Skip to content

Build and deploy brevbaker and pdf-bygger #2340

Build and deploy brevbaker and pdf-bygger

Build and deploy brevbaker and pdf-bygger #2340

name: "Build and deploy brevbaker and pdf-bygger"
on:
workflow_dispatch:
pull_request:
paths:
- "build.gradle.kts"
- "gradle.properties"
- "template-model-generator/**"
- "pensjon-brevbaker/**"
- "pdf-bygger/**"
- ".github/workflows/pdfbygger-brevbaker.yml"
push:
branches:
- "main"
paths:
- "build.gradle.kts"
- "gradle.properties"
- "template-model-generator/**"
- "pensjon-brevbaker/**"
- "pdf-bygger/**"
- ".github/workflows/pdfbygger-brevbaker.yml"
env:
"IMAGE_BREVBAKER": "ghcr.io/${{ github.repository }}/brevbaker:${{ github.sha }}"
"IMAGE_PDF_BYGGER": "ghcr.io/${{ github.repository }}/pdf-bygger:${{ github.sha }}"
jobs:
"build-brevbaker":
name: "build brevbaker"
runs-on: "ubuntu-latest"
permissions:
packages: "write"
id-token: "write"
outputs:
image: ${{ steps.docker-push.outputs.image }}
steps:
- uses: "actions/checkout@v4"
- uses: "gradle/actions/wrapper-validation@v3"
- uses: "actions/cache@v4"
with:
"path": "~/.gradle/caches"
"key": "${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle.kts') }}"
"restore-keys": "${{ runner.os }}-gradle-"
- uses: "actions/setup-java@v4"
with:
"distribution": "temurin"
"java-version": "17"
- name: "compile and run tests"
run: |
./gradlew :brevbaker-api-model-common:publishToMavenLocal
./gradlew :pensjon-brevbaker-api-model:publishToMavenLocal
./gradlew :pensjon-brevbaker:build
env:
"GITHUB_TOKEN": "${{ secrets.GITHUB_TOKEN }}"
- name: "Build and publish container image to GAR"
uses: nais/docker-build-push@v0
env:
TRIVY_JAVA_DB_REPOSITORY: "public.ecr.aws/aquasecurity/trivy-java-db:1"
id: docker-push
if: (github.event_name == 'push' && github.ref == 'refs/heads/main') || github.event_name == 'workflow_dispatch'
with:
team: pensjonsbrev
image_suffix: brevbaker
push_image: true
pull: true
docker_context: ./pensjon-brevbaker
dockerfile: pensjon-brevbaker/Dockerfile
project_id: ${{ vars.NAIS_MANAGEMENT_PROJECT_ID }}
identity_provider: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }}
- name: "Publish container image to ghcr.io"
run: |
echo $GITHUB_TOKEN | docker login --username $GITHUB_REPOSITORY --password-stdin https://ghcr.io
[ -n "${{ steps.docker-push.outputs.image }}" ] && docker pull ${{ steps.docker-push.outputs.image }} && docker tag ${{ steps.docker-push.outputs.image }} ${IMAGE_BREVBAKER} || docker build --pull --tag ${IMAGE_BREVBAKER} pensjon-brevbaker
docker push ${IMAGE_BREVBAKER}
env:
"GITHUB_TOKEN": "${{ secrets.GITHUB_TOKEN }}"
"build-pdfbygger":
name: "build pdfbygger"
runs-on: "ubuntu-latest"
permissions:
packages: "write"
id-token: "write"
outputs:
image: ${{ steps.docker-push.outputs.image }}
steps:
- uses: "actions/checkout@v4"
- uses: "gradle/actions/wrapper-validation@v3"
- uses: "actions/cache@v4"
with:
"path": "~/.gradle/caches"
"key": "${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle.kts') }}"
"restore-keys": "${{ runner.os }}-gradle-"
- uses: "actions/setup-java@v4"
with:
"distribution": "temurin"
"java-version": "17"
- name: "compile and run tests"
run: "./gradlew :pdf-bygger:build"
- name: "Build and publish container image to GAR"
uses: nais/docker-build-push@v0
id: docker-push
if: (github.event_name == 'push' && github.ref == 'refs/heads/main') || github.event_name == 'workflow_dispatch'
with:
team: pensjonsbrev
image_suffix: pdf-bygger
push_image: true
pull: true
docker_context: ./pdf-bygger
dockerfile: pdf-bygger/Dockerfile
project_id: ${{ vars.NAIS_MANAGEMENT_PROJECT_ID }}
identity_provider: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }}
- name: "Publish container image to ghcr.io"
run: |
echo $GITHUB_TOKEN | docker login --username $GITHUB_REPOSITORY --password-stdin https://ghcr.io
[ -n "${{ steps.docker-push.outputs.image }}" ] && docker pull ${{ steps.docker-push.outputs.image }} && docker tag ${{ steps.docker-push.outputs.image }} ${IMAGE_PDF_BYGGER} || docker build --pull --tag ${IMAGE_PDF_BYGGER} pdf-bygger
docker push ${IMAGE_PDF_BYGGER}
env:
"GITHUB_TOKEN": "${{ secrets.GITHUB_TOKEN }}"
changes:
runs-on: ubuntu-latest
outputs:
latex: ${{ steps.changes.outputs.latex }}
steps:
- uses: actions/checkout@v4
- uses: dorny/paths-filter@v3
id: changes
with:
filters: |
latex:
- 'pdf-bygger/containerFiles/latex/**'
runIntegrationTests:
name: "Integration tests"
needs: [ build-brevbaker, build-pdfbygger, changes ]
services:
pdf-bygger:
env:
PDF_BYGGER_COMPILE_TMP_DIR: "/tmp"
ports:
- 8081:8080
image: "ghcr.io/${{ github.repository }}/pdf-bygger:${{ github.sha }}"
credentials:
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
brevbaker:
env:
NAIS_APP_NAME: brevbaker
PDF_BUILDER_URL: "http://pdf-bygger:8080"
AZURE_OPENID_CONFIG_JWKS_URI: "http://vtp-pensjon:8060/rest/isso/oauth2/connect/jwk_uri"
AZURE_OPENID_CONFIG_ISSUER: "https://login.microsoftonline.com/966ac572-f5b7-4bbe-aa88-c76419c0f851/v2.0"
AZURE_APP_CLIENT_ID: "brevbaker-123"
UNLEASH_SERVER_API_ENV: "test"
UNLEASH_SERVER_API_URL: "http://localhost"
UNLEASH_SERVER_API_TOKEN: "Token123"
JAVA_TOOL_OPTIONS: "-Dio.ktor.development=true"
ports:
- 8080:8080
image: "ghcr.io/${{ github.repository }}/brevbaker:${{ github.sha }}"
credentials:
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
runs-on: ubuntu-latest
permissions:
statuses: write
checks: write
pull-requests: write
packages: write
steps:
- uses: "actions/checkout@v4"
- uses: "actions/cache@v4"
with:
"path": "~/.gradle/caches"
"key": "${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle.kts') }}"
"restore-keys": "${{ runner.os }}-gradle-"
- uses: "actions/setup-java@v4"
with:
"distribution": "temurin"
"java-version": "17"
- name: "run integration tests"
run: |
./gradlew :brevbaker-api-model-common:publishToMavenLocal
./gradlew :pensjon-brevbaker-api-model:publishToMavenLocal
./gradlew :pensjon-brevbaker:integrationTest
env:
"GITHUB_TOKEN": "${{ secrets.GITHUB_TOKEN }}"
- name: Publish Test Report
if: ${{ always() }}
uses: scacap/action-surefire-report@v1
with:
fail_if_no_tests: true
fail_on_test_failures: true
report_paths: '**/build/test-results/integrationTest/TEST-*.xml'
- name: Convert visual-test pdfs
uses: routsi/ImageMagick-action@v1.1.1
if: ${{ needs.changes.outputs.latex == 'true' || github.ref == 'refs/heads/main' }}
with:
command: mogrify -path pensjon-brevbaker/build/test_visual -format png -background white -alpha remove -alpha off -density 300 -quality 85 pensjon-brevbaker/build/test_visual/pdf/*.pdf
- uses: actions/setup-node@v4
if: ${{ needs.changes.outputs.latex == 'true' || github.ref == 'refs/heads/main' }}
with:
node-version: '20'
- run: npm install --save-dev @percy/cli
if: ${{ needs.changes.outputs.latex == 'true' || github.ref == 'refs/heads/main' }}
- name: Publish visual-tests to percy
if: ${{ needs.changes.outputs.latex == 'true' || github.ref == 'refs/heads/main' }}
run: |
npx percy upload pensjon-brevbaker/build/test_visual/ > percy.log
cat percy.log
cat percy.log | grep -e "build #[0-9]\+:" | sed 's/^.*build #[0-9]\+: //g' > percy-build-url
env:
PERCY_TOKEN: ${{ secrets.PERCY_TOKEN }}
- name: Comment percy review link
uses: peter-evans/create-or-update-comment@v4
if: ${{ needs.changes.outputs.latex == 'true' && github.event_name == 'pull_request' }}
with:
issue-number: ${{ github.event.number }}
body-path: percy-build-url
"deployBrevbakerToDev":
name: "Deploy brevbaker to dev"
permissions:
contents: "read"
id-token: "write"
if: (github.event_name == 'push' && github.ref == 'refs/heads/main') || github.event_name == 'workflow_dispatch'
needs: ["runIntegrationTests", "build-brevbaker"]
runs-on: "ubuntu-latest"
steps:
- uses: "actions/checkout@v4"
- name: "Deploy to DEV"
uses: "nais/deploy/actions/deploy@v2"
env:
"ENVIRONMENT": "dev-gcp:brevbaker"
"CLUSTER": "dev-gcp"
"RESOURCE": "pensjon-brevbaker/.nais/unleash-api-token-dev-q2.yaml,pensjon-brevbaker/.nais/nais.yaml"
"VAR": image=${{ needs.build-brevbaker.outputs.image }}
"VARS": "pensjon-brevbaker/.nais/dev.yaml"
"deployPdfByggerToDev":
name: "Deploy pdf-bygger to dev"
permissions:
contents: "read"
id-token: "write"
if: (github.event_name == 'push' && github.ref == 'refs/heads/main') || github.event_name == 'workflow_dispatch'
needs: ["runIntegrationTests", "build-pdfbygger"]
runs-on: "ubuntu-latest"
steps:
- uses: "actions/checkout@v4"
- name: "Deploy to DEV"
uses: "nais/deploy/actions/deploy@v2"
env:
"ENVIRONMENT": "dev-gcp:pdf-bygger"
"CLUSTER": "dev-gcp"
"RESOURCE": "pdf-bygger/.nais/nais.yaml"
"VAR": image=${{ needs.build-pdfbygger.outputs.image }}
"VARS": "pdf-bygger/.nais/dev.yaml"
"deployBrevbakerToProduction":
name: "Deploy brevbaker to production"
permissions:
contents: "read"
id-token: "write"
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
needs: ["runIntegrationTests", "build-brevbaker"]
runs-on: "ubuntu-latest"
steps:
- uses: "actions/checkout@v4"
- name: "Deploy to production"
uses: "nais/deploy/actions/deploy@v2"
env:
"ENVIRONMENT": "prod-gcp:brevbaker"
"CLUSTER": "prod-gcp"
"RESOURCE": "pensjon-brevbaker/.nais/unleash-api-token-prod.yaml,pensjon-brevbaker/.nais/nais.yaml"
"VAR": image=${{ needs.build-brevbaker.outputs.image }}
"VARS": "pensjon-brevbaker/.nais/prod.yaml"
"deployPdfByggerToProduction":
name: "Deploy pdf-bygger to production"
permissions:
contents: "read"
id-token: "write"
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
needs: ["runIntegrationTests", "build-pdfbygger"]
runs-on: "ubuntu-latest"
steps:
- uses: "actions/checkout@v4"
- name: "Deploy to production"
uses: "nais/deploy/actions/deploy@v2"
env:
"ENVIRONMENT": "prod-gcp:pdf-bygger"
"CLUSTER": "prod-gcp"
"RESOURCE": "pdf-bygger/.nais/nais.yaml"
"VAR": image=${{ needs.build-pdfbygger.outputs.image }}
"VARS": "pdf-bygger/.nais/prod.yaml"