2 file(s) updated by navikt/pb-workflow-authority, version 7c372ae

Personbruker Workflow Authority · Personbruker Workflow Authority · commit df46ff01ab85 · 2024-01-22T11:46:57.000Z
diff --git a/.github/workflows/deploy-branch-gh-cli.yaml b/.github/workflows/deploy-branch-gh-cli.yaml
@@ -12,81 +12,45 @@ permissions:
   packages: write
 
 jobs:
-  setup:
+  build:
+    name: Build and push docker image
     runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      id-token: write
     outputs:
-      docker_image: ${{ env.IMAGE_FULL_NAME }}
-      should_build_image: ${{ env.SHOULD_BUILD_IMAGE }}
+      image: ${{ steps.docker-build-push.outputs.image }}
     steps:
+      - uses: actions/checkout@v4
 
-      - name: 'Sjekk ut ønsket commit'
-        uses: 'actions/checkout@v3'
-
-      - name: 'Utled navn på docker-image basert på siste commit'
-        run: |
-          APP_NAME=$(echo $GITHUB_REPOSITORY | rev | cut -f1 -d"/" | rev )
-          TAG_NAME="$(git log -1 --pretty='%ad' --date=format:'%Y%m%d%H%M%S')-$(git log -1 --pretty='%h')"
-          IMAGE_BASE="ghcr.io/$GITHUB_REPOSITORY/$APP_NAME"
-          echo "IMAGE_FULL_NAME=$IMAGE_BASE:$TAG_NAME" >> $GITHUB_ENV
-          echo "IMAGE_TAG_NAME=$TAG_NAME" >> $GITHUB_ENV
-
-      - name: 'Sjekker om docker-image eksisterer fra før av'
-        run: |
-          echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u $GITHUB_REPOSITORY --password-stdin
-          RESULT=$(docker manifest inspect ${{ env.IMAGE_FULL_NAME }} > /dev/null 2> /dev/null ; echo $?)
-          echo "SHOULD_BUILD_IMAGE=$([[ $RESULT == 0 ]] && echo 'false' || echo 'true' )" >> $GITHUB_ENV
-
-  build-docker-image:
-    needs: setup
-    if: needs.setup.outputs.should_build_image == 'true'
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-
-      - name: 'Setup java'
-        uses: actions/setup-java@v1
+      - uses: actions/setup-java@v3
         with:
-          java-version: '17.x'
-
-      - name: 'Finn cache-variabler'
-        uses: navikt/pb-common-gh-actions/cache-prep@v2
+          java-version: 17
+          distribution: 'temurin'
 
-      - name: 'Sett opp cache'
-        uses: actions/cache@v2
-        with:
-          path: |
-            ${{ env.CACHE_PATHS }}
-          key: ${{ runner.os }}${{ env.CACHE_KEY_NAMESPACE }}${{ hashFiles(env.CACHE_KEY_HASHED_PATH) }}
+      - name: Gradle build
+        run: ./gradlew assemble
 
-      - name: 'Bygg prosjekt'
-        uses: navikt/pb-common-gh-actions/build@v2
+      - name: Build and push image to GAR
+        uses: nais/docker-build-push@v0
+        id: docker-build-push
         with:
-          SKIP_TESTS: "true"
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: 'Bygg, tag og push Docker image'
-        run: |
-          echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u $GITHUB_REPOSITORY --password-stdin
-          docker build --tag ${{ needs.setup.outputs.docker_image }} .
-          docker push ${{ needs.setup.outputs.docker_image }}
+          team: min-side
+          identity_provider: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }}
+          project_id: ${{ vars.NAIS_MANAGEMENT_PROJECT_ID }}
 
   deploy:
-    needs:
-      - setup
-      - build-docker-image
+    name: Deploy to NAIS
+    needs: build
     runs-on: ubuntu-latest
-    if: |
-      always() &&
-      ( needs.build-docker-image.result == 'success' || needs.build-docker-image.result == 'skipped' )
+    permissions:
+      contents: read
+      id-token: write
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
-      - name: 'Deployer ${{ github.ref_name }} til ${{ inputs.cluster }}'
-        uses: 'nais/deploy/actions/deploy@v1'
+      - uses: nais/deploy/actions/deploy@v2
         env:
-          APIKEY: ${{ secrets.NAIS_DEPLOY_APIKEY }}
           CLUSTER: ${{ inputs.cluster }}
           RESOURCE: ./nais/${{ inputs.cluster }}/nais.yaml
-          VAR: version=${{ needs.setup.outputs.docker_image }}
-          PRINT_PAYLOAD: true
-          REF: ${{ github.sha }}
+          VAR: version=${{ needs.build.outputs.image }}
diff --git a/.github/workflows/on-push-to-main.yaml b/.github/workflows/on-push-to-main.yaml
@@ -3,7 +3,6 @@ name: Bygg og publiser docker-image for main
 on:
   push:
     branches:
-      - master
       - main
     paths-ignore:
       - .github/workflows/**
@@ -16,60 +15,53 @@ permissions:
 
 jobs:
   build:
+    name: Build and push docker image
     runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      id-token: write
     outputs:
-        image: ${{ env.IMAGE }}
+      image: ${{ steps.docker-build-push.outputs.image }}
     steps:
+      - uses: actions/checkout@v4
 
-      - name: Sjekk ut koden
-        uses: actions/checkout@v2
-
-      - name: Setup java
-        uses: actions/setup-java@v1
-        with:
-          java-version: '17.x'
-
-      - name: Finn cache-variabler
-        uses: navikt/pb-common-gh-actions/cache-prep@v2
-
-      - name: Sett opp cache
-        uses: actions/cache@v2
+      - uses: actions/setup-java@v3
         with:
-          path: |
-            ${{ env.CACHE_PATHS }}
-          key: ${{ runner.os }}${{ env.CACHE_KEY_NAMESPACE }}${{ hashFiles(env.CACHE_KEY_HASHED_PATH) }}
+          java-version: 17
+          distribution: 'temurin'
 
-      - name: Bygg prosjekt og kjør tester
-        uses: navikt/pb-common-gh-actions/build@v2
-        with:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      - name: Gradle build
+        run: ./gradlew build
 
-      - name: Bygg, tag og push Docker image
-        uses: navikt/pb-common-gh-actions/docker-publish@v2
+      - name: Build and push image to GAR
+        uses: nais/docker-build-push@v0
+        id: docker-build-push
         with:
-          TAG_LATEST: "true"
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          team: min-side
+          identity_provider: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }}
+          project_id: ${{ vars.NAIS_MANAGEMENT_PROJECT_ID }}
 
   deploy:
+    name: Deploy to NAIS
     runs-on: ubuntu-latest
     needs: build
+    permissions:
+      contents: read
+      id-token: write
     strategy:
       matrix:
         cluster: [dev-gcp, prod-gcp]
     steps:
       - name: Sjekk ut koden
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
 
       - name: 'Sjekk om deploy til ${{ matrix.cluster }} er mulig'
         run: echo "DEPLOY_CONFIG_DEFINED=$([[ -f ./nais/${{ matrix.cluster }}/nais.yaml ]] && echo 'true' || echo 'false')" >> $GITHUB_ENV
 
       - name: 'Deploy-er til ${{ matrix.cluster }}'
         if: env.DEPLOY_CONFIG_DEFINED == 'true'
-        uses: 'nais/deploy/actions/deploy@v1'
+        uses: nais/deploy/actions/deploy@v2
         env:
-          REF: ${{ github.sha }}
-          APIKEY: ${{ secrets.NAIS_DEPLOY_APIKEY }}
           CLUSTER: ${{ matrix.cluster }}
           RESOURCE: ./nais/${{ matrix.cluster }}/nais.yaml
-          VAR: version=${{ needs.build.outputs.image }}
-          PRINT_PAYLOAD: true
+          VAR: version=${{ needs.build.outputs.image }}
