su-se-bakover-master.yml

name: Build and deploy to preprod on push to master

on:
  # Trigger the workflow on push or pull request,
  # but only for the master branch
  push:
    branches:
      - master
    paths-ignore:
      - '.github/**'
      - '!.github/workflows/su-se-bakover-master.yml'
      - '!.github/workflows/reusable*.yml'
      - '!.github/actions/**'
      - '.idea/**'
      - 'datapakker/**'
      - 'local-db-scripts/**'
      - 'scripts/**'
      - '.editorconfig'
      - '*.template'
      - '.gitignore'
      - 'alerts.yml'
      - '*.sh'
      - 'CODEOWNERS'
      - 'docker-compose.yml'
      - 'LICENSE'
      - '*.md'

permissions: {}

jobs:
  build-test-push-image:
    name: Build, test and push image
    runs-on: ubuntu-latest-8-cores
    permissions:
      contents: read
      id-token: write # needed for push-image
    steps:
      - uses: actions/checkout@v4
      - name: Build and test
        uses: ./.github/actions/build-and-test
      - name: Push image
        uses: ./.github/actions/push-image
        with:
          identity_provider: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }}
          project_id: ${{ vars.NAIS_MANAGEMENT_PROJECT_ID }}
          tag: ${{ github.sha }}
          image_suffix: 'app'
  submit-dependency-graph:
    name: Submit dependency graph
    permissions:
      contents: 'write'
    uses: navikt/su-se-bakover/.github/workflows/reusable-submit-dependency-graph.yml@master
  deploy-to-preprod:
    needs: build-test-push-image
    name: Deploy to preprod
    uses: navikt/su-se-bakover/.github/workflows/reusable-deploy.yml@master
    with:
      cluster: dev-fss
      vars: nais-dev.json
      var: image=europe-north1-docker.pkg.dev/nais-management-233d/supstonad/su-se-bakover-app:${{ github.sha }}
    secrets:
      NAIS_DEPLOY_APIKEY: ${{ secrets.NAIS_DEPLOY_APIKEY }}
  draft-release:
    name: Draft release
    permissions:
      contents: 'write' # needed to create/edit releases
      pull-requests: 'write' # needed to add labels to pull requests
    uses: navikt/su-se-bakover/.github/workflows/reusable-draft-release.yml@master
    secrets:
      github-token: ${{ secrets.GITHUB_TOKEN }}