Merge pull request #45 from statisticsnorway/add-initial-nais-deploy #1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This workflow will build and push a new Docker image to the default Artifact Registry in SSB. | |
| # | |
| # Overview: | |
| # 1. Authenticate to Google Cloud | |
| # 2. Authenticate to Artifact Registry | |
| # 3. Build and publish a docker image to Google Artifact Registry | |
| # | |
| # To configure this workflow: | |
| # 1. Change the values for the IMAGE_NAME and TEAM_NAME environment variables (below). | |
| # 2. The image will be tagged with the git commit hash and latest. To override the default tags, add tags to the build_metadata step. | |
| # | |
| # This workflow is tailored for SSB´s setup, however if you wish to use this in a non SSB context ensure/change the following: | |
| # 1. Create GitHub secrets for GAR_PROJECT_NUMBER and GAR_PROJECT_ID (Number and ID for the Artifact Registry project). | |
| # 2. Create and configure Workload Identity Federation for GitHub. | |
| name: Image Build and Deploy | |
| on: | |
| push: | |
| branches: [ "master" ] | |
| env: | |
| REGISTRY: europe-north1-docker.pkg.dev/artifact-registry-5n/dapla-stat-docker/maskinporten-guardian | |
| IMAGE: maskinporten-guardian | |
| TAG: ${{ github.sha }} | |
| jobs: | |
| docker-build: | |
| name: Docker build | |
| permissions: | |
| contents: "read" | |
| id-token: "write" | |
| runs-on: ubuntu-latest | |
| outputs: | |
| image-tag: ${{ env.DOCKER_IMAGE }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Set docker image env var | |
| run: | | |
| echo "DOCKER_IMAGE=${REGISTRY}/${IMAGE}:${TAG}" >> $GITHUB_ENV | |
| - name: "Authenticate to Google Cloud" | |
| id: "auth" | |
| uses: "google-github-actions/auth@v2.1.3" | |
| with: | |
| workload_identity_provider: "projects/848539402404/locations/global/workloadIdentityPools/gh-actions/providers/gh-actions" | |
| service_account: "gh-actions-dapla-stat@artifact-registry-5n.iam.gserviceaccount.com" | |
| token_format: "access_token" | |
| - name: Login to registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: "oauth2accesstoken" | |
| password: "${{ steps.auth.outputs.access_token }}" | |
| - name: Set up Java | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: 21 | |
| distribution: 'zulu' | |
| cache: maven | |
| - name: Build with Maven and deploy to Artifact Registry | |
| run: mvn --batch-mode -P ssb-bip deploy | |
| - name: Clean up artifacts that are no longer needed | |
| run: | | |
| rm -f target/maskinporten-guardian-*-sources.jar | |
| rm -f target/maskinporten-guardian-*-javadoc.jar | |
| ls -al target/maskinporten-guardian-*.jar | |
| - name: Set up Docker Buildx | |
| id: buildx | |
| uses: docker/setup-buildx-action@v2 | |
| - name: Login to Artifact Registry | |
| uses: docker/login-action@v2 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: "oauth2accesstoken" | |
| password: "${{ steps.auth.outputs.access_token }}" | |
| - name: Docker meta | |
| id: metadata | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ env.REGISTRY }}/${{ env.IMAGE }} | |
| # Docker tags based on the following events/attributes | |
| tags: | | |
| type=ref,event=branch | |
| type=ref,event=pr,suffix=-${{ github.event.pull_request.head.sha }} | |
| type=raw,value=latest,enable={{is_default_branch}} | |
| type=raw,value={{branch}}-{{sha}}-{{date 'YYYYMMDDHHmmss'}},enable={{is_default_branch}} | |
| type=semver,pattern=v{{version}} | |
| type=semver,pattern=v{{major}}.{{minor}} | |
| type=semver,pattern=v{{major}} | |
| - name: Build and push | |
| id: docker_build | |
| uses: docker/build-push-action@v4 | |
| with: | |
| file: Dockerfile | |
| push: true | |
| context: . | |
| tags: | | |
| ${{ steps.metadata.outputs.tags }} | |
| labels: ${{ steps.metadata.outputs.labels }} | |
| - name: Image digest | |
| run: echo ${{ steps.docker_build.outputs.digest }} | |
| deploy: | |
| name: Deploy to NAIS | |
| runs-on: ubuntu-latest | |
| needs: docker-build | |
| permissions: | |
| contents: "read" | |
| id-token: "write" | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: nais/deploy/actions/deploy@v2 | |
| env: | |
| CLUSTER: test | |
| RESOURCE: .nais/test.yaml | |
| VAR: image=${{ needs.docker-build.outputs.image-tag }} | |
| DEPLOY_SERVER: deploy.ssb.cloud.nais.io:443 |