Build and deploy brevbaker and pdf-bygger #2340
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "Build and deploy brevbaker and pdf-bygger" | |
on: | |
workflow_dispatch: | |
pull_request: | |
paths: | |
- "build.gradle.kts" | |
- "gradle.properties" | |
- "template-model-generator/**" | |
- "pensjon-brevbaker/**" | |
- "pdf-bygger/**" | |
- ".github/workflows/pdfbygger-brevbaker.yml" | |
push: | |
branches: | |
- "main" | |
paths: | |
- "build.gradle.kts" | |
- "gradle.properties" | |
- "template-model-generator/**" | |
- "pensjon-brevbaker/**" | |
- "pdf-bygger/**" | |
- ".github/workflows/pdfbygger-brevbaker.yml" | |
env: | |
"IMAGE_BREVBAKER": "ghcr.io/${{ github.repository }}/brevbaker:${{ github.sha }}" | |
"IMAGE_PDF_BYGGER": "ghcr.io/${{ github.repository }}/pdf-bygger:${{ github.sha }}" | |
jobs: | |
"build-brevbaker": | |
name: "build brevbaker" | |
runs-on: "ubuntu-latest" | |
permissions: | |
packages: "write" | |
id-token: "write" | |
outputs: | |
image: ${{ steps.docker-push.outputs.image }} | |
steps: | |
- uses: "actions/checkout@v4" | |
- uses: "gradle/actions/wrapper-validation@v3" | |
- uses: "actions/cache@v4" | |
with: | |
"path": "~/.gradle/caches" | |
"key": "${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle.kts') }}" | |
"restore-keys": "${{ runner.os }}-gradle-" | |
- uses: "actions/setup-java@v4" | |
with: | |
"distribution": "temurin" | |
"java-version": "17" | |
- name: "compile and run tests" | |
run: | | |
./gradlew :brevbaker-api-model-common:publishToMavenLocal | |
./gradlew :pensjon-brevbaker-api-model:publishToMavenLocal | |
./gradlew :pensjon-brevbaker:build | |
env: | |
"GITHUB_TOKEN": "${{ secrets.GITHUB_TOKEN }}" | |
- name: "Build and publish container image to GAR" | |
uses: nais/docker-build-push@v0 | |
env: | |
TRIVY_JAVA_DB_REPOSITORY: "public.ecr.aws/aquasecurity/trivy-java-db:1" | |
id: docker-push | |
if: (github.event_name == 'push' && github.ref == 'refs/heads/main') || github.event_name == 'workflow_dispatch' | |
with: | |
team: pensjonsbrev | |
image_suffix: brevbaker | |
push_image: true | |
pull: true | |
docker_context: ./pensjon-brevbaker | |
dockerfile: pensjon-brevbaker/Dockerfile | |
project_id: ${{ vars.NAIS_MANAGEMENT_PROJECT_ID }} | |
identity_provider: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} | |
- name: "Publish container image to ghcr.io" | |
run: | | |
echo $GITHUB_TOKEN | docker login --username $GITHUB_REPOSITORY --password-stdin https://ghcr.io | |
[ -n "${{ steps.docker-push.outputs.image }}" ] && docker pull ${{ steps.docker-push.outputs.image }} && docker tag ${{ steps.docker-push.outputs.image }} ${IMAGE_BREVBAKER} || docker build --pull --tag ${IMAGE_BREVBAKER} pensjon-brevbaker | |
docker push ${IMAGE_BREVBAKER} | |
env: | |
"GITHUB_TOKEN": "${{ secrets.GITHUB_TOKEN }}" | |
"build-pdfbygger": | |
name: "build pdfbygger" | |
runs-on: "ubuntu-latest" | |
permissions: | |
packages: "write" | |
id-token: "write" | |
outputs: | |
image: ${{ steps.docker-push.outputs.image }} | |
steps: | |
- uses: "actions/checkout@v4" | |
- uses: "gradle/actions/wrapper-validation@v3" | |
- uses: "actions/cache@v4" | |
with: | |
"path": "~/.gradle/caches" | |
"key": "${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle.kts') }}" | |
"restore-keys": "${{ runner.os }}-gradle-" | |
- uses: "actions/setup-java@v4" | |
with: | |
"distribution": "temurin" | |
"java-version": "17" | |
- name: "compile and run tests" | |
run: "./gradlew :pdf-bygger:build" | |
- name: "Build and publish container image to GAR" | |
uses: nais/docker-build-push@v0 | |
id: docker-push | |
if: (github.event_name == 'push' && github.ref == 'refs/heads/main') || github.event_name == 'workflow_dispatch' | |
with: | |
team: pensjonsbrev | |
image_suffix: pdf-bygger | |
push_image: true | |
pull: true | |
docker_context: ./pdf-bygger | |
dockerfile: pdf-bygger/Dockerfile | |
project_id: ${{ vars.NAIS_MANAGEMENT_PROJECT_ID }} | |
identity_provider: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} | |
- name: "Publish container image to ghcr.io" | |
run: | | |
echo $GITHUB_TOKEN | docker login --username $GITHUB_REPOSITORY --password-stdin https://ghcr.io | |
[ -n "${{ steps.docker-push.outputs.image }}" ] && docker pull ${{ steps.docker-push.outputs.image }} && docker tag ${{ steps.docker-push.outputs.image }} ${IMAGE_PDF_BYGGER} || docker build --pull --tag ${IMAGE_PDF_BYGGER} pdf-bygger | |
docker push ${IMAGE_PDF_BYGGER} | |
env: | |
"GITHUB_TOKEN": "${{ secrets.GITHUB_TOKEN }}" | |
changes: | |
runs-on: ubuntu-latest | |
outputs: | |
latex: ${{ steps.changes.outputs.latex }} | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: dorny/paths-filter@v3 | |
id: changes | |
with: | |
filters: | | |
latex: | |
- 'pdf-bygger/containerFiles/latex/**' | |
runIntegrationTests: | |
name: "Integration tests" | |
needs: [ build-brevbaker, build-pdfbygger, changes ] | |
services: | |
pdf-bygger: | |
env: | |
PDF_BYGGER_COMPILE_TMP_DIR: "/tmp" | |
ports: | |
- 8081:8080 | |
image: "ghcr.io/${{ github.repository }}/pdf-bygger:${{ github.sha }}" | |
credentials: | |
username: ${{ github.repository_owner }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
brevbaker: | |
env: | |
NAIS_APP_NAME: brevbaker | |
PDF_BUILDER_URL: "http://pdf-bygger:8080" | |
AZURE_OPENID_CONFIG_JWKS_URI: "http://vtp-pensjon:8060/rest/isso/oauth2/connect/jwk_uri" | |
AZURE_OPENID_CONFIG_ISSUER: "https://login.microsoftonline.com/966ac572-f5b7-4bbe-aa88-c76419c0f851/v2.0" | |
AZURE_APP_CLIENT_ID: "brevbaker-123" | |
UNLEASH_SERVER_API_ENV: "test" | |
UNLEASH_SERVER_API_URL: "http://localhost" | |
UNLEASH_SERVER_API_TOKEN: "Token123" | |
JAVA_TOOL_OPTIONS: "-Dio.ktor.development=true" | |
ports: | |
- 8080:8080 | |
image: "ghcr.io/${{ github.repository }}/brevbaker:${{ github.sha }}" | |
credentials: | |
username: ${{ github.repository_owner }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
runs-on: ubuntu-latest | |
permissions: | |
statuses: write | |
checks: write | |
pull-requests: write | |
packages: write | |
steps: | |
- uses: "actions/checkout@v4" | |
- uses: "actions/cache@v4" | |
with: | |
"path": "~/.gradle/caches" | |
"key": "${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle.kts') }}" | |
"restore-keys": "${{ runner.os }}-gradle-" | |
- uses: "actions/setup-java@v4" | |
with: | |
"distribution": "temurin" | |
"java-version": "17" | |
- name: "run integration tests" | |
run: | | |
./gradlew :brevbaker-api-model-common:publishToMavenLocal | |
./gradlew :pensjon-brevbaker-api-model:publishToMavenLocal | |
./gradlew :pensjon-brevbaker:integrationTest | |
env: | |
"GITHUB_TOKEN": "${{ secrets.GITHUB_TOKEN }}" | |
- name: Publish Test Report | |
if: ${{ always() }} | |
uses: scacap/action-surefire-report@v1 | |
with: | |
fail_if_no_tests: true | |
fail_on_test_failures: true | |
report_paths: '**/build/test-results/integrationTest/TEST-*.xml' | |
- name: Convert visual-test pdfs | |
uses: routsi/ImageMagick-action@v1.1.1 | |
if: ${{ needs.changes.outputs.latex == 'true' || github.ref == 'refs/heads/main' }} | |
with: | |
command: mogrify -path pensjon-brevbaker/build/test_visual -format png -background white -alpha remove -alpha off -density 300 -quality 85 pensjon-brevbaker/build/test_visual/pdf/*.pdf | |
- uses: actions/setup-node@v4 | |
if: ${{ needs.changes.outputs.latex == 'true' || github.ref == 'refs/heads/main' }} | |
with: | |
node-version: '20' | |
- run: npm install --save-dev @percy/cli | |
if: ${{ needs.changes.outputs.latex == 'true' || github.ref == 'refs/heads/main' }} | |
- name: Publish visual-tests to percy | |
if: ${{ needs.changes.outputs.latex == 'true' || github.ref == 'refs/heads/main' }} | |
run: | | |
npx percy upload pensjon-brevbaker/build/test_visual/ > percy.log | |
cat percy.log | |
cat percy.log | grep -e "build #[0-9]\+:" | sed 's/^.*build #[0-9]\+: //g' > percy-build-url | |
env: | |
PERCY_TOKEN: ${{ secrets.PERCY_TOKEN }} | |
- name: Comment percy review link | |
uses: peter-evans/create-or-update-comment@v4 | |
if: ${{ needs.changes.outputs.latex == 'true' && github.event_name == 'pull_request' }} | |
with: | |
issue-number: ${{ github.event.number }} | |
body-path: percy-build-url | |
"deployBrevbakerToDev": | |
name: "Deploy brevbaker to dev" | |
permissions: | |
contents: "read" | |
id-token: "write" | |
if: (github.event_name == 'push' && github.ref == 'refs/heads/main') || github.event_name == 'workflow_dispatch' | |
needs: ["runIntegrationTests", "build-brevbaker"] | |
runs-on: "ubuntu-latest" | |
steps: | |
- uses: "actions/checkout@v4" | |
- name: "Deploy to DEV" | |
uses: "nais/deploy/actions/deploy@v2" | |
env: | |
"ENVIRONMENT": "dev-gcp:brevbaker" | |
"CLUSTER": "dev-gcp" | |
"RESOURCE": "pensjon-brevbaker/.nais/unleash-api-token-dev-q2.yaml,pensjon-brevbaker/.nais/nais.yaml" | |
"VAR": image=${{ needs.build-brevbaker.outputs.image }} | |
"VARS": "pensjon-brevbaker/.nais/dev.yaml" | |
"deployPdfByggerToDev": | |
name: "Deploy pdf-bygger to dev" | |
permissions: | |
contents: "read" | |
id-token: "write" | |
if: (github.event_name == 'push' && github.ref == 'refs/heads/main') || github.event_name == 'workflow_dispatch' | |
needs: ["runIntegrationTests", "build-pdfbygger"] | |
runs-on: "ubuntu-latest" | |
steps: | |
- uses: "actions/checkout@v4" | |
- name: "Deploy to DEV" | |
uses: "nais/deploy/actions/deploy@v2" | |
env: | |
"ENVIRONMENT": "dev-gcp:pdf-bygger" | |
"CLUSTER": "dev-gcp" | |
"RESOURCE": "pdf-bygger/.nais/nais.yaml" | |
"VAR": image=${{ needs.build-pdfbygger.outputs.image }} | |
"VARS": "pdf-bygger/.nais/dev.yaml" | |
"deployBrevbakerToProduction": | |
name: "Deploy brevbaker to production" | |
permissions: | |
contents: "read" | |
id-token: "write" | |
if: github.event_name == 'push' && github.ref == 'refs/heads/main' | |
needs: ["runIntegrationTests", "build-brevbaker"] | |
runs-on: "ubuntu-latest" | |
steps: | |
- uses: "actions/checkout@v4" | |
- name: "Deploy to production" | |
uses: "nais/deploy/actions/deploy@v2" | |
env: | |
"ENVIRONMENT": "prod-gcp:brevbaker" | |
"CLUSTER": "prod-gcp" | |
"RESOURCE": "pensjon-brevbaker/.nais/unleash-api-token-prod.yaml,pensjon-brevbaker/.nais/nais.yaml" | |
"VAR": image=${{ needs.build-brevbaker.outputs.image }} | |
"VARS": "pensjon-brevbaker/.nais/prod.yaml" | |
"deployPdfByggerToProduction": | |
name: "Deploy pdf-bygger to production" | |
permissions: | |
contents: "read" | |
id-token: "write" | |
if: github.event_name == 'push' && github.ref == 'refs/heads/main' | |
needs: ["runIntegrationTests", "build-pdfbygger"] | |
runs-on: "ubuntu-latest" | |
steps: | |
- uses: "actions/checkout@v4" | |
- name: "Deploy to production" | |
uses: "nais/deploy/actions/deploy@v2" | |
env: | |
"ENVIRONMENT": "prod-gcp:pdf-bygger" | |
"CLUSTER": "prod-gcp" | |
"RESOURCE": "pdf-bygger/.nais/nais.yaml" | |
"VAR": image=${{ needs.build-pdfbygger.outputs.image }} | |
"VARS": "pdf-bygger/.nais/prod.yaml" |