Skip to content

NAIS deploy

NAIS deploy #14

on:
release:
types: [ published ]
pull_request: ## ONLY FOR TESTING, SHOULD BE REMOVED AFTER DEPLOY PR IS MERGED
branches:
- master
push:
branches:
- master
paths-ignore:
- "**/*.md"
- "Makefile"
- ".mvn"
- ".gitignore"
jobs:
build-push:
name: Build and push to registries
# If triggering event is release, the commits on 'master' should build
# the image
runs-on: ubuntu-latest
permissions:
contents: read
id-token: write
outputs:
nais-tag: ${{steps.nais-deploy-vars.outputs.nais_tag}}
nais-cluster: ${{steps.nais-deploy-vars.outputs.cluster}}
nais-config-path: ${{steps.nais-deploy-vars.outputs.nais_config_path}}
steps:
- uses: actions/checkout@v4
- name: Set up JDK 21
uses: actions/setup-java@v4
with:
java-version: 21
distribution: temurin
cache: maven
- name: Authenticate to Google Cloud
id: auth
uses: google-github-actions/auth@v2
with:
workload_identity_provider: "projects/${{secrets.GAR_PROJECT_NUMBER}}/locations/global/workloadIdentityPools/gh-actions/providers/gh-actions"
service_account: "gh-actions-dapla-pseudo@${{secrets.GAR_PROJECT_ID}}.iam.gserviceaccount.com"
token_format: access_token
- name: Login to Artifact Registry
uses: docker/login-action@v3
with:
registry: europe-north1-docker.pkg.dev/${{ secrets.NAIS_MANAGEMENT_PROJECT_ID }}
username: "oauth2accesstoken"
password: "${{ steps.auth.outputs.access_token }}"
- name: Maven build and install
run: |
if [[ ${{github.event_name}} == "release" ]]; then
mvn --batch-mode clean package
else
mvn --batch-mode -P dapla-artifact-registry deploy
fi
- name: Add optional extra tag
id: version-tag
run: |
if [ ${{ github.event_name }} == "release" ]; then
RELEASE_VERSION=${GITHUB_REF#refs/*/}
echo "version_tag=v${RELEASE_VERSION}" >> "$GITHUB_OUTPUT"
fi
- name: Build and push image to NAIS Artifact Repository
uses: nais/docker-build-push@v0
id: docker-push
with:
team: dapla-stat
tag: ${{ steps.version-tag.outputs.version_tag }} # Empty if not triggered by release
pull: false
project_id: ${{ secrets.NAIS_MANAGEMENT_PROJECT_ID }}
identity_provider: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }}
byosbom: target/bom.json
- name: Generate image tags
id: nais-deploy-vars
run: |
if [[ ${{github.event_name}} == "release" ]]; then
echo "nais_tag=${{ steps.version-tag.outputs.version_tag }}" >> "$GITHUB_OUTPUT"
echo "cluster=prod" >> "$GITHUB_OUTPUT"
echo "nais_config_path=.nais/prod/nais.yaml" >> "$GITHUB_OUTPUT"
else
echo "nais_tag=${{ steps.docker-push.outputs.tag }}" >> "$GITHUB_OUTPUT"
echo "cluster=test" >> "$GITHUB_OUTPUT"
echo "nais_config_path=.nais/test/nais.yaml" >> "$GITHUB_OUTPUT"
fi
deploy:
name: Deploy to NAIS
needs: build-push
uses: ./.github/workflows/deploy-to-nais.yml
with:
registry: europe-north1-docker.pkg.dev
repository: dapla-stat
image-name: pseudo-service
image-tag: ${{ needs.build-push.outputs.nais-tag }}
cluster: ${{needs.build-push.outputs.nais-cluster}}
nais-config-path: ${{needs.build-push.outputs.nais-config-path}}
secrets: inherit