Revert "Oppdatere gh deployment (#92)"

This reverts commit 983cc34.
navikt · Nov 14, 2023 · 2206667 · 2206667
1 parent 983cc34
commit 2206667
Show file tree

Hide file tree

Showing 23 changed files with 1,002 additions and 392 deletions.
diff --git a/.dockerignore b/.dockerignore
@@ -1,11 +1,11 @@
 **
 
-!.next/**
 !*.config.js
 !*.json
 !.env
 !.env.production
 !.eslintrc.js
+!.sentryclirc
 !.npmrc
 !codegen.yml
 !public/**

diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -2,34 +2,12 @@ name: Build and deploy
 
 on: [push]
 
-jobs:
-  install:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-
-      - name: Cache node_modules
-        uses: actions/cache@v3
-        id: node_modules
-        with:
-          path: ./node_modules
-          key: modules-${{ hashFiles('package-lock.json') }}
-
-      - uses: actions/setup-node@v3
-        if: steps.node_modules.outputs.cache-hit != 'true'
-        with:
-          node-version: "18.x"
-          cache: "npm"
-          registry-url: "https://npm.pkg.github.com"
-
-      - run: npm ci --ignore-scripts
-        if: steps.node_modules.outputs.cache-hit != 'true'
-        env:
-          NODE_AUTH_TOKEN: ${{ secrets.READER_TOKEN }}
+env:
+  IMAGE: ghcr.io/${{ github.repository }}/dp-dagpenger:${{ github.sha }}
 
+jobs:
   test:
-    needs: [install]
-    name: run tests
+    name: Run tests
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
@@ -38,90 +16,122 @@ jobs:
       - name: Set up node
         uses: actions/setup-node@v3
         with:
-          node-version: "18.x"
+          node-version: "16.x"
+          cache: "npm"
+          registry-url: "https://npm.pkg.github.com"
 
-      - name: Cache node_modules
-        uses: actions/cache@v3
-        with:
-          path: ./node_modules
-          key: modules-${{ hashFiles('package-lock.json') }}
+      - run: npm install --no-save --no-audit --prefer-offline
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.READER_TOKEN }}
 
       - run: npm test
 
   build:
-    needs: [install]
+    name: Build and Publish Docker image
     runs-on: ubuntu-latest
     permissions:
-      contents: "read"
-      id-token: "write"
       packages: write
     steps:
-      - uses: actions/checkout@v3
-      - uses: actions/setup-node@v3
-        with:
-          node-version: "18.x"
+      - name: Checkout code
+        uses: actions/checkout@v3
 
-      - name: Cache node_modules
-        uses: actions/cache@v3
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Login to GitHub Package Repository
+        uses: docker/login-action@v2
         with:
-          path: ./node_modules
-          key: modules-${{ hashFiles('package-lock.json') }}
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Cache .next/cache
-        uses: actions/cache@v3
+      - name: Set up .npmrc to use in Docker build
+        uses: actions/setup-node@v3
         with:
-          path: ./.next/cache
-          key: ${{ runner.os }}-nextjs-${{ hashFiles('**/package-lock.json') }}-${{ hashFiles('**.[jt]s', '**.[jt]sx') }}
-          restore-keys: |
-            ${{ runner.os }}-nextjs-${{ hashFiles('**/package-lock.json') }}-
+          registry-url: "https://npm.pkg.github.com"
 
-      - run: npm run build
+      - run: cp $NPM_CONFIG_USERCONFIG .npmrc
 
-      # Bygg docker image
-      - name: docker-build-push
-        uses: nais/docker-build-push@v0
-        id: docker-build-push
+      - name: Build and push
+        uses: docker/build-push-action@v4
         with:
-          team: teamdagpenger
-          push_image: true # optional, default true
-          dockerfile: Dockerfile # optional, default Dockerfile
-          docker_context: . # optional, default .
-          identity_provider: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }}
-          project_id: ${{ vars.NAIS_MANAGEMENT_PROJECT_ID }}
-
-      - name: Cache static files
-        uses: actions/cache@v3
+          context: .
+          tags: ${{ env.IMAGE }}
+          push: true
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+          secrets: |
+            "SENTRY_AUTH_TOKEN=${{ secrets.SENTRY_AUTH_TOKEN }}"
+            "NODE_AUTH_TOKEN=${{ secrets.READER_TOKEN }}"
+          build-args: |
+            SENTRY_RELEASE=${{ github.sha }}
+
+      - name: Archive NAIS yaml
+        uses: actions/upload-artifact@v3
         with:
-          path: ./.next/static
-          key: ${{ github.sha }}
-    outputs:
-      image: ${{ steps.docker-build-push.outputs.image }}
+          name: nais-yaml
+          path: .nais
 
   deploy-dev:
+    name: Deploy to dev
     needs: [test, build]
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - name: Fetch NAIS yaml
+        uses: actions/download-artifact@v3
+        with:
+          name: nais-yaml
+          path: .nais
+
       - uses: nais/deploy/actions/deploy@v1
         env:
           APIKEY: ${{ secrets.NAIS_DEPLOY_APIKEY }}
           CLUSTER: dev-gcp
           RESOURCE: .nais/nais.yaml
           VARS: .nais/dev.yaml
-          VAR: image=${{ needs.build.outputs.image }}
           PRINT_PAYLOAD: true
 
+      - name: Lag deployment i Sentry
+        uses: getsentry/action-release@v1
+        continue-on-error: true
+        env:
+          SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
+          SENTRY_URL: https://sentry.gc.nav.no
+          SENTRY_ORG: nav
+          SENTRY_PROJECT: dp-dagpenger
+        with:
+          environment: development
+          version: ${{ github.sha }}
+          set_commits: skip
+
   deploy-prod:
+    name: Deploy to Production
     needs: [test, build]
     if: github.ref == 'refs/heads/main'
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - name: Fetch NAIS yaml
+        uses: actions/download-artifact@v1
+        with:
+          name: nais-yaml
+          path: .nais
+
       - uses: nais/deploy/actions/deploy@v1
         env:
           APIKEY: ${{ secrets.NAIS_DEPLOY_APIKEY }}
           CLUSTER: prod-gcp
           RESOURCE: .nais/nais.yaml
           VARS: .nais/prod.yaml
-          VAR: image=${{ needs.build.outputs.image }}
           PRINT_PAYLOAD: true
+      - name: Lag deployment i Sentry
+        uses: getsentry/action-release@v1
+        continue-on-error: true
+        env:
+          SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
+          SENTRY_URL: https://sentry.gc.nav.no
+          SENTRY_ORG: nav
+          SENTRY_PROJECT: dp-dagpenger
+        with:
+          environment: production
+          version: ${{ github.sha }}
+          set_commits: skip
diff --git a/.nais/nais.yaml b/.nais/nais.yaml
@@ -62,6 +62,7 @@ spec:
         - host: dekoratoren.dev.nav.no
         - host: unleash.nais.io
         - host: amplitude.nav.no
+        - host: sentry.gc.nav.no
       rules:
         - application: dp-innsyn
         - application: safselvbetjening

diff --git a/.sentryclirc b/.sentryclirc
@@ -0,0 +1,4 @@
+[defaults]
+project=dp-dagpenger
+url=https://sentry.gc.nav.no/
+org=nav
diff --git a/Dockerfile b/Dockerfile
@@ -1,18 +1,30 @@
+FROM node:18 AS builder
+
+WORKDIR /usr/src/app
+
+COPY schema /usr/src/app/schema
+COPY package*.json codegen.yml .npmrc /usr/src/app/
+RUN --mount=type=secret,id=NODE_AUTH_TOKEN \
+    NODE_AUTH_TOKEN=$(cat /run/secrets/NODE_AUTH_TOKEN) \
+    npm ci --prefer-offline --no-audit
+
+COPY . /usr/src/app
+
+ARG SENTRY_RELEASE
+RUN --mount=type=secret,id=SENTRY_AUTH_TOKEN \
+    SENTRY_AUTH_TOKEN=$(cat /run/secrets/SENTRY_AUTH_TOKEN) \
+    npm run build && npm prune --production
+
 FROM node:18-alpine AS runtime
 
 WORKDIR /usr/src/app
 
 ENV PORT=3000 \
-    NODE_ENV=production \
-    TZ=Europe/Oslo
+    NODE_ENV=production
 
-COPY next.config.js ./
-COPY public ./public
-COPY .next/standalone ./
-COPY .next/static ./.next/static
+COPY --from=builder /usr/src/app/ /usr/src/app/
 
 EXPOSE 3000
 USER node
 
-CMD ["node", "server.js"]
-
+CMD ["./node_modules/.bin/next", "start"]
diff --git a/jest.config.js b/jest.config.js
@@ -20,7 +20,6 @@ const customJestConfig = {
     "^@navikt/dp-auth/(.*)$": "<rootDir>/node_modules/@navikt/dp-auth/dist/$1",
   },
   testEnvironment: "node",
-  roots: ["src"],
 };
 
 module.exports = createJestConfig(customJestConfig);

diff --git a/next.config.js b/next.config.js
@@ -1,5 +1,6 @@
 const { buildCspHeader } = require("@navikt/nav-dekoratoren-moduler/ssr");
 const withPlugins = require("next-compose-plugins");
+//const { withSentryConfig } = require("@sentry/nextjs");
 const withTM = require("next-transpile-modules")(["@navikt/ds-icons"]);
 
 // Direktiver appen din benytter
@@ -14,15 +15,17 @@ const myAppDirectives = {
   ],
   "worker-src": ["'self'"],
   "frame-src": ["*.nav.no"],
+  "report-uri":
+    "https://sentry.gc.nav.no/api/86/security/?sentry_key=98d1497555654049a7d46e29a5208e61",
 };
 
 module.exports = async (phase) =>
   withPlugins([withTM], {
+    //withSentryConfig(
     publicRuntimeConfig: {
       amplitudeKey: process.env.AMPLITUDE_API_KEY,
       NEXT_PUBLIC_SOKNADSDIALOG: process.env.NEXT_PUBLIC_SOKNADSDIALOG,
     },
-    output: "standalone",
     basePath: `${process.env.NEXT_PUBLIC_BASE_PATH}`,
     async headers() {
       const csp = await buildCspHeader(myAppDirectives, {