-
Notifications
You must be signed in to change notification settings - Fork 0
95 lines (90 loc) · 2.85 KB
/
main.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
name: Build and deploy lydia-api
on: [ push ]
permissions: {}
jobs:
build:
permissions:
contents: write
id-token: write
name: build
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
- uses: actions/checkout@v4
- uses: actions/setup-java@v4
with:
distribution: temurin
java-version: 21
- uses: gradle/actions/setup-gradle@v4
with:
dependency-graph: generate-and-submit
- name: Compile, run tests and build
run: ./gradlew build
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
with:
platforms: linux/amd64,linux/arm64
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Build and push docker image
uses: nais/docker-build-push@v0
id: docker-push
with:
team: pia
tag: ${{ github.ref == 'refs/heads/main' && 'latest' || 'branch_latest' }}
project_id: ${{ vars.NAIS_MANAGEMENT_PROJECT_ID }}
identity_provider: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }}
platforms: linux/amd64,linux/arm64
outputs:
image: ${{ steps.docker-push.outputs.image }}
deploy:
permissions:
id-token: write
strategy:
matrix:
cluster: [dev, prod]
name: Deploy app to ${{ matrix.cluster }}
needs: build
if: github.ref == 'refs/heads/main'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Deploy application to ${{ matrix.cluster }}
uses: nais/deploy/actions/deploy@v2
env:
IMAGE: ${{ needs.build.outputs.image }}
CLUSTER: ${{ matrix.cluster }}-gcp
RESOURCE: .nais/nais.yaml
VARS: .nais/${{ matrix.cluster }}.yaml
deploy-dev-branch:
permissions:
id-token: write
name: Deploy app to dev
needs: build
if: github.ref == 'refs/heads/sende-melding-til-sf-ved-flytt-behovsv'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Deploy application to dev
uses: nais/deploy/actions/deploy@v2
env:
IMAGE: ${{ needs.build.outputs.image }}
CLUSTER: dev-gcp
RESOURCE: .nais/nais.yaml
VARS: .nais/dev.yaml
trivy-scan:
name: Scanner docker image med Trivy
if: github.ref == 'refs/heads/main'
needs: build
permissions:
contents: read # to write sarif
security-events: write # push sarif to GitHub security
id-token: write # for nais/login
runs-on: ubuntu-latest
steps:
- uses: navikt/pia-actions/trivy-scan@v1 # https://github.com/navikt/pia-actions/tree/main/trivy-scan
with:
image: ${{ needs.build.outputs.image }}
team: pia
project_id: ${{ vars.NAIS_MANAGEMENT_PROJECT_ID }}
identity_provider: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }}