Merge pull request #78 from navikt/dev

[PROD][KAIZEN-0] migrate to Google Artifact Registry

Author: abrhanav

.github/workflows/main.yml

@@ -3,7 +3,6 @@ name: Build, push, and deploy
 on: [push]
 
 env:
-  IMAGE: ghcr.io/${{ github.repository }}/modia-robot-api:${{ github.sha }}
   CI: true
   TZ: Europe/Oslo
 jobs:
@@ -35,6 +34,10 @@ jobs:
     runs-on: ubuntu-latest
     permissions:
       packages: write
+      contents: read
+      id-token: write
+    outputs:
+      image: ${{ steps.docker-build-push.outputs.image }}
     steps:
       - uses: actions/checkout@v3
       - name: Set up JDK 17
@@ -47,25 +50,27 @@ jobs:
       - name: Build
         run: ./gradlew build
       - name: Publish Docker image
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: |
-          docker build --tag ${IMAGE} .
-          docker login ghcr.io -u ${GITHUB_REPOSITORY} -p ${GITHUB_TOKEN}
-          docker push ${IMAGE}
+        uses: nais/docker-build-push@v0
+        id: docker-build-push
+        with:
+            team: personoversikt
+            identity_provider: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }}
+            project_id: ${{ vars.NAIS_MANAGEMENT_PROJECT_ID }}
+
   deploy-qa:
     name: Deploy to preprod
     needs: build-and-push
     if: github.ref == 'refs/heads/dev'
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
-      - uses: nais/deploy/actions/deploy@v1
+      - uses: nais/deploy/actions/deploy@v2
         env:
           APIKEY: ${{ secrets.NAIS_DEPLOY_APIKEY }}
           PRINT_PAYLOAD: true
           CLUSTER: dev-fss
           RESOURCE: .nais/preprod.yml
+          VAR: image=${{ needs.build-and-push.outputs.image }}
 
   deploy-prod:
     name: Deploy to prod
@@ -74,9 +79,10 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
-      - uses: nais/deploy/actions/deploy@v1
+      - uses: nais/deploy/actions/deploy@v2
         env:
           APIKEY: ${{ secrets.NAIS_DEPLOY_APIKEY }}
           PRINT_PAYLOAD: true
           CLUSTER: prod-fss
           RESOURCE: .nais/prod.yml
+          VAR: image=${{ needs.build-and-push.outputs.image }}

.nais/preprod.yml

@@ -12,7 +12,9 @@ spec:
   accessPolicy:
     inbound:
       rules:
-        - application: modiapersonoversikt-api-q1
+        - application: rpa-medlemskap-og-avgift
+          namespace: team-rpa
+          cluster: dev-fss
   liveness:
     path: /internal/isAlive
     initialDelay: 20
@@ -62,7 +64,7 @@ spec:
         mountPath: /var/run/secrets/nais.io/vault
   env:
     - name: IDENT_ALLOW_LIST
-      value: "R154727,R156418,R158345,R158346,R160569,R165950,R165951,R165952,R150818,R150819,R155645,R162552,Z994123,Z990351,Z992779,Z990949,Z990467,Z991629,Z990237,Z994673"
+      value: "R154727,R156418,R158345,R158346,R160569,R165950,R165951,R165952,R150818,R150819,R155645,R162552,Z994123,Z990351,Z992779,Z990949,Z990467,Z991629,Z990237,Z994673,Z994818"
     - name: SECURITYTOKENSERVICE_URL
       value: "https://sts-q1.preprod.local/SecurityTokenServiceProvider/"
     - name: OPPFOLGING_URL