Skip to content

Modularize workflows. Remove 'ssb-bip' profile #2

Modularize workflows. Remove 'ssb-bip' profile

Modularize workflows. Remove 'ssb-bip' profile #2

Workflow file for this run

name: Build
on:
push:
branches:
- master
paths-ignore:
- "**/*.md"
- "Makefile"
- ".mvn"
- ".gitignore"
pull_request:
branches:
- master
paths-ignore:
- "**/*.md"
- "Makefile"
- ".mvn"
- ".gitignore"
env:
REGISTRY: europe-north1-docker.pkg.dev/artifact-registry-5n/dapla-stat-docker
IMAGE: maskinporten-guardian
jobs:
build-test:
name: Build and test with Maven
runs-on: ubuntu-latest
permissions:
contents: read
id-token: write
outputs:
image: ${{ steps }}
image-tag: ${{ github.event.base_ref }}
steps:
- uses: actions/checkout@v4
- name: Set up JDK 21
uses: actions/setup-java@v4
with:
java-version: 21
distribution: temurin
cache: maven
- name: Maven build and install
run: mvn --batch-mode clean install
build-push:
name: Push image to Artifact Registry
if: ${{github.event_name != 'pull_request'}}
needs: build-test
runs-on: ubuntu-latest
permissions:
contents: read
id-token: write
outputs:
image: ${{ env.REGISTRY }}/${{ env.IMAGE }}
image-tag: ${{steps.image_tag.outputs.full_image_tag}}
steps:
- uses: actions/checkout@v4
- name: Set up JDK 21
uses: actions/setup-java@v4
with:
java-version: 21
distribution: temurin
cache: maven
- name: Authenticate to Google Cloud
id: auth
uses: google-github-actions/auth@v2
with:
workload_identity_provider: "projects/848539402404/locations/global/workloadIdentityPools/gh-actions/providers/gh-actions"
service_account: "gh-actions-dapla-stat@artifact-registry-5n.iam.gserviceaccount.com"
token_format: access_token
- name: Maven build, install and push artifacts
run: mvn --batch-mode -P artifact-registry deploy
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v3
- name: Set image tag
id: image_tag
run: |
git_sha_short=${git rev-parse --short "$GITHUB_SHA"}
branch=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}
echo "git_sha_short=${git_sha_short}" >> "$GITHUB_OUTPUT"
echo "full_image_tag=${branch}-{git_sha_short}" >> "$GITHUB_OUTPUT"
- name: Login to Artifact Registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: "oauth2accesstoken"
password: "${{ steps.auth.outputs.access_token }}"
- name: Extract build metadata for Docker
id: build_metadata
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE }}
tags: |
type=ref,event=branch
type=ref,event=pr,suffix=-${{ steps.image_tag.outputs.git_sha_short }}
type=raw,value=latest,enable={{is_default_branch}}
type=raw,value=${{steps.image_tag.outputs.full_image_tag}},enable={{is_default_branch}}
type=semver,pattern=v{{version}}
type=semver,pattern=v{{major}}.{{minor}}
type=semver,pattern=v{{major}}
- name: Build and push docker image to Artifact Registry
id: docker_build
uses: docker/build-push-action@v5
if: github.event_name != 'pull_request'
with:
context: .
file: Dockerfile
push: true
tags: ${{ steps.build_metadata.outputs.tags }}
labels: ${{ steps.build_metadata.outputs.labels }}
deploy:
name: Deploy to NAIS test cluster
if: ${{github.event_name != 'pull_request'}}
needs: build-push
runs-on: ubuntu-latest
permissions:
contents: "read"
id-token: "write"
steps:
- uses: actions/checkout@v4
- uses: ./.github/workflows/deploy.yml
with:
image: ${{needs.build-push.outputs.image}}
image-tag: ${{needs.build-push.outputs.image-tag}}
cluster: test
nais-config-path: .nais/test.yaml