Oppdatere gh deployment (#92)

* Erstatter docker/build-push-action@v4 med nais/docker-build-push@v0
navikt · Nov 13, 2023 · 983cc34 · 983cc34
1 parent 6b699bd
commit 983cc34
Show file tree

Hide file tree

Showing 23 changed files with 392 additions and 1,002 deletions.
diff --git a/.dockerignore b/.dockerignore
@@ -1,11 +1,11 @@
 **
 
+!.next/**
 !*.config.js
 !*.json
 !.env
 !.env.production
 !.eslintrc.js
-!.sentryclirc
 !.npmrc
 !codegen.yml
 !public/**

diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -2,12 +2,34 @@ name: Build and deploy
 
 on: [push]
 
-env:
-  IMAGE: ghcr.io/${{ github.repository }}/dp-dagpenger:${{ github.sha }}
-
 jobs:
+  install:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Cache node_modules
+        uses: actions/cache@v3
+        id: node_modules
+        with:
+          path: ./node_modules
+          key: modules-${{ hashFiles('package-lock.json') }}
+
+      - uses: actions/setup-node@v3
+        if: steps.node_modules.outputs.cache-hit != 'true'
+        with:
+          node-version: "18.x"
+          cache: "npm"
+          registry-url: "https://npm.pkg.github.com"
+
+      - run: npm ci --ignore-scripts
+        if: steps.node_modules.outputs.cache-hit != 'true'
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.READER_TOKEN }}
+
   test:
-    name: Run tests
+    needs: [install]
+    name: run tests
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
@@ -16,122 +38,90 @@ jobs:
       - name: Set up node
         uses: actions/setup-node@v3
         with:
-          node-version: "16.x"
-          cache: "npm"
-          registry-url: "https://npm.pkg.github.com"
+          node-version: "18.x"
 
-      - run: npm install --no-save --no-audit --prefer-offline
-        env:
-          NODE_AUTH_TOKEN: ${{ secrets.READER_TOKEN }}
+      - name: Cache node_modules
+        uses: actions/cache@v3
+        with:
+          path: ./node_modules
+          key: modules-${{ hashFiles('package-lock.json') }}
 
       - run: npm test
 
   build:
-    name: Build and Publish Docker image
+    needs: [install]
     runs-on: ubuntu-latest
     permissions:
+      contents: "read"
+      id-token: "write"
       packages: write
     steps:
-      - name: Checkout code
-        uses: actions/checkout@v3
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
+      - uses: actions/checkout@v3
+      - uses: actions/setup-node@v3
+        with:
+          node-version: "18.x"
 
-      - name: Login to GitHub Package Repository
-        uses: docker/login-action@v2
+      - name: Cache node_modules
+        uses: actions/cache@v3
         with:
-          registry: ghcr.io
-          username: ${{ github.repository_owner }}
-          password: ${{ secrets.GITHUB_TOKEN }}
+          path: ./node_modules
+          key: modules-${{ hashFiles('package-lock.json') }}
 
-      - name: Set up .npmrc to use in Docker build
-        uses: actions/setup-node@v3
+      - name: Cache .next/cache
+        uses: actions/cache@v3
         with:
-          registry-url: "https://npm.pkg.github.com"
+          path: ./.next/cache
+          key: ${{ runner.os }}-nextjs-${{ hashFiles('**/package-lock.json') }}-${{ hashFiles('**.[jt]s', '**.[jt]sx') }}
+          restore-keys: |
+            ${{ runner.os }}-nextjs-${{ hashFiles('**/package-lock.json') }}-
 
-      - run: cp $NPM_CONFIG_USERCONFIG .npmrc
+      - run: npm run build
 
-      - name: Build and push
-        uses: docker/build-push-action@v4
+      # Bygg docker image
+      - name: docker-build-push
+        uses: nais/docker-build-push@v0
+        id: docker-build-push
         with:
-          context: .
-          tags: ${{ env.IMAGE }}
-          push: true
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
-          secrets: |
-            "SENTRY_AUTH_TOKEN=${{ secrets.SENTRY_AUTH_TOKEN }}"
-            "NODE_AUTH_TOKEN=${{ secrets.READER_TOKEN }}"
-          build-args: |
-            SENTRY_RELEASE=${{ github.sha }}
-
-      - name: Archive NAIS yaml
-        uses: actions/upload-artifact@v3
+          team: teamdagpenger
+          push_image: true # optional, default true
+          dockerfile: Dockerfile # optional, default Dockerfile
+          docker_context: . # optional, default .
+          identity_provider: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }}
+          project_id: ${{ vars.NAIS_MANAGEMENT_PROJECT_ID }}
+
+      - name: Cache static files
+        uses: actions/cache@v3
         with:
-          name: nais-yaml
-          path: .nais
+          path: ./.next/static
+          key: ${{ github.sha }}
+    outputs:
+      image: ${{ steps.docker-build-push.outputs.image }}
 
   deploy-dev:
-    name: Deploy to dev
     needs: [test, build]
     runs-on: ubuntu-latest
     steps:
-      - name: Fetch NAIS yaml
-        uses: actions/download-artifact@v3
-        with:
-          name: nais-yaml
-          path: .nais
-
+      - uses: actions/checkout@v3
       - uses: nais/deploy/actions/deploy@v1
         env:
           APIKEY: ${{ secrets.NAIS_DEPLOY_APIKEY }}
           CLUSTER: dev-gcp
           RESOURCE: .nais/nais.yaml
           VARS: .nais/dev.yaml
+          VAR: image=${{ needs.build.outputs.image }}
           PRINT_PAYLOAD: true
 
-      - name: Lag deployment i Sentry
-        uses: getsentry/action-release@v1
-        continue-on-error: true
-        env:
-          SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
-          SENTRY_URL: https://sentry.gc.nav.no
-          SENTRY_ORG: nav
-          SENTRY_PROJECT: dp-dagpenger
-        with:
-          environment: development
-          version: ${{ github.sha }}
-          set_commits: skip
-
   deploy-prod:
-    name: Deploy to Production
     needs: [test, build]
     if: github.ref == 'refs/heads/main'
     runs-on: ubuntu-latest
     steps:
-      - name: Fetch NAIS yaml
-        uses: actions/download-artifact@v1
-        with:
-          name: nais-yaml
-          path: .nais
-
+      - uses: actions/checkout@v3
       - uses: nais/deploy/actions/deploy@v1
         env:
           APIKEY: ${{ secrets.NAIS_DEPLOY_APIKEY }}
           CLUSTER: prod-gcp
           RESOURCE: .nais/nais.yaml
           VARS: .nais/prod.yaml
+          VAR: image=${{ needs.build.outputs.image }}
           PRINT_PAYLOAD: true
-      - name: Lag deployment i Sentry
-        uses: getsentry/action-release@v1
-        continue-on-error: true
-        env:
-          SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
-          SENTRY_URL: https://sentry.gc.nav.no
-          SENTRY_ORG: nav
-          SENTRY_PROJECT: dp-dagpenger
-        with:
-          environment: production
-          version: ${{ github.sha }}
-          set_commits: skip
diff --git a/.nais/nais.yaml b/.nais/nais.yaml
@@ -62,7 +62,6 @@ spec:
         - host: dekoratoren.dev.nav.no
         - host: unleash.nais.io
         - host: amplitude.nav.no
-        - host: sentry.gc.nav.no
       rules:
         - application: dp-innsyn
         - application: safselvbetjening

diff --git a/.sentryclirc b/.sentryclirc
diff --git a/Dockerfile b/Dockerfile
@@ -1,30 +1,18 @@
-FROM node:18 AS builder
-
-WORKDIR /usr/src/app
-
-COPY schema /usr/src/app/schema
-COPY package*.json codegen.yml .npmrc /usr/src/app/
-RUN --mount=type=secret,id=NODE_AUTH_TOKEN \
-    NODE_AUTH_TOKEN=$(cat /run/secrets/NODE_AUTH_TOKEN) \
-    npm ci --prefer-offline --no-audit
-
-COPY . /usr/src/app
-
-ARG SENTRY_RELEASE
-RUN --mount=type=secret,id=SENTRY_AUTH_TOKEN \
-    SENTRY_AUTH_TOKEN=$(cat /run/secrets/SENTRY_AUTH_TOKEN) \
-    npm run build && npm prune --production
-
 FROM node:18-alpine AS runtime
 
 WORKDIR /usr/src/app
 
 ENV PORT=3000 \
-    NODE_ENV=production
+    NODE_ENV=production \
+    TZ=Europe/Oslo
 
-COPY --from=builder /usr/src/app/ /usr/src/app/
+COPY next.config.js ./
+COPY public ./public
+COPY .next/standalone ./
+COPY .next/static ./.next/static
 
 EXPOSE 3000
 USER node
 
-CMD ["./node_modules/.bin/next", "start"]
+CMD ["node", "server.js"]
+
diff --git a/jest.config.js b/jest.config.js
@@ -20,6 +20,7 @@ const customJestConfig = {
     "^@navikt/dp-auth/(.*)$": "<rootDir>/node_modules/@navikt/dp-auth/dist/$1",
   },
   testEnvironment: "node",
+  roots: ["src"],
 };
 
 module.exports = createJestConfig(customJestConfig);

diff --git a/next.config.js b/next.config.js
@@ -1,6 +1,5 @@
 const { buildCspHeader } = require("@navikt/nav-dekoratoren-moduler/ssr");
 const withPlugins = require("next-compose-plugins");
-//const { withSentryConfig } = require("@sentry/nextjs");
 const withTM = require("next-transpile-modules")(["@navikt/ds-icons"]);
 
 // Direktiver appen din benytter
@@ -15,17 +14,15 @@ const myAppDirectives = {
   ],
   "worker-src": ["'self'"],
   "frame-src": ["*.nav.no"],
-  "report-uri":
-    "https://sentry.gc.nav.no/api/86/security/?sentry_key=98d1497555654049a7d46e29a5208e61",
 };
 
 module.exports = async (phase) =>
   withPlugins([withTM], {
-    //withSentryConfig(
     publicRuntimeConfig: {
       amplitudeKey: process.env.AMPLITUDE_API_KEY,
       NEXT_PUBLIC_SOKNADSDIALOG: process.env.NEXT_PUBLIC_SOKNADSDIALOG,
     },
+    output: "standalone",
     basePath: `${process.env.NEXT_PUBLIC_BASE_PATH}`,
     async headers() {
       const csp = await buildCspHeader(myAppDirectives, {