable
+          build_args: |
+            VERSION=${CI}
+
+      - name: Post failures to Slack
+        if: failure()
+        run: |
+          curl -X POST --data-urlencode "payload={\"channel\": \"$CHANNEL\", \"text\": \"$MESSAGE\", \"icon_emoji\": \":ghost:\"}" $WEBHOOK_URL
+        env:
+          MESSAGE: "Bygg feilet"
+          CHANNEL: "#klage-notifications"
+          WEBHOOK_URL: ${{ secrets.WEBHOOK_URL }}
+
+  deploy_to_dev:
+    name: Deploy
+    needs: build
+    permissions:
+      contents: read
+      id-token: write
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+        name: Checkout code
+
+      - name: Deploy to dev
+        uses: nais/deploy/actions/deploy@v1
+        env:
+          TEAM: klage
+          CLUSTER: dev-gcp
+          VARS: deploy/dev.yaml
+          RESOURCE: deploy/nais.yaml
+          APIKEY: ${{ secrets.NAIS_DEPLOY_API_KEY }}
+          VAR: image=${{ needs.build.outputs.image }}
+          IMAGE: ${{ needs.build.outputs.image }}
+
+      - name: Post failures to Slack
+        if: failure()
+        run: |
+          curl -X POST --data-urlencode "payload={\"channel\": \"$CHANNEL\", \"text\": \"$MESSAGE\", \"icon_emoji\": \":ghost:\"}" $WEBHOOK_URL
+        env:
+          MESSAGE: "Deploy til dev feilet"
+          CHANNEL: "#klage-notifications"
+          WEBHOOK_URL: ${{ secrets.WEBHOOK_URL }}
diff --git a/.github/workflows/deploy-to-prod.yaml b/.github/workflows/deploy-to-prod.yaml
@@ -0,0 +1,71 @@
+name: Manual deploy to prod
+
+on:
+  workflow_call:
+    secrets:
+      NAIS_DEPLOY_API_KEY:
+        description: "API key for nais/deploy"
+        required: true
+      NAIS_WORKLOAD_IDENTITY_PROVIDER:
+        description: "Identity provider for nais/docker-build-push"
+        required: true
+  workflow_dispatch:
+
+run-name: Prod deploy of ${{ github.ref_name }}
+
+jobs:
+  deploy_to_prod:
+    name: Deploy
+    if: github.ref == 'refs/heads/main'
+    permissions:
+      contents: write
+      id-token: write
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+        name: Checkout code
+
+      - name: Get image registry
+        id: image-registry
+        uses: nais/login@v0
+        with:
+          project_id: ${{ vars.NAIS_MANAGEMENT_PROJECT_ID }}
+          identity_provider: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }}
+          team: klage
+
+      - name: Generate image name
+        id: image
+        shell: bash
+        run: echo "image=${{ steps.image-registry.outputs.registry }}/kabal-smart-editor-api:${{ github.sha }}" >> $GITHUB_OUTPUT
+
+      - name: Deploy to prod
+        uses: nais/deploy/actions/deploy@v1
+        env:
+          TEAM: klage
+          CLUSTER: prod-gcp
+          VARS: deploy/prod.yaml
+          RESOURCE: deploy/nais.yaml
+          APIKEY: ${{ secrets.NAIS_DEPLOY_API_KEY }}
+          VAR: image=${{ steps.image.outputs.image }}
+          IMAGE: ${{ steps.image.outputs.image }}
+
+      - name: Generate release version
+        id: version
+        run: |
+          TIME=$(TZ="Europe/Oslo" date +%Y.%m.%d-%H.%M)
+          COMMIT=$(git rev-parse --short=7 HEAD)
+          VERSION=$TIME-$COMMIT
+          echo "version=${VERSION}" >> $GITHUB_OUTPUT
+
+      - uses: ncipollo/release-action@main
+        with:
+          tag: ${{ steps.version.outputs.version }}
+
+      - name: Post failures to Slack
+        if: failure()
+        run: |
+          curl -X POST --data-urlencode "payload={\"channel\": \"$CHANNEL\", \"text\": \"$MESSAGE\", \"icon_emoji\": \":ghost:\"}" $WEBHOOK_URL
+        env:
+          MESSAGE: "Deploy til prod feilet"
+          CHANNEL: "#klage-notifications"
+          WEBHOOK_URL: ${{ secrets.WEBHOOK_URL }}
diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml
@@ -1,104 +1,24 @@
-name: Main - Build, deploy to dev, deploy to prod
+name: Deploy (dev -> e2e -> prod)
+
 on:
-  workflow_dispatch:
   push:
     branches:
       - main
     paths-ignore:
       - '.github/dependabot.yml'
 
-env:
-  IMAGE: ghcr.io/${{ github.repository }}/kabal-smart-editor-api:${{ github.sha }}
-
 jobs:
-  build:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout
-        uses: actions/checkout@main
-      - name: Cache
-        uses: actions/cache@main
-        with:
-          path: ~/.gradle/caches
-          key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle.kts') }}
-          restore-keys: |
-            ${{ runner.os }}-gradle-
-      - name: Install Java 17
-        uses: actions/setup-java@main
-        with:
-          java-version: 17
-          distribution: temurin
-      - name: test and build
-        run: ./gradlew test bootJar
-        env:
-          ORG_GRADLE_PROJECT_githubUser: x-access-token
-          ORG_GRADLE_PROJECT_githubPassword: ${{ secrets.GITHUB_TOKEN }}
-      - name: Build docker image
-        run: docker build -t $IMAGE .
-      - name: Login to Github package registry
-        run: docker login ghcr.io -u ${GITHUB_REPOSITORY} -p ${GITHUB_TOKEN}
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      - name: Push docker image
-        run: docker push $IMAGE
-      - name: Post failures to Slack
-        if: failure()
-        run: |
-          curl -X POST --data-urlencode "payload={\"channel\": \"$CHANNEL\", \"text\": \"$MESSAGE\", \"icon_emoji\": \":ghost:\"}" $WEBHOOK_URL
-        env:
-          MESSAGE: "Bygg feilet"
-          CHANNEL: "#klage-notifications"
-          WEBHOOK_URL: ${{ secrets.WEBHOOK_URL }}
-  deploytodev:
-    name: Deploy to dev
-    needs: build
-    if: github.ref == 'refs/heads/main'
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@main
-        name: Checkout code
-      - uses: nais/deploy/actions/deploy@master
-        env:
-          APIKEY: ${{ secrets.NAIS_DEPLOY_API_KEY }}
-          CLUSTER: dev-gcp
-          RESOURCE: deploy/nais.yaml
-          VARS: deploy/dev.yaml
-      - name: Post failures to Slack
-        if: failure()
-        run: |
-          curl -X POST --data-urlencode "payload={\"channel\": \"$CHANNEL\", \"text\": \"$MESSAGE\", \"icon_emoji\": \":ghost:\"}" $WEBHOOK_URL
-        env:
-          MESSAGE: "Deploy til dev feilet"
-          CHANNEL: "#klage-notifications"
-          WEBHOOK_URL: ${{ secrets.WEBHOOK_URL }}
-  deploytoprod:
-    name: Deploy to prod
-    needs: deploytodev
-    if: github.ref == 'refs/heads/main'
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@main
-        name: Checkout code
-      - uses: nais/deploy/actions/deploy@master
-        env:
-          APIKEY: ${{ secrets.NAIS_DEPLOY_API_KEY }}
-          CLUSTER: prod-gcp
-          RESOURCE: deploy/nais.yaml
-          VARS: deploy/prod.yaml
-      - name: Generate release version
-        run: |
-          TIME=$(TZ="Europe/Oslo" date +%Y.%m.%d-%H.%M)
-          COMMIT=$(git rev-parse --short=7 HEAD)
-          VERSION=$TIME-$COMMIT
-          echo "VERSION=${VERSION}" >> $GITHUB_ENV
-      - uses: ncipollo/release-action@main
-        with:
-          tag: ${{ env.VERSION }}
-      - name: Post failures to Slack
-        if: failure()
-        run: |
-          curl -X POST --data-urlencode "payload={\"channel\": \"$CHANNEL\", \"text\": \"$MESSAGE\", \"icon_emoji\": \":ghost:\"}" $WEBHOOK_URL
-        env:
-          MESSAGE: "Deploy til prod feilet"
-          CHANNEL: "#klage-notifications"
-          WEBHOOK_URL: ${{ secrets.WEBHOOK_URL }}
+  deploy_to_dev:
+    name: Dev
+    uses: ./.github/workflows/deploy-to-dev.yaml
+    secrets:
+      NAIS_DEPLOY_API_KEY: ${{ secrets.NAIS_DEPLOY_API_KEY }}
+      NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }}
+
+  deploy_to_prod:
+    name: Prod
+    needs: deploy_to_dev
+    uses: ./.github/workflows/deploy-to-prod.yaml
+    secrets:
+      NAIS_DEPLOY_API_KEY: ${{ secrets.NAIS_DEPLOY_API_KEY }}
+      NAIS_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }}
diff --git a/.github/workflows/manual-to-dev.yaml b/.github/workflows/manual-to-dev.yaml
diff --git a/.github/workflows/pull-requests.yaml b/.github/workflows/pull-requests.yaml
@@ -24,4 +24,4 @@ jobs:
           ORG_GRADLE_PROJECT_githubUser: x-access-token
           ORG_GRADLE_PROJECT_githubPassword: ${{ secrets.GITHUB_TOKEN }}
       - name: build docker image
-        run: docker build . --pull
+        run: docker build . --pull
