bytter til Google Artifact Registry

Co-authored-by: Erik Maximilian Forsman <[email protected]>
navikt · Jan 11, 2024 · 296e8b0 · 296e8b0
1 parent e30dba9
commit 296e8b0
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 32 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -4,8 +4,7 @@ on:
     branches:
       - main
 env:
-  DOCKER_REGISTRY: ghcr.io
-  DOCKER_IMAGE_PREFIX: ${{ github.repository }}/spreapp-
+  DOCKER_REGISTRY: europe-north1-docker.pkg.dev
   RESOURCE: config/nais.yml
   TEAM: tbd
 
@@ -27,6 +26,7 @@ jobs:
         with:
           distribution: 'temurin'
           java-version: '21.x'
+          cache: 'gradle'
       - name: cache gradle wrapper
         uses: actions/cache@v3
         with:
@@ -72,6 +72,7 @@ jobs:
     needs: generate_vars
     permissions:
       packages: write
+      id-token: write
     name: build
     runs-on: ubuntu-latest
     if: needs.generate_vars.outputs.emptyMatrix == 'false'
@@ -84,6 +85,7 @@ jobs:
         with:
           distribution: 'temurin'
           java-version: '21.x'
+          cache: 'gradle'
       - name: cache gradle wrapper
         uses: actions/cache@v3
         with:
@@ -96,20 +98,17 @@ jobs:
         uses: andstor/file-existence-action@v2
         with:
           files: "${{ matrix.project }}/build/libs/app.jar"
-      - name: create docker tag
-        if: steps.app_jar.outputs.files_exists == 'true'
-        run: |
-          echo "IMAGE=${DOCKER_REGISTRY}/${DOCKER_IMAGE_PREFIX}${{ matrix.project }}:${{ needs.generate_vars.outputs.tag }}" >> $GITHUB_ENV
       - name: build docker image
         if: steps.app_jar.outputs.files_exists == 'true'
-        run: docker build ${{ matrix.project }} --pull -t $IMAGE -f Dockerfile
-      - name: push docker image
-        if: steps.app_jar.outputs.files_exists == 'true'
-        run: |
-          echo $GITHUB_TOKEN | docker login ${DOCKER_REGISTRY} --username $GITHUB_REPOSITORY --password-stdin
-          docker push $IMAGE
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        uses: nais/docker-build-push@v0
+        id: docker-build-push
+        with:
+          team: ${{ needs.generate_vars.outputs.team }}
+          image_suffix: ${{ matrix.project }}
+          tag: ${{ needs.generate_vars.outputs.tag }}
+          docker_context: ${{ matrix.project }}
+          project_id: ${{ vars.NAIS_MANAGEMENT_PROJECT_ID }}
+          identity_provider: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }}
 
   deploy:
     needs: [generate_vars, build]
@@ -120,34 +119,20 @@ jobs:
       matrix: ${{ fromJSON(needs.generate_vars.outputs.deployMatrix) }}
     runs-on: ubuntu-latest
     steps:
-      - name: check if docker image exists
-        id: docker-exists
-        run: |
-          TOKEN=$(curl https://${DOCKER_REGISTRY}/token\?scope\="repository:${DOCKER_IMAGE_PREFIX}${{ matrix.project }}:pull" | jq -r '.token')
-          curl --head --fail -H "Authorization: Bearer ${TOKEN}" https://${DOCKER_REGISTRY}/v2/${DOCKER_IMAGE_PREFIX}${{ matrix.project }}/manifests/${{ needs.generate_vars.outputs.tag }}          
-          IMAGE_EXISTS=$?
-          if [ ${IMAGE_EXISTS} -ne 0 ]; then
-            echo "exists=false" >> $GITHUB_OUTPUT
-          else
-            echo "exists=true" >> $GITHUB_OUTPUT
-          fi
       - name: create env vars
-        if: steps.docker-exists.outputs.exists == 'true'
         run: |
           VARS_FILE="config/${{ matrix.project }}/${{ matrix.cluster }}.yml"
           echo "VARS=$VARS_FILE" >> $GITHUB_ENV
-          echo "IMAGE=${DOCKER_REGISTRY}/${DOCKER_IMAGE_PREFIX}${{ matrix.project }}:${{ needs.generate_vars.outputs.tag }}" >> $GITHUB_ENV
+          echo "IMAGE=${{ env.CONTAINER_REGISTRY }}/${{ vars.NAIS_MANAGEMENT_PROJECT_ID }}/${{ needs.generate_vars.outputs.team }}/${{ github.event.repository.name }}-${{ matrix.project }}:${{ needs.generate_vars.outputs.tag }}" >> $GITHUB_ENV
       - name: Fetch sources
-        if: steps.docker-exists.outputs.exists == 'true'
         uses: actions/checkout@v4
       - name: Check for vars yml
-        if: steps.docker-exists.outputs.exists == 'true'
         id: vars_file
         uses: andstor/file-existence-action@v2
         with:
           files: "${{ env.VARS }}"
       - name: deploy
-        if: steps.docker-exists.outputs.exists == 'true' && steps.vars_file.outputs.files_exists == 'true'
+        if: steps.vars_file.outputs.files_exists == 'true'
         uses: nais/deploy/actions/deploy@v1
         env:
           CLUSTER: ${{ matrix.cluster }}

diff --git a/Dockerfile b/Dockerfile
@@ -1,4 +1,10 @@
-FROM ghcr.io/navikt/baseimages/temurin:21
+FROM gcr.io/distroless/java21-debian12:nonroot
 
-COPY build/libs/*.jar ./
+COPY build/libs/*.jar /app/
 
+ENV TZ="Europe/Oslo"
+ENV JAVA_OPTS='-XX:MaxRAMPercentage=90'
+
+WORKDIR /app
+
+CMD ["app.jar"]